JP2017158034A - Communication device and communication method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a communication device and a communication method having a copyright protection function. SOLUTION: For example, a legitimate manufacturer completes a predetermined communication procedure immediately before shipping a device incorporating a chip or a circuit module in which an initial copyright protection function is disabled from a factory to protect the copyright. By enabling the function, only legitimate equipment is put on the market. In addition, the above-mentioned predetermined list is managed only when the exclusion target list for registering the identification information of the invalid device is managed and each device is not registered in the exclusion target list when the enabled device activates the disabled device. Allows the communication procedure to be completed. [Selection diagram] Fig. 1

Description

  The technology disclosed in the present specification relates to a communication apparatus and a communication method having a copyright protection function.

  The digitized content is relatively easy to perform illegal operations such as copying and falsification. Therefore, there is a need for a mechanism for preventing unauthorized use involved in content transmission, that is, a copyright protection mechanism, while allowing the use of personal or household content. As an industry standard technique regarding transmission protection of digital contents, there is DTCP (Digital Transmission Content Protection) managed by DTLA (Digital Transmission Licensing Administrator) (for example, see Patent Document 1).

  In the future, as ultra-high definition (UHD) content called 4K or 8K becomes more widespread, the demand for copyright protection will increase.

JP2015-103890A

  An object of the technology disclosed in this specification is to provide a communication device and a communication method having a copyright protection function.

  The technology disclosed in this specification has been made in consideration of the above-mentioned problems, and the technology described in the first is that the copyright protection function is invalidated by completing a predetermined communication procedure with a predetermined device. It is a communication device that activates a product in a state.

  According to the second aspect of the technology disclosed in the present specification, the communication device according to the first aspect is based on an authentication unit that performs authentication with the predetermined device, and information received by the authentication unit. A verification unit that verifies the predetermined device and the product; and an validation unit that activates the product based on a verification result by the verification unit.

  According to the third aspect of the technology disclosed in the present specification, the predetermined device includes a device certificate including information for identifying the predetermined device. The verification unit of the communication device according to the second aspect is configured to verify the validity of the predetermined device based on the information of the device certificate of the predetermined device.

  According to a fourth aspect of the technology disclosed in the present specification, the verification unit of the communication device according to the second aspect is configured to check whether the predetermined device is included in the exclusion target list. ing.

  According to a fifth aspect of the technology disclosed in this specification, the product is connected to the predetermined device. And the said authentication part of the communication apparatus which concerns on a 2nd side is comprised so that the authentication process of the said product may be performed through the said predetermined apparatus.

  According to a sixth aspect of the technology disclosed in the present specification, the verification unit of the communication device according to the fifth aspect is configured to check whether the product is included in an exclusion target list. Yes.

  According to a seventh aspect of the technology disclosed in this specification, the verification unit of the communication device according to the fifth aspect is configured to check whether the product has been validated in the past. .

  According to the eighth aspect of the technology disclosed in this specification, when the communication device according to the second aspect has been successfully verified by the verification unit, the copyright protection function is enabled by the validation unit. A device certificate indicating that the device is present is configured to be given to the product.

  According to a ninth aspect of the technology disclosed in this specification, the communication apparatus according to the second aspect includes a device certificate including information identifying that the product has an authority to enable a copyright protection function of the product. The book is further provided.

The tenth aspect of the technology disclosed in this specification is:
A first step of performing a predetermined communication procedure with a predetermined device;
A second step of enabling a product whose copyright protection function is in an invalid state upon completion of the predetermined communication procedure;
Is a communication method.

  An eleventh aspect of the technology disclosed in the present specification is a communication apparatus that communicates with the communication apparatus according to the first aspect and the product, and executes the predetermined communication procedure as the predetermined apparatus.

  According to a twelfth aspect of the technology disclosed in this specification, a communication device according to an eleventh aspect includes a communication device according to the first aspect, an authentication unit that performs authentication, and a communication device according to the first aspect. And a relay unit for relaying between the products.

  According to a thirteenth aspect of the technology disclosed in this specification, the relay unit of the communication device according to the twelfth aspect may include the communication device according to the first aspect after the authentication by the authentication unit is completed. It is configured to challenge between products and forward signed messages.

  According to a fourteenth aspect of the technology disclosed in this specification, the communication apparatus according to the twelfth aspect further includes a device certificate including information for identifying the predetermined apparatus.

Further, the fifteenth aspect of the technology disclosed in this specification is:
A first step of communicating with the communication device according to the first aspect and the product, and executing the predetermined communication procedure as the predetermined device;
A second step of enabling a product whose copyright protection function is in an invalid state upon completion of the predetermined communication procedure;
Is a communication method.

  A sixteenth aspect of the technology disclosed in the present specification is a communication device that validates an invalid copyright protection function by completing a predetermined communication procedure with a predetermined device.

  According to a seventeenth aspect of the technology disclosed in this specification, a communication device according to a sixteenth aspect includes a communication device according to the first aspect and an authentication unit that performs authentication via the predetermined device; A verification unit that verifies the communication device according to claim 1 based on information received by the authentication unit, and an validation unit that validates a copyright protection function based on a verification result by the verification unit. It has.

  According to an eighteenth aspect of the technology disclosed in this specification, the communication apparatus according to the first aspect includes a device certificate including information identifying that the user has the authority to enable the copyright protection function. ing. The verification unit of the communication device according to the seventeenth aspect verifies the validity of the communication device according to claim 1 based on the information of the device certificate of the communication device according to claim 1. It is configured.

  According to a nineteenth aspect of the technology disclosed in this specification, a communication device according to the seventeenth aspect includes a device certificate indicating that the copyright protection function is invalid in an initial state. When the verification by the verification unit is successful, the validation unit receives a device certificate indicating that the copyright protection function is valid from the communication device according to claim 1 and replaces the device certificate. It is configured.

Further, the twentieth aspect of the technology disclosed in this specification is:
A first step of performing a predetermined communication procedure with a predetermined device;
A second step of enabling an invalid copyright protection function upon completion of the predetermined communication procedure;
Is a communication method.

  According to the technology disclosed in the present specification, it is possible to provide a communication device and a communication method having a copyright protection function.

  In addition, the effect described in this specification is an illustration to the last, and the effect of this invention is not limited to this. In addition to the above effects, the present invention may have additional effects.

  Other objects, features, and advantages of the technology disclosed in the present specification will become apparent from a more detailed description based on the embodiments to be described later and the accompanying drawings.

