JP2008306690A - Encryption device, decryption device, method executed by them, encryption-decryption system, and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a technique for distributing a content without permitting fraudulent reproduction. <P>SOLUTION: This encryption-decryption device is provided with an encryption device and a plurality of decryption devices. The encryption device encrypts data of one content by different methods and thereby converts them to a plurality of encrypted data different from one another, and transmits them to the plurality of decryption devices. Each decryption device is structured to decrypt the encrypted data transmitted to itself to restore them to the original data of the content. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to a technique for distributing content data.

It is now very common to record content data on text, music, movies, games, etc. on a CD-ROM, DVD or other recording medium, or distribute it via the Internet or other networks. It is considered a technology.
One of the troubles of those who distribute content data or those who have copyrights such as content data is that the content data is not used properly.
For example, content data can be easily duplicated, especially if it is a digital signal, the quality of the copied content data does not deteriorate, so the copied high quality content data is distributed. An illegal situation occurs. Such a situation can occur whether the content is recorded and distributed on a recording medium or distributed via a network.

To date, the illegal distribution of copied content data has been mainly prevented by the following two approaches.
The first approach is authentication. Authentication is performed, for example, by allowing a user to input authentication information (for example, a user ID and a password) allocated for each user when reproducing data of a certain content. Determining whether the information entered by the user matches the information recorded on the recording medium on which the content data is recorded or the information held by the transmitting device that transmits the content via the network By doing so, authentication is performed. This is a technique mainly used to prohibit a user who is not permitted to reproduce the content data from reproducing the content data.
The second approach is to prevent copying. A technique for preventing copying is called copy protection. There are various types of copy protection. When data of a certain content is copied, the content data after copying is often altered from the original content data. By doing so, the content data after copying cannot be reproduced, or even if it can be reproduced, the content as intended to be reproduced by the data of the content cannot be reproduced, It effectively prohibits copying content data.

  Each of these technologies is meaningful and has a certain effect. However, prevention of illegal distribution of content data has not been achieved; rather, such illegal situations continue even today.

  An object of the present invention is to provide a technology based on a new approach for distributing content data in a state where it can be used properly.

The inventor of the present application has conducted research in order to solve the above-described problems. And the following invention was conceived.
As will be described below, the concept of the present invention is to provide different encrypted data generated from the same content data for each user by different encryption methods.

The invention of the present application includes an encryption device including encryption means for encrypting content data, which is data about content, using a key and an algorithm to generate encrypted data, and the encryption generated by the encryption device. And an encryption / decryption system including a plurality of decryption devices including decryption means for decrypting the encrypted data using a key and an algorithm for decrypting the encrypted data and returning the decrypted data to content data.
The encryption unit of the encryption device generates a plurality of the encrypted data from the one content data by encrypting the one content data a plurality of times, and the content When data is encrypted a plurality of times, at least one of the key or the algorithm is changed to make each of the plurality of encrypted data different from the other encrypted data. Further, the decryption means of the decryption device receives from the encryption device the decrypted data that can be decrypted by the decryption means among the encrypted data generated by the encryption device, and decrypts it To return to the content data.
The encryption device in such an encryption / decryption system generates a plurality of different encrypted data from one content data. Each of the plurality of encrypted data is made from the data of the same content, and can provide the same content if it can be reproduced, but is different from each other. Each of these encrypted data is for one of a plurality of decryption devices, and can be decrypted by one decryption device, but cannot be decrypted by another decryption device. (Note that if it is not necessary to distribute the content data to all of the decryption devices, the number of encrypted data is at least better than the number of decryption devices). Each piece of encrypted data is provided to a decryption device capable of decrypting it, via a recording medium or via a network, and decrypted by the provided decryption device to return to the original content data. Returned. The decryption device can reproduce the content data.
Such an invention of the present application has a higher capability of prohibiting a user who is not permitted to reproduce the content data from reproducing the content data than authentication. That is, in the case of authentication, as described above, the match between the two pieces of information is determined, and when the two pieces of information match, the reproduction of the content data is permitted on the playback device. However, in the present invention, unless the decryption device can perform decryption that can be performed with a strength much higher than just authentication, the decryption device does not allow the content data to be reproduced. It becomes almost impossible for a user who is not allowed to play back the content data.
In the present invention, the content data distributed to the user is encrypted data encrypted by a different method for each user, and each user distributes to himself / herself using a different key or algorithm. By decrypting the encrypted data, the content data that is the source of the encrypted data is reproduced. Therefore, even if the encrypted data generated by the present invention is copied and distributed, other users who have distributed the copied encrypted data cannot decrypt and reproduce it. Therefore, the encrypted data generated according to the present invention can be applied to a copy prevention technique, but is excellent in that it is less necessary to do so.

The inventor of the present application proposes, for example, the following as an encryption apparatus that can be applied to the above-described encryption / decryption system.
The encryption device includes an encryption device that includes encryption means for encrypting content data, which is data about content, using a key and an algorithm to generate encrypted data, and the encryption device generated by the encryption device. An encryption / decryption system comprising: a plurality of decryption devices including decryption means for decrypting the encrypted data using a key and algorithm for decrypting the encrypted data and returning the decrypted data to content data; This is an encryption device configured by combination with an encryption device. The encryption means generates a plurality of the encrypted data from the one content data by encrypting the one content data a plurality of times, and encrypts the content data a plurality of times. In order to convert the encrypted data, at least one of the key and the algorithm is changed to make each of the plurality of encrypted data different from other encrypted data.

As described above, the encryption unit in the encryption device is configured to generate a plurality of encrypted data from one content data by encrypting the one content data a plurality of times, and When encrypting the content data a plurality of times, at least one of the key and the algorithm is changed to make each of the plurality of encrypted data different from other encrypted data.
That is, the encryption means can use a plurality of at least one of a key and an algorithm. For this purpose, the encryption means according to the present invention holds at least one of a key and an algorithm from the beginning, or can generate a plurality of at least one of a key and an algorithm.
For example, the encryption unit has a plurality of different keys recorded in a predetermined recording unit and is recorded in the recording unit in each case of encrypting the content data a plurality of times. Any one of the different keys may be used.
The encryption unit also has a plurality of different algorithms recorded in a predetermined recording unit, and recorded in the recording unit in each case of encrypting the content data a plurality of times. Any of a plurality of different algorithms may be used.
The encryption device according to the present invention includes key generation means capable of generating a plurality of different keys, and the encryption means encrypts the content data a plurality of times, A plurality of keys generated by the key generation means may be used.
The encryption device according to the present invention includes an algorithm generation unit capable of generating a plurality of different algorithms, and the encryption unit encrypts the content data a plurality of times. A plurality of algorithms generated by the algorithm generation means may be used.

In the present invention, the entire encrypted data generated from the content data may be encrypted, or only a part thereof may be encrypted.
Further, the content data can be encrypted for each part after being cut into a plurality of parts, instead of encrypting the whole data collectively. In this case, it is not necessary to encrypt all the parts as described above.
For example, the encryption apparatus according to the present invention may include a cutting unit that cuts the content data and divides the content data into a plurality of content cut data. In this case, the encryption means encrypts at least one of the plurality of content cut data in each case of encrypting the content data a plurality of times, so that only a part of the encrypted data is stored. The encrypted data is generated and at least one of a key and an algorithm used for encrypting at least one of the plurality of content cut data is generated for each case of generating the encrypted data. You may come to change to.
In this case, the encryption means may encrypt one of the heads of the plurality of content cut data in each case of encrypting the content data a plurality of times. If the first content cut data is encrypted, the person who received the encrypted data cannot decrypt the content data unless it can be decrypted. On the other hand, the content data is encrypted. Since the necessary range can be reduced, the processing burden on the encryption apparatus can be suppressed. Further, the encryption means may encrypt some of the content cut data from one of the heads in each case of encrypting the content data a plurality of times. Further, the encryption means may encrypt all of the plurality of content cut data in each case of encrypting the content data a plurality of times.

As described above, the encryption device according to the present invention may include a cutting unit that cuts the content data and divides the content data into a plurality of content cut data. In this case, the encryption unit stores the content data. In each case of encrypting a plurality of times, by encrypting at least one of the plurality of content cut data, the encrypted data is generated as if only a part thereof is encrypted. In addition, at least one of a key or an algorithm used when encrypting at least one of the plurality of content cut data may be changed for each case of generating encrypted data.
In this case, the encryption unit has a plurality of different keys recorded in a predetermined recording unit and encrypts at least one of the plurality of content cut data. Any one of the plurality of different keys recorded in the recording means may be used.
Alternatively, the encryption unit has a plurality of different algorithms recorded in a predetermined recording unit and encrypts at least one of the plurality of content cut data in each case. Any one of the plurality of different algorithms recorded in the means may be used.
The encryption means encrypts two or more of the plurality of content cut data, and sets a plurality of different key sets that are a plurality of different keys. In a case where each of two or more of the plurality of content cut data is encrypted, a key set selected from any of the plurality of key sets is recorded. Each of the content cut data may be encrypted using a plurality of included keys. In this case, each piece of content cut data generated from one piece of content data is encrypted with a different key (although not all keys need to be different).
The encryption means encrypts two or more of the plurality of content cut data, and sets a plurality of different algorithm sets that are a plurality of sets of different algorithms. In the respective cases where two or more of the plurality of content cut data are encrypted, an algorithm set selected from any of the plurality of algorithm sets is provided. Each of the content cut data may be encrypted using a plurality of included algorithms. In this case, each piece of content cut data generated from one piece of content data is encrypted with a different algorithm (although not all algorithms need to be different).
The encryption device according to the present invention further includes key generation means capable of generating a plurality of different keys, and the encryption means encrypts at least one of the plurality of content cut data, respectively. In this case, a plurality of keys generated by the key generation means may be used.
The encryption device according to the present invention further includes algorithm generation means capable of generating a plurality of different algorithms, and the encryption means encrypts at least one of the plurality of content cut data, respectively. In this case, a plurality of algorithms generated by the algorithm generation means may be used.
The encryption device according to the present invention further includes a plurality of key generation means capable of generating key sets that are a plurality of different keys, and the encryption means includes two of the plurality of content cut data. One or more key generation means selected from any of the plurality of key generation means in each case of encrypting two or more of the plurality of content cut data. Each of the content cut data may be encrypted using a plurality of keys included in the key set generated by. In this case, each piece of content cut data generated from one piece of content data is encrypted with a different key (although not all keys need to be different).
The encryption device according to the present invention further includes a plurality of algorithm generation means capable of generating a plurality of algorithm sets that are a plurality of different algorithms, and the encryption means includes two of the plurality of content cut data. One or more algorithms, and in each case of encrypting two or more of the plurality of content cut data, an algorithm generation means selected from any of the plurality of algorithm generation means Each of the content cut data may be encrypted using a plurality of algorithms included in the algorithm set generated by. In this case, each piece of content cut data generated from one piece of content data is encrypted with a different algorithm (although not all algorithms need to be different).

As described above, when content cut data is generated from content data, in each case where the content data is encrypted a plurality of times, some of the top of the plurality of content cut data are encrypted. Alternatively, in each case where the content data is encrypted a plurality of times, all of the plurality of content cut data may be encrypted.
In these cases, the encrypting means is at least one of the content cut data to be encrypted excluding the last one (eg, all of the first one, or the first including the first one). The content cut data (for example, the content cut data immediately after the content cut data, which is located after the content cut data in an encrypted state). Since the content cut data here is after being encrypted, it may be more accurate to describe it as encrypted cut data.) For specifying at least one of the key and algorithm necessary for decrypting Specific information may be included. In this case, if the encrypted cut data including the specific information cannot be decrypted, the encrypted cut data after that cannot be decrypted. In such an encryption device, it is only necessary to increase the strength of encryption only for the encrypted cut data including the specific information, so that the encryption processing in the encryption device can be reduced as a whole. There is a possibility.
As an application example in this case, for example, all of the encrypted cut data except the last one include a key for decrypting the encrypted cut data that immediately follows and specific information for specifying an algorithm. To be mentioned. In this way, when the first one of the encrypted content cut data is decrypted, the decryption of the second and subsequent encrypted content cut data is included in the immediately preceding content cut data Using the key or algorithm specified by the specified information, it can be performed in a so-called formula. On the contrary, if the first encrypted content cut data cannot be decrypted, the second and subsequent encrypted content cut data cannot be decrypted. Therefore, in such an encryption apparatus, it is only necessary to increase the strength of encryption only when the first content cut data is encrypted. Therefore, the encryption process in the encryption apparatus is reduced as a whole. There is a possibility that you can.
The specific information may be a key or an algorithm itself, but is used to specify a key or algorithm based on decrypting content cut data next to content cut data including the specific information. The information is not particularly limited as long as it is information that can be obtained. For example, in the case of encrypting a plurality of content cut data in order using a plurality of keys prepared in an appropriate order, which key is used to encrypt the next content cut data The information shown can be specific information.

