JPH11283327A - Information recording device and information reproducing device and accounting device and judging device and updating device and information utilizing device and key distributing device and recording medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an information recording and reproducing device capable of constructing the utilization environment of digital information which assumes the protection of copyrights by acountings with respect to the utilization of the digital information easily. SOLUTION: An information recording device 1001 generates license information by ciphering contents information and by ciphering a utilizing condition to be referred in order to limit the utilization of the contents information and a decoding key decoding the ciphered contents information to record the ciphered contents information and the generated license information on a recording medium. An information reproducing device 1011 decodes the license information recorded on the recording medium by using a second decoding key for decoding the license information and judges whether the utilization of the contents information is possible or not based on the utilizing condition to be included in the decoded license information and when the utilization of the information is judged to be possible, the device 1011 decodes the ciphered contents information recorded on the recording medium by using a first decoding key to be included in the decoded license information.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an information recording / reproducing apparatus which charges for the use of information recorded on a recording medium such as a DVD or distributed via a network or broadcast. Related to an information distribution system.

In particular, the present invention relates to an information recording apparatus for recording information on a recording medium such as a DVD and an information reproducing apparatus for reproducing information recorded on a recording medium such as a DVD.

[0003]

2. Description of the Related Art In recent years, digital information processing technology and communication technology such as broadband ISDN have been developed, and advanced information recording media, such as DVDs, for realizing large capacity, high image quality, and high sound quality have been developed. With the diversification and sophistication of such information transmission means, digitalized works and the like are distributed in large quantities to users via networks, recording media, etc., and users can freely distribute them. A usable environment is being created. Such an environment increases the chances of unauthorized duplication, unauthorized modification, and unintended distribution of the copyrighted work, and does not unduly harm the owner of the copyrighted work. That raises concerns.

[0004] In order to eliminate the concerns of the copyright holders of such works, the works can be distributed quickly and easily and digitized works can be provided, and a digital information use environment that can properly use them can be provided. The development of a system that assumes the protection of rights will be an important issue in the future.

[0005] DVD is a large-capacity personal computer medium replacing CD-ROM, and can be expected to spread to various uses such as movies, music, games, and karaoke. It is expected that DVD title prices will be kept low and the rental DVD market will expand. Accordingly, from such a viewpoint, information based on the idea of protecting copyright of information based on the idea of charging for use rather than possession of a digitized work recorded on a recording medium such as a DVD. Distribution system is indispensable.

[0006]

SUMMARY OF THE INVENTION Accordingly, the present invention provides an information distribution system for quickly and easily distributing digitized works and providing a digital information use environment on the premise of copyright protection. It is an object of the present invention to provide an information recording device, an information reproducing device, and a billing device for construction. That is, a digitalized work distributed through a network or a recording medium is quickly and easily distributed, and a digital information use environment is constructed on the premise of protecting copyright by charging for the use of digital information. Recording apparatus for reproducing the recorded information, and a charging apparatus for using the information.

[0007]

Means for Solving the Problems (First Embodiment) (1) An information recording apparatus of the present invention (Claim 1) uses an encrypting means for encrypting content information and at least a use of the content information. License information generating means for generating encrypted license information including a use condition for restriction and a decryption key for decrypting the content information; content information encrypted by the encryption means; and the license information generating means Recording means for recording, on a recording medium, the license information generated in step (a).

Further, the information reproducing apparatus of the present invention (Claim 4)
Recorded encrypted content information and encrypted license information including at least usage conditions for restricting use of the content information and first key information for decrypting the content information. In an information reproducing apparatus for reproducing the content information from a recording medium, storage means for storing second key information for decoding the license information, and using the second key information stored in the storage means First decrypting means for decrypting the license information recorded on the recording medium, and determining whether or not the content information can be used based on a use condition included in the license information decrypted by the first decrypting means. Means, and the license information decrypted by the first decryption means when the determination means determines that the use of the content information is possible. A second decoding means for decoding the contents information recorded on the recording medium using the first key information included, comprises a.

According to the information recording apparatus of the present invention, the encrypted content information is recorded on a recording medium such that the use condition of the content information becomes inseparable. In order to reproduce content information recorded on such a recording medium, only an information reproducing apparatus having a valid decryption key for decrypting license information can be used. Since the use of the content information is determined with reference to the usage conditions to be used, it is impossible to use the content information under the illegal usage conditions. Therefore, digital information premised on protection of the copyright of the content information can be quickly and easily distributed.

(2) Further, the information recording apparatus of the present invention (claim 2) comprises a separating means for separating a part of the information from the content information, and at least the partial information separated by the separating means. License information generating means for generating encrypted license information including usage conditions for restricting use of the content information, and the license information generated by the license information generating means and another part of the content information Recording means for recording the information on a recording medium.

[0011] An information reproducing apparatus according to the present invention (Claim 5) is an encrypted information reproducing apparatus that includes a part of content information, at least a use condition for restricting use of the content information, and another part of the content information. In an information reproducing apparatus for reproducing the content information from a recording medium on which the license information is recorded, a storage unit for storing key information for decrypting the license information, and using the key information stored in the storage unit. Decryption means for decrypting license information recorded on the recording medium; determination means for determining whether or not the content information can be used based on usage conditions included in the license information decrypted by the decryption means; When it is determined that the use of the content information is possible, the content included in the license information decrypted by the decryption means is used. Comprising a part of the tool information, and a reproduction means for reproducing the content information and a portion synthesized and the contents information recorded on the recording medium.

According to the information recording apparatus of the present invention, the content information is recorded on the recording medium such that the use condition of the content information is inseparable. In order to reproduce content information recorded on such a recording medium, only an information reproducing apparatus having a valid decryption key for decrypting license information can be used. Since the use of the content information is determined with reference to the usage conditions to be used, it is impossible to use the content information under the illegal usage conditions. Therefore, digital information premised on protection of the copyright of the content information can be quickly and easily distributed.

(3) The information recording apparatus of the present invention (claim 3) is a recording information for generating encrypted recording information including content information and at least a use condition for restricting use of the content information. A recording unit that records the recording information generated by the recording information generating unit on a recording medium.

[0014] An information reproducing apparatus according to the present invention is characterized in that the content reproduction apparatus includes a recording medium on which encrypted recording information including at least content information and usage conditions for restricting the use of the content information is recorded. In an information reproducing apparatus for reproducing information, storage means for storing key information for decoding the recorded information, and recording information recorded on the recording medium using the key information stored in the storage means. Decoding means for decoding; determining means for determining whether or not the content information can be used based on usage conditions included in the recording information decrypted by the decoding means; and determining that the content information can be used by the determining means. Reproducing means for reproducing the content information decrypted by the decrypting means.

According to the information recording apparatus of the present invention, the content information is recorded on the recording medium such that the use condition of the content information is inseparable. In order to reproduce content information recorded on such a recording medium, only an information reproducing apparatus having a valid decryption key for decrypting the recorded information can be used. Therefore, it is impossible to use the content information under an illegal use condition because the use of the content information is determined.
Therefore, digital information premised on protection of the copyright of the content information can be quickly and easily distributed.

(4) Billing device of the present invention (Claim 15)
A charging device for charging for the use of the content information recorded on the recording medium, input means for inputting a use condition of the content information recorded on the recording medium; and Request means for requesting payment of a fee for use of the content information, and when payment of the fee is confirmed in response to the request,
Recording means for recording, on the recording medium, license information including at least the usage condition input by the input means, whereby the license information including the content information and the usage condition for restricting the use thereof is recorded. Appropriate charging for the use of the content information can be performed on the medium, and digital information can be quickly and easily distributed on the premise of protecting the copyright of the content information.

(5) Billing device of the present invention (Claim 16)
In a charging apparatus for charging the use of the content information via a recording medium on which content information and at least encrypted license information including a use condition for restricting the use of the content information are recorded, Input means for inputting the encrypted license information recorded on the recording medium, decoding means for decoding the encrypted license information input by the input means, and usage conditions for using the content information Requesting means for requesting payment of a fee for the use of the content information based on the use condition input by the use condition input means, and the payment of the fee was confirmed in response to the request. When the license information decrypted by the decryption unit based on the usage condition input by the usage condition input unit, Updating means for updating the license information updated by the updating means; and output means for outputting the license information encrypted by the encrypting means. Appropriate charging for the use of the content information can be performed on the recording medium on which the license information including the usage conditions for restricting the use is recorded, and digital information based on the protection of the copyright of the content information can be quickly and easily stored. Can be distributed. (2nd Embodiment) (6) The determination apparatus of this invention (Claim 17, Claim 18,
49. The decryption unit A), wherein the content is based on the encrypted license information including at least usage conditions for restricting use of the content information and first key information for decrypting the content information. A determining device for determining whether or not the information can be used; a key generating unit configured to generate second key information for decrypting the license information at predetermined time intervals; and the key generating unit Decryption means for decrypting using the generated second key information, determination means for determining whether or not the content information can be used based on usage conditions included in the license information decrypted by the decryption means; When it is determined that the content information can be used, the first key information included in the license information decrypted by the decryption means is output. Comprising a means, a.

According to the present invention, a secret key (second key information) for decrypting the license information is generated at predetermined timing in the decryption unit A, and is used only for a predetermined period. Therefore, the information security of the license information including the use condition of the content information and the decryption key of the content information can be improved.

(7) The determination device of the present invention (claim 19,
Claim 20: The decryption unit B) includes at least a use condition for restricting use of the content information, encrypted first key information for decrypting the content information, and the encrypted first key. A first key generation information necessary for generating second key information for decrypting information; and a determination device for determining whether or not the content information can be used, based on the encrypted license information including the first key generation information. Decryption means for decrypting the license information; determination means for determining whether or not the content information can be used based on usage conditions included in the license information decrypted by the decryption means; An output for outputting encrypted first key information and first key generation information included in the license information decrypted by the decryption means when it is determined that the license information is possible; It includes a stage, a.

According to the present invention, since the first key information for decrypting the content information remains encrypted in the decryption unit B, the information security of the decryption key information of the content information can be improved.

(8) The determination apparatus of the present invention (claim 21,
Claim 22 and Claim 50: The decryption unit C) includes at least a use condition for restricting use of the content information, an encrypted first key information for decrypting the content information, and the encrypted key information. Based on the encrypted license information including first key generation information necessary for generating second key information for decrypting the first key information, it is determined whether the content information can be used. A key generation unit configured to generate third key information for decrypting the license information at predetermined time intervals; and a third key generated by the key generation unit.
Decryption means for decrypting the content information using the key information of the content information; determining means for determining whether or not the content information can be used based on usage conditions included in the license information decrypted by the decryption means; Output means for outputting encrypted first key information and first key generation information included in the license information decrypted by the decryption means when it is determined that use is possible.

According to the present invention, a secret key (third key information) for decrypting license information is generated at predetermined timing in the decryption unit C, and is used only for a predetermined period. Therefore, the information security of the license information including the use condition of the content information and the decryption key of the content information can be improved. Further, since the first key information for decrypting the content information remains encrypted in the decryption unit C, the information security of the decryption key information can be improved.

(9) The determination device of the present invention (claim 23,
Claim 24: The decoding unit D, the decoding unit D ')
At least use conditions for restricting use of content information and first key information for decrypting the content information are encrypted with second key information, and at least the second key information is generated. A determination device that determines whether or not the content information can be used based on license information including key generation information necessary for generating the second key information based on the key generation information included in the input license information. Key generating means, a decrypting means for decrypting the use condition and the first key information included in the license information using the second key information generated by the key generating means, and a decrypting means for decrypting the first key information. Determining means for determining whether or not the content information can be used based on the usage conditions, and when the determining means determines that the use of the content information is possible,
Output means for outputting the first key information decrypted by the decryption means.

According to the present invention, the first key information for decrypting the encrypted part of the license information (an important information part requiring security measures) is used when decrypting the encrypted part.
Since it is generated each time and can be deleted from the memory after decryption, the first key information is not held in the decryption units D and D '. Therefore, security of important information such as usage conditions and first key information for decrypting the content information (information that is known to a third party and should not be used illegally) can be improved.

Further, since the first key information (K _AB ) is different every time the license information is updated, the influence of the first key information being exposed is reduced. In addition, shared key cryptography, which is much faster than public key cryptography, can be used, so even if the data size of the additional information is increased, it can be decrypted in real time and reflect the availability of the content based on the usage conditions included in the license information There is an advantage that can be performed.

(10) The updating device of the present invention (claim 2)
5: The license information updating device corresponding to the decryption unit A) is a license information encrypted with a public key including at least usage conditions for restricting use of the content information and key information for decrypting the content information. When a request for updating the license information is received from a determination device that determines whether or not the content information can be used based on the request, at least a newly specified use condition and an updated public key are notified, An update apparatus for updating the license information based on the updated public key with the notified public key.

According to the present invention, when updating license information, there is no need to notify a content decryption key, and it is possible to update license information while ensuring information security.

(11) The updating apparatus of the present invention (Claim 2)
6: The license information updating device corresponding to the decryption unit B) includes at least a use condition for restricting use of the content information, an encrypted first key information for decrypting the content information, and the encrypted key information. Determining a use of the content information based on encrypted license information including first key generation information necessary for generating second key information for decrypting the first key information From at least the newly specified use condition and the second
An update device that, when notified of second key generation information necessary to generate the key information and receives a request for updating the license information, updates the license information based on the request; The use condition and the first key generation information are updated, and the second key information is updated based on the updated first key generation information and the second key generation information. The first key information is encrypted with second key information, and at least the updated use condition, the first key information encrypted with the updated second key information, and the updated first key information are encrypted. And generating encrypted license information including the first key generation information.

According to the present invention, when updating license information, there is no need to notify a content decryption key, and it is possible to update license information while ensuring information security.

(12) The updating apparatus of the present invention (Claim 2)
7: The license information updating device corresponding to the decryption unit C) includes at least a usage condition for restricting use of the content information, an encrypted first key information for decrypting the content information, and the encrypted key information. Determining whether the content information can be used based on license information encrypted with a public key including first key generation information necessary for generating second key information for decrypting the first key information. At least the newly specified use condition, the second key generation information required to generate the second key information, and the updated public key are notified from the determination device that performs the update of the license information. An update device that, upon receiving a request, updates the license information based on the request, the update device updating the usage condition and the first key generation information, and updating the updated first key generation information.
Updating the second key information based on the key generation information and the second key generation information, encrypting the first key information with the updated second key information, and updating at least the updated key information. License information including the usage condition, the first key information encrypted with the updated second key information, and the updated first key generation information, and generating the generated license information. It is characterized by encrypting with the notified public key.

According to the present invention, when updating license information, there is no need to notify a content decryption key, and license information can be updated while ensuring information security.

(13) The updating apparatus of the present invention (claim 28:
The license information updating device corresponding to the decryption units D and D ') uses the second key information to convert at least the usage conditions for restricting the use of the content information and the first key information for decrypting the content information. A determination device that determines whether or not the content information can be used based on license information that includes the encrypted content and at least two key generation information necessary to generate the second key information; When one of the key generation information or one of the key generation information updated and the newly specified use condition are notified and a request for updating the license information is received, the license information is updated based on the request. An update device for updating the usage condition and the other key generation information, and updating the other key generation information and the notified one key generation information. Updating the second key information based on the above, and encrypting at least the updated usage conditions and the first key information with the updated second key information;
License information including at least one of the notified key generation information and the updated other key generation information is generated.

According to the present invention, when updating license information, there is no need to notify a content decryption key, and license information with information security can be updated.

(14) Information Utilization Apparatus of the Present Invention (Claim 29: Information Utilization Apparatus Corresponding to Decoding Units B and C)
Are encrypted first key information for decrypting the encrypted content information and a second key information for decrypting the first key information.
The first key generation information necessary for generating the key information is input, and the information using apparatus that decrypts and uses the content information is used to decrypt the first key information.
Holding the second key generation information necessary to generate the key information of the first key generation information, and generating the second key information based on the second key generation information and the input first key generation information. And decrypting the encrypted content information by using the generated second key information.

According to the present invention, since the decryption key (first key information) of the content information is input to the information utilizing device while being encrypted, the device for outputting the first key information (the decryption unit B, The information security between C) and the information using device can be improved. (Third Embodiment) (15) An information utilizing apparatus (Claim 30) of the present invention uses encrypted content information recorded on a recording medium at least using the content information stored in the recording medium. Measuring means for measuring the date and time in an information using apparatus for decrypting and using based on the encrypted license information including the use condition for restricting the content information and the first key information for decrypting the content information; Determining means for determining whether the content information can be used based on the date and time measured by the measuring means and the license information recorded on the recording medium; and when the determining means determines that the content information can be used. Decrypting means for decrypting the content information recorded on the recording medium using the first key information output from the determining means. And information for notifying the date and time to the determination means from the means,
The first key information output from the determination unit to the decryption unit is encrypted.

According to the present invention, it is possible to improve the security of information passed between the functional units (measuring means, determining means, decoding means) in the information generating apparatus.

(16) The determination device of the present invention (Claim 4)
2) records encrypted content information, and encrypted license information including at least usage conditions for restricting use of the content information and first key information for decrypting the content information. Said encrypted license information read from the recorded recording medium,
A determination device that inputs encrypted date and time information for notifying date and time and determines whether the content information can be used, and a first decryption unit that decrypts the encrypted license information. A second decryption unit for decrypting the encrypted date and time information, a determination unit for determining whether the content information can be used based on the information decrypted by the first and second decryption units, Output means for encrypting and outputting the first key information when it is determined that the content information can be used, and comprising a portable recording medium having an arithmetic function. I do.

When the determination device of the present invention is used by attaching it to a personal computer, for example, the security of information input or output to the determination device can be improved. (Fourth embodiment) (17) (Claim 51) Claims 17, 19, 21, 2
25. The determination device according to claim 3, wherein the license information decrypted by the decryption unit includes authentication information for determining whether the decryption result is correct, and the license information is decrypted as time passes. Even in a situation where a number of activation keys are generated, it can be easily determined whether or not the license information has been decrypted with one of the correct decryption keys.

(18) The determination device of the present invention (Claim 5)
2) At least a use condition for restricting use of content information and a first condition for decoding the content information.
A first key generation unit that broadcasts and distributes second key information for decrypting the license information in a determination device that determines whether the content information can be used based on the encrypted license information including the key information Key generating means for generating the license information based on the information; decryption means for decrypting the input license information by using the second key information generated by the key generating means; and a license information decrypted by the decryption means. Determining means for determining whether or not the content information can be used based on usage conditions to be used, and a first information included in the license information decrypted by the decrypting means when the determining means determines that the content information can be used. Output means for outputting the key information of the encrypted license information, the seed information required to generate the decryption key (second key information) of the encrypted license information. Since (first key generation information) is broadcast distribution, easily update the decryption key of the encrypted license information. (Fifth Embodiment) (19) The key distribution device (Claim 55) of the present invention stores first key information necessary for decrypting encrypted content information recorded on a recording medium in the content. In a key distribution device for distributing information to an information utilizing device, a first storage means for storing a first secret parameter shared with the information utilizing device, and a first storage parameter stored in the first storage means. First key generation means for generating second key information based on the obtained first secret parameter and a first public parameter exchanged with the information use apparatus, and at least the first key information Encryption means for encrypting the encrypted first encryption information including the second key information generated by the first key generation means, and at least the first encryption information encrypted by the encryption means. The second encrypted information including the encrypted information is And a distributing means for distributing the information to the information using device, the disc key (first key information) necessary for decrypting the content information can be transmitted from its distributing source (a license creating device as a key distributing device, a license generating device). Injection device) to distribution destination (card adapter, player as information utilization device)
With this, the public parameters that can be published generated from the secret parameters shared by both parties are conveyed, and key distribution is achieved with their own secret parameters and public parameters from the other party, so they may be eavesdropped. Key distribution can be performed safely even on an insecure communication channel.

(20) The judgment apparatus of the present invention (claim 61)
Determines whether the content information can be used based on encrypted license information including at least usage conditions for restricting use of the content information and first key information for decrypting the content information. A first storage unit configured to store a first secret parameter shared with the license information distribution device;
First key generation means for generating second key information based on the first secret parameter stored in the first storage means and the first public parameter exchanged between the distribution device; First decryption means for decrypting the received encrypted license information with the second key information generated by the first key generation means, and license information included in the license information decrypted by the first decryption means Determining means for determining whether or not the content information can be used based on the usage conditions to be used, and when the determining means determines that the content information can be used,
Output means for outputting first key information included in the license information decrypted by the decryption means, thereby distributing a disk key (first key information) necessary for decrypting the content information. The public parameters generated from the secret parameters shared with the source (license creating device and license injecting device as the distribution device) may be transmitted, and their own secret parameters and the public parameters from the distribution source are communicated. As a result, the first key information can be safely received even on an insecure communication channel that may be eavesdropped.

(21) The information use apparatus of the present invention (Claim 66) is an encryption apparatus including at least a use condition for restricting use of content information and first key information for decrypting the content information. An information use device that decrypts and uses the content information based on the received license information, a first storage unit that stores a first secret parameter shared with the license information distribution device, First key generation means for generating second key information based on the first secret parameter stored in the first storage means and the first public parameter exchanged between the distribution apparatus; First decryption means for decrypting the encrypted license information with second key information generated by the first key generation means, and license information decrypted by the first decryption means Determining means for determining whether or not the content information can be used based on usage conditions included in the license information decrypted by the decrypting means when the determining means determines that the content information can be used The content information is decrypted using first key information.

According to the present invention, the secret shared with the distribution source (license creation device and license injection device as the distribution device) of the disk key (first key information) necessary for decrypting the content information. Communicate public parameters that can be published generated from parameters,
Since key distribution is achieved by the secret parameter of the user and the public parameter from the distributor, the first key information can be safely received even on an insecure communication channel that may be eavesdropped.

(22) The recording medium of the present invention (claim 7)
0, 71) has an arithmetic function in which encrypted license information including at least usage conditions for restricting use of content information and first key information for decoding the content information is recorded. A recording medium, wherein a first secret parameter shared between the license information recording device and a license information and a determination device for determining whether or not the content information can be used based on the license information (or the content information A second secret parameter shared between the first secret parameter and the second secret parameter shared between the
Storage means, and a second means for storing identification information given in advance.
Storage means, and a first secret parameter exchanged between the first secret parameter stored in the first storage means and the recording device.
First key generating means for generating second key information based on the public parameters of the first key generating means, and a first key generating means for encrypting the identification information using the second key information generated by the first key generating means. And a third key based on a second secret parameter stored in the first storage means and a second public parameter exchanged between the determination device (or the information use device). Second key generation means for generating information; second encryption means for encrypting the identification information using the third key information generated by the second key generation means; Transmission means for transmitting the identification information encrypted by the second encryption means to the recording device and the determination device (or the information utilization device), thereby providing a disk key necessary for decrypting the content information. (First key information) The recording medium distributed from the source (license injection device as a recording device) to the distribution destination (card adapter or player as the determination device (or information utilization device)) transmits the identification information between the distribution source and the distribution destination. It is an insecure communication channel that may be eavesdropped because it communicates public parameters that can be published generated from secret parameters shared by and communicates with its own secret parameters and public parameters from the other party. Can safely distribute the identification information and can recognize between the distribution source and the distribution destination that only the recording medium having the identification information is a valid recording medium for distributing the disc key (for example, By including the identification information of the recording medium in the license information at the distribution source, the license License determination is performed when the identification information included in the license information matches the identification information of the recording medium on which the license information is recorded), and the disk key is safely transferred between the two via the recording medium it can.

[0044]

Embodiments of the present invention will be described below with reference to the drawings. (First Embodiment) First, an overall information distribution system using an information recording apparatus and an information reproducing apparatus according to a first embodiment of the present invention will be schematically described.

FIG. 53 shows an example of the configuration of an information distribution system using the information recording device and the information reproducing device according to the present invention. In FIG. 53, a license information generation unit 1002,
The information recording unit 1003 is equivalent to the license information generation unit and the information recording unit shown in FIG. 1, FIG. 3, FIG.
9, and is equivalent to the decoding unit shown in FIG. The reproducing unit 1014 and the reading unit 1012 are also equivalent to the reproducing unit and the reading unit of the information reproducing device shown in FIG.

The operation of the entire system shown in FIG.
A brief description will be given. The billing target information is encrypted with the encryption key ke (1) ([billing target information] ke
(1)). First, the decryption key kd (1) of the chargeable information and the usage conditions such as the expiration date are input to the license information generation unit 1002 (steps S701 and S702).

The license information generation unit 1002 calculates the composite key k
After merging d (1) with the usage rule, the license information is encrypted with the encryption key ke to generate license information, and is sent to the information recording unit 1003 (step S703). On the other hand, the encrypted charging target information is also input to the information recording unit 1003 (step S704), and is recorded in the information storage unit 1004 together with the license information (step S705).

The information storage unit 1004 is a medium such as a DVD-ROM, a DVD-RAM, and a hard disk.
The information recorded on this medium is transferred to another medium (that is, the information storage unit 1015) directly or through broadcasting, the Internet, or the like.
The data is read out by the 11 reading units 1012 (step S706). The read license information is sent to the decryption unit 1013 (Step S707). The decryption unit 1013 calculates the decryption key kd for the encryption key ke.
The license information is decrypted, and the decryption key kd (1) and the usage condition of the chargeable information are extracted. The decryption unit 1013 checks the usage conditions and determines whether the chargeable information is available. If usable, the decryption unit outputs the decryption key kd (1) to the reproducing unit 1014 (Step S708). The playback unit 1014
[Charge target information] ke (1) is extracted from the reading unit 1012 (step S709), decrypted with the decryption key kd (1), and the charge target information is reproduced.

The decryption unit 1013 provides a decryption key kd,
And an algorithm for decrypting the license information. In order to avoid attacks on security, the decryption unit 1013 is not software,
It is desirable to mount it as a chip. In this case, the decryption unit 1013 is an IC chip provided with an input unit for license information and an output unit for outputting a decryption key of the chargeable information (when it is determined that the license information can be used). This is done inside the chip.

One of the key points of the present invention is that the license information generation unit 1002 performs encryption after merging the decryption key kd (1) of the billing target information and the use condition. Generally, the encryption mixes bits of information to be encrypted. Therefore, after the encryption processing, it is impossible to separate two pieces of information that have been simultaneously encrypted (other than by decryption). It is important to make use of this property of the encryption process to make the chargeable information and usage conditions inseparable.

In the embodiment described above, the billing target information is encrypted by the encryption key ke (1). Therefore: In order to use the billing target information, the decryption key kd
(1) is required. However, the decryption key kd (1) is inseparably encrypted as a part of the license information from the use condition. Although the license information and the chargeable information can be separated from each other, the improper license information does not include a decryption key for correctly decrypting the chargeable information, so that “replacement” of the license information does not make sense.

2. In order to obtain a correct decryption key kd (1), it is necessary to decrypt appropriate license information.
However, 3. This decryption can only be performed by a legitimate decryption unit holding the decryption key ke. And 4. The legitimate decryption unit always refers to the use conditions included in the license information and determines whether or not the use is possible. Therefore, In the device including the license information generation unit and the decryption unit according to the present invention, it is theoretically impossible to use the chargeable information under an illegal use condition.

If the decryption unit 1013 determines that the chargeable information cannot be used and does not output the decryption key kd (1), the license information must be updated or a valid license must be used in order to use the chargeable information. There is no other way to add information. This point is the timing of generation of billing for the information user. The user must update or newly acquire the license information by a method such as a store, a vending machine, or via the Internet. A device, a vending machine, or a network server installed in a store holds a decryption key kd and an encryption key ke, decrypts license information, rewrites information, and re-encrypts the license information. Can be updated.

In order for the user to receive the update (or new issuance) of the license information, the user must send (one of) the license information accompanying the chargeable information to an apparatus having a license information update function.

1 '. Only the legitimate device having the decryption key kd and the encryption key ke is the only decryption key k
d (1) and use conditions can be decoded and separated; 2 '. Only a legitimate device having a decryption key kd and an encryption key ke can re-encrypt as license information after rewriting usage conditions.

The updated license information is sent to the license information update device (the license information update client unit 403 in FIG. 26, the license information update unit 60 in FIG. 38).
3. License information update unit 702 in FIG. 41, FIG.
7 and is written back to the medium owned by the user. At locations other than inside the license information updating device, the license information remains encrypted, and 3 '. Since the encryption characteristic of the present invention is performed, it is impossible to make unauthorized changes to the usage conditions.

In general, in order to transmit a decryption key through a network, it is often performed to re-encrypt the data using another key. However, the feature of the present invention that the encryption is performed after merging the key kd (1) for decrypting the encrypted chargeable information and the use condition, and then encrypting the chargeable information such as a literary work. It has a great effect like.

Hereinafter, the configurations and operations of the information recording device, the information reproducing device, and the billing device of the present invention will be described in detail. (1) Information Recording Device (1-1) First Example of Information Recording Device FIG. 1 shows a first configuration example of an information recording device according to the present invention. That is, in FIG. 1, content information to be charged (hereinafter, referred to as charging information) such as a digitized work is encrypted, and the usage conditions of the charging information and the encrypted charging information are decrypted. 1 shows an example of the configuration of an information recording apparatus that generates license information by encrypting a decryption key for performing encryption, and records the encrypted charging target information and license information on a predetermined recording medium.

The information recording apparatus is roughly composed of a charging target information input section 2, a license information generating section 3, and a recording section 8.

The chargeable information has been encrypted in advance using the encryption key ke (1) and is input to the chargeable information input unit 2. Note that the decryption key corresponding to the encryption key ke (1) is k
Let d (1). From now on, the fact that the information X is encrypted with the encryption key K may be expressed as [X] k.

The license information generator 3 comprises a use condition input unit 4, a decryption key input unit 5, a key holding unit 6, and an encryption unit 7.

The key holding unit 6 stores an encryption key ke in advance. This encryption key ke does not always match ke (1).

The use condition input unit 4 inputs a use condition. The usage condition includes at least one of a usage period of the charging target information, a license information writing time, a content ID, a media ID, and a decryption unit ID.

The decryption key input section 5 receives a decryption key kd (1) corresponding to the encryption key ke (1) for decrypting the encrypted charging target information.

The use condition and the decryption key kd (1) are input to the encryption unit 7 via the use condition input unit 4 and the decryption key input unit 5, and the use condition and the decryption key kd (1) are merged. Is done. After that, the encryption key ke stored in the key holding unit 6
Is used to encrypt the merged use condition and the decryption key kd (1). Generally, the encryption method is roughly divided into a public key method and a secret key method, and any of them may be adopted. Here, the encrypted data is called license information. The encryption unit 7 is characterized in that the use condition and the decryption key kd (1) are inseparably linked by merging and encryption. Therefore, a device that can decrypt the encryption by the encryption key ke, that is, the decryption key kd corresponding to the encryption key ke
Only the device having the above can separate the use condition and the decryption key kd (1). Since the decryption key kd (1) is a key for decrypting the encrypted charging target information, after all,
The chargeable information and the usage conditions are inseparably linked. It is always possible to separate chargeable information and license information as data. However, without proper license information, it is not possible to decrypt the chargeable information and use the content.

The recording unit 8 writes the license information into the information storage unit 9 and then writes the encrypted billing target information behind it.

The information storage unit 9 is, for example, a DVD-RO
Recording media such as M, DVD-RAM, and hard disk may be used. The recording medium on which such information is recorded,
The information is reproduced by being set in a predetermined reproducing device. Alternatively, the information is transferred or broadcasted from the information storage unit 9 via a network such as the Internet,
It may be copied to another recording medium and reproduced by a predetermined reproducing device.

FIG. 2 is a flowchart for explaining the operation of the information recording apparatus 1 of FIG. First, the encrypted charging target information [charging target information] ke (1) is input to the charging target information input unit 2 (step S1), the use condition is input to the use condition input unit 4 (step S2), and decryption is performed. The key kd (1) is input to the decryption key input unit 5 (Step S
3). The encrypted chargeable information is transferred from the chargeable information input unit 2 to the recording unit 8 (step S4), the use condition is transferred from the use condition input unit 4 to the encryption unit 7 (step S5), and the decryption key is used. kd (1) is transferred from the decryption key input unit 5 to the encryption unit 7 (Step S6). Further, the encryption key ke held in advance in the key holding unit 6 is
(Step S7). After merging the use condition and the decryption key kd (1), the encryption unit 7 generates license information by encrypting using the encryption key ke (step S8). Then, the generated license information is stored in the recording unit 8.
(Step S9). The recording unit 8 merges the encrypted billing target information and the license information and records them in the information storage unit 9 (Step 10). (1-2) Second Example of Information Recording Device FIG. 3 shows a second example of the configuration of the information recording device according to the present invention. That is, FIG. 3 shows that license information is generated by encrypting a part of billing target information, which is a billing target such as a digitized work, together with a use condition, and the remaining part of the billing target information and the license information are converted to a predetermined number. 1 shows a configuration example of an information recording device that records information on a recording medium. Similar to the first configuration in FIG. 1, in order to make the chargeable information and the use condition inseparable, a part of the data of the chargeable information is encrypted together with the use condition here.

The information recording device is roughly composed of a data separating unit 12, a license information generating unit 13, and a recording unit 18.

The data separation unit 12 divides the information to be charged into two. 5 and 6 show examples of data separation in the data separation unit. For the sake of simplicity, a case of a still image will be described, but a similar method can be used for a moving image and other cases.

As shown in FIG. 5, a part of the still image (the face area in FIG. 5) is cut out, and the face area as shown in FIG. 5B is encrypted as a part of the license information. You may do so. In this case, the image can be viewed without decrypting the license information (that is, without paying the usage fee), but the image lacks a part. In addition, as shown in FIG. 6, the image is subjected to Fourier transform to extract frequency components. Then, FIG.
May be encrypted as a part of the license information. In this case, if the license information cannot be decrypted (that is, if the usage fee is not paid), only an unclear video can be obtained even if the image of the frequency component shown in FIG. 6A is reproduced. Absent.

The license information generation unit 13 includes a use condition input unit 14, an encryption unit 17, and a key holding unit 16.

The encryption key ke is stored in the key holding unit 16 in advance.

The use condition input unit 14 inputs a use condition. The usage conditions are the usage period of the chargeable information, the license information writing time, the content ID, and the media ID.
Alternatively, it is composed of at least one of the decoding unit IDs.

The use condition is input to the encrypting unit 17 via the use condition input unit 14, and a part of the billing target information obtained by dividing the billing target information into two parts from the data separating unit 12. The license information is generated by inputting and merging the usage conditions and a part of the data to be charged with the encryption key ke stored in the key holding unit 16.

The recording unit 18 writes the license information into the information storage unit 19, and then writes the license information to the data separation unit 1.
The remaining data of the billing target information divided into two by 2 is written.

The information storage unit 19 is, for example, a DVD-RO
Recording media such as M, DVD-RAM, and hard disk may be used. The recording medium on which such information is recorded,
The information is reproduced by being set in a predetermined reproducing device. Alternatively, the information may be transferred or broadcast from the information storage unit 19 via a network such as the Internet, copied to another recording medium, and reproduced by a predetermined reproducing device.

FIG. 4 is a flowchart for explaining the operation of the information recording apparatus 11 of FIG. First, the charging target information is input to the data separation unit 12 (step S2).
1) The use condition is input to the use condition input unit 14 (step S22). The data separating unit 12 divides the input charging target information into two (step S23), transfers a part of the obtained charging target information to the encryption unit 17 (step S24), and sets the charging target information. Is transferred to the recording unit 18 (step S25). The use condition is transferred from the use condition input unit 14 to the encryption unit 17 (step S26), and the encryption key ke is transferred from the key holding unit 16 to the encryption unit 17 (step S27). The encryption unit 17 generates license information by merging the usage rule and a part of the billing target information transferred from the data separation unit 12, and then encrypts it using the encryption key ke (step S28). . Then, the generated license information is transferred to the recording unit 18 (Step S29). Recorder 18
Merges a part of the billing target information transferred from the data separation unit 12 with the license information and records it in the information storage unit 19 (step 30). (1-3) Third Example of Information Recording Device As still another example for making the chargeable information and the use condition inseparable, the entire chargeable information may be encrypted together with the use condition.

FIG. 7 shows a third configuration example of the information recording apparatus according to the first embodiment of the present invention. In addition,
In FIG. 7, the same parts as those in FIG.
The different parts will be described. That is, the data separating unit 12 in FIG. 3 is replaced by the charging target information input unit 2 in FIG. 7, and the charging target information input to the charging target information input unit 2 is transferred to the encryption unit 17 as it is. . The encryption unit 17 merges all of the billing target information and the usage rule, and then encrypts the information using the encryption key ke. (1-4) Summary As described above, in the first example of the information recording apparatus,
A decryption key kd for decrypting the encrypted charging target information
(1) is merged with the use condition, and encrypted by using the encryption key ke to generate license information, thereby linking the use condition and the decryption key kd (1) to the additional portion, and the encrypted billing. By merging the target information and the license information and recording them in the information storage unit 9, the charging target information and the usage conditions can be inseparably linked. in this case,
Only the information reproducing apparatus having the decryption key kd corresponding to the encryption key ke can separate the use condition and the decryption key kd (1). Therefore, using the separated decryption key kd (1), The encrypted accounting information can be decrypted and reproduced.

In the second example of the information recording apparatus, a part of the data of the billing target information and the use condition are merged, and the encryption key ke is merged.
The license information is generated by encrypting the license information, and a part of the remaining chargeable information and the license information are merged and recorded in the information storage unit 19, so that the chargeable information and the use condition are inseparable. Can be tied. In this case, only the information reproducing apparatus having the decryption key kd corresponding to the encryption key ke can decrypt / separate a part of the data to be charged and the usage condition. Charging target information can be reproduced from a part of the target information and the remaining data.

In the third example of the information recording apparatus, all data of the billing target information and the usage conditions are merged, encrypted using the encryption key ke, and recorded in the information storage unit 19.
Chargeable information and usage conditions can be inseparably linked. In this case, only the information reproducing apparatus having the decryption key kd corresponding to the encryption key ke can decrypt, separate, and reproduce the data of the billing target information and the usage conditions.

In any of these, regardless of decoding,
This provides a mechanism for preventing the charging target information and the usage conditions from being separated.

The information storage units 9 and 19 store, for example, D
A recording medium such as a VD-ROM, a DVD-RAM, and a hard disk may be used. The recording medium on which such information is recorded is set in a predetermined reproducing device to reproduce the information. Alternatively, the information may be transferred or broadcast from the information storage units 9 and 19 via a network such as the Internet, copied to another recording medium, and reproduced by a predetermined reproducing device. (2) Information Reproducing Device (2-1) First Example of Information Reproducing Device FIG. 8 shows a first configuration example of an information reproducing device according to the present invention. That is, FIG. 8 is the first of FIG.
Information recording device, the second information recording device of FIG. 3, and the third information recording device of FIG. 1 shows a configuration example of an information reproducing apparatus that distributes and reproduces the distributed information.

For example, one unit of information recorded in the information storage unit 9 by the first information recording device is composed of the encrypted billing target information, a decryption key kd (1) for decrypting the same, and a use condition. It is obtained by merging license information generated by encryption using the encryption key ke.

The use conditions include, for example, a use period. The term of use is, for example, when a user pays a predetermined fee, the term of use of the charging target information corresponding to the fee. The usage condition may include a license information recording time. The license information recording time is, for example, a time when the license information is recorded in the information storage unit 9 by the first information recording device in FIG. 1, more specifically, when the license information generation unit 3 generates the license information. For example, the time information is read from a clock provided in the use condition input unit 4.

In FIG. 8, the information reproducing apparatus is roughly divided into an information storage unit 101, a reading unit 102, a decoding unit 103, and a reproducing unit 104.