FIG. 1 is a diagram showing a schematic configuration example of a copyright protection system 100 to which the technology disclosed in this specification is applied. FIG. 2 is a diagram showing a predetermined communication procedure for validating a disabled sink. FIG. 3 is a diagram illustrating a predetermined communication procedure for validating an invalid source. FIG. 4 is a diagram showing a procedure of challenge / response authentication performed between the source and the sink. FIG. 5 is a diagram illustrating a data configuration example of the device certificate of the product 120. FIG. 6 is a diagram illustrating a data configuration example of the device certificate of the validation device 111. FIG. 7 is a diagram illustrating a data configuration example of the device certificate of the validation server 130. FIG. 8 is a diagram schematically illustrating a processing procedure executed by a communication device operating as the product 120 (Sink or Source). FIG. 9 is a diagram schematically illustrating a processing procedure executed by the communication device operating as the validation server 130. FIG. 10 is a diagram schematically illustrating a processing procedure executed by a communication device that operates as the validation device 111. FIG. 11 is a diagram schematically illustrating a functional configuration of the communication device 1100 that operates as the validation server 130. FIG. 12 is a diagram schematically illustrating a functional configuration of the communication device 1200 that operates as the validation device 111. FIG. 13 is a diagram schematically illustrating a functional configuration of the communication device 1300 that operates as the product 120.

  Hereinafter, embodiments of the technology disclosed in this specification will be described in detail with reference to the drawings.

  DTCP managed by DTLA is an example of an industry standard technique related to transmission protection of digital content (see, for example, Patent Document 1). Basically, digital content is protected by always encrypting data when it is transmitted between devices and not outputting it in plain text.

  In DTCP, encrypted transmission of content is performed based on a certificate managed by DTLA. The mechanism of the copyright protection system according to DTCP will be briefly described. A device certificate issued by DTLA is embedded in the DTCP-compliant device. A device that transmits content (hereinafter also referred to as “Source”) and a device that receives content (hereinafter also referred to as “Sink”) have a counterpart device certificate signed by a certification authority (CA). By verifying with the public key issued by the certificate authority, it is possible to confirm that the devices are regular DTCP-compliant devices, and share the authentication key. Then, Source and Sink use this authentication key to exchange information for generating a content encryption key.

  However, if a product that circumvents such a copyright protection mechanism, such as an illegal product that receives encrypted content and outputs it as plain text after decryption, content is sold. It will be a big blow for the provider.

  For example, if a chip or circuit module compatible with a copyright protection system is distributed to an unauthorized manufacturer in a state where information necessary for encrypted transmission is already embedded, the chip or circuit module can be incorporated as it is. Unauthorized products compatible with copyright protection systems can be manufactured. Incidentally, in DTCP, “information necessary for encrypted transmission” includes a device certificate (device certificate) and a device private key (key).

  By supplying chips and circuit modules that are compatible with the copyright protection system only to licensees who have signed a license agreement for the copyright protection system, only products that meet the license regulations will be sold. In this case, distribution channels for chips and circuit modules must be strictly managed.

  On the other hand, the present applicant proposes technologies (1) to (4) for eliminating products that bypass the copyright protection mechanism.

Technology (1)
As technology (1), the copyright protection function of the product is invalidated in the initial state, and the copyright protection function of the product is validated by completing a predetermined communication procedure with a predetermined tool. For example, a legitimate manufacturer (licensee) completes a predetermined communication procedure immediately before shipping a product incorporating a chip or a circuit module in an initial state (ie, a copyright protection function is invalid) from a factory. By enabling the copyright protection function, only legitimate products are distributed in the market.

Technology (2)
As technology (2), as will be described later, an NA (Non-activated) flag indicating that the copyright protection function is in an invalid state is provided in the device certificate, and in the invalid state, the NA flag is asserted (NA = 1) If the state is valid, the NA flag is negated (NA = 0). In the product in the initial state, a device certificate indicating that the copyright protection function is invalid (NA flag is asserted) is embedded. When a predetermined communication procedure is completed, a copyright protection function is created by generating a device certificate indicating that the copyright protection function is valid (negating the NA flag) and updating it to the device certificate of the product. It becomes the valid state.

Technology (3)
As technology (3), the legitimacy of a device or product that implements the predetermined communication procedure for validating the copyright protection function is managed. Specifically, the legitimacy of a device or product is managed using an exclusion target list that registers unauthorized device or product identification information (Device ID). An activation server (described later) that updates the device certificate of a product is copyrighted only when the identification information of the target product and the activation device (described later) interposed between the server and the product is not in the exclusion list. A predetermined communication procedure for enabling the protection function can be completed. As a result, it becomes impossible for the unauthorized activation device to validate the invalid product or to validate the invalid invalid product.

  As will be described later, by providing activation identification information (Activation ID: AID) identifying the role related to the copyright protection function in the device certificate embedded in each device, the validity of the activation server and the activation device is managed. can do. As will be described later, the AID of the validation server is set to “2”, the AID of the validation device is set to “1”, and the AID of the product to be validated is set to “0”.

Technology (4)
As the technique (4), the predetermined communication procedure for enabling the copyright protection function can be completed only when the invalid product has not been enabled in the past. As one fraud pattern, it is assumed that a device certificate array key that should be prohibited by the copyright protection system is embedded in a plurality of products, chips, and circuit modules. Therefore, if the identification information of the product to be activated (ID in the device certificate) is the same as the product activated in the past, it is assumed that the copy has been made and the predetermined communication procedure is canceled. Do not activate. In order to prevent duplication in this way, the identification information (ID in the device certificate) is recorded when the product is activated so that it can be referred to thereafter.

  FIG. 1 shows a schematic configuration example of a copyright protection system 100 to which the above-described techniques (1) to (4) disclosed in this specification are applied. In the following description, the copyright protection system 100 is described as realizing copyright protection based on DTCP managed by DTLA. Also, it is assumed that the copyright protection system 100 employs a public key cryptosystem.

  Each licensee's factories 110-1, 110-2,..., Which have a license agreement for a copyright protection system, are provided with activation devices (Activation Tool: AT) 111-1, 111-2,. .

  In each factory 110-1, 110-2,..., A predetermined communication procedure for validating the copyright protection function is performed on the invalid product 120 immediately before shipment. The validation is performed by updating the device certificate of the product 120, but the validation device 111 is interposed between the validation server 130 (described later) that gives a new device certificate and the product 120. The product 120 referred to here corresponds to a DTCP-compliant device (DTCP Source and Sink). The enabling device 111 behaves like a sink for a product 120 that is a source, and behaves like a source for a product 120 that is a sink.

  The DTLA Activation server (hereinafter also referred to as “validation server”) 130 controls processing for validating the invalid product 120 intervening by the respective validation devices 111-1, 111-2,. The product 120 is validated by completing the predetermined communication procedure with the validation server 130 and updating the device certificate through the intervention of the validation devices 111-1, 111-2,. The validation server 130 is placed under direct management of, for example, DTLA.

  The certificate authority (CA) 140 manages a device certificate (device certificate) of each device under the management of DTLA (or to be a management target of DTLA). That is, the certificate authority 140 issues a device certificate for each device and is embedded in each device. A device to which the certificate authority 140 issues a device certificate is deployed at a product 120 manufactured and shipped at each factory 110-1, 110-2,... And at each factory 110-1, 110-2,. , And an activation server 130 are included.