In the present invention, distribution of encrypted data from the encryption device to the decryption device may be performed via a recording medium or via a network such as the Internet.
In the former case, the encryption device may include means for recording the encrypted data on a portable recording medium.
In the latter case, the encryption device includes transmission means for transmitting the encrypted data to the decryption device via a network to which at least one decryption device is connected, and the transmission means includes the decryption device. It is also possible to transmit encrypted data that can be decrypted with the decryption device.
In any case, the encrypted data is distributed to a decryption device that can decrypt it. In order to make this possible, the encryption device may have a list of decryption devices recorded on a recording medium, for example. This list of decryption devices includes information for identifying each decryption device, and information on a combination of keys and algorithms (or one of them) that can be used by each decryption device. May be.

The same effect as that of the encryption apparatus according to the present invention can be obtained by the following method.
The method includes encrypting content data, which is data about content, using a key and an algorithm to generate encrypted data, and decrypting the encrypted data generated by the encrypting device. An encryption / decryption system comprising a plurality of decryption devices that decrypt and return to content data using a key and an algorithm is executed by an encryption device configured in combination with the decryption device Is the method. The method includes a step in which the encryption device generates a plurality of the encrypted data from one content data by encrypting the one content data a plurality of times, and the content data is encrypted a plurality of times In doing so, each of the plurality of encrypted data is different from the other encrypted data by changing at least one of the key or the algorithm.
The encryption device according to the present invention can be obtained by the following program, for example. The following program is valuable in that it is for making a general-purpose computer an encryption apparatus according to the present invention.
The program includes an encryption device that encrypts content data, which is data about content, using a key and an algorithm to generate encrypted data, and the encrypted data generated by the encryption device. An encryption / decryption system comprising a plurality of decryption devices that decrypt and return to content data using a key and an algorithm for decrypting the content, in combination with the decryption device It is a program to make it function as. Then, the program causes the computer to execute a process of generating a plurality of the encrypted data from one content data by encrypting the one content data a plurality of times, and encrypting the content data a plurality of times In doing so, each of the plurality of encrypted data is made different from the other encrypted data by changing at least one of the key or the algorithm.

The inventor of the present application proposes, for example, the following as a decryption apparatus that can be applied to the above-described encryption / decryption system.
It is an encryption means for generating encrypted data by encrypting content data, which is data about content, using a key and an algorithm, and by encrypting one content data a plurality of times, one content data A plurality of the encrypted data is generated from, and at the time of encrypting the content data a plurality of times, by changing at least one of the key or the algorithm, each of the plurality of encrypted data An encryption device having a configuration different from other encrypted data, and a key and algorithm for decrypting the encrypted data generated by the encryption device A plurality of decryption devices each including decryption means for decrypting and returning to content data The encryption and decryption system comprising comprising a a decoding apparatus constituting a combination of the encryption device. Then, the decryption means of each decryption device is configured to decrypt one of the plurality of encrypted data generated by the encryption device.
Each decryption device includes a decryption device recording unit that records a key and an algorithm for decrypting one of the plurality of encrypted data generated by the encryption device, and the decryption unit includes: When decrypting one of the encrypted data, the key and algorithm read from the decryption device recording means may be used.
Each decryption device includes decryption device generation means for generating at least one of a key and an algorithm for decrypting one of the plurality of encrypted data generated by the encryption device. The encrypting unit may use at least one of the key and the algorithm generated by the decrypting device generating unit when decrypting one of the encrypted data.

The same effect as the decoding device in the present invention can be obtained by the following method.
The method is encryption means for generating encrypted data by encrypting content data, which is data about content, using a key and an algorithm, and encrypting one content data a plurality of times A plurality of the encrypted data is generated from the content data, and when the content data is encrypted a plurality of times, by changing at least one of the key or the algorithm, a plurality of the encrypted data Each of which is different from other encrypted data, and a key and algorithm for decrypting the encrypted data generated by the encryption apparatus A plurality of decryption units having decryption means for decrypting them back to content data And location, the encryption-decryption system comprising comprising a a method performed by the decoding apparatus constituting a combination of the encryption device. The method includes a step in which the decryption device decrypts one of the plurality of encrypted data generated by the encryption device.
The decoding device in the present invention can be obtained by the following program, for example. The following program is valuable in that it is for making a general-purpose computer a decoding device according to the present invention.
The program is an encryption unit that encrypts content data, which is data about content, using a key and an algorithm to generate encrypted data, and encrypts the content data a plurality of times. Thus, a plurality of the encrypted data are generated from one content data, and at the time of encrypting the content data a plurality of times, by changing at least one of the key or the algorithm, a plurality of An encryption device having each of the encrypted data different from other encrypted data, and decrypting the encrypted data generated by the encryption device Decryption using the key and algorithm to return to content data A plurality of decoding apparatus includes a stage, an encryption and decryption system comprising comprising a a program for functioning as a decoding device, which constitutes a combination of the encryption device. The program is for causing the computer to execute a process of decrypting one of the plurality of encrypted data generated by the encryption device.

  Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the drawings.

The encryption / decryption system according to this embodiment is schematically configured as shown in FIG. The encryption / decryption system includes an encryption device 11 and a decryption device 12 connected to each other via a network 13. There are a plurality of decoding devices 12.
A network 13 that connects the encryption device 11 and the decryption device 12 is, for example, the Internet. However, instead of this, the network 13 may be configured by other means, for example, a LAN (Local Area Network), an intranet, or a dedicated line.

One encryption device 11 is provided in this embodiment, and the encryption device 11 is placed under the management of a person who distributes content data, which is data about content such as text, music, video, and games.
The decryption device 12 is placed under the management of the user who receives the distributed content data.
As will be described later, in this embodiment, the content data is encrypted by the encryption device 11 to be encrypted data, and then distributed to the decryption device 12.
Distribution of the encrypted data from the encryption device 11 to the decryption device 12 may be performed in the form of transmission via the network 13, and transmission via a CD-ROM, DVD-ROM or other recording medium. It may be performed in the form of
When distributing encrypted data from the encryption device 11 to the decryption device 12 in the form of transmission, the encrypted data may be transmitted from the encryption device 11 to each of the decryption devices 12 all at once. Alternatively, for example, encrypted data may be appropriately transmitted from the encryption device 11 to each of the decryption devices 12 according to a request from the decryption device 12.
The same applies to the case where the encrypted data is distributed from the encryption device 11 to the decryption device 12 in the form of sending, and the encryption device 11 necessarily sends the encrypted data generated from the same content to all the decryption devices 12. There is no need.

The configuration of the encryption device 11 and the decryption device 12 will be described.
First, these hardware configurations will be described. Note that both the encryption device 11 and the decryption device 12 do not necessarily have to be, but in this embodiment, the encryption device 11 and the decryption device 12 are configured by a general-purpose personal computer. Except for the decryption unit 29B, the two are basically the same (the encryption unit 29A of the encryption device 11 is replaced by the decryption unit 29B in the decryption device 12). Therefore, the description of the hardware configuration of the encryption device 11 and the decryption device 12 will be made by the description of the configuration of the encryption device 11 as a representative.

The hardware configuration of the encryption device 11 is shown in FIG.
In this embodiment, the encryption device 11 includes a central processing unit (CPU) 21, a read only memory (ROM) 22, a hard disk drive (HDD) 23, a random access memory (RAM) 24, an input device 25, and a display device 26. The communication device 27, the DVD drive 28, the encryption unit 29A, and the bus B are included. The CPU 21, ROM 22, HDD 23, RAM 24, input device 25, display device 26, communication device 27, and DVD drive 28 can exchange data via the bus B.
The ROM 22 or the HDD 23 may include a predetermined program and predetermined data (this may include content data that is content data. In the present embodiment, this is the case. This data includes data necessary for executing the program.). The program possessed by the encryption device 11 is for causing a general-purpose computer to function as the encryption device 11, and the program possessed by the decryption device 12 is for causing the general-purpose computer to function as the decryption device 12. is there. These programs may cause a general-purpose computer to function as the encryption device 11 or the decryption device 12 alone, and the general-purpose computer cooperates with other programs such as an OS included in the general-purpose computer. May function as the encryption device 11 or the decryption device 12.
The CPU 21 controls the entire encryption device 11 and executes processing to be described later on the basis of programs and data stored in the ROM 22 or the HDD 23. The RAM 24 is used as a working storage area when the CPU 21 performs processing.
The input device 25 includes a keyboard, a mouse, and the like, and is used for inputting commands and data. The display device 26 includes an LCD (liquid crystal display), a CRT (cathode ray tube), and the like, and is used to display commands, input data, processing status to be described later, and the like.
The communication device 27 exchanges data via the network 13. The communication device 27 of the encryption device 11 can transmit at least encrypted data to be described later to the communication device 27 of the decryption device 12 via the network 13. On the other hand, the communication device 27 of the decryption device 12 can receive encrypted data from the encryption device 11 via at least the network 13.
The DVD drive 28 can read at least data recorded on a DVD which is a portable recording medium. The DVD drive 28 of the encryption device 11 is further capable of writing data to the DVD. In this embodiment, since the DVD is selected as the recording medium used in common by the encryption device 11 and the decryption device 12, both the encryption device 11 and the decryption device 12 are provided with the DVD drive 28. However, when another recording medium such as a CD-ROM or a Blu-ray disc is selected as the portable recording medium, the DVD drive 28 can be appropriately changed according to the type of the selected recording medium.

The encryption unit 29A is for encrypting content data into encrypted data.
Details of the configuration of the encryption unit 29A of the encryption device 11 will be described. FIG. 3 shows a block configuration diagram of the encryption unit 29A.
The encryption unit 29A includes an interface unit 31A, a preprocessing unit 32A, an encryption unit 33A, a common data generation unit 34A, a key generation unit 35A, an algorithm generation unit 36A, a connection unit 37A, and a decryption device management unit 38A. The The interface unit 31A, the preprocessing unit 32A, the encryption unit 33A, the common data generation unit 34A, the key generation unit 35A, the algorithm generation unit 36A, the connection unit 37A, and the decryption device management unit 38A are all described above. It may be formed by executing the program.

The interface unit 31A exchanges data between the bus B and the encryption unit 29A.
The interface unit 31A receives content data from the bus B. The received content data is assigned an identifier for identifying one of the plurality of decryption devices 12 by the CPU 21. This identifier indicates which decryption device 12 out of a number of decryption devices 12 decrypts later-described encrypted data generated from the content data. The interface unit 31A that has received the content data sends it to the preprocessing unit 32A. When the interface unit 31A accepts the content data, the interface unit 31A sends information to that effect to the decryption device management unit 38A. This information includes the identifier described above.
The interface unit 31A is configured to receive encrypted data (to be described later) from the connection unit 37A, and sends the received encrypted data to the bus B.

  The preprocessing unit 32A has a function of cutting content data received from the bus B via the interface unit 31 every predetermined number of bits, generating content cut data, and sending it to the encryption unit 33A. is doing. The pre-processing unit 32A can make all the bit lengths of the content cut data equal, or can make the bit length of at least one content cut data different from the bit length of other content cut data. In this embodiment, it is assumed that the bit length of all content cut data is the same, and the bit length is 8 bits.

  The decryption device management unit 38A performs management as to which decryption device 12 out of a number of decryption devices 12 can decrypt the encrypted data generated from now on. . The decryption device management unit 38A includes a management table for performing the management. Details of the management table and details of the management method will be described later.

The encryption unit 33A has a function of encrypting the content cut data.
The encryption unit 33A receives the content cut data one after another from the preprocessing unit 32A, and encrypts the received content cut data each time. In this embodiment, data generated by encrypting content cut data is referred to as encrypted cut data. Details of the method of encrypting the content cut data will be described later.