The information storage unit 101 is, for example, a DVD-R
A recording medium such as an OM, a DVD-RAM, and a hard disk may be used. The information recorded in the information storage unit 101 is obtained by transferring the information recorded in the information storage unit 9 of FIGS. 1, 3, and 7 or the information recorded in the information storage unit 19 via a network such as the Internet, or broadcasting. It may be copied and replaced.

The reading unit 102 reads one unit of information from the information storage unit 101, transfers the license information to the decryption unit 103, and transfers the encrypted charging target information to the reproduction unit 104.

The decryption unit 103 decrypts the license information using the decryption key kd stored in advance, and generates a decryption key kd (1) for decrypting the encrypted charging target information based on the usage conditions obtained as a result. By judging whether or not to output to the reproduction unit 104, copyright protection is performed.

Since the charging target information is encrypted by the encryption key ke (1), the reproducing unit 104
Unless the decryption key kd (1) corresponding to (1) is given, the charging target information cannot be reproduced. Decryption key k
d (1) is transferred from the decoding unit 103 to the reproducing unit 104. Note that when the decryption key kd (1) is transferred from the decryption unit 103 to the playback unit 104, it is usually protected. If the decryption key kd (1) is acquired and stored during the transfer, then it can be reproduced without passing through the decryption unit 103. This is because copyright protection such as use condition check in the decryption unit 103 becomes meaningless. As a specific method of transfer protection, for example, “Nikkei Electronics” 1996.
11.18 (No. 676) News Report (p13
-P14), one example can be seen.

The reproducing section 104 includes a decoding section 105. In the decrypting unit 105, the encrypted accounting target information transferred from the reading unit 102 is
Decryption using the decryption key kd (1) transferred from. The reproducing unit 104 performs a predetermined decoding for displaying the data of the charging target information obtained as a result of decoding by the decoding unit 105, and displays the data on a predetermined display device.

FIG. 9 shows a configuration example of the decoding unit 103. The decryption unit 103 includes a license information input unit 10
3a, a decryption unit 103b, a decryption key holding unit 103c, a determination unit 103d, a clock reference unit 103e, and a clock 103f.

Upon receiving the license information transferred from the reading unit 102, the license information input unit 103a outputs it to the decoding unit 103b.

In the decryption section 103b, the decryption key holding section 103
The license information is decrypted using the decryption key kd stored in advance in c, and the resulting usage condition, that is,
The expiration date and the decryption key kd (1) are output to the determination unit 103d.

The clock reference section 103e reads the time (clock time) indicated by the clock 103f.

The determination unit 103d compares the clock time (indicating the current time) obtained from the clock reference unit 103e with the usage period, and determines that the charging target information is available when clock time ≦ use period. Then, the decryption key kd (1) is output to the reproducing unit 104.

When the license information recording time is further included in the use condition, a check of the expiration date and a check of the license information recording time are also performed. That is, the determination unit 1
03d compares the clock time with the license information recording time when the usage period is valid, and outputs the decryption key kd (1) to the reproducing unit 104 when clock time ≧ license information recording time is satisfied. This check only confirms the obvious matter that "license information was recorded in the past", but has important significance.
That is, the clock 103 referred to by the clock reference unit 103e
f is not always accurate. In particular, it is not preferable that the clock is extremely delayed from the viewpoint of observing the expiration date. The above check on the license information recording time has the meaning of putting a certain stop on the clock delay. For example, it is assumed that the clock indicates the time one month ago. At 12:00 on the day with the license information recording time,
It is assumed that the expiration date is 12:00 just one week after that. If the license information recording time is not checked, the user can use the billable information for one week and one month. By checking the license information recording time, it is possible to prohibit the use of the charging target information when the clock is extremely late.

The flowchart shown in FIG. 10 is for explaining the flow of the processing operation of the information reproducing apparatus of FIG. The reading unit 102 reads out one unit of information recorded in the information storage unit 101, that is, the encrypted billing target information and license information (step S4).
1) The license information is transferred to the decryption unit 103 (step S42), and the encrypted charging target information is transferred to the reproduction unit 104 (step S43). The decryption unit 103 decrypts the license information using the decryption key kd stored in advance, and uses the usage condition (expiration date) and the decryption key kd.
d (1) is obtained. Then, it is determined whether the chargeable information can be used based on the use condition (use period) (step S4).
4). When it is determined that the usage period is valid and the chargeable information can be used (step S45), the decryption unit 103
Transfers the decryption key kd (1) to the reproducing unit 104 (Step S46). On the other hand, when it is determined that the use of the billing target information is not possible, a notification that the output of the decryption key kd (1) is not possible is output to the reproducing unit 104, and the process is terminated. The reproducing unit 104 decrypts the encrypted charging target information using the decryption key kd (1), and further decodes and reproduces the charging target information (step S47).

Next, referring to the flowchart shown in FIG. 11 and FIGS. 8 and 9, steps S44 to S46 in FIG.
Will be described in more detail. License information input unit 1 of decryption unit 103
03a, upon receiving the license information transferred from the reading unit 102 (step S51), transfers the license information to the decoding unit 103b (step S52).
When the decryption key kd is transferred from the decryption key holding unit 103c (step S53), the decryption unit 103b decrypts the license information using the decryption key kd (step S54).
The data obtained as a result of decoding the license information is transferred to the determination unit 103d (Step S55). When the clock time is transferred from the clock reference unit 103e (step S56), the determination unit 103d compares the usage condition (expiration date) with the clock time to determine whether the chargeable information can be used (that is, the decryption key kd ( 1) is output to the reproducing unit 104) (step S57). If it is determined that the chargeable information can be used, the decryption key kd (1) is output to the reproducing unit 104 (steps S58 to S59). A notification that the output of the decryption key kd (1) is not possible is output to 104 (steps S58 and S60). (2-2) Configuration of Decoding Unit and Clock Provided in Decoding Unit When the usage period of the charging target information is used as the usage condition to limit the usage period of the charging target information, the clock is provided in the decoding unit 103 of FIG. The accuracy of the watch 103f is important. In that sense, a mechanism that makes it impossible for the user to arbitrarily set the time is required. FIG. 12 shows a configuration example of a decoding unit having such a mechanism. FIG.
2, the same parts as those in FIG. 9 are denoted by the same reference numerals.

As shown in FIG. 12, the clock 103f includes a time setting unit 111, a time setting invalidating unit 112, and a time counter 113. The operation of the clock 103f in FIG. 12 will be described with reference to the flowchart shown in FIG.
When time setting instruction information including the set time information is input via the clock setting unit 111 at the time of factory shipment (step S7).
1) The clock setting unit 111 sets the instructed set time in the clock counter 113 (steps S72 to S73). After that, the time setting invalidating unit 112
A measure is taken so that the subsequent time setting via the time setting unit 111 becomes invalid (steps S74 to S7).
5). For example, the time setting invalidating unit 112 may cause an overcurrent to flow through a circuit connecting the time setting unit 111 and the time counter 113 to physically shut off the time setting unit 111 and the time counter 113. After the time setting invalidation processing is performed, the time setting becomes completely impossible.

The error evaluator 103g calculates the maximum accumulated error as
For example, it is determined by the following method. The error evaluation unit holds “at the time of maximum delay” and “at the time of maximum advance” of the clock 103f. Further, a clock counter for error evaluation is provided, and the clock counter adds the maximum delay and the maximum advance each hour, and the added values are the cumulative maximum delay and the cumulative maximum advance (these are collectively referred to as cumulative error). And the determination unit 103
Transfer to d.

The cumulative maximum advance and the cumulative maximum delay are, for example, the cumulative time of an error caused by an abnormal operation of the clock 103f itself. Therefore, when comparing the clock time indicated by the clock 103f with the expiration date and the license information recording time, it is necessary to take this accumulated error into account.

In this case, the decision unit 1 of the decoding unit 103
03d examines whether the following equation holds.

Clock time ≦ use period + cumulative maximum advance Clock time ≧ license information recording (update) time−cumulative maximum delay When these two expressions are simultaneously established, it is determined that the use of the chargeable information is possible. When reproducing the information recorded in the information storage unit 9 by the first information recording device, the decryption key kd
(1) When reproducing the information recorded in the information storage unit 19 by the second information recording device, it is determined that each output of a part of the chargeable information is possible.

Next, the processing operation of the decoding unit in FIG. 12 will be described with reference to the flowchart shown in FIG. License information input unit 103 of decryption unit 103
Upon receiving the license information transferred from the reading unit 102 (step S81), a transfers the license information to the decoding unit 103b (step S82). When the decryption key kd is transferred from the decryption key holding unit 103c (step S83), the decryption unit 103b decrypts the license information using the decryption key kd (step S84). The data obtained as a result of decrypting the license information is
3d (step S85). Clock reference section 10
3e acquires the clock time from the clock 103f (step S
86), and transfers the obtained clock time to the determination unit 103d (step S87). The determining unit 103d further includes:
When the accumulated error is obtained from the error evaluator 103g (step S88), the usage condition (expiration date) is compared with the clock time taking into account the accumulated error of the clock 103f, and whether or not the chargeable information can be used (ie, It is determined whether to output the decryption key kd (1) to the reproducing unit 104 (step S8).
9). If it is determined that the chargeable information can be used, the decryption key kd (1) is output to the reproducing unit 104 (step S9).
0 to S91), when it is determined that the use of the chargeable information is not possible, a notification that the output of the decryption key kd (1) is not possible is output to the reproducing unit 104 (steps S90 and S92). (2-3) Time setting of a clock provided in the decoding unit:
Part 1 FIG. 15 shows a clock 103 provided in the decoding unit 103.
f shows another configuration example, and shows a configuration example of a clock 103f that sets the time based on the encrypted time setting instruction information.

As shown in FIG. 15, the clock 103f includes a set time input unit 121, a decryption unit 122, and a command authentication unit 1
23, a time setting unit 124, and a time counter 125.

The operation of the timepiece 103f having such a configuration will be described with reference to the flowchart shown in FIG.
The time setting instruction information including the set time information is encrypted in advance, and when the encrypted time setting instruction information is input to the set time input unit 121 (step S101), the set time input unit 121 is encrypted. The received time setting instruction information is transferred to the decoding unit 122 (Step S102). Decoding unit 1
22 decrypts the encrypted time setting instruction information (step S103), and transfers the decrypted time setting instruction information to the command authentication unit 123 (step S104).
The command authentication unit 123 checks the command format of the time setting instruction information (step S105). If the command format is correct (step S106), the command authentication unit 123 transfers the set time information included in the time setting instruction information to the time setting unit 124. (Step S107). The time setting unit 124 sets the time of the clock counter 125 according to the set time information (step S108).

Since the clock 103f has the configuration shown in FIG. 15, the time setting instruction information input to the clock 103f must always be encrypted using a predetermined encryption key. It is impossible to set the time using a device that cannot perform the operation (that is, a device that does not hold an encryption key). Therefore, the user cannot easily set the time of the clock 103f. (2-4) Time setting of a clock provided in the decoding unit:
Second, a case where the time of a clock 103f included in the decoding unit 103 is set via a network will be described.

FIG. 17 is a conceptual diagram of network time setting. The time setting client is a clock to set the time, that is, for example, a clock 103 provided in the decoding unit 103 of the first information reproducing apparatus as shown in FIG.
f. Here, the time of this clock is referred to as a client time. The time setting server also has a clock inside, and the time indicated by the clock is referred to as server time here. In this manner, the time setting server sets the time of the clock included in the time setting client via the network.

When setting the time of the clock provided in the decoding unit, a slightly complicated process is required. that is,
For the following reasons. It is necessary to check how the clock 201 of the client advances. It is necessary to confirm that one minute of the client time is almost equivalent to one minute of the server time. This is confirmed by i) specifying the transmission time of the authentication information by the server, and ii) specifying the arrival time of the authentication information (timeout setting). The reason why the authentication information is transmitted from the client to the server is to avoid false declaration. That is, the server measures the progress of the client time using the arrival time of the authentication information. In addition, it is necessary to guarantee that the time setting command transmitted from the server is input to the clock 201 immediately after arriving at the client. In order to guarantee this, a timeout (time setting instruction reception time) is provided in the clock 201 of the client.

FIG. 18 shows a configuration example of the time setting client. As shown in FIG. 18, the time setting client includes a clock 201, a network communication unit 202, a client authentication key storage unit 203, and an encryption unit 204.

FIG. 19 shows a configuration example of the time setting server.

20 to 22 showing the operation of the time setting client and the time setting server, FIG. 23 showing an example of the configuration of the clock 201 of the time setting client, and FIGS. The operation of setting the time of the clock 201 of the time setting client from the time setting server via the network will be described with reference to the flowchart of FIG.

First, in the time setting client, the clock 2
The current client time t1 indicated by 01 is sent to the time setting server via the network communication unit 202 (steps S111 to S112 in FIG. 20).
That is, as shown in FIG.
Is the current client time t1 from the time counter 301
(S161 in FIG. 24), and outputs it to the network communication unit 202 in FIG. 18 (step S161 in FIG. 24).
162).

When the time setting server receives the client time t1 via the network connection unit 211 (step S131 in FIG. 21), it transfers it to the time designation unit 212 (step S132), and the time designation unit 212 The time t1 from the client is stored in the time limit setting unit 213.
Is notified (step S133), and t1
, A predetermined numerical value is added to the information to determine the authentication information transmission time (client time) t2 (step S13).
4), and transfer it to the time setting client via the network connection unit 211 (step S135). Further, the authentication information transmission time t2 is stored in the designated time storage unit 218 (Step S136). Arrival deadline time setting unit 2
In 13, upon receipt of the time arrival notification, an arrival time (server time) T 1 at time t 1 from the client is obtained from the clock 214 (step S 137). The time (server time) T2 is determined (step S138) and stored in the arrival time limit storage unit 215 (step S139).

When the time setting client receives the authentication information transmission time t2 via the network communication unit 202 (step S113 in FIG. 20), it transfers it to the clock 201 (step S114) and waits until the client time t2. At t2 indicated by the client time, the clock 20
1 reads out the authentication information, and the clock 201 outputs it to the encryption unit 204. At this time, the authentication information indicates the time “t”.
2 "(step S115). That is,
When the clock 201 receives the authentication information transmission time t2, as shown in FIG. 23, it stores it in the designated time storage unit 303 (step S163 in FIG. 24). Time comparison unit 30
In step 4, the authentication information transmission time t2 stored in the designated time storage unit 303 is read, and the client time t indicated by the time counter 301 is referred to as needed to compare t2 with t. , Time reading unit 3
02 to read the client time (FIG. 24)
Steps S164 to S168). In response to this instruction, the time reading unit 302 sets the time counter 301
Is read (in this case, time t2) and output to the encryption unit 204 in FIG. 18 (step S169 in FIG. 24). Further, the clock 201 of the time setting client adds a predetermined numerical value to t2 to determine a time setting instruction reception time (client time) t3,
This is stored in the time setting instruction reception time storage unit 309 (step S170 in FIG. 24).

In the time setting client encryption unit 204, the encryption key k's is stored in the client authentication key storage unit 203.
Is transferred (step S116), the time “t2” as the authentication information is encrypted using the encryption key k ′s (step S117), and the encrypted authentication information ([t
2] k's) is transferred to the time setting server via the network communication unit 202 (steps S118 to S)
119). It is assumed that the time setting server holds the decryption key k'p corresponding to the encryption key k's in the server authentication key storage unit 219.

On the other hand, when the time setting server receives the encrypted authentication information from the time setting client via the network connection unit 211 (step S140),
It is transferred to the arrival time limit checking unit 216 (step S141). The arrival time limit checking unit 216 extracts the authentication information arrival time T2 previously stored in the arrival time limit storage unit 215, and reads the time T (server time) at which the encrypted authentication information was received from the clock 214 (step S1).
42 to Step S144). Then, the authentication information reception time T and the authentication information arrival time T2 are compared. If T> T2, it is determined that the delay time is too long, and the subsequent processing is not performed (step S145). If T ≦ T2, the encrypted authentication information is transferred to the decryption unit 217 (Step S146 in FIG. 22), and decrypted using the decryption key k′p stored in the server authentication key storage unit 219 (Step S146). S147
To step S148), and transfer the decrypted authentication information to the designated time confirmation unit 220 (step S149). The designated time confirmation unit 220 further includes the designated time storage unit 21
The authentication information transmission time t2 stored in the time setting client 8 is also transferred, and by comparing these, the time setting client's clock is authenticated (steps S150 to S15).
2). Here, the time “t2” is confirmed. If the authentication of the clock of the time setting client fails, the subsequent processing is not performed. If authentication of the clock of the time setting client succeeds, the designated time confirmation unit 220 transmits a time setting instruction to the time setting instruction generation unit 221 (step S).
153). In response to this instruction, the time setting instruction generation unit 22
12 reads the server time at that time from the clock 214 and generates a time setting command including the server time. Further, the time setting command is encrypted with the encryption key k't. On the time setting client clock,
It is assumed that a decryption key k'q corresponding to the encryption key k't is held (steps S154 to S155). The encrypted time setting command is transmitted to the network connection unit 21.
1 to the time setting client (steps S156 to S157).

When the time setting client receives the encrypted time setting command via the network communication unit 202, it inputs it to the clock 201 (steps S120 to S121 in FIG. 20).

As shown in FIG. 23, when the set time input unit 305 receives the encrypted time setting command, the clock 201 notifies the time setting instruction input time reference unit 310 as shown in FIG.
(Steps S171 to S1 in FIG. 24).
72). Upon receiving this notification, the time setting instruction input time reference unit 310 acquires the client time t from the time counter 301 and outputs it to the time comparison unit 311 (FIG. 2).
Step S173 to Step S174 of Step 4). The time comparison unit 311 reads the time setting instruction reception time t3 stored earlier from the time setting instruction reception time storage unit 309, and compares it with the client time t at that time. At this time, the time comparison unit 311 may make a comparison determination using the allowable delay time Δt stored in the allowable delay time storage unit 312 in advance (Steps S175 to S177 in FIG. 24). If t> t3 + Δt, it is determined that the delay time is too long, and the subsequent processing is not performed (step S178 in FIG. 24). If t ≦ t3, the time comparison unit 311
Notifies the set time input unit 305 of the time setting permission (steps S178 to S179 in FIG. 24).
By this notification, the clock 201 of the time setting client
Performs a time setting operation based on a time setting instruction (command) transmitted from the time setting server.

As shown in FIG. 23, upon receiving the time setting permission notification, the set time input unit 305 of the clock 201 of the time setting client transfers the encrypted time setting instruction to the decryption unit 306 (FIG. 25). Step S180). The decryption unit 306 transmits the encrypted time setting instruction to the decryption key k ′
q, and transfers the decoded time setting instruction to the command authentication unit 307 (steps S181 to S181 in FIG. 25).
Step S182). The command authentication unit 307 checks whether the command format of the time setting instruction is appropriate, and if the command format is correct, transfers the server time in the time setting instruction to the time setting unit 308 (steps S183 to S185 in FIG. 25). . The time setting unit 308 adjusts the client time indicated by the time counter to the server time received from the command authentication unit 307 (step S18 in FIG. 25).
6). (2-5) Second Example of Information Reproducing Apparatus: Updating License Information (Use Condition Includes Chargeable Information ID) The chargeable information is provided with a chargeable information ID for identifying each. It is assumed that the usage conditions include at least a usage period and a chargeable information ID. A case will be described in which the license information already stored in the information storage unit of the information reproducing apparatus is updated via the network under such conditions.

FIG. 26 shows an example of the configuration of the second information reproducing apparatus and an example of the configuration of the entire system for updating the license information.
01, decryption unit 403, license information update client unit 403, playback unit 404, network connection unit 4
05, an electronic settlement unit 406.

The information storage unit 401 of the information reproducing apparatus has the structure shown in FIG.
This is the same as the information storage unit 101 of the first information reproducing apparatus. Among the information of one unit read from the information storage unit 401 by the information reading unit omitted in FIG. 26,
The license information is sent to the decryption unit 402.

FIG. 27 shows an example of the configuration of the decoding unit 402 in FIG. The same parts as those in FIG. 9 are denoted by the same reference numerals, and a charging target information ID output unit 103g for outputting the charging target information ID included in the usage rule is added to the configuration shown in FIG. Is different.

Next, the operation of the decoding unit shown in FIG. 27 will be described with reference to the flowchart shown in FIG.
The license information is first input to the license information input unit 103a of the decryption unit 402 and sent to the decryption unit 103b (Steps S201 to S202). The decryption unit 103b decrypts the license information using the decryption key kd stored in the decryption key storage unit 103c, and transfers the decrypted license information to the determination unit 103d (Steps S203 to S205). Clock reference section 103
When the clock time is transferred from e (step S20)
6) The determination unit 103d compares the usage condition (expiration date) with the clock time to determine whether or not the charging target information can be used (ie,
(Whether or not to output the decryption key kd (1) to the reproducing unit 404). If it is determined that the chargeable information can be used, the decryption key kd (1) is output to the reproducing unit 404 (steps S206 to S209). The operation so far is the same as the operation of the decoding unit in FIG. On the other hand, in the determination unit 103d,
If it is determined that the chargeable information cannot be used, the chargeable information ID included in the usage condition is transferred to the chargeable information ID output unit 103g, and the reproduction unit 404 is notified of the output disablement of the decryption key kd (1). (Step S21)
0 to step S211). Billing target information ID output unit 10
3g outputs the chargeable information ID to the license information update client unit 403 (step S212).

Next, the configuration and operation of the license information update client unit 403 will be described mainly with reference to FIGS. 29 and 30. The charging target information ID transmitted from the decryption unit 402 is input to the license information input unit 403a (Step S221). At this time, license information other than the charging target information ID may be input to the license information input unit 403a. Hereinafter, it is assumed that license information including at least the chargeable information ID is input to the license information input unit 403a. The license information input to the license information input unit 403a is transmitted to the license information transfer unit 4
The license information is output to the network connection unit 405 via the network connection unit 03b and transmitted to the license information update server 407 in FIG. 26 (steps S222 to S222).
223). In the license information transfer unit 403b,
Network connection unit 4 after encrypting license information
05 may be output.

Thereafter, when the encrypted payment request (including the field ID) is transmitted from the license information update server 407 of FIG. 26 in correspondence with the chargeable information ID, the second information reproducing apparatus The encrypted payment request is received via the network connection unit 405, and the payment request input unit 4 of the license information update client unit 403 is received.
03c (step S224). Further, the encrypted payment request is transferred to the decryption unit 403d (Step S225). The decryption unit 403d decrypts the encrypted payment request, and then transfers the decrypted payment request to the payment confirmation unit 403e (Steps S226 to S227). The payment confirmation unit 403e displays the contents of the payment request on the predetermined display device, for example, and confirms the user's willingness to pay the fee for using the chargeable information (step S228). When the user instructs to pay the fee via a predetermined input device, the user requests the payment instruction unit 403f to issue a payment instruction (steps S229 to S229).
Step S230). The payment instruction generated by the payment instruction unit 403f is transmitted via the electronic settlement unit 406 and then to the server 408 of the electronic settlement company via a predetermined network (step S231).

When the payment of the fee is confirmed by the server 408 of the electronic settlement company, the license information updating server 407 is notified of this fact. The term of use of the chargeable information is extended to generate new license information, which is encrypted and transmitted to the second information reproducing apparatus. In the second information reproducing apparatus, the network connection unit 40
When the license information updated in step 5 is received, the license information is input to the license information input unit 403g of the license information update client unit 403, and is further transferred to the license information update unit 403h (steps S232 to S232).
233). The license information update unit 403h updates the license information by overwriting the received license information with the license information of the charging target information already recorded in the information storage unit 401 (step S23).
4).

Next, the configuration and operation of license information update server 407 will be described with reference to FIGS. 31 and 32. In step S223 in FIG. 30, when the license information transmitted from the second information reproducing device is received by the network connection unit 407a of the license information update server 407, it is transferred to the license information update unit 407b (see FIG. 32). Step S241 to step S2
42). Here, if necessary, the license information is decrypted, and the decrypted license information is registered in the license information database 407c (step S24).
3). At this time, the license information database 407c
In, in order to manage the update history of license information, a field ID is attached to the license information at the time of registration. This field ID is also notified to the license information update unit 407b. The charging database (DB) search unit 407d searches the charging database 407e based on the charging target information ID included in the license information.
To generate a payment request (steps S244 to S244).
Step S246).

The contents of the payment request include, for example, as shown in FIG. 33, a chargeable information ID, a presentation of a charge to be paid for using the chargeable information (a charge corresponding to a use period), a payee of the charge, and the like. Is described.

The generated payment request has the field ID
After being transferred to the encryption unit 407f and encrypted, the data is transferred to the network connection unit 407a and transmitted to the second information reproducing apparatus via the network (steps S247 to S250). . The encrypted payment request and the field ID are received by the second information reproducing device, and are processed as described in and after step S224 in FIG.

In the second information reproducing apparatus, the payment for the use of the chargeable information is made by issuing a payment instruction in step S231 in FIG. 30, and the contents of the payment instruction at that time are presented to the user. When the paid payment request is as shown in FIG. 33, for example, “10 yen /
One week for "ABCD" to abc, reference number: field ID ", and the payment is made through the electronic settlement unit 406. Here, the serial number is a field ID given to the license information. After receiving the payment instruction, the server 408 of the electronic settlement company performs payment processing and then “10 yen / week for“ ABCD ”from A to a.
A payment confirmation is sent to the license information update server 407 with the description “bc, serial number: field ID”. Here, it is assumed that A is a user ID.

In the license information update server 407 which has received the payment confirmation via the network connection unit 407g, first, the license information update unit 407b
The license information to be updated is searched from the license information database 407c based on the serial number, that is, the field ID (steps S251 to S2).
53). The license information update unit 407b further updates the use condition in the license information with reference to the payment confirmation, encrypts the license information again (step S254), and transmits the encrypted license information to the network connection unit 40.
The data is transmitted to the second information reproducing device via the communication device 7a (steps S255 to S256).

The reason why the payment request transmitted from the license information update server to the second information reproducing apparatus is encrypted is as follows. That is, the communication path for transmitting the payment request is a public line such as the Internet, and security is generally not guaranteed. Therefore, for example, there is a risk that the payment request is falsified and the user pays to an unauthorized payee. Encryption prevents that.

FIG. 34 is a flow chart for schematically explaining the operation of the whole system including the second information reproducing apparatus shown in FIG. It should be noted that the reference numerals shown in Fig. 34 (steps S261 to S286 correspond to the reference numerals shown in Fig. 26, and detailed description of the operation is as described above.) (3) License information update unit The license information update unit will be described.
The license information update unit is for mainly updating the use condition of the license information.
The license information recorded together with the information to be charged in the information storage unit can be updated by the information recording device, and the license information update unit can be used alone. In order to update the license information, the license information update unit releases (decrypts) the encryption applied to the license information, inputs a desired use condition separately input therein, and pays for the use condition. After confirming that the license information has been updated, it must be encrypted and output as updated license information.

FIG. 35 shows an example of the configuration of the license information update unit. The configuration and operation of the license information update unit shown in FIG. 35 will be described below with reference to the flowcharts shown in FIGS.

In the license information updating process, first, license information is input to the license information input unit 501 and desired use conditions are input to the desired use condition input unit 506 (step S301 in FIG. 36, step S30 in FIG. 37).
8). The license information here includes the use condition described in the first information recording apparatus and the decryption key kd (1) of the encrypted charging target information. The desired use condition is a use condition desired by the user, and is input from the user through an appropriate interface.

The license information input to the license information input unit 501 is decrypted by the license information decryption unit 502 using the decryption key stored in the decryption key storage unit 503 (step S302 in FIG. 36), and the usage conditions and the charge The information decryption key is separated, license information (especially usage conditions) can be updated, and information necessary for charging such as charging target information ID is sent to the payment request output unit 507 (step S303 in FIG. 36, FIG. 37, step S310). Further, the license information that has become renewable is rewritten by the license information updating unit 505 to the use condition input by the desired use condition input unit 506 (step S30 in FIG. 36).
4). On the other hand, in order to charge for the desired use conditions,
The desired use condition input unit 506 outputs the desired use condition to the payment request output unit 507 in order to prompt charging for the input desired use condition. In the payment request output unit 507,
The desired use condition input from the desired use condition input unit 506 and the information necessary for charging such as the charging target information ID input from the license information decoding unit 502 are output to the outside of the apparatus using a predetermined fixed protocol (FIG. 37 steps S
310). Based on this output, the external device starts a specific procedure for billing. Further, the payment request information output here is an information distribution system for copyright protection / charging in which a license information update unit is incorporated (that is, an information distribution system including an information recording device and an information reproduction device of the present invention). In the situation where the copyright holder of the chargeable information is specified, the chargeable information ID
Is unnecessary, and when the usage conditions are predetermined for all the information to be charged, the existence of the desired usage condition input unit 506 and the output of the usage conditions from the payment request output unit 507 are also unnecessary. . As described above, the license information update unit of the present embodiment may have some obvious variations depending on the environment in which it is used.

Next, at the stage when the payment of the fee for the payment request information is completed, a payment confirmation signal is sent from the external device to the payment confirmation unit 508, and when this signal is sent, the license information updating unit 505 sends the signal. The input update license information is sent to the update license information encryption unit 509, and is encrypted with a predetermined encryption key held in the encryption key holding unit 510 (step S305 in FIG. 36).
Step S306). At this time, the updated license information until the signal comes is transmitted to the updated license information encrypting unit 5.
It is not sent to 09. With this function, the license information updating unit of the present embodiment prevents output of updated license information even though payment is not made.

The updated license information encrypted by the updated license information encryption unit 509 is sent to the updated license information output unit 511, and is output to an external device (step S307). Here, the charging target information ID is the ID of the charging target information, indicates the author of the information, and is information necessary for specifying the charging amount or the payee.

The license information updating unit shown in FIG. 35 does not only update the license information recorded on the recording medium or the like by the above-mentioned first information recording apparatus, but also has the second and second modified examples. The present invention can also be applied to updating the license information recorded on a recording medium or the like by the information recording device of No. 3.

Further, the license information updating unit shown in FIG. 35 can be used as a single unit, combined with the information reproducing apparatus of the present invention, or incorporated in the information reproducing apparatus. The license information update unit 407b of the license information update server in FIG.
Can also be used. (4) Billing device for copyright protection FIG. 38 shows an example of the configuration of a main part of a billing device for billing for copyright protection based on license information recorded on a recording medium or the like by the above-mentioned information recording device. It is shown.

In FIG. 38, first, a magnetic disk or D
Recording media 6 such as VD disks and compact disks
The license information is read by the license information reading unit 601 from 15, and at the same time, the desired use condition is input from the desired use condition input unit 602 via the input medium 616 such as a keyboard or a mouse. The license information and the desired use condition are input to the license information updating unit 603, and the license information updating unit 603 sends the billing information as a payment request to the billing information search unit 604 through the same license information updating process as that of the license information updating unit. Here, the billing information is information necessary for specifying a desired use condition and a payee. The charging information search unit 604 searches for charging amount information using the charging information database 609 based on the charging information. When the charge amount is predetermined, the charge amount itself can be output without intentionally outputting the desired use condition from the license information update unit 603. In this case, there is no need to search for billing information. Further, when the copyright holder of the chargeable information is specified, the license information updating unit 603 does not need to output the chargeable information such as the chargeable information ID. In this case, the charging history management unit 608 described later only needs to manage the charging amount information, and does not need to manage the charging target information ID. Thus, the license information updating unit 6
The billing information output from 03 may have obvious variations depending on the situation in which the billing apparatus is applied.

Next, the billing information and the billing amount information are sent to the billing amount information output unit 605, and the billing amount is presented to the user. When the user pays the presented billing amount by any method, the payment is confirmed by the subsequent payment determining unit 606, and a signal indicating that the payment has been made is sent to the payment confirming unit 508 of the license information updating unit. . The method of paying the user's billing amount described here includes a bill / coin insertion unit and a judging unit thereof when cash payment is used, and sends a signal to the payment judging unit 606 in accordance with the judgment by the judging unit. In addition, there are various kinds of payment such as electronic money, credit card and prepaid card, and each has its own method of determination.

When the payment determination unit 606 determines that the payment is completed, the payment determination unit 606 sends the charging information to the charging history management unit 608, and stores and manages them.

[0146] The charging apparatus of the present embodiment is premised on not being connected to the outside via a network or the like, so that the charging and settlement is not completed on the spot. Therefore, in the present embodiment, it is necessary to manage how such payment is distributed, and the charging history management unit 608 is required. The history information stored here is periodically read by a certain manager and settled by an appropriate means.

Finally, the license information updating unit 603 receiving the signal indicating that the payment has been completed from the payment determining unit 606.
Outputs the updated license information to the updated license information writing unit 607 through the same procedure as the license information updating unit described above, and the writing unit 607 writes the updated license information to an appropriate location on the input recording medium 615.
If the charging apparatus of the present embodiment is combined with the information reproducing apparatus of the present invention, it can be configured as a vending machine for copyrighted information having a function of updating license information. That is, the feature is that the characteristic function of the present invention is realized in one housing. With this configuration, when renting or selling copyrighted charging target information, it is assumed that charging (encrypted) charging target information has already been input to a portable DVD, CD, or other recording medium. By inputting the recording medium into the charging apparatus of the present embodiment under the above, appropriate charging processing can be performed, and anyone can easily purchase the right to use the content at any time. (4-1) A license information update unit and a corresponding decryption unit of an information reproducing apparatus that take measures to prevent unauthorized copying of chargeable information. As can be easily understood, permanent use of copyrighted chargeable information is permitted or recognized. If a very long expiration date is granted, there is a risk that the storage medium itself is duplicated, and if a large number of duplicates are available, the copyright cannot be protected. In order to solve this, the decryption unit and the license information update unit according to the present embodiment, when permitting a permanent use or a very long use period as a use condition, only one decryption unit on hand has the chargeable information. It is intended to limit playback. In the following description, “indefinite” or “permanent use” as a use condition includes a case where a permanent use or a very long use period is permitted (see (4-2) described later and other descriptions). The same applies to the description). In this way, even if an attempt is made to use a different decryption unit, the use can be refused. Even if the copy is made, there is little benefit, and conversely, the copyright is protected. However, in this case, when purchasing the charging target information permanent use right, the decryption unit ID (I
If you do not know D), you will not be able to purchase.
For this reason, the license information updating unit according to the present embodiment is characterized in that the decryption unit ID is added to the usage condition when the permanent usage right purchase content is used for the first time. The decoding unit ID is identification information for identifying each of the decoding units, and may be, for example, a serial number of each of the decoding units.

FIG. 39 shows an example of the configuration of the decoding unit of this embodiment. Hereinafter, the configuration and operation of the decoding unit 701 will be described with reference to the flowchart shown in FIG.

The license information is entered in the license information input section 7.
11 (step S401), it is sent to the decryption unit 712, and the decryption unit 712 decrypts the license information using the decryption key stored in the decryption key storage unit 713 (step S402). The decrypted license information is sent to the use condition change necessity determination unit 714 (Step S
403). The use condition change necessity determination unit 714 determines whether or not the use period in the use condition is unlimited, and determines whether or not it is limited to a specific decoding unit ID. The license information updating unit 702 recognizes that the license information has been updated. That is, the use condition change necessity determination unit 7
At 14, the use condition is read from the transmitted license information to determine whether the use period is unlimited (step S404). If there is no restriction, it is determined whether the use condition is limited to the decoding unit ID (step S405). If the use condition is limited, the use condition is sent to the determination unit 715, and the determination unit 715 sends the decryption unit ID reference unit 716. (Step S406), the decoding unit ID presented by the reference unit 716 and the decoding unit I described in the use condition
D is compared (step S407), and if they match, the decryption key kd of the encrypted chargeable information (contents)
If (1) is output and the processing ends (step S408), if they do not match, for example, a NULL code (usually 0) is output to indicate that decoding cannot be performed, and the processing ends (step S4).
09). If the use condition is indefinite and the decryption unit ID is not described, the use condition change necessity determination unit 71
4 recognizes the necessity of describing the decryption unit ID in the use condition, and the decryption unit I
D, and obtains the decryption unit ID and the encrypted license information by using the license information updating unit 7.
02 (step S410).

Further, if the use condition is not indefinite (step S404), the use condition is sent to the judgment unit 715, and the judgment unit 715 receives the present time from the clock reference unit 717 (step S411). It is determined whether or not the use is possible. If the use is possible, the decryption key kd (1) of the encrypted chargeable information (contents) is output, and the process is terminated (steps S412 to S413). Output and end (step S41)
4).

FIG. 41 shows the license information update unit 7.
02 shows an example of the configuration. Hereinafter, the configuration and operation of the license information update unit 702 in FIG. 41 will be described with reference to the flowchart shown in FIG.

The license information update unit 702 sends the license information input to the license information input unit 721 to the license information decryption unit 723, and the license information decryption unit 723 uses the license information based on the decryption key from the decryption key holding unit 724. (Steps S421 to S4)
22). The decrypted license information is sent to the license information updating unit 725, from which usage conditions are extracted (step S423). On the other hand, the decryption unit ID input to decryption unit ID input section 722 is sent to license information updating section 725 (step S424), and license information updating section 725 restricts the decryption unit ID to the use conditions extracted earlier. Then, the usage conditions are updated (step S425). Further, new license information is generated based on the updated usage conditions, and the new license information is transmitted to the updated license information encryption unit 726. The updated license information encryption unit 726 encrypts the updated license information based on the encryption key presented from the encryption key holding unit 727 (step S426), and sends it to the updated license information output unit 728 to update the license information. Unit outside 702
It is sent out (step S427).

The license information update unit 702
The decoding unit 701 can be integrated with the license information updating unit 603 in the information distribution system of FIG. (4-2) Another Example of Decryption Unit Taking Measures to Prevent Unauthorized Copying of Chargeable Information As described in (4-1) above, a permanent use right or a very long use period is recognized. (Hereinafter, these two cases are included in the category of the permanent usage right.) The charging target information may be in a state where the copyright cannot be protected by being copied. This problem is described in (4) above.
The problem is almost solved by using the license information update unit described in -1) and the decryption unit corresponding thereto. That is, an attempt is made to limit the use of the charging target information for which the permanent use right is recognized to one decryption unit ID. In this case, the problem is that the decryption unit ID possessed by the purchaser at the time of purchasing the permanent use right may not be known. Therefore, in the second decryption unit described below, when the chargeable information for which the permanent use right has been acquired is used for the first time, the decryption unit ID to be used is written in the place where the permanent use is described, and thereafter the decryption unit ID is used. Can be decrypted only by.

However, in the case of this method, there is a danger that the copyright is copied before the first use, and if a large amount of the copied billable information having the permanent usage right is distributed, the copyright cannot be protected. Therefore, the second decryption unit is characterized in that the media ID is included in the use condition of permanent use, and this is referred to at the time of use. Here, the media ID is a serial number of a DVD or a CD disc, and is generally an RO that cannot be changed later.
It is assumed that it is written in the M area. Since this use condition is limited to a specific media ID, even if it is copied to another medium, the copy-side media ID is different from the original media ID, so that it cannot be used because it does not meet the use condition.

FIG. 43 shows a configuration example of the second decoding unit. Hereinafter, the configuration and operation of the second decoding unit in FIG. 43 will be described with reference to the flowchart shown in FIG.

The license information is input to the license information input unit 741 and sent to the decryption unit 742 (Step S431). The decryption unit 742 decrypts the license information by using the decryption key stored in the decryption key storage unit 743, and separates the usage condition from the others (step S432). The separated use condition is sent to the use condition change necessity determination unit 744, and here it is determined whether or not the limitation on the decoding unit ID is included in the use condition. That is, as described in detail in (4-1) above, the use condition in which the expiration date is indefinite and the decoding unit ID is not limited to a specific decoding unit must include the limitation of the decoding unit ID. However, only in this case, it is interpreted that the use condition needs to be changed, and the decryption unit ID is obtained from the decryption unit ID reference unit 746 and sent to the license information update unit 732 together with the extracted license information (steps S434 and S435). , Step S44
7). In other cases, the use condition information is sent to the determination unit 745, and the use condition is determined.

