Information processing apparatus and method, information recording medium manufacturing apparatus and method

Technical Field

The present invention relates to an information processing apparatus, information recording medium manufacturing apparatus, information recording medium, information processing method, method of manufacturing an information recording medium, and computer program. More specifically, the invention relates to an information processing apparatus, information recording medium manufacturing apparatus, information recording medium, information processing method, method of manufacturing an information recording medium, and computer program, for the same recorded together with the use of the content in the information recording medium, when using the content when the content of the implementation code (  code content) is determined when the processing corresponding to the information processing device of the, type or version, according to the determined information selection and implementation of the content code of the information processing equipment.

Background Art

Music can be audio data, Image data, such as movie, game program or various application program various software data (hereinafter referred to as "content") as the digital data are stored in for example using a blue laser of blue optical disc (  disc Blu-ray, registered trademarks), DVD (digital versatile disc, digital   versatile   disc), MD (compact disc, mini   disc) or CD (optical disk, compact   disc) in a recording medium such as. In particular, using a blue laser of blue optical disk (registered trademark) is a high-density recordable disc, such as a large number of video content can be used as a high-resolution data is recorded on the optical disc.

The digital content is stored in these different information recording medium of the (storage medium), provided to the user. The user of the use of his or her PC (personal computer, personalcomputer) or disk player, reproducing apparatus to reproduce the content, thus using the content.

Usually, the issuer-owned or creator of the content includes music data, and Image data of many of the contents distribution rights. Therefore, when the issuance of these content, general application of the configuration of a predetermined limit, i.e., only allow formal for the user to use the content, therefore, without allowing the configuration of the copy can not be carried out.

By using the digital recording apparatus and a recording medium, can be repeatedly recording or reproducing, for example Image or sound, and not to make the Image or sound deterioration. As a result, illegal copying through the Internet to content distribution, distribution through the on, for example, the replicated content CD-R obtained by use of the so-called pirated disk and stored in the PC such as the hard disk of the replicated content in the overflow.

For example, corresponding to the can be one or several of a large amount of data as the digital information is recorded in the DVD is being developed or in recent years the use of the recording medium such as blue laser of large-capacity recording medium. Therefore, as can be used as a digital information recording video information, and the like, thus preventing illegal copy in order to protect the rights of the copyright owner to gradually become an important issue. At present, in order to prevent illegal copying of the digital data, digital recording equipment and prevent the illegal copying of the recording medium, various technology has been put to practical use.

By preventing the illegal copying of content to protect the rights of copyright owners of-the-art technology including content encryption method. However, even if the content is encrypted, there may be leakage if the encryption key is spread is illegal decryption of the content.

Furthermore, as a configuration of preventing illegal use of content, for example, to reproduce the identifier (ID) to the application program, the content can only be so with a specific ID of the processing of the application program to use. For example, in JP-A-2005-354121 discloses this kind of disposition. Furthermore, the content of the as a generation source of the illicit produce the technical, already provides a when reproducing the content is embedded for reproducing processing of the configuration of the ID of the equipment. For example, in JP-A-2004-260533 discloses this kind of disposition.

When the reproduction of a content ID embedded or the content decryption processing, data conversion processing of the configuration of the case, can be carried out to be used for checking the content of the information processing apparatus or reproducing (playing) program is a effective permission device or procedure or validity check of the security check. Through the implementation of, for example, as the content use control program and with content recorded in the information recording medium with the content code in to carry out these processing.

Usually, the content code independence is set in the document of the content, then the content code is recorded in the information recording medium. Therefore, only the content code can be moved or copied to the other in an information recording medium. If leakage of the content code, the content usage right has authorized the unauthorized equipment apparatus can be through the implementation of leakage of the content code iniquitously reproduce the content.

The manufacturers of different other equipment or application program used to implement the content reproducing device or application program. In the use of content code to execute data conversion processing or security check condition, is set as appropriate selection of different other equipment with the manufacturer or the application program content code corresponding to each sequence according to the implementation of the security check and the implementation of appropriate data conversion processing is an ideal. In particular, the different data replacement in a portion of the content data during processing of the data conversion by the implementation of a content reproducing device or application program identification information embedding the processing of the content under the condition of, if not the correct selection of content code, are not implementation of the correct embedding of the identification information. As a result, it is difficult to indicate the implementation of illegal processing apparatus.