The common data generation unit 34A generates common data.
When the common data generation unit 34A receives the above-described information from the interface unit 31A, the common data generation unit 34A starts generation of common data.
The common data is used to generate a key and algorithm described later.
In this embodiment, the common data is a pseudo-random number that is sequentially generated and is generated as a set. The common data generation unit 34A can generate a set of common data for each of the plurality of decoding devices 12. In other words, the common data generation unit 34A can generate the same number of sets of common data as the number of the plurality of decoding devices 12.
As will be described later, the decryption device 12 also includes a common data generation unit. The common data generated by the decryption device 12 is a set (or a continuous series) of pseudorandom numbers. The common data included in a certain set generated by the common data generation unit 34A is the same as the common data generated by the decoding device 12 associated with the set. In other words, if the data generated in the same order are compared with each other, each of the common data generated by the decryption device 12 is decrypted from among a plurality of sets of common data generated by the encryption device 11. It is made to be the same as each of the data included in the common data set generated for the device 12.
The common data generated by the common data generation unit 34A is sent to the key generation unit 35A and the algorithm generation unit 36A.

The key generation unit 35 generates a key based on the common data received from the common data generation unit 34A. The key is used when the encryption unit 33A performs encryption processing.
The algorithm generation unit 36A generates an algorithm based on the common data received from the common data generation unit 34A. This algorithm is used when the encryption unit 33A performs encryption processing.
Details of how to generate the key and algorithm will be described later.

The connection unit 37A has a function of making encrypted data together by connecting the encrypted cut data generated by the encryption unit 33A in the original order.
The connection unit 37A also has a function of sending the generated encrypted data to the interface unit 31A. The encrypted data is sent to the bus B from the interface unit 31A.

Next, the configuration of the decoding device 12 will be described.
As described above, the hardware configuration of the decryption device 12 is substantially the same as that of the encryption device 11. In this embodiment, the decryption device 12 includes a CPU 21, ROM 22, HDD 23, RAM 24, input device 25, display device 26, communication device 27, DVD drive 28, and bus B, as with the encryption device 11. Yes. The decryption device 12 also includes a decryption unit 29B instead of the encryption unit 29A.
The decryption unit 29B decrypts the encrypted data distributed from the encryption device 11.

Details of the decoding unit 29B are shown in FIG.
The decryption unit 29B includes an interface unit 31B, a preprocessing unit 32B, a decryption unit 33B, a common data generation unit 34B, a key generation unit 35B, an algorithm generation unit 36B, and a connection unit 37B. The interface unit 31B, the preprocessing unit 32B, the decryption unit 33B, the common data generation unit 34B, the key generation unit 35B, the algorithm generation unit 36B, and the connection unit 37B all execute the program described above. It may be formed.

The interface unit 31B exchanges data between the bus B and the decoding unit 29B.
The interface unit 31B receives encrypted data from the bus B. The interface unit 31B that has received the encrypted data sends it to the preprocessing unit 32B. When the interface unit 31B receives the encrypted data, the interface unit 31B sends information to that effect to the common data generation unit 34B. This information includes the identifier described above.
The interface unit 31B is configured to receive content data to be described later from the connection unit 37B, and to transmit the received content data to the bus B.

  The preprocessing unit 32B cuts the encrypted data received from the bus B through the interface unit 31 every predetermined number of bits, generates encrypted cut data, and sends it to the decryption unit 33B have. The pre-processing unit 32B can make all the bit lengths of the encrypted cut data equal, or makes the bit length of at least one encrypted cut data different from the bit length of other encrypted cut data You can also. In this embodiment, it is assumed that the bit length of all the encrypted cut data is the same (in this embodiment, the bit length of the encrypted cut data is 8 bits). The bit length of the encrypted cut data generated from the encrypted data by the decryption device 12 needs to reproduce the encrypted cut data generated by the encryption device 11. This can be realized by making some arrangement between the encryption device 11 and the decryption device 12.

The decryption unit 33B has a function of decrypting the encrypted cut data.
The decryption unit 33B receives the encrypted cut data one after another from the preprocessing unit 32B, and decrypts the received encrypted cut data each time to return to the content cut data. Details of the decoding method will be described later.

The common data generation unit 34B generates common data.
When the common data generation unit 34B receives the above-described information from the interface unit 31B, the common data generation unit 34B starts generation of common data.
The generated common data is a continuous pseudo-random number, which is the same as that used when encrypting the content cut data in the encryption device 11 if the generated data are compared in the same order. It is supposed to be.
The common data generated by the common data generation unit 34B is sent to the key generation unit 35B and the algorithm generation unit 36B.

The key generation unit 35B generates a key based on the common data received from the common data generation unit 34B. The key is used when the decryption unit 33B performs decryption processing.
The algorithm generation unit 36B generates an algorithm based on the common data received from the common data generation unit 34B. This algorithm is used when the decoding unit 33B performs a decoding process.
Details of how to generate the key and algorithm will be described later.

The connecting unit 37B has a function of making content data together by connecting the content cut data generated by the decrypting unit 33B in the original order.
The connection unit 37B also has a function of sending the generated content data to the interface unit 31B. The content data is sent to the bus B from the interface unit 31B.

  Next, the flow of processing performed in this encryption / decryption system will be described.

If it demonstrates roughly using FIG. 5, the flow of the process performed with this encryption / decryption system is as follows.
First, the encryption device 11 encrypts the content data to generate encrypted data (S110). Next, the encryption device 11 sends the encrypted data to the decryption device 12 (S120). Next, the decryption device 12 that has received the encrypted data decrypts the encrypted data and returns it to the content data (S130).

  First, the process of S110 described above in which the encryption apparatus 11 encrypts content data to generate encrypted data will be described in detail with reference to FIG.

First, content data is read (S1101). In this embodiment, it is assumed that the content data is recorded on the HDD 23.
Note that the trigger for reading the content data may be anything. For example, when there is a request for content data transmission from the decryption device 12 to the encryption device 11, the content data is read out. For example, the request is transmitted via the network 13 from the communication device 27 of the decryption device 12 to the communication device 27 of the encryption device 11 from input data input by the user of the decryption device 12 via the input device 25. By doing so, it is possible to notify the encryption device 11 from the decryption device 12. Alternatively, the encryption device 11 can send the content data to some or all of the plurality of decryption devices 12, and the user of the encryption device 11 inputs the instruction using the input device 25. It may be. Alternatively, the reason is that the user of the encryption device 11 inputs an instruction to generate encrypted data to be recorded on a recording medium and transmitted to some or all of the decryption devices 12 through the input device 25. May be.
It should be noted that which decryption device 12 is scheduled to decrypt the content data to be generated from now on, regardless of the trigger for reading the content data. The information for performing the identification is the above-described identifier, which is generated by the CPU 21 of the encryption device 21 regardless of the above-described trigger.
Reading of the content data is executed by the CPU 21 of the encryption device 11 reading the content data from the HDD 23 and sending it to the interface unit 31A via the bus B. In addition, when sending the content data to the interface unit 31A, the CPU 21 generates a plurality of encrypted data for each of at least one identifier (the encryption unit 33A and the plurality of decryption devices 12). A plurality of identifiers are used to specify a plurality of encryption devices 12).

The content data is sent from the interface unit 31A to the preprocessing unit 32A.
The information that the content data has been received is sent to the decryption device management unit 38A together with at least one identifier.
The content data is cut for each predetermined number of bits by the pre-processing unit 32A and converted into content cut data (S1102). The content cut data is sent to the encryption unit 33A for encryption.

In the encryption unit 33A, the content cut data is encrypted using the key generated by the key generation unit 35A and the algorithm generated by the algorithm generation unit 36A. is necessary. Therefore, it is necessary to generate common data prior to generating keys and algorithms.
First, how to generate common data will be described.

The common data generation unit 34A receives information about an initial matrix (and environment information α) described later from the decoding device management unit 38A. Based on this, the common data generation unit 34A generates common data.
Although not limited to this, the common data in this embodiment is a matrix (X) of 8 rows and 8 columns.
Although the common data is a pseudo-random number as described above, in order to continuously generate the common data as a pseudo-random number (so as to make a non-linear transition), for example, (1) Possible methods include calculation of power of common data, (2) including generation of common data in the process of generating common data, or combining (1) and (2). It is done.

In this embodiment, the common data generation unit 34A uses the 01st solution (X ₀₁ ) and the 02nd solution (X ₀₂ ) as the initial matrix.
Here, the 01st solution (X ₀₁ ) and the 02nd solution (X ₀₂ ) are selected from the management table by the decoding device management unit 38A as corresponding to the identifier, and sent to the common data generation unit 34A. Is. In order to enable such processing, the management table provided in the decryption device management unit 38A includes each decryption device 12 and content data in the decryption device 12 as shown in FIG. The data about the 01st solution (X ₀₁ ) and the 02nd solution (X ₀₂ ) (and environment information α) used when distributing the data is recorded. Each decoding device 12 has a corresponding one of the 01st solution (X ₀₁ ) and the 02nd solution (X ₀₂ ) (and environment information α) recorded in this management table.
The common data generation unit 34A substitutes the above-described initial matrix received from the decoding device management unit 38A for the solution generation algorithm, and generates the first solution (X ₁ ) as follows.
First solution (X ₁ ) = X ₀₂ X ₀₁ + α (α = 8 × 8 matrix)
This is the first common data generated.
Note that α is not always necessary. α may be variable as long as it is agreed between the encryption device 11 and the decryption device 12. For example, α may vary depending on the weather at a certain day or the result of a specific sports game. Further, this α may be generated based on the file name of the content data or the date of generation of the content data.
Next, the common data generation unit 34A generates the second solution (X ₂ ) as follows.
Second solution (X ₂ ) = X ₁ X ₀₂ + α
Similarly, the common data generation unit 34A generates the third solution, the fourth solution,..., The Nth solution as follows.
Third solution (X ₃ ) = X ₂ X ₁ + α
Fourth solution (X ₄ ) = X ₃ X ₂ + α
:
Nth solution (X _N ) = X _N−1 X _N−2 + α
The solution generated in this way (that is, common data) is sent to the key generation unit 35A and the algorithm generation unit 36A and is held by the common data generation unit 34.
In this embodiment, in order to generate the Nth solution ( _XN ), the N-1th solution ( _XN-1 ) and the N-2th solution ( _XN-2 ) are generated immediately before that. Two other solutions are used. Therefore, the common data generation unit 34A must hold the last two solutions generated in the past when generating a new solution (or if someone else does not hold these two solutions). Must not). Conversely, solutions older than the last two solutions generated in the past are not used in the future to generate new solutions. Therefore, in this embodiment, the two previous solutions are always held in the common data generation unit 34. However, the newest solution is the third most recent solution so far. The solution that was the solution is deleted from a predetermined memory or the like in which the solution is recorded.
It should be noted that the solution generated in this way is chaotic with a non-linear transition and becomes a pseudo-random number.

In order to cause a nonlinear transition, the Nth solution (X _N ) = X _N−1 X _N−2 + α described above is obtained when the Nth solution is obtained.
In addition to using the following formula, it is conceivable to use the following formula.
For example,
(A) Nth solution (X _N ) = (X _N−1 ) ^P
(B) Nth solution (X _N ) = (X _N-1 ) ^P (X _N-2 ) ^Q (X _N-3 ) ^R (X _N-4 ) ^S
(C) Nth solution (X _N ) = (X _N−1 ) ^P + (X _N−2 ) ^Q
Etc.
P, Q, R, and S are predetermined constants. In addition, one initial matrix is recorded in the management table described above when using the mathematical formula (a), four when using the mathematical formula (b), and two when using the mathematical formula (c). It will be.
Of course, it is also possible to add α to the right side of the mathematical expressions (a) to (c) described above.

The common data generated in this way is sent to the key generation unit 35A and the algorithm generation unit 36A. The key generation unit 35A and the algorithm generation unit 36A generate a key and an algorithm based on the common data.
In this embodiment, the key generation unit 35A generates a key as follows. That is, the key in this embodiment is defined as a number obtained by adding all the numbers that are the elements of the matrix included in the common data that is a matrix of 8 rows and 8 columns. Thus, the key changes based on the common data in this embodiment. Note that the key can be determined as another one. For example, the key may be a number obtained by multiplying all of the numbers that are elements of the matrix included in the common data that is an 8 × 8 matrix by multiplying all but 0.
In this embodiment, the key generation unit 35A generates a key each time it receives common data from the common data generation unit 34A, and sends it to the encryption unit 33A.
In this embodiment, the algorithm generation unit 36A generates an algorithm as follows.
The algorithm in this embodiment is as follows: “When content cutting data that is 8-bit data is a 1-by-8 matrix Y, the matrix X of 8 rows and 8 columns that is common data is raised to a power, Is obtained by multiplying the matrix rotated by n × 90 ° by Y ”.
Here, a may be a predetermined constant, but in this embodiment, a is a number that changes based on common data. That is, the algorithm in this embodiment changes based on common data. For example, a is the remainder when the number obtained by adding all the numbers of matrix elements included in the common data which is a matrix of 8 rows and 8 columns is divided by 5 (however, when the remainder is 0) a = 1)).
Further, n described above is a key.
However, the algorithm can be determined as another one.
In this embodiment, the algorithm generation unit 36A generates an algorithm each time it receives common data from the common data generation unit 34A, and sends it to the encryption unit 33A.

