JP2013141171A - Information processing device and information processing method and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To realize a configuration to prevent the unauthorized use of contents based on leakage of a content encryption key.SOLUTION: A substitution key applied region in a content received from a server which was encrypted by a substitution key is decrypted, and a key reapplication process is executed by using an individual key differing between information storage devices or in units of content distribution, whereby an encrypted content having had its key reapplied is stored. The information storage device generates an encrypted substitution and individual key token and temporarily outputs it to a host device, and receives an encrypted content and a token encrypted by the substitution key from the host device. The information storage device acquires the substitution and the individual keys from the token, and then executes a key reapplication process to decrypt the encrypted content encrypted by the substitution key and encrypt it by the individual key. The encrypted content having had its keys reapplied becomes an encrypted content differing for each client, making it possible to identify a client from which the content or the individual key leaked.

Description

  The present disclosure relates to an information processing device, an information processing method, and a program. In particular, the present invention relates to an information processing apparatus, an information processing method, and a program that realize a configuration for preventing unauthorized use of content.

  Recently, various media such as a DVD (Digital Versatile Disc), a Blu-ray Disc (registered trademark), or a flash memory are used as information recording media. In particular, recently, the use of a memory card such as a USB memory equipped with a large-capacity flash memory has become popular. The user can record content such as music and movies on such various information recording media (media) and attach the content to a playback device (player) to play back the content.

  In recent years, the distribution of content via networks has become popular, and the form of content purchase processing by users has gradually shifted from the purchase of discs prerecorded with content to the process of downloading from a server connected to the network. .

Specific content purchase modes include, for example, the following content purchase modes in addition to processing for purchasing media such as a ROM disk.
(A) EST (Electric Cell Through) that downloads and purchases content by connecting to a content providing server using a user device such as a network-connectable terminal or PC.
(B) MoD (Manufacturing on Demand) for recording content on a user's media (memory card or the like) using a convenience store or a shared terminal installed in a public space such as a station.

As described above, if a user has a medium such as a memory card for recording content, the user can freely select and purchase various contents from content sources such as various content providing providers and record them on his own media. Can do.
In addition, about the process of EST, MoD, etc., it describes in patent document 1 (Unexamined-Japanese-Patent No. 2008-98765), for example.

  However, many contents such as music data and image data have copyrights, distribution rights, etc. owned by their creators or distributors. Therefore, when providing content to the user, the usage is restricted to a certain usage restriction, that is, only the user having a regular usage right is allowed to use the content, and the unauthorized use such as copying is not performed. It has become common to do.

Specifically, when a user downloads content such as a movie from a server and records it on a recording medium such as a user's memory card, for example, the following processing is performed.
The server provides the content as encrypted content to the client (user device).
Furthermore, a key for decrypting the encrypted content is provided only to the user who has performed the regular content purchase processing.
By performing such content provision processing, content usage control is to be realized.

  However, even if the above-described processing is performed, it is difficult to prevent a user who has performed regular content purchase processing from providing the content decryption key acquired from the server to others. Specifically, it may be assumed that a key acquired from a server is made public, for example, so that it can be used by an unspecified number of users. When such an action is performed, anyone can decrypt, play back, and use the encrypted content using the outflow key, and a situation occurs in which unauthorized use of the content spreads.

JP 2008-98765 A

  The present disclosure has been made in view of the above problems, for example, and an information processing apparatus that realizes a configuration that effectively prevents unauthorized use of content due to leakage of a key used for decryption of encrypted content, and information processing It is an object to provide a method and a program.

The first aspect of the present disclosure is:
A server that provides the host device with the first encrypted content including the encrypted area to which the replacement key is applied;
A host device that receives from the server the first encrypted content and replacement key application area information indicating an encryption area to which a replacement key is applied;
Receiving the replacement key from the server and the individual key set differently in units of content distribution processing from the server;
An information storage device that generates a token including encrypted key data obtained by encrypting the replacement key and the individual key, and outputs the generated token to the host device;
The host device is
Outputting the token to the information storage device, and outputting the replacement key application area of the first encrypted content to the information storage device;
The information storage device includes:
Executing a key change process for changing the replacement key application area to an encryption area with an individual key, and outputting encrypted area data with the individual key to the host device;
The host device is
Processing for recording in the data recording area of the information storage device the second encrypted content obtained by replacing the encrypted area data by the individual key input from the information storage device with the data in the replacement key application area of the first encrypted content Is in a content providing system that executes

  Furthermore, in an embodiment of the content providing system according to the present disclosure, the server applies a replacement key application area, which is an encryption area to which the replacement key is applied, and a content-corresponding title key to the first encrypted content. Providing the encrypted content mixed with the title key application area, which is the encrypted area, to the host device, and the information storage device stores the individual key received from the server and the title key in a storage unit, The replacement key is not held.

  Furthermore, in an embodiment of the content providing system according to the present disclosure, the information storage device includes encryption key data obtained by encrypting the replacement key and the individual key with a unique secret key of the information storage device, and the encryption key. A token in which a falsification verification value for data is set is generated, and the generated token is output to the host device.

  Furthermore, in one embodiment of the content providing system according to the present disclosure, the falsification verification value is a MAC (Message Authentication Code).

  Furthermore, in an embodiment of the content providing system according to the present disclosure, the host device refers to the replacement key application region information, and encrypts region data to which a replacement key is applied from the first encrypted content received from a server. Is extracted and output to the information storage device.

Furthermore, the second aspect of the present disclosure is:
Receiving a replacement key set as an encryption key for the first encrypted content provided by the server and an individual key set differently for each content distribution processing unit from the server;
Generating a token including encrypted key data obtained by encrypting the replacement key and the individual key, and outputting the generated token to a host device;
Input the token from the host device, obtain a replacement key and an individual key from the token,
Executing a key change process for changing the replacement key application area of the first encrypted content input from the host apparatus into an encryption area using an individual key, and outputting encrypted area data using the individual key to the host apparatus;
The information storage device stores content including encrypted area data by an individual key input from the host device in a storage unit.

  Furthermore, in an embodiment of the information storage device according to the present disclosure, the server includes a replacement key application area that is an encryption area to which the replacement key is applied, and a title key that is an encryption area to which a content-corresponding title key is applied. The configuration is such that encrypted contents having mixed application areas are provided to the host device, and the information storage device stores the individual key and the title key received from the server in a storage unit, and holds the replacement key It is a configuration that does not.

  Furthermore, in an embodiment of the information storage device of the present disclosure, the information storage device includes encryption key data obtained by encrypting the replacement key and the individual key with a unique secret key of the information storage device, and the encryption key. A token in which a falsification verification value for data is set is generated, and the generated token is output to the host device.

  Furthermore, in one embodiment of the information storage device according to the present disclosure, the falsification verification value is a MAC (Message Authentication Code).

Furthermore, the third aspect of the present disclosure is:
Receiving from the information storage device a token including the replacement key set as the encryption key for the first encrypted content provided by the server and the encryption key data of the individual key set differently for each information storage device;
Receiving the first encrypted content including the encrypted area to which the replacement key is applied and the replacement key application area information indicating the encrypted area to which the replacement key is applied from the server;
Outputting the token to the information storage device;
Referring to the replacement key application area information, extracting encrypted area data to which the replacement key is applied from the first encrypted content, and providing the extracted data to the information storage device;
From the information storage device, receiving the individual key encrypted data generated by the key change process using the individual key obtained from the token,
The information processing apparatus includes a data processing unit that generates the second encrypted content in which the received individual key encrypted data is set in the replacement key application area of the first encrypted content and stores the second encrypted content in the information storage device.

  Furthermore, in an embodiment of the information processing device according to the present disclosure, the token includes encryption key data obtained by encrypting the replacement key and the individual key with a unique secret key of an information storage device, and the encryption key data. This data includes a falsification verification value.

Furthermore, the fourth aspect of the present disclosure is:
An information processing method executed in an information storage device,
A replacement key set as an encryption key for the first encrypted content provided by the server and an individual key set differently for each information storage device are received from the server;
Generating a token including encrypted key data obtained by encrypting the replacement key and the individual key, and outputting the generated token to a host device;
Input the token from the host device, obtain a replacement key and an individual key from the token,
Executing a key change process for changing the replacement key application area of the first encrypted content input from the host apparatus into an encryption area using an individual key, and outputting encrypted area data using the individual key to the host apparatus;
An information processing method for storing content including encrypted area data by an individual key input from the host device in a storage unit.