The determination section 745 performs the following processing to determine whether or not the usage conditions are valid. First, when the use condition is indefinite and is limited to the decryption unit ID, it is determined whether or not the use condition has a limitation of the media ID. With reference to the media ID of the media containing the charging target information, the media ID is compared with the media ID of which the use condition is limited, and if they match, the decryption key kd (1) is output and the process ends ( Steps S434 to S440). If they do not match, a signal indicating use rejection, in this case, NULL is output, and the process ends (step S441). If there is no limitation on the media ID (step S438), the decryption key kd (1) is output and the process ends (step S442). The media ID referred to here is received in the media ID from the media ID input unit 747 and is held in the media ID holding unit 748.

On the other hand, when the use condition is the expiration date (step S434), first, the current time is referred to via the clock reference section 749 (step S444), and it is determined whether the time is within the expiration date (step S445). ). If it is not within the time limit, a signal indicating refusal of use, in this case, NULL is output, and the process ends (step S446). If it is within the time limit, the process proceeds to step S438, and the media ID
Is determined, and thereafter, the validity of the usage conditions is determined by the same algorithm as in the case of indefinite period, and the results are output and terminated according to the result.

[0159] Although it may seem that there is no need to limit the media ID to the usage conditions in the case of the expiration date from the purpose of the media ID, the expiration date may have a long period. In such a case, the copyright cannot be sufficiently protected during that period. Furthermore, even if it is within the period, there is some billing information that would be inconvenient if copied without permission,
Also in this case, the second decoding unit is effective.

Since the same can be said for the decryption unit ID, the limitation of the decryption unit ID of the use condition is effective even for the use condition having a limited expiration date. The same is true. This also applies to the above (4-1). (5) Copying Apparatus FIG. 45 shows a configuration example of a copying apparatus that copies information recorded on a recording medium or the like by the first information recording apparatus in FIG. 1, for example. The configuration and operation of the copying apparatus shown in FIG. 45 will be described below with reference to the flowchart shown in FIG.

The basic concept of copying is to default the use conditions when copying information. That is, the license information of the billing target information recorded on a certain medium (the medium 801 in FIG. 45) may include valid use conditions, but the copying apparatus in FIG. Then, the use condition is deleted and recorded on another medium (media 802 in FIG. 45).

First, the reading unit 803 reads out one unit of information (for example, encrypted charging target information and its license information) recorded on the copy source medium 801 (step S501), and licenses only the license information. Transfer to the information duplication unit 804 (step S
502). On the other hand, the reading unit 807 reads the media ID of the copy destination medium 802 and transfers it to the license information duplication unit 804 (step S50).
3 to Step S604). The license information duplication unit 804 updates the license information by defaulting the license information read from the copy source medium 801 and writing the media ID of the copy destination medium 802 in the use condition (step S505). The updated license information is output to the writing unit 806 (step S506).

The license information duplication unit 804 has a configuration as shown in FIG. 47, for example. Hereinafter, the configuration and operation of the license information duplication unit 804 will also be described with reference to the flowchart shown in FIG.

When the license information is input to the license information input unit 811 of the license information duplication unit 804 (step S511 in FIG. 48), it is transferred to the decryption unit 812 (step S512), where it is decrypted (step S513). The decrypted license information is transferred to the license information updating unit 813 (Step S514). On the other hand, the media ID of the copy destination medium 802 is input to the media ID input unit 814 (step S515),
Transferred to the license information updating unit 813 (step S
516). The license information updating unit 813 defaults the usage conditions of the license information read from the copy source medium 801, and further sets the copy destination medium 8
02 is written in the usage rule, and the license information is updated (steps S517 to S51).
8). The updated license information is transferred to the license information output unit 815 (step S519), and the license information shown in FIG.
5 (step S52).
0).

Returning to the description of FIG.
Stores the updated license information in the copy destination medium 8.
02, and the accounting target information transferred from the reading unit 803 is similarly written on the medium 802, and the copy processing is terminated (step S507 in FIG. 46).
-Step S509).

As described above, in the copying apparatus shown in FIG. 45, the license information duplication unit 804 deletes the usage condition of the license information read from the copy source medium 801, so that the charging target recorded on the copy destination medium 802 is deleted. The information is the same as that of the medium 801, but does not include a valid use condition in the license information. Therefore, if the information recorded on the medium 802 is to be reproduced by, for example, an information reproducing apparatus having a decoding unit as shown in FIG. 43, its use is rejected. That is, only the decryption unit having the decryption key can decrypt the license information,
In order to decrypt the chargeable information, a decryption key for the chargeable information included in the license information is required.
After all, the charging target information cannot be used as it is. In order to use the charging target information copied to the media 802, a valid usage condition must be attached to the license information through some valid charging procedure.

Note that the default use condition is not limited to erasing a valid use condition. For example, it is possible to enter a usage condition that is valid only for one day after copying. That is, for example, the current time is 13:00 on April 16th.
If so, the user enters a use condition with a use period of 23:59 on April 17.

Further, the copying apparatus shown in FIG. 45 sets the use conditions to defaults, and
2 is written, but the media ID
Is a character string specifying the medium on which the charging target information is recorded, and is, for example, a manufacturing number written in the ROM area of the DVD-RAM. Alternatively, it may be the serial number of the hard disk device.

In this embodiment, the media ID is included in the license information. The decryption unit using the media ID checks the media ID at the time of decrypting the license information, and checks the D in which the information to be reproduced is recorded.
When the media ID of the VD-RAM does not match the media ID included in the license information, as described above, the decryption key for decrypting the chargeable information is not output. When the decoding unit performs such an operation,
The chargeable information itself produces an effect of designating the “container”.

The charging target information whose license information includes the media ID can be copied only by a legitimate (with an ie decryption key) copying apparatus as described in the present embodiment. In order to enable the copy destination medium 802 to be played back by an information playback apparatus having a decoding unit for checking the media ID, it is necessary to embed the media ID of the medium 802 in the license information usage conditions. FIG.
The copy apparatus No. 5 performs this processing. (6) Third Example of Information Reproducing Apparatus: Information Reproducing Apparatus Using Decoding Unit for Viewing Sub-Information (Advertisement, Warning Regarding Use of Copyright, etc.) FIG. 49 shows a configuration example of the third information reproducing apparatus. It is shown. In order to assure the viewing of sub-information (advertisement, warning about the use of copyright, etc.) included in the information recorded on the recording medium or the like by the information recording device of the present invention, viewing confirmation data is interspersed in the sub-information. Have been. For example, viewing confirmation data is interspersed in at least two or more places in the sub information. An example of the sub information is shown below.

"At the beginning of the 0th Th0, the logos were placed. 0
The is0 logos were with God 00. B 0is0 Goth was the 0th0 god. This person starts with God and 0ec
0 was both. Everything 0erti0 is 0fi0 made by this person. 0cat0, 0ion0, 0da0, 0da0, 0ta0. It is not 00. The viewing confirmation data extraction unit 903 in FIG. 49 sends the input sub-information to the reproduction unit 905 and reproduces it, and simultaneously examines the sub-information in order and extracts characters surrounded by two “0”. Two "0"
If the space is empty, the extracted character string is stored. In the above example, "this is the certificate"
cationdata. Is extracted as the viewing confirmation data and stored in a predetermined memory provided in the viewing confirmation data extraction unit 903. Thus, the point is that the viewing confirmation information is interspersed in at least two or more places in the sub information. By interspersing the viewing confirmation information in the sub information, the viewing confirmation data cannot be reproduced unless all the sub information is reproduced. Therefore, the viewing confirmation data can be regarded as confirmation of viewing.

The structure and operation of the third information reproducing apparatus shown in FIG. 49 will be described below with reference to the flowchart shown in FIG.

The information storage section 901 is the same as the information storage section 101 of the first information reproducing apparatus in FIG. Information storage unit 9
From 01, one unit of information read by the information reading unit 902 includes encrypted charging target information, its license information, and sub-information. The encrypted billing target information is transferred to the reproducing unit 905 (step S).
601), and transfers the sub information to the viewing confirmation data extracting unit 903 (step S602). Viewing confirmation data extraction unit 90
In step 3, sub-information is scanned to extract viewing confirmation data (step S603). The reading unit 902 transfers the license information to the decryption unit 904 (Step S6)
04).

[0174] The use condition of the license information includes viewing confirmation data as a reproduction condition of the chargeable information. The decoding unit 904 includes the viewing confirmation data extracting unit 9
03 is read and the collation is performed (steps S605 to S606). If the viewing confirmation data matches the required one, the subsequent processing is performed (step S607). That is, after confirming the usage conditions such as the expiration date, the decryption key of the charging target information is output to the reproducing unit 905, and the charging target information is reproduced (steps S608 to S611).

FIG. 51 shows a configuration example of the decoding unit 904. Hereinafter, the configuration and operation of the decoding unit 904 will be described with reference to the flowchart shown in FIG.

The license information transferred to decryption unit 904 is input to license information input section 904a (step S621), and is transferred to decryption section 904b (step S622). In the decryption unit 904b, the decryption key holding unit 9
After decrypting the license information using the decryption key kd held in the server 04c, the license information is transferred to the viewing confirmation unit 904d (steps S623 to S625). On the other hand, the viewing confirmation data sent from the viewing confirmation data extracting unit 903 is input to the viewing confirmation data input unit 904e, and is transferred to the viewing confirmation unit 904d (step S626). The viewing confirmation unit 904d collates the viewing confirmation data included in the usage condition of the license information as the reproduction condition of the charging target information with the viewing confirmation data sent from the viewing confirmation data extracting unit 903 (step S627). ), When these match, the license information is determined by the determination unit 904.
f (Steps S628 to S62)
9). The determination unit 904f determines whether the chargeable information can be used (that is, whether to output the decryption key kd (1) to the reproduction unit 905) based on the usage conditions in the license information, and according to the determination result. Then, the decryption key is output to the reproducing unit 905 (steps S630 to S632). (Additional Information) The information recording apparatus of the present invention described above is not limited to the case where one piece of license information is associated with one piece of billing information and recorded on a recording medium or the like. The license information may be recorded on a recording medium or the like in association with the license information.

In the information reproducing apparatus of the present invention, when judging whether or not the chargeable information can be used, the use condition included in one license information corresponding to the chargeable information is referred to. However, the present invention is not limited to this case. If a plurality of license information are recorded on the recording medium in correspondence with one piece of charging information, the license conditions are sequentially referred to by referring to the usage conditions included in all the license information. It may be determined whether information can be used. That is,
If at least one of the use conditions included in each of the plurality of license information satisfies the condition, it is determined that the chargeable information can be used.

Further, in the information reproducing apparatus and the charging apparatus of the present invention, when updating the license information, it is not limited to rewriting the license information already recorded on the recording medium, but may be additionally recorded on the recording medium. Is also possible. Therefore, in the description of updating the license information recorded on the recording medium or the like in the above-described embodiment, “update” includes “overwrite recording” and “additional recording”.

Further, the number of decryption unit IDs, media IDs, and the like included in the usage conditions need not always be one. Second Embodiment (1) Decoding Unit A FIG. 54 shows a configuration example of a decoding determination device according to a second embodiment, that is, a decoding unit A.

The decryption unit A determines whether or not the content can be used based on the license information attached to the pay data, which is mainly digital content (ie, whether the content information is based on the usage conditions specified by the contract, for example). Checks whether the use license is valid or invalid), and if valid, outputs a content decryption key for using the content information to an information use device such as a video reproduction device for reproducing the content information. It is.

Here, the content information has been encrypted in advance, and the decryption key (hereinafter referred to as the content decryption key) is used together with the content usage conditions such as the expiration date, the identification information (ID) of the content information, and the license information. Then, the entire license information is encrypted and provided to the contract user together with the encrypted content information (for example, broadcast distribution, storage in a recording medium, and distribution).

The decryption of the license information is performed by using a secret key existing in the decryption unit A. FIG. 55 shows an example of the license information. As shown in FIG. 55, the license information includes
At least a content decryption key, a content use condition such as an expiration date of the content information, and an ID of the content information are included.

If the secret key for decrypting the license information is common to all decryption units, it is convenient in operation, but once the secret key leaks out, it is decrypted using this decryption unit. In principle, all the content decryption keys included in the license information can be read. This is a serious problem for the decryption unit A for the purpose of protecting the license, and it is an object of the present invention to solve this problem.

In the decryption unit A of this embodiment, in order to solve this problem, a secret key for decrypting the license information is generated in the decryption unit A and is used only for a certain period. ing.

Next, the operation of each component of the decoding unit A of FIG. 54 will be described with reference to the flowchart shown in FIG.

The encrypted license information is input into the decryption unit A through the license information input unit 2001 (step S1001), and after being decrypted by the decryption unit 2002 (step S1002), sent to the determination unit 2003 and used. It is determined whether the license is valid by checking the conditions (steps S1003 to S1).
004). Here, the determination as to whether or not the license is valid is to determine whether or not the use condition is satisfied, that is, for example, whether or not the use expiration date of the content has passed.

If the determination section 2003 determines that the content is valid (content can be used), the content decryption key included in the license information is output to the information use device 2020 (step S1005).

On the other hand, if it is determined that the license information is invalid (the content cannot be used), the license information is updated to the update information generation unit 2.
004, and collects information necessary for updating the license (ie, updating the license information), generates update information for updating the license information, and sends the update information to the license information update device 2008, for example, via a predetermined communication line (for example, The data is output via a dedicated line or the Internet (steps S1006 to S1010).

[0189] The update information generation unit 2004 determines at least the user's desired usage conditions (extension of usage period, etc.) input via the usage condition input unit 2009 and the license information sent from the determination unit 2003. Update information (see FIG. 56) including the ID of the content and the public key of the decryption unit A generated by the key generation unit 2006 is generated.

As described above, the decryption unit A includes the key generation unit 2006 that generates a secret key for decrypting the encrypted license information. Key generation unit 2
In 006, a key for encrypting / decrypting the license information is generated. As a key generation method, for example, a key generation algorithm of public key encryption may be used. In the case of RSA encryption, two prime numbers p of an appropriate length (for example, about 512 bits) are used using a random number and a prime number determination algorithm. , Q
Generate

Here, even if the algorithm of the random number is common to all the decoding units A, it is extremely unlikely that the same prime number will be generated by contriving the random number seed to take a microsecond of time. Low.

Next, N is obtained by setting N = p · q. At the same time, M = (p-1) (q-1) is obtained,

[0193]

(Equation 1) Integers e and d (0 <e, d <M) are obtained as follows.
e and d can be relatively easily obtained by first determining d and obtaining the corresponding e using an algorithm called the Eugrid algorithm. If one (for example, e) is a secret key and the other (for example, d) and N are public keys, public key cryptography is realized by using a known RSA encryption algorithm using these keys.

Further, these keys correspond to the decryption unit A
Even if it is read out from the unit by some means, it cannot be used by other units, and if it is scheduled by the key holding unit 2005 so that it becomes invalid after a certain period, even the same unit After a certain period, it will not be available. Note that the key generation unit 2006 is driven by the key holding unit 2005.

The key holding unit 2005 sends a key generation command to the key generation unit 2006 at a predetermined timing. This timing is generally based on, for example, the time referenced by the clock reference unit 2007 in FIG.

FIG. 58 shows the key holding unit 2005 and the key generation unit 2
13 is a flowchart illustrating a schematic procedure of a key generation process in 006. The key holding unit 2005 includes, for example,
The time is referred to the clock reference unit 2007 at predetermined time intervals (step S1021). If the time is a predetermined key update time, a key generation command is sent to the key generation unit 2006, and the key generation unit 2006 is updated. Then, a public key and a secret key are generated as described above (steps S1022 to S1023). If the current time is not the key update time, the process waits for a predetermined time (step S1025). The public key and the secret key generated by the key generation unit 2006 are stored in the key storage unit 2005 (Step S1024).

As described above, even if the key generation unit 2006 does not generate the key many times, even if the key is generated only once as an initialization operation when the decryption unit A is used for the first time, the decryption unit A may be used for a different decryption unit A. Since different keys are set, the effectiveness is high. Of course, it is also conceivable to set different keys in the key holding unit 2005 at the time of factory shipment. In this case, the key generation unit 2006 is unnecessary.

As a feature of the decryption unit A of the present invention, when updating license information, the license key updating unit 2008 updates the public key held by the key holding unit 2005 together with other information necessary for updating the license information. (This is because the public key is used when encrypting the updated license information newly generated by the license information updating device 2008). The update information generation unit 2004 performs this procedure.

The update information generation unit 2004
3 is started when it is determined that the use of the content is impossible based on the license information, the usage condition input unit 2009 is started, and the user is prompted to input a desired usage condition (for example, an extension period). In parallel with this, the key holding unit 200
5 to output a public key, arrange the obtained public key and desired use conditions together with information necessary for charging such as a content ID sent from the determination unit 2003 into a predetermined format, and update license information. As the update information of the license information (see FIG. 56), the license information updating apparatus 200
Send to 8.

The clock reference unit 2007 refers to the clock 2010 inside (in some cases external), and the key holding unit 200
5 is used to measure the timing of key generation and also used to check the validity period of use conditions. (2) Decoding unit B FIG. 59 shows another configuration example of the decoding determination device. That is, this shows an example of the configuration of the decryption unit B, and it is possible to eliminate a state in which the content decryption key exists (even temporarily) in the decryption unit as unencrypted data.

If the content decryption key exists as unencrypted data in the unit, there is a risk that the unit will be read when the unit is analyzed. If it can be read constantly, it means that any content decryption key can be obtained (without knowing the secret key of the decryption unit) using this method, which is a serious security hole from the viewpoint of license protection. This problem cannot be solved by the above-described method of the decryption unit A in which the secret key is generated in a certain period of time and replaced with an old one.

[0202] In the decryption unit B, the content decryption key remains encrypted, and the encrypted content decryption key cannot be decrypted only by the information in the decryption unit.

Referring to the flowchart shown in FIG.
The operation of each component of the decoding unit B in FIG. 59 will be described.

The encrypted license information is input to the decryption unit B through the license information input unit 2001, and is decrypted by the decryption unit 2002 using, for example, a secret key held in the decryption unit B (step S103).
1 to step S1032).

FIG. 60 shows an example of license information input to decryption unit B. As shown in FIG. 60, in addition to at least the content ID and the usage conditions of the content, the license information includes an encrypted content decryption key [kc] K _AB and decrypts the encrypted content decryption key. And shared key generation information ka.
It is assumed that the content decryption key kc has been encrypted with the shared key K _AB . The license information decrypted by the decryption unit 2002 is sent to the determination unit 2003, where the usage conditions are determined (step S1933). If the use condition is satisfied, the encrypted content decryption key [kc] K _AB and shared key generation information ka
020 (Steps S1034 to S1)
035).

On the other hand, if the determination unit 203 determines that the content cannot be used, it sends a content ID required for license update to the update information generation unit 2004 (step S103).
4. Step S1036).

The update information generation unit 2004 supplies the information use device 2020 using the content via the shared key generation information extraction unit 2031 with the license information update device 2008 for encrypting the content decryption key. The user is prompted to output the shared key generation information kb.

Here, shared key generation information ka and kb for encrypting the content decryption key will be described. In public key cryptography (for example, elliptic curve cryptography) using the discrete logarithm problem as the basis of security, the following shared key generation protocol can be considered. First, an element x that is common to the information use device 2020 and the license information update device 2008 is determined in advance. Furthermore, (determined for example at the factory) to the information usage device 2020 yuan x ^b which is calculated from the integer b x and b
Are obtained in advance and stored. Then, when there is a license update request, ^xb is sent to the decryption unit B as decryption key generation information kb.

In the decryption unit B, the use condition input unit 20
In addition, the license information updating device 2 generates update information (see FIG. 62) including the decryption key generation information kb and the content ID in addition to the desired use conditions input by the user via the server 09.
008.

In the license information updating apparatus 2008, the decoding key generation information kb = ^xb sent from the decoding unit B using the integer a determined by itself using a random number or the like: (kb) ^a = x ^ab is calculated, and this is set as a shared key K _AB with the information use device 2020 that decrypts the content decryption key.

Further, the license information updating device 2008
, As shown in FIG. 60 in the updated license information, the shared key generation information ka the license information update device 2008 itself has generated, i.e., contain x ^a. Then, the updated license information is sent to the information use device 2020 via the decryption unit 2002, the determination unit 2003, and the like.

In the information use device 2020, (ka) ^b = (xa) from the integer b unique to each information use device and stored in advance, and the decryption key generation information ka sent from the decryption unit B. ^The shared key K _AB can be obtained by the calculation of ^b = x ^ab = K _AB .

As a result, even if the secret key of the decryption unit B is read, the content decryption key cannot be obtained only from the information of the decryption unit B.

The reason is that ka as the shared key generation information
= X ^a and kb = x ^b , and K _AB = x ^ab
Is difficult to construct in terms of computational complexity. I mean,
For this purpose, it is absolutely necessary to obtain integers a and b. However, the problem of finding a from x ^a and the published x is called a discrete logarithm problem, and a public key cryptosystem using the discrete logarithm problem as a basis for security. This is because the computational complexity is difficult in (for example, elliptic curve cryptography). Thus, the state in which the content decryption key exists as unencrypted data in the decryption unit B can be resolved, and even if the secret key for decrypting the unusable information w existing in the decryption unit B is read, the content decryption is performed. A system in which the key kc cannot be extracted has been realized.

Returning to the description of FIG. 61, the information using apparatus 202 that uses the content for updating the license
0 outputs the key generation information kb in response to a request from the shared key generation information extraction unit 2031,
At 31, receiving this, it sends the key generation information kb to the update information generation unit 2004 (step S 1037). In parallel with this, the shared key generation information extraction unit 2031 activates the use condition input unit 2009, prompts the user to input the desired use condition, and the update information generation unit 2004 separately inputs the desired use condition. The license update information is generated from the obtained content ID and key generation information kb (FIG. 6).
2), for example, to the license information updating device 2008 via a predetermined communication line (may be the Internet) (steps S1038 to S104).
0).

The function of the decryption unit A for individually holding or generating the above-mentioned public key and private key, and encrypting the content decryption key with the shared key between the license information update device 2008 and the information use device 2020. It will be obvious that a decoding unit C combining the function of the decoding unit B configured as described above can also be configured.

In this case, the decryption unit C obtained by encrypting the license information as shown in FIG. 60 with the public key notified from the decryption unit C as shown in FIG. To enter. In FIG. 63, the same parts as those in the decoding unit A in FIG. 54 are denoted by the same reference numerals, and the different parts are accessed by the update information generation unit 2004 by accessing the information use device 2020 at the time of license update. Key generation information kb held by the usage device 2020
And generates license update information including at least the obtained key generation information kb, the public key generated by the key generation unit 2006, the input desired usage condition, and the content ID as shown in FIG. Is transmitted to the license information updating apparatus 2008. (3) Decryption Unit D Unlike the decryption units A and B, the decryption unit D is a shared key whose decryption key is used only once with the license information updating device 2008. That is, the decryption key is generated every time decryption is performed, and the decryption key need not be held in the decryption unit D. This means that the decryption key to be kept secret is temporarily created and can be deleted from the memory immediately after being used, which is effective from the viewpoint of improving the security of the decryption unit.

FIG. 66 shows an example of the license information input to the decryption unit D. As shown in FIG. 66, the license information is composed of an encrypted part and an unencrypted part. The encrypted part is composed of at least a content use condition, a content decryption key kc, and a content ID, and is entirely encrypted with a shared key K _AB between the decryption unit D and the license information update device 2008. The unencrypted portion is composed of at least the shared key generation information ka generated by the license information updating device 2008 for generating the shared key K _AB and the shared key generation information kb generated by the decryption unit D in the following manner. . The method of generating the shared key K _AB is the same as that described in the decryption unit B.

FIG. 65 shows a configuration example of the decoding unit D. The operation of each component of the decoding unit D in FIG. 65 will be described with reference to the flowchart shown in FIG.

The license information is entered in the license information input section 2.
001 (step S1051). The entered license information is entered in the license information input unit 20.
01, the encrypted part is divided into an encrypted part and an unencrypted part. The encrypted part is sent to the decryption unit 2002, and the shared key generation information ka and kb in the unencrypted part are sent to the decryption key generation unit 2041 ( Step S10521).

[0221] The decryption key generation section 2041 sends the shared key generation information kb to the shared key generation information generation section 2042, and the table 204 stored in the shared key generation information generation section 2042.
3, the shared key information b corresponding to the shared key generation information kb is obtained (steps S1053 to S5).
4). In response to this, the decryption key generation unit 2041 generates a shared key K _AB from the shared key generation information ka and b (step S
1055).

The shared key K _AB is sent to the decryption unit 2002, and is used for decrypting the encrypted part of the license information (step S1056).

The decrypted license information is sent to the determination unit 200
3 and the usage conditions are checked here (step S1057). As a result, if it is determined that the content can be used, the content decryption key kc is output to the information use device 2020 (steps S1058 to S1059). When it is determined that the content cannot be used, the update information generation unit 2004 that has received the notification instructs the shared key generation information generation unit 2042 to generate the shared key generation information.

In response to this, the shared key generation information generating section 2042 generates a pair of the shared key information b and the shared key generation information kb, and the pair is stored in a memory provided inside the shared key generation information generating section 2042. The information is registered in the table 2043 (step S1060). The shared key generation information kb generated here is sent to the update information generation unit 2004.

On the other hand, the update information generation unit 2004 prompts the use condition input unit 2009 to input a desired use condition, and the use condition input unit 2004 receives an input of the desired use condition from the user using an appropriate human interface.
It is sent to the update information generation unit 2004.

In the update information generation 2004, update information as shown in FIG. 69 is generated based on the information obtained in the above process, and the license information update device 2 is connected via a predetermined communication line.
008 to receive the updated license information (steps S1061 to S10).
63).

In the license information updating apparatus 2008, as described above, the shared key generation information ka and the shared key K _AB are generated, and the shared key generation information ka of FIG. 66 is added to the generated shared key generation information ka. Update the shared key generation information kb and the shared key generation information kb included in the update information.
The license information is updated by encrypting the usage conditions and the like updated based on the desired usage conditions included in the update information with the generated shared key K _AB .

When the content is first used and reproduced by the decryption unit D, the decryption key generation unit 2041 (because the shared key generation information kb is not generated) causes the shared key K
_{Since the AB} cannot be generated, the license information cannot be decrypted (step S1053).

The process in this case will be described with reference to the flowchart shown in FIG. In this case, since the shared key generation information kb does not exist (or contains invalid information such as a NULL code) in the unencrypted portion of the license information, it is determined that the reproduction is the first use reproduction by the decryption key generation unit. 2041 detects the shared key generation information generation unit 20
An instruction to create shared key generation information is given to 42. In response, shared key generation information generating section 2042 generates a pair of shared key information b and shared key generation information kb, and issues an instruction to update shared key generation information kb and license to update information generation section 2004. Send (Step S107)
1).

In this case, the encrypted part of the license information is encrypted with the secret key ks (commonly used for all the decryption units D). The decryption unit 2002 receives the output of the secret key ks from the decryption key generation unit 2041 and decrypts the encrypted part (step S1072). The content ID is extracted from the encrypted part of the decrypted license information (step S1073).

In response to this, the update information generation unit 2004 prompts the use condition input unit 2009 to input a desired use condition, and receives an input of the desired use condition from the user via the desired use condition input unit 2009 (step S1074).
Further, the content ID, the desired use condition, and the shared key generation information kb obtained in the above process are combined into a predetermined format of update information as shown in FIG. 69, and transmitted to the license information update device 2008 (step S10
75). As a result, updated license information is issued.

In the case of such first use reproduction,
If a valid content decryption key is not included in the encrypted part of the license information, the security is further improved. That is, if the original license information does not include the content decryption key, the content decryption key cannot be extracted even if the common secret key ks is revealed, so that it is safe. It can be said that the encryption in this case is for preventing the content ID from being changed.

In the above manner, the decryption key K _AB must be generated each time decryption is performed, and decryption must be performed using a different decryption key K _AB each time the license information is updated. Since a different decryption key is generated based on the decryption key information b retrieved from the table 2043 in accordance with the decryption key generation information kb), the effect of exposing the decryption key K _AB is reduced. In addition, shared key encryption, which is much faster than public key encryption, can be used, so even if the data size of the license information is large, it can be decrypted in real time and reflect the availability of the content based on the usage conditions included in the license information There is an advantage that can be performed.

Next, variations of the decoding unit D will be described.

First, the shared key generation information kb generated by the decryption unit D may be fixed. In this case, although the security is slightly lowered, if the shared key generation information ka created by the license information updating device 2008 changes every time, the common key K _AB changes every time, so that the validity of the decryption unit D is maintained. In addition, the shared key generation information generation unit 2042 shown in FIG. 65 is unnecessary, and the predetermined shared key generation information kb and the shared key information b may be provided in the decryption key generation unit 2041.

In the case where the content information is first reproduced and used by the decryption unit D, there is a problem that the license must be updated in accordance with the acquisition of the shared key generation information kb as shown in FIG. . In order to solve this problem, for the first license information only, a method of encrypting with a predetermined shared key K _com or a public key K _p can be considered. In this case, it is necessary to retain the secret key K _p corresponding to the shared key K _com or public key K _p in the decoding unit D, first only using it. FIG. 6 described above.
The difference from the processing operation at the time of the first use reproduction shown in FIG.
In the case of FIG. 68, the content decryption key need not be included, but in this case, it must be included.

That is, in step S1053 in FIG. 67, the decryption key generation section 2041 causes the shared key component information ka, k
b does not exist, it is determined that the reproduction is the first use reproduction, and the decryption unit 200 uses the shared key K _com or the secret key K _p in the decryption key generation unit 2041 or the decryption unit 2002.
2 decrypts the license information. Subsequent steps are the same as the steps after step S1054 in FIG.

Further, a method of causing the information use device 2020 to generate the shared key generation information kb generated by the decryption unit D is also conceivable. FIG. 70 shows the configuration of decoding unit D ′ in this case. As shown in FIG. 70, the shared key generation information generation unit 2042 in FIG. 65 is replaced with an information use device 2020. However, since the information use device 2020 is outside the decryption unit D ′, the shared key information b must be kept secret, but this is achieved by encrypting the temporary key between the decryption key generation unit 2041 and the information use device 2020. Solvable. In this case, even with the common key information b, the decryption unit D '
, Which is more secure than the decoding unit D. However, in such a case, the information use device 2020
Is also the target of the attack, but the implementation method differs depending on the information use device, so it is necessary to take individual measures,
The level of security can be changed by the information use device 2020. Note that the processing operation of the decoding unit D 'is the same as the flowchart shown in FIGS. 67 and 68.
(4) License information update device corresponding to decryption unit A FIG. 71 shows a configuration example of the license information update device 2008 corresponding to the decryption unit A described above. The processing operation of each component of the license information updating device 2008 of FIG. 71 will be described below with reference to the flowchart shown in FIG.

The license update information transmitted from decryption unit A is input to license information update device 2008 via update information input unit 2051 (step S108).
1).

The update information used here is the update information shown in FIG. 56 and includes information required for license update, including the desired use condition, the content ID, the public key generated by the decryption unit A, and the like. is there. Among them, the content ID is for specifying the content to which the use permission is given, and thereby the license information updating device 200
The accounting information that meets the desired use conditions can be obtained by using the database of the storage device 8, and the content decryption key can also be obtained by using the database. Therefore, it is not necessary to input the content decryption key to the license information updating device 2008 in order to update the license information. Therefore, it is not necessary to encrypt and send the update information in FIG. This point is also a feature of the license information updating device 2008 shown in FIG.

The update information shown in FIG. 56 input from the update information input unit 2051 is stored in the charge payment requesting unit 20.
52, from which the desired use conditions included in the update information are sent to the fee inquiry unit 2057.

The fee inquiry unit 2057 accesses the fee database (DB) 2058 and acquires a fee corresponding to the desired use condition (steps S1082 to S1083). For example, if the validity period of 2 months is specified as the desired use condition, the usage fee value of the content having the content ID corresponding to the specified period is retrieved and passed to the fee inquiry unit 2057 and further to the fee payment requesting unit 2052. .

[0243] The fee payment requesting unit 2052 receives the predetermined electronic settlement system 2 via a predetermined communication line based on the acquired fee value and the data on the customer included in the update information.
060 is accessed to request payment of the fee from the customer. The electronic payment system 2060 performs a predetermined electronic payment process (Step S1084).

When the payment confirmation unit 2053 of the license information updating device 2008 communicates with the electronic settlement system 2060 via a predetermined communication line and confirms the payment of the fee, next, the content decryption key acquisition unit 2054. (Step S1085).

The content decryption key acquisition unit 2054 searches the content decryption key database (DB) 2059 using the content ID as a key, and acquires a content decryption key (step S1086). Since the license information updating device 2008 is considered to be managed and operated by a specific reliable company, the content decryption key DB 205
The content decryption key obtained in 9 does not need to be particularly encrypted.

Next, the license information encrypting unit 2055 constructs license information based on the obtained information (step S1087), and transmits the license information to the previously received update information as shown in FIG. (Step S1088), and transmits it to the client requesting update of the license information, that is, the decryption unit A, via the license information output unit 2056 via a predetermined communication line (step S1088). S108
9). (5) License information update device corresponding to decryption unit B FIG. 73 shows a configuration example of the license information update device 2008 corresponding to the decryption unit B described above. The processing operation of each component of the license information updating device 2008 of FIG. 73 will be described below with reference to the flowchart shown in FIG.

In FIG. 73, the same portions as those in FIG. 71 are denoted by the same reference numerals, and only different portions will be described. That is, in FIG. 73, the shared key generation unit 2061 and the content decryption key encryption unit 20 are located between the content decryption key acquisition unit 2054 and the license information encryption unit 2055.
62 are added. In the flowchart of FIG. 74, the same portions as those in the flowchart of FIG. 72 are denoted by the same reference numerals, and only different portions will be described. That is, between step S1086 and step S1087, the shared key generation unit 2061 generates the integer a and the shared key generation information ka, and generates a unique shared key for each of the information use devices 2020 included in the update information. The shared key K _AB is generated from the information kb (steps S1091 to S1092), and the encryption unit 2062 uses the newly generated shared key K _AB to decrypt the content newly acquired in step S1086. A process of encrypting the key (step S1093) is added.

In the configuration of FIG. 73, the shared key generation unit 2 encrypts the content decryption key and enters it into the license information.
At 061, it is necessary to generate a shared key for decrypting the encrypted content decryption key between the information use device 2020 and the license information update device 2008.
The method of generating the shared key is performed using the shared key generation information as described in the description of the decryption unit B. Therefore, the update information input to the license information update device 2008 in FIG.
As shown in FIG. 62, at least the desired use condition, the content ID, and the shared key generation information kb generated by the information use device 2020 using a random number or the like are included.

In step S1088, the license information newly generated by license information encryption section 2055 is encrypted with a predetermined public key.

It should be noted that the function of the decryption unit A for individually holding or generating the above-mentioned public key and private key and the content decryption key are encrypted with the shared key between the license information update device 2008 and the information use device 2020. In the case of the license information updating apparatus corresponding to the decryption unit C that combines the function of the decryption unit B configured as described above, the input update information further includes the public key generated by the decryption unit C. In step S1088, the license information generated using the public key may be encrypted.

Also, the license information updating device corresponding to the decryption units D and D ′ is almost the same as in FIG. 73, except that the encryption unit 2062 in FIG. 73 uses the use condition, the content decryption key kc, the content ID and Is encrypted using the shared key K _AB to generate license information as shown in FIG. 66, and the generated license information is output as it is via the license information output unit 2050. (Third Embodiment) FIG. 75 shows a configuration example of an information distribution system according to a third embodiment.

In FIG. 75, a user obtains content information to be charged, which is recorded on a removable information storage medium such as a DVD (hereinafter simply referred to as a medium). The license information for the content information is also recorded on the medium. The information reproducing apparatus of the user has a built-in decoding unit, and determines whether the content can be used based on the license information read from the medium.

When the use of the content is not possible, the user must receive an update of the license information in order to use the content. That is, it is necessary to update the use condition included in the license information, that is, update the license so that the content can be used. Updating of the use conditions and thus of the license information is performed, for example, at a store having a license update terminal for the update. The license update terminal is connected to a license server operated by a license sales agency. The user designates desired use conditions (for example, designation of content and its use period, etc.), and pays a license fee (content use fee corresponding to the use condition) to the store in accordance with the designation. Then, the license updating terminal communicates with the license server, and the license is updated by updating the license information recorded on the medium based on the information sent from the license server. For example, when a user purchases a term-limited license, the content can be used without updating the license until the expiration of the use term.

FIG. 76 shows another example of the configuration of the information distribution system. The difference from FIG. 75 is that at least the function of the decoding unit is built in a card-type recording medium such as an IC card. In the following, I with a built-in decoding unit
A card-type recording medium such as a C card is called a decryption determination card. In this case, when updating the license, the user carries the decryption determination card to a store having a license update terminal. The license update terminal reads the public master key from the decryption determination card and transfers it to the license server.
The user designates desired use conditions (for example, designation of content and its use period, etc.), and pays a license fee (content use fee corresponding to the use condition) to the store in accordance with the designation. Then, the license update terminal communicates with the license server, updates the license information recorded on the medium based on the information sent from the license server, and updates the license.

The public master key will be described later.

Also, in FIG. 75, the decoding unit
Not only when the information reproducing apparatus is built in, but also when the information reproducing apparatus shown in FIG.
6 and may be detachably mounted on the information reproducing apparatus.
The information distribution system of FIG. 76 will be described using a case where a decryption determination card is used as an example. (1) Hereinafter, the information distribution system of FIG. 75 will be described. (1-1) Information Reproducing Apparatus FIG. 77 shows an example of a configuration of a main part of an information reproducing apparatus equipped with a decoding determination card, and a decoding determination card 3001, a media reader 3003, and an information reproducing apparatus 3004 are provided on a bus 3007. , A clock 3005 and a central processing unit 3006 are connected to each other.

The clock 3005 is for determining validity / invalidity of the content use period as the use condition.
As described in the first embodiment, the time is set by the encryption command. At the time of license update, a time setting operation for adjusting the time of this clock to the time of the server is performed. For this behavior,
As described above. As a result, it is possible to maintain the time of the clock 3005 almost accurately.

The medium reading device 3003 reads information recorded on a medium 3002 such as a DVD, and determines whether or not the content information recorded on the medium 3002 can be used by the decoding determining device 3001 based on the read information. If it is determined that the information can be used, the information reproducing unit 3004
Can read the content information read from the medium 3002 by the medium reading device 3003. The central processing unit 3006 controls the operation of each unit.

The decryption judgment card 3001 and the clock 3 in FIG. 77
005 respectively hold key generation information Kt.
Also, the decryption determination card 3001 and the information reproducing device 3004
Respectively hold key generation information K′t.

Based on the random numbers A and B and the key generation information Kt, when the current time information is transferred between the clock 3005 and the decryption decision card 3001, it is valid only once for encrypting / decrypting the information. A transfer key KT is generated. Also,
When transferring the content key Kc for decrypting the encrypted content information between the decryption determination card 3001 and the information reproducing unit 3004 based on the random numbers C and D and the key generation information K't, A one-time only valid transfer key KT is generated for encryption / decryption. Thus, the information data flowing through the bus 3007 is protected.

The following information is stored in the medium 3002. -License information encrypted with the master key KM ([license information] KM)-Master key I which is an identifier (for example, a number) specifying the master key KM for decrypting license information
D-Content information encrypted by the content key Kc ([content] Kc) In the following description, the master key KM is used by combining the encryption key and the decryption key used for encrypting / decrypting the license information. In this case, the encryption key and the decryption key of the license information are not always the same key.