The encryption unit 33A encrypts the content cut data received from the preprocessing unit 32A based on the algorithm received from the algorithm generation unit 36A and the key received from the key generation unit 35A (S1103). In this embodiment, a new key and algorithm are used each time one piece of content cut data is encrypted.
As described above, when the content cut data, which is 8-bit data, is used as a matrix Y of 1 row and 8 columns, the algorithm uses the matrix X of 8 rows and 8 columns, which is common data, to the power a, The matrix obtained by multiplying the matrix rotated by n × 90 ° around Y is determined ”, and the key n is the number as described above.
For example, when a is 3 and n is 6, 8 obtained by rotating an 8 × 8 matrix obtained by raising X to the third power clockwise by 6 × 90 ° = 540 °. Encryption is performed by multiplying the matrix of 8 rows by the content cut data.
Data generated in this way is encrypted cut data.
In this embodiment, all the content cut data generated from the content data are all encrypted to be encrypted cut data. However, it is not always necessary that all the content cut data is encrypted cut data. For example, only a part of the content cut data can be encrypted cut data. More specifically, the first one or only the first few pieces of content cut data can be encrypted cut data. It can be decided between the encryption device 11 and the decryption device 12 which part of the content cut data is the encrypted cut data. Further, which part of the content cut data is used as the encrypted cut data can be made variable. In this case, if the information about which part of the content cut data is converted into the encrypted cut data by the encryption device 11 is to be embedded in, for example, a header of the encrypted data described later, the information is notified to the decryption device 12. Can do.

  The encrypted cut data is sent to the connection unit 37A. The connection unit 37A connects the encrypted cut data together to generate encrypted data (S1104). The order of arrangement of the encrypted cut data at this time corresponds to the order of the original content cut data.

  As described above, first, the process of S110 in which the encryption device 11 encrypts the content data and generates the encrypted data is completed.

Such encrypted data is distributed to the decryption device 12 that should decrypt it. There are two types of distribution in this embodiment.
The first is a case where it is recorded on a recording medium and sent to the user of the decryption device 12 by mail, for example. In this case, the encrypted data is recorded on the DVD inserted into the DVD drive 28 through a process of being temporarily recorded on the HDD 23 from the connection unit 37A via the interface unit 31A and the bus B, for example. This DVD is sent to the user by the administrator of the encryption device 11.
The second case is a case where the data is transmitted to the decoding device 12 via the network 13. In this case, the encrypted data is once recorded in the HDD 23 as in the above case, and then sent from the communication device 27 of the encryption device 11 to the communication device 27 of the decryption device 12 via the network 13. The encryption device 11 can also transmit the encrypted data to the decryption device by streaming. In this case, the decryption device can perform reproduction while receiving the encrypted data. For example, moving image data generated by shooting a live performance performed by an artist is transmitted from the encryption device 11 to each decryption device 12 via the network 13 at a timing close to real time, and It is also possible to send data with different encrypted data.
In this way, the encrypted data is delivered to the decryption device 12 that should decrypt it.
The encryption device 11 can send encrypted data generated from the same content data to a plurality of decryption devices 12. In this case, the encryption device 11 repeats the above process a plurality of times.

  Next, the process of S130 performed by the decryption device 12 to decrypt the encrypted data and return it to the content data will be described with reference to FIG.

First, encrypted data is read (S1201).
When the encrypted data is recorded on the DVD and the encrypted data is sent to the decrypting device 12, the DVD drive 28 reads the encrypted data from the DVD inserted in the DVD drive 28. Is called.
Further, when the encrypted data is sent to the decryption device 13 via the network 13, the communication device 27 of the decryption device 12 accepts the encrypted data.
In any case, the encrypted data is sent from the DVD drive 28 or the communication device 27 to the interface unit 31B of the decryption unit 29B via the bus B.

The interface unit 31B sends the encrypted data to the preprocessing unit 32B and notifies the common data generation unit 34B of information that the encrypted data has been received.
The preprocessing unit 32B cuts the received encrypted data every predetermined number of bits to generate encrypted cut data (S1202).
When the encrypted data is cut to generate the encrypted cut data, the preprocessing unit 32B performs a process reverse to that performed by the connection unit 37A of the encryption device 11. That is, the encrypted data is cut every 8 bits from the head and divided into a plurality of encrypted cut data.

Next, the encrypted cut data is sent to the decryption unit 33B, where it is decrypted and used as content cut data (S1203).
Decryption is executed as a process reverse to that performed by the encryption unit 33A in the encryption device 11. Therefore, the decryption device 12 requires an algorithm and a key that are necessary when the encryption device 11 performs encryption.

The algorithm and key used for decryption are generated in the decryption device 12. The mechanism will be explained.
When the information that the interface unit 31B of the decryption device 12 has received the encrypted data is sent to the common data generation unit 34B, the common data generation unit 34B generates common data using the information as a trigger.
The generation of the common data performed by the common data generation unit 34B of the decryption device 12 is performed through the same process as that performed by the common data generation unit 34A of the encryption device 11. Note that the common data generation unit 34B of the decryption device 12 has one set of the initial matrix (and environment information) recorded in the management table of the encryption device 11 as described above. Therefore, the common data generated in the decryption device 12 is the same as the common data used in the encryption device 11 when the encrypted data is generated from the content data if the same generation order is compared. It is the same.
The generated common data is sent from the common data generation unit 34B to the key generation unit 35B and the algorithm generation unit 36B.
Each time the key generation unit 35B receives the common data, the key generation unit 35B generates a key based on the received common data. The process of generating the key by the key generation unit 35B of the decryption device 12 is the same as the process of generating the key by the key generation unit 35A of the encryption device 11. The generated key is sent from the key generation unit 35B to the decryption unit 33B.
The algorithm generation unit 36B generates an algorithm each time the common data is received based on the received common data. The process of generating an algorithm by the algorithm generation unit 36B of the decryption device 12 is the same as the process of generating the algorithm by the algorithm generation unit 36A of the encryption device 11. The generated algorithm is sent from the algorithm generation unit 36B to the decoding unit 33B.
By the way, in this encryption / decryption system, every time encryption is performed by the encryption device 11, new common data is generated by the encryption device 11, and every time decryption is performed by the decryption device 12, decryption is performed. New common data is generated in the device 12. Further, as described above, the common data generated by the decryption device 12 is the same as the common data generated by the encryption device 11 if the same generation order is compared. Therefore, the common data generated when encrypting the content data that is the encryption device 11, and the algorithm and key generated based on the common data are all decrypted using the encrypted data. Always coincides with the common data generated by the decryption device 12 and the algorithm and key generated based on the common data.

  As described above, the decryption unit 33B performs the decryption process using the key received from the key generation unit 35B and the algorithm received from the algorithm generation unit 36B. More specifically, the decryption unit 33B uses the algorithm received from the algorithm generation unit 36B (“8 rows 8 8 which are common data when the content cut data which is 8-bit data is a matrix Y having 1 row and 8 columns. Decryption based on the definition of “the encryption cut data is obtained by multiplying the matrix X of the column a to the power a and then multiplying the matrix rotated by n × 90 ° clockwise by Y”) Algorithm for performing processing (“When the encrypted cut data is viewed as a matrix Z of 1 row and 8 columns, the matrix X of 8 rows and 8 columns, which is common data, is raised to a power, and then n × 90 clockwise. Decryption by performing the operation according to the above definition using the key by generating the product obtained by multiplying the inverse matrix of the matrix rotated by ° by Y and generating the content cut data ” Perform processing. In this way, the decryption unit 33B sequentially decrypts the encrypted cut data supplied in a stream form from the preprocessing unit 32B to generate content cut data.

The content cut data generated in this way is sent to the connection unit 37B. The connection unit 37B connects the received content cut data together and restores the content data in the original state before being encrypted by the encryption device 11 (S1204).
In this way, the process of S130 in which the decryption device 12 decrypts the encrypted data and returns it to the content data is completed.

The generated content data is sent from the connection unit 37B to the interface unit 31B, and is sent to, for example, the HDD 23 via the bus B based on an instruction from the CPU 21, and stored therein. The content data can be reproduced by the decryption device 12.
If the decryption cannot be performed, the content data cannot be reproduced by the decryption device 12 and cannot be reproduced by another device.

<< Modification 1 >>
In the encryption / decryption system described above, the common data generation unit 34A of the encryption device 11 and the common data generation unit 34B of the decryption device 12 encrypt content cut data or decrypt encrypted cut data. Every time, new common data was generated. Therefore, in the encryption / decryption system described above, the key generation unit 35A and algorithm generation unit 36A of the encryption device 11 and the key generation unit 35B and algorithm generation unit 36B of the decryption device 12 encrypt the content cut data. Each time the encrypted or encrypted cut data is decrypted, a new key and algorithm are generated.
However, at least one key and algorithm is used when content data is encrypted by the encryption device 11, and at least one key is used when decryption data is decrypted by the decryption device 12. (Same number as the value key or algorithm).
For example, the encryption device 11 generates new common data, a key, and an algorithm only when new content data is supplied to the interface unit 31A, and the decryption device 12 generates a new encryption in the interface unit 31B. Only when data is supplied, new common data, a key, and an algorithm can be generated.
The common data generated by the encryption device 11 and the common data generated by the decryption device are the same if the data generated in the same order are compared with each other, as in the case of the above-described embodiment. . In this case, the key and algorithm generated by the encryption device 11 and the key and algorithm generated by the decryption device 12 are compared between keys generated in the same order and algorithms generated in the same order. If you do, it will be the same. As described above, since the common data generated by the encryption device 11 and the common data generated by the decryption device 12 are the same if the data generated in the same order are compared with each other, the encryption device 11 The key and algorithm generated based on the common data and the key and algorithm generated based on the common data in the decryption device 12 are the same if they are generated in the same order.

<< Modification 2 >>
The encryption / decryption system of Modification 2 is generally the same as the encryption / decryption system in the above-described embodiment.
The difference is the configuration of the encryption unit 29A in the encryption device 11 and the decryption unit 29B in the decryption device 12.
The configurations of the encryption unit 29A and the decryption unit 29B are shown in FIGS.
The encryption unit 29A in Modification 2 does not include the key generation unit 35A and the algorithm generation unit 36A. Also, there is no decoding device management unit 38A. Instead, a key recording unit 351A and an algorithm recording unit 361A are provided. That is, the encryption device 11 according to the second modification does not create a new key and algorithm.
The key recording unit 351A records at least one key corresponding to each decryption device 12, and the algorithm recording unit 361A records at least one algorithm corresponding to each decryption device 12. . In the second modification, it is assumed that there are a plurality of keys for each decryption device 12 recorded in the key recording unit 351A and a plurality of algorithms for each decryption device 12 recorded in the algorithm recording unit 361A. Note that the number of keys and algorithms for each decryption device 12 do not necessarily have to be the same, but in Modification 2, the number of keys and the number of algorithms for each decryption device 12 is the same, more specifically. Is five each.
FIG. 11 shows the state of the key recorded in the key recording unit 351A, and FIG. 12 shows the state of the algorithm recorded in the algorithm recording unit 361A.
As shown in FIG. 11, five keys are recorded for each decryption device 12 as a set. As shown in FIG. 12, five algorithms are recorded for each decoding device 12 as a set.
The number of keys in the second modification is prepared as many as the number obtained by (the number of decryption devices 12) × 5. The prepared keys may or may not all be different from each other. In the second modification, the same key is prepared, but when the sets of keys prepared for each decryption apparatus 12 are compared with each other, each set of keys is a set of other keys. It is supposed to be different.
As many algorithms as the second modification are prepared as (number of decoding devices 12) × 5. The prepared algorithms may or may not all be different from each other. In the second modification, the same algorithms are prepared, but when a set of algorithms prepared for each decoding device 12 is compared with each other, each set of algorithms is a set of other algorithms. It is supposed to be different.
In the decryption unit 29B according to the second modification, the key generation unit 35B and the algorithm generation unit 36B do not exist. Instead, a key recording unit 351B and an algorithm recording unit 361B are provided. That is, each decryption device 12 in Modification 2 does not create a new key and algorithm, as does the encryption device 11.
At least one key is recorded in the key recording unit 351B, and at least one algorithm is recorded in the algorithm recording unit 361B. At least one key recorded in the key recording unit 351B is the same as the key for any one of the decryption devices 12 recorded in the key recording unit 351A of the encryption device 11. At least one algorithm recorded in the algorithm recording unit 361B is the same as the algorithm for any one of the decryption devices 12 recorded in the algorithm recording unit 361A of the encryption device 11. In the second modification, the key recorded in the key recording unit 351B is the same as one of the key sets shown in FIG. 11 (the key set for the decryption device 12), and is recorded in the algorithm recording unit 361B. The performed algorithm is the same as one of the algorithm sets shown in FIG. 12 (the algorithm set for the decoding device 12).