  FIG. 5 shows a data configuration example of the device certificate of each product 120. The device certificate of the product includes activation identification information (AID) for identifying a role related to the activation of the copyright protection function, an NA flag indicating whether the copyright protection function is invalid, and device identification information (Device). ID), a public key of the product (Device Public Key), and a signature (CA signature) calculated by the certificate authority (CA) using its own private key for the above information. The product 120 is assigned AID = 0. In addition, the NA flag of the product 120 in the initial state is asserted (NA = 1), indicating that the copyright protection function is in an invalid state. The predetermined communication procedure is completed, and the NA certificate is replaced with a negated (NA = 0) device certificate. Details of this point will be described later.

  FIG. 6 shows a data configuration example of the device certificate of the validation device 111. The device certificate of the enabling device 111 includes activation identification information (AID) for identifying a role related to the activation of the copyright protection function, an NA flag indicating whether the copyright protection function is in an invalid state, and device identification. Information (Tool ID), the public key of the validation device 111 (Device Public Key), and the signature (CA signature) calculated by the certificate authority (CA) using its private key for the above information. It is out. The validation device 111 is assigned AID = 1. Therefore, it is possible to check the validity of the validation device 111 (that is, a predetermined communication procedure for validating the product 120 can be performed) depending on whether or not AID = 1. The NA flag of the enabling device 111 is negated to indicate that the copyright protection function is in an enabled state.

  FIG. 7 shows a data configuration example of the device certificate of the validation server 130. The data structural example of the apparatus certificate of the validation server 130 is shown. The device certificate of the activation device server 130 includes activation identification information (AID) for identifying a role related to the activation of the copyright protection function, an NA flag indicating whether the copyright protection function is invalid, Identification information (Authentication Server ID), public key of the validation server 130 (Device Public Key), and signature (CA signature) calculated by the certificate authority (CA) using its own private key for the above information Is included. The validation server 130 is assigned AID = 2. Therefore, whether or not the validation server 130 has the authority to activate the copyright protection function depending on whether or not AID = 2 in the device certificate of the validation server 130 (that is, the validation server 130 and the predetermined server It is possible to check whether or not the product 120 can be validated by completing the communication procedure. Further, the NA flag of the validation server 130 is negated to indicate that the copyright protection function is valid.

  In each device certificate shown in FIGS. 5 to 7, the role of the copyright protection function is not the activation identification information (AID) but the device identification information (Device ID, Tool ID, Authentication Server ID). May be identified.

  In addition, the product 120, the validation device 111, and the validation server 130 have a certificate authority public key (CA public Key) in order to verify the authenticity of the signature (CA signature) received from the communication partner. .

  In FIG. 2, the validation is performed between the validation server 130 and the sink through the validation device 111 for validating the DTCP sink (hereinafter, simply “sink”) as the invalid product 120. A predetermined communication procedure is shown.

  The communication procedure shown in FIG. 2 basically conforms to a general challenge / response authentication procedure performed between the source and sink of DTCP. Accordingly, the sink can regard the enabling device 111 as a source and execute this predetermined communication procedure (in other words, the sink is minimally modified for the invalid state enabling process).

  Before starting a predetermined communication procedure, Sink possesses a device certificate issued by the certificate authority 140, which indicates that the NA flag = 1 and the copyright protection function is invalid. To do. As will be described later, when the predetermined communication procedure shown in FIG. 2 is completed, the sink is sent from the activation server 130 (NA = 0, indicating that the copyright protection function is in an enabled state). Update to a device certificate.

  First, in accordance with a general challenge-response authentication procedure, a random challenge (P ′s random challenge) generated by Sink and a device certificate (P ′) as a challenge from the sink (P) to the validation device 111. s Certificate) is transmitted (T201).

  As described above, the sink device certificate includes the NA flag. The NA of the sink device certificate before validation is “1”. Devices other than the enabling device 111 are designed to check the other party's NA flag and interrupt authentication if the value is 1 (ie, the copyright protection function is disabled).

  The validation device 111 (Y) starts authentication with the validation server 130 triggered by receiving a random challenge and a device certificate from the sink. That is, the validation device 111 transmits a random challenge (Y's random challenge) and a device certificate (Y's Certificate) generated by itself as a challenge to the validation server 130 (X) (T202). .

  The validation server 130 verifies the authenticity and correctness of the device certificate (Y's Certificate) received from the validation device 111, and the identification information (Tool ID) of the validation device 111 is an exclusion target list (revocation). (List) is checked (T203).

  Here, since the signature created by the certificate authority 140 is attached to the device certificate (Y's Certificate), the validation server 130 uses the public key of the certificate authority 140 to authenticate the device certificate. Can be verified (Verify Y's Cert) (hereinafter the same). In addition, the validity of the validation apparatus 111 can be checked based on whether or not the value of the AID of the device certificate (Y ′s Certificate) is “1”. In addition, for checking the exclusion target list, an SRM (System Renewability Message) defined for transmitting unauthorized device authorization information in DTCP can be used (Examine SRM # 1), and the device indicated by SRM # 1 ( In this case, the validation device 111) is revoked at the time of authentication (the same applies hereinafter).

  The validation server 130 suspends the processing when the verification of at least one of the authenticity and correctness of the device certificate of the validation device 111 fails or the validation device 111 is included in the exclusion target list. (Abort) to make it impossible to complete a predetermined communication procedure.

  On the other hand, if the verification of the authenticity and correctness of the device certificate of the validating device 111 is successful and the validating device 111 is not included in the exclusion target list, the validating server 130 performs predetermined communication. Continue the procedure. That is, in response to the challenge from the validation device 111, the validation server 130 creates a random challenge (X's random challenge # 1) and a device certificate (X's Certificate) that it creates. (T204).

  The validation device 111 verifies the authenticity of the device certificate (X's Certificate) received from the validation server 130 (T205). At this time, if the value of the AID of the certificate is not “2”, the processing may be aborted so that a predetermined communication procedure cannot be completed.

  If the validation device 111 fails to verify the authenticity of the device certificate of the validation server 130, the validation device 111 aborts the processing and makes it impossible to complete a predetermined communication procedure. On the other hand, when the authenticity of the device certificate of the validation server 130 is successfully verified, a predetermined communication procedure is continued.

  The validation device 111 receives a message including a random challenge (P's random challenge) and a device certificate (P's Certificate) received from the sink during authentication with the validation server 103, and the validation device 111. A response (Y's message with signature) composed of a signature calculated with the secret key is transmitted to the validation server 130 (T206). This is a response to the challenge from the validation server 130 to the validation device 111 and at the same time a challenge from the sink to the validation server 130.

  Note that the signature calculation for the signed message reflects the random challenge (in this case, X's random challenge # 1) received from the destination of the message (the same applies hereinafter). When calculating the signature, it is necessary to reflect the other party's random challenge. For example, the data for the data obtained by concatenating the data of the message (Y's message) and (X's random challenge # 1) is valid. It is generated using the secret key of the encryption device 111.

  The validation server 130 verifies the authenticity of the signature attached to the message of the validation device 111 (T207). Specifically, the authenticity of the signature is verified by using the public key (Device Public Key) included in the device certificate of the validation device 111 and the random challenge (random challenge # 1) sent by itself. Further, the validation server 130 verifies the authenticity of the sink device certificate (P's Certificate) stored in the message by signature verification (Verify P's Cert). The validation server 130 checks whether the identification information (Device ID) of the sink is included in the exclusion target list (Examine SRM # 2). Further, it may be checked whether the sink has been validated in the past (Examine History) so that the device certificate that can have only one product may not be validated even if it is embedded in a plurality of products.