Furthermore, the fifth aspect of the present disclosure is:
An information processing method executed in an information processing apparatus,
Receiving from the information storage device a token including the replacement key set as the encryption key for the first encrypted content provided by the server and the encryption key data of the individual key set differently for each information storage device;
Receiving the first encrypted content including the encrypted area to which the replacement key is applied and the replacement key application area information indicating the encrypted area to which the replacement key is applied from the server;
Outputting the token to the information storage device;
Referring to the replacement key application area information, extracting encrypted area data to which the replacement key is applied from the first encrypted content, and providing the extracted data to the information storage device;
From the information storage device, receiving the individual key encrypted data generated by the key change process using the individual key obtained from the token,
In the information processing method, the second encrypted content in which the received individual key encrypted data is set in the replacement key application area of the first encrypted content is generated and stored in the information storage device.

Furthermore, the sixth aspect of the present disclosure is:
A program for causing an information storage device to execute information processing;
A process of receiving a replacement key set as an encryption key for the first encrypted content provided by the server and an individual key set differently for each information storage device from the server;
Generating a token containing encrypted key data obtained by encrypting the replacement key and the individual key, and outputting the generated token to a host device;
A process of inputting the token from the host device and obtaining a replacement key and an individual key from the token;
Processing for changing the replacement key application area of the first encrypted content input from the host apparatus to an encryption area using an individual key and outputting encrypted area data using the individual key to the host apparatus When,
A program for executing a process of storing content including encrypted area data with an individual key input from the host device in a storage unit.

Furthermore, the seventh aspect of the present disclosure is:
A program for causing an information processing apparatus to execute information processing,
A process of receiving from the information storage device a token including a replacement key set as an encryption key for the first encrypted content provided by the server and encryption key data of an individual key set differently for each information storage device;
Processing to receive from the server the first encrypted content including the encrypted area to which the replacement key is applied, and replacement key application area information indicating the encrypted area to which the replacement key is applied;
Processing to output the token to the information storage device;
A process of referring to the replacement key application area information and extracting encrypted area data to which the replacement key is applied from the first encrypted content and providing the extracted data to the information storage device;
A process of receiving, from the information storage device, the individual key encrypted data generated by the key change process using the individual key acquired from the token;
In the program, the second encrypted content in which the received individual key encrypted data is set in the replacement key application area of the first encrypted content is generated and stored in the information storage device.

  Note that the program of the present disclosure is a program that can be provided by, for example, a storage medium or a communication medium provided in a computer-readable format to an information processing apparatus or a computer system that can execute various program codes. By providing such a program in a computer-readable format, processing corresponding to the program is realized on the information processing apparatus or the computer system.

  Other objects, features, and advantages of the present disclosure will become apparent from a more detailed description based on embodiments of the present disclosure described below and the accompanying drawings. In this specification, the system is a logical set configuration of a plurality of devices, and is not limited to one in which the devices of each configuration are in the same casing.

According to the configuration of an embodiment of the present disclosure, a configuration that prevents unauthorized use of content based on leakage of a content encryption key is realized.
Specifically, a key replacement process for decrypting the replacement key application area encrypted with the replacement key in the content received from the server and applying a different individual key to the information storage device or content distribution unit is performed. Execute and store the encrypted content after the key change. The information storage device generates a token obtained by encrypting the replacement key and the individual key, temporarily outputs the token to the host device, and receives the encrypted content and token encrypted with the replacement key from the host device. A replacement key and an individual key are obtained from the token, and a key change process for decrypting the encrypted content using the replacement key and encrypting it with the individual key is executed. The encrypted content after the key change becomes an encrypted content that is different for each client, and it is possible to identify the client from which the content or the individual key is leaked.

It is a figure explaining the outline | summary of a content provision process and a utilization process. It is a figure explaining the utilization form of the content recorded on the memory card. It is a figure explaining the basic structural example of the provision content with respect to the conventional general user, and data. It is a figure explaining the specific structural example of the storage area of a memory card. It is a figure explaining the data structural example of a server certificate. It is a figure explaining the specific example of the access process to the storage area of the memory card to which the device certificate is applied. It is a figure explaining the structural example of the provision content of the server according to one Example of this indication. It is a figure explaining the content provision sequence from the server according to one Example of this indication. It is a figure explaining the content provision sequence from the server according to one Example of this indication. It is a figure explaining the data storage example of the key data in the memory card which is a recording medium according to one Example of this indication, a content. It is a figure explaining the key change process sequence in the content storage process according to one Example of this indication. It is a figure explaining the key change process sequence in the content storage process according to one Example of this indication. It is a figure explaining the structural example of the provision data with respect to a client from a server. It is a figure explaining the example of data recorded on the management information in a server. It is a figure which shows the flowchart explaining the provision process sequence with respect to the client of the content in a server. It is a sequence diagram explaining a content playback sequence in the playback device. It is a figure explaining the hardware structural example of the information processing apparatus as a server and a client. It is a figure explaining the hardware structural example of a memory card.

Hereinafter, the details of the information processing apparatus, the information processing method, and the program of the present disclosure will be described with reference to the drawings. The description will be made according to the following items.
1. 1. Overview of content provision processing and usage processing 2. Conventional basic configuration example of contents and data provided to users 3. Configuration example of memory card as content recording medium 4. Content provided to client (user) according to the present disclosure 5. Content provision sequence for clients 6. Content playback processing in the client according to the present disclosure 7. Hardware configuration example of each device Summary of composition of this disclosure

    [1. Overview of content provision processing and usage processing]

  Hereinafter, the details of the information processing apparatus, the information processing method, and the program of the present disclosure will be described with reference to the drawings.

First, the outline of the content providing process and the usage process will be described with reference to FIG.
In FIG. 1, from the left
(A) Content provider (b) Content recording device (host)
(C) Content recording media These are shown.

  (C) A content recording medium is a medium on which a user records content and is used for content reproduction processing. FIG. 1 shows memory cards 31a and 31b having a recording unit made of, for example, a flash memory.

  The user records various contents such as music and movies on the memory card 31 for use. These contents are contents subject to usage control, such as copyright management contents. Only usage under specified usage conditions is allowed, and basically, random copy processing and unlimited distribution of copy data are prohibited. When content is recorded in the memory card 31, copy restriction information such as the allowable number of copies of the recorded content and usage control information (Usage Rule) that defines output restriction information to other devices are also recorded. There are many cases.

The (a) content provider shown in FIG. 1 is a provider of content such as music and movies whose usage is restricted. FIG. 1 shows a content server 11 and a content recording disk 12 such as a ROM disk on which content is recorded in advance.
The content server 11 is a server that provides content such as music and movies. The content recording disk 12 is a disk such as a ROM disk in which contents such as music and movies are recorded in advance.

  A user places (c) a content recording medium, for example, a memory card 31 shown in FIG. 1 in (b) a content recording device (host), and (b) connects to the content server 11 via the content recording device (host). Then, the content can be received (downloaded) and recorded in the memory card 31.

  The content server 11 performs processing according to a predetermined sequence in this download processing, and provides the client with information necessary for content reproduction such as key information applied to decryption of the encrypted content in addition to the encrypted content. . Furthermore, content-related information such as tokens that record usage control information for content, content ID and other content management information may be provided.

  In addition to the download process from the content server 11, the user can also copy the content from the content recording disk 12 shown in FIG. 1A and record it on the memory card 31 or the like, which is a content recording medium.

  For example, the user attaches the content recording disk 12 such as a ROM disk in which content is recorded in advance to the content recording device (host) in which the memory card 31 is installed, and the recorded content of the content recording disk 12 is stored in the memory card. Copy to 31. However, if this copy process is performed randomly, the copy content will increase without limit. In order to prevent such a situation, for example, in content copy processing from a medium on which encrypted content in accordance with the AACS (Advanced Access Content System) standard is recorded, processing according to a predetermined sequence by connecting to the content server 11 Is required. This copy process is called managed copy (MC). AACS defines various standards for protecting the copyright of content.

  When performing content copying according to managed copy (MC), the recording / playback device 22 as the content recording device (host) shown in FIG. 1B or the PC 23 is connected to the content server 11, and the content server 11 Then, the content management information such as the usage control information and token corresponding to the copy content and the key information applied to the decryption of the encrypted content is received and recorded on the copy destination medium.

The user can thus
Download content from the server, or
Content copying from a disc with recorded content,
In any of these forms, the content can be recorded on a content recording medium such as the memory card 31 shown in FIG.