In the second modification, the encryption process performed by the encryption device 11 is as follows.
First, content data is read out as in the case of the above-described embodiment.
The read content data is sent to the interface unit 31A together with the identifier.
The content data is sent from the interface unit 31A to the preprocessing unit 32A. The interface unit 31A also sends information that the content data has been received to the encryption unit 33A together with at least one identifier.
The content data is cut by the pre-processing unit 32A for each predetermined number of bits to be content cut data. The content cut data is sent to the encryption unit 33A for encryption.
The encryption unit 33A encrypts the content cut data using the key read from the key recording unit 351A and the algorithm read from the algorithm recording unit 361A.
The key used in the encryption unit 33A is selected from a set of keys corresponding to the decryption device 12 that is permitted to decrypt the content data to be encrypted. The encryption unit 33A determines which key set to select based on the identifier sent to the encryption unit 33A. The algorithm used in the encryption unit 33A is selected from a set of algorithms corresponding to the decryption device 12 that is permitted to decrypt the content data to be encrypted. The encryption unit 33A determines which algorithm set to select based on the identifier sent to the encryption unit 33A.
On the other hand, in encrypting a certain content cut data, which key is selected from the set of selected keys and which algorithm is selected from the set of selected algorithms are as described in the second modification. , Determined by common data.
However, there is a method of selecting a key from a key set and an algorithm from an algorithm set more easily. For example, the key or algorithm may be regularly selected from the key set or algorithm set based on a rule determined in advance with the decryption device 12. More specifically, the keys in the key set may be given an order such as keys 1 to 5, and the keys 1 to 5 may be selected as the keys to be used for encryption in order of repetition. Similarly, in the case of an algorithm, an order such as algorithm 1 to algorithm 5 is given to the algorithms in the algorithm set, and algorithm 1 to algorithm 5 are repeatedly selected as an algorithm used for encryption. Can do. In this case, neither the common data nor the common data generation unit 34A is required, but in the second modification, the key and the algorithm are selected using the common data in consideration of the strength of the encryption.
In the second modification, the common data is created in the same manner as in the above-described embodiment.
The common data generation unit 34A sends the generated common data to the encryption unit 33A. Based on this, the encryption unit 33A selects a key from the set of keys selected as described above. In the second modification, the encryption unit 33A adds up all the numbers of the elements constituting the 8-by-8 matrix, which is common data, and divides it by 5. Of the keys included in the set of keys selected as described above, the key with the remaining number at the end (however, the key with the number at the end when the remainder is 0) is encrypted. The unit 33A selects as a key for encrypting the content cut data. In this way, a key is selected based on the common data.
Based on the common data received from the common data generation unit 34A, the encryption unit 33A selects an algorithm from the set of algorithms selected as described above. In this modification, the encryption unit 33A multiplies all the numbers of elements constituting the 8-by-8 matrix, which is common data, excluding 0, and divides it by 5. Among the algorithms included in the algorithm set selected as described above, the algorithm with the remaining number at the end (however, the algorithm with the number at the end being 5 when the remainder is 0) is encrypted. The unit 33A selects as an algorithm for encrypting the content cut data. In this way, an algorithm is selected based on the common data.
Using the key and algorithm read as described above, the encryption unit 33AB encrypts the content cut data. Such encryption processing is performed in the same manner as in the above-described embodiment.
The encrypted cut data is obtained by encrypting the content cut data in this way. In the second modification, all the content cut data generated from the content data are all encrypted to be encrypted cut data. However, it is not always necessary to make all the content cut data into encrypted cut data, as in the case of the above-described embodiment.
The encrypted cut data is sent to the connection unit 37A. The connection unit 37A connects the encrypted cut data together to generate encrypted data.

Next, a process performed by the decryption device 12 to decrypt the encrypted data and return it to the content data will be described.
In the case of the modified example 2, as in the case of the above-described embodiment, first, the encrypted data is read.
The read encrypted data is sent to the interface unit 31B of the decryption unit 29A.
The interface unit 31B sends the encrypted data to the preprocessing unit 32B and notifies the common data generation unit 34B of information that the encrypted data has been received.
The pre-processing unit 32B cuts the received encrypted data every predetermined number of bits to generate encrypted cut data.
Next, the encrypted cut data is sent to the decryption unit 33B, where it is decrypted and used as content cut data.
Decryption is executed as a process reverse to that performed by the encryption unit 33A in the encryption device 11. Therefore, the decryption device 12 requires an algorithm and a key that are necessary when the encryption device 11 performs encryption.
The key and algorithm used by the decryption unit 33B are read by the decryption unit 33B from the key recording unit 351B and the algorithm recording unit 361B through the same process as that performed by the encryption device 11. The common data generation unit 34B generates common data necessary for that purpose, and the method of generating the common data is the same as in the above-described embodiment. Since only one set of keys is recorded in the key recording unit 351B and only one set of algorithms is recorded in the algorithm recording unit 361B, selection of the key set and selection of the algorithm set are performed here. Absent.
Using the read key and algorithm, the decryption unit 33B sequentially decrypts the encrypted cut data and returns it to the content cut data.
The content cut data generated in this way is sent to the connection unit 37B. The connection unit 37B connects the received content cut data together and restores the content data in the original state before being encrypted by the encryption device 11.
The content data can be reproduced by the decryption device 12.

<< Modification 3 >>
The encryption / decryption system of the modification 3 is generally the same as the encryption / decryption system in the above-described embodiment, and the encryption / decryption system in the above-described embodiment and the encryption / decryption of the modification 2 are described. It has an intermediate character of a computerized system.
The encryption / decryption system of Modification 3 is different from the encryption / decryption system in the above-described embodiment in the configuration of the encryption unit 29A in the encryption device 11 and the decryption unit 29B in the decryption device 12. .
The configurations of the encryption unit 29A and the decryption unit 29B are shown in FIGS.
In the encryption unit 29A in the third modification, the key generation unit 35A exists, but the algorithm generation unit 36A does not exist. Also, unlike the case of the modification 2, there is a decoding device management unit 38A. In Modification 3, an algorithm recording unit 361A is provided instead of the algorithm generation unit. That is, in the encryption unit 29A of the third modification, a new key is generated as in the case of the above-described embodiment, but no algorithm is newly generated as in the second modification.
The algorithm recording unit 361A is the same as that in the second modification. That is, at least one algorithm is recorded in the algorithm recording unit 361A in association with each decoding device 12. In the third modification, it is assumed that there are a plurality of algorithms for each decoding device 12 recorded in the algorithm recording unit 361A. Note that the number of algorithms for each decoding device 12 is not necessarily the same, but in the third modification, the number of algorithms for each decoding device 12 is the same, more specifically, five. . The algorithm is recorded in the algorithm recording unit 361A in the same state as in the second modification shown in FIG.
As many algorithms as the third modification are prepared as (number of decoding devices 12) × 5. The prepared algorithms may or may not all be different from each other. In the third modification, the same algorithm is prepared among the prepared algorithms. However, when a set of algorithms prepared for each decoding device 12 is compared with each other, each set of algorithms is a set of other algorithms. It is supposed to be different. These points are the same as in the second modification.
In the decryption unit 29B in the third modification, the key generation unit 35B exists, but the algorithm generation unit 36B does not exist. In Modification 3, an algorithm recording unit 361B is provided instead of the algorithm generation unit. In the decryption unit 29B of the third modification, a key is newly generated as in the case of the above-described embodiment, but no algorithm is newly generated as in the second modification.
The algorithm recording unit 361B is the same as that in the second modification. At least one algorithm is recorded in the algorithm recording unit 361B. At least one algorithm recorded in the algorithm recording unit 361B is the same as the algorithm for any one of the decryption devices 12 recorded in the algorithm recording unit 361A of the encryption device 11. In Modification 3, at least one algorithm recorded in the algorithm recording unit 361B is the same as one of the algorithm sets shown in FIG. 12 (the algorithm set for the decoding device 12).

In the third modification, the encryption process performed by the encryption device 11 is as follows. In short, the encryption process is a combination of the process described in the above embodiment and the process described in the second modification. More specifically, the key generation is performed by the process described in the above embodiment, and the algorithm to be used is determined by the process described in the second modification.
First, even in the case of Modification 3, when encryption processing is performed, content data is read out as in the case of the above-described embodiment.
The read content data is sent to the interface unit 31A together with the identifier. The interface unit 31A sends this content data to the preprocessing unit 32A. The interface unit 31A also sends information indicating that the content data has been received, together with the identifier, to both the encryption unit 33A and the decryption device management unit 38A.
The content data is cut by the pre-processing unit 32A for each predetermined number of bits to be content cut data. The content cut data is sent to the encryption unit 33A for encryption.
The encryption unit 33A encrypts the content cut data using the key generated by the key generation unit 35A and the algorithm read from the algorithm recording unit 361A.
As described above, the key is generated by the key generation unit 35A, but the key generation unit 35A generates the key based on the common data generated by the common data generation unit 34A. Prior to generation, the common data generation unit 34A first generates common data. The method for generating the common data in this case is the same as in the above-described embodiment.
The common data generation unit 34A sends this common data to the key generation unit 35A and the encryption unit 33A.
The key generation unit 35A that has received the common data generates a key based on it. The key generation method in this case is the same as in the above-described embodiment. The generated key is sent from the key generation unit 35A to the encryption unit 33A.
On the other hand, the encryption unit 33A reads the algorithm from the algorithm recording unit 361A. The method by which the encryption unit 33A reads the algorithm from the algorithm recording unit 361A is the same as in the second modification. That is, the algorithm used in the encryption unit 33A is selected from the set of algorithms corresponding to the decryption device 12 that is permitted to decrypt the content data to be encrypted. Whether the set is selected is determined by the encryption unit 33A based on the identifier sent to the encryption unit 33A. In this case, which algorithm is selected from the selected algorithm set is determined in the same manner as in the second modification. Although common data may or may not be used for selecting an algorithm, in the third modification, as in the second modification, it is determined using the common data received from the common data generation unit 34A. It has become.
The encryption unit 33A encrypts the content cut data using the key received from the key generation unit 35A and the algorithm read from the algorithm recording unit 361A. Such encryption processing is performed in the same manner as in the above-described embodiment.
The encrypted cut data is obtained by encrypting the content cut data in this way. In the third modification, all the content cut data generated from the content data are all encrypted to be encrypted cut data. However, it is not always necessary to make all the content cut data into encrypted cut data, as in the case of the above-described embodiment.
The encrypted cut data is sent to the connection unit 37A. The connection unit 37A connects the encrypted cut data together to generate encrypted data.