The license information is composed of the following information. -Content key Kc-Content ID-Content usage conditions such as usage period, usage start time, and license information recording time The flowchart shown in Fig. 78 is used by the information reproducing apparatus shown in Fig. 77 used in the information distribution system shown in Fig. 75. It shows the operation.

First, the media reader 3003 reads the master key I from the medium 3002 set therein.
D, [License information] KM is read and transferred to the decryption determination card 3001 (step S3001).
-Step S3002).

The clock 3005 generates a random number A by a predetermined algorithm and transfers it to the decryption decision card 3001 (step S3003). On the other hand, the decryption determination card 3001 also generates a random number B by a predetermined algorithm and transfers it to the clock 3005 (step S3004). As a result, the decryption determination card 3001 and the clock 3005 mutually confirm the random numbers A and B.

Decryption determination card 3001 and clock 300
5 generates the transfer key KT from the random numbers A and B and the key generation information Kt held by itself (step S300).
5, Step S3006). The clock 3005 encrypts the current time information with the generated transfer key KT ([current time] KT) and transfers it to the decryption determination card 3001 (step S3007).

The decryption determination card 3001 decrypts the [license information] KM using the master key KM specified by the master key ID, and also outputs the [current time] KT transferred from the clock 3005. Whether the content information specified by the content ID can be used is determined based on the decrypted license information and the decrypted time information.
It is determined whether decryption is possible (step S3008). If it is determined that decryption is impossible, the process ends.

If it is determined that decryption is possible (step S 3009), the decryption determination card 3001 generates a random number C by a predetermined algorithm and transmits it to the information reproducing unit 3004.
(Step S3010). Information reproducing unit 300
4 also generates a random number D by a predetermined algorithm (step S3011). Thereby, the decryption determination card 3001
And the information reproducing unit 3004 mutually confirm the random numbers C and D.

The decryption determination card 3001 and the information reproducing unit 3004 generate the transfer key K′T from the random numbers C and D and the key generation information K′t held by the card (steps S3012 and S3013). The decryption determination card 3001 encrypts the content key Kc included in the license information with the generated transfer key K′T ([Kc] K′T), and transfers it to the information reproducing unit 3004 (step S3014). ).

The medium reading device 3003
The content [Kc] is read from 002 and transferred to the information reproducing unit 3004 (step S3015).

[0270] The information reproducing unit 3004 decrypts [Kc] K'T with the generated transfer key K'T, and decrypts the content information with the content key Kc obtained as a result (step S3016). (1-2) Decoding Determination Card FIG. 79 shows a configuration example of the decoding determination card 3001.

The time transfer section 3012 receives the time information counted by the clock 3005 provided in the information reproducing apparatus shown in FIG. 77, and transfers the time information to the decoding determination section 3013.

The content key transfer unit 3014 is configured as shown in FIG.
The operation for protecting the transfer of the content key Kc to the information reproducing unit 3004 is performed.

The data transfer unit 3011 transmits the time information transferred from the clock 3005 and the information other than the content key transferred to the information reproduction unit 3004 to the media reading device 300.
3. Used when exchanging with the information reproducing unit 3004 and the decryption determination card 3001.

Time transfer unit 3012 and data transfer unit 301
The reason why 1 is provided separately is that special processing such as data protection by a temporary key and timeout by a clock is performed with the time transfer.

The flowchart shown in FIG. 80 shows in more detail the processing operation of the decryption determination card 3001 shown in FIG. 79 up to the output of the determination result of the availability of the content information.

The master key ID and [license information] KM transferred from the media reader 3003 in step S3002 in FIG. 78 are input to the decryption determination unit 3013 via the data transfer unit 3011 (step S302).
1). Also, in step S3003 in FIG.
5 is input to the time transfer unit 3012 (step S3022). In response, the time transfer unit 3022 generates a random number B, and generates a transfer key KT from the random number B and the previously received random number A (steps S3023 to S3024). Clock 30
05 (step S3025). At the same time, the time transfer unit 3022 starts counting by the clock counter (step S3026).

In step S3007 in FIG. 78, the clock 300
5 is transferred to the time transfer unit 302
2 (step S3027), the process ends if the counter value of the time transfer unit 3022 is not within the predetermined value Ct (step S3028). It is an integer. In the case of the present embodiment, the decryption determination card acquires the time information from outside the decryption determination card 3001. Therefore, the validity of the acquired time information becomes a problem. Clock 30
This is why random numbers A and B are exchanged between the decryption determination card 3001 and the time transfer unit 3012, and the time information is encrypted and transferred using the key KT that is valid only once. However, this alone cannot cope with the injustice of intentionally delaying the transfer of time information.

Therefore, the time transfer unit 3012 stores the time of arrival of the time information, that is, the time information (encrypted) after the time transfer unit 3012 outputs the random number B.
If the time to arrive at 012 is not within a predetermined time Ct, this type of fraud can be prevented by stopping the processing.

[0279] If the input of [current time] KT is within a predetermined time, it is decrypted with the transfer key KT generated earlier to obtain time information (step S3029). The time information is transferred to the decryption determination unit 3013, and the decryption determination unit 3013 uses the content information designated by the content ID based on the decrypted license information and the decrypted time information. It is determined whether it is possible or not (step S3031). When decryption is determined to be impossible,
The process ends.

If it is determined that decryption is possible (step S3032), decryption determination section 3013 outputs content key kc included in the license information to content key transfer section 3014 (step S3033).

When generating the random number C, the content key transfer unit 3014 transfers the random number C to the information reproduction unit 3004 (step S3034). Then, step S30 in FIG.
When the random number D transferred from the information reproducing unit 3004 in step 11 is input to the content key transfer unit 3014, a transfer key K'T is generated from the random number D and the random number C (step S3).
035 to step S3036). The content key transfer unit 3014 encrypts the content key Kc using the generated transfer key K'T ([Kc] K'T), and transfers it to the information reproducing apparatus 3004 (step S303).
8). (1-3) Time Transfer Unit of Decryption Determination Card Next, the time transfer unit 3012 in FIG. 79 will be described in more detail. FIG. 81 shows an example of the configuration of the time transfer unit 3012. The authentication unit 3021 and the clock counter 302
3 and a time output unit 3022.

Referring to FIG. 81, clock counter 302
Reference numeral 3 denotes a count counter for counting clocks for driving the logic.

FIG. 82 shows an example of the configuration of the authentication section 3021 of FIG.

Referring to FIG. 82, secret key storage section 3021e
Holds key generation information Kt.

The transfer key generation unit 3021f generates a transfer key KT as a secret key from random numbers A and B and key generation information Kt by an appropriate algorithm. This algorithm is the same as the secret key generation algorithm in the authentication unit of the corresponding clock 3005. Therefore, the decryption determination card 3001 and the clock 3005 can share the transfer key KT.

A predetermined counter value Ct is held by the input / output unit 3021a, and the clock counter 3023
Determine the timeout by referring to the value of. The value of Ct is set to a value obtained by allowing the clock 3005 to receive the random number B and return the encrypted time information with a margin for the transfer to the number of clocks required.

FIG. 83 is a flow chart for explaining the processing operation of the authentication unit shown in FIG.

The random number A input to the time transfer unit 3012 in step S3022 in FIG.
Is input to the input / output unit 3021a (step S304).
1) The random number A is stored in the random number storage unit 3021b (step S3042). Next, the random number generation unit 3021c
A random number B is generated by a predetermined algorithm (step S3
042), while being stored in the random number storage unit 3021d,
The random number B is transferred to the input / output unit 3021a (step S3
045).

The transfer key generation unit 3021f is connected to the random number storage unit 3
021b, random number A stored in each of 3021d,
B and the key generation information kt stored in the secret key storage unit 3021e are read to generate a transfer key KT (step S3046), and stored in the transfer key storage unit 3021g (step S3047).

The input / output unit 3021a has a clock counter 3
023 is reset and the random number B is transferred to the clock 3005 (steps S3048 to S49).

The [current time] KT input to the time transfer unit 3012 in step S3027 of FIG. 80 is first input to the input / output unit 3021a (step S3050). The input / output unit 3021a reads the counter value of the clock counter 3023 and compares it with Ct. If the counter value is equal to or smaller than Ct, the process proceeds to step S3053. If the counter value exceeds Ct (timeout), the process ends (step S30).
3051 to step S3052).

At step S3053, [current time] K
T is transferred to the decryption unit 3021h, and the decryption unit 3021h reads the transfer key KT from the transfer key storage unit 3021g,
The [current time] KT is decrypted with the transfer key KT to obtain current time information (step S3053 to step S305)
4).

The data format check unit 3021i checks the data format of the current time information (step S3055).
The data format of the current time information is, for example, as follows.

"Current time" / current time / "000000"
Following the character string of "00" and "current time", the current time represented by the character string and the last one-byte data "0" are delimiters. The current time is the time elapsed since midnight of January 1, 1998 AD, expressed in minutes.

The data format confirmation unit 3021i outputs the current time information to the time output unit 3 only when the data format of the current time information satisfies the above-mentioned predetermined format.
022 (Step S3056).

Time output section 3022 outputs time information to decoding determination section 3013 (step S303 in FIG. 80).
0).

In transferring the current time information, an encryption method is used in which the encryption key and the decryption key are the same (KT). However, the present invention is not limited to this case. , The transfer protection can be realized with the same configuration and operation as described above. (1-4) Content Key Transfer Unit of Decryption Determination Unit Next, the content key transfer unit 3014 in FIG. 79 will be described in more detail. FIG. 84 shows an example of the configuration of the content key transfer unit 3014, which includes an authentication unit 3031 and a content key input unit 3032.

FIG. 85 shows an example of the configuration of the authentication unit 3031. The processing operation of the authentication unit 3031 will be described with reference to the flowchart shown in FIG.

The random number generation unit 3031c generates a random number C by a predetermined algorithm, for example, and stores the random number C in the random number storage unit 3031d (step S306).
1), an information reproducing unit 3004 via the input / output unit 3031a
(Step S3062).

When the random number D transferred from the information reproducing unit 3004 is input via the input / output unit 3031a, it is stored in the random number storage unit 3031b (step S3064).

[0301] The transfer key generation unit 3031f includes the random number storage unit 3
Read the random numbers C and D stored in each of 031b and 3031d and the key generation information K't stored in the secret key storage unit 3031e to generate a transfer key K'T and store it in the transfer key. It is stored in the unit 3031g (step S3065 to step S3066).

At step S3032 in FIG. 80, as a result of the decryption determination by decryption determination section 3013, if decryption is determined to be possible, decryption determination section 3013 sets content key Kc
Is transferred to the content key transfer unit 3014 (step S3033 in FIG. 80). The content key Kc is input to the encryption unit 3031h of FIG. 85, and the encryption unit 3031h reads out the transfer key K′T from the transfer key storage unit 3031g, and uses this to use the content key Kc.
Is encrypted ([Kc] K'T) and transferred to the information reproducing unit 3004 via the input / output unit 3031a (step S30).
69). (1-5) Clock FIG. 87 shows an example of the configuration of the clock 3005 in FIG. 77, which comprises an authentication unit 3041 and a clock counter 3042.

The clock counter 3042 is for counting time.

FIG. 88 shows an authentication unit 3041 of the clock 3005.
This is an example of the configuration. Here, the processing operation of the authentication unit 3041 will be described with reference to the flowchart shown in FIG.

The random number generation unit 3041c generates a random number A by a predetermined algorithm, and stores the random number A in the random number storage unit 3041.
d (step S3071), and is transferred to the decryption determination card 3001 via the input / output unit 3041a (step S3072). When the random number B transferred from the decryption determination card 3001 is input to the input / output unit 3041a, the random number B is stored in the random number storage unit 3041d (step S3073).

The transfer key generation unit 3041 f
The random number B and the random number A are read from 041b and 3041d, respectively. The key generation information K't is read from the secret key storage unit 3041e, a transfer key K'T is generated, and stored in the transfer key storage unit 3041g (step S307).
4-Step S75).

The current time information output from the clock counter 3042 is input to the encryption unit 3041h (step S304).
3076).

[0308] The encryption unit 3041h operates as the transfer key storage unit 304.
The transfer key K'T is read from 1g, and the transfer key K '
T encrypts current time information ([current time] K'T),
The data is transferred to the decryption determination card 3001 via the input / output unit 3041a (steps S3077 to S307).
8). (1-6) Decoding Judgment Unit of Decoding Judgment Card FIG. 90 shows a configuration example of the decoding judging unit 3013 of the decoding judgment card 3001 in FIG.

The processing operation of the decoding determination unit 3013 in FIG. 90 will be described with reference to the flowchart shown in FIG.

[0310] The master key ID and the [license information] KM transferred from the media reader 3003 to the decryption determination card 3001 are the master key selection unit 306, respectively.
1, input to the decoding unit 3063 (step S310)
1. Step S3103).

The master key selecting section 3061 stores the decryption key corresponding to the master key ID in the master key storing section 306.
2 and retrieves it, and transfers it to the decoding unit 3063 (step S3102).

[0312] The master key ID input to the master key selection unit 3061 is for designating a decryption key corresponding to the key encrypting the [license information] KM. Without a correct master key ID, a decryption key for decrypting license information cannot be selected.

[0313] The decrypting unit 3063 provides the [license information] KM
With the decryption key specified by the master key ID,
The license information obtained as a result is transferred to the determination unit 3064 (step S3105).

[0314] The determination unit 3064 is supplied with the current time information transferred from the clock 3005 to the time transfer unit 3012 of the decryption determination card 3001 and obtained by decoding here via the time input unit 3065 (step S3106). -Step S3107).

[0315] The determination unit 3064 determines whether or not the content information can be used, that is, whether or not decryption is possible, based on the license information and the current time information, and outputs the determination result to the data transfer unit 3011 via the determination result output unit 3066 (step S3108 to step S3110). If it is determined that decryption is possible, the content key Kc included in the license information is output to the content key transfer unit 3014 via the content key output unit 3067 (step S3111).

Here, the determination process of the determination unit 3064 will be described. If the current time sent from the clock 3005 is before the recording time of the license information on the medium 3002, it indicates that the current time is behind the correct time. This is because the license information recording time is recorded by the license server, and therefore it can be considered that the time is almost accurate. Therefore, in this case, the determination flag provided in the determination unit 3064 is cleared, and all the determinations are made “unusable” thereafter. To set the determination flag again and make the determination valid, a command from the clock 3005 of the information reproducing apparatus is required. This command is used for decryption determination card 3
001 via the time transfer unit 3012
13 is sent. Therefore, a legitimate (certifiable) watch 3
Only commands from 005 can reset the decision flag. Then, the clock 3005 resets the determination flag only when the time of the clock 3005 is set. (1-7) Master Key A master key used for encrypting and decrypting license information will be described. Here, the encryption key and the decryption key used for encrypting / decrypting the license information are referred to as a master key, and the encryption key and the decryption key of the license information are not necessarily the same key. .

The master key in the master key storage unit 3062 in FIG. 90 is stored together with the master key ID as follows, for example. Km (0), ..., Km
(999), (KP (1000), Ks (100
0)), ..., (KP (1499), Ks (149)
9)), (KP (1500), Ks (1500)),
.., (KP (1599), Ks (1599)) 1000 keys from Km (0) to Km (999) are predetermined secret keys for decryption. KP (100
0) to KP (1599) are public keys for encrypting license information, and Ks (1000) to Ks (159).
9) 600 keys are from KP (1000) to KP (1).
599) is a secret key for decrypting each license information. KP (n) (1000 <= n <1600) is called a public master key.

For any n between 1000 and 1600, KP (n) and Ks (n) are key pairs. That is, the license information encrypted by KP (n) can be decrypted by Ks (n). 1000 or more and 1600
For each n less than, a pair of (KP (n), Ks (n)) is generated at any time by the master key generation unit 3069 in FIG. 90 based on the random number generated by the random number generation unit 3068. Therefore, not only does the decoding decision card differ, but also the same decoding decision card varies with time.

The public master key is used in the information distribution system shown in FIG. 76, as described later.

(KP (n), Ks (n)) (1500 <
= N <1600) may be used when the validity period during which the content information can be used is less than 100 hours, for example. That is, the master key generation unit 3069
Generates a key pair every hour, for example, and sequentially records from n = 1500 to n = 1599. According to the specified validity period, for example, when the validity period is less than the longest 100 hours (KP (1599n), Ks (1599)), after recording, again (KP (1500), Ks (1500))
Is repeated, and this is repeated thereafter.

The master key ((KP (n),
When Ks (n)) (a key of 1500 <= n <1600) is used, the latest KP (n) is always used for encrypting the license information. Up to 9 after recording license information
Up to 9 hours, the license information encrypted with KP (n) is decrypted with the corresponding Ks (n), but after 100 hours or more, Ks (n) is lost (by overwriting). It will no longer be possible to decrypt this license information. This makes it possible to ensure high security. Even if someone reads the master key Ks (n) in any way, this key is only valid for license information created during a particular hour.

As described above, the master key storage unit 3062
Are three types of master keys having different properties (that is, a common secret key for all decryption determination cards, a unique secret key for each decryption determination card, and a secret key updated for each predetermined time in each decryption determination card). Preserving allows customization of security and convenience.

The license information encrypted with the encryption keys KM (0),..., KM (999) respectively corresponding to Km (0) to Km (999) can be used for decryption determination by any decryption determination card. Can be. However, if the contents of the decryption determination card are stolen, there is a risk that the protection of the contents will break down.

On the other hand, in the method using the public master key, it is necessary to send the public master key to the server when updating the license information. Therefore, the user may be forced to do extra work. However, even when the contents of the decryption determination card are stolen, the security failure is limited to a specific decryption determination card. In particular, when a time-varying public master key as described above is used, security failure is limited in terms of time. (1-8) Information Reproducing Unit FIG. 92 shows an example of the configuration of the information reproducing unit 3004 in FIG. 77, and includes an authentication unit 3051, a decoding unit 3052, a decoder 3053, and a D / A conversion unit 3054. .

The outline of the processing operation of the information reproducing unit 3004 in FIG. 92 will be described with reference to the flowchart shown in FIG. The information reproducing unit 3004 reproduces a moving image such as MPEG2.

[0326] The encrypted content key [Kc] K'T transferred from the decryption determination card 3001 is input to the authentication section 3051 of the information reproducing section 3004. Authentication unit 305
1 uses the transfer key K'T generated by itself [Kc].
The content key Kc is obtained by decrypting K′T (step S3081).

On the other hand, content information encrypted with the content key Kc read from the medium 3002 by the media reading device 3003 is input to the decryption unit 3052. The decryption unit 3052 decrypts the content information using the content key Kc and outputs the decrypted content information to the decoder 3053 (step S3082).

[0328] The decoder 3053 restores the coding performed for compression and sends the resulting image data and the like to the D / A conversion unit 3054 (step S308).
3).

The D / A conversion section 3054 converts this into an analog signal and outputs it to a predetermined display device (Step S).
3085).

FIG. 94 shows an example of the configuration of the authentication section 3051 of the information reproducing section 3004 in FIG. The processing operation of the authentication unit 3051 will be described with reference to the flowchart shown in FIG.

[0331] From the decryption determination card 3001 to the information reproducing unit 3
The random number C transferred to 004 is input to the input / output unit 3051a of the authentication unit 3051 and stored in the random number storage unit 3051b (step S3091).

The random number generator 3051c generates a random number D,
It is stored in the random number storage unit 3051d (step S309)
2).

The transfer key generation unit 3051f is connected to the random number storage unit 3
The random number C and the random number D are read from the keys 051b and 3051d, respectively, and the key generation information K't is read from the secret key storage unit 3051e to generate the transfer key K'T (step S3093). The generated transfer key K′T is stored in the transfer key storage unit 3051g (step S309).
4).

The random number D stored in the random number storage unit 3051d
Is also transferred to the decoding determination unit 3001 via the input / output unit 3051a (step S3095).

[0335] From the decryption determination card 3001 to the information reproducing unit 3
004 and the encrypted content key [K
c] K′T is input to the input / output unit 3051a of the authentication unit 3051. [Kc] K'T is output to decoding section 3051h (step S3096). The decryption unit 3051h reads the transfer key K′T from the transfer key storage unit 3051g, decrypts [Kc] K′T, and obtains the content key Kc (step S3097). The content key Kc is output to the decryption unit 3052 in the information reproduction unit 3004 (Step S3098). (1-9) Another Information Reproduction Unit FIG. 96 shows another configuration example of the information reproduction unit 3004 in FIG. 77, and shows a case where the content information to be charged is a program. In this case, at least a part of the content information to be charged is encrypted with the content key Kc, and the content key Kc is included in the license information.

In FIG. 96, the same portions as those in FIG. 92 are denoted by the same reference numerals, and only different portions will be described. That is, in FIG. 96, the decoder 3053 shown in FIG.
The / A conversion unit 3054 replaces the program execution unit 3055, and the program execution unit 3055 executes a program as content information. The operation until the content key Kc and the encrypted content information are sent to the information reproducing unit 3004 is the same as described above.

In this case, the information reproducing unit 3004
A central processing unit including a U, a memory, and the like may be used. (1-10) The above (1-1) to (1-9) correspond to the case where the information reproducing apparatus includes the clock 3005 as shown in FIG. Of course, the case where the decoding determination card 3001 itself has a built-in clock can be considered. In this case, the decryption determination card 30
01 has a built-in battery for driving the timepiece. The merit of incorporating a clock in the decryption judgment card is shown in FIG.
The authentication processing between the time transfer unit 3012 and the clock shown in FIG. (2) Hereinafter, the information distribution system of FIG. 76 will be described.

The configuration and processing operation of the information reproducing apparatus in this case are almost the same as those in FIG.

In the information distribution system shown in FIG. 76, license information is not initially recorded on the removable information storage medium, but a content ID and encrypted content information are recorded. When updating the license, the medium and the decryption determination card are set in the license update terminal. The update terminal sends the content I
D. One of the public master keys described above is read from the decryption determination card, and transferred to the license server. The license server includes a database of the handled contents, searches the database using the content ID as a key, and acquires a content key.

Next, the license server creates normal license information including the content key, encrypts it with the public master key, and transfers it to the update terminal. The update terminal records the received encrypted license information on the medium. Playback of media after recording license information
This is similar to the case of the information distribution system of FIG.

Next, the license update terminal and the license server in the information distribution system of FIG. 76 will be described in more detail. (2-1) License Update Terminal FIG. 97 shows the configuration of the license update terminal.

The license update terminal 4000 includes a card interface (IF) 4001 for reading predetermined information from the inserted decryption determination card, a removable information storage medium drive 4002 for reading predetermined information from the inserted removable information storage medium, and a predetermined interface. A communication unit 4003 for performing communication with a license server via a communication line (for example, a public line or a dedicated line), for example, a display unit 4004 including a liquid crystal display panel or the like, for inputting an instruction from a user , A key input unit 4005 including a keyboard, a touch panel, and the like.

FIG. 98 is a flowchart showing the processing operation of license update apparatus 4000 shown in FIG. Hereinafter, the processing operation of the license update terminal will be described with reference to FIG.

[0344] Removable information storage media drive 4
When the removable information storage medium is set at 002, the identification information of the content information recorded on the medium, that is, the content ID is read from the medium (step S4001), and the read content ID and the license update terminal The identification information (update terminal ID) is transmitted to the license server via the communication unit 4003 (step S4002).

The update terminal ID transmitted from the license update terminal to the license server is used when the license server saves the update terminal ID together with the update information as an update log. In addition, the collection of the content usage fee may be performed based on this update log.

The license server having received the content ID, the update, and the update terminal ID transmits the charging menu, the request key type information, and the authentication key number N to the update terminal (step S4003).

The request key type information sent from the license server to the update terminal is for designating the above-mentioned three types of master keys. As described above, the request key types include, for example, the following. When the request key type information is “0”: A predetermined master key for decryption, that is, Km (0),..., Km
(999) is specified. ・ When the type information of the request key is “1”: A unique master key, that is, KP (1000),..., KP (1499) is specified in each determination card for decrypting license information. When the type information is “2”: a secret key, KP (1500), which is updated every predetermined time by each judgment card,
.., KP (1599) is specified The authentication key number N sent from the license server to the license update terminal is a number for specifying the key KN held by the decryption determination card for authentication at the time of transfer. The master key KP encrypted by the key KN is used as a decryption key K'N corresponding to the KN held by the license server.
Is decrypted by The license server encrypts the license information using the key KP obtained in this manner,
Send to license update terminal. Therefore, if the decryption determination card does not hold the correct authentication key KN (for example, when an unauthorized device attempts to impersonate the decryption determination card), the license information recorded on the removable information recording medium is: It cannot be decrypted with the decryption key Ks corresponding to KP. Thus, an invalid decryption determination card is excluded.

[0348] The billing menu is a charge table corresponding to the validity period of the content information. A desired validity period is selected from the billing menu, and the fee is paid. The charging menu includes, for example, a fee corresponding to a valid period and an identification number for selecting the valid period. Specifically, when the validity period is 7 days, the fee is 20
For 0 yen, the identification number is "1". When the validity period is 30 days, the fee is 500 yen and the identification number is "2". When the expiration date is indefinite (transfer), the fee is 3000 yen and the identification number is "3". Becomes

When the request key type information is “0”,
The license update terminal does not need to send the master key KP to the license server. This is because the license information is encrypted with a key common to all decryption determination cards and sent from the license server. In this case, the designation of the Km number is added to the license information sent from the server. This number does not need to be encrypted.

When the communication line between the update terminal and the license server is not a dedicated line, as an information security measure, a mutual authentication procedure is performed when the communication unit 4021 of the license server and the communication unit 4003 of the update terminal perform communication. It is desirable to do. In this case, charging for the license update is performed at the store where the license update terminal is installed. This is because, unless an invalid license update terminal is excluded, billing may not be performed correctly. In addition, connecting to a license server that is not valid even for the license update terminal installer may cause the user to be charged with incorrect license information.

In the case where the communication line is a dedicated line and the communication destination is reliable, mutual authentication is not required. The communication unit 4003 of the license update terminal, in which a general line such as the Internet is used to connect the license update terminal to the license server, may store a record of communication with the license server. Since the collection of the fee is performed based on the record of the license server, it is operationally preferable that the record is also left on the license update terminal side for confirmation.

Now, the communication unit of the license update terminal is 40
03, among the information transmitted from the license server, the billing menu is transferred on the display unit 4004, and the request key identification information and the authentication key number N are transferred to the card IF 4001 (step S4004).

Display unit 4004 presents a charging menu to prompt the user to select an identification number of the validity period. on the other hand,
The card IF 4001 transfers the request key identification information and the authentication key number to the decryption determination card. The decryption determination card receives the information and receives the master key KP (an appropriate one of the plurality of KPs) corresponding to the requested key identification information.
Is encrypted with the authentication key KN specified by the authentication key number, that is, [KP] KN is transferred to the card IF 4001. At that time, the identification information of the master key may be transferred.

The communication unit 4003 transmits the [KP] KN transferred from the card IF and the identification number of the validity period in the charging menu specified by the user via the display unit 4004 to the license server (step). S4005
-Step S4007).

[0355] In response to this, at least the master key K notified from the update terminal is received from the license server.
The license information encrypted by P, that is, [license information] KP, is transmitted to communication unit 400 of the update terminal.
3 is received (step S4008).

[License information] KP is recorded in the removable information storage medium drive 4002 on the medium set therein (step S400).
9). Note that the [license information] KP transmitted from the license server and the identification information of the master key may be recorded on the medium. (2-2) Decryption determination card FIG. 99 is a decryption determination card 301 that manages an interface with the license update device 3015 of the decryption determination card.
5, the update interface (IF) 3
015 shows a configuration example.

The processing operation of each component shown in FIG. 99 will be described below with reference to the flowchart shown in FIG.

The request key identification information and the authentication key number N transferred from the card IF 4001 of the update terminal to the decryption determination card 3015 in step S4004 of FIG. 98 are input to the input / output unit 4011 (step S4011).

The input / output unit 4011 transfers the request key identification information to the master key selection unit 3061 and sends the authentication key number N
Is transferred to the authentication key selection unit 4014 (step S40).
12).

The master key selection unit 3061 searches the master key storage unit 3062, selects a master key KP matching the request key identification information, and transfers it to the encryption unit 4012 (step S4013).

The authentication key selection unit 4014 searches the authentication key storage unit 4013, selects the authentication key KN of the authentication key number N, and transfers it to the encryption unit 4012 (step S401).
4).

The encryption section 4012 encrypts the master key KP with the authentication key KN to generate [KP] KN (step S4015). [KP] KN is the input / output unit 4011
Is output to the license update device via the
4016). (2-3) License Server FIG. 101 shows a configuration example of a license server.

A content information database (DB) 40
24 stores, for example, the following information corresponding to the content ID.

Content key Charging menu Request key type The processing operation of each component of the license server 4001 shown in FIG. 101 will be described below with reference to the flowchart shown in FIG.

Content ID and update terminal ID transmitted from license update terminal in step S4002 in FIG. 98
Is received by the communication unit 4021 and transferred to the response unit 4022 (step S4021).

The response section 4022 transfers the content ID to the content information search section 4023 (step S402).
2), the content information search unit 4023
The corresponding content key, billing menu, and request key type are read out based on D, and these information are sent to the response unit 4.
022 (step S4023).

On the other hand, the response section 4022 stores the authentication key number N
Is generated (step S4024). For example, one of a plurality of predetermined authentication key numbers may be selected. And information other than the content key,
That is, the charging menu, the request key type information, and the authentication key number N are transmitted to the license update terminal via the communication unit 4021 (step S4025).

[0368] The [KP] KN and the identification number of the desired validity period in the charging menu transmitted from the update terminal in step S4007 in FIG. 98 are received by communication unit 4021, and are transferred to response unit 4022 ( Step S402
6).

In response section 4022, [KP] KN is decrypted with decryption key KN ′ corresponding to authentication key number N generated earlier to obtain master key KP (step S402).
7).

The license information generated by the response unit 4022 is encrypted by the encryption unit 4025 using the master key KP ([license information] KP is generated), and the [license information] KP is transmitted to the communication unit 4021. Is transmitted to the license update device via the terminal (steps S4028 to S4029).

The response unit 4022 records the update history information of the license in the update record database (DB) 4026 in association with the update terminal ID received in step S4021 (step S4030). (3) Information distribution system in the case of updating a license using electronic payment from a user terminal FIG. 103 shows a system including a user terminal, a license server 4101, and an electronic payment device 4102 in updating a license using electronic payment. This shows an example of a configuration in which a user terminal performs a charging process by electronic payment via a network.

The user terminal has at least the license update device 4103 and the decryption determination card 30
01 and a removable information storage medium 4031 may be mounted, for example, a personal computer.

FIG. 104 shows an example of the configuration of the license update device 4103 provided in the user terminal.
The control unit 4044 composed of U or the like
Removable information recording medium IF 4042, decryption determination card IF 4043, display unit 4045, input unit 4046
And executes a process for updating the license.

FIG. 105 shows an example of the configuration of the license server 4101.
1, the decoding unit 4052, the charging reference number issuing unit 4054, the charging processing unit 4055, and the license information generating unit 4056 are controlled to execute processing for updating the license.

FIG. 106 is a diagram showing license information by a master key (for example, one of Km (0),..., Km (999)) common to all license determination cards (and therefore common to all user terminals). 103 is a flowchart showing the processing operation of the entire system shown in FIG. 103, taking the case where is encrypted as an example.

The processing operation of each component of the license update device 4103 and the license server 4101 will be described below with reference to the flowchart shown in FIG.

[0377] Content information and license information are recorded on the medium 4031. The license information includes, for example, usage conditions for determining whether the content information can be used, a content ID, and other information. It is assumed that

[0378] The removable information recording media interface (IF) 4042 of the license update device 4103.
Reads the license information from the medium set in the user terminal and outputs it to the decryption determination card 3001 via the decryption determination card interface (IF) 4043 (step S4041).

[0379] The decryption determination card 3001 performs a predetermined process (for example, based on the input license information).
When the license is updated as a result of performing the processing operation of the decryption unit A and the like described in the second embodiment, the license update information (for example, in the case of the decryption unit A, as shown in FIG. Update information).

Next, the decryption determination card IF 4043 reads the license server ID from the decryption determination card 3001 (step S4042). Note that the license server ID may be included in the update information.

The license server ID is identification information for specifying a license server.

[0382] The license update device 4103 includes the communication unit 4
A license server specified by the license server ID is accessed via the server 411, and the update information for updating the license information is transmitted (step S4043).

Communication unit 405 of license server 4101
1 receives the update information transmitted from the license update device 4103, the content ID included in the update information
Based on the search of the charging database (DB) 4058,
At least the charging menu is read (request key type information, authentication key number N, etc. as necessary), and a charging reference number is issued by a charging reference number issuing unit 4054. At least the charging menu and the charging reference number (hereinafter, data group) A is transmitted to the license updating apparatus 4103 via the communication unit 4051 (step S4044).

[0384] The charging reference number issued by the license server is a number that the license server appropriately assigns for each transaction. The billing reference number is used for billing confirmation as described later.

[0385] The license server usually has multiple users,
That is, it processes a license update request from the license update device. Therefore, it is preferable to shorten the line connection time as much as possible. Therefore, the license updating device appropriately disconnects the line with the license server. For example, in the communication unit 4041 of the license update device, a response waiting time Tw from the license server is predetermined, and if there is no response from the license server within this time, the line may be disconnected. Also, in order to distinguish license update requests from each of the plurality of n license update apparatuses, the license server needs to manage license information based on the billing reference number. The license update device 4103 that has received the data group A presents the billing menu to the display unit 4045 (step S4045), and when the identification number of the desired validity period is selected by the user (step S4046), the license update device 4103 communicates. The unit 4041 accesses the electronic settlement apparatus 4102, and requests payment of at least the charging reference number, the license server ID, the identification number of the selected validity period, and the fee corresponding thereto (step S4047).

The electronic payment device 4102 performs a predetermined payment process in response to a request from the user, and if the process is successful, the license server 4 specified by the license server ID
For example, the identification number of the valid period, the settlement amount, and the charging reference number are transmitted to the 101 as payment proof to notify the success of the payment process. Further, the license update device 410 of the payment request source
Also, for example, the identification number of the validity period, the settlement amount, and the charging reference number are transmitted as payment proof to step 3 (step S4048)
-Step S4050). License update device 4103
When the payment amount and the charging reference number are received, the license server specified by the license server ID is accessed, and at least the identification number of the validity period selected in step S4046 and the payment amount and the charging reference number are entered. It is transmitted as payment proof (step S4051).

Communication unit 405 of license server 4101
The payment proof transmitted from the electronic settlement apparatus 4102 received in 1 and the payment proof transmitted from the license update apparatus 4103 in step S4051 correspond to the charging reference number in the charging processing database (DB). 40
57.

In the billing process DB 4057, for example, the following information is stored in association with each billing reference number.

ID of license renewal terminal Content key Payment proof from electronic payment device (identification number of validity period,
(Payment amount, charging reference number)-Certificate of payment from license update device (valid period identification number, payment amount, charging reference number) In the license server 4101, the electronic payment device 410
2. When the payment certificate is received from the license update device 4103, the payment certificate is recorded in the billing process DB 4057, and the billing processing unit 4055 checks whether or not the settlement amount and the identification number in both the payment certificates match (see FIG. Step S40
52). Only when they match, it can be determined that an appropriate payment has been made. In parallel with the payment proof confirmation processing, the license information generation unit 4056 of the license server 4101 checks the license update information transmitted from the license update device 4103 in step S4043,
Based on the content key corresponding to the content ID retrieved from the content information DB 4024, at least the usage conditions and the content key in the license information are changed (the license information is updated).

The license information includes, for example, the following information.・ Content ID ・ Content key for decrypting encrypted content information ・ Usage conditions of content information including at least expiration date ・ License information creation time ・ Update server ID ・ Charging reference number Here, the update server ID is the current license Is the identification information for specifying the license server that has updated the license server. With the update server ID, it is possible to specify the updated server from the license information as necessary.

If it is confirmed in step S4053 that an appropriate payment has been made, the license server 4101
Transmits the updated license information via the communication unit 4051 to the license update device 4103 that is the license update source (step S4054).

The license updating apparatus 4103 that has received the updated license information records the updated license information on the medium 4031 via the removable information recording medium IF 4042 (step S405).
5).

(Fourth Embodiment) FIG. 107 shows an example of the overall configuration of an information reproducing system according to a fourth embodiment. For example, FIG. 53, FIG. 75, FIG. 76, and FIG. Is used by the user in the information distribution system as shown in FIG. Content information is DVD-R
It is recorded on a recording medium (information medium) such as an AM or a DVD-ROM. The right to use (reproduce and view) the content information under predetermined conditions is called a license. By purchasing this license, license information is given to the user. The license information enabling the reproduction of the content information may be recorded together with the recording medium on which the content information is recorded, or separately from the content information, other recording media or a memory and an arithmetic function may be used. It may be recorded on an IC card or the like, read separately from the content information, and input to the information reproducing apparatus shown in FIG. Alternatively, it may be distributed through broadcasting, the Internet, or the like.

In FIG. 107, the information reproducing system
An information media driver 7001 that reads encrypted content information, which is mainly digital content, from an information medium such as a DVD-ROM or a DVD-RAM, and checks whether the license is valid based on license information corresponding to the encrypted content. An information reproducing apparatus 700 that outputs a content decryption key for using the content information if valid, a DVD player, a video reproducing apparatus that decrypts and reproduces the encrypted content with the decryption key output from the information reproducing apparatus 7000. And the like.

It is assumed that the digital contents have been encrypted in advance for the steady collection of license fees. FIG. 113 shows a configuration example of the content information used in the present embodiment. That is, the content is divided into an encrypted portion and an unencrypted portion, and the encrypted content is recorded in the encrypted portion, and the content ID is recorded in the unencrypted portion. Content ID
Is for linking the content and its license information.

FIG. 114 shows an example of the structure of the license information. A decryption key for decrypting the encrypted content (hereinafter referred to as a content decryption key), a license use condition such as a use expiration date, an ID of the content, And license authentication information. What is activation information?
This is a predetermined code for checking whether or not the encrypted license information has been correctly decrypted. For example, if it is a 4-byte code, “a5fe47
8e160e325f ". This is information to be determined in advance between the license generation device, the license update device, and the license determination unit.

The license information is entirely encrypted with a predetermined public key. The decryption of the license information is performed in a license determination unit 7008 provided in the information reproducing apparatus 7000 by using a secret key existing in the unit, and a use condition is checked based on the decrypted license information. The use conditions include, for example, a use period and a use count. By adopting the expiration date as the usage condition, the content cannot be viewed after the expiration date, and even if the content and the license information necessary for decrypting the content are completely illegally copied, the content cannot be used after the expiration date. Distribution of pirated copies can be made substantially meaningless.

However, when the expiration date is set, the management of a clock that measures the current time (hereinafter, the time means date and time) for checking the usage condition is not steadily performed. Thus, the use period itself becomes meaningless. For example, even if license information having a usage period up to December 22 is acquired as a license for one week on December 15, the license determination unit 7008
If the clock referred to indicates June 10, the license will be for six months. In particular, this is quite likely if the watch is adjustable by the user, as the user may be able to adjust the watch conveniently.

Therefore, in the present embodiment, an information reproducing apparatus which can improve this point and provide a framework for complying with the expiration date even when the clock is adjusted conveniently will be described.
That is, a decryption key of the license information is generated at predetermined time intervals by a predetermined algorithm, replaced with a previous decryption key, and a corresponding license information encryption key is generated at the same timing in the license generation device and the license update device. By doing so, if the clock time is significantly different from that of the license generation device or the license update device, the newly acquired license information cannot be decrypted. Therefore, it is necessary to accurately set the time on the clock when at least watching new content. The gist of the present embodiment is that the clock is indirectly brought into the correct state by changing the decryption key of the license information in this manner. In FIG. 107, a clock 7008h (see FIG. 108) for measuring the current time is provided inside the license determination unit 7008 (in this case, the license determination unit 7008 is configured by, for example, one IC chip). However, it is possible to easily perform a configuration that protects the clock from being adjusted by the user in terms of hardware.
The clock time of 08h may be adjustable by the user.