  The validation server 130 fails to verify the authenticity of the sink device certificate, or aborts the processing if the sink is included in the exclusion target list or has been validated in the past. The predetermined communication procedure cannot be completed. Further, the validation server 130 may check the NA flag of the sink device certificate, and if the value is “0”, the sink may be validated and the processing may be interrupted.

  On the other hand, if the validation server 130 succeeds in verifying the authenticity of the sink device certificate and the sink is not in the exclusion target list and has not been validated in the past, the validation server 130 continues the predetermined communication procedure. . That is, the validation server 130 transmits a response including a message (X ′s message # 1) with a signature (signature # 1) to the validation device 111 (T208). Here, since there is no need to transmit information, the message (X's message # 1) may be arbitrary data. Then, the signature (signature # 1) for the data obtained by concatenating the message and the random challenge (Y's random challenge) of the validation device 111 is calculated using the secret key of the validation server 130.

  In response to this, the validation apparatus 111 verifies the authenticity of the signed message (T209). Specifically, by using the public key of the validation server 130 included in the device certificate (X's Certificate) of the validation server 130 and the random challenge (Y's random challenge) sent by itself, Verify the signature. If the verification is successful, authentication between the validation server 130 and the validation device 111 is completed.

  When the authentication between the enabling server 130 and the enabling device 111 is completed, the enabling server 130 continues the authentication with the sink. However, communication between the validation server 130 and the sink is always performed via the validation device 111.

  The validation server 130 transmits a random challenge (X's random challenge # 2) and a device certificate (X's Certificate) generated by itself as a response to the challenge from the sink to the validation device 111 (T210). ).

  The Sink verifies the authenticity of the received device certificate (X's Certificate) via the validation device 111 (Verify X'Cert) and verifies the validity of the validation server 130 (T211). The validity of the validation server 130 can be checked based on whether or not the AID value of the device certificate (X's Certificate) of the validation server 130 is “2”. Note that AID = 2 is operated so that only the device certificate of the validation server 130 has (see FIG. 7).

  The Sink fails to verify the authenticity of the device certificate of the validation server 130, or aborts the processing if the AID value of the certificate is not “2”, and performs a predetermined communication procedure. Is impossible to complete.

  On the other hand, if the verification of the authenticity of the device certificate of the validation server 130 and the validation of the validity of the validation server 130 are successful, the sink continues a predetermined communication procedure.

  Next, the validation server 130 transmits a message (X ′s message # 2) with a signature (signature # 2) to the sink via the validation device 111 (T212). Note that the validation server 130 generates a signed message addressed to the Sink separately from the signed message addressed to the validation device 111. Since there is no message to be sent here, the message (X's message # 2) may be arbitrary data.

  The Sink verifies the authenticity of the signed message (T213), and then sends the signed message (P's message with signature) to the validation server 130 via the validation device 111 (T214). . Since there is no message to be sent here, the message (P's message) may be a random number. On the other hand, the validation server 130 verifies the authenticity of the signed message from the sink (T215), and the authentication between the validation server 130 and the sink is completed.

  Completion of authentication between the validation server 130 and the sink corresponds to completion of a predetermined communication procedure. Therefore, at T215, the validation server 130 prepares a new device certificate (P's new Certificate) indicating that the copyright protection function is valid (NA flag is negated).

  Then, the validation server 130 transmits a new device certificate (P's new Certificate) to the sink via the validation device 111 (T216). The validation server 130 stores the identification information (Device ID) of the device certificate transmitted to the sink as a past validation (history) (record P's ID).

  The Sink updates the received device certificate (Replace P's Cert) to the valid state of the copyright protection function (T217). Sink will succeed in authenticating with any source product by using a new device certificate.

  When the communication procedure shown in FIG. 2 is summarized, the sink and the validation device 111 follow a general challenge / response authentication procedure, and if the authentication is successful, the validation device 111 sends a new device certificate to the sink. A letter is sent. This communication procedure starts when a random challenge and a device certificate are sent from the sink to the validation device 111. The sink device certificate includes an NA flag, and NA = 1 before validation. Note that communication devices other than the validation device 111 are designed to check the NA flag of the partner device certificate at the time of challenge / response authentication, and if the value is 1, the authentication is interrupted. In addition, when the validation device 111 receives a random challenge and a device certificate from the sink, the validation device 111 performs challenge / response authentication with the validation server 130.

  Also, FIG. 3 shows the implementation between the validation server 130 and the source through the validation device 130 for validating the DTCP Source (hereinafter simply referred to as “Source”) as the invalid product 120. The predetermined communication procedure is shown.

  The communication procedure shown in FIG. 3 basically conforms to a general challenge / response authentication procedure performed between the source and sink of DTCP. Therefore, the source can execute the predetermined communication procedure by regarding the enabling device 130 as a sink (in other words, the source is minimally modified for the invalidation enabling process). Further, the device certificate and signature authenticity verification method and signature calculation method are the same as those described in FIG.

  Before starting the predetermined communication procedure, it is assumed that the Source possesses a device certificate issued by the certificate authority 140 and indicated to be invalid with NA flag = 1. As will be described later, when the predetermined communication procedure shown in FIG. 3 is completed, the source is updated to the device certificate (indicated as being valid when NA = 0) sent from the validation server 130. .

  First, authentication with the activation server 130 is started by using the activation device 111 as a trigger (for example, an operator in the factory 110). That is, the validation device 111 transmits a random challenge (Y's random challenge) and a device certificate (Y's Certificate) generated by itself as a challenge to the validation server 130 (X) (T301). .

  The validation server 130 verifies the authenticity and correctness of the device certificate (Y's Certificate) received from the validation device 111, and the identification information (Tool ID) of the validation device 111 is an exclusion target list (revocation). (List) is checked (T302).

  The validation server 130 can verify the authenticity of the received device certificate (Y's Certificate) using the public key of the certificate authority. Further, the validity of the validation apparatus 111 can be checked based on whether or not the AID value of the received device certificate (Y ′s Certificate) is “1”. In addition, using the SRM (Examine SRM # 1), the enabling device 111 included in the exclusion target list can be revoked. If at least one of the authenticity and correctness of the device certificate of the validation device 111 cannot be confirmed, or if it is in the exclusion target list, the validation server 130 aborts the process and performs predetermined communication. Make the procedure incomplete. On the other hand, if both the authenticity and correctness of the device certificate of the enabling device 111 can be confirmed and the enabling device 111 is not in the exclusion target list, the enabling server 130 continues a predetermined communication procedure. .

  Upon receiving a challenge from the enabling device 111, the enabling server 130 starts authentication with the enabling device 111 and authentication with the Source (Q) at the same time. However, communication between the validation server 130 and the source is always performed via the validation device 111.