Next, a process performed by the decryption device 12 to decrypt the encrypted data and return it to the content data will be described. In short, the decoding process is a combination of the process described in the above embodiment and the process described in the second modification. More specifically, the key generation is performed by the process described in the above embodiment, and the algorithm to be used is determined by the process described in the second modification.
In the case of the modified example 3, as in the above-described embodiment, first, the encrypted data is read.
The read encrypted data is sent to the interface unit 31B of the decryption unit 29B.
The interface unit 31B sends the encrypted data to the preprocessing unit 32B and notifies the common data generation unit 34B of information that the encrypted data has been received.
The pre-processing unit 32B cuts the received encrypted data every predetermined number of bits to generate encrypted cut data.
Next, the encrypted cut data is sent to the decryption unit 33B, where it is decrypted and used as content cut data.
Decryption is executed as a process reverse to that performed by the encryption unit 33A in the encryption device 11. Therefore, the decryption device 12 requires an algorithm and a key that are used when the encryption device 11 performs encryption.
The key used by the decryption unit 33B is generated by the key generation unit 35B based on the common data generated by the common data generation unit 34B through the same process as that performed by the encryption device 11. The method for generating the key is the same as in the above-described embodiment.
On the other hand, the algorithm used by the decryption unit 33B is read from the algorithm recording unit 361B through a process similar to that performed by the encryption device 11. Which algorithm is to be read is determined by the common data as in the case of the encryption device 11, but in order to make it possible, the decryption unit 33B is shared by the common data generation unit 34B as described above. You are receiving data. Since only one algorithm set is recorded in the algorithm recording unit 361B, selection of the algorithm set is not performed here.
The decryption unit 33B sequentially decrypts the encrypted cut data using the key generated by the key generation unit 35B and the algorithm read by the algorithm recording unit 361B, and returns the content to the content cut data.
The content cut data generated in this way is sent to the connection unit 37B. The connection unit 37B connects the received content cut data together and restores the content data in the original state before being encrypted by the encryption device 11.
The content data can be reproduced by the decryption device 12.

In the third modification, both the encryption device 11 and the decryption device 12 generate a key in the same manner as in the above-described embodiment, and read the algorithm in the same manner as in the second modification. Of course, it is possible to reverse this.
That is, in Modification 3, both the encryption device 11 and the decryption device 12 generate an algorithm in the same manner as in the above-described embodiment, and read the key in the same manner as in Modification 2. It can also be done.

<< Modification 4 >>
The encryption / decryption system of Modification 4 is generally the same as the encryption / decryption system in the above-described embodiment.
The encryption / decryption system of Modification 4 differs from the encryption / decryption system in the above-described embodiment in that the configuration of the encryption unit 29A in the encryption device 11 and the configuration of the decryption unit 29B in the decryption device 12 It is.
The configurations of the encryption unit 29A and the decryption unit 29B are shown in FIGS.
The encryption unit 29A according to Modification 4 is provided with a specific information generation unit 39A. The specific information generation unit 39A generates specific information included in the encrypted cut data (at least one of them). The specific information is included in the content cut data, is encrypted together with the content cut data and is included in the encrypted cut data, and the encrypted cut data after the encrypted cut data in which the specific information is included Is information for specifying at least one of a key and an algorithm for decrypting. The identification information may be such a key and algorithm itself, or may be information for identifying the key and algorithm. Examples of information for specifying a key and an algorithm include common data and environmental information. In Modification 4, the specific information is assumed to be common data and will be described for the time being. In Modification 4, the specific information generation unit 39A receives common data (second and subsequent common data) from the common data generation unit 34A, and sends it to the encryption unit 33A as specific information.
The decoding unit 29B in the modification 4 is provided with a specific information reading unit 39B. The specific information reading unit 39B reads the specific information when the content cut data includes specific information from the content cut data generated by decrypting the encrypted cut data by the decryption unit 33B. . The specific information reading unit 39B sends the read specific information to the key generation unit 35B and the algorithm generation unit 36B.

In the fourth modification, the encryption process performed by the encryption device 11 is as follows.
Even in the case of the modification 4, when encryption processing is performed, content data is read out as in the above-described embodiment.
The read content data is sent to the interface unit 31A together with the identifier. The interface unit 31A sends this content data to the preprocessing unit 32A. The interface unit 31A also sends information that the content data has been received to both the encryption unit 33A and the decryption device management unit 38A. The interface unit 31A adds an identifier to this information when sending it to the decoding device management unit 38A.
The content data is cut by the pre-processing unit 32A for each predetermined number of bits to be content cut data. The content cut data is sent to the encryption unit 33A for encryption. As will be described later, in the fourth modification, only four of the content cut data are encrypted from the front, and the subsequent content cut data are not encrypted. Therefore, the preprocessing unit 32A may generate only four pieces of content cut data, and may not cut off the portion after the content data.
The encryption unit 33A encrypts the content cut data using the key generated by the key generation unit 35A and the algorithm generated by the algorithm generation unit 36A.
The key is generated by the key generation unit 35A as described above, and the algorithm is generated by the algorithm generation unit 36A as described above. The key generation unit 35A is generated by the common data generation unit 34A. Since the algorithm generation unit 36A generates the algorithm based on the common data generated by the common data generation unit 34A, the algorithm generation unit 36A generates the key and the algorithm. First, the common data generation unit 34A first generates common data.
The method for generating the common data is substantially the same as in the above-described embodiment. The first common data is generated in the same manner as in the above embodiment. The method for generating the second and subsequent common data is slightly different from the above-described embodiment. However, the method for generating the second and subsequent common data is basically the same as in the above-described embodiment. The second and subsequent common data is also generated continuously using the formulas described in the above embodiment. However, in the fourth modification, the second and subsequent common data generated by the encryption device 11 is generated such that the decryption device 12 cannot generate the same common data. For example, for the second and subsequent common data, an initial matrix that the decoding device 12 does not have, or which the decoding device 12 does not have, and an agreement is made with the decoding device 12. It is generated by the common data generation unit 34A using the environmental information that is not. If the initial matrix is different, or if the decryption device 12 does not have environment information and data that is not negotiated with the decryption device 12 is used, the encryption device 11 Although both of the decryption devices 12 can continuously generate common data, the same is the case when the encryption device 11 and the decryption device 12 compare those generated in the same order. It becomes impossible to generate common data. In the fourth modification, the second and subsequent common data are assumed to be such. In the modified example 4, the second to fourth common data is generated in this manner.
The common data generation unit 34A sends this common data to the key generation unit 35A, the algorithm generation unit 36A, and the specific information generation unit 39A.
The key generation unit 35A that has received the common data generates a key based on it. The key generation method in this case is the same as in the above-described embodiment. The generated key is sent from the key generation unit 35A to the encryption unit 33A.
The algorithm generation unit 36A that has received the common data generates an algorithm based on the algorithm data. The method of generating the algorithm in this case is the same as in the above-described embodiment. The generated algorithm is sent from the algorithm generation unit 36A to the encryption unit 33A.
The encryption unit 33A encrypts the content cut data using the key received from the key generation unit 35A and the algorithm received from the algorithm generation unit 36A. Such encryption processing is performed in the same manner as in the above-described embodiment. However, the content cut data encrypted by the encryption unit 33A in the modification 4 is only the first four pieces of content cut data. Also, in the fourth modification, as described above, before the first four content cut data are encrypted, the last one of the content cut data is excluded (in the fourth modification, the first three content cut data are excluded). ) Include specific information. An encryption method including this procedure will be described.
First, the encryption unit 33A receives, in advance, the second common data generated by the common data generation unit 34A via the specific information generation unit 39A when encrypting the first content cut data. Then, the encryption unit 33A includes the second common data (specific information) in the first content cut data. When the specific information is included in the content cut data, there is no particular limitation on which part of the content cut data includes the specific information. For example, it is possible to change the position where the specific information is placed in each content cut data. However, in order for the decryption device 12 to grasp that it is the specific information, where the specific information is placed in the content cut data between the encryption device 11 and the decryption device 12 It is preferable to make an arrangement in advance. In the fourth modification, specific information is connected to the head of the content cut data.
Next, the encryption unit 33A encrypts the first content cut data including the specific information. At this time, the key and algorithm used for the encryption process are received from the key generation unit 35A and the algorithm generation unit 36A, respectively, as described above. The key and the algorithm are generated by the key generation unit 35A and the algorithm generation unit 36A, respectively, based on the first common data. The content cut data encrypted in this way is encrypted cut data. The encrypted cut data is sent from the encryption unit 33A to the connection unit 37A.
The encryption unit 33A encrypts the second content cut data. Prior to that, the encryption unit 33A receives the third common data generated by the common data generation unit 34A via the specific information generation unit 39A. Then, the encryption unit 33A includes the third common data (specific information) in the second content cut data.
Next, the encryption unit 33A encrypts the second content cut data including the specific information. At this time, the key and algorithm used for the encryption process are generated by the key generation unit 35A and the algorithm generation unit 36A based on the second common data. The encrypted cut data obtained in this way is sent from the encryption unit 33A to the connection unit 37A.
Similarly, the encryption unit 33A encrypts the third content cut data. Prior to that, the encryption unit 33A includes the fourth common data (specific information) in the third content cut data.
Next, the encryption unit 33A encrypts the third content cut data including the specific information. At this time, the key and algorithm used for the encryption process are generated by the key generation unit 35A and the algorithm generation unit 36A based on the third common data. The encrypted cut data obtained in this way is sent from the encryption unit 33A to the connection unit 37A.
Next, the encryption unit 33A encrypts the fourth content cut data. This content cut data does not include specific information. At this time, the key and algorithm used for the encryption process are generated by the key generation unit 35A and the algorithm generation unit 36A based on the fourth common data. The encrypted cut data obtained in this way is sent from the encryption unit 33A to the connection unit 37A.
The encrypted cut data generated as described above is sent to the connection unit 37A. Further, the content cut data that has not been encrypted is also sent to the connection unit 37A. The connection unit 37A connects the encrypted cut data and the content cut data together to generate encrypted data.

Next, a process performed by the decryption device 12 to decrypt the encrypted data and return it to the content data will be described.
In the case of the modified example 4, as in the above-described embodiment, first, the encrypted data is read.
The read encrypted data is sent to the interface unit 31B of the decryption unit 29B.
The interface unit 31B sends the encrypted data to the preprocessing unit 32B and notifies the common data generation unit 34B of information that the encrypted data has been received.
The pre-processing unit 32B cuts the received encrypted data every predetermined number of bits to generate encrypted cut data. In this case, the pre-processing unit 32B has a minimum necessary role to generate the four encrypted cut data, and since the encrypted data after that is not encrypted as described above, It does not matter whether or not to cut.
Next, the encrypted cut data is sent to the decryption unit 33B, where it is decrypted and used as content cut data.
Decryption is executed as a process reverse to that performed by the encryption unit 33A in the encryption device 11. Therefore, the decryption device 12 requires an algorithm and a key that are used when the encryption device 11 performs encryption.
The key and algorithm used by the decryption unit 33B are generated by the key generation unit 35B or the algorithm generation unit 36B based on the common data. The method of generating the key and the algorithm itself is the same as in the above-described embodiment.
In the case of this modification 4, the method of obtaining the common data of the key generation unit 35B and the algorithm generation unit 36B differs depending on the encrypted cut data to be decrypted.
In the case of the modification 4, the first common data is generated using the same initial matrix and environment information that the encryption device 11 included in the decryption device 12 has, as in the case of the above-described embodiment. Is done. The key generation unit 35B and the algorithm generation unit 36B receive the common data from the common data generation unit 34B, and generate a key or algorithm based on the common data. This key and algorithm are sent to the decryption unit 33B. Using this key and algorithm, the decryption unit 33B decrypts the first encrypted cut data and returns it to the content cut data. This content cut data is sent to the connection unit 37B.
Next, decryption of the second encrypted cut data will be described. In order to decrypt the encrypted cut data, the key and algorithm used in the encryption device 11 when the encrypted cut data is encrypted are required. The key and the algorithm are generated based on the second common data generated by the encryption device 11, but for the reason described above, the decryption device 12 uses the second common data generated by the encryption device 11. The same common data as the common data cannot be generated. In Modification 4, the second common data is extracted from the first content cut data decrypted by the decryption unit 33B. As described above, the first content cut data includes the second common data as the specific information. The specific information reading unit 39B reads this specific information (second common data) from the first content cut data and sends it to the key generation unit 35B and the algorithm generation unit 36B. Based on the second common data, the key generation unit 35B and the algorithm generation unit 36B generate a key or an algorithm. This key and algorithm match the second key and algorithm created by the encryption device 11. This key and algorithm are sent to the decryption unit 33B. Using this key and algorithm, the second encrypted cut data is decrypted and returned to the content cut data.
Similarly, 3 included in the second content cut data and generated based on the third common data read by the specific information reading unit 39B and sent to the key generation unit 35B and the algorithm generation unit 36B. The third encrypted cut data is decrypted by the first key and the third algorithm.
Similarly, 4 included in the third content cut data and generated based on the fourth common data read by the specific information reading unit 39B and sent to the key generation unit 35B and the algorithm generation unit 36B. The fourth encrypted cut data is decrypted by the first key and the fourth algorithm.
The decoded data generated in this way is also sent to the connection unit 37B as the subsequent decoded data.
The content cut data generated in this way is connected together by the connection unit 37B, and is restored to the content data in the original state before being encrypted by the encryption device 11.
The content data can be reproduced by the decryption device 12.