Next, the processing operation of the information reproducing apparatus of FIG. 107 and the processing operation of the license determination unit 7008 having the configuration shown in FIG. 108 will be described with reference to the flowcharts shown in FIGS.

The content information read from the information media driver 7001 as shown in FIG. 113 is separated into a content ID and an encrypted content by the data separation unit 7007 (steps S7001 to S7002).
The encrypted content is sent to the information use device 7002 (step S7003), and the license determination unit 7008
Wait for the content decryption key output from.

On the other hand, the content ID is sent to license information search section 7006. License information search unit 700
6 searches the license information database (DB) 7004 for license information having the content ID (step S7004). License information DB 700
As shown in FIG. 115, the license information stored in No. 4 has at least an unencrypted part including the content ID added to the encrypted license information.
In D, license information corresponding to the content can be searched. The searched license information is sent to the license determination unit 7008 (step S7).
005 to step S7006).

FIG. 108 shows the license judgment unit 70
08 shows a configuration example. The license information searched by the license information search unit 7006 is input to the license information input unit 7008a and transferred to the decryption unit 7008b.

[0404] In the decryption unit 7008b, the decryption key storage unit 70
The license information is decrypted using the license information decryption key stored in 08e (step S7007 to step S7008).

The decrypted license information is checked by the license information consistency check unit 7008c using the license authentication information to confirm that the license information has been correctly decrypted (step S7009). That is, when the license information is decrypted, it is checked whether the license authentication information is present at a predetermined location in the data of the license information, and if so, it is determined that the license information has been correctly decrypted. Of course, this code will usually be random if it is decrypted with an appropriate decryption key. If it is determined that the license information has not been correctly decoded, the license information search unit 7006 is requested to search for the next license information candidate. In response to this, the license information search unit 7008 searches the license information DB 7004 to extract the next license information having the content ID.
The license is sent to the license determination unit 7008. If the license information search unit 7006 cannot search for the next candidate for license information, the process advances to step S7021 in FIG. 110, and the display unit 7011 displays, for example, "License information is invalid or the time of the reference clock is incorrect. The current reference clock time is HYHMM for YYYY. Please check the time and renew your license. "
Is displayed (step S7021 in FIG. 110). This allows the user to check the current time, and correct the time if the time is significantly different.

The decryption key generation unit 7008f generates a new key at regular time intervals together with the license update device and license generation device that issue licenses.
08e. Therefore, when the clock 7008h of the license determination unit 7008 is significantly different from the actual time, the decryption key generated by the license determination unit 7008 and the encryption key generated by the license update device or the license generation device cannot be matched. Therefore, even if the use condition is valid license information, it cannot be decrypted. For this reason, it is necessary to ask the user to confirm the time of the clock 7008h as in the above display message. Thereafter, the license may be updated in response to a user request.

Now, in step S7010 of FIG. 109,
If the license information consistency check unit 7008c determines that the license information has been correctly decoded, the license information is sent to the use condition determination unit 7008d, and the use condition is continuously determined. Since the use period is used as the use condition, the use condition is determined by referring to the time of the clock 7008h inside the license determination unit 7008 and in some cases outside via the clock reference unit 7008g via the clock reference unit 7008g.
It is determined whether or not the time is within the usage period (step S7011). If it is determined that the use condition is satisfied (step S7012), the content decryption key is output to the information use device 7002 (step S7013), and the information use device 7002 uses this to encrypt the separately sent encrypted content. Decrypt and reproduce (Step S70)
14).

[0408] On the other hand, if the license use condition is not satisfied in step S7012, the license information search unit 7
006, the process proceeds to step S7021 in FIG. 110, and the license may be updated in response to a request from the user.

The license is updated in a procedure described in detail later, by the license update instruction unit 700 shown in FIG.
5. Create license update information including at least the content ID and the desired use condition as shown in FIG. 116 through the desired use condition input unit 7010, the display unit 7011, and the like. The license information is sent to the license update device via a predetermined network to update the license information.

[0410] The flowchart shown in Fig. 110 shows the update processing operation of the license information. The license information search unit 7006 displays "License information is invalid or the time of the reference clock is incorrect" on the display unit 7011. The current reference clock time is HH MM minutes in the YYYY year. Check the time and update the license. "(Step S7021), and at least the user updates the license. The license update instructing unit 7005 having an appropriate interface for inputting an instruction as to whether or not to perform the update is activated. It is assumed that the user has input an instruction to update the license via this interface (for example, after confirming the time of the clock 7008h). The license update instruction unit 7005 sends it to the license information search unit 7006, and the license information search unit 7006 sends the content ID to the license update unit 7009 (steps S7022 to 7024).

[0411] The license update unit 7009 activates the desired use condition input unit 7010, and activates the desired use condition input unit 701.
The license update information as shown in FIG. 116 is created using the desired use condition input via an appropriate interface of No. 0 and the content ID transmitted from the license information search unit 7006 (steps S7025 to S7025).
In step S7027, the license update information is sent to the license information update device via a predetermined network.

In step S7024, if the user does not update the license (ie, if the user inputs an instruction not to update the license via license update instruction unit 7005), license information search unit 700
At 6, the content ID is deleted, and the process ends.

[0413] The updated license information is input to the license storage unit 7003 via an IC card or the like or a predetermined network such as the Internet as shown in FIG. It is converted into a data format and stored in the license information DB 7004.

[0414] When the license determination unit 7008 determines that the license is invalid (steps S7005, S7010, and S701 in Fig. 109).
In 2), the processing may be interrupted (reproduction stopped). In this case, the license update instruction unit 70
05, the display unit 7011, the license update unit 7009, and the desired condition input unit 7010 are not required, the function of communicating with the license update device is not required, and the configuration is simplified.
When updating the license, the user goes to an agency or the like that updates the license with an IC card, for example, pays a predetermined fee, and has the IC card write new license information with updated usage conditions and the like. Then, the user brings back the IC card, inserts it again into the information reproducing apparatus in FIG. 107, reads the updated license information, and stores it in the license information DB 7004 via the license storage unit 7003.

Next, the operation of generating a decryption key for license information will be described with reference to the flowchart shown in FIG.

[0416] The decryption key generation unit 7008f of the license determination unit 7008 refers to the clock 7008h via the clock reference unit 7088g, and starts generating the decryption key when a predetermined time comes (steps S7041 to S7042). The generated decryption key is stored in the decryption key storage 70.
08e (steps S7043 to S7).
044). The generation of the decryption key must be performed in synchronization with the license generation device and the license update device. For example, once a week, every Monday at 15: 0pm
Update at a fixed time such as 0. In addition, the same key as that of the license generation device and the license update device must be created for that purpose. For this reason, for example, key generation by a random number generator using the time as a seed can be considered. That is,
When changing on December 15, 1997, the number "199
71215 ”as a seed, for example, the decryption key generation unit 70
The output of the random number generator provided at 08f is used as a decryption key. Of course, the license generation device and the license update device also generate the encryption key of the license information in the same manner.

[0417] The above is a method of creating a common key in the case of the common key method. In some cases, the license determination unit 7008 employs public key encryption. In this case, as in the case of the key generation unit 2006 of the decryption unit A, a decryption key (secret key) may be generated using, for example, an RSA encryption key generation algorithm.

[0418] As described above, a mechanism can be provided in which both the license generation device, the license update device, and the license determination unit 7008 can change the decryption key at regular intervals.
For this reason, even if the clock 7008h in the information reproducing apparatus including the license determination unit 7008 is changed by the operation of the user, the newly obtained license information cannot be decrypted, so that the change of the clock can be prevented in many cases.

[0419] Note that the clock 7008
It does not matter much whether h can be modified by a user operation.

In the key generation process, the decryption key generation unit 7008f does not issue a key generation start instruction, but the clock reference unit 7008g or the clock 7008f.
It is conceivable that h itself will issue. In this case, the key can be generated at a more accurate time than when the decryption key generation unit 7008f takes the initiative to generate the decryption key.

Further, in this embodiment, when a license corresponding to one content is searched, its validity is determined (check of the expiration date), and if valid, a decryption key is output. However, when the license is invalid, other license information is not searched, and a display indicating that the license has expired or that the reference clock is incorrect is displayed. This is because it is implicitly assumed that there is only one license information corresponding to the content. However, for example, when purchasing and selling a license for two weeks, the license information may be separated for each week. In addition, a license for a limited number of times may be sold in addition to a license for a limited time, and these may coexist for the same content. In such a case, it is also possible to search for all the existing license information and use the license most advantageous to the user.

For example, by giving priority to a time-limited license over a time-limited license, it is not necessary to use a time-limited license while a time-limited license is present, which is advantageous for the user. In this case, as shown in FIG. 117, the license information stored in the license information DB 7004 includes, in the unencrypted portion, information for identifying a period-limited license or a number-limited license in addition to the content ID. It is desirable to be included.

[0423] The priority in selecting a license may be specified by the user himself. For example, the license information search unit 7006 may display on the display unit 7011 a menu screen for allowing the user to select which one has priority over a time-limited license and a number-limited license.

[0424] Also, the license information search unit 7006
If the highest-priority license information appears, the search may be terminated at that point without searching for all the license information.

FIG. 118 shows another example of the configuration of the information reproducing apparatus 7000 shown in FIG. 107. The content information is recorded on a recording medium (information medium) such as a DVD-RAM or DVD-ROM. The license information is distributed by broadcasting.

[0426] The information reproducing apparatus shown in Fig. 118 is characterized in that the decryption key of the encrypted license information broadcast-distributed is generated based on the seed included in the broadcast wave. This can be done without using 7008h.

In FIG. 118, the same portions as those in FIG. 107 are denoted by the same reference numerals, and only different portions will be described. That is, in the configuration shown in FIG. 118, the encrypted license information is transmitted by a broadcast wave, and the broadcast wave contains seed information for generating a decryption key of the encrypted license information. License information receiving unit 8001 for receiving and converting to a digital signal
And a license separation unit 80 for separating encrypted license information and seed information from the broadcast wave received here.
02, and the license determination unit 8009 generates a decryption key based on the seed information transmitted in the broadcast wave.

FIG. 121 shows a license information receiving section 800
1 shows an example of a data structure of a broadcast wave received by the broadcast receiver 1. At the head of each of the license information and the seed information, fixed-length identification information for identifying the license information and the seed information is added.

FIG. 119 shows an example of the configuration of the license judging unit 8009 shown in FIG. 118. In FIG. 119, the same portions as those in FIG. 108 are denoted by the same reference numerals, and only different portions will be described. That is, FIG.
The license determination unit 8009 shown in FIG. 19 further includes a decryption key generation seed input unit 8009g to which the seed information output from the license separation unit 8002 is input, and the decryption key generation unit 8009f generates a decryption key from the seed information. It has become.

Next, with reference to the flowchart shown in FIG. 120, an operation until a decryption key is generated by separating encryption license information and decryption key seed information from a received broadcast wave will be described.

The license information receiving section 8001 receives the broadcast wave and obtains the received data as shown in FIG. 121, sends the received data to the license separating section 8002 once, and uses the identification information to obtain the license information and the seed information. (Steps S8001 to S800
2).

If the received data is license information, it is sent to license storage section 7003 (steps S8003 to S8004). The license storage unit 7003 adds the content ID to the license information as shown in FIG.
To be stored. On the other hand, if the received data is seed information, the seed information is sent to the license determination unit (step S8005). The license determination unit receives this at the decryption key generation seed input unit 8009g and sends it to the decryption key generation unit 8009f to generate a new decryption key (step S8006). Decryption key generation unit 8009
In f, for example, either the common key method or the public key method may be used based on the seed information as in the fourth embodiment. The generated decryption key is stored in the decryption key storage 8009e.

The processing of license determination and license update is the same as in FIGS. 109 to 110.

[0434] In the case of distributing license information by broadcasting, if the license is sent to all information reproducing apparatuses (receiving terminals), anyone with a receiving terminal having the same specification can view the license. It cannot be said that it is managing. Therefore, it is necessary to provide license information for each receiving terminal, and it is necessary to include a receiving terminal ID in the license information so that receiving terminals other than the receiving terminal having the ID cannot receive. Therefore, in the receiving terminal, identification information (receiving terminal ID) for identifying each receiving terminal must be included in the license information identification information broadcasted so that only the license information addressed to the receiving terminal can be selectively received. desirable. Here, the receiving terminal ID in the license information identification information is called an effective terminal ID.

Each receiving terminal, that is, the license separating unit 8002 of the information reproducing apparatus as shown in FIG.
A unique receiving terminal ID is recorded in advance. When the license information is separated from the received data as shown in FIG. 121, the valid terminal ID included in the license information identification information is compared with the own receiving terminal ID, and only when the license information matches, To take in. Alternatively, after temporarily storing all license information in a predetermined memory, the valid terminal ID and the receiving terminal ID in the license information identification information stored in the memory are compared, and unnecessary license information is stored in the memory. You may make it erase from a memory.

Note that the information reproducing apparatus 7000 shown in FIGS. 107 and 118 can be configured using hardware resources provided as standard equipment in a general-purpose computer.

[0437] Also, the operation of the decryption key generation processing of the license information described in the present embodiment can be applied to the key generation unit 2006 of the decryption units A and C described in the second embodiment.

Further, when the license information includes the license authentication information as described in the present embodiment,
The processing operation of checking whether or not the license information is correctly decoded by the license information consistency check unit 7008c using the license authentication information is the same in the determination unit 2003 of the decoding units A to D described in the second embodiment. Can be done. That is, the determination unit 2003 of the decoding units A to D
Then, by comparing the license authentication information, a predetermined license determination may be performed after it is determined that the license information has been correctly decrypted.

As described above, according to the fourth embodiment, the key information for decrypting the license information is generated at every predetermined time in the license determination unit 7008, whereby the content information can be obtained. It is possible to improve the information security of the license information including the use condition and the decryption key of the content information.

Since the decrypted license information includes license authentication information for determining whether the decryption result is correct or not, a number of decryption keys for the license information are generated as time passes. Even in the situation, it can be easily determined whether or not the license information has been decrypted with one of the correct decryption keys.

Also, the decryption key of the license information is generated in the license determination unit 8009 based on the seed information broadcasted to the information reproducing apparatus, so that the decryption key can be easily updated. Fifth Embodiment (5-1) Outline FIG. 122 shows an example of the configuration of an information distribution system according to a fifth embodiment, wherein the encrypted content information to be charged is a DVD or the like. Rental service that is pre-recorded on a removable information storage medium (hereinafter, simply referred to as a disc) D, and rents the disc D by purchasing a license that enables reproduction of content information recorded on the disc D It is for providing. Here, the license means a right to use (reproduce and view) the content information stored on the disk D to be rented under predetermined conditions. Specifically, for example, the license is granted by selling license information that enables the content information to be reproduced for a limited number of times within a limited period to the user.

[0442] The license information for enabling the reproduction of the content information is recorded on a card-type recording medium (hereinafter simply referred to as a card) P having an arithmetic function such as an IC card and transferred to each user.

[0443] A license injection device 5003 is installed in each store that provides the rental disk D, and the license injection device 5003 and the center are connected via a predetermined communication line to form a network.
When a user who subscribes to the information distribution system service as shown in FIG. 122 goes to an arbitrary store on the network and rents a disk D on which desired content information is recorded, first, A predetermined procedure such as payment of a fee for a content use condition such as an information viewing period is performed. License injection device 5003
Creates license information based on the disk information sent from the center, including the disk key and usage conditions of the disk D, and records the license information on the card P.

[0444] The user brings back the disk D and the card P, inserts the card P into a card adapter 5004 suitable for the information distribution system, and sets the disk D on the player 5005, thereby satisfying the usage conditions included in the license information. As long as it is (for example, within the viewing period), the content information can be reproduced.

FIG. 123 shows an example of data recorded on a rental disk D in a store. As shown in FIG. 123, the disc D has a disc ID, one or more (for example, two types) of encrypted content information, and encrypted content corresponding to each piece of content information for decrypting the content information. Key and are recorded.

[0446] The content information recorded on one disc is encrypted with the corresponding content key, and the content key is encoded with a disc key predetermined for the disc ID of the disc. Is encrypted. The feature is that the disc key is not recorded on the disc.

The disc ID is identification information for identifying each disc, and may be uniquely determined for each disc, or may be common to discs storing content information of the same title. Alternatively, the disks manufactured at the same manufacturing factory on the same day may have the same disk ID.

For the disc ID, a disc key capable of decrypting an encrypted content key recorded on the disc (not included in the disc)
Is uniquely determined. But the converse is not always true. That is,
Just because the disk key for decrypting the content key is the same does not mean that the disk ID is the same.

[0449] The rental disk D does not include a disk key as shown in FIG. When renting a disk D, it is necessary to deliver a disk key necessary for decrypting the content stored on the disk D to the user.

Therefore, when renting the disk D, the license creation device 5001 provided at the center creates disk information including the disk key corresponding to the disk D. The disk key is stored in advance in the content DB 5002 provided at the center in association with the disk ID, as shown in FIG. 124, for example.

The present invention provides a secure delivery method for disk keys.

FIG. 125 schematically shows a distribution method of a disk key in the information distribution system shown in FIG. Broadly, the license creation device 50
01 and the license injection device 5003 constitute a key (disk key) distribution device, and the card adapter 5004 and the player 5005 use (for example, reproduce) content information using the key (disk key) distributed from the key distribution device.
To configure an information utilizing device. The card adapter 3004 has a determination device for determining the validity of the license.

[0447] If the disk key is the license creation device 50
From 01 to the card adapter 5004, it is encrypted with the encryption key ke together with the disc ID and the usage conditions of the content. That is, in the license information creating apparatus 5001, the disk key and the disk ID
The disk information including the password and the use condition is created, and further encrypted by the encryption key ke and distributed, and then decrypted by the card adapter 5004 holding the decryption key kd in advance, so that wiretapping or the like can be performed on the distribution path in the middle. Even if it is, the risk that the disk key is decrypted can be reduced.

Note that the license creation device 5001 and the license injection device 5003, which constitute the key distribution device, may belong to different persons who have a mutual interest, and in that case, in order to adjust the interest. (License creation device 5001 to license injection device 50
In order to prevent unauthorized acquisition of the disk information in the process of distributing to disk 03), the license creation device 50
In 01, it is desirable to encrypt the disk information before delivering it to the license injection device 5003.

[0455] Until the encrypted disk information including the disk key reaches the card adapter 5004, the information passes through the license injection device 5003 and the card P. Therefore, in order to protect the disk information on the distribution path during this time, the encrypted disk information is further encrypted and transmitted from the license injection device 5003 to the card adapter 50.
To 04.

For example, as shown in FIG. 125, in the license injection device 5003, the license creation device 5001
The license information is created by adding other information data to the disk information encrypted with the encryption key kd distributed from the company, and the license information is encrypted with the common key wl2 and written to the card P.

The shared key wl2 is, for example, a DH key distribution method (Diffie-Hellman Key Distributor).
card adapter 5004 and the license injection device 50 via the card P, as in a
It is generated from information (public parameters) exchanged between the card adapter 5003 and the secret parameters held by the card adapter 5004 and the license injection device 5003. The public parameter is generated from a secret parameter held in each of the card adapter 5004 and the license injection device 5003. An eavesdropper who knows only the public parameters cannot create the shared key wl2.

Only the card adapter 5004 whose public parameter has been exchanged with the license injection device 5003 can decrypt the disk information encrypted with the shared key wl2.

[0459] The card adapter 5004 generates a shared key wl2 from the public parameters distributed from the license injection device 5003 via the card P and the secret parameters held by itself, and uses the shared key to generate the shared key wl2. Then, the encrypted license information distributed from the license injection device 5003 is decrypted to obtain encrypted disk information. The encrypted disk information is decrypted using the decryption key ke, and the usage conditions and the like are checked to determine whether reproduction is possible. When it is determined that reproduction is possible, the disc key included in the disc information is passed to the player 5005.

[0460] Card adapter 5004 and player 500
If there is an insecure communication path between 5 and 5 that could be eavesdropped, it is still desirable to encrypt the disk key before distribution. Therefore, for example, as in the DH key distribution method, the card adapter 5004 and the player 500
5, using the shared key wd2 generated from the public parameters exchanged between the card adapter 5004 and the secret parameters held by the card adapter 5004 and the player 5004, and encrypting the disk key with the card adapter 5004, and then to the player 5005. To deliver.

When encrypting the disk key in the license creating apparatus 5001, disk information is created by adding a disk ID, content use conditions, and the like, and then encrypted. When encrypting the disk information with the license injection device 5003, the identification information (KID) of the card P,
The license information is added after the identification information (AID) of the card adapter 5004 and the like are added, and then encryption is performed. The license information may further include a creation time of the license information.

In the card adapter 5004 and the card P, it is desirable that each identification information is protected so that it cannot be read from outside and cannot be modified.

The license information includes the identification information of the card P (K
ID), identification information (AID) of the card adapter 5004
When the license injection device 5003 is included, the license injection device 5003 needs to acquire the KID and the AID before creating the license information.

When delivering the identification information KID from the card P to the license injection device 5003, it is desirable that the KID be encrypted before delivery. Therefore, for example, like the DH key distribution system, the license injection device 50
03, public parameters exchanged between the card P and
Shared key wk generated from license injection device 5003 and secret parameters held in each of card P
Is used to encrypt the identification information KID with the card P and distribute it to the license injection device 5003.

When distributing the identification information AID from card adapter 5004 to license injection device 5003 (via card P), it is desirable to encrypt the AID before distributing it. Thus, for example, like the DH key distribution method, the public key is generated from public parameters exchanged between the license injection device 5003 and the card adapter 5004 and secret parameters held by each of the license injection device 5003 and the card adapter 5004. The license injection device 500 encrypts the identification information AID with the card adapter 5004 using the shared key wl1
3 The license information includes card P identification information (KID) and card adapter 5004 identification information (AI
When D) is included, the card adapter 5004 can compare the AID of the card adapter 5004 itself with the KID of the card P currently inserted in the card adapter 5004 when determining whether reproduction is possible based on the license information. Information security can be further improved.

As shown in FIG. 125, in order to safely distribute the disk key from the license creation device 5001 to the information reproducing device on the user side, each device on the distribution route has the following secret parameter. Holds confidential information, including:

The license creation device 5001 holds an encryption key Ke for encrypting disk information, and the card adapter 5004 holds a decryption key Kd for decrypting disk information.

The card adapter 5004 and the license injection device 5003 authenticate each other and use the number X (l) for encryption / decryption of license information.
And a key generation algorithm Al (Pl) for generating the same key when the same seed is given, and a sufficiently large prime number Prl. These are used for both authentication and encryption / decryption of license information. Here, Pl is a parameter of the algorithm Al and the card adapter 500
4 and the license injection device 5003
1 and the parameter Pl. X (l), A
The l, Pl, and Prl are stored in the card adapter 5004 and the license injection device 5003 in such a manner that they are difficult to read from outside.

The license injection device 5003 and the card P
Shares the number X (k), a key generation algorithm Ak (Pk) that generates the same key when the same seed is given, and a sufficiently large prime number Prk. These are used for both authentication and encryption / decryption of the identification information KID of the card P. Here, Pk is a parameter of the algorithm Ak, and the license injection device 5003 and the card P share the algorithm Ak and the parameter Pk. X (k), Ak, Pk, and Prk are stored in the license injection device 5003 and the card P in a protected manner so that reading from the outside is difficult.

The card adapter 5004 and the card P share a number X (k), a key generation algorithm Ak (Pk) for generating the same key when given the same seed, and a sufficiently large prime number Prk. These are used for both authentication and encryption / decryption of the identification information KID of the card P. Here, Pk is a parameter of the algorithm Ak, and the card adapter 5004 and the card P share the algorithm Ak and the parameter Pk. X
(K), Ak, Pk, and Prk are license injection devices 5
003 and the card P are stored in such a manner that reading from the outside is difficult.

[0471] Card adapter 5004 and player 5
005 is a number X (D), a key generation algorithm AD (PD) that generates the same key when the same seed is given,
Share a sufficiently large prime number PrD. This is used for both authentication and encryption / decryption of the disk key.
Here, PD is a parameter of the algorithm AD,
The card adapter 5004 and the player 5005 share the algorithm AD and the parameter PD. X
(D), AD, PD, PrD are card adapter 500
4 and the player 5005 are stored in such a manner that reading from the outside is difficult.

The player 5005 has the decryption key KpD,
The card P stores the decryption key KpC, the card adapter 5004 stores the decryption key KpA, and the license injection device 5003 stores the decryption key KpL in such a manner that it is difficult to read from the outside. Decryption keys KpD, Kp
C, KpA, and KpL are public keys of a public key cryptosystem. Four corresponding secret keys KsD, KsA, and K
The license creation device 5001 holds sC and KsL. These public key and private key are obtained by
(L), X (k), X (D), parameters Pl, Pk,
It is used when updating PD, prime numbers Prl, Prk, PrD, and the like.

[0473] As described above, the disk key is distributed with being protected twice by the encryption technique.

(5-2) License Creation Apparatus FIG. 126 shows an example of the configuration of the license creation apparatus 5001. Hereinafter, the configuration of the license creation apparatus 5001 and disk information creation will be described with reference to the flowchart shown in FIG. The processing operation will be described.

The creation of the disc information is performed, for example, every 12 hours. For the sake of simplicity, as a content usage condition,
It is assumed that a viewable period (expiration date) is used, and disk information for giving a predetermined license that the viewable period of the content is one week is created.

[0476] Now, it is assumed that the start times of the viewable period are 0:00 and 12:00. License creation device 5001
Starts the creation of disk information, for example, three hours ago.
That is, creation of disk information is started at 21:00 and 9:00.
The creation of disk information for giving a license whose viewable period starts at 9:00 will be described. 9 o'clock clock 500
1a issues a disc information creation instruction to the information acquisition unit 5001b (steps S5001 to S5001).
5002). The information acquisition unit 5001b is an expiration date creation unit 5
The current date and time information (for example, 9:00 on April 2, 1981) received from the clock 5001a is transmitted to 001c (step S5003).

The expiration date creation unit 5001c returns the date and time of the expiration date one week later (for example, 12:00 on April 9, 1981) to the information acquisition unit 5001b based on the date and time information, starting from 12:00 on the day. (Step S5004). Next, the information acquisition unit 5001b sets the content DB 5002
, A pair of information of the disk ID and the disk key is read out, merged with the expiration date to create disk information, and transferred to the first encryption unit 5001d (step S).
5005). The disk information includes a disk ID, a disk key, and an expiration date.

[0478] The first encryption unit 5001d reads the encryption key ke from the first encryption key storage unit 5001e, and encrypts the disk information (step S5006). The plain disk ID is added to the encrypted disk information,
License injection device 50 via a predetermined network
03 (step S5007).

The above steps S5005 to S50
07 is repeated to create disk information for all content IDs registered in the content DB 5002 (step S5008).

The license injection device 5003 converts the encrypted disk information received from the license creation device 5001 into an internal license DB 5003f (see FIG. 127).
Then, as shown in FIG. 132, it is stored in association with the disk ID.

It is important that the disk information includes an expiration date. Although the license injection device 5003 is placed in a store, it is difficult to be attacked, but it is possible that the license injection device 5003 is stolen. However, since the disk information including the expiration date does not guarantee a permanent license, the motivation to steal the license injection device 5003 is weakened. In addition, in order to decrypt the disk information and attempt to steal a permanent license (that is, obtain a disk key), the decryption key K stored in the card adapter 5004 is used.
It is necessary to steal d and secret information for encryption / decryption of disk information. However, if both the decryption key Kd and the secret information are strictly protected in hardware, this operation is very difficult.

(5-3) License Injection Device FIG. 127 shows a configuration example of the license injection device 5003.

[0483] The card P is inserted into the card mounting section 5003a. When the card P is confirmed to be properly mounted by the card mounting confirmation unit 5003b, the card P and the license injection device 5003 are connected to the card mounting unit 5
003a is ready for communication.

[0484] The random number generation unit 5003k
(KID), ID of card adapter 5004 (AI
D) Generate random numbers al, cl, and ak used for encryption / decryption of license information (Lic).

[0485] In the base storage section 5003m, secret parameters X (l), Prl, X (k), and Prk are stored in advance.

[0486] The power-of-power calculation unit 5003j includes the random number generation unit 50
The public parameter (first to third seed generation information) is calculated from the random number generated in 03k and the secret parameter stored in the base storage unit 5003m. In addition, a first seed is generated from the first seed generation information transferred from the card P and the random number ak generated by the random number generation unit 5003k. Also, the card adapter 5 via the card P
A second seed is generated from the second seed generation information transferred from 004 and the random number al generated by the random number generation unit 5003k. In addition, the third seed generation information transferred from the card adapter 5004 via the card P and the random number cl generated by the random number generation unit 5003k,
Generate a seed for

For example, a random number al and a secret parameter (X
(L), Prl) and second seed generation information X (l)
Calculate ^al (mod Prl). Hereinafter, in the case of expressing the power of the width, it is described as "X (l) @al" using the symbol "@".
Also, mod is a remainder (in this case, X (l) ^al is a prime number Pr
the remainder when multiplied by 1). Further, first seed generation information X (k) ＾ ak (mod Prk) is calculated from the random number ak and the secret parameters (X (k), Prk).

The shared key generation section 50031 stores in advance key generation algorithms Al (Pl) and Ak (Pk). The algorithm Ak (Pk) is applied to the first seed to generate a first shared key wk1, the algorithm Al (Pl) is applied to the second seed to generate a second shared key wl1, and the third seed is generated. A third shared key wl2 is generated by applying the algorithm Al (Pl) to the seed of. Key generation algorithm Al (Pl), Ak (Pk) as first to third seeds
Is applied, the data length of the first to third seeds can be reduced.

[0489] Decryption section 5003d includes shared key generation section 500
The encrypted card ID ([KID] wk1) and the encrypted card adapter ID ([AID] wl1) are decrypted using the shared keys wk1 and wl1 generated in 3l.

[0490] The disc D to be rented by the user is inserted into the disc connection unit 5003g, and the ID (DID) of the disc D is read.

[0491] Card database (DB) 5003i
Is for storing the correspondence between the ID of the card P issued to the user and the ID of the corresponding card adapter 5004.

[0492] License database (DB) 5003
f is for storing the encrypted disk information transferred from the license creation device 5001.
As shown in the table, the encrypted disk information is a disk ID.
(DID) is stored.

[0493] The license creating unit 5003e creates a license for the disk when the user wants to rent the disk. That is, the ID of the disk D read by the disk connection unit 5003g (D
Using the ID) as a key, the encrypted disk information is retrieved from the license DB 5003f, the card P possessed by the user and the ID (KID, AID) of the card adapter 5004 are read from the card DB 5003i.
The current time is read from 03h, and license information including encrypted disk information, license creation time, KID, and AID is created.

The license information created here is the shared key w generated based on the public parameters exchanged with the card adapter 5004 via the card P.
It is encrypted with l2.

[0495] The control unit 5003c controls the entire license injection device 5003.

(5-4) Card FIG. 128 shows a configuration example of the card P.

[0497] The card P is supplied to the license injection device 5003 and the card adapter 50 via the device mounting section 5101.
When the device P is connected to the license injection device 5003 or the card adapter 5004 by the device insertion confirmation unit 5102, the card P and the license injection device 5003 or the card adapter 5004 are connected to the device. Communication is enabled via the mounting unit 5101. When transferring the ID (KID) of the card P to the license injection device 5003 and the card adapter 5004, the random number generation unit 5107
Random number bk, dk used for encryption / decryption of D (KID)
Occurs.

The base storage unit 5109 stores secret parameters X (k) and Prk in advance.

[0499] The power-of-power calculation unit 5106 includes a random number generation unit 510.
The public parameters (first seed generation information and fifth seed generation information) are calculated from the random number generated in step 7 and the secret parameter stored in the base storage unit 5109. In addition, a first seed is generated from the first seed generation information transferred from the license injection device 5003 and the random number bk generated by the random number generation unit 5107. In addition, a fifth seed is generated from the fifth seed generation information transferred from the card adapter 5004 and the random number dk generated by the random number generation unit 5107.

The shared key generation unit 5108 stores a key generation algorithm Ak (Pk) in advance. The algorithm Ak (Pk) is applied to the first seed to generate a first shared key wk1, and the algorithm Ak (Pk) is applied to the fifth seed.
k) is applied to generate a fifth shared key wl1. First,
By applying the key generation algorithm Ak (Pk) to the fifth seed, the data length of the first and fifth seeds can be reduced. The ID (identification information) for uniquely identifying the card P, that is, the KID is stored in the KID storage unit 5105 in advance.

[0501] The KID encryption unit 5104 converts the KID stored in the KID storage unit 5105 into a shared key generation unit 510.
8 is encrypted with the shared keys wk1 and wk2 generated.

[0502] The control unit 5103 controls the entire card P.

(5-5) Card Adapter The card P is inserted into the card mounting section 5004a. When the card P is confirmed to be properly mounted by the card mounting confirmation unit 5004b, the card P and the card adapter 5004 enter a communicable state via the card mounting unit 5004a.

[0504] The random number generation unit 5004k
Own ID (AID) stored in advance in 004f,
License information (Lic), ID of disk D (DID) set in player, ID of card P (KI
D), random number b used for encryption / decryption of the disk key
Generate l, aD, ck, and dD.

[0505] The random number storage unit 50041 is
The random numbers bl, aD, and ck generated at 04k are stored.

[0506] In the base storage unit 5004m, secret parameters X (l), Prl, X (k), Prk, X (D), P
rD is stored in advance.

[0507] The power-of-power calculation unit 5004j includes the random number generation unit 50
A public parameter (second, fourth, fifth, and sixth seed generation information) is calculated from the random number generated in 04k and the secret parameter stored in the base storage unit 5004m.
Also, the second seed generation information and the random number generation unit 5 transferred from the license injection device 5003 via the card P
A second seed is generated from the random number bl generated at 004k. Further, the license injection device 5 is transmitted via the card P.
A third seed is generated from the third seed generation information transferred from 003 and the random number bl generated by the random number generation unit 5004k. Further, a fourth seed is generated from the fourth seed generation information transferred from the player 5005 and the random number aD generated by the random number generation unit 5004k. Further, a fifth seed is generated from the fifth seed generation information transferred from the card P and the random number ck generated by the random number generation unit 5003k. A sixth seed is generated from the sixth seed generation information transferred from the player 5005 and the random number dD generated by the random number generation unit 5004k.

The shared key generation unit 5004i stores in advance key generation algorithms Al (Pl), Ak (Pk), and AD (PD). Algorithm Al for the second seed
(Pl) is applied to generate a second shared key wl1.
A third shared key wl2 is generated by applying an algorithm Al (Pl) to the seed of
D (PD) is applied to generate a fourth shared key wD1, and algorithm Ak (Pk) is applied to the fifth seed to obtain a fifth shared key wD1.
And the algorithm AD (PD) is applied to the sixth seed to generate a sixth shared key wD2. The key generation algorithm Al (P
l), by applying Ak (Pk), the second to sixth
Of the seed can be reduced.

[0509] The encryption / decryption unit 5004o encrypts the disk key with the shared key wD2 generated by the shared key generation unit 5004i. Also, using the shared keys wl2, wD1, and wk2 generated by the shared key generation unit 5004i, the encrypted license information [Lic] wl2, the encrypted disk ID
[DID] wD1, Encrypted card ID [KID] wk2
Is decrypted.

[0510] An ID (identification information) for uniquely identifying the card adapter 5004, that is, an AID is stored in the AID storage unit 5004f in advance.

[0511] The AID encryption unit 5004d stores the AID stored in the AID storage unit 5004f in the shared key generation unit 5
Encrypt with the shared key wl1 generated in 004i.

[0512] The encryption key ke is stored in the kd storage unit 5004g.
And a decryption key kd for decrypting the disk information encrypted in.

[0513] To the player connection section 5004m, a player 5005 is connected so as to be able to communicate with the card adapter 5004.

[0514] The license determination unit 5004e determines that the card P
Decrypts the encrypted disk information included in the license information transferred from the license injection device 5003 via the license injection device 5003 using the key kd. License determination processing (Fig. 139-
In FIG. 140), the following conditions are checked. A card ID (KID) and a card adapter ID (AID) included in the license information, and a license determination unit 5004
The card ID (KID) of the card P inserted in e and the card adapter ID (AID) stored in the AID storage section 5004f match. The license information creation time is earlier than the current display time of the clock 5004h. The disc ID (DID) included in the disc information and the I of the disc D currently set in the player 5005
D must match ・ The current display time of the clock 5004h satisfies the expiration date included in the disc information When the above conditions are satisfied, the license determination unit 5004e
Indicates the disc key included in the disc information
005. At this time, the disc key is encrypted with the shared key wD2 generated based on the sixth seed generation information exchanged with the player 5005 via the player connection unit 5004n.

(5-6) Player A card adapter 5004 is connected to the card adapter connection section 5005a so as to be able to communicate with the player 5005.

[0516] The random number generation unit 5005i generates the ID (DID) of the disk D read from the disk D set in the disk drive 5005d and the random numbers bD and cD used for encrypting and decrypting the disk key.

[0517] The random number storage unit 5005k includes the random number generation unit 50
The random number cD generated in 05i is stored.

[0518] The secret parameters X (D) and PrD are stored in the base storage section 50051 in advance.

[0519] The power calculator 5005h includes the random number generator 50.
A public parameter (fourth and sixth seed generation information) is calculated from the random number generated in 05i and the secret parameter stored in the base storage unit 5005l. In addition, a fourth seed is generated from the fourth seed generation information transferred from the card adapter 5004 and the random bD generated by the random number generation unit 5005i. Also, the card adapter 500
A sixth seed is generated from the sixth seed generation information transferred from No. 4 and the random cD generated by the random number generation unit 5005i.

[0520] The shared key generation unit 5005j stores a key generation algorithm AD (PD) in advance. Applying the algorithm AD (PD) to the fourth seed, the shared key wD
1 is generated. The algorithm AD (P
D) is applied to generate a shared key wD2. By applying the key generation algorithm AD (PD) to the fourth and sixth seeds, the data length of the fourth and sixth seeds can be reduced.

[0521] The disk D is set in the disk driver 5005d, and the disk ID (DID), the encrypted content information, and the encrypted content key stored in the disk D are read. Disk ID (DID)
Is transferred to the DID encryption unit 5005c, and the encrypted content information and the encrypted content key are
5f.

[0522] The DID encryption unit 5005c performs
D (DID) is encrypted with the shared key wD1 generated by the shared key generation unit 5005j.

[0523] The disk key decryption unit 5005e transmits the encrypted disk key [disk key] wD2 to the shared key generation unit 5
Decryption is performed with the shared key wD2 generated in 005j. The decrypted disk key is transferred to the reproducing unit 5005f.

[0524] The reproducing unit 5005f decrypts the encrypted content key using the disk key, decrypts the encrypted content information using the decrypted content key, reproduces the information, and outputs it to the output unit 5005g.

(5-7) Procedure for Distributing Disk Key (Part 1) Next, referring to the sequence diagram shown in FIG. 133 and the flowcharts shown in FIGS. 134 to 140, the disk key distribution in the information distribution system shown in FIG. The outline of the distribution procedure will be described in the order of subscription to the disk rental service, rental of the disk, and reproduction of the content.

First, a description will be given of the time of subscription to the disc rental service.