As an apparatus for recording content on the user's media, as shown in FIG. 1 (b) content recording apparatus (host),
A public space that can be used by an unspecified number of users, for example, a shared terminal 21 installed in a station or convenience store,
Recording / reproducing device [CE (Consumer Electronics) device] 22 as a user device, PC 23,
There are these various devices.
These are all (c) devices that can be loaded with a memory card 31 as a content recording medium.
Further, in the case where these (b) content recording devices (hosts) are configured to execute download processing from the content server 11, it is necessary to include a communication unit that executes data transmission / reception processing via a network. In the case where the content recording disk 12 is used, it is necessary that the apparatus be capable of reproducing the disk.

As shown in FIG.
(A) Downloaded content from the content server 11 that is the content provider, or content recorded on the content recording disk 12 such as a ROM disk, (b) via a content recording device (host), (c) content recording medium Are recorded in the memory card 31.

A usage form of the content recorded in the memory card 31 will be described with reference to FIG.
The user records the memory card 31 on which the content is recorded, for example, with reference to FIG. 1B, (b) a recording / playback device (CE device) 22 or a PC 23 which is a user device as a content recording device (host). The content recorded on the memory card 31 is read and reproduced.

In many cases, these contents are recorded as encrypted contents, and a playback device such as a recording / playback device (CE device) 22 or a PC 23 executes decryption processing according to a predetermined sequence, and then plays back the content. I do.
Note that the device that plays back the content recorded on the memory card 31 is not limited to the content recording device (host) described with reference to FIG. 1B, but is another playback device (player). Also good. However, for example, it is necessary to be a device that can execute decryption processing of encrypted content according to a predefined sequence, that is, a device that stores a program that executes a predefined playback processing sequence. Details of the content reproduction sequence will be described later.

[2. Conventional basic configuration example of contents and data provided to users]
Next, a basic configuration example of contents and data provided to a conventional general user will be described with reference to FIG.

  The configuration shown in FIG. 3 is a basic configuration example of encrypted content in accordance with an AACS (Advanced Access Content System) standard recorded on, for example, a Blu-ray (registered trademark) disc. As described above, AACS defines various standards for protecting the copyright of content. As a typical encryption configuration of the AACS standard, there is a configuration in which content is divided into units and a different encryption key is applied to each unit. By adopting such an encryption configuration, it is possible to control the use of content in units, and strict and diverse content usage control is realized.

FIG. 3 shows the following data.
(A) Encrypted content (b) Encrypted format of each unit constituting encrypted content (c) Data provided to user (conventional)

The encrypted content in FIG. 3A is content such as a movie, for example, and corresponds to the configuration of content recorded on, for example, a BD (Blu-ray (registered trademark) disc).
As shown in FIG. 3A, the content is divided into units (units).
One unit is composed of 6144-byte data.

FIG. 3B shows an encryption format for each unit.
(B1) shows the unit 1 (Unit 1), and (bn) shows the encryption format for the unit n (Unitn).
Units 1 to n have a common configuration, that is,
16 byte seed (SEED),
6128-byte block data
have.

The seed is used as encryption key generation data, and the block is a data area encrypted with the encryption key generated by applying the seed.
Specifically, in each unit x (x = 1 to n), a title key (Kt) that is an encryption key corresponding to the content and a block key that is an encryption key for the block using the seed (SEEDx) of each unit (Kbx) is generated, and the block (Block_x) is encrypted with the generated block key (Kbx).
That is, in the example shown in the figure, blocks 1 to n of n units 1 to n are encrypted with different block keys (Kb1 to Kbn) generated using different seeds 1 to n, respectively. Become.
This is encrypted content having a configuration as shown in FIG. 3 (c1) encrypted content.

The block key (Kbx) is generated by the following arithmetic processing, for example.
Kbx = (AES_E (Kt, SEEDx)) (XOR) (SEEDx)
In the above formula,
AES_E (Kt, SEEDx) is an encryption process (AES Encryption) of seed x (SEEDx) using a title key,
(XOR) is an exclusive OR operation,
Is shown.
That is, the block key in each unit is the exclusive OR (XOR) of the data (AES_E (Kt, SEEDx)) obtained by encrypting the seed (SEEDx) of the unit x with the title key (Kt) and the seed (SEEDx). Calculated as the calculation result.

  The block (block x) of each unit is encrypted using the block key (Kbx) corresponding to the unit generated in this way.

In this way, encrypted content including a plurality of units having encrypted blocks to which different block keys are applied in units is provided to the user via a disc or a server.
FIG. 3C shows an example of data provided to the user. The data provided to the user includes the following data.
(C1) Encrypted content (c2) Title key (Kt)

(C1) Encrypted content is an encrypted content generated according to the above-described description, and is data in which encrypted blocks generated by a seed and a title key and applied with a block key are linked in units.
(C2) The title key (Kt) is a title key (Kt) corresponding to the content.

These (c1) encrypted content (c2) title key (Kt)
However, it has been recorded on a disc or provided to a user from a server in a conventional form of providing content.

When the decryption process of the encrypted content is performed, the user decrypts the block of each unit using the block key generated by generating the block key for each unit. That is, the above block key generation formula,
Kbx = (AES_E (Kt, SEEDx)) (XOR) (SEEDx)
Applying the above formula, the block key x (Kbx) of each unit x is generated using the title key (Kt) and the seed data (SEEDx) of each block, and the block is decrypted in units. To execute content playback.
The seed data is provided to the user as unencrypted plain text data.

But in this way,
(C1) Encrypted content (c2) Title key (Kt)
If you provide
Thereafter, if the user leaks the title key (Kt), for example, a user having an illegal copy content can decrypt the copy content, and content usage control becomes impossible.
In particular, in recent years, individuals have released a variety of information on the network. If a title key is released as one of such information, the title key is immediately available to anyone. End up. In such a case, content usage control is impossible.
In the present disclosure, in order to prevent such a situation, the configuration of data provided to the user is changed.

[3. Configuration example of memory card as content recording media]
Next, a configuration example of a memory card configured by a flash memory or the like used as a content recording destination will be described.

A specific configuration example of the storage area of the memory card 100 is shown in FIG.
As shown in FIG. 4, the storage area of the memory card 100 is
(A) Protected Area (Protected Area) 101,
(B) General Purpose Area 102,
It consists of these two areas.

  (B) A general purpose area (General Purpose Area) 102 is an area that can be freely accessed by a recording / playback apparatus used by a user, and records content, general content management data, and the like. This is an area where data can be freely written and read by the user.

On the other hand, (a) protected area 101 is an area where free access is not allowed.
For example, when data is to be written or read by a recording / playback device used by a user, a playback device, or a server connected via a network, etc., according to each device according to a program stored in the memory card 100 in advance. Thus, whether or not reading (Read) or writing (Write) is possible is determined.

  The memory card 100 includes a data processing unit for executing a program stored in advance and an authentication processing unit for executing authentication processing. The memory card 100 first writes or reads data to or from the memory card 100. The authentication process is performed with the device that intends to execute.

  At the stage of this authentication processing, a device certificate such as a public key certificate (for example, a server certificate (Server Cert)) is received from the counterpart device, that is, the access request device, and using the information described in the certificate, It is determined whether or not access to each of the protection areas (Protected Area) 101 is permitted. This determination processing is performed in units of division protection areas (areas # 0, # 1, # 2,..., Shown in the figure) in the protection area (Protected Area) 101 shown in FIG. Only processing permitted in the protected area is executed.

FIG. 5 shows an example of server certificate data of a server that is a device that performs data writing to the memory card. FIG. 5 is a diagram illustrating a data configuration example of a server certificate provided to the server by the certificate authority.
The server certificate (Server Certificate) is a server certificate issued to the server that the certificate authority has approved the content providing process, and is a certificate storing a server public key and the like. A server certificate (Server Certificate) is configured as data in which a signature is set by a certificate authority private key and tampering is prevented.

The server certificate (Server Certificate) includes the following data as shown in FIG.
(1) Type information (2) Server ID
(3) Server public key
(4) Read / write restriction information for media (PAD Read / PADWrite)
(5) Other information (6) Signature

Hereinafter, each data of said (1)-(6) is demonstrated.
(1) Type information The type information is information indicating a certificate type and a content server type. For example, data indicating that the certificate is a server certificate, or a server type, for example, a music content providing server. Or information indicating the type of server such as a movie content providing server.

(2) Server ID
The server ID is an area for recording a server ID as server identification information.
(3) Server public key
The server public key is a server public key. A key pair according to the public key cryptosystem is configured together with the server private key provided to the server.

(4) Read / write restriction information for media (PAD Read / PADWrite)
The read / write restriction information (PAD Read / PADWrite) with respect to the medium is the data reading in the protected area (PDA: Protected Area) 101 set in the storage area of the medium on which the content is recorded, for example, the memory card 100 shown in FIG. (Read) and information on the division protection area in which writing (Write) is allowed are recorded.