In the fourth modification, the common data is used as the specific information. However, as described above, the key and the algorithm itself or the environment information can be used as the specific information.
When the key and the algorithm are specified information, the encryption unit 33A of the encryption device 11 includes the key and algorithm used when encrypting the second content cut data in the first content cut data. . Similarly, the encryption unit 33A can include a key and an algorithm used when encrypting the next content cut data in some content cut data. In this case, when decrypting the second and subsequent encrypted cut data, the decryption unit 33B of the decryption device 12 uses the algorithm and key extracted from the content cut data decrypted immediately before to perform the encrypted cut. What is necessary is just to decode data.
When the environment information is specified information, the encryption unit 33A of the encryption device 11 generates a key and an algorithm used when encrypting the second content cut data in the first content cut data. Include environmental information to generate common data used for Similarly, the encryption unit 33A includes environment information for generating common data for generating a key and an algorithm used for encrypting the next content cut data in certain content cut data. In this case, when the decryption unit 33B of the decryption device 12 decrypts the second and subsequent encrypted cut data, the common data generated using the environment information extracted from the content cut data decrypted immediately before the decrypted data. A key and an algorithm are generated based on, and the encrypted cut data is decrypted based on the key and algorithm.

In Modification 4, the specific information specifies a key and an algorithm for decrypting the encrypted cut data immediately after the encrypted cut data including the specific information. However, the specific information is not limited to specifying the key and algorithm for decrypting the encrypted cut data immediately after the encrypted cut data including the specific information, but the encryption including the specific information is included. What is necessary is just to specify the key and algorithm for decrypting the encrypted cut data after the cut data.
For example, the specific information may be included only in the first encrypted cut data. In this case, this specifying information may specify, for example, a common key and a common algorithm for decrypting all subsequent encrypted cut data. In such a case, the second and subsequent encrypted cut data are decrypted by the decryption device 12 with the same key and algorithm.
As another example, the specific information is included in the first encrypted cut data, the second encrypted cut data, and the third encrypted cut data. The identification information included in the encrypted cut data specifies the key and algorithm for decrypting the 3n + 1 (n is a natural number) encrypted cut data, and is included in the second encrypted cut data The specific information specifies a key and algorithm for decrypting the 3n + 2 (n is a natural number) -th encrypted cut data. The specific information included in the third encrypted cut data is 3n ( It is possible to specify a key and an algorithm for decrypting the nth encrypted cut data. In this way, the identification information identifies the key and algorithm (more specifically, at least one of them) used to decrypt the encrypted cut data after the encrypted cut data that it contained. Anything that can do is acceptable.

<< Modification 5 >>
The encryption / decryption system of Modification 5 is generally the same as the encryption / decryption system in the above-described embodiment. In short, the encryption system of the modification 4 is applied to the encryption system of the modification 2.
The encryption / decryption system of Modification 5 differs from the encryption / decryption system in the above-described embodiment in that the configuration of the encryption unit 29A in the encryption device 11 and the configuration of the decryption unit 29B in the decryption device 12 It is.
The configurations of the encryption unit 29A and the decryption unit 29B are shown in FIGS.
In the encryption unit 29A in the modification 5, as in the modification 2, the key generation unit 35A and the algorithm generation unit 36A do not exist, and the decryption device management unit 38A does not exist. Instead, a key recording unit 351A and an algorithm recording unit 361A are provided. That is, the encryption device 11 according to the modification 5 does not create a new key and algorithm.
The key recording unit 351A records at least one key corresponding to each decryption device 12, and the algorithm recording unit 361A records at least one algorithm corresponding to each decryption device 12. . The data recorded in the key recording unit 351A in the fourth modification is the same as that recorded in the key recording unit 351A in the second modification. The data recorded in the algorithm recording unit 361A in Modification 5 is the same as that recorded in the algorithm recording unit 361A in Modification 2.
In addition, as in the case of the modification example 4, the encryption unit 29A in the modification example 5 is provided with a specific information generation unit 39A. The specific information generation unit 39A generates specific information included in the encrypted cut data (at least one of them). The specific information is the same as in the fourth modification. In the fifth modification, the specific information is assumed to be common data for the time being, but the other information may be the same as in the fourth modification. The specific information generation unit 39A receives common data (second and subsequent common data) from the common data generation unit 34A and sends it to the encryption unit 33A as specific information.
As in the case of the second modification, the decryption unit 29B according to the fifth modification does not include the key generation unit 35B and the algorithm generation unit 36B, but instead includes a key recording unit 351B and an algorithm recording unit 361B. Yes. That is, each decryption device 12 in Modification 5 does not create a new key and algorithm.
At least one key is recorded in the key recording unit 351B, and at least one algorithm is recorded in the algorithm recording unit 361B. The data recorded in the key recording unit 351B is the same as that recorded in the key recording unit 351B of the second modification. The data recorded in the algorithm recording unit 361B in the fourth modification is the same as that recorded in the algorithm recording unit 361B in the second modification.
In addition, as in the case of the fourth modification, the decoding unit 29B in the fifth modification is provided with a specific information reading unit 39B. The specific information reading unit 39B reads the specific information when the content cut data includes specific information from the content cut data generated by decrypting the encrypted cut data by the decryption unit 33B. . The specific information reading unit 39B sends the read specific information to the key recording unit 351B and the algorithm recording unit 361B.

In the modified example 5, the encryption process performed by the encryption device 11 is as follows. The encryption process performed by the encryption device 11 of the modification 5 is a combination of the process of the modification 2 and the process of the modification 4.
Even in the case of the modified example 5, when the encryption process is performed, the content data is read as in the case of the above-described embodiment.
The read content data is sent to the interface unit 31A together with the identifier. The interface unit 31A sends this content data to the preprocessing unit 32A. The interface unit 31A also sends information that the content data has been received to the encryption unit 33A together with the identifier.
The content data is cut by the pre-processing unit 32A for each predetermined number of bits to be content cut data. Since the number of content cut data encrypted in the fifth modification is four as in the fourth modification, it is sufficient that at least four content cut data are generated in the fifth modification. Since the content cut data is encrypted, it is sent to the encryption unit 33A.
The encryption unit 33A encrypts the content cut data using the key read from the key recording unit 351A and the algorithm read from the algorithm recording unit 361A.
The key is read from the key recording unit 351A and the algorithm is read from the algorithm recording unit 361A and used. In the fifth modification, as in the second modification, the encryption unit 33A selects which key set. Which identifier is selected as the key reading target and which algorithm set is selected as the algorithm reading target, which key is read from the selected key set, and which algorithm is selected from the selected algorithm set Is read based on the common data generated by the common data generation unit 34A. Note that the process of reading the key and algorithm of the encryption unit 33A can be the same as in the second modification.
The method for generating the common data in the fifth modification is the same as that in the fourth modification. That is, the first common data is generated in the same manner as in the above embodiment. The method for generating the second and subsequent common data is generated on the assumption that the decoding device 12 cannot generate the same common data. The specific common data generation method in the modification example 5 can be the same as that in the modification example 4. This common data is sent from the common data generation unit 34A to the encryption unit 33A. In the case of the second and subsequent common data, it is also sent to the specific information generating unit 39A. The specific information generation unit 39A sends this common data as specific information to the encryption unit 33A.
The process when the encryption unit 33A encrypts the content cut data using the key received from the key recording unit 351A and the algorithm received from the algorithm recording unit 361A is the same as in the above-described embodiment. . As described above, the content cut data encrypted by the encryption unit 33A in the modified example 5 is only the first four pieces of the content cut data. Further, in the modified example 5, as described above, before the first four content cut data are encrypted, the last one of the content cut data is excluded (in the modified example 5, the first three cut pieces of data are excluded). ) Include specific information. The encryption method including this procedure is the same as in the fourth modification.
First, the encryption unit 33A receives, in advance, the second common data generated by the common data generation unit 34A via the specific information generation unit 39A when encrypting the first content cut data. Then, the encryption unit 33A includes the second common data (specific information) in the first content cut data. The position relative to the content cut data when the specific information is included in the content cut data can be determined in the same manner as in the fourth modification. Next, the encryption unit 33A encrypts the first content cut data including the specific information. At this time, as described above, the key and algorithm used for the encryption processing are read from the key recording unit 351A and the algorithm recording unit 361A, respectively. The key and the algorithm are read by the encryption unit 33A based on the first common data. The encrypted cut data generated in this way is sent from the encryption unit 33A to the connection unit 37A.
The encryption unit 33A encrypts the second content cut data. Prior to that, the encryption unit 33A receives the third common data generated by the common data generation unit 34A via the specific information generation unit 39A. Then, the encryption unit 33A includes the third common data (specific information) in the second content cut data. Next, the encryption unit 33A encrypts the second content cut data including the specific information. The encryption method is the same as in the fourth modification. The encrypted cut data obtained in this way is sent from the encryption unit 33A to the connection unit 37A.
Similarly, the encryption unit 33A encrypts the third content cut data. Prior to that, the encryption unit 33A includes the fourth common data (specific information) in the third content cut data. Next, the encryption unit 33A encrypts the third content cut data including the specific information. The encrypted cut data obtained in this way is sent from the encryption unit 33A to the connection unit 37A.
Next, the encryption unit 33A encrypts the fourth content cut data. This content cut data does not include specific information. The key and algorithm used by the encryption unit 33A for the encryption process are read by the encryption unit 33A based on the fourth common data. The encrypted cut data obtained in this way is sent from the encryption unit 33A to the connection unit 37A.
The encrypted cut data generated as described above is sent to the connection unit 37A. Further, the content cut data that has not been encrypted is also sent to the connection unit 37A. The connection unit 37A connects the encrypted cut data and the content cut data together to generate encrypted data.

Next, a process performed by the decryption device 12 to decrypt the encrypted data and return it to the content data will be described. The decoding process performed by the decoding device 12 according to the modification 5 is a combination of the process according to the modification 2 and the process according to the modification 4.
In the case of the modified example 5, as in the above-described embodiment, first, the encrypted data is read.
The read encrypted data is sent to the interface unit 31B of the decryption unit 29B.
The interface unit 31B sends the encrypted data to the preprocessing unit 32B and notifies the common data generation unit 34B of information that the encrypted data has been received.
The pre-processing unit 32B cuts the received encrypted data every predetermined number of bits to generate encrypted cut data. In this case, the preprocessing unit 32B has a minimum necessary role to generate four pieces of encrypted cut data.
Next, the encrypted cut data is sent to the decryption unit 33B, where it is decrypted and used as content cut data.
Decryption is executed as a process reverse to that performed by the encryption unit 33A in the encryption device 11. Therefore, the decryption device 12 requires an algorithm and a key that are used when the encryption device 11 performs encryption.
The key and algorithm used by the decryption unit 33B are read by the decryption unit 33B from the key recording unit 351B or the algorithm recording unit 361B based on the common data. The method for reading the key and algorithm is the same as in the fourth modification.
In the modified example 5, the way of obtaining the common data of the decryption unit 33B differs depending on the encrypted cut data to be decrypted. In the case of the modification 5, as in the case of the modification 4, the decryption unit 33B is generated by the common data generation unit 34B using the same initial matrix and environment information that the encryption device 11 included in the decryption device 12 has. Is done. The decryption unit 33B decrypts the first encrypted cut data using the key and algorithm read from the key recording unit 351B and the algorithm recording unit 361B based on the common data received from the common data generation unit 34B. Turn into.
Next, in the case of decrypting the second to fourth encrypted cut data, it is common to determine the key read from the key recording unit 351B and the algorithm read from the algorithm recording unit 361B. Data is required. The common data in this case is included as the specific information in the content cut data generated by decrypting the encrypted cut data immediately before, as in the case of the fourth modification, and the specific information read The unit 39B is common data read from the content cut data. The common data read by the specific information reading unit 39B is sent to the decryption unit 33B and used to decrypt the next encrypted cut data.
The second to fourth content cut data and the subsequent decrypted data are also sent to the connection unit 37B.
The content cut data generated in this way is connected together by the connection unit 37B, and is restored to the content data in the original state before being encrypted by the encryption device 11.
The content data can be reproduced by the decryption device 12.