  The validation server 130 continues to authenticate with the validation device 111 (triggered by a challenge from the validation device 111), so that it generates a random challenge (X's random challenge # 1) and a device certificate. (X's Certificate) is transmitted to the validation device 111 (T303).

  The validation device 111 verifies the authenticity of the device certificate (X's Certificate) received from the validation server 130 using the public key of the certificate authority (T304). If the validation device 111 fails to verify the authenticity of the device certificate of the validation server 130, the validation device 111 aborts the processing and makes it impossible to complete a predetermined communication procedure. On the other hand, when the authenticity of the device certificate of the validation server 130 is successfully verified, a predetermined communication procedure is continued. If the AID value of the certificate is not “2”, the processing may be aborted so that a predetermined communication procedure cannot be completed.

  In addition, the validation server 130 authenticates the source with a random challenge (X's random challenge # 2) and a device certificate (X's Certificate) that are generated by the validation server 130 via the validation device 111. Transmit (T305).

  The source verifies the authenticity of the received device certificate (X's Certificate) via the validation device 111 (Verify X'Cert) and verifies the validity of the validation server 130 (T306). The validity of the validation server 130 can be checked based on whether or not the AID value of the device certificate (X's Certificate) of the validation server 130 is “2”. Note that AID = 2 is operated so that only the device certificate of the validation server 130 has (see FIG. 7).

  If the verification of the authenticity of the device certificate of the validation server 130 fails or the value of the AID of the certificate is not “2”, the source aborts the processing and performs a predetermined communication procedure. Is impossible to complete. On the other hand, if the verification of the authenticity of the device certificate of the validation server 130 and the validation of the validation server 130 and the source itself are successful, the source continues a predetermined communication procedure.

  The Source transmits a random challenge (Q's random challenge) and a device certificate (Q's Certificate) generated by itself to the validation device 111 (T307).

  As described above, the source device certificate includes the NA flag. The NA of the source device certificate before validation is “1”. Devices other than the enabling device 111 are designed to check the other party's NA flag and interrupt authentication if the value is 1 (ie, the copyright protection function is disabled).

  During authentication with the validation server 103, the validation device 111 adds a signature to a message including (Q's random challenge) and a device certificate (Q's Certificate) received from the source (Y's message). With signature), it is transmitted to the validation server 130 as a response to the challenge from the validation server 130 (T308). The signature here is for the data obtained by concatenating the message (Y's message) and the random challenge (X's random challenge # 1) from the validation server 130, using the secret key of the validation device 111. Generate. T308 is also a transmission of a challenge from the source to the validation server 130 at the same time.

  When the validation server 130 receives the response from the validation device 111, the validation server 130 verifies the signature attached to the message, the public key included in the device certificate of the validation device 111, and the random challenge (random) sent by itself. challenge # 1) (Verify signed message). Further, the validation server 130 verifies the authenticity of the source device certificate (Q's Certificate) stored in the message by verifying the signature (Verify Q's Cert), and also identifies the source identification information (Device ID). Is not in the exclusion target list (Examine SRM # 2). Furthermore, it may be checked whether the source has been validated in the past (Examine History) (T309).

  The validation server 130 aborts the processing if the verification of the authenticity of the source device certificate fails, or if the sink is included in the exclusion target list or has been validated in the past. The predetermined communication procedure cannot be completed. The validation server 130 may check the NA flag of the source device certificate, and if the value is “0”, the source may be validated and the process may be interrupted.

  On the other hand, the validation server 130 continues the predetermined communication procedure when the authenticity of the source device certificate is successfully verified and the source is not in the exclusion list and has not been validated in the past. . That is, the validation server 130 transmits a message (message # 1) with a signature (signature # 1) to the validation device 111 (T310). Here, the validation server 130 sends a signature (signature # 1) to data obtained by concatenating the message (X's message # 1) and the random challenge (Y's random challenge) of the validation device 111 to the validation server. Calculation is performed using 130 secret keys. Since there is no message to be sent here, the message (X's message # 1) may be arbitrary data. On the other hand, the validation device 111 verifies the authenticity of the signed message (T311), and the authentication between the validation server 130 and the validation device 111 is completed.

  Following the transmission of the random challenge (T307), the Source transmits a signed message (Q's message with signature) to the validation device 111 as a response to the validation server 130 (T312). Since there is no particular message to be sent here, the message (Q's message) may be arbitrary data. When the authentication between the validation server 130 and the validation device 111 is completed (T311), the validation device 111 transfers the response from the source to the validation server 130 to the validation server 130 (T313). When the activation device 111 receives a response (Q's message with signature) from the source before the authentication with the validation server 130 is completed, the validation device 111 transfers the response to the validation server 130 when the authentication is successful. .

  In response to this, the validation server 130 verifies the authenticity of the signed message from the source (T314), and the validation of the source by the validation server 130 is completed. The completion of the source authentication by the validation server 130 corresponds to the completion of a predetermined communication procedure for the validation server 130. Accordingly, at T314, the validation server 130 prepares a new device certificate (Q's new Certificate) indicating that the copyright protection function is in a valid state (NA flag is negated).

  Then, the validation server 130 stores the new device certificate (Q's new Certificate) in the message of the response (X's message # 2) from the validation server 130 to the source, and passes through the validation device 111. Is transmitted to the source (T315). Here, the validation server 130 uses the signature (signature # 2) for the data concatenating the message (X's message # 2) and the random challenge (Q's random challenge) of the source to the secret of the validation server 130. Calculate using the key. In addition, the validation server 130 stores the device ID of the device certificate transmitted to the source as a past validation (history) (record Q's ID).

  The source verifies the authenticity of the signature attached to the message (X's message # 2) (T316). The authenticity of the signature can be verified by using the public key (Device Public Key) included in the device certificate of the validation server 130 and the random challenge (Q's random challenge) sent by itself.

  When the source successfully verifies the authenticity of the signature, the source is updated to a new device certificate (Replace Q's Cert that negates the NA flag) included in the received message (X's message # 2). ) To enable the copyright protection function. From then on, the use of a new device certificate will allow the source to successfully authenticate with any sink product.

  When the communication procedure shown in FIG. 3 is summarized, the source and the validation device 111 follow a general challenge / response authentication procedure, and if the authentication is successful, the validation device 111 sends a new device certificate to the source. A letter is sent. This communication procedure starts when a random challenge and a device certificate are sent from the validation device 111 to the validation server 130. The source device certificate includes an NA flag, and NA = 1 before validation. Note that communication devices other than the validation device 111 are designed to check the NA flag of the partner device certificate at the time of challenge / response authentication, and if the value is 1, the authentication is interrupted. When the source receives a random challenge and a device certificate from the validation device 111, the source performs challenge / response authentication with the validation server 130.

  Further, in any of the communication procedures shown in FIG. 2 and FIG. 3, when a sink or source that is in an initial invalid state authenticates with the validation server 130 via the validation device 111 and succeeds. It is common in that the copyright protection function can be used after updating the device certificate.