  The memory card refers to, for example, the recording field of the server certificate shown in FIG. 5 that is received from the server at the stage of authentication processing, for example, a partitioned area (Protected Area) 101 shown in FIG. In this case, a write / read permission determination process is performed in units of areas # 0, # 1, # 2...), And only the processes permitted in the permitted partitioned areas are allowed to be executed.

As shown in FIG. 5, the server certificate (Server Cert) records [(5) Other information] in addition to the above-mentioned data, and further, for each data of (1) to (5) (6) Signature (Signature) generated by the private key of the certificate authority is recorded. This signature realizes a tamper-proof configuration.
When a server certificate (Server Cert) is used, signature verification is performed, and the validity of the server certificate (Server Cert) is confirmed before use. Signature verification is executed using the public key of the certificate authority.

  A device other than the server that makes an access request to the protected area of the memory card, for example, a recording device, a playback device, etc. also stores the host public key, and read / write restriction information (PAD Read / PADWrite) for the medium shown in FIG. Is stored, and this host certificate is presented on the memory card.

  The memory card verifies the signature of the certificate presented by the device making the access request, confirms the validity of the certificate, and refers to the record of read / write restriction information (PAD Read / PADWrite) in the certificate. Then, a write / read permission determination process is performed in units of the divided protection areas (areas # 0, # 1, # 2,..., Shown in the figure) in the protection area (Protected Area) 101 shown in FIG. Only the processing permitted in the category protection area is allowed.

  As described above, the read / write restriction information (PAD Read / PADWrite) with respect to the medium is set, for example, in units of devices to be accessed, for example, content servers or recording / playback devices (hosts). These pieces of information are recorded in a server certificate (Server Cert) or a host certificate (Host Cert) corresponding to each device.

  The memory card 100 verifies the recorded data of the server certificate (Server Cert) and the host certificate (Host Cert) according to a prescribed program stored in the memory card 100 in advance, and only the area where access is permitted. Perform processing that allows access.

  With reference to FIG. 6, an example of setting access restrictions when the access requesting device for the memory card is a server and when it is a host device such as a recording / reproducing device will be described.

FIG. 6 shows, from the left, the server 120, the host device 140, and the memory card 100, which are access request devices for the memory card.
The server 120 is a server that executes, for example, content providing processing and encryption key writing processing applied to content decryption.
The host device 140 is a device that performs reproduction processing of content stored in the memory card 100, and is a device that needs to acquire an encryption key recorded on the memory card for content decryption processing.

The memory card 100 has a protected area (Protected Area) 101 and a general-purpose area (General Purpose Area) 102, and encrypted content and the like are recorded in the general-purpose area (General Purpose Area) 102.
The encryption key applied to decrypting the encrypted content is recorded in a protected area 101. The encryption key recorded in the protected area 101 includes, for example, an individual key (Kind) that is different for each content recording process. The use process of the individual key (Kind) will be described in detail later.

As described above with reference to FIG. 4, the protected area 101 is divided into a plurality of areas.
In the example shown in FIG.
Protected area # 0 (Protected Area # 0) 110,
Protected area # 1 (Protected Area # 1) 111,
Protected area # 2 (Protected Area # 2) 112,
An example having these three protection areas is shown.

  The memory card 100 receives a device certificate (for example, a server certificate (Server Certificate)) such as a public key certificate from the counterpart device, that is, the access requesting device, at the stage of authentication processing with the access requesting device. Using the described information, it is determined whether or not access to each protection area of the protection area (Protected Area) 101 is permitted. As a result of this determination processing, only the processing permitted in the permitted protection area is executed.

For example, the write-permitted area information (PAD Write) recorded in the server certificate (Server Certificate) of the server is configured as a certificate in which write permission for the protected area # 1 (Protected Area # 1) 111 is set. Is done. That is, as shown in the figure
Read allowable area: # 1
Write (write) allowable area: # 1
This is the configuration.
Note that, in the example shown in the figure, for a protection area where writing is permitted, reading is also set as being permitted.

Further, for example, the host certificate (Host Certificate) held by the host device 140 which is a playback device that reads the encryption key recorded in the protected area # 1 (Protected Area # 1) 111 and executes content playback is the protected area # 1. 1 (Protected Area # 1) 111 for which only read permission is set, that is, as shown in the figure,
Read allowable area: # 0, 1
Write (write) allowable area: # 0
This is the configuration.

In the host certificate (Host Certificate), the write permission for the protected area # 1 (Protected Area # 1) 111 is not set.
However, since the encryption key corresponding to the deleted content can be deleted when the content is deleted, the deletion process may be permitted.

The protected area # 2 (Protected Area # 2) 112 is set as an area in which neither the server nor the host is allowed access, that is, an external access prohibited area.
That is, the protected area # 2 (Protected Area # 2) 112 is set as an area that the data processing unit in the memory card 100 accesses (data writing and reading) only when data processing inside the memory card 100 is executed. Is done.

  As described above, the data processing unit of the memory card determines whether or not to permit data writing and data reading from the access requesting device to the protected area (Protected Area) 101 based on the device certificate.

[4. Content provided to clients (users) according to this disclosure]
With reference to FIG. 7, a configuration of content provided to a user according to an embodiment of the present disclosure will be described.

FIG. 7 is a diagram for explaining a data configuration example of content provided by the server 120 to a client as a user device.
In FIG.
(A) Content before encryption (B) Content provided from server These contents are shown.
The content provided to the client is [(B) provided content from server].

For example, the server 120 performs a predetermined encryption process on [(A) content before encryption] that is plaintext content to generate [(B) content provided from the server].
[(B) Server-provided content]
Encryption area to which the title key Kt is applied Encryption area to which the replacement key Ka is applied A configuration in which these two encryption areas are mixed.

The server 120 executes an encryption process applying the title key Kt in units of a predetermined area and an encryption process applying the replacement key Ka to [(A) content before encryption] which is plaintext content. , [(B) Provided content from server] is generated.
Note that the encryption process to which the title key is applied is executed, for example, as the same encryption process as described above with reference to FIG. The encryption process using the replacement key Ka is executed as the encryption process described with reference to FIG. 3 by applying the replacement key Ka instead of the title key.

  The server includes a mixture of encryption areas to which two different keys, an encryption area to which the title key Kt shown in FIG. 7B is applied and an encryption area to which the replacement key Ka is applied, are applied. Provided encrypted content.

On the client side, the encrypted content shown in [(B) provided content from server] is not recorded on the memory card as it is.
A process in which the data processing unit in the memory card decrypts the encrypted area to which the replacement key Ka included in the [(B) server-provided content] is applied, and replaces it with encrypted data using the individual key Kind described later. To record on the memory card. This process will be described later.

Note that the encryption area to which the title key Kt shown in [(B) content provided from the server] in FIG. 7 and the encryption area to which the replacement key Ka is applied can be freely set. As an example, it is preferable that the area encrypted with the replacement key Ka is set to include an important scene (highlight scene) of the content.
For example, in the case of content set as MPEG data, the area encrypted with the replacement key Ka may be set to include an I picture that is important data in the MPEG data or a part of the I picture. preferable.

Next, a content providing sequence from the server 120 to the client will be described with reference to FIG.
In FIG. 8, from the left
(1) a server 120 that executes content providing processing;
(2) a host device 140 that receives the content provided by the server 120 and records it on the memory card 100;
(3) a memory card 100 that is attached to the host device 140 and records encrypted content and key data;
These are shown.
Both the host 140 and the memory card 100 have a data processing unit and a communication unit including a processor that can execute data processing including authentication processing and encryption processing.

The server 120 encrypts the content shown in FIG.
An encryption area to which the title key Kt is applied,
An encryption area to which the replacement key Ka is applied,
It is assumed that the content in which these two encrypted areas are mixed is stored in the database, and the title key Kt and the replacement key Ka are also held in the database.

[5. Content provision sequence for clients]
The content providing sequence from the server 120 to the client will be described with reference to the sequence diagrams shown in FIGS.
First, in step S11, mutual authentication processing and session key (Ks) sharing processing as a shared secret key are executed between the server 120 and the memory card 100 mounted on the host device 140.

  For example, according to the public key cryptosystem, mutual authentication processing including exchange processing of both public key certificates is performed. The server 120 holds a server certificate (Server Certificate) storing a public key issued by a certificate authority and a secret key. The memory card 100 also receives a public key certificate / private key pair from the certificate authority in advance and stores it in its own storage unit.