In the fifth modification, as in the fourth modification, the key and the algorithm itself or the environment information can be specified information. When the key and the algorithm are specified information, the process when the environment information is specified information is the same as in the fourth modification.
In the modified example 5, as in the modified example 4, the specific information is specified as a key and an algorithm for decrypting the encrypted cut data after the encrypted cut data including the specific information. can do.

  Of course, the modification 4 can be combined with the modification 3 in the same manner as the modification 4 is established as the modification 5 by combining the modification 4 with the modification 2. In this case, both the encryption device 11 and the decryption device 12 newly generate one of the key and the algorithm, and select the other of the key and the algorithm from the recorded ones. 11 and the decryption device 12 make specific information available for selection of keys or algorithms.

The figure which shows the whole structure of the encryption / decryption system of embodiment. The figure which shows the hardware constitutions of the encryption apparatus contained in the encryption / decryption system shown in FIG. The block diagram which shows the structure of the encryption part of the encryption apparatus contained in the encryption / decryption system shown in FIG. The block diagram which shows the structure of the decoding part of the decoding apparatus contained in the encryption / decryption system shown in FIG. The flowchart which shows the flow of the process performed with the encryption / decryption system shown in FIG. The flowchart which shows the flow of the process of the encryption performed with the encryption apparatus of the encryption / decryption system shown in FIG. The figure which shows notionally the data recorded on the management table which the encryption apparatus of the encryption / decryption system shown in FIG. 1 has. The flowchart which shows the flow of the process of a decoding performed with the decoding apparatus of the encryption / decryption system shown in FIG. The block diagram which shows the structure of the encryption part of the encryption apparatus contained in the encryption / decryption system of the modification 2. FIG. The block diagram which shows the structure of the decoding part of the decoding apparatus contained in the encryption / decryption system of the modification 2. FIG. The block diagram which shows notionally the data recorded on the key recording part of the encryption apparatus contained in the encryption / decryption system of the modification 2. FIG. The block diagram which shows notionally the data recorded on the algorithm recording part of the encryption apparatus contained in the encryption / decryption system of the modification 2. FIG. The block diagram which shows the structure of the encryption part of the encryption apparatus contained in the encryption / decryption system of the modification 3. FIG. The block diagram which shows the structure of the decoding part of the decoding apparatus contained in the encryption / decryption system of the modification 3. FIG. The block diagram which shows the structure of the encryption part of the encryption apparatus contained in the encryption / decryption system of the modification 4. FIG. The block diagram which shows the structure of the decoding part of the decoding apparatus contained in the encryption / decryption system of the modification 4. FIG. The block diagram which shows the structure of the encryption part of the encryption apparatus contained in the encryption / decryption system of the modification 5. FIG. The block diagram which shows the structure of the decoding part of the decoding apparatus contained in the encryption / decryption system of the modification 5. FIG.

Explanation of symbols

DESCRIPTION OF SYMBOLS 11 Encryption apparatus 12 Decryption apparatus 13 Network 31A Interface part 31B Interface part 32A Preprocessing part 32B Preprocessing part 33A Encryption part 33B Decryption part 34A Common data generation part 34B Common data generation part 35A Key generation part 35B Key Generation unit 36A Algorithm generation unit 36B Algorithm generation unit 351A Key recording unit 351B Key recording unit 361A Algorithm recording unit 361B Algorithm recording unit

Claims (28)

An encryption device having encryption means for generating encrypted data by encrypting content data as content data using a key and an algorithm, and decrypting the encrypted data generated by the encryption device An encryption / decryption system comprising a plurality of decryption devices each having decryption means for decrypting using a key and an algorithm for converting the content back to content data,
The encryption means includes
A plurality of encrypted data is generated from one content data by encrypting one content data a plurality of times, and
When encrypting the content data a plurality of times, by changing at least one of the key or the algorithm, each of the plurality of encrypted data is made different from the other encrypted data. And
The decoding means includes
The encrypted data generated by the encryption device is received from the encryption device that can be decrypted by the decryption means, and is decrypted and returned to the content data.
Encryption / decryption system. An encryption device having encryption means for generating encrypted data by encrypting content data as content data using a key and an algorithm, and decrypting the encrypted data generated by the encryption device An encryption / decryption system comprising a plurality of decryption devices each having decryption means for decrypting using a key and an algorithm for converting the content back to content data, in combination with the decryption device An encryption device comprising:
The encryption means includes
A plurality of encrypted data is generated from one content data by encrypting one content data a plurality of times, and
When encrypting the content data a plurality of times, at least one of the key or the algorithm is changed to make each of the plurality of encrypted data different from other encrypted data. ,
Encryption device. The encryption means includes
Having a plurality of different keys recorded in a predetermined recording means,
In each case where the content data is encrypted a plurality of times, any one of the plurality of different keys recorded in the recording means is used.
The encryption device according to claim 2. The encryption means includes
While having a plurality of different algorithms recorded in a predetermined recording means,
In each case where the content data is encrypted a plurality of times, any one of a plurality of different algorithms recorded in the recording means is used.
The encryption device according to claim 2. A key generation unit capable of generating a plurality of different keys;
The encryption means includes
In each case where the content data is encrypted a plurality of times, a plurality of keys generated by the key generation means are used.
The encryption device according to claim 2. It has algorithm generation means that can generate multiple different algorithms,
The encryption means includes
In each case of encrypting the content data a plurality of times, a plurality of algorithms generated by the algorithm generation means are used.
The encryption device according to claim 2. A cutting means for cutting the content data and dividing it into a plurality of content cutting data;
The encryption means encrypts at least one of the plurality of content cut data in each case of encrypting the content data a plurality of times, whereby only a part of the encrypted data is encrypted. And at least one of a key or an algorithm used when encrypting at least one of the plurality of content cut data is changed for each case of generating encrypted data. It looks like
The encryption device according to claim 2. The encryption means is configured to encrypt one of a plurality of the content cut data in each case of encrypting the content data a plurality of times.
The encryption device according to claim 7. The encryption means encrypts some of the content cut data from one of the heads in each case of encrypting the content data multiple times.
The encryption device according to claim 7. The encryption means encrypts all of the plurality of content cut data in each case of encrypting the content data multiple times.
The encryption device according to claim 7. The encryption means includes
Having a plurality of different keys recorded in a predetermined recording means,
In each case where at least one of the plurality of content cut data is encrypted, any one of the plurality of different keys recorded in the recording means is used.
The encryption device according to claim 7. The encryption means includes
While having a plurality of different algorithms recorded in a predetermined recording means,
In each case of encrypting at least one of the plurality of content cut data, any one of the plurality of different algorithms recorded in the recording means is used.
The encryption device according to claim 7. The encryption means includes
And encrypting two or more of the plurality of content cut data,
And having a plurality of different key sets that are a plurality of different keys in a set recorded in a predetermined recording means,
In each case of encrypting two or more of the plurality of content cut data, a plurality of keys included in a key set selected from any of the plurality of key sets are used. Each is encrypted,
The encryption device according to claim 7. The encryption means includes
And encrypting two or more of the plurality of content cut data,
It has a plurality of different algorithm sets that are a plurality of different algorithms in a set and recorded in a predetermined recording means,
In each case where two or more of the plurality of content cut data are encrypted, the content cut data is transmitted using a plurality of algorithms included in an algorithm set selected from any of the plurality of algorithm sets. Each is encrypted,
The encryption device according to claim 7. A key generation unit capable of generating a plurality of different keys;
The encryption means includes
In each case where at least one of the plurality of content cut data is encrypted, a plurality of keys generated by the key generation means are used.
The encryption device according to claim 7. It has algorithm generation means that can generate multiple different algorithms,
The encryption means includes
In each case where at least one of the plurality of content cut data is encrypted, a plurality of algorithms generated by the algorithm generation means are used.
The encryption device according to claim 7. A plurality of key generation means capable of generating a key set that is a plurality of different keys;
The encryption means includes
And encrypting two or more of the plurality of content cut data,
In each case of encrypting two or more of the plurality of content cut data, a plurality of keys included in a key set generated by a key generation unit selected from any of the plurality of key generation units Each of the content cut data is encrypted using:
The encryption device according to claim 7. A plurality of algorithm generation means capable of generating an algorithm set that is a plurality of different algorithms,
The encryption means includes
And encrypting two or more of the plurality of content cut data,
In each case of encrypting two or more of the plurality of content cut data, a plurality of algorithms included in an algorithm set generated by an algorithm generation unit selected from any of the plurality of algorithm generation units Each of the content cut data is encrypted using:
The encryption device according to claim 7. The encryption means includes the content cut data positioned after the content cut data in an encrypted state in at least one of the content cut data excluding the last one to be encrypted. Specific information for specifying at least one of a key and an algorithm necessary for decryption is included.
The encryption device according to claim 9 or 10. Means for recording encrypted data on a portable recording medium;
The encryption device according to claim 2. A transmission means for sending the encrypted data to the decryption device via a network to which at least one decryption device is connected;
The transmission means is configured to transmit encrypted data that can be decrypted by the decryption device to the decryption device.
The encryption device according to claim 2. An encryption device that encrypts content data, which is data about content, using a key and an algorithm to generate encrypted data, and a key and algorithm for decrypting the encrypted data generated by the encryption device An encryption / decryption system comprising a plurality of decryption devices that are decrypted by using a decryption device and returned to content data is executed by an encryption device configured in combination with the decryption device. ,
The encryption device is
Generating a plurality of the encrypted data from the one content data by encrypting the one content data a plurality of times,
In encrypting the content data a plurality of times, by changing at least one of the key or the algorithm, each of the plurality of encrypted data is different from other encrypted data.
Encryption method. A given computer,
An encryption device that encrypts content data, which is data about content, using a key and an algorithm to generate encrypted data, and a key and algorithm for decrypting the encrypted data generated by the encryption device An encryption / decryption system comprising a plurality of decryption devices that are decrypted using the above and returned to content data, in combination with the decryption device,
Is a program for functioning as
In the computer,
A process of generating a plurality of the encrypted data from the one content data by encrypting the one content data a plurality of times;
When encrypting the content data a plurality of times, by changing at least one of the key or the algorithm, each of the plurality of encrypted data is different from other encrypted data ,
program. Encryption means for generating encrypted data by encrypting content data, which is data about content, using a key and an algorithm, and by encrypting one content data a plurality of times, Each of the plurality of encrypted data is changed by changing at least one of the key or the algorithm when the content data is encrypted a plurality of times. An encryption device having a configuration different from that of the encrypted data, and a key and an algorithm for decrypting the encrypted data generated by the encryption device A plurality of decryption devices having decryption means for converting them into content data. The encryption and decryption systems comprising Te, a decoding apparatus constituting a combination of the encryption device,
The decoding means includes
One of a plurality of the encrypted data generated by the encryption device can be decrypted.
Decryption device. A decryption device recording means for recording a key and an algorithm for decrypting one of the plurality of encrypted data generated by the encryption device;
The decryption means uses a key and algorithm read from the decryption device recording means when decrypting one of the encrypted data.
The decoding device according to claim 24. A decryption device generating means for generating at least one of a key and an algorithm for decrypting one of the plurality of encrypted data generated by the encryption device;
The decryption means uses at least one of the key and the algorithm generated by the decryption device generation means when decrypting one of the encrypted data.
The decoding device according to claim 24. Encryption means for generating encrypted data by encrypting content data, which is data about content, using a key and an algorithm, and by encrypting one content data a plurality of times, Each of the plurality of encrypted data is changed by changing at least one of the key or the algorithm when the content data is encrypted a plurality of times. An encryption device having a configuration different from that of the encrypted data, and a key and an algorithm for decrypting the encrypted data generated by the encryption device A plurality of decryption devices having decryption means for converting them into content data. The encryption and decryption systems comprising Te, a method performed by the decoding apparatus constituting a combination of the encryption device,
The decoding device
Including a step of decrypting one of the plurality of encrypted data generated by the encryption device,
Method. A given computer,
Encryption means for generating encrypted data by encrypting content data, which is data about content, using a key and an algorithm, and by encrypting one content data a plurality of times, Each of the plurality of encrypted data is changed by changing at least one of the key or the algorithm when the content data is encrypted a plurality of times. An encryption device having a configuration different from that of the encrypted data, and a key and an algorithm for decrypting the encrypted data generated by the encryption device A plurality of decryption devices having decryption means for converting them into content data. The encryption and decryption systems comprising Te, decoding apparatus constituting a combination of the encryption device,
Is a program for functioning as
In the computer,
For executing a process of decrypting one of the plurality of encrypted data generated by the encryption device;
program.

Images