  Authentication is performed between the validation server 130 and the validation device 111, and between the validation server 130 and the product 120 (Sink, Source), but the two certifications need to be performed in cooperation and succeed together. is there. That is, the communication procedure can be completed only when all three devices are present.

  The validation server 130 may generate a new device certificate for Sink and Source, or may not have a secret key necessary for generating the device certificate, and may be another device (for example, a certificate authority). It is also possible to select and transmit a device certificate including the sink created in step 140) and the device ID for the source.

  For example, since an electronic signature of the certificate authority 140 is required, a new device certificate for Sink and Source cannot be generated in the validation server 130, or it can be created technically, but from the viewpoint of security. It is possible that this should not be done. For this reason, a new device certificate with a signature of the certificate authority 140 is created in advance, for example, when a device certificate with an NA flag of “1” is created. A device ID having the same device ID as the device certificate received from the source may be selected from the validation server 130 or another server and sent to the sink or source.

  FIG. 4 shows a challenge / response authentication procedure performed between the source and the sink. The illustrated procedure is basically executed according to a general challenge / response authentication procedure of DTCP. Further, the device certificate and signature authenticity verification method and signature calculation method are the same as those described in FIG.

  First, as an authentication request from Sink (P) to Source (Q), a random challenge (P's random challenge) generated by Sink and a device certificate (P's Certificate) are transmitted (T401).

  The source verifies the authenticity of the device certificate (P's Certificate) received from the sink (Verify P'Cert), and whether the device certificate has been updated to a valid state, that is, the NA flag is It is checked whether or not negated (NA = 0) (T402). This check is performed even when the device certificate is invalid.

  If the source fails to verify the authenticity of the sink device certificate or check the NA flag, the source aborts the processing and disables authentication with the sink. Therefore, a sink that has not been enabled cannot receive content from a legitimate source.

  On the other hand, if the authenticity verification of the sink device certificate and the NA flag check are both successful, the source generates a random challenge (Q's random challenge) and device certificate as a response to the challenge from the sink. (Q's Certificate) is transmitted to the validation device 111 (T403).

  The Sink verifies the authenticity of the device certificate (Q's Certificate) received from the source (Verify Q'Cert), and whether the device certificate has been updated to a valid state, that is, the NA flag is It is checked whether or not negated (NA = 0) (T404). This check is performed even when the device certificate is invalid.

  If the Sink fails to verify the authenticity of the source device certificate or check the NA flag, the sink aborts the processing and disables authentication with the source. Accordingly, the sink cannot receive content from a source that is not activated.

  In addition, following the transmission of the random challenge (T403), the Source transmits a signed message (Q's message with signature) to the Sink as a response to the Sink (T405).

  After verifying the authenticity of the signed message (T406), the sink generates a message with its own signature (P's message with signature) and sends it to the source (T407). On the other hand, the source verifies the authenticity of the signed message from the sink (T408), and the authentication between the source and the sink is completed.

For products manufactured and sold by legitimate licensees (Sink, Source), the NA flag of the device certificate of the other party is checked, and if the value is 1 (that is, the copyright protection function is disabled), authentication is suspended. Designed to be. Therefore, only the sink and the source whose copyright protection function is enabled can share the authentication key K _auth through the authentication procedure as shown in FIG.

If the authentication procedure is successful, the Source generates an exchange key K _x that becomes the seed of the content key K _c , encrypts it with the authentication key K _auth and sends it to the Sink. In each Source and Sink, by applying a predetermined arithmetic processing on the exchange key K _x, it is possible to generate a content key K _c which is used to encrypt content when the content transmission. Then, encrypted content transmission is started between the source and the sink using a protocol such as HTTP or RTP (not shown).

  FIG. 8 schematically shows a processing procedure executed by the communication device operating as the product 120 (Sink or Source) in the communication procedure shown in FIG. 2 or FIG.

  First, the product 120 exchanges a challenge with the validation server 130 via the validation device 111 (step S801). If the product 120 is a sink, it starts by sending a challenge to the enabling device 111 from itself, and if it is a source, it starts by receiving a challenge from the enabling device 111.

  Then, the product 120 verifies the authenticity and validity (that is, whether AID = 2) of the device certificate of the validation server 130 received by exchanging the challenge (step S802).

  If verification of the device certificate of the validation server 130 fails (No in step S803), the product 120 interrupts the process (Abort).

  If the verification of the device certificate of the validation server 130 is successful (Yes in step S803), the product 120 then exchanges a signed message with the validation server 130 via the validation device 111 (step S803). Step S804). Then, the product 120 verifies the authenticity of the signature attached to the message of the validation server 130 (Step S805).

  When the verification of the signature attached to the message of the validation server 130 fails (No in step S806), the product 120 interrupts the processing (Abort).

  On the other hand, if the verification of the signature attached to the message of the validation server 130 is successful (Yes in step S806), the authentication between the product 120 and the validation server 130 is completed, and the copyright protection function of the product 120 is activated. This corresponds to completion of a predetermined communication procedure for validation.

  After that, when the product 120 receives a new (NA = 0) device certificate from the validation server 130 (step S807), the product 120 becomes a valid state of the copyright protection function by replacing with the new certificate. . Thereafter, the product 120 can be successfully authenticated with any product by using the new device certificate.

  FIG. 9 schematically shows a processing procedure executed by the communication apparatus operating as the validation server 130 in the communication procedure shown in FIG. 2 or FIG.

  When the validation server 130 receives the authentication request from the validation device 111 (Yes in step S901), the validation server 130 starts exchanging a challenge with the validation device 111 (step S902).

  Then, the validation server 130 verifies the authenticity and correctness (that is, whether AID = 1) of the device certificate of the validation device 111 received by exchanging the challenge, and excludes the Tool ID of the validation device 111. It is checked whether it is not in the target list (step S903).

  If verification of the device certificate of the validation device 111 fails (No in step S904), the validation server 130 interrupts the process (Abort).

  If the validation of the device certificate of the validation device 111 is successful (Yes in step S904), the validation server 130 subsequently exchanges a signed message with the validation device 111, and in parallel therewith. Thus, a challenge exchange with the product 120 is also performed via the validation device 111 (step S905).

  Then, the validation server 130 verifies the authenticity of the signature attached to the message of the validation device 111, verifies the authenticity of the electronic certificate of the product 120, and the Device ID of the product 120 is the exclusion target list. A check is made to see if it has not entered (step S906).

  If these verifications fail (No in step S907), the validation server 130 interrupts the process (Abort).

  On the other hand, if these verifications are successful (Yes in step S907), the validation server 130 completes authentication with the validation device 111 and authentication with the product 120. This corresponds to completion of a predetermined communication procedure for enabling the copyright protection function of the product 120.

  Accordingly, the validation server 130 generates a new (NA = 0) device certificate for the product 120, or selects a device certificate (eg, having the same Device ID as the product) from those previously generated. (Step S908), a new device certificate is transmitted to the product 120 (Step S909).

  FIG. 10 schematically shows a processing procedure executed by the communication device operating as the enabling device 111 in the communication procedure shown in FIG. 2 or FIG.