  The memory card stores a mutual authentication process and a program for determining whether or not the protected area (Protected Area) described above with reference to FIG. 4 and the like can be accessed, and has a data processing unit for executing these programs.

  When mutual authentication is established between the content server 120 and the memory card 100 and both are validated, the server 120 provides various data to the memory card 100. When mutual authentication is not established, data providing processing from the server 120 is not performed.

After the mutual authentication is established, the server 120 generates an individual key Kind in step S12.
The individual key Kind is an individual key for a content distribution unit generated for each content distribution processing unit, and is an individual key that is different for each client, specifically, an information storage device (memory card) or a host device. For example, even when the same content is distributed to a plurality of clients, the individual key Kind is set as a different key for each client.
The generation of the individual key Kind executed by the server in step S12 is performed using, for example, a random number generation device or the like, and sequentially generates an individual key having a new data configuration.

In step S13, the server 120 generates the
Individual key Kind,
Applied as the encryption key of the encrypted content described with reference to FIG.
Replacement key: Ka,
These two keys are transmitted to the memory card 100.

At the time of transmission, these key data are encrypted with the session key: Ks and transmitted. That is,
Enc (Ks, Ka || Kind)
This encrypted data is transmitted.
Enc (a, b) indicates that the data b is data encrypted with the key a.
(A || b) means concatenated data with data a and b.

In step S14, the memory card 100 receives data received from the server 120,
Enc (Ks, Ka || Kind)
Decrypt this encrypted data by applying the session key: Ks,
Replacement key: Ka,
Individual key Kind,
Get these two keys.

Next, in step S15, the memory card 100 acquires the obtained two keys, that is,
Replacement key: Ka,
Individual key Kind,
These two keys
Encryption is performed by applying a unique key of the memory card, for example, a media key (Km) which is a secret key of the memory card, and encryption key data, that is,
Enc (Km, Ka || Kind)
This encryption key data is generated.
further,
A falsification verification value, for example, a MAC (Message Authentication Code) is generated for the encryption key data. The MAC is generated by applying a media key (Km) that is a secret key of a memory card, for example. That is,
MAC by Km
This falsification verification value is generated.

The memory card 100 generates a token (Transscript Token) composed of these encryption key data and a falsification verification value (MAC).
That is, the token is data composed of the following data.
Enc (Km, Ka || Kind)
MAC by Km
In step S15, the memory card generates a token (Transscript Token) constituted by these data.

  The falsification verification value set in the token is not limited to the MAC, but may be a digital signature using a media key (Km) that is a secret key of the memory card, for example. Alternatively, a hash value of encryption key data: Enc (Km, Ka || Kind) may be set.

In step S16, the memory card 100 outputs the generated token to the host device 140.
In step S17, the host device 140 stores the token received from the memory card 100 in the memory.

Next, in step S18, the server 120
Title key: Kt
Individual key: Kind.
These keys are recorded in a protected area (Protected area) of the memory card 100.

Further, in step S19, the server 120 applies to the host device 140, application area information of the replacement key Ka in the encrypted content in which the title key and the encryption area of the replacement key Ka shown in FIG. I will provide a.
Specifically, for example, for each Ka application area in the content shown in FIG.
(1) Offset information from the beginning of the content,
(2) The size of each Ka application area,
A list including the information (1) and (2) is provided to the host device 140 as replacement key application area information.

  Next, the process proceeds to the process shown in FIG. The processing of steps S21 to S27 shown in FIG. 9 is content download recording processing, and is repeatedly executed until the downloading and recording of all the content is completed.

  In step S <b> 21, the server 120 provides the host device 140 with encrypted content in which the title key and replacement key Ka encryption areas shown in FIG. 7B are mixed.

In step S22, the host device 140 outputs the token received from the memory card 100 in step S16 of FIG. The token is data composed of the following data.
Enc (Km, Ka || Kind)
MAC by Km

  As a premise for starting the processing in step S22, mutual authentication processing is executed between the host device 140 and the memory card 100, and the validity of both devices is confirmed. In other words, mutual authentication is assumed. If mutual authentication has not been established, the processing after step S22 is not executed.

In step S23, the memory card executes verification of the falsification verification value (MAC by Km) of the token constituted by the data. The verification process is executed by applying a media key (Km) that is a secret key of the memory card.
When the verification confirms that the token is a legitimate token that has not been tampered with, the encryption key data included in the token, that is,
Enc (Km, Ka || Kind)
A decryption process using a media key (Km) is performed on the encryption key data,
Replacement key: Ka,
Individual key Kind,
Get these two keys.

  In step S24, the host device 140 refers to the replacement key application area information (list) received from the server 120 in previous step S18, and replaces the received encrypted content, that is, the title key shown in FIG. 7B. Only the replacement key application area data (replacement key: encrypted content with Ka) is selected from the encrypted contents in which the encrypted areas of the key Ka are mixed and transmitted to the memory card 100.

In step S25, the memory card 100 receives the replacement key application area data (replacement key: encrypted content by Ka) received from the host device 140.
Decrypting by applying the replacement key: Ka obtained from the token in the previous step S23,
In step S23, encryption is performed by applying the individual key: Kind acquired from the token.
That is, a key replacement process is executed.

In step S <b> 26, the memory card 100 provides the host device 140 with data encrypted with the individual key: Kind.
In step S27, the host device 140 places the encrypted data received from the memory card 100 using the individual key: Kind at the original content position, that is, the position where the encrypted data using the replacement key: Ka is set.
That is, an encrypted content including an encryption area with the title key: Kt and an encryption area with the individual key: Kind is generated and recorded in the general-purpose area of the memory card 100. Furthermore, the replacement key application area information (list) is also recorded in the general-purpose area of the memory card 100.
These processes in steps S21 to S27 are repeatedly executed until the content download from the server 120 is completed.

FIG. 10 shows an example of data recorded on the memory card 100 as a result of these processes. As shown in FIG. 10, the following data is recorded on the memory card 100.
(1) Title key: Kt and individual key: Kind
These key data are recorded in a protected area # 1 (Protected area # 1) 111 which is an access-permitted area from the host device 140 set in the protected area 101 in the memory card 100.
(2) Encrypted content (title key: Kt and individual key: mixed content of encrypted data using Kind) is recorded in a general-purpose area accessible from an external device.
(3) Replacement key: A list (area consisting of an area identification offset and a data size) that is an area information of an encryption area by Ka (= individual key: Kind encryption area) is a general-purpose area accessible from an external device To be recorded.
As shown in FIG. 10, each of these data is recorded in each area of the memory card 100.

  A processing sequence executed between the host device 140 and the memory card 100 in the content recording processing described with reference to the sequence diagrams of FIGS. 8 and 9 will be described with reference to FIGS.

  11 and 12 are diagrams for explaining a detailed sequence of the key change process. That is, it is a process of replacing only the replacement key Ka application area with the encrypted data of the individual key Kind for the content encrypted with the two keys of the title key Kt and the replacement key Ka received from the server 120.

Key data (replacement key: Ka, individual key: Kind) is provided from the server 120 to the memory card 100, and the memory card stores these two key data (replacement key: Ka, individual key: Kind). That is,
Enc (Km, Ka || Kind)
MAC by Km
It is assumed that a token storing these data has been generated and provided to the host device 140.

  As a premise for starting the processing shown in FIGS. 11 and 12, mutual authentication processing is executed between the host device 140 and the memory card 100, and the validity of both devices is confirmed. In other words, mutual authentication is assumed. When mutual authentication is not established, the processes in FIGS. 11 and 12 are not executed.

First, in step S <b> 51, the host device 140 outputs the token received from the memory card 100 in advance to the memory card 100.
Next, the memory card 100 executes verification of the falsification verification value (MAC by Km) of the token. The verification process is executed by applying a media key (Km) that is a secret key of the memory card.
When the verification confirms that the token is a legitimate token that has not been tampered with, the encryption key data included in the token, that is,
Enc (Km, Ka || Kind)
A decryption process using a media key (Km) is performed on the encryption key data,
Replacement key: Ka,
Individual key Kind,
Get these two keys.

  Next, in step S <b> 53, the host device 140 uses the replacement key application area information (offset and data size list) received from the server 120 to encrypt using the replacement key Ka in the encrypted content received from the server 120. In step S54, the selected data is provided to the memory card 100.

In step S55, the memory card 100 executes a process for decrypting the encrypted data using the replacement key Ka received from the host device 140.
That is, decryption is performed by applying the replacement key: Ka obtained by decrypting the token in step S52.