Step x1: The card P issued to the user is inserted into the license injection device 5003. The license injection device 5003 generates a random number al. To obtain the ID (AID) of the card adapter 5004,
From the random number al and the secret parameters (X (l), Prl), public parameters necessary for encrypting the AID,
That is, the second seed generation information X (l) @al (mo
d Prl) is calculated and transferred to the card P. (FIG. 13
Step S6001 to Step S6003).

Step x2: Further, the license injection device 5003 generates a random number ak. Card P ID
In order to obtain (KID), first seed generation information X is obtained from random number ak and secret parameters (X (k), Prk).
(K) ＾ ak (mod Prk) is calculated and transferred to the card P (step S6010 to step S60 in FIG. 135)
6011).

Step x3: The card P receives the first seed generation information, and generates a random number bk. Random number bk
From the first seed generation information and the first seed (X (k)
＾ ak) ＾ bk = X (k) ＾ (ak · bk) (mod
Prk) is calculated. By applying a previously stored algorithm Ak (Pk) to this first seed, the shared key w
Generate k1. ID of card P using shared key wk1
(KID) is encrypted. Hereinafter, the KID encrypted with the shared key wk1 is referred to as [KID] wk1. Further, [K] is obtained from the random number bk and the secret parameters (X (k), Prk).
[ID] wk1 is calculated and first seed generation information X (k) ｋbk (mod Prk) is calculated, and [K
[ID] wk1 and the first seed generation information are transferred to the license injection device 5003 (steps S6012 to S6016 in FIG. 135).

The license injection device 5003 generates the first seed from the first seed generation information transferred from the card P and the previously generated random number ak. In this first seed, an algorithm Ak stored in advance is stored.
(Pk) is applied to generate a shared key wk1, and [KID]
By decrypting wk1, the ID (KID) of the card P is obtained (steps S6017 to S6019).

[0531] The ID of the card P thus obtained
Is stored in the card database (DB) 5003i in association with the previously generated random number al (step S6021 in FIG. 135). The information stored in the card DB 5003i is used later when decoding the card adapter ID (AID) acquired via the card P. At this point, the card P has the second seed generation information X (l) @al (mod) received from the license injection device.
Prl) is stored.

Step x4: The user brings back the card P subjected to the above processing and inserts the card P into the card adapter 5004 at home. Then, the card adapter 5004 reads the second seed generation information from the card P. Further, the card adapter 5004 generates a random number bl, and uses the random number bl and the second seed generation information to generate a second seed X (l) ＾ (al · bl) (mod
Prl) is calculated. Applying the algorithm Al (Pl) stored in advance to this second seed, the shared key w
Generate l1. Then, the identification information AID of the card adapter 5004 is encrypted using the shared key wl1.
Hereinafter, the AID encrypted with the shared key wl1 is referred to as [AID]
wl1.

Step x5: The second seed generation information X (l) ＾ bl (mod Prl) is calculated from the previously generated random number bl and the secret parameter (X (l), Prl), and the second seed generation information is calculated. The generation information and [AID] wl1 are transferred to the card P (steps S6004 to S6004 in FIG. 134).
Step S6009).

At this point, the card P stores the second seed generation information and [AID] wl1. At this time, in the card P, the second
, The seed generation information X (l) @al (mod Prl) may be deleted. The card adapter 5004 stores the random number bl in the random number storage unit 50 in order to decrypt the license information later.
04l.

When the user wants to rent a disk, he / she brings the card P, goes to, for example, a member store of a disk rental service (a store where the license injection device 5003 is installed), selects a desired disk, and And present it to the clerk with the card P.

Step x6 to step Sx7: The inserted card P and disk D are stored in the license injection device 50.
03 is inserted. The license injection device 5003 obtains the identification information of the card P from the card P in the same manner as step x2 to step x3 to obtain the ID (KID) of the card P (step S6001, FIG. 134). Steps S6010 to S6019 in FIG. 135). The random numbers ak, b generated at this time
Although k does not always match the random numbers ak and bk in steps x2 to x3, this does not affect the acquisition of the KID.

Step x8: The card P sends the second seed generation information and [AID] to the license injection device 5003.
Transfer wl1. The license injection device 5003 searches the card DB 5003i for a random number al corresponding to the card ID (KID) acquired in step x7. If the card P has gone through the proper procedure described above,
The random number al corresponding to the card ID (KID) should have been registered in the card DB 5003i. The license injection device 5003 calculates a second seed X (l) ＾ (al · bl) (mod Prl) from the second seed generation information transferred from the card P and the retrieved random number al, and calculates an algorithm Al By applying (Pl)
Generate a shared key wl1. Using the shared key wl1, [AI
D] wl1 is decrypted and the ID of the card adapter 5004 is
(AID) is obtained (steps S6020 to S6021 in FIG. 135 and steps S6022 to S6026 in FIG. 136).

[0538] The license injection device 5003 uses the card D
The identification information AID of the card adapter 5004 is stored in the B 5003i in association with the identification information of the card P (step S6027 in FIG. 136).

[0539] Thus, the license injection device 5003
Can recognize the combination of the card ID (KID) and the card adapter ID (AID) given to the user. Even when the user uses a plurality of card adapters, the license injection device 5003 can grasp the IDs of all the card adapters possessed by the user by the procedures of the steps x1 to x8. In this case, the card DB 5003i has a plurality of card adapter IDs for one card ID (KID).
(AID) are stored in association with each other.

Step x9: On the other hand, the license injection device 5003 acquires the ID (DID) of the inserted disk D from the inserted disk D, and obtains the license DB 5003
The encrypted disk information corresponding to the disk ID is obtained from f. A clock 5003 is added to the encrypted disk information.
h is merged as the license information creation time, and the information (the user's card ID (KID) or card adapter ID (A) included in the card DB 5003i is merged.
ID)) as necessary, and license information (L
ic). That is, Lic = encrypted disk information + license information creation time (+ AID + KID). Whether to include AID and KID in the license information Lic is determined, for example, by the store. Alternatively, the license creation device 5001 may determine whether AID and KID are necessary or not, and may record the determined content in the license DB 5003f in association with the card ID (as additional information) (in this case, the license injection device 5003). If there is this additional information, AID and KID may be merged with the license information Lic according to the additional information.) Including the AID in the license information Lic means that the license is limited to a specific card adapter. Including the KID in the license information Lic means that the license is limited to a specific card (FIG. 136).
Steps S6028 to S6030).

The license injection device 5003 generates a random number cl. Since the second seed generation information X (l) ＾ bl (mod Prl) has already been read from the card P, the license injection device 5003 uses the random number cl and the second seed generation information to obtain the third seed X ( l) ＾
Calculate (bl · cl) (mod Prl). The algorithm Al (Pl) is applied to the third seed to generate a key wl2 and encrypt the license information Lic. Hereinafter, the license information Lic encrypted with the shared key wl2 is referred to as [Lic] wl2. Further, [lic] is obtained from the random number cl and the secret parameters (X (l), prl).
public parameters necessary for decoding wl2, that is, third seed generation information X (l) ＾ cl (mod P
rl), and transfers the third seed generation information and the encrypted license information [Lic] wl2 to the card P (steps S6031 to S603 in FIG. 136).
5). At this time, the card P stores the encrypted license information [Lic] wl2 and the third seed generation information. [AID] wl1 previously stored in the card P is already stored in the license injection device 5003.
, It may be deleted.

[0542] The user can use the card P that has been subjected to the above processing.
And the disk D, and the content can be reproduced using the card adapter 5004 and the player 5005 at home.

Step x11: In order to reproduce the contents, the user inserts the card P into the card adapter 5004 and sets the disc D on the player 5005.
The card adapter 5004 reads the encrypted license information [Lic] wl2 and the third seed generation information from the card P, and obtains a third seed X from the third seed generation information and the random number bl temporarily stored in step x5. (L) ＾
Calculate (bl · cl) (mod Prl). The algorithm Al (Pl) is applied to this third seed to generate a shared key wl2, and the encrypted license information [Lic]
wl2 is decoded (steps S6046 to S6049 in FIG. 138).

Step x12: On the other hand, the player 500
5 is the disk ID (DI
Read D).

Step x13: Card adapter 500
4 generates a random number aD. Card adapter 5004
Means that the player 5005 sends the disc I of the disc D
In order to obtain D (DID), a public parameter necessary for encrypting the disc ID (DID) to the player 5005, that is, fourth seed generation information is generated.
That is, the random number aD and the secret parameters (X (D), P
rD) and the fourth seed generation information X (D) ＾ aD (m
odPrD) and transfers it to the player 5005 (steps S6036 to S60 in FIG. 137).
37).

Step x14: The player 5005
Upon receiving the fourth seed generation information, a random number bD is generated, and a fourth random number is generated from the fourth seed generation information and the random number bD.
Seed X (D) ＾ (aD · bD) (mod PrD)
Is calculated, a shared key wD1 is generated by applying the algorithm AD (PD), and the disk ID (DID) is encrypted. Hereinafter, the DID encrypted with the shared key wD1 is referred to as [DI
D] wD1. Further, a public parameter necessary for decoding [DID] wD1 from the random number bD and the secret parameters (X (D), PrD), that is, fourth seed generation information X (D) ＾ bD (mod PrD) is obtained. The [DID] wD1 and the fourth seed generation information are transferred to the card adapter 5004 (steps S6038 to S6042 in FIG. 137).

In the card adapter 5004, the player 5
005 and the fourth seed generation information transferred from [D.
[ID] wD1, the fourth seed X (D) ＾ (aD · b) based on the fourth seed generation information and the random number aD.
D) Calculate (mod PrD). The algorithm AD (PD) is applied to this fourth seed to generate a shared key wD1, and [DID] wD is decrypted to obtain a disk ID (DI
D) is obtained (steps S6043 to S6045 in FIG. 137).

Next, the flow advances to step S6050 in FIG. 138 to perform processing (license determination processing) for determining whether content information can be decrypted based on license information (FIG. 13).
9 to FIG. 140).

When the license information includes the card adapter ID, the card adapter 5004
Card adapter ID stored in storage unit 5004f
(AID) and the card adapter ID (AID) included in the license information are compared. If they do not match, the license information is
Since it does not conform to 4, the processing is stopped. AI
If D matches, the process proceeds to the next process (steps S6061 to S6062 in FIG. 139).

Step x15: If the license information includes the card ID, the card adapter 5004
Obtains the identification information KID from the card P,
First, a random number ck is generated, and the card ID (KI
Generate public parameters necessary for encrypting D), that is, fifth seed generation information. That is, from the random number ck and the secret parameters (X (k), Prk), the fifth
Is calculated and transferred to the card P (step S6 in FIG. 139).
063 to step S6065).

Step x16: Upon receiving the fifth seed generation information, the card P generates a random number dk, and obtains a fifth seed X from the fifth seed generation information and the random number dk.
(K) Calculate ＾ (ck · dk) (mod Prk). The algorithm Ak (Pk) is applied to the fifth seed to generate a key wk2, and the card ID (KI
D) is encrypted. Hereinafter, the KID encrypted with the shared key wk2 is referred to as [KID] wk2. Further, a public parameter necessary for decoding [KID] wk2 from the random number dk, that is, fifth seed generation information X (k) ｋdk
(Mod Prk) is calculated, and the fifth seed generation information and [KID] wk2 are transferred to the card adapter 5004 (steps S6066 to S6070).

The card adapter 5004 calculates the fifth seed from the fifth seed generation information transferred from the card P and the random number ck. Applying the algorithm Ak (Pk) to this fifth seed to generate a key wk2,
[KID] Decode the KID from wk2. This card P
If the card ID (KID) sent from the PC and the card ID (KID) included in the license information match, the process proceeds to the next process. Otherwise, since the license information stored in the card P is incompatible with the card P, the subsequent processing is stopped (steps S6071 to S6074).

Step x17: Next, the card adapter 5004 checks the license information creation time included in the license information. Set the license information creation time to T
It will be expressed as l. Card adapter 5004 is clock 50
The current display time Tc is obtained from 04h. Tc <= Tl
Indicates that the current display time Tc is late. In fact, the time Tl at which the license information was created must be earlier than the current display time Tc.
Therefore, when Tc <= Tl, the card adapter 500
4 judges that the clock 5004h is incorrect, and stops the subsequent processing. Alternatively, a slight allowable error range Te (>
0) may be set in advance, and only when Tc> Tl + Te is satisfied and only then, the process proceeds to the subsequent processing (step S6075 in FIG. 140).

Next, the encrypted disk information included in the license information is decrypted by using the previously stored decryption key kd (step S6076). The disk information includes a disk ID (DID), a disk key, and a validity period (TL). First, the expiration date TL is compared with the current display time Tc of the clock 6004h. TL <T
If c, the license has expired,
The card adapter 5004 stops the subsequent processing. Alternatively, a slight allowable error Te '(> 0) may be set in advance, and the process may proceed to the subsequent process only when Tc ≦ TL + Te ′ is satisfied and only at that time (step S60).
77).

[0555] Finally, the card adapter 5004 compares the disk ID (DID) included in the disk information with the disk ID of the previously obtained disk D, and if the two do not match, the license information indicates the current license information. Since this is for a disc different from the disc D set in the player 5005, the subsequent processing is stopped.
If the disc IDs match, it is determined that the reproduction of the content information recorded on the disc D is possible (step S6078).

[0556] When it is determined that reproduction is possible, the card adapter 5004 first transfers the disc key included in the disc information to the player 5005.
005 is instructed to generate a random number.

Step x18: Upon receiving the random number generation instruction, the player 5005 generates a random number cD, and obtains a sixth random number from the random number cD and secret parameters (X (D), PrD).
138 is calculated and transferred to the card adapter 5004 (FIG. 138).
Steps S6051 to S6052).

Step x19: Card adapter 500
4 receives the sixth seed generation information, and generates a random number dD. From the sixth seed generation information and the random number dD, the sixth
Seed X (D) ＾ (cD · dD) (mod PrD)
Is calculated, and the algorithm AD (P
Applying D), a shared key wD2 for disk key encryption
Is generated, and the disk key is encrypted with the shared key wD2.
Hereinafter, the disk key encrypted with the shared key wD2 is referred to as [disk key] wD2. Further, the disc key is obtained from the random number dD and the secret parameters (X (D), PrD).
Public parameters necessary for decoding wD2, that is, sixth seed generation information X (D) ＾ dD (mod P
rD), and transfers the sixth seed generation information and [disk key] wD2 to the player 5005 (steps S6053 to S6056).

In the player 5005, the card adapter 5
From the sixth seed generation information transferred from 004 and the random number CD, the sixth seed X (D) ＾ (cD · dD) (m
odPrD). The algorithm AD (PD) is applied to the sixth seed to generate a shared key wD2 and decrypt the [disk key] wD2 (step S6).
057 to step S6059).

The player 5005 can use this disc key to decrypt the encrypted content key stored on the disc D, and can use this content key to decrypt and reproduce the encrypted content information (step S500). S6060).

Note that the decryption key Kd of the encrypted disk information is
Can be stored in the player 5005. In this case, the player 500 decrypts the encrypted disk information.
5 The clock 5004h referred to for determining the validity such as the license information creation time and the expiration date is the card adapter 5004, so that the expiration date cannot be included in the encrypted disk information. Therefore, in such a case, the component of the encrypted disk information transferred from the license creation device 5001 to the license injection device 5003 is “disk ID + disk key”. The expiration date is set by the license injection device 5003, and when the license information is created in step x9 described above, the expiration date is merged with the encrypted disk information, and the encrypted disk information, license information creation time, expiration date, Card ID (KID) and Card Adapter ID (AID) as required
May be created.

In the card adapter 5004, the decryption key K
The validity of the expiration date is determined without decrypting the disk information by d.

The advantages of having the player 5005 hold the decryption key Kd are as follows: Since the encrypted disk information stored in the license injection device 5003 does not include an expiration date, there is no need to update the disk information. That is, the license creation device 5
001 creates only the encrypted disk information of the newly added rental disk,
03 may be appropriately transferred.

[0564] On the other hand, the disadvantages are as follows: Since the encrypted disk information is not updated, the motivation against unauthorized use of the license injection device 5003 is increased.

In order to protect the decryption key Kd in the player 5005, the security of the player 5005 must be increased.

[0566] Now, according to the above-described disc key distribution procedure, a procedure performed by the user will be briefly described.

I) When subscribing to the disk rental service, the user is issued a card P at a member store of the disk rental service. At this time, the card adapter 5004 is purchased or the card adapter 5004 is lent.

[0568] ii) The user inserts the card P into the card adapter 5004 connected to the player 5005 at home.

Iii) When the user rents a disk, the user goes to the store with the card P, selects a desired rental disk D, and receives a license injection into the card P in exchange for the price.

[0570] iv) The user takes the disk D and the card P home, inserts the card P into the card adapter 5004, and plays the disk D. During the license validity period, the disc D can be reproduced any number of times.

V) Thereafter, when the user rents a disk, the above iii) to iv) are repeated.

(5-8) Procedure for Distributing Disk Key (Part 2) By the way, when a card P is issued and a disk can be rented at the time of subscription to a disk rental service, it is more convenient for the user. The procedure performed by the user in this case will be briefly described.

I) When subscribing to the disk rental service, the user is issued a card P at a member store of the disk rental service. At this time, the card adapter 5004 is purchased or the card adapter 5004 is lent.

Ii ') The user selects the desired rental disk D, and receives a license injection into the card P in exchange for the price.

Iii ') The user enters the disk D and the card P
Are brought back home, the card P is inserted into the card adapter 5004, and the disk D is reproduced. You can play the disc any number of times during the license period.

Iv ') Thereafter, when the user rents a disc, the above steps ii') to iii ') are repeated.

Next, a procedure for distributing a disk key in such a case will be described.

The sequence diagram shown in FIG. 141 and FIG.
Referring to the flowcharts shown in FIGS.
The outline of another distribution procedure of the disc key in the information distribution system 2 will be described in the order of subscribing to the disc rental service, renting the disc, and reproducing the content.

All card adapters 5004 and license injection devices 5003 provided to users who subscribe to the disk rental service share the random number bl0. It is desirable that the random number bl0 be stored in, for example, a ROM or the like and protected so that it is difficult to read out from the outside of the card adapter.

The random number bl0 is stored in the license injection device 500.
3. Assume that they are stored in advance in the respective base storage units 5003m and 5004m of the card adapter 5004. First, a description will be given of the time of subscription to the disc rental service.

Step y1-step y2: The card P issued to the user is inserted into the license injection device 5003. The license injection device 5003 converts the card P to the card ID (KID) in the same manner as steps x2 to x3 and steps x6 to x7 in FIG.
(Steps S6101 to S6110 in FIG. 142).

Step y3: The rental disk D selected by the user is also inserted into the license injection device 5003. The license injection device 5003 acquires the ID (DID) of the disc from the inserted disc D, and acquires the encrypted disc information corresponding to the disc ID from the license DB 5003f.

[0583] The license injection device 5003 operates
03h is merged as the license information creation time, and the user's card ID (KI
D) to create license information (Lic) (Steps S6111-S611 in FIG. 142)
4). That is, Lic = encrypted disk information + license information creation time + KID.

Step y4: Next, the license injection device 5003 generates a random number al. And card D
The card ID of the card P and the random number al are stored in B5003i.

A random number al and, for example, a secret parameter (X
(L), prl) and the seventh seed X (l) ＾ (al
Bl0) (mod Prl) and further apply the algorithm Al (Pl) to this seventh seed,
The shared key wl3 is generated, and the license information Lic is encrypted. Hereinafter, the license information Lic encrypted with the shared key wl3 is referred to as [Lic] wl3. Furthermore, a random number al
From the secret parameters (X (l), prl), [li
c] Public parameters necessary for decoding wl3, that is, seventh seed generation information X (l) ＾ al (mod
Prl), and transfers the seventh seed generation information and the encrypted license information [Lic] wl3 to the card P (steps 6115 to x611 in FIG. 142).
9).

At this point, the card P stores the encrypted license information [Lic] wl3 and the seventh seed generation information.

The user can use the card P which has been subjected to the above processing.
And the disk D, and the content can be reproduced using the card adapter 5004 and the player 5005 at home.

Step y5: In order to reproduce the contents, the user inserts the card P into the card adapter 5004 and sets the disc D on the player 5005. The card adapter 5004 reads the encrypted license information [Lic] wl3 and the seventh seed generation information from the card P, and reads the seventh seed generation information and the base storage information 50.
The seventh seed X (l) ＾ (al · bl0) (mod Prl) is calculated from the random number bl0 stored in advance in 04m. The algorithm Al (Pl) is applied to the seventh seed to generate a shared key wl3, and decrypt the encrypted license information [Lic] wl3. Card Adapter 500
4 further decrypts the encrypted disk information included in the license information with the decryption key Kd (steps S6120 to S6129 in FIG. 143).

Steps y8 to y9: The card adapter 5004 transmits the card ID (KI) from the card P in the same manner as in steps x15 to x16 in FIG.
D) is obtained (steps S6130 to S6139 in FIG. 143).

Steps y10 to y12: The card adapter 5004 further performs step x in FIG.
The disk ID (DID) of the disk D is obtained in the same manner as in steps 12 to x14 (step S6 in FIG. 144).
140 to step S6149).

Step y13: Next, the flow advances to step S6150 in FIG. 145 to perform processing for determining whether or not content information can be decrypted based on license information (license determination processing) (FIG. 146).

In the license determination processing (FIG. 146), the following conditions are checked. A card ID (KID) included in the license information;
The card ID of the card P inserted into the card adapter 5004 matches the disk ID (DID) included in the disk information and the disk ID of the disk D currently set in the player 5005 -The creation time of the license information is earlier than the current display time of the clock 5004h-The current display time of the clock 5004h satisfies the expiration date included in the disk information Only when the above conditions are satisfied, the card adapter 5004
Determines that the content information recorded on the disc D is playable, and transfers the disc key included in the disc information to the player 5005. Instruct.

Steps y14 to y15: FIG.
Similarly to step x18 to step x19 of 33,
The disk key is a shared key wD2 generated based on the sixth seed generation information exchanged with the player 5005.
And transferred to the player 5005 (FIG. 1).
45, step S6150 to step S6161). Step y6 to Step y7: On the other hand, the card adapter 5004 executes a process of transferring a card adapter ID (AID) stored in the AID storage unit 5004f to the card P before and after the license determination process. At this time, the card adapter ID (AID) is
Similarly to Step x4 to Step x5 of No. 3, the seventh seed generation information (the same as the second seed generation information) transferred from the license injection device 5003 via the card P and the random number generation unit 5004k The generated random number bl
Is encrypted with the shared key wl1 generated based on the above.

[0593] After the second disk rental,
This is the same as step x6 to step x19 of 33. At the time of the second disk rental, the license injection device 5003 can acquire the ID (AID) of the card adapter owned by the user at step x8 in FIG. That is, the card ID (KID) and the card adapter ID (AID) of the card P are stored in the card DB 5003i.
Is registered.

(5-9) Update of Encryption Parameter Distribution of license information including a disk key of the present invention
Based on the secret parameter of each device on the distribution route and the public parameter exchanged between the devices (generated from the secret parameter), the other party authentication and transfer protection are performed.
Therefore, it is desirable to periodically update the secret parameter, the decryption key kd of the encrypted disk information, and the like (hereinafter, these are collectively referred to as an encryption parameter), or when there is a suspicion of an attack on security. This update is desirably performed by the license creation device 5001.

The encryption parameters updated by the license creation device 5001 are, for example, (X (l), Pl, Prl)
(X (k), Pk, Prk) (X (D), PD, Pr
D) (Kd, Ke) as shown in FIGS.
The encryption parameter update processing will be described with reference to the flowchart shown in FIG.

The encryption parameter generation unit 5001h of the license creation device 5001 updates the encryption parameters using, for example, a random number generator. Next, each device (player 5005, card adapter 5004, card P,
Parameter update information is created for the license injection device 5003) (step S6201 in FIG. 147).

The parameter update information for the player is X
(D), PD, and PrD, and the card adapter parameter update information is X (l), Pl, Prl, X (k), P
k, Prk, X (D), PD, PrD, Kd, the parameter update information for the card includes X (k), Pk, Prk, and the parameter update information for the license injection device is X
(L), Pl, Prl, X (k), Pk, and Prk.

The second encryption unit 5001g stores the parameter update information for each device in the second encryption key storage unit 5001f.
Encryption keys KsD, KsA, Ks stored in advance in
Encrypt with C and KsL, respectively (step S6202)
-Step S6203). That is, the parameter update information for the player is encrypted with the encryption key KsD, the parameter update information for the card adapter is encrypted with the encryption key KsA, the parameter update information for the card is encrypted with the encryption key KsP,
The license updating device parameter updating device uses the encryption key Ks
Encrypt with L. Hereinafter, parameter update information encrypted with an encryption key corresponding to each device is represented as [parameter update information] KsD in the case of a player encryption parameter, for example.

[0600] The encryption parameter update information for each device is shown below.

[0601] Encryption parameter update information (UD) for player: [X (D) + PD + PrD] KsD Encryption parameter information (UA) for card adapter:
[X (l) + Pl + Prl + X (k) + Pk + Prk +
X (D) + PD + PrD + Kd] Encryption parameter information (UC) for KsA card: [X (k)
+ Pk + Prk] KsC Encryption parameter information (U
L): [X (l) + Pl + Prl + X (k) + Pk + P
rk] KsL Obtains the current display time (encryption parameter update time) from the clock 5001a and transfers it to the license injection device 5003 together with the encryption parameter information for each device (steps S6204 to S6205).

The license injection device, upon receiving the encryption parameter information (UD, UA, UC, UL) for each device and the update time, receives the encryption parameter information UD, UA, U
C and the update time are stored in the internal memory (step S6206 in FIG. 148).

The license injection device 5004 previously stores in memory the decryption key KpL corresponding to the encryption key KsL, decrypts the encryption parameter update information UL using the decryption key KpL, and stores the information in the base. Unit 5003m, encryption parameter X stored in shared key generation unit 5003l
(L), Pl, Prl, X (k), Pk, and Prk are updated (step S6208). Note that Pl and Pk are
Since the parameters are the key generation algorithms Al and Ak, respectively, the key generation algorithm is updated.

The operation of updating the encryption parameter of the card P is executed when the card P is inserted into the license injection device 5003.

When the card P owned by the user is inserted into the license injection device 5003, the license injection device 5
In step 003, the latest encryption parameter update time is obtained from the card P. This update time indicates the license injection device 50
03 (the license creation device 5)
If it is older than (update time transferred from 001), the process proceeds to step S6210, otherwise, the encryption parameter update operation ends, and normal processing operation such as writing license information is performed (step S6209). In step S6210, the license injection device 5003 transfers the encryption parameter update information UD, UA, UC and the update time to the card P. The card P stores the encryption parameter update information UD, UA and the update time in the internal memory.

The card P has previously stored in memory a decryption key KpC corresponding to the encryption key KsC, and decrypts the encryption parameter update information UC using the decryption key KsC. Update the encryption parameters X (k), Pk, and Prk stored in the shared key generation unit 5108 (Steps S6211 to S621)
2). Thereafter, a normal processing operation is performed.

[0606] The operation of updating the encryption parameter of the card adapter 5004 is executed when the user inserts the card P into the card adapter 5004. That is, when the card adapter ID (AID) is transferred to the card P, or when the license information is transferred from the card P to the card adapter 5004 in order to play the disk D, the encryption parameter of the card adapter 5004 is updated. .

First, the card P transfers the latest encryption parameter update time of the card P (update time transferred from the license-added device 5003) to the card adapter 5004. If the update time is earlier than the update time of the latest encryption parameter stored in the card adapter 5004, the card adapter 5004 proceeds to step S6214. Otherwise, the encryption parameter update operation ends, and the normal processing operation is performed. Performed (step S6213).

In step S 6214, the card P transfers the encryption parameter update information UD, UA, the update time, and the card adapter 5004. Card Adapter 500
No. 4 stores the UD and the update time in the internal memory.

The card adapter 5004 has the encryption key Ks
A decryption key KpA corresponding to A is stored in a memory in advance, and the encryption parameter update information UA is decrypted using the decryption key KpA, and the base storage unit 5109, the shared key generation unit 5108, and the kd storage unit The encryption parameters X (l), Pl, Prl, X (k), P stored in 5004g
k, Prk, X (D), PD, PrD, and Kd are updated (steps S6215 to S6216). Thereafter, a normal processing operation is performed.

The update processing operation of the encryption parameter of the player 5005 is performed by the card adapter 5004 and the player 500.
5 is performed when communication is performed. That is, for example,
When transferring the disc ID (DID) from the player 5005 to the card adapter 5004,
05 is executed.

For example, before the player 5005 transfers the disc ID (DID) to the card adapter 5004,
First, the update time of the latest encryption parameter of the player 5005 is transferred to the card adapter 5004.

The card adapter 5004 is connected to the player 50
05 is transferred from the card adapter 50
If the time is older than the latest encryption parameter update time stored in step 04, the flow advances to step S6218. Otherwise, the encryption parameter update operation ends and a normal processing operation is performed (step S6217).

[0614] In step S6218, the card adapter 504 transfers the encryption parameter update information UD and the update time to the player 5005. Player 5005
Store the update time in the internal memory.

The player 5005 previously stores in memory a decryption key KpD corresponding to the encryption key KsD, and uses this decryption key KpD to update the encryption parameter update information Up.
D, the base storage unit 5005l, the shared key generation unit 5
005j stored in the encryption parameters X (D), P
D and PrD are updated (steps S6219 to S6220). Thereafter, a normal processing operation is performed.

Thus, the encryption parameter update processing operation is completed. Updating of the encryption parameter is performed for all cards (all cards issued to the user) inserted into the license injection device 5003. Therefore, the encryption parameter is updated by all card adapters 5004 into which the card P with the updated encryption parameter is inserted and the player 50 connected to the card adapter 5004.
Spread all over 05.

(5-10) Disc Key Distribution Procedure (Part 3) The card adapter 5004 and the player 5005 may be configured as one device (hereinafter referred to as the second device).
Player). The distribution procedure of the license information including the disk key in this case is described in FIGS.
This will be briefly described with reference to FIG. That is, in FIG. 133, the disc ID transfer process (step x13 to step x14) and the disc key transfer process (step x18) between the card adapter 5004 and the player 5005 are performed.
-Step x19) becomes unnecessary. Step x5
, The license injection device 50 via the card P
The card adapter ID transferred to 03 is the ID (PID) of the second player.

In FIG. 141, the card adapter 500
The transfer process of the disc ID (steps y11 to y12) and the transfer process of the disc key (steps y14 to y15) between the player ID 4 and the player 5005 become unnecessary. In step y7, the card adapter ID transferred to the license injection device 5003 via the card P is the ID (PID) of the second player.

[0619] Except for this, the above is the same as the above.

As described above, according to the fifth embodiment, the disk key required for decrypting the content information is transmitted from the distribution source (license creation device, license injection device) to the distribution destination (card adapter, To the player). (Sixth Embodiment) FIG. 150 shows an example of the configuration of an information distribution system according to a sixth embodiment of the present invention.
Are recorded in advance on an information recording medium (hereinafter simply referred to as a disk) 7103 such as a DVD.
A license service is provided by purchasing a license that enables the reproduction of the content information recorded on the disc 103 or purchasing a point for the use of the content information in advance and lending the disc 7103. It is for. In other words, this is an information distribution system that can realize super-distribution by combining the license method and the point method as described in the above-described embodiment that provides license information in exchange for a usage fee. The point method refers to a method in which a user purchases in advance a copyright use right injected into a prepaid card or the like as a point, and deducts the point in exchange for the use of the copyrighted work. The method of recording the details of the use of the copyrighted work (such as the ID of the copyrighted work) on the card at the time of point deduction, collecting the details at the time of card collection, and using it for distribution of profits by selling prepaid cards is called super distribution. .

[0621] The point system has the following merits as compared with the license system. In other words, if a point, which is the right to use a work, is purchased in a store or the like in advance, the work can be used in exchange for the use point of the work without having to visit the store.

Even in the case of the license system, if the playback device can be connected to a license server (license issuing device) via a communication line or the like, it is possible to go to a store without going to a store.
It is possible to obtain the right to use a work. That is, payment may be made by using some kind of online charging method, and license information may be obtained. The merit of the point method is that, in the off-line state (not connected to the license server), it is possible to obtain the right to use the copyrighted work by deducting the point of using the copyrighted work.

On the other hand, the point system has the following disadvantages as compared with the license system. That is, the work use point is a kind of money or gift certificate for purchasing a work use right, and can be used more generally than a license of an individual work. Therefore, the motivation for unauthorized use is stronger than the license system. The disadvantage of the point method is derived from the versatility of the copyrighted use point (for example, it can be used for a playback device other than a playback device that may be used by a member who has purchased the usage right).

Now, consider a case where a work use point is recorded on a rental member card 7102 issued by a work rental company. From the viewpoint of preventing unauthorized copying of confidential information including the copyrighted use point (hereinafter referred to as point information), the member card 7102 is used.
It is desirable that the point information recorded in the file can be read only by the reproducing device used by the member and only by the reproducing device. However, when recording point information on a member card at a store, it is generally necessary to acquire information (such as an ID of a reproducing apparatus) for specifying a reproducing apparatus that a member may use and incorporate the information into the point information. Impossible.

Therefore, in the sixth embodiment, by using the license system and the point system in combination, the advantages of each system are utilized and the disadvantages are eliminated.

[0626] In Fig. 150, the new member can obtain copyright information (content information) by the information distribution system.
Is purchased (the copyright use right is not included in the purchase price), the license information of the copyrighted work is acquired by a license method. That is, the license information of the copyrighted work is purchased separately from the disk 7103.

At the time of playback of the disc 7103, the playback device 7101 of the member reads the license information from the membership card 7102. At this time, the playback device 7101 can uniquely identify the playback device 7101 and can be used only once. Information (for example, an encryption key and a random number) R is recorded on the card.

The member can use the point method with the purchase of the license information or in place of the purchase of the license information from the next use right purchase.
That is, in the case of using the point method at the time of the second or subsequent use right purchase, the store license / point injection device 7111 reads the information R from the membership card 7102 and uses the information R to execute the reproduction device 7101. The point information is recorded on the membership card 7102 so that only the member can use it.

[0629] When the member inserts the membership card 7102 in which the point information is recorded into the playback device 7101, the playback device 7101 reads the point information from the membership card 7102, and reads the points included therein into the playback device 710.
1 is stored. When playing the disc 7103, the playback device 7101 subtracts an appropriate point from the stored point.

The center device 7121 issues license information and point information in response to a request from the license / point injection device 7111, and transmits the license information and the point information to the license / point injection device 7111 of the request source. The license / point injection device 7111 records the license information and the point information transmitted from the center device 7121 on the membership card 7102.

[0631] According to such a system, the use of the points recorded on the membership card is determined by a specific playback device (a playback device that the member may use).
The use of the work can be limited only to the playback device that first reads the point information recorded on the member card.

Therefore, it is possible to limit the versatility of points issued for use of a copyrighted work.

As described above, in the information distribution system shown in FIG. 150, when the point method is adopted, the security of the system is improved by coping with the unauthorized use of the point, and the convenience of the user is hardly impaired. The use of the point method is limited only when newly joining, and thereafter, both the point method and the license method can be used. That is, either the license information or the point information may be recorded on the member card 7102, or both may be recorded. In the latter case,
It is desirable to use the license information preferentially.

Referring to FIG. 151, in order to provide a rental service, the disk 7103 and the membership card 71 are provided.
02, information data used in each of the playback devices 7101 will be described.

[0635] The disc 7103 includes:-Content information, which is a work to be charged, encrypted with a title key KT ([content information] KT)-Content identification information (content ID)-Title key KT is a disc key The one encrypted with KD ([KT] KD) The one encrypted with the master key KM of the disk key KD ([KD] KM) and further encrypted with the rental key KR ([[KD] KM] KR) A rental key KR encrypted with a plurality of encryption license keys (public keys) KLP (j) (j = 1, 2, 3,...) ([KR] KLP (1), [KR] KL
P (2), [KR] KLP (3),...) The title key KT is an encryption key predetermined for each title of the content information.

The disk key KD is an encryption key determined for each disk.

The master key KM is an encryption / decryption key given only to members who have subscribed to the service, and is stored in the third decryption unit 7101i of the playback device 7101 in FIG. 152.

[0638] The rental key KR is an encryption / decryption key required for decrypting the content information. For example, the same rental key is used for a disk 7103 manufactured at the same time.

[0639] Encryption license key KLP (1), KL
The license key KLS (j) for decryption corresponding to each of P (2), KLP (3),... Is included in the point information recorded on the member card 7102 at the time of rental.

[0640] A plurality of different encryption license keys KLP
(1), KLP (2), KLP (3),.
3, the license key K for decryption is appropriately stored.
This is to make it possible to change LS (j). The rental key KR encrypted with the encryption license key KLP (j) can be decrypted with the decryption license key KLS (j).

The license information (CL) is the same as the license information described in the other embodiments, for example, the rental key KR, the license information creation date and time, the usage conditions, and the like are merged, and the whole is encrypted with the encryption key Ks. Has been That is, encrypted license information ([CL] Ks) = [rental key KR + license information creation date + use condition] Ks. A plurality of license information (CP) may be recorded on the member card.

The point information is obtained by merging a point and authentication information Ap with an encryption key Kt ([point + Ap] Kt). One of a plurality of decryption rental keys KLS (j) , And its identifier j, and the whole is encrypted with the encryption key ks. That is, encryption point information ([CP] Ks) = [[point +
Ap] Kt + j + KLS (j)] Ks.

The encryption key kt is stored in the playback device 7101 (FIG. 15).
2 can be uniquely specified by the encryption key generated by the second temporary key generation unit 7101f), and can be used only once (here, used to create one point information). It corresponds to the information R. That is, different encryption keys kt from different playback devices
Occurs. Therefore, only the reproducing device that has generated the encryption key kt can decrypt [Point + Ap] Kt.

[0644] The authentication information Ap is authentication information for determining whether or not the point information is valid (whether or not the point information is issued by the center device 7121).
The same authentication information is stored in advance in the second decoding unit 7101d of the playback device 7121, and is checked against the authentication information Ap included in the point information.

[0645] The symbol "+" used in the notation of the license information and the point information indicates that the information is merged. At the time of merging, bit disturbing may be performed not only by simply connecting the bit strings but also by a predetermined appropriate method.

[0646] The encryption key Ks is held by the center device 7121 in FIG. 150, and the decryption key k corresponding to the encryption key Ks is stored.
p is the playback device 7101 (the key storage unit 7101 in FIG. 152).
c) holds.

The master key KM stored in the third decryption unit 7101i, the decryption key Kp stored in the key storage unit 7101c, and the authentication information Ap stored in the second decryption unit 7101d are Stored in advance in the membership card 7102 given to each member when subscribing to the service,
When the member card 7102 is inserted into the playback device used by the member, the member card 7102 is read and the third decryption unit 7101 is read.
i, the key storage unit 7101c, and the second decryption unit 7101d. The playback device 710
1, the master key KM, the decryption key Kp, the authentication information A
After reading p, the master key KM, the decryption key Kp, and the authentication information Ap recorded on the member card 7102 are read.
Is desirably erased.

[0648] In the case where the license information recorded on the member card 7102 is used, if the playback device 7101 determines that the license is valid based on the usage conditions and the like included in the license information, the rental key KR may be obtained. It is possible to use [[K
D] KM] KR is decoded to obtain [KD] KM. Further, a disc key KD is obtained using the master key KM stored in the third decryption unit 7101i. [KT] KD is decrypted using the disc key KD, and the title key KT can be obtained.