  When the trigger for authentication with the validation server 130 occurs (Yes in step S1001), the validation device 111 starts exchanging a challenge with the validation server 130 (step S1002). When the product 120 is a sink, an authentication request from the sink is a trigger. Further, when the product 120 is a source, for example, an operation on the validation device 111 by an operator is a trigger.

  The validation device 111 verifies the authenticity of the device certificate of the validation server 130 received by exchanging the challenge (step S1003).

  If verification of the device certificate of the validation server 130 has failed (No in step S1004), the validation device 111 interrupts processing (Abort).

  If the verification of the device certificate of the validation server 130 is successful (Yes in step S1004), the validation device 111 subsequently exchanges a signed message with the validation server 130, and in parallel therewith. Then, the challenge / response between the validation server 130 and the product 120 is relayed (step S1005).

  Then, the validation device 111 verifies the authenticity of the signature attached to the message from the validation server 130 (step S1006).

  If the verification of the signature of the validation server 130 fails (No in step S1007), the validation device 111 interrupts the process (Abort).

  On the other hand, if the verification of the signature of the validation server 130 is successful (Yes in step S1007), the validation device 111 completes the validation of the validation server 130, and thereafter, between the validation server 130 and the product 120. The message is relayed (step S1008).

  FIG. 11 schematically illustrates a functional configuration of the communication device 1100 that operates as the validation server 130. The illustrated communication device 1100 includes an authentication unit 1101, a verification unit 1102, a certificate generation unit 1103, and a device certificate 1104 of the communication device 1100 itself.

  The authentication unit 1101 exchanges a challenge / response or signed message with the validation device 111 in accordance with a protocol defined by a copyright protection system such as DTCP. Further, the authentication unit 1101 performs authentication processing of the product 120 through message exchange with the validation device 111.

  The verification unit 1102 checks the authenticity and validity of the validation device 111 and the product based on information such as a device certificate and a signature acquired through message exchange by the authentication unit 1101.

  As described above, the device certificate of the validation device 111 includes a device certificate including information (that is, AID = 1) that identifies the valid validation device 111. Therefore, the verification unit 1102 can verify the validity based on the AID value of the device certificate of the validation device 111.

  Also, the verification unit 1102 checks whether the identification information (Tool ID, Device ID) included in the device certificate of the validation device 111 and the product 120 is included in the exclusion target list, and the validity of these devices To verify. The verification unit 1102 checks whether the product 120 has been validated in the past.

  When the verification by the verification unit 1102 succeeds, the certificate generation unit 1103 generates a device certificate indicating that the copyright protection function is valid, and transmits the device certificate to the product 120. Alternatively, the certificate generation unit 1103 does not generate a device certificate in the communication apparatus 1100, but selects a device certificate (for example, having the same Device ID as the product) from those generated in advance. You may make it transmit to 120.

  The device certificate 1104 possessed by the communication device 1100 as the validation server 130 includes information (that is, AID = 2) for identifying that it has the authority to validate the copyright protection function of the product 120. The device certificate 1104 includes information (that is, NA = 0) indicating that the copyright protection function is valid.

  FIG. 12 schematically illustrates a functional configuration of the communication device 1200 that operates as the validation device 111. The illustrated communication device includes an authentication unit 1201, a relay unit 1202, a device certificate 1203 of the communication device 1200 itself, and a verification unit 1204. These functional modules 1201 to 1203 are all mounted in a chip or a circuit module corresponding to the copyright protection system 100, for example.

  The authentication unit 1201 exchanges a challenge / response or signed message with the validation server 130 according to a protocol defined by a copyright protection system such as DTCP. The verification unit 1204 checks the authenticity of the validation device 111 based on information such as a device certificate and a signature acquired through message exchange by the authentication unit 1201.

  The relay unit 1202 transfers a challenge-response and a signed message between the validation server 130 and the product 120 after the authentication unit 1201 completes authentication with the validation server 130.

  As described above, the communication device 1200 device certificate 1203 as the validating device 111 includes a device certificate including information identifying the valid validating device 111 (ie, AID = 1). Yes. Therefore, the validation server 130 can verify the validity based on the AID value of the device certificate included in the challenge / response received from the validation device 111.

  FIG. 13 schematically illustrates a functional configuration of a communication device 1300 that operates as a product 120 such as Sink or Source. The illustrated communication apparatus 1300 includes an authentication unit 1301, a verification unit 1302, a certificate update unit 13034, and a device certificate 1304. These functional modules 1301 to 13043 are all mounted in a chip or circuit module corresponding to the copyright protection system 100, for example. Note that the communication apparatus 1300 also includes a functional module that encrypts and transmits content, but is not shown here for the sake of convenience, and detailed description thereof is omitted.

  The authentication unit 1301 exchanges a challenge-response or signed message with the validation server 130 through the validation device 111 according to a protocol defined by a copyright protection system such as DTCP.

  The verification unit 1302 checks the authenticity and validity of the validation server 130 based on information such as a device certificate and a signature acquired through message exchange by the authentication unit 1201.

  As described above, the device certificate of the activation server 130 includes a device certificate including information (that is, AID = 2) for identifying that it has the authority to enable the copyright protection function of the product 120. Yes. Therefore, the verification unit 1302 can verify the validity based on the value of the AID of the device certificate of the validation server 130.

  The device certificate 1304 of the communication device 1300 as the product 120 includes information (that is, AID = 0) that identifies the product 120 (in other words, a control target of the copyright protection function). The device certificate 1304 in the initial state includes information (that is, NA = 1) indicating that the copyright protection function is invalid.

  When the certificate update unit 1303 receives a device certificate indicating that the copyright protection function is valid (ie, NA = 0) from the validation server 130 when the verification by the verification unit 1302 is successful, The certificate 1304 is replaced with this. Thereafter, the product 120 is successfully authenticated with any other product by using the new device certificate.

  As described above, the technology disclosed in this specification has been described in detail with reference to specific embodiments. However, it is obvious that those skilled in the art can make modifications and substitutions of the embodiments without departing from the scope of the technology disclosed in this specification.

  For example, an operation in which the validation server and the validation device in the present invention are integrated is also considered as an application example. In addition, an application example in which a new device certificate is installed in the product in a state of being encrypted in advance and the new device certificate is decrypted and updated using key information supplied by the validation server is also conceivable. .

  In the present specification, the embodiment in which the technology disclosed in the present specification is applied to a network of the DTCP specification has been mainly described. However, the gist of the technology disclosed in the present specification is not limited to this.

  Although the present specification has mainly described the embodiment in which the copyright protection function of the product is controlled by updating the device certificate of the product from the invalid state to the valid state, the product copyright has been described by other methods. The rights protection function can also be controlled.

  In short, although the technology disclosed in the present specification has been described in the form of exemplification, the description content of the present specification should not be interpreted in a limited manner. In order to determine the gist of the technology disclosed in this specification, the claims should be taken into consideration.