Next, in step S56, the memory card 100 executes an encryption process using the individual key: Kind on the decrypted data.
That is, the data processing unit of the memory card 100 executes an encryption process using the individual key: Kind acquired by decrypting the token in step S52.

  In the memory card 100, data subjected to key replacement by the encryption process using the individual key: Kind is transmitted to the host device 140 in step S57 shown in FIG.

  In step S58, the host device 140 places the encrypted data received from the memory card 100 using the individual key: Kind at the original content position, that is, the position where the encrypted data using the replacement key: Ka is set.

Thereafter, in step S59, the host device 140, the encrypted content including the encryption area with the title key: Kt, the encryption area with the individual key: Kind, and the replacement key application area information (list) [= individual key application area Information] is recorded in the general-purpose area of the memory card 100.
As a result, each data described with reference to FIG. 10 is recorded in each area in the memory card 100.

A setting example of data provided by the server 120 to each client will be described with reference to FIG.
As shown in FIG. 13, the server 120 sends (A) common data to each of the clients 181 and 182.
(B) Individual data,
Provide each.
Although only two clients 1, 181 and 2, 182 are shown in the figure, there are many other clients, and common data is data set as common data for all clients. The individual data is different for each client.

(A) Common data includes
(A1) Encrypted content (title key: Kt and individual key: mixed content of encrypted data by Kind),
(A2) Title key: Kt
(A3) Replacement key: Ka,
(A4) Replacement key: Encrypted area information by Ka (for example, a list comprising an area identification offset and a data size)
These data are included.

On the other hand, as (B) individual data different for each client,
(B1) Individual key: Kind
Is provided.

  Even when the same content to which the same title key: Kind and replacement key: Ka are applied is provided to a plurality of clients 1, 2,. : Kt, and different encrypted contents encrypted with an individual key: Kind that is different for each client are recorded.

  Therefore, for example, even if the title key is leaked and can be used by an unspecified number of users, the individual key is different data for each client (distributed content unit). Unless it becomes available, unauthorized use of content will not spread.

  In addition, since the individual key is managed by the server together with the distribution destination information, if an individual key or encryption seed that has been spread illegally is discovered, it becomes possible to specify the distribution destination of the individual key. .

FIG. 14 shows a data configuration example of management information held in the storage means of the server.
As shown in FIG. 14, the management information includes
Unique ID corresponding to the distribution content,
Distribution content information,
Individual key (Kind) information Distribution destination information,
Delivery user information,
Delivery date and time information,
For example, such information is included.

The distribution destination information may be set to register the host device 140 and the memory card (recording medium) 100 individually. Alternatively, only one of the settings may be registered.
In the individual key (Kind) information, different data is recorded for all entries. In addition, when the user of a delivery destination is the same, it is good also as a structure which uses the same individual key. In this case, the individual key is set as a different key for each distribution destination user, not for each distribution processing unit.
Even in this case, if there is an illegal data outflow, the user as the outflow source can be specified by collating individual keys.
The example of the management information shown in FIG. 14 is an example, and all of the information is not essential, and information other than these information may be held as management information.

Thus, in the configuration of the present disclosure, a server that performs content distribution processing is
As common data for each client,
Encrypted content having an encryption area with title key: Kt and replacement key: Ka is provided, and an individual key (Kind) that is different for each content distribution unit is generated and provided to a memory card as an information storage device.
On the memory card side, the encrypted area with the replacement key: Ka in the encrypted content is replaced with the encrypted data with the individual key: Kind, and then stored in the memory card.

With this setting, the decryption process of the encrypted content stored in the memory card must be
Title key: Kt
Individual key: Kind,
These two types of keys are required.

That is, even if the title key: Kt is leaked, the content cannot be completely decrypted.
If both the title key: Kt and the individual key: Kind are leaked, the leaking client can be specified based on the management data shown in FIG.

Next, the content and key provision processing sequence executed by the server 120 will be described with reference to the flowchart shown in FIG.
In step S201, encrypted content having encrypted areas of two types of keys (title key and replacement key) is generated or acquired. This is the encrypted content described above with reference to FIG.

  Next, in step S202, a client-specific individual key: Kind is generated for content distribution processing.

Next, in step S203, the individual key: Kind, the title key: Kt, and the replacement key: Ka are transmitted to the recording medium (memory card). As a premise of these data transmission processes, it is premised that mutual authentication between the server and the recording medium (memory card) is established and the session key: Ks is shared.
The transmission key data is transmitted as encrypted data to which the session key: Ks is applied.

Next, in step S204, encrypted content having encrypted areas of two types of keys (title key and replacement key) is transmitted to the recording device (host device).
Next, in step S205, management data in which the individual key is associated with the client (recording device / recording medium) information providing the content is generated and registered in the database in the server 120.

[6. Content playback processing in the client according to the present disclosure]
Next, refer to the sequence diagram shown in FIG. 16 for the playback sequence of the encrypted content stored in the memory card, that is, the encrypted content set as mixed data of the encrypted data with the title key: Kt and the individual key: Kind. To explain.
In FIG. 16, from the left
(1) A memory card 100 that is attached to a host device 140 that executes content reproduction processing and stores encrypted content and key data;
(2) a host device 140 that executes content reproduction processing;
These are shown.

  A media card 100 as a recording medium corresponds to the memory card 100 described with reference to FIGS. 4 and 6 and the like, and includes a protected area (Protected Area) in which access is restricted according to the device, and a general-purpose without access restriction. It has a region (General Purpose Area).

Note that the playback device that executes the content playback processing may be the same device as the host device 140 that executed the content recording processing in the description of the sequence diagrams of FIGS. For example, a device dedicated to reproduction processing may be used. However, it is necessary that the device is capable of reading data from the memory card 100 that is a recording device that records content.
In the sequence diagram shown in FIG. 16, description will be made assuming that the apparatus that executes content reproduction is the same host device 140 as the recording device.

Processing in each step of the sequence diagram shown in FIG. 16 will be described.
In step S301,
A mutual authentication process and a session key: Ks sharing process are executed between the memory card 100 on which the content is recorded and the host device 140 that executes the content reproduction.
This process is the same as the mutual authentication and key sharing process between the server 120 and the memory card 100 described above as the process of step S11 of FIG.

  For example, according to the public key cryptosystem, mutual authentication processing including exchange processing of both public key certificates is performed. The host device 140 holds a host certificate (Host Certificate) storing a public key having a data configuration similar to that of the server certificate described with reference to FIG. The memory card 100 also receives a public key certificate / private key pair from the certificate authority in advance and stores it in its own storage unit.

  The memory card stores a mutual authentication process and a program for determining whether or not the protected area (Protected Area) described above with reference to FIG. 4 and the like can be accessed, and has a data processing unit for executing these programs.

  When mutual authentication is established between the memory card 100 and the host device 140 and both are validated, the process proceeds to step S302. If mutual authentication is not established, the processing from step S302 is not executed.

In step S302, the host device 140 outputs a read request for the title key: Kt and the individual key: Kind stored in the protected area # 1 (Protected Area # 1) to the memory card 100.
Here, it is assumed that the protected area # 1 of the memory card 100 is an area that is allowed to be accessed by the host device 140 as described with reference to FIG.

In step S303, the memory card 100 executes access right confirmation processing for the protection area # 1 of the host device 104. As described above with reference to FIG. 6, the host certificate (Host Certificate) held by the host device 140 that is a playback device that executes content playback is stored in the protected area # 1 (Protected Area # 1) 111. A certificate with only read permission, ie, as shown in FIG.
Read allowable area: # 0, 1
Write (write) allowable area: # 0
It is configured with such settings.
The memory card 100 confirms that the host device 140 is a device having an access right to the protection area # 1 based on the host certificate obtained from the difference in mutual authentication processing.
If the access right is not confirmed, the processing from step S304 onward is not executed.

  If it is confirmed in step S303 that the host device 140 is a device having an access right to the protected area # 1, the process proceeds to step S304.

  In step S304, the memory card 100 encrypts the title key: Kt and the individual key: Kind stored in the protected area # 1 (Protected Area # 1) of the memory card 100 with the session key: Ks and stores the encrypted key in the host device 140. Output.

  In step S305, the host device 140 receives the encryption key data received from the memory card, executes a decryption process using the session key: Ks, and acquires the title key: Kt and the individual key: Kind.

  In step S306, the memory card 100 stores the list as replacement key application area information stored in the general-purpose area of the memory card, that is, in the content encrypted by the title key: Kt and the replacement key: Ka received from the server. A list indicating the replacement key application area is provided to the host device 140.