When the point information recorded on the member card 7102 is used, the [point + Ap] Kt included in the point information is reproduced by the reproducing apparatus 7101.
101, decrypted with the encryption key Kt stored in advance in the temporary key storage unit 7101e,
Get p. After the verification of the authentication information Ap and the point subtraction processing, [KR] KLP (j) is decrypted using the decryption license key KLS (j) to obtain the rental key KR. Subsequent processing is the same as the case where the license information is used. (1) Playback Device FIG. 152 shows an example of the configuration of the playback device 7101, in which a membership card 7102 is inserted and a membership card 710 is inserted.
2, a card input / output unit 7101a for writing various information data and a first decryption unit for decrypting point information and license information using a decryption key Kp stored in a key storage unit 7101c. 7101
b, a temporary key generation unit 7101f for generating the encryption key Kt, a temporary key storage unit 7101e for temporarily storing the encryption key Kt generated by the temporary key generation unit 7101f, and a [point + Ap] Kt included in the point information as the temporary key Storage unit 7101e
A second decryption unit 7101d that decrypts the authentication information Ap by using the encryption key Kt temporarily stored in the storage unit, a point storage unit 7101g that stores points, and determines the validity of the license based on the license information. A determination unit 7101h that outputs the rental key KR to the third decryption unit 7101i when the license is determined to be valid, and a point determination that performs a subtraction process of the points stored in the point storage unit 7101g according to the use of the content information. Unit 7101j and the media reading unit 7101m
03, and a third decoding unit 7101 that decodes content information based on the information sent from the judgment unit 7101h or the point judgment unit 7101j.
i, a display unit 7101k for displaying the content information decrypted by the third decryption unit 7101i, and a user interface 7101l for presenting various messages, such as whether or not points can be used, and for receiving an instruction input from the user. .

Next, the outline of the processing operation of the reproducing apparatus 7101 in FIG. 152 will be described with reference to the flowchart shown in FIG. 153.

At the time of enrollment, only the encrypted license information ([CP] Ks) is recorded on the member card 7102. For the second and subsequent rentals, the encrypted license information and the encrypted point information ([CP] Ks) are stored. At least one of them has been recorded.

[0652] When the user inserts the membership card 7102 into the playback device 7101, the card input / output unit 7101a
From the member card 7102, the encrypted point information ([C
[P] Ks) is read (step S7101).

If the reading of the encrypted point information is successful (step S7102), the points included in the point information read from the member card 7102 are added to the points already stored in the point storage unit 7101g of the playback device 7101. A point addition process is performed (step S7103).

Next, the card input / output unit 7101a sends the encrypted license information ([C
L] Ks) is read (step S7104).

[0655] If the reading of the encrypted license information has succeeded (step S7105), a license judgment process based on the license information is executed (step S710).
6). In the license determination processing, license determination based on license information and decryption and reproduction of content information are performed. On the other hand, when the encrypted license information cannot be read (when the encrypted license information is not recorded on the member card 7102), the charging process for the use of the content information using the points already stored in the point storage unit 7101g is performed. (Point subtraction), and decoding and reproduction of the content information are performed (step S7107).

[0656] Finally, the temporary key generation unit 7101f executes a process of updating Kt such as newly generating an encryption key kt, storing it in the temporary key storage unit 7101e, and recording it on the membership card 7102 (step S7108). ). Step S71
The Kt updating process of 08 is performed every time the processing operation shown in FIG. 153 is performed, that is, each time the content is reproduced.

In the above processing operation, the membership card 7102
If the encrypted license information is recorded in the license information, the license information is preferentially used (step S710).
5). When the encryption point information is recorded on the member card 7102, the legitimate playback device (the generation of the encryption key kt necessary for decryption of the encryption point information) read first after the encryption point information is recorded. Only the original playback device) can use the point. That is, in the Kt update processing in step S7108, the encryption point information is created using the encryption key Kt recorded on the member card 7102, and the member card 71
02 is recorded. Therefore, the point use range can be limited to only the reproducing device that has generated the encryption key kt.

[0658] The master key KM stored in the third decryption unit 7101i, the decryption key Kp stored in the key storage unit 7101c, and the authentication information Ap stored in the second decryption unit 7101d are updated. In doing so, when the user goes to the store and rents a disk, the updated information is recorded on the member card 7102 as it is or after being encrypted with a predetermined encryption key. The member card 7102
When the user inserts the playback device 7101 into the playback device,
Before executing the processing operation as shown in FIG. 153, the update information may be read from the membership card 7102 and a predetermined update process may be executed.

Next, the point addition processing in step S7103 in FIG. 153 will be described in more detail with reference to the flowchart shown in FIG.

[0660] In step S7101, the card input / output unit 7
The encrypted point information ([CP] Ks) read from the member card 7102 at 101 a is
01b. The first decryption unit 7101b decrypts the point information using the decryption key Kp stored in the key storage unit 7101c in advance (Step S7111).
Of the information data included in the decrypted point information,
[Point + Ap] Kt is transferred to the second decoding unit 7101d.

The second decryption unit 7101d uses the encryption key Kt stored in the temporary key storage unit 7101e,
[Point + Ap] Kt is decrypted to obtain a point and authentication information Ap (step S7112). Then, the authentication information Ap included in the point information is compared with the authentication information Ap already stored in the second decryption unit 7101b, and if they match with each other, the second decryption unit 7101d switches to the point storage unit 7101g. , The points already stored therein are read out, the points included in the point information are added thereto, and the addition result is stored again in the point storage unit 7101g (step S7113 to step S7116).

Here, it is assumed that Kt is updated each time the processing operation of FIG. 153 is executed. In this case, membership card 7
The encryption point information recorded in 102 is once stored in FIG.
After being read by the playback device 7101 as shown in 53, Kt is updated in step S7108.
When the encrypted point information recorded on the member card 7102 is read out the second time, the Kt used for creating the encrypted point information is different from the Kt held in the playback device 7101. Normally [Point + A
p] Kt cannot be decoded. That is, in step S7113, the authentication information Ap included in the point information does not match the authentication information Ap already stored in the second decryption unit 7101b. In this case, the point addition processing is stopped. Then, the process proceeds to step S7104 in FIG.

Next, the license determination processing in step S7106 in FIG. 153 will be described with reference to the flowchart shown in FIG.

In step S7104, the card input / output unit 7
The encrypted license information ([CL] Ks) read from the member card 7102 at 101a is stored in the first decryption unit 7
It is transferred to 101b. The first decryption unit 7101b decrypts the license information using the decryption key Kp stored in the key storage unit 7101c in advance (step S712).
1). The decrypted license information is transferred to the determination unit 7101h, where the validity of the license is determined based on the usage conditions and the like included in the license information as described in the above-described embodiment (step S712).
2).

When the license is determined to be valid,
The determination unit 7101h transfers the rental key KR included in the license information to the third decryption unit 7101i (Step S7124).

[0666] The third decryption unit 7101i uses the rental key KR and the disk 710 in the media reading unit 7101m.
3 ([content information] K
T, [KT] KD, and [[KD] KM] KR) to decode the content information. That is, the rental key K
Decode [[KD] KM] KR using R, [KD] K
Get M. Further, a disc key KD is obtained using the master key KM stored in the third decryption unit 7101i. [KT] KD is decrypted using the disc key KD, and the title key KT can be obtained. The content information is decrypted using the title key KT, and
It is reproduced and displayed on 101k (step S7125).

On the other hand, if it is determined in step S7123 that the license is invalid (for example, the expiration date has expired), the card input / output unit 7101a sets the membership card 7102
From the license information (step S712)
6) A point subtraction process similar to that in step S7107 is executed (step S7127).

Next, the point subtraction processing in step S7107 in FIG. 153 and step S7127 in FIG. 155 will be described in detail with reference to the flowchart shown in FIG.

In step S7111 of FIG. 154,
The decryption license key KLS (j) and the identifier j included in the point information decrypted by the first decryption unit 7101b are transferred to the point determination unit 7101j (step S7131). When reading the encrypted point information recorded on the billing card 7102 for the second time or later, as described above, the encryption key Kt used to create the encrypted point information and the playback device 710
1 encryption key K stored in the temporary key storage 7101e.
Since t is different from t, the processing after step S7112 in FIG. 154 always ends in step S7113. Accordingly, the content decoding operation using the point information proceeds from step S7111 in FIG. 154 to the point subtraction processing in FIG. 156.

[0670] The point determining section 7101j reads the points from the point storage section 7101g, and subtracts a point value (for example, "1") according to the use of the content information. Note that the present invention is not limited to the case where a predetermined point value (for example, “1”) is exchanged for one use (reproduction) of the content information. For example, the content of the content information recorded on the disc 7102 is recorded on the disc 7102. Point values to be deducted for use are recorded in advance,
This may be read out and point subtraction processing may be performed. Alternatively, the point value to be deducted may be made smaller as the production date of the content information is older. In this case, the point determination unit 7 in FIG.
101j holds a list of point values to be subtracted predetermined according to the number of days elapsed from the production date, reads the production date of the content information recorded on the disk 7102, and reads the list. With reference, determine the point value to be deducted. Point determination unit 710
The list held by 1j is updated via the membership card 7102 (or a communication line when the playback device 7101 is connected online to the center device 7121).

If the result of the point subtraction obtained in step S7133 is negative, the processing operation is interrupted (content information is not reproduced).

[0672] If the subtraction result is positive, it is desirable to display a message asking whether or not to use the points on the user interface 70011 (step S713).
5). When the user who sees this message instructs the use of points (step S7136), the subtraction result is stored in the point storage unit 7101g (step S7136).
7137). That is, the point value is updated. Further, the point determination unit 7101g compares the license key for decryption KLS (j) and its identifier j with the third decryption unit 71.
01i (step S7138).

On the other hand, the media reading unit 7101m reads information data ([KR] KLP (j)
(J = 1, 2, 3,...)) And the third decoding unit 7
101i (step S7139).

The third decryption unit 7101i generates the rental key KR encrypted with the encryption license key KLP (j) corresponding to the identifier j, that is, [KR] KLP (j).
Is selected and decrypted using the decryption license key KLS (j) included in the point information to obtain the rental key KR (step S7140).

[0675] The media reading section 7101m
103 to the information data ([content information] KT, [K
T] KD, [[KD] KM] KR) are read and transferred to the third decoding unit 7101i. Third decoding unit 7101i
Decrypts [[KD] KM] KR using the rental key KR to obtain [KD] KM. Further, the third decoding unit 7
The disk key KD is obtained using the master key KM stored in 101i. [KT] KD is decrypted using the disc key KD, and the title key KT can be obtained. The content information is decrypted using the title key KT, and is reproduced and displayed on the display unit 7101k (step S7141).

Next, the content display processing in step S7125 in FIG. 155 and step S7141 in FIG. 156 will be described in detail with reference to the flowchart shown in FIG.

[0677] The media reading unit 7101m
103 to the information data ([KT] KD, [[KD] K
M] KR) and transfers it to the third decoding unit 7101i (step S7151). Third decoding unit 7101i
Decrypts [[KD] KM] KR using the rental key KR to obtain [KD] KM. Further, the third decoding unit 7
The disk key KD is obtained using the master key KM stored in 101i. [KT] KD is decrypted using the disc key KD, and the title key KT can be obtained (step S7152).

[0678] The media reading unit 7101m
103 to the encrypted content information [content information] K
T is read and transferred to the third decoding unit 7101i (step S7153). The third decoding unit 7101i decodes the content information using the title key KT (step S7154), and reproduces and displays the content information on the display unit 7101k (step S7155).

Next, the process of updating the encryption key Kt in step S7108 in FIG. 153 will be described with reference to the flowchart shown in FIG.

[0680] For example, after the display processing of the content using the point information or the license information is completed, FIG.
When it is determined in step S7123 that the license is invalid, or when the exhaustion of the points is detected in step S7134 in FIG. 156, the temporary key generation unit 7101f is used.
Generates the encryption key kt (step S7161). Here, the encryption key generation method is not particularly limited here.

The encryption key Kt generated by temporary key generation section 7101f is stored in temporary key storage section 7101e (step S7162), and the updated encryption key Kt is written from card input / output section 7101a to member card 7102. (Step S7163). (2) License / Point Injection Device FIG. 159 shows a configuration example of the license / point injection device 7111, which is connected to the center device 7121 to transmit a license information / point information issuance request, The communication unit 7111a for receiving license information / point information issued from the center device 7121 in response to the request, a member card 7102 is inserted, and various information data is read from the member card 7102.
A card input / output unit 7111c for writing various information data,
A media reading unit 7111e for reading various information data from the disk 7103, a condition input unit 7111 for inputting information data such as usage conditions to be merged with license information and points to be merged with point information.
d, a control section 7111b for controlling the above-described sections.

Next, the outline of the processing operation of the license / point injection device 7111 shown in FIG. 159 will be described with reference to the flowcharts shown in FIGS. 160 and 161.

First, the license information issuance processing operation will be described with reference to FIG. For example, a store clerk inserts the member card 7102 of the member of the rental service into the card input / output unit 7111c, and sets the disk 7103 selected by the member in the media reading unit 7111e. The clerk inputs the usage conditions and the like for the content information recorded on the disk 7103 from the condition input / output unit 7111d and inputs an instruction for a license information issuance request (step S7171). From content ID
Is read (step S7172). Control unit 7111b
Is the center device 7121 via the communication unit 7111a.
To the license information issuance request including the content usage condition and the content ID (step S717)
3).

[0684] The encrypted license information ([CL] Ks) issued by the center device 7121 in response to the license information issuance request is received by the communication unit 7111a (step S7174). The control unit 7111b transfers the encrypted license information received by the communication unit 7111a to the card input / output unit 7111c, and
c, the encrypted license information is stored in the membership card 7102.
(Step S7175).

Next, the point information issuance processing operation will be described with reference to FIG.

[0686] For example, the store clerk inserts the membership card 7102 of the member of the rental service into the card input / output unit 7111.
Insert into c. When the clerk inputs the purchased points from the condition input / output unit 7111d and inputs a point information issuance request instruction (step S7181), the card input / output unit 7111c reads the encrypted point information from the member card 7102 (step S7181). Step S7182). Here, the read encryption point information may be deleted.

Next, the card input / output unit 7111c reads the encryption key Kt from the membership card 7102 (step S7).
183). If the encryption key Kt cannot be read, the point information cannot be issued, and the process is interrupted.

On the other hand, if the encryption key Kt has been successfully read (step S7184), the control unit 7111b transmits a request for issuing point information including the point value and the encryption key Kt to the center device 7121 via the communication unit 7111a. (Step S7185).

[0689] In response to the point information issuance request, the encrypted point information ([C
P] Ks) is received by the communication unit 7111a (step S7186). The control unit 7111b includes a communication unit 7111
The encrypted point information received by the card input / output unit 7
The card input / output unit 7111c records the encrypted point information on the member card 7102 (step S7187). (3) Center Device FIG. 162 shows a configuration example of the center device 7121, in which the first encryption unit 7121a and the second encryption unit 71
21b, key storage unit 7121c, authentication information storage unit 7121
d, license key storage unit 7121e, communication unit 7121
f, content database 7021g, clock 7021
h.

[0690] In the content database 7021g,
A rental key KR is stored in association with the content ID.

The key storage unit 7121c stores an encryption key Ks for encrypting license information and point information.

[0690] The authentication information Ap is stored in the authentication information storage section 7121d.

The license key storage unit 7121e stores the decryption license key KLS (j) (j = 1, 2, 3,
…) Are stored.

The communication unit 7121f connects to the license / point injecting device 7111 to receive a license information / point information issuance request, and transmits the license information / point information issued in response to the request to the license / point injecting device. 7111.

Next, the outline of the processing operation of the center device 7121 in FIG. 162 will be described with reference to the flowcharts shown in FIGS.

[0696] First, the license information issuance processing operation will be described with reference to FIG. Communication unit 7121f
When the license / point injecting device 7111 receives a request for issuing license information including a content usage condition and a content ID (step S7191), it transfers the content ID and usage condition to the first encryption unit 712a (step S7191). Step S7192).

The first encryption section 7121a reads the rental key KR corresponding to the content ID from the content database 7021g (step S719).
3), the current date and time are read from the clock 7021h (step S7194), and the encryption key Ks is read from the key storage unit 7121c, and the encrypted license information [CL] Ks is read.
= [KR + license information creation date + usage condition] Ks is created (step S7195).

The communication section 7121f is connected to the first encryption section 71
The encrypted license information created in 21a is transmitted to the license / point injection device 7111 (step S7).
196).

[0699] The point information issuance processing operation will be described with reference to the flowchart shown in Fig. 164.

The communication section 7121f receives the point information issuance request including the point value and the encryption key Kt from the license / point injection device 7111 (step S7).
201), and transfers the point value and the encryption key Kt to the second encryption unit 7121b (step S7202).

The second encryption unit 7121b reads the authentication information Ap from the authentication information storage unit 7121d (step S7203), merges the authentication information with the point information, encrypts it with the encryption key Kt, and performs Point information + Ap] Kt is generated (step S7204).

The first encryption unit 7121a stores the license key for decryption KLS in the license key storage unit 7121e.
(J) and one set of its identifier j are read (step S72)
05), [Point information + Ap] Kt, decryption license key KLS (j) and its identifier j are merged, and the encryption key ks read from key storage section 7121c is further merged.
And encryption point information [CP] Ks =
[[Point information + Ap] Kt + Decryption license key KLS (j) + j] Ks is created (step S720).
6).

The communication section 7121f is connected to the first encryption section 71
License point information created in 21a
Transmit to the point injection device 7111 (step S72)
07).

In the above embodiment, the playback device 7
At the time of purchase of the 101 (at the time of joining the rental service), for example, at a store, or at the time of manufacturing the playback device 7101, the master key is stored in the third decryption unit 7101i, the key storage unit 7101c, and the second decryption unit 7101d. KM,
The decryption key Kp and the authentication information Ap may be written.

[0705] For example, a membership card 7102 corresponding to the playback device 7101 purchased when joining the rental service is attached.
02 may have the encryption key Kt generated by the playback device 7101 already written therein. In this case, in the above-described embodiment, the license information must always be used for the first time. However, at the time of joining the rental service, the t encryption key Kt generated by the playback device 7101 has already been written to the member card 7102. In addition, the content can be reproduced using the point information at the same time as joining the rental service.

[0706] Also, in the above embodiment, by using the encryption key Kt generated from the reproducing device 7101 used by the member to create the encrypted point information, the use of the points purchased by the member can be determined by the member. Although only the playback device 7101 to be used is limited to this, the use of the point is also limited to a specific content (or content of a specific category). Minors can limit the available categories.) In this case, for example, the encryption license key KLP (1), KLP
By using (2), KLP (3),..., It is possible to operate from the rental company side (if necessary, without being known to the member). That is, for example, when the use of points purchased by a member is limited to only the reproduction of content belonging to a specific category, the encryption point information including the purchased points includes a plurality of decryption license keys. The decryption license key K assigned to the category to be limited
It is sufficient that only LS (j) is included. Of course, the disk 7103 has an encryption license key KLP (j) corresponding to the category of the content recorded therein.
Only the rental key KR encrypted in is recorded.

[0707] As described above, according to the above-described embodiment, by creating encryption point information using the encryption key Kt unique to each playback device generated by the playback device used by the member, , The use of the points purchased can be limited to only the playback device used by the member.

A license key (KLP (j) and KLS (j)) is determined for each content category, and only the decryption license key KLS (j) of the category that can be viewed by the member is included in the encryption point information. In addition, the rented disk has a rental key K encrypted with an encryption license key KLP (j) corresponding to the category of the content recorded therein.
Since only R is recorded, the use of the points purchased by the member can be limited to only the viewing of the content of the category that the member can view. (4) Embodiment of Rental Service Using Only Points Hereinafter, a case where one playback device is used for a plurality of rental services provided by a plurality of competing rental companies will be described as an example.

In the above-described embodiment, the license information must be used for the first time, but the rental service using only the points without using the license information from the time of joining the rental service, that is, without using the license information from the first time. The realization is more effective in simplifying the configuration of the playback device (for example, a clock required for determining the validity of the use condition (for example, a time limit) included in the license information by the determination unit 7101 becomes unnecessary. ).

[0710] Therefore, the structure of the initial encryption point information [CP0] Ks written on the member card 7102 at the time of the first rental immediately after the enrollment is represented by the following: the initial encryption point information ([CP0] Ks) = [point + j + KLS (j) +
Vendor ID] Ks.

[0711] The trader ID is an ID for identifying each of the different rental traders, and is information used for controlling the writing and reading of the point value to and from the point storage unit 7101g.

[0712] In the point storage section 7101g, a region for writing a dealer ID and its point value is provided for each rental dealer.

[0713] The encrypted point information created when the point is purchased for the second and subsequent times further includes a trader ID.
It is included. That is, the encryption point information [CP] Ks 'used here can be expressed as: encryption point information ([CP] Ks') = [[point + Ap] Kt + j + KLS (j) + trader ID] Ks.

[0714] Hereinafter, the processing operation of the playback device 7101 for the first encryption point information will be described.

[0715] Step S7301) In step S7101 in FIG.
2 before reading the normal encryption point information ([CP] Ks') from the first encryption point information [CP0]
Ks is read (member card 7102 contains [C
Both P] Ks' and [CP0] Ks may be written.

Step S7302) Card input / output unit 7
The first encryption point information read in 101a is transferred to the first decryption unit 7101b, and the first decryption unit 710
At 1b, the first point information is decrypted using the decryption key Kp, and the company ID (for example, “xx”) and the points included therein are transferred to the determination unit 7101h. The determination unit 7101h searches the point storage unit 7101g for the trader ID (xx), and searches the point storage unit 7101g.
Only when the trader ID (xx) has not been written yet, the point value is written to the point storage unit 7101g in association with the trader ID (xx).

At the time of the second or subsequent content reproduction using the same company's first encrypted point information, the above processing (steps S7301 to S7302) is executed again. In this case, the point storage unit 7
Since the trader ID (xx) has already been written in 101g, the process proceeds to step S7101 in FIG. 153 without writing (adding) points with the same initial encryption point information again.

[0718] On the other hand, when the initial encryption point information of a different trader (trader ID (yy)) is newly read out in step S7301, unless the trader ID exists in the point storage unit 7101g, the trader ID (yy) is read. )When,
The point value included in the initial encryption point information is written in the point storage unit 7101g.

The above processing operation is the same as that in step S
The processing operation added after the step 7101 is the same as that described above. That is, at the time of the second or subsequent point purchase, encrypted point information ([CP] Ks') is created using the encryption key Kt generated by the playback device 7101.

[0720] The difference is that the encrypted point information created at the time of purchase of the second and subsequent points includes the ID of the rental agent who purchased the point, as described above. The processing operation as shown is performed in the point storage unit 7101g corresponding to the trader ID.
Is executed by subtracting the points recorded in. More specifically, step S7 in FIG.
Only the processing operations corresponding to 101 to S7103 and S7107 to S7108 are performed.

[0721] The confirmation of the trader ID included in the encrypted point information [CP] Ks' is to be performed by the judgment unit 7101h. That is, in step S7111 of FIG. 154, when the encrypted point information [CP] Ks' is decrypted, the trader ID included therein is determined by the determination unit 7101h.
When the second decoding unit 7101d writes the point value to the point storage unit 7101g in step S7116, the second decoding unit 7101d writes the point value to the point writing area corresponding to the trader ID specified by the determination unit 7101h. Also,
In steps S7132 and S7137 of the point subtraction process in FIG. 156, the point determination unit 7101j
When reading / writing a point from the point storage unit 7101g, the point value is read / written from the point writing area corresponding to the trader ID specified by the determination unit 7101h.

[0722] The same applies to the case where there is only one rental company. That is, even when only one trader ID exists in the world, a rental service using points can be realized immediately after joining. In this case, the trader ID is simply used to control writing of the point value to the point storage unit 7101g for the first time.

[0723] As described above, the encrypted point information includes the trader ID, and only for the first time, by controlling the writing of the point value to the point storage unit 7101g using the trader ID, the rental using only the point is performed. Service can be performed easily.

[0724] In the point storage section 7101g, a point writing area is provided for each trader ID, and stored in the point storage section 7101g based on the trader ID included in the encrypted point information. By subtracting the points, it is possible to use the points sold by each of a plurality of competing rental companies on one playback device. In this case, the disk to be lent may be common to a plurality of rental companies, or may be different for each rental company. (Seventh Embodiment) (7-1) FIG. 165 shows an example of the configuration of a playback apparatus used in an information distribution system according to a seventh embodiment of the present invention, and includes DVD, CD, LD, and video. A media reading unit 8102 that reads media recording information from a recording medium (hereinafter, simply referred to as a medium) 8001 such as a tape.
, A decoding unit 8103, and a display device 8112.

[0725] The media reading unit 8102 stores the media 81
01 (for example, a DVD player if the medium 8101 is a DVD, a CD if the medium 8101 is a CD)
Player).

[0726] Here, a description will be given of a reproducing apparatus for providing a rental service in which a point (point) for use of the encrypted content information recorded on the medium 8103 is purchased in advance and the medium 8103 is lent out.

As shown in FIG. 166, the media 8101 is generated by encrypting the chargeable content information (encrypted content information) encrypted with the content key Kc with the rental key Kr. Digital watermark for WM information
ark) media recording information obtained by synthesis.

Here, “encrypt content information”
The term "includes" includes, for example, a process of changing the brightness of the content information if the content information is an image so that the substance of the content information is not apparent to a viewer. Therefore, here, the content key Kc
Is information necessary for restoring the content that has been processed.

The content key Kc is an encryption / decryption key for content information, and is preferably different for at least each content title.

The rental key Kr is an encryption / decryption key for the content key. For example, the same rental key is used for a disk 7103 manufactured at the same time.

[0731] The embedment position of the WM information may be uniformly embedded in the whole of the encrypted content information or at predetermined intervals, or as shown in FIG. 172, the unencrypted portion at the head of the content information. You may make it embed in. In this case, the content information may include a region R100 in which the WM information is not embedded and which is not encrypted (for example, the processing time corresponding to the WN information). The unencrypted region R10
0 may be in front of the WM information embedding area.
In any case, the embedding position of the WM information should be in front of the encrypted content information.

[0732] The points purchased in advance for the use of the content information are recorded on a card-type recording medium (hereinafter, referred to as a card) 8010.
1 can be reproduced. That is, every time the content information recorded on the medium 8101 is reproduced, the point where a point of a predetermined value is recorded in the card 8110 in advance is subtracted according to the content information. If this point value runs out, content information cannot be reproduced.

[0733] The card 8110 stores at least a point value corresponding to the paid amount and a rental key Kr. Although the point value and the rental key Kr may be recorded as they are, a predetermined processing (for example,
It may be recorded after performing an encryption process or the like.

The rental key Kr may be recorded on the card 8110 at the time of rental or at the time of point purchase.

[0735] Hereinafter, the processing operation of the playback apparatus shown in Fig. 165 will be described with reference to the flowchart shown in Fig. 167.

[0736] The medium 810 is stored in the medium reading unit 8102.
1 is set and the card 811 is stored in the decryption unit 8103.
When 0 is inserted, the media recording information (C ′) recorded on the medium 8101 is read by a reading device corresponding to the medium 8101 (for example, if the medium 8101 is a DVD,
The data is read by a D player or a CD player if it is a CD, and output to the decoding unit 8103. The media recording information (C ′) is transmitted to the WM separation unit 81 of the decoding unit 8103.
04 (step S8101).

[0737] The WM separation unit 8104 separates the input media recording information (C ') from the encrypted content information (C ") with W
M information (W).
In 08, the latter is transferred to the WM storage unit 8105, respectively (step S8102, step S8103).

[0738] On the other hand, the point subtraction unit 8109 reads out points from the inserted card 8110, and determines whether the point value is a value equal to or greater than the point value for use of the content information to be reproduced (whether it is an effective amount). Determine whether or not. When it is determined that the point value is an effective amount (for example, point> 0), the key decryption unit 81
06 is started. The activated key decryption unit 8106 outputs W
The WM information is read from the M storage unit 8105. Further, the point subtraction unit 8109 acquires the rental key Kr from the card 8110 and transfers the rental key Kr to the key decryption unit 8106 (Steps S8104 to S8106). The key decryption unit 8106 decrypts the content key Kc from the WM information using the rental key Kr, and stores the decrypted content key Kc in the key storage unit 5007 (Steps S8106 to S8107).

[0739] On the other hand, the content decryption unit 5008 performs
The encrypted content information (C ″) passed from the separation unit 5004 is decrypted with the content key Kc read from the key storage unit 5007 to obtain the content information (C) and output to the display device 5011 (steps S8109 to S8110). ).

If it is determined in step S8105 that the point value of the card 8110 is not an effective amount, or the rental key output from the card 8110 in step S8106 is the rental key K used for generating the WM information.
If it is different from r, the content information will not be decrypted normally and will not be presented to the user. (7-2) FIG. 168 shows another example of the configuration of the playback device used in the information distribution system according to the seventh embodiment. 165 are denoted by the same reference numerals, and only different portions will be described. That is, FIG.
168 is replaced with a broadcast wave receiving unit (tuner) 8021 in FIG.
Media recording information such as 66 is distributed to each user's home as a broadcast wave. Tuner 80
21 outputs the media recording information (C ′) extracted from the received broadcast wave to the decoding unit 8103. (7-3) Another example of the media recording information will be described with reference to FIG. What differs from the media recording information shown in FIG. 166 is the WM information. That is, in FIG.
One content key Kc is replaced with a plurality of rental keys Kr
1, Kr2,..., Krn, are encrypted (merged) and are used as WM information.

[0741] Fig. 169 shows an example of the configuration of a reproducing apparatus using media recording information as shown in Fig. 170. In FIG. 169, the same portions as those in FIG. 165 are denoted by the same reference numerals, and only different portions will be described. That is, the card 8130 includes a plurality of rental keys Rr.
One or more of 1, Kr2, ..., Krn,
Or everything is recorded.

FIG. 171 is a flowchart for explaining the processing operation of the reproducing apparatus in FIG. 169. FIG.
The same reference numerals are given to the same portions as 67, and only different portions will be described. That is, step 8006 and step S8107 in FIG. 167 are different from step S8121 in FIG.
And step S8122.

[0739] The key decryption unit 8131 determines one of the rental keys (Kr) output from the card 8130.
The content key Kc is obtained from the WM information using i). When a plurality of license keys are recorded on the card 8130, the license keys are read out one by one and the WM information is decrypted.

[0744] It is desirable that the WM information include, in addition to the content key, authentication information which is good in advance for checking whether or not the decryption has been correctly performed. Whether or not a valid content key has been obtained can be easily determined based on whether or not this authentication information has been correctly decrypted.

If it is determined in step S8105 that the point value of the card 8110 is not an effective amount, or the rental key output from the card 8130 in step S8121 is the rental key K used for generating the WM information.
If none of r1, Kr2,..., Krn match, the content information will not be decrypted normally and will not be presented to the user.

[0746]

As described above, according to the information recording apparatus, the information reproducing apparatus, and the billing apparatus of the present invention, a digitized work distributed via a network or a recording medium can be quickly and easily obtained. In addition, it is possible to easily construct a digital information use environment on the premise of protecting copyright by charging for the use of digital information.

[Brief description of the drawings]

FIG. 1 is a diagram showing a first configuration example of an information recording apparatus according to an embodiment of the present invention.

FIG. 2 is a flowchart for explaining the operation of the first information recording device of FIG. 1;

FIG. 3 is a diagram showing a second configuration example of the information recording apparatus according to the embodiment of the present invention.

FIG. 4 is a flowchart for explaining the operation of the second information recording device of FIG. 3;

FIG. 5 is a diagram for explaining a method of separating charging target information data.

FIG. 6 is a diagram for explaining another method of separating charging target information data.

FIG. 7 is a diagram showing a third configuration example of the information recording apparatus according to the embodiment of the present invention.

FIG. 8 is a diagram showing a first configuration example of an information reproducing apparatus according to an embodiment of the present invention.

FIG. 9 is a diagram showing a configuration example of a decoding unit in FIG. 8;

FIG. 10 is a flowchart for explaining the operation of the first information reproducing apparatus of FIG. 8;

FIG. 11 is a flowchart for explaining the operation of the decoding unit in FIG. 9;

FIG. 12 is a diagram illustrating another configuration example of the decoding unit, and illustrates a case of a decoding unit including a clock that invalidates time updating.

FIG. 13 is a flowchart for explaining an operation for invalidating updating of the time of a clock provided in the decoding unit.

FIG. 14 is a flowchart for explaining the operation of the decoding unit in FIG. 12;

FIG. 15 is a diagram showing a configuration example of a clock provided in a decoding unit capable of updating the time.

FIG. 16 is a flowchart for explaining the time update operation of the clock shown in FIG. 15;

FIG. 17 is an overall view of a system including a client and a server when updating the time of a clock provided in a decoding unit via a network.

FIG. 18 is a diagram illustrating a configuration example of a time setting client in FIG. 17;

FIG. 19 is a diagram illustrating a configuration example of a time setting server in FIG. 17;

FIG. 20 is a flowchart for explaining the operation of the time setting client of FIG. 18;

FIG. 21 is a flowchart for explaining the operation of the time setting server in FIG. 19;

FIG. 22 is a flowchart for explaining the operation of the time setting server in FIG. 19;

FIG. 23 is a view showing a configuration example of a clock provided in the time setting client of FIG. 18;

24 is a flowchart for explaining the operation of the timepiece shown in FIG. 23;

FIG. 25 is a flowchart for explaining the operation of the timepiece shown in FIG. 23;

FIG. 26 is a diagram showing a configuration example of an information reproducing apparatus (second information reproducing apparatus) having functions of updating license information and charging.

FIG. 27 is a diagram showing a configuration example of a decoding unit in FIG. 26;

FIG. 28 is a flowchart for explaining the operation of the decoding unit in FIG. 27;

FIG. 29 is a diagram showing a configuration example of a license information update client unit in FIG. 26;

FIG. 30 is a flowchart for explaining the operation of the license information update client unit in FIG. 29;

FIG. 31 is a diagram showing a configuration example of a license information update server in FIG. 26;

FIG. 32 is a flowchart for explaining the operation of the license information update server in FIG. 31;

FIG. 33 is a diagram showing an example of the contents of a fee payment request for use of charging target information output from the license information update server.

FIG. 34 is a flowchart for explaining the operation of the entire system of FIG. 26 (a server and a client that communicate with each other via a network);

FIG. 35 is a diagram showing a configuration example of a license information update unit.

FIG. 36 is a flowchart for explaining the operation of the license information update unit in FIG. 35;

FIG. 37 is a flowchart for explaining the operation of the license information update unit in FIG. 35;

FIG. 38 is a diagram illustrating a configuration example of a charging apparatus for charging for use of charging target information.

FIG. 39 is a diagram showing an example of the configuration of a decoding unit of an information reproducing apparatus in which a countermeasure for preventing unauthorized copying of billing target information (determining based on a decoding unit ID) is taken.

FIG. 40 is a flowchart for explaining the operation of FIG. 39;

FIG. 41 is a diagram showing an example of the configuration of a license information update unit in which measures are taken to prevent unauthorized copying of billing target information.

FIG. 42 is a flowchart for explaining the operation of the license information update unit in FIG. 41;

FIG. 43 is a view showing another example of the configuration of a decryption unit that has taken measures to prevent unauthorized copying of charging target information (performs determination based on the decryption unit ID and the media ID).

FIG. 44 is a flowchart for explaining the operation of the decoding unit in FIG. 43;

FIG. 45 is a diagram illustrating a configuration example of a copying apparatus.

FIG. 46 is a flowchart for explaining the operation of the copying apparatus of FIG. 45;

FIG. 47 is a view showing a configuration example of a license information duplication unit of FIG. 45;

FIG. 48 is a flowchart for explaining the operation of the license information copying unit of FIG. 47;

FIG. 49 is a view showing a configuration example of an information reproducing apparatus (third information reproducing apparatus) when reproducing sub-information according to the embodiment of the present invention.

50 is a view showing a configuration example of the third information reproducing apparatus of FIG. 49.

FIG. 51 is a view showing a configuration example of the decoding unit in FIG. 49;

FIG. 52 is a flowchart for explaining the operation of the decoding unit in FIG. 51;

FIG. 53 is a view showing a configuration example of an information distribution system using the information recording device and the information reproducing device according to the present invention.

FIG. 54 is a view showing a configuration example of a decoding unit A according to the second embodiment of the present invention.

FIG. 55 is a view showing an example of license information input to a decryption unit A;

FIG. 56 is a view showing an example of update information output from the decoding unit A;

FIG. 57 is a flowchart for explaining the processing operation of the decoding unit A;

FIG. 58 is a flowchart for describing a schematic procedure of a key generation process in a key holding unit and a key generation unit of the decryption unit A;

FIG. 59 is a view showing a configuration example of a decoding unit B;

FIG. 60 is a view showing an example of license information input to a decryption unit B;

FIG. 61 is a flowchart for explaining the processing operation of the decoding unit B;

FIG. 62 is a view showing an example of update information output from a decoding unit B;

FIG. 63 is a view showing a configuration example of a decoding unit C;

FIG. 64 is a view showing an example of update information output from a decoding unit C;

FIG. 65 is a view showing a configuration example of a decoding unit D.

FIG. 66 is a view showing an example of license information input to a decryption unit D;

FIG. 67 is a flowchart for describing the processing operation of the decoding unit D;

FIG. 68 is a flowchart for explaining the processing operation of the decoding unit D;

FIG. 69 is a view showing an example of update information output from the decoding unit D;

FIG. 70 is a view showing a configuration example of a decoding unit D ′.

FIG. 71 is a view showing a configuration example of a license information update device corresponding to a decryption unit A;

FIG. 72 is a flowchart for explaining the processing operation of the license information updating device in FIG. 71;

FIG. 73 is a view showing a configuration example of a license information updating device corresponding to a decryption unit B;

FIG. 74 is a flowchart for explaining the processing operation of the license information updating device in FIG. 73;

FIG. 75 is a view showing a configuration example of an information distribution system according to a third embodiment.

FIG. 76 is a view showing another configuration example of the information distribution system according to the third embodiment.

FIG. 77 is a view showing a configuration example of a main part of an information reproducing apparatus to which a decoding determination card is attached.

FIG. 78 used in the information distribution system of FIG. 75
7 is a flowchart for explaining the processing operation of the information reproducing apparatus of No. 7;

FIG. 79 is a view showing a configuration example of a main part of a decryption determination card.

FIG. 80 is a flowchart for describing the processing operation of the decryption determination card in FIG. 79;

FIG. 81 is a view showing a configuration example of a time transfer unit of the decryption determination card in FIG. 79;

FIG. 82 is a view showing a configuration example of an authentication unit of the time transfer unit in FIG. 81;

FIG. 83 is a flowchart for explaining the processing operation of the authentication unit in FIG. 82;

FIG. 84 is a view showing a configuration example of a content key transfer unit of the decryption determination card of FIG. 79;

FIG. 85 is a view showing a configuration example of an authentication unit of the content key transfer unit of FIG. 84;

FIG. 86 is a flowchart for explaining the processing operation of the authentication unit in FIG. 85;

FIG. 87 is a view showing a configuration example of the timepiece of FIG. 77;

FIG. 88 is a view showing a configuration example of an authentication unit of the timepiece shown in FIG. 87;

FIG. 89 is a flowchart for explaining the processing operation of the authentication unit in FIG. 88;

FIG. 90 is a view showing a configuration example of a decoding determination unit in FIG. 79;

FIG. 91 is a flowchart for explaining the processing operation of the decoding determination unit in FIG. 90;

FIG. 92 is a view showing a configuration example of an information reproducing unit in FIG. 77;

FIG. 93 is a flowchart for explaining the processing operation of the information reproducing unit in FIG. 92;

FIG. 94 is a view showing a configuration example of an authentication unit of the information reproducing unit in FIG. 92;

FIG. 95 is a flowchart for explaining the processing operation of the authentication unit in FIG. 94;

FIG. 96 is a view showing another example of the configuration of the information reproducing unit in FIG. 77;

FIG. 97 is a view showing a configuration example of a license update device.