Note that the technology disclosed in the present specification can also be configured as follows.
(1) A communication device that enables a product whose copyright protection function is in an invalid state by completing a predetermined communication procedure with a predetermined device.
(2) an authentication unit that authenticates with the predetermined device;
A verification unit that verifies the predetermined device and the product based on information received by the authentication unit;
Based on the verification result by the verification unit, an enabling unit for bringing the product into an enabled state;
The communication device according to (1), comprising:
(3) The predetermined device includes a device certificate including information for identifying the predetermined device,
The verification unit verifies validity of the predetermined device based on the information of the device certificate of the predetermined device;
The communication device according to (2) above.
(4) The verification unit checks whether the predetermined device is in the exclusion target list,
The communication device according to (2) above.
(5) the product is connected to the predetermined device;
The authentication unit performs an authentication process of the product through the predetermined device.
The communication device according to (2) above.
(6) The verification unit checks whether or not the product is in the exclusion target list.
The communication device according to (5) above.
(7) The verification unit checks whether the product has been activated in the past.
The communication device according to (5) above.
(8) When the verification by the verification unit is successful, the validation unit gives a device certificate indicating that the copyright protection function is valid to the product.
The communication device according to (2) above.
(9) The apparatus further includes a device certificate including information identifying that the product has an authority to enable a copyright protection function of the product.
The communication device according to (2) above.
(10) a first step of performing a predetermined communication procedure with a predetermined device;
A second step of enabling a product whose copyright protection function is in an invalid state upon completion of the predetermined communication procedure;
A communication method.
(11) A communication device that communicates with the communication device according to (1) and the product and executes the predetermined communication procedure as the predetermined device.
(12) An authentication unit that performs authentication with the communication device according to (1),
A relay unit that relays between the communication device according to (1) and the product;
The communication device according to (11), comprising:
(13) After the authentication by the authentication unit is completed, the relay unit transfers a challenge and a signed message between the communication device according to claim 1 and the product.
The communication device according to (12) above.
(14) A device certificate including information for identifying the predetermined device is further provided.
The communication device according to (12) above.
(15) A first step of communicating with the communication device according to claim 1 and the product and executing the predetermined communication procedure as the predetermined device;
A second step of enabling a product whose copyright protection function is in an invalid state upon completion of the predetermined communication procedure;
A communication method.
(16) A communication device that validates an invalid copyright protection function by completing a predetermined communication procedure with a predetermined device.
(17) The communication device according to (1) above and an authentication unit that performs authentication via the predetermined device;
A verification unit that verifies the communication device according to claim 1, based on information received by the authentication unit;
Based on the verification result by the verification unit, an activation unit that activates the copyright protection function;
The communication device according to (16), comprising:
(18) The communication device according to (1) includes a device certificate that includes information identifying that the copyright protection function is authorized.
The verification unit verifies the validity of the communication device according to (1) based on the information of the device certificate of the communication device according to (1).
The communication device according to (17) above.
(19) A device certificate indicating that the copyright protection function is invalid in the initial state,
When the verification by the verification unit is successful, the validation unit receives and replaces the device certificate indicating that the copyright protection function is valid from the communication device described in (1) above.
The communication device according to (17) above.
(20) a first step of performing a predetermined communication procedure with a predetermined device;
A second step of enabling an invalid copyright protection function upon completion of the predetermined communication procedure;
A communication method.

DESCRIPTION OF SYMBOLS 100 ... Copyright protection system, 110 ... Factory, 111 ... Validation apparatus 120 ... Product, 130 ... Validation server, 140 ... Certification authority 1100 ... Communication apparatus (validation server), 1101 ... Authentication part 1102 ... Verification part, 1103 ... Certificate generation unit, 1104 ... Device certificate 1200 ... Communication device (validation device), 1201 ... Authentication unit 1202 ... Relay unit, 1203 ... Device certificate, 1204 ... Verification unit 1300 ... Communication device (product), 1301 ... Authentication unit 1302 ... verification unit, 1303 ... certificate update unit, 1304 ... device certificate

Claims (20)

  A communication device that enables a product whose copyright protection function is in an invalid state by completing a predetermined communication procedure with a predetermined device. An authentication unit for authenticating with the predetermined device;
A verification unit that verifies the predetermined device and the product based on information received by the authentication unit;
Based on the verification result by the verification unit, an enabling unit for bringing the product into an enabled state;
The communication apparatus according to claim 1, comprising: The predetermined device includes a device certificate including information for identifying the predetermined device,
The verification unit verifies validity of the predetermined device based on the information of the device certificate of the predetermined device;
The communication apparatus according to claim 2. The verification unit checks whether the predetermined device is in the exclusion target list;
The communication apparatus according to claim 2. The product is connected to the predetermined device;
The authentication unit performs an authentication process of the product through the predetermined device.
The communication apparatus according to claim 2. The verification unit checks whether the product is in the exclusion list;
The communication device according to claim 5. The verification unit checks whether the product has been activated in the past,
The communication device according to claim 5. When the verification by the verification unit is successful, the validation unit gives a device certificate indicating that the copyright protection function is valid to the product,
The communication apparatus according to claim 2. A device certificate including information identifying that the product has the right to enable the copyright protection function of the product;
The communication apparatus according to claim 2. A first step of performing a predetermined communication procedure with a predetermined device;
A second step of enabling a product whose copyright protection function is in an invalid state upon completion of the predetermined communication procedure;
A communication method.   A communication apparatus that communicates with the communication apparatus according to claim 1 and the product and executes the predetermined communication procedure as the predetermined apparatus. An authentication unit that performs authentication with the communication device according to claim 1;
A relay unit that relays between the communication device according to claim 1 and the product;
The communication apparatus according to claim 11, comprising: The relay unit performs a challenge between the communication device according to claim 1 and the product and transfers a signed message after authentication by the authentication unit is completed.
The communication device according to claim 12. A device certificate including information for identifying the predetermined device;
The communication device according to claim 12. A first step of communicating with the communication device according to claim 1 and the product and executing the predetermined communication procedure as the predetermined device;
A second step of enabling a product whose copyright protection function is in an invalid state upon completion of the predetermined communication procedure;
A communication method.   A communication apparatus that validates an invalid copyright protection function by completing a predetermined communication procedure with a predetermined apparatus. An authentication unit that performs authentication via the communication device according to claim 1 and the predetermined device;
A verification unit that verifies the communication device according to claim 1, based on information received by the authentication unit;
Based on the verification result by the verification unit, an activation unit that activates the copyright protection function;
The communication apparatus according to claim 16, comprising: The communication device according to claim 1 includes a device certificate including information for identifying having the authority to enable the copyright protection function,
The verification unit verifies the validity of the communication device according to claim 1 based on the information of the device certificate of the communication device according to claim 1.
The communication device according to claim 17. In the initial state, it has a device certificate indicating that the copyright protection function is disabled,
When the verification by the verification unit is successful, the validation unit receives and replaces the device certificate indicating that the copyright protection function is valid from the communication device according to claim 1;
The communication device according to claim 17. A first step of performing a predetermined communication procedure with a predetermined device;
A second step of enabling an invalid copyright protection function upon completion of the predetermined communication procedure;
A communication method.