Note that the replacement key application area of the encrypted content stored in the general-purpose area of the memory card 100 is replaced with the individual key application area.
In addition, the list includes, for example, information indicating a value indicating an offset from the top of the content and each region size for each replacement key application region (= individual key application region) in the content.

  In step S307, the host device 140 reads the encrypted content from the general-purpose area of the memory card 100. This encrypted content is an encrypted content in which an encryption area with a title key: Kt and an individual key: Kind is mixed.

In step S308, the host device 140 reproduces the encrypted content read from the memory card 100 by applying the title key: Kt and the individual key: Kind acquired in the processing of the previous step SZ305. .
Note that whether to perform decryption processing using the title key: Kt or the individual key: Kind is determined as replacement key application area information (= individual key application area information) read from the memory card 100 in step S306. Refer to the list.

[7. About hardware configuration example of each device]
Finally, an example of the hardware configuration of each device that executes the above-described processing will be described with reference to FIG.
First, a hardware configuration example of an information recording apparatus and an information reproducing apparatus as a server that executes a content providing process and a client that performs a data recording and reproducing process with a memory card attached will be described with reference to FIG. .

  A CPU (Central Processing Unit) 701 functions as a data processing unit that executes various processes according to a program stored in a ROM (Read Only Memory) 702 or a storage unit 708. For example, communication processing between server clients described in the above embodiments, recording processing of received data on a memory card (removable medium 711 in the figure), data reproduction processing from a memory card (removable medium 711 in the figure), and the like Execute. A RAM (Random Access Memory) 703 appropriately stores programs executed by the CPU 701, data, and the like. The CPU 701, ROM 702, and RAM 703 are connected to each other via a bus 704.

  The CPU 701 is connected to an input / output interface 705 via a bus 704. The input / output interface 705 is connected to an input unit 706 including various switches, a keyboard, a mouse, and a microphone, and an output unit 707 including a display and a speaker. Yes. The CPU 701 executes various processes in response to commands input from the input unit 706 and outputs the processing results to the output unit 707, for example.

  The storage unit 708 connected to the input / output interface 705 includes, for example, a hard disk and stores programs executed by the CPU 701 and various data. A communication unit 709 communicates with an external device via a network such as the Internet or a local area network.

  A drive 710 connected to the input / output interface 705 drives a removable medium 711 such as a magnetic disk, an optical disk, a magneto-optical disk, or a semiconductor memory, and acquires various data such as recorded contents, key information, and programs. To do. For example, data processing according to the acquired program, data processing executed by the CPU using content or key data, key generation, content encryption, recording processing, decryption, playback processing, etc. are performed according to the recording / playback program. Is called.

FIG. 18 shows a hardware configuration example of the memory card.
A CPU (Central Processing Unit) 801 functions as a data processing unit that executes various processes according to a program stored in a ROM (Read Only Memory) 802 or a storage unit 807. For example, communication processing with a host device such as a server, a recording device, and a playback device described in each of the above embodiments, processing for writing and reading data in the storage unit 807, and the divided region unit of the protection region 811 of the storage unit 807 The access permission determination process, the key change process, and the like are executed. A RAM (Random Access Memory) 803 appropriately stores programs executed by the CPU 801, data, and the like. These CPU 801, ROM 802, and RAM 803 are connected to each other by a bus 804.

  The CPU 801 is connected to an input / output interface 805 via a bus 804, and a communication unit 806 and a storage unit 807 are connected to the input / output interface 805.

  A communication unit 804 connected to the input / output interface 805 executes communication with, for example, a server and a host device. The storage unit 807 is a data storage area, and has a protected area 811 with restricted access (Protected Aea) 811 and a general-purpose area 812 that can freely read and write data as described above.

[8. Summary of composition of the present disclosure]
As described above, the embodiments of the present disclosure have been described in detail with reference to specific embodiments. However, it is obvious that those skilled in the art can make modifications and substitutions of the embodiments without departing from the gist of the present disclosure. In other words, the present invention has been disclosed in the form of exemplification, and should not be interpreted in a limited manner. In order to determine the gist of the present disclosure, the claims should be taken into consideration.

The technology disclosed in this specification can take the following configurations.
(1) a server that provides a first encrypted content including an encrypted area to which a replacement key is applied to a host device;
A host device that receives from the server the first encrypted content and replacement key application area information indicating an encryption area to which a replacement key is applied;
Receiving the replacement key from the server and the individual key set differently in units of content distribution processing from the server;
An information storage device that generates a token including encrypted key data obtained by encrypting the replacement key and the individual key, and outputs the generated token to the host device;
The host device is
Outputting the token to the information storage device, and outputting the replacement key application area of the first encrypted content to the information storage device;
The information storage device includes:
Executing a key change process for changing the replacement key application area to an encryption area with an individual key, and outputting encrypted area data with the individual key to the host device;
The host device is
Processing for recording in the data recording area of the information storage device the second encrypted content obtained by replacing the encrypted area data by the individual key input from the information storage device with the data in the replacement key application area of the first encrypted content Content providing system that executes

(2) The server includes a replacement key application area that is an encryption area to which the replacement key is applied and a title key application area that is an encryption area to which a content-corresponding title key is applied to the first encrypted content. The mixed encrypted content is provided to the host device, and the information storage device stores the individual key and the title key received from the server in a storage unit, and does not hold the replacement key. The content providing system according to 1).
(3) The information storage device generates a token in which the replacement key and the individual key are encrypted with the unique secret key of the information storage device, and a falsification verification value for the encryption key data is set. Then, the content providing system according to (1) or (2) in which the generated token is output to the host device.
(4) The content provision system according to (3), wherein the falsification verification value is a MAC (Message Authentication Code).
(5) The host device refers to the replacement key application region information, extracts encrypted region data to which the replacement key is applied from the first encrypted content received from the server, and outputs the encrypted region data to the information storage device The content providing system according to any one of all periods (1) to (4).

(6) receiving a replacement key set as an encryption key for the first encrypted content provided by the server and an individual key set differently in units of content distribution processing from the server;
Generating a token including encrypted key data obtained by encrypting the replacement key and the individual key, and outputting the generated token to a host device;
Input the token from the host device, obtain a replacement key and an individual key from the token,
Executing a key change process for changing the replacement key application area of the first encrypted content input from the host apparatus into an encryption area using an individual key, and outputting encrypted area data using the individual key to the host apparatus;
An information storage device that stores, in a storage unit, content including encrypted area data based on an individual key input from the host device.

(7) The server receives encrypted content in which a replacement key application region that is an encryption region to which the replacement key is applied and a title key application region that is an encryption region to which a content-corresponding title key is mixed. The information storage device according to (6), wherein the information storage device stores the individual key received from the server and the title key in a storage unit, and does not hold the replacement key. Information storage device.
(8) The information storage device generates a token in which encryption key data obtained by encrypting the replacement key and the individual key with a unique secret key of the information storage device and a falsification verification value for the encryption key data are set. The information storage device according to (6) or (7), wherein the generated token is output to the host device.
(9) The information storage device according to (8), wherein the falsification verification value is a MAC (Message Authentication Code).

(10) A token including the replacement key set as the encryption key for the first encrypted content provided by the server and the encryption key data of the individual key set differently for each information storage device is received from the information storage device. ,
Receiving the first encrypted content including the encrypted area to which the replacement key is applied and the replacement key application area information indicating the encrypted area to which the replacement key is applied from the server;
Outputting the token to the information storage device;
Referring to the replacement key application area information, extracting encrypted area data to which the replacement key is applied from the first encrypted content, and providing the extracted data to the information storage device;
From the information storage device, receiving the individual key encrypted data generated by the key change process using the individual key obtained from the token,
An information processing apparatus comprising: a data processing unit that generates second encrypted content in which the received individual key encrypted data is set in a replacement key application area of the first encrypted content, and stores the second encrypted content in the information storage device.

  (11) The token is data including encryption key data obtained by encrypting the replacement key and the individual key with a unique secret key of an information storage device, and a falsification verification value for the encryption key data. ).

  Furthermore, the configuration of the present disclosure includes a method of processing executed in the above-described apparatus and system, and a program for executing the processing.

  The series of processing described in the specification can be executed by hardware, software, or a combined configuration of both. When executing processing by software, the program recording the processing sequence is installed in a memory in a computer incorporated in dedicated hardware and executed, or the program is executed on a general-purpose computer capable of executing various processing. It can be installed and run. For example, the program can be recorded in advance on a recording medium. In addition to being installed on a computer from a recording medium, the program can be received via a network such as a LAN (Local Area Network) or the Internet and can be installed on a recording medium such as a built-in hard disk.