FIG. 98 is a flowchart for explaining the processing operation of the license update device;

FIG. 99 is a view showing a configuration example of a main part of a decryption determination card which manages an interface with an update IF of the license update device.

FIG. 100 is a flowchart for explaining the processing operation of the decryption determination card at the time of license update.

FIG. 101 is a view showing a configuration example of a license server.

FIG. 102 is a flowchart for explaining the processing operation of the license server;

FIG. 103 is a diagram showing an example of a system configuration including a user terminal, a license server, and an electronic payment device when a license is updated using electronic payment.

FIG. 104 is a view showing a configuration example of a license update device in the system configuration of FIG. 103;

FIG. 105 is a view showing a configuration example of a license server in the system configuration of FIG. 103;

106 is a flowchart for explaining the processing operation of the entire system when a license is updated in the system configuration in FIG. 103;

FIG. 107 is a view showing an example of the overall configuration of an information reproducing system according to a fourth embodiment of the present invention.

FIG. 108 is a view showing a configuration example of a license determination unit in FIG. 107;

109 is a flowchart for explaining the processing operation of the information reproducing apparatus in FIG. 107.

110 is a flowchart for explaining the processing operation of the information reproducing apparatus in FIG. 107.

111 is a flowchart for explaining the processing operation until the license information is stored in the license database in the information reproducing apparatus of FIG. 107.

112 is a flowchart for describing an operation of generating a decryption key of license information in the information generation device of FIG. 107.

FIG. 113 is a view showing a configuration example of content information.

FIG. 114 is a view showing a configuration example of license information.

FIG. 115 is a view showing a storage example of license information in a license information database.

FIG. 116 is a view showing a configuration example of license update information.

FIG. 117 is a view showing another example of storage of license information in the license information database.

FIG. 118 is a view showing another example of the configuration of the information reproducing apparatus shown in FIG. 107;

FIG. 119 is a view showing another configuration example of the license determination unit of FIG. 107;

120 is a flowchart for describing an operation performed by the information reproducing apparatus of FIG. 118 until a decryption key is generated by separating encrypted license information and decryption key seed information from a received broadcast wave.

FIG. 121 is a diagram showing an example of a data structure of a broadcast wave.

FIG. 122 is a view showing a configuration example of an information distribution system according to a fifth embodiment of the present invention.

FIG. 123 is a view showing an example of data recorded on a rental disk.

124 is a view showing a storage example w of a disk key in a content database provided in a center. FIG.

FIG. 125 is an exemplary view schematically showing a delivery method of a disk key in the information distribution system shown in FIG. 122;

FIG. 126 is a view showing a configuration example of a license creation device.

FIG. 127 is a view showing a configuration example of a license injection device.

FIG. 128 is a view showing a configuration example of a card.

FIG. 129 is a view showing a configuration example of a card adapter.

FIG. 130 is a view showing a configuration example of a player.

FIG. 131 is a flowchart for explaining the disk information creation processing operation in the license creation device.

FIG. 132 is a view showing a storage example of disk information in a license database of the license injection device.

133 is a sequence diagram showing an outline of a disk key distribution procedure in the information distribution system of FIG. 122 in the order of subscribing to a disk rental service, renting a disk, and playing back content.

134 is a flowchart showing in more detail the distribution procedure of the disk key shown in FIG. 133.

135 is a flowchart showing in more detail the distribution procedure of the disk key shown in FIG. 133.

FIG. 136 is a flowchart showing the distribution procedure of the disk key shown in FIG. 133 in more detail;

FIG. 137 is a flowchart showing the disk key distribution procedure shown in FIG. 133 in more detail;

FIG. 138 is a flowchart showing the disk key distribution procedure shown in FIG. 133 in more detail;

FIG. 139 is a flowchart showing the disk key distribution procedure shown in FIG. 133 in more detail;

FIG. 140 is a flowchart illustrating the distribution procedure of the disk key illustrated in FIG. 133 in more detail;

FIG. 141 is a sequence diagram schematically showing another distribution procedure of the disc key in the information distribution system of FIG. 122 in the order of subscribing to a disc rental service, renting a disc, and reproducing a content;

FIG. 142 is a flowchart showing in more detail the distribution procedure of the disk key shown in FIG. 141.

FIG. 143 is a flowchart showing the disk key distribution procedure shown in FIG. 141 in more detail;

FIG. 144 is a flowchart illustrating the distribution procedure of the disk key illustrated in FIG. 141 in more detail;

FIG. 145 is a flowchart showing the distribution procedure of the disk key shown in FIG. 141 in more detail;

FIG. 146 is a flowchart showing the disk key distribution procedure shown in FIG. 141 in more detail;

FIG. 147 is a flowchart for explaining an encryption parameter update processing operation;

FIG. 148 is a flowchart for describing an encryption parameter update processing operation;

FIG. 149 is a flowchart for explaining an encryption parameter update processing operation;

FIG. 150 is a view showing a configuration example of an information distribution system according to a sixth embodiment of the present invention.

FIG. 151 is an exemplary view for explaining information data used in each of a disc, a membership card, and a playback device for providing a rental service;

FIG. 152 is a diagram showing a configuration example of a playback device.

FIG. 153 is a flowchart for explaining the outline of the processing operation of the playback device in FIG. 152;

FIG. 154 is a flowchart for explaining a point addition processing operation;

FIG. 155 is a flowchart for describing license determination processing operation.

FIG. 156 is a flowchart for explaining a point subtraction processing operation;

FIG. 157 is a flowchart for describing a content display processing operation.

FIG. 158 is a flowchart for explaining the operation of updating the encryption key Kt;

FIG. 159 is a view showing a configuration example of a license / point injection device.

FIG. 160 is a flowchart for explaining the license information issuance processing operation of the license / point injection device.

FIG. 161 is a flowchart for explaining the point information issuance processing operation of the license / point injection device.

FIG. 162 is a diagram showing a configuration example of a center device.

FIG. 163 is a flowchart for explaining the license information issuance processing operation of the center device.

FIG. 164 is a flowchart for describing the point information issuance processing operation of the center device.

FIG. 165 is a view showing a configuration example of a playback device used in an information distribution system according to a seventh embodiment of the present invention.

FIG. 166 is a view showing an example of media recording information.

FIG. 167 is a flowchart for describing the processing operation of the playback device of FIG. 165;

FIG. 168 is a diagram illustrating another configuration example of the playback device.

FIG. 169 is a view showing still another example of the configuration of the playback device (when the media recording information in FIG. 170 is used);

FIG. 170 is a view showing another example of media recording information.

FIG. 171 is a flowchart for describing the processing operation of the playback device in 169 when the media recording information in FIG. 170 is used;

FIG. 172 is a view for explaining an embedding position of WM information;

[Explanation of symbols]

DESCRIPTION OF SYMBOLS 1 ... Information recording device, 2 ... Billing information input part, 3 ... License information generation part, 4 ... Usage condition input part, 5 ... Decryption key input part, 6 ... Key holding part, 7 ... Encryption part, 8 ... Recording Part, 9 ...
Information storage unit, 100: information reproducing device, 101: information storage unit, 102: reading unit, 103: decoding unit, 10
4 Reproduction unit, 1001 Information recording device, 1002 License information reproduction unit, 1003 Information recording unit, 1004
Information storage unit, 1011 information recording device, 1012 read unit, 1013 decoding unit, 1014 reproduction unit,
1015 Information storage unit. 2001: license information input unit, 2002: decryption unit, 2003: determination unit, 2004 ...
Update information generation unit, 2005: key storage unit, 2006: key generation unit, 2007: clock reference unit, 2008: license information update device, 2009: use condition input unit, 2010: clock, 2020: information use device. 3001 ... Decryption judgment card 3002 ... Removable media reader, 300
3 ... removable information storage medium, 3004 ... information reproducing unit, 3005 ... clock. 5001 ... License creation device, 5002 ... Content database (DB), 50
03: License injection device, 5004: Card adapter, 5005: Player, P: Card, D: Rental disk, 7000: Information reproduction device, 7001: Information media driver, 7002: Information utilization device, 7008,
8009 ... License determination unit. 7101: playback device, 7102: membership card, 7103: information recording medium (disk), 7111: license / point injection device, 7121: center device. 8101 ... media,
8102: Media reading unit, 8103: Decoding unit,
8110 card, 8112 display device, 8121 broadcast wave receiving unit (tuner).

────────────────────────────────────────────────── ───

[Procedure amendment]

[Submission date] July 3, 1998

[Procedure amendment 1]

[Document name to be amended] Drawing

[Correction target item name] All figures

[Correction method] Change

[Correction contents]

[Fig. 1]

[Fig. 3]

[Fig. 5]

[Fig. 6]

FIG.

FIG. 116

FIG. 2

[Fig. 4]

FIG.

FIG. 55

FIG. 121

[Fig. 7]

[Fig. 8]

[Fig. 9]

FIG. 33

FIG. 56

FIG. 60

FIG. 62

FIG. 64

FIG. 69

FIG. 10

FIG.

FIG. 37

FIG. 66

FIG. 113

FIG. 115

FIG. 11

FIG. 13

FIG.

FIG.

FIG. 117

FIG. 124

FIG. 14

FIG. 16

FIG.

FIG. 21

FIG.

FIG. 23

FIG. 25

FIG. 84

FIG. 87

FIG. 132

FIG. 24

FIG. 26

FIG. 27

FIG. 36

FIG. 81

FIG. 28

FIG. 29

FIG. 31

FIG. 96

FIG. 111

FIG.

FIG. 32

FIG. 34

FIG. 35

FIG. 38

FIG. 39

FIG. 40

FIG. 41

FIG. 42

FIG. 45

FIG. 49

FIG. 43

FIG. 47

FIG. 51

FIG. 44

FIG. 46

FIG. 48

FIG. 50

FIG. 52

FIG. 53

FIG. 54

FIG. 114

FIG. 123

FIG. 172

FIG. 57

FIG. 65

FIG. 58

FIG. 59

FIG. 61

FIG. 70

FIG. 63

FIG. 68

FIG. 71

FIG. 67

FIG. 72

FIG. 73

FIG. 75

FIG. 76

FIG. 74

FIG. 166

FIG. 77

FIG. 79

FIG. 82

FIG. 85

FIG. 92

FIG. 78

FIG. 80

FIG. 83

FIG. 170

FIG. 86

FIG. 88

FIG. 93

FIG. 89

FIG. 90

FIG. 94

FIG. 91

FIG. 95

FIG. 112

FIG. 122

FIG. 97

FIG. 99

FIG. 101

FIG. 98

FIG. 151

FIG. 157

FIG. 100

FIG. 103

FIG. 102

FIG. 104

FIG. 105

FIG. 125

FIG. 106

FIG. 107

FIG. 108

FIG. 110

FIG. 109

FIG. 118

FIG. 119

FIG. 120

FIG. 126

FIG. 127

FIG. 128

FIG. 129

FIG. 130

FIG. 131

FIG. 133

FIG. 134

FIG. 135

FIG. 136

FIG. 137

FIG. 138

FIG. 139

FIG. 140

FIG. 150

FIG. 141

FIG. 142

FIG. 143

FIG. 144

FIG. 145

FIG. 146

FIG. 152

FIG. 147

FIG. 148

FIG. 149

FIG. 153

FIG. 154

FIG. 155

FIG. 158

FIG. 156

FIG. 159

FIG. 162

FIG. 160

FIG. 161

FIG. 163

FIG. 164

FIG. 165

FIG. 168

FIG. 167

FIG. 169

FIG. 171

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁶ Identification symbol FI G06F 13/00 351 G06F 13/00 351Z // G09C 1/00 660 G09C 1/00 660D (72) Inventor Kazuo Sumita Kawasaki, Kanagawa Prefecture No. 1, Komukai Toshiba-cho, Ichiko-ku, Toshiba R & D Center (72) Inventor Hideki Hirakawa No. 1, Komukai Toshiba-cho, Kochi-ku, Kawasaki, Kanagawa Pref. Toshiba R & D Center (72) Inventor Sugaya Kotobuki Kotomu Toshiba R & D Center, Kochi, Kawasaki City, Kanagawa Prefecture (72) Inventor Masahiro Kajiura 1 Toshiba Komukai Toshiba, Kachi Ward, Kawasaki City, Kanagawa Prefecture Toshiba R & D Center

Claims (71)

[Claims] 1. An encrypted license information including encryption means for encrypting content information, and at least a use condition for restricting use of the content information and a decryption key for decrypting the content information. Information recording, comprising: license information generating means; and recording means for recording, on a recording medium, content information encrypted by the encryption means and license information generated by the license information generating means. apparatus. 2. A cipher that includes a separating unit that separates a part of information from content information, and at least a part of the information separated by the separating unit and a use condition for restricting use of the content information. License information generating means for generating encrypted license information, and recording means for recording the license information generated by the license information generating means and another part of the content information on a recording medium. Information recording device. 3. Record information generating means for generating encrypted record information including content information and at least usage conditions for restricting use of the content information, and a record generated by the record information generating means. An information recording apparatus, comprising: recording means for recording information on a recording medium. 4. The encrypted content information and encrypted license information including at least a usage condition for restricting use of the content information and first key information for decrypting the content information. In an information reproducing apparatus for reproducing the content information from a recorded recording medium, storage means for storing second key information for decrypting the license information, and second key information stored in the storage means A first decryption unit for decrypting the license information recorded on the recording medium by using the first and second decryption units; and Determining means for determining, when the determining means determines that use of the content information is possible, the decryption means decrypted by the first decrypting means; Information reproducing apparatus characterized by being provided with a second decoding means for decoding the contents information recorded on the recording medium using the first key information included in the sense information. 5. A recording medium in which a part of content information, at least a use condition for restricting use of the content information, and encrypted license information including another part of the content information are recorded. In the information reproducing apparatus for reproducing the content information, a storage unit for storing key information for decrypting the license information, and a license information recorded on the recording medium using the key information stored in the storage unit. Decrypting means for decrypting, determining means for determining whether or not the content information can be used based on usage conditions included in the license information decrypted by the decrypting means; and determining that the content information can be used by the determining means. When a part of the content information included in the license information decrypted by the decryption unit, Information reproducing apparatus according to claim part and synthesized to by comprising a reproducing means for reproducing said content information of said content information being recorded. 6. An information reproducing apparatus for reproducing said content information from a recording medium on which encrypted recording information including at least content information and usage conditions for restricting use of said content information is recorded, wherein Storage means for storing key information for decoding information; decoding means for decoding recording information recorded on the recording medium using the key information stored in the storage means; Determining means for determining whether or not the content information can be used based on a usage condition included in the recorded information, and when the determining means determines that the content information can be used, the content decrypted by the decrypting means. An information reproducing apparatus, comprising: reproducing means for reproducing information. 7. The use condition includes at least a use period of the content information, and the determination unit includes a measurement unit that measures a date and time, and compares the date and time measured by the measurement unit with the use period. The information reproducing apparatus according to any one of claims 4 to 6, wherein whether or not the content information can be used is determined. 8. The use condition includes at least a use period of the content information, the determination unit includes a measurement unit that measures a date and time, and an update invalidation unit that invalidates update of the date and time measured by the measurement unit. 7. The apparatus according to claim 4, further comprising: comparing the date and time measured by the measurement unit with the use expiration date to determine whether the content information can be used. 8. Information reproducing device. 9. The use condition includes at least a use period of the content information, the determination unit includes a measurement unit that measures a date and time, and an encrypted update for updating the date and time measured by the measurement unit. Receiving means for receiving information; and updating means for decrypting the encrypted update information received by the receiving means and updating the date and time measured by the measuring means based on the decrypted update information. The information reproducing apparatus according to any one of claims 4 to 6, further comprising comparing the date and time measured by the measuring unit with the expiration date to determine whether the content information can be used. apparatus. 10. The use condition includes at least a use period of the content information and a recording date and time of the information on the recording medium, and the determining unit includes a measuring unit that measures the date and time, and is measured by the measuring unit. The information reproducing apparatus according to any one of claims 4 to 6, wherein a determination is made as to whether or not the content information can be used by comparing the date and time with which the content is used with the recording date and time. 11. The use condition includes at least a content information identifier for identifying the content information, and when the determination unit determines that the use of the content information is not possible, the content information corresponding to the content information identifier Requesting means for requesting payment of a fee for use of, and updating means for updating at least usage conditions recorded on the recording medium when payment of the fee is confirmed in response to the request. 7. Any one of claims 4 to 6, wherein
An information reproducing apparatus according to any one of the above. 12. The use condition includes at least a use period of the content information, and the use condition does not include a decryption unit identifier for identifying the unit for limiting a unit capable of decoding the license information. And a use condition updating unit for adding a decryption unit identifier of a unit capable of decrypting the license information to the use condition, wherein the determination unit determines whether the content information can be used based on the use period and the decryption unit identifier. The information reproducing apparatus according to any one of claims 4 to 5, wherein the information reproducing apparatus determines: 13. The use condition includes at least a use period of the content information, and the use condition does not include a decryption unit identifier for identifying the unit for limiting a unit capable of decoding the record information. And a use condition update unit for adding a decryption unit identifier of a unit capable of decoding the recording information to the use condition, wherein the determination unit determines whether the content information can be used based on the use period and the decryption unit identifier. 7. The information reproducing apparatus according to claim 6, wherein the determination is made as follows. 14. The use condition includes at least a medium identifier for identifying a recording medium on which the content information can be recorded, and the determination unit further determines whether the content information can be used based on the medium identifier. The information reproducing apparatus according to any one of claims 4 to 6, wherein: 15. A charging apparatus for charging for use of content information recorded on a recording medium, comprising: input means for inputting a usage condition of content information recorded on the recording medium; and a usage condition input by the input means. Requesting means for requesting payment of a fee for use of the content information based on the request, and when the payment of the fee is confirmed in response to the request, license information including at least the usage conditions input by the input means is recorded on the recording medium And a recording means for recording the information in the accounting device. 16. Charging for charging the use of the content information via a recording medium on which the content information and encrypted license information including at least a use condition for restricting the use of the content information are recorded. In the apparatus, input means for inputting the encrypted license information recorded on the recording medium, decoding means for decoding the encrypted license information input by the input means, and for using the content information A use condition input unit for inputting use conditions of the content information; a request unit for requesting payment of a fee for use of the content information based on the use conditions input by the use condition input unit; When confirmed, the decryption unit decrypts the code based on the use condition input by the use condition input unit. Update means for updating the sense information; encryption means for encrypting the license information updated by the update means; and output means for outputting the license information encrypted by the encryption means. Billing device. 17. Use of the content information based on encrypted license information including at least usage conditions for restricting use of the content information and first key information for decrypting the content information. A key generation means for generating second key information for decrypting the license information at predetermined time intervals; and a second key information generated by the key generation means. Decryption means for decrypting using the key information of the content information; determining means for determining whether or not the content information can be used based on usage conditions included in the license information decrypted by the decryption means; Output means for outputting the first key information included in the license information decrypted by the decryption means when it is determined that the license information can be used; Determination apparatus characterized by the. 18. The key generation unit generates a public key used for encrypting the license information and a secret key corresponding to the public key for decrypting the license information. Update request means for requesting update of the license information by notifying at least a newly specified use condition and a public key newly generated by the key generation means when it is determined that use is impossible. The license information updated in response to the license information update request by the update request unit is encrypted with a public key newly generated by the key generation unit notified at the time of the update request. 18. The determination device according to claim 17, wherein 19. At least use conditions for restricting use of content information, encrypted first key information for decrypting the content information, and encrypted first key information.
For determining whether or not to use the content information based on encrypted license information including first key generation information necessary for generating second key information for decrypting the key information A decryption unit for decrypting the license information; a determination unit for determining whether to use the content information based on a use condition included in the license information decrypted by the decryption unit; Output means for outputting encrypted first key information and first key generation information included in the license information decrypted by the decryption means when it is determined that the license information can be used. Characteristic determination device. 20. When the determination means determines that the use of the content information is not possible, at least a newly specified use condition and the second information unique to the use device acquired from the use device of the content information. Update request means for notifying second key generation information required for generating key information and requesting update of the license information, comprising: receiving a license information update request by the update request means 20. The determination apparatus according to claim 19, wherein the use condition, the first key generation information, and the second key information are updated. 21. At least a use condition for restricting use of content information, encrypted first key information for decrypting the content information, and decryption of the encrypted first key information. A determination device for determining whether or not the content information can be used based on encrypted license information including first key generation information necessary for generating the second key information. Key generation means for generating third key information to be performed at predetermined time intervals, decryption means for decrypting the input license information using the third key information generated by the key generation means, Determining means for determining whether or not the content information can be used based on usage conditions included in the license information decrypted by the decrypting means; and determining whether the content information can be used by the determining means. Output means for outputting encrypted first key information and first key generation information included in the license information decrypted by the decryption means when it is determined that Judgment device. 22. The key generation means generates a public key used for encrypting the license information and a secret key corresponding to the public key for decrypting the license information. When it is determined that the use is impossible, at least the newly specified use condition and the second key information required for generating the second key information unique to the use device obtained from the use device of the content information are used. Update request means for notifying the key generation information and the public key newly generated by the key generation means and requesting the update of the license information, and comprising: a license information update request by the update request means. In response, the use condition, the first key generation information, and the second key information are updated, and the updated license information is
22. The determination apparatus according to claim 21, wherein the determination is performed using a public key newly generated by the key generation unit notified at the time of the update request. 23. A system in which at least use conditions for restricting use of content information and first key information for decrypting the content information are encrypted with second key information, and at least the second key information. A determination device for determining whether or not the content information can be used based on license information including key generation information necessary for generating key information; Key generating means for generating key information of the following; decryption means for decrypting the use condition and the first key information included in the license information using the second key information generated by the key generating means; Determining means for determining whether or not the content information can be used based on the usage conditions decrypted by the decrypting means; and when the determining means determines that the content information can be used. Determination apparatus characterized by comprising and an output means for outputting the first key information decoded by said decoding means. 24. A system in which at least a use condition for restricting use of content information and first key information for decrypting the content information are encrypted with second key information, and at least the second key information. A determination device for determining whether the content information can be used based on license information including two pieces of key generation information necessary for generating key information, wherein the two pieces of key generation information included in the input license information Key generating means for generating the second key information based on the key information, and using the second key information generated by the key generating means, decrypts the use condition and the first key information included in the license information. Decrypting means; determining means for determining whether or not the content information can be used based on the use conditions decrypted by the decrypting means; and the determining means enables use of the content information. An output unit that outputs the first key information decrypted by the decryption unit when the determination is made, and an output unit that outputs at least the two pieces of key generation information when the determination unit determines that the use of the content information is impossible. Update request means for notifying one or one of the key generation information and a newly designated use condition and requesting update of the license information, A determination device, wherein upon receiving an information update request, the use condition, the other key generation information, and the second key information are updated. 25. Whether the use of the content information is permitted or not is determined based on license information encrypted with a public key including at least a use condition for restricting use of the content information and key information for decrypting the content information. Upon receiving a request for updating the license information by notifying at least the newly specified use condition and the updated public key from the determination device, the update device for updating the license information based on the request. And updating the updated license information with the notified public key. 26. At least a use condition for restricting use of the content information, an encrypted first key information for decrypting the content information, and the encrypted first key information.
A determination device that determines whether or not the content information can be used based on encrypted license information including first key generation information necessary for generating second key information for decrypting the key information. When a newly specified use condition and second key generation information necessary for generating the second key information are notified and a request for updating the license information is received, the license is updated based on the request. An updating device for updating information, wherein the use condition and the first key generation information are updated, and the second key generation information is updated based on the updated first key generation information and the second key generation information. Key information is updated, and the updated second
Encrypting the first key information with the updated key information, at least the updated usage condition, the first key information encrypted with the updated second key information, and the updated first key information. An updated apparatus for generating encrypted license information including key generation information. 27. Use conditions for restricting use of at least content information, encrypted first key information for decrypting the content information, and the encrypted first key information.
For determining whether or not to use the content information based on license information encrypted with a public key including first key generation information necessary for generating second key information for decrypting the key information From at least the newly specified use condition and the second key necessary to generate the second key information.
An update device that, when notified of the key generation information and the updated public key and receives a request for updating the license information, updates the license information based on the request, wherein the use condition and the first Is updated, and the second key information is updated based on the updated first key generation information and the second key generation information.
Encrypting the first key information with the updated key information, at least the updated usage condition, the first key information encrypted with the updated second key information, and the updated first key information. An update device, which generates license information including key generation information and encrypts the generated license information with the notified public key. 28. A system in which at least use conditions for restricting use of content information and first key information for decrypting the content information are encrypted with second key information, and at least the second key information is used for decrypting the content information. A determination device that determines whether or not the content information can be used based on license information including two pieces of key generation information necessary for generating key information;
At least one of the two pieces of key generation information or an update of one of the pieces of key generation information and a newly specified use condition are notified, and a request for updating the license information is received. An update device for updating the license information based on the usage condition and the other key generation information, and based on the updated other key generation information and the notified one key generation information. Updating the second key information, encrypting at least the updated use condition and the first key information with the updated second key information, and at least one of the notified keys An updating apparatus for generating license information including generation information and the updated other key generation information. 29. Encrypted first key information for decrypting encrypted content information and first key information necessary for generating second key information for decrypting the first key information. The key generating information is input, and in the information using apparatus for decrypting and using the content information, the second key generating information necessary for generating the second key information for decrypting the first key information is provided. And generates the second key information based on the second key generation information and the input first key generation information. The encrypted second key information is generated using the generated second key information. An information using apparatus for decoding content information. 30. A use condition for restricting use of at least the content information and a first condition for decrypting the content information, wherein the encrypted content information recorded on the recording medium is stored in the recording medium. In an information using apparatus for decrypting and using based on the encrypted license information including the key information, a measuring unit for measuring the date and time; Determining means for determining whether or not use of the content information is possible based on the first key information output from the determining means when the determining means determines that the use of the content information is possible; Decoding means for decoding content information recorded on a medium, information for notifying a date and time from the measuring means to the determining means. , Information use device wherein the first key information outputted from the judging means to the decoding means is characterized by being encrypted. 31. The information use apparatus according to claim 30, wherein said determination means is detachable. 32. The information use apparatus according to claim 30, wherein the information for notifying the date and time from the measuring unit to the determining unit is encrypted by using common key information for encryption and decryption. . 33. Information for notifying a date and time from said measuring means to said determining means is encrypted and decrypted using key information generated by each of said measuring means and said determining means. 31. The information utilization device according to claim 30, wherein: 34. Information for notifying the date and time from the measuring means to the judging means is based on first key generation information respectively held by the measuring means and the judging means and a random number notified each other. 31. The information utilization apparatus according to claim 30, wherein the information is encrypted and decrypted using the generated key information. 35. The information utilization method according to claim 30, wherein the first key information output from the determination means to the decryption means is encrypted using common key information for encryption and decryption. apparatus. 36. A method according to claim 36, wherein the first key information output from said determination means to said decryption means is encrypted and decrypted using key information generated by each of said determination means and said decryption means. The information utilization device according to claim 30, characterized in that: 37. The first key information output from the determination means to the decryption means includes second key generation information held by each of the determination means and the decryption means and a random number notified each other. 31. The information use apparatus according to claim 30, wherein the apparatus is encrypted and decrypted using key information generated based on the information. 38. When the information for notifying the date and time is decoded, the determination means uses the information to determine whether or not the content information can be used only when the data format is a predetermined format. 31. The method of claim 30, wherein
Information utilization device as described. 39. The determination means measures a time until information for notifying the date and time arrives, and uses the information only when the time is within a predetermined time. 31. The information use apparatus according to claim 30, wherein the information use apparatus is used for determining whether or not the information can be used. 40. A storage means for storing a pair of a second key information for encrypting the license information and a third key information for decrypting the license information corresponding thereto, and the recording medium. And a second decryption unit for retrieving the third key information from the storage unit based on the identification information of the third key information recorded in the storage unit and decrypting the license information. 31. The information reproducing apparatus according to claim 30, wherein at least a part of the stored pair of the second key information and the third key information is updated. 41. A storage means for storing a pair of a second key information for encrypting the license information and a third key information for decrypting the license information corresponding to the license information, And a second decryption unit for retrieving third key information from the storage unit based on the identification information of the third decryption key recorded in the storage unit and decrypting the license information. 31. The information use apparatus according to claim 30, wherein at least a part of the pair of the stored second key information and third key information is unique to each determination unit. 42. Encrypted content information and encrypted license information including at least usage conditions for restricting use of the content information and first key information for decrypting the content information The determining device that inputs the encrypted license information read from the recorded recording medium and the encrypted date and time information for notifying the date and time and determines whether the content information can be used. A first decryption unit for decrypting the encrypted license information; a second decryption unit for decrypting the encrypted date and time information; and a decryption unit configured to decrypt the encrypted license information by the first and second decryption units. Determining means for determining whether the content information can be used based on the information; and determining that the first key information is encrypted when the determining means determines that the content information can be used. It turned into comprises a, and output means for outputting, characterized in that it consists of a portable recording medium having an arithmetic function determination device. 43. The judgment according to claim 42, wherein said second decryption means performs decryption using key information generated based on first key generation information and a random number stored in advance. apparatus. 44. The determination means uses the date and time information to determine whether the content information can be used only when the data format of the date and time information decrypted by the second decryption means is a predetermined format. 43. The determination device according to claim 42, wherein: 45. The determination means measures the time until the encrypted date and time information arrives, and uses the date and time information only when the time is within a predetermined time. 43. The determination apparatus according to claim 42, wherein the determination apparatus is used to determine whether or not the determination is made. 46. Second key information for encrypting the additional information and third key information for decrypting the license information corresponding to the second key information.
Storage means for storing a pair with the key information, wherein the first decryption means stores the storage means based on identification information for designating the third key information read from the recording medium. And decrypting the license information by retrieving the third key information, and at least a part of the pair of the second key information and the third key information stored in the storage unit is updated. The determination device according to claim 42, wherein: 47. A second method for encrypting the license information
Storage means for storing a pair of key information and third key information for decrypting the license information corresponding to the third key information, wherein the first decryption means stores the third key recorded on the recording medium. The third key information is retrieved from the storage unit based on the identification information of the information, the license information is decrypted, and a pair of the second key information and the third key information stored in the storage unit is retrieved. 43. The determination device according to claim 42, wherein at least a part is updated. 48. A second method for encrypting the license information
Storage means for storing a pair of key information and third key information for decrypting the license information corresponding to the third key information, wherein the first decryption means stores the third key recorded on the recording medium. The third key information is retrieved from the storage unit based on the identification information of the information, the license information is decrypted, and a pair of the second key information and the third key information stored in the storage unit is retrieved. 43. The determination device according to claim 42, wherein at least a part is unique to each determination device. 49. The determination apparatus according to claim 17, wherein said key generation means generates second key information at predetermined time intervals based on said time information. 50. The determination apparatus according to claim 21, wherein said key generation means generates third key information at predetermined time intervals based on said time information. 51. The license information decrypted by the decryption means includes authentication information for determining whether the decryption result is correct.
The determination device according to 9 or 21 or 23 or 24. 52. Whether the content information can be used based on encrypted license information including at least usage conditions for restricting use of the content information and first key information for decrypting the content information. A key generating means for generating second key information for decrypting the license information based on the first key generation information broadcast-distributed; and Decryption means for decrypting using the generated second key information; determination means for determining whether or not the content information can be used based on usage conditions included in the license information decrypted by the decryption means; Outputting the first key information included in the license information decrypted by the decryption means when it is determined that the content information can be used in Determination apparatus characterized by comprising a force means. 53. A storage unit for storing the input encrypted license information, a selecting unit for selecting the encrypted license information corresponding to the content information from the encrypted license information stored in the storage unit, 53. The determination device according to claim 17, wherein the decryption unit decrypts the encrypted license information selected by the selection unit. 54. A storage unit for storing the input encrypted license information, and the content information based on a predetermined priority order of the type of the license information from the encrypted license information stored in the storage unit. 53. The determination apparatus according to claim 17 or 52, wherein a selection unit that selects encrypted license information corresponding to (i), and the decryption unit decrypts the encrypted license information selected by the selection unit. 55. A key distribution device for distributing first key information necessary for decrypting encrypted content information recorded on a recording medium to an information using device using the content information, First storage means for storing a first secret parameter shared with the device; first secret parameter stored in the first storage means; First key generation means for generating second key information based on the first public parameter, and first encrypted key information including at least the first key information. Encrypting means for encrypting with the second key information generated by the generating means; and delivering the second encrypted information including at least the first encrypted information encrypted by the encrypting means to the information using apparatus. Means and Key distribution device according to claim. 56. The key distribution device according to claim 55, wherein the first encryption information includes a use condition for restricting use of the content information. 57. The key distribution device according to claim 55, wherein the second encryption information includes a use condition for restricting use of the content information. 58. A second storage unit for storing a second secret parameter shared with the information use device, and receiving encrypted identification information of the information use device from the information use device. Receiving means for generating third key information based on a second secret parameter stored in the second storage means and a second public parameter exchanged between the information using apparatus; Key generation means; and the third identification information generated by the second key generation means,
A first decryption unit for decrypting the information using the key information, and the encryption unit, together with the first encryption information, the identification information of the information using apparatus decrypted by the first decryption unit.
56. The key distribution device according to claim 55, wherein the second key information is generated by encrypting with the key information. 59. The key distribution device according to claim 55, wherein communication with the information use device is performed via a recording medium having an arithmetic function. 60. Communication with the information use device is performed via a recording medium having an arithmetic function, and a third storage for storing a third secret parameter shared with the recording medium. Means, receiving means for receiving identification information of the recording medium encrypted from the recording medium, third secret parameters stored in the third storage means, and exchanged between the recording medium. Third key generation means for generating fourth key information based on the third public parameter, and the third key generation means for transmitting the encrypted identification information of the recording medium received by the reception means to the third key generation means. A second decryption unit that decrypts using the third key information generated in the step (a), and the encryption unit combines the identification information of the recording medium decrypted by the second decryption unit together with the first encryption information. Encrypting with the second key information to form a second cipher; Key distribution device according to claim 55, wherein the generating a broadcast. 61. Use of the content information based on encrypted license information including at least usage conditions for restricting use of the content information and first key information for decrypting the content information. A first device shared with the license information distribution device.
A first storage unit for storing a secret parameter of the first storage unit; and a second public parameter exchanged between the first secret parameter stored in the first storage unit and the distribution device. First key generation means for generating key information; first decryption means for decrypting the received encrypted license information with second key information generated by the first key generation means; Determining means for determining whether or not the content information can be used based on usage conditions included in the license information decrypted by the first decrypting means; and when the determining means determines that the content information can be used, Output means for outputting the first key information included in the license information decrypted by the decryption means. 62. A second storage means for storing a second secret parameter shared with an information using apparatus using the content information, and the output means is stored in the second storage means. A second key generation means for generating third key information based on the second secret parameter obtained and a second public parameter exchanged between the information use apparatus; and a second key generation means. 62. The determination device according to claim 61, wherein the first key information is encrypted with the generated third key information and output to the information using device. 63. A third storage means for storing a third secret parameter shared with an information using apparatus using the content information, and a first storing the content information from the information using apparatus. Receiving the encrypted identification information of the recording medium
And third key information generating means for generating fourth key information based on a third secret parameter stored in the third storage means and a third public parameter exchanged between the information use device. Key generating means, and second decrypting means for decrypting the encrypted identification information received by the first receiving means with the fourth key information generated by the third key generating means; 62. The determination apparatus according to claim 61, wherein the means determines whether the content information can be used based on the identification information decrypted by the second decryption means and the decrypted license information. 64. The determination device according to claim 61, wherein communication with the distribution device is performed via a recording medium having an arithmetic function. 65. Communication with the distribution device is performed via a recording medium having an arithmetic function, and fourth storage for storing a fourth secret parameter shared with the recording medium. Means, a second receiving means for receiving encrypted identification information of the recording medium from the recording medium, a fourth secret parameter stored in the fourth storage means, and the recording medium A fourth key generation means for generating fifth key information based on the fourth public parameter exchanged in the second step, and the second key information using the fifth key information generated by the fourth key generation means. Third decrypting means for decrypting the encrypted identification information received by the receiving means, and the determining means based on the identification information decrypted by the third decrypting means and the decrypted license information. Determining whether the content information can be used Determination apparatus according to claim 61, wherein. 66. Decrypting and using the content information based on encrypted license information including at least usage conditions for restricting use of the content information and first key information for decrypting the content information. A first information shared with the license information distribution device.
A first storage unit for storing a secret parameter of the first storage unit; and a second public parameter exchanged between the first secret parameter stored in the first storage unit and the distribution device. First key generation means for generating key information; first decryption means for decrypting the received encrypted license information with second key information generated by the first key generation means; Determining means for determining whether or not the content information can be used based on usage conditions included in the license information decrypted by the first decrypting means; and when the determining means determines that the content information can be used, An information utilization device, wherein the content information is decrypted by using first key information included in the license information decrypted by the decrypting means. 67. A second storage for storing third key information for decrypting encrypted first encryption information including at least the first key information and the use condition included in the license information. Means, second decryption means for decrypting the first encryption information included in the license information decrypted by the decryption means using third key information stored in the second storage means, 67. The information utilization device according to claim 66, comprising: 68. The information use apparatus according to claim 66, wherein communication with said distribution apparatus is performed via a recording medium having an arithmetic function. 69. Communication with the distribution device is performed via a recording medium having an arithmetic function, and a third storage for storing a second secret parameter shared with the recording medium. Means, receiving means for receiving the encrypted identification information of the recording medium from the recording medium, second secret parameters stored in the third storage means, and exchanged between the recording medium A fourth key generation unit that generates fourth key information based on the second public parameter, and the encrypted identification information received by the reception unit is generated by the fourth key generation unit. A third decryption unit for decrypting using the fourth key information; and the determination unit determines whether to use the content information based on the identification information decrypted by the third decryption unit and the decrypted license information. It is characterized by judging propriety Information utilization apparatus of Motomeko 66, wherein. 70. A recording having an arithmetic function in which encrypted license information including at least usage conditions for restricting use of content information and first key information for decrypting the content information is recorded. A first medium shared with a license information recording device.
Storage means for storing a secret parameter and a second secret parameter shared between a determination device for determining whether or not the content information can be used based on the license information; Second storage means for storing information; and second key information based on first secret parameters stored in the first storage means and first public parameters exchanged between the recording device. First key generation means for generating the first key generation means, first encryption means for encrypting the identification information using the second key information generated by the first key generation means, and first storage means Second key generation means for generating third key information based on a second secret parameter stored in the storage device and a second public parameter exchanged between the determination device and the second key generation device. Using the third key information generated by the A second encrypting means for encrypting the identification information by using the first and second encrypting means, and a transmitting means for transmitting the identification information encrypted by the first and second encrypting means to the recording device and the determination device. Recording medium characterized by the above-mentioned. 71. A recording medium having an arithmetic function in which encrypted license information including at least usage conditions for restricting use of content information and first key information for decrypting the content information is recorded. And a first device shared with the license information recording device.
First storage means for storing a secret parameter of the above and a second secret parameter shared between the information utilizing apparatus utilizing the content information based on the license information; and storing pre-given identification information. Second key information is generated based on a first secret parameter stored in the first storage means and a first public parameter exchanged between the recording device. A first key generation unit, a first encryption unit that encrypts the identification information using the first key information generated by the first key generation unit, and a first storage unit that is stored in the first storage unit. A second key generation means for generating third key information based on the second secret parameter obtained and a second public parameter exchanged between the information use apparatus; and a second key generation means. Using the generated third key information A second encryption unit for encrypting the identification information; and a transmission unit for transmitting the identification information encrypted by the first and second encryption units to the recording device and the information use device. Recording medium characterized by the above-mentioned.