  Note that the various processes described in the specification are not only executed in time series according to the description, but may be executed in parallel or individually according to the processing capability of the apparatus that executes the processes or as necessary. Further, in this specification, the system is a logical set configuration of a plurality of devices, and the devices of each configuration are not limited to being in the same casing.

As described above, according to the configuration of an embodiment of the present disclosure, a configuration that prevents unauthorized use of content based on leakage of a content encryption key is realized.
Specifically, a key replacement process for decrypting the replacement key application area encrypted with the replacement key in the content received from the server and applying a different individual key to the information storage device or content distribution unit is performed. Execute and store the encrypted content after the key change. The information storage device generates a token obtained by encrypting the replacement key and the individual key, temporarily outputs the token to the host device, and receives the encrypted content and token encrypted with the replacement key from the host device. A replacement key and an individual key are obtained from the token, and a key change process for decrypting the encrypted content using the replacement key and encrypting it with the individual key is executed. The encrypted content after the key change becomes an encrypted content that is different for each client, and it is possible to identify the client from which the content or the individual key is leaked.

11 Content Server 12 Content Recording Disc 21 Shared Terminal 22 Recording / Reproducing Device (CE Device)
23 PC
31 Memory Card 100 Memory Card 101 Protection Area 102 General-purpose Area 110-112 Section Protection Area 120 Server 140 Host Device 181, 182 Client 701 CPU
702 ROM
703 RAM
704 Bus 705 Input / output interface 706 Input unit 707 Output unit 708 Storage unit 709 Communication unit 710 Drive 711 Removable media 801 CPU
802 ROM
803 RAM
804 Bus 805 I / O interface 806 Communication unit 807 Storage unit 811 Protected area (Protected Area)
812 General Purpose Area

Claims (15)

A server that provides the host device with the first encrypted content including the encrypted area to which the replacement key is applied;
A host device that receives from the server the first encrypted content and replacement key application area information indicating an encryption area to which a replacement key is applied;
Receiving the replacement key from the server and the individual key set differently in units of content distribution processing from the server;
An information storage device that generates a token including encrypted key data obtained by encrypting the replacement key and the individual key, and outputs the generated token to the host device;
The host device is
Outputting the token to the information storage device, and outputting the replacement key application area of the first encrypted content to the information storage device;
The information storage device includes:
Executing a key change process for changing the replacement key application area to an encryption area with an individual key, and outputting encrypted area data with the individual key to the host device;
The host device is
Processing for recording in the data recording area of the information storage device the second encrypted content obtained by replacing the encrypted area data by the individual key input from the information storage device with the data in the replacement key application area of the first encrypted content Content providing system that executes The server
The first encrypted content is an encrypted content including a replacement key application region that is an encryption region to which the replacement key is applied and a title key application region that is an encryption region to which a content-corresponding title key is applied. To the host device,
The information storage device includes:
The content providing system according to claim 1, wherein the individual key received from the server and the title key are stored in a storage unit, and the replacement key is not held. The information storage device includes:
Encrypted key data obtained by encrypting the replacement key and the individual key with a unique secret key of an information storage device;
Falsification verification value for the encryption key data;
The content providing system according to claim 1, wherein the token is generated and the generated token is output to the host device.   The content provision system according to claim 3, wherein the falsification verification value is a MAC (Message Authentication Code). The host device is
2. The content provision according to claim 1, wherein the replacement key application area information is referred to, and the encrypted area data to which the replacement key is applied is extracted from the first encrypted content received from the server and is output to the information storage device. system. Receiving a replacement key set as an encryption key for the first encrypted content provided by the server and an individual key set differently for each content distribution processing unit from the server;
Generating a token including encrypted key data obtained by encrypting the replacement key and the individual key, and outputting the generated token to a host device;
Input the token from the host device, obtain a replacement key and an individual key from the token,
Executing a key change process for changing the replacement key application area of the first encrypted content input from the host apparatus into an encryption area using an individual key, and outputting encrypted area data using the individual key to the host apparatus;
An information storage device that stores, in a storage unit, content including encrypted area data based on an individual key input from the host device. The server provides the host device with encrypted content in which a replacement key application region that is an encryption region to which the replacement key is applied and a title key application region that is an encryption region to which a content-compatible title key is applied are mixed. Is a configuration to
The information storage device includes:
The information storage device according to claim 6, wherein the individual key received from the server and the title key are stored in a storage unit, and the replacement key is not held. The information storage device includes:
Encrypted key data obtained by encrypting the replacement key and the individual key with a unique secret key of an information storage device;
Falsification verification value for the encryption key data;
The information storage device according to claim 6, wherein a token in which the token is set is generated and the generated token is output to the host device.   The information storage device according to claim 8, wherein the falsification verification value is a MAC (Message Authentication Code). Receiving from the information storage device a token including the replacement key set as the encryption key for the first encrypted content provided by the server and the encryption key data of the individual key set differently for each information storage device;
Receiving the first encrypted content including the encrypted area to which the replacement key is applied and the replacement key application area information indicating the encrypted area to which the replacement key is applied from the server;
Outputting the token to the information storage device;
Referring to the replacement key application area information, extracting encrypted area data to which the replacement key is applied from the first encrypted content, and providing the extracted data to the information storage device;
From the information storage device, receiving the individual key encrypted data generated by the key change process using the individual key obtained from the token,
An information processing apparatus comprising: a data processing unit that generates second encrypted content in which the received individual key encrypted data is set in a replacement key application area of the first encrypted content, and stores the second encrypted content in the information storage device. The token includes encrypted key data obtained by encrypting the replacement key and the individual key with a unique secret key of an information storage device,
Falsification verification value for the encryption key data;
The information processing apparatus according to claim 10, wherein the information processing apparatus includes data. An information processing method executed in an information storage device,
A replacement key set as an encryption key for the first encrypted content provided by the server and an individual key set differently for each information storage device are received from the server;
Generating a token including encrypted key data obtained by encrypting the replacement key and the individual key, and outputting the generated token to a host device;
Input the token from the host device, obtain a replacement key and an individual key from the token,
Executing a key change process for changing the replacement key application area of the first encrypted content input from the host apparatus into an encryption area using an individual key, and outputting encrypted area data using the individual key to the host apparatus;
An information processing method for storing content including encrypted area data by an individual key input from the host device in a storage unit. An information processing method executed in an information processing apparatus,
Receiving from the information storage device a token including the replacement key set as the encryption key for the first encrypted content provided by the server and the encryption key data of the individual key set differently for each information storage device;
Receiving the first encrypted content including the encrypted area to which the replacement key is applied and the replacement key application area information indicating the encrypted area to which the replacement key is applied from the server;
Outputting the token to the information storage device;
Referring to the replacement key application area information, extracting encrypted area data to which the replacement key is applied from the first encrypted content, and providing the extracted data to the information storage device;
From the information storage device, receiving the individual key encrypted data generated by the key change process using the individual key obtained from the token,
An information processing method for generating a second encrypted content in which the received individual key encrypted data is set in a replacement key application area of the first encrypted content, and storing the second encrypted content in the information storage device. A program for causing an information storage device to execute information processing;
A process of receiving a replacement key set as an encryption key for the first encrypted content provided by the server and an individual key set differently for each information storage device from the server;
Generating a token containing encrypted key data obtained by encrypting the replacement key and the individual key, and outputting the generated token to a host device;
A process of inputting the token from the host device and obtaining a replacement key and an individual key from the token;
Processing for changing the replacement key application area of the first encrypted content input from the host apparatus to an encryption area using an individual key and outputting encrypted area data using the individual key to the host apparatus When,
A program for executing a process of storing content including encrypted area data by an individual key input from the host device in a storage unit. A program for causing an information processing apparatus to execute information processing,
A process of receiving from the information storage device a token including a replacement key set as an encryption key for the first encrypted content provided by the server and encryption key data of an individual key set differently for each information storage device;
Processing to receive from the server the first encrypted content including the encrypted area to which the replacement key is applied, and replacement key application area information indicating the encrypted area to which the replacement key is applied;
Processing to output the token to the information storage device;
A process of referring to the replacement key application area information and extracting encrypted area data to which the replacement key is applied from the first encrypted content and providing the extracted data to the information storage device;
A process of receiving, from the information storage device, the individual key encrypted data generated by the key change process using the individual key acquired from the token;
A program for generating a second encrypted content in which the received individual key encrypted data is set in a replacement key application area of the first encrypted content and storing the second encrypted content in the information storage device.