Content of the invention

Therefore, in view of the above circumstances, that the limit is used as the content use control program and with content recorded in the information recording medium with the use of in the configuration of the content code. In particular, it is desired to provide an information processing apparatus, information recording medium manufacturing apparatus, information recording medium, information processing method, method of manufacturing an information recording medium, and computer program, as used for the same content use based on specified information processing device of the, type or version identification information processing apparatus checks, the use of the content code is then processed according to the selected and accurately check information corresponding to the content code of the information processing equipment.

According to the 1st embodiment of this invention, provides an information processing apparatus, including: a data processing unit, for acquiring the information recording medium includes recording the data in the content code processing program, according to the content code to execute data processing; and memory, the storage device identifier of the information processing equipment of the device Certificate. The data processing unit is configured to according to the in is contained in the content code used for equipment inspection processing of the application code stored in the memory of the apparatus in the implementation of device inspection processing, inspection processing of the equipment after the equipment, the acquisition records the device identifiers in the Certificate, the application of the device identifier corresponding to the content of the data processing of code execution.

The 1st embodiment according to the present invention in the information processing device, preferably, the storage device credentials unique to the information processing device and a device identifier of the device Certificate device-specific key, or stored with corresponding to the information processing apparatus models or versions of the type identifier or version identifier and the models/version of the type/version of the public key Certificate. Furthermore, preferably, the data processing unit is configured for the application device Certificate and the models/version of at least one of the in the Certificate to carry out equipment inspection processing, in obtaining recorded in the device Certificate with the recording device identifier of the Certificate in the size/version of the type identifier/version of any one of the identifier, the application identifier corresponding to the content of the code execution of data processing.

Furthermore, the 1st embodiment according to the present invention in the information processing device, preferably, the data processing unit is configured to the apparatus by verifying the signature of the Certificate is arranged in the processing to check the validity of the Certificate as equipment, the information processing by using the stored in the memory of the apparatus to produce the new private key of the signature data, stored in the apparatus by using the public key in the Certificate to verify the generated signature data, implementation of the signature check of the device is judged to be successful verification of successful equipment inspection processing.

Furthermore, the 1st embodiment according to the present invention in the information processing apparatus, also preferably includes: a memory, stored in the same key tree having a hierarchical structure in the corresponding to the information processing apparatus as the bottom node of the relative blade be provided with the device specific key, from the vanes to the top node of the nodes on the path of the corresponding to the group key, and corresponding to the top node of the device manufacturing entity key corresponding to device and series of data, memory and an information processing device corresponding to the type/version of the key/version of the type of key as type/version packet, and stores the key management center public key, in addition, preferably, the data processing unit is configured for the application key management center public key is the signature of the content code to perform authentication processing, in the application in the data processing of the content code key specific to the application device, group key, device manufacturing entity key, types of cipher key in the cipher key and version of any one of the contained in the content code to execute decryption processing of the data in the.

Furthermore, the 1st embodiment according to the present invention in the information processing device, preferably, the data processing unit is configured to from the storage in the information recording medium obtained in the data in the content code of the key in the decryption of the information and said designated content code of the encrypted data is arranged in the position of the position specifying information of the encryption data, selected according to the obtained information of the key to be applied, according to an encryption data position specifying information designated to be decrypted data, application of the selected key performs the decryption processing.

Furthermore, the 1st embodiment according to the present invention in the information processing equipment, preferably, has the content code is contained in the content code as the size of the data in the 2 megabyte is set in units of blocks of the data structure of the signature, the data processing unit is configured to size is 2 megabyte verify is performed in units of block the signature of the content code processing.

Furthermore, the 1st embodiment according to the present invention in the information processing device, preferably, stored in the memory corresponding to the information processing apparatus manufacturer, manufacturer or digit caption of the assembly of the plurality of different device manufacturing entity independent set corresponding, the data processing unit is configured to in the processing of decrypting the content code, to be executed from the corresponding to the code corresponding to the content of the selected device manufacturing entity key centralized selection key, thereby executing the application of the selected key decryption is contained in the content code of the data processing.

Furthermore, the 1st embodiment according to the present invention in the information processing device, preferably, the data processing unit is configured to perform at least the application is contained in the content code of the code of the security check in security check processing and application is contained in the content code of the content of the data in the form of conversion table data conversion processing in the data a, after processing as the implementation of the apparatus, check, the application of the data processing of the content code.

Furthermore, the 1st embodiment according to the present invention in the information processing device, preferably, the information processing device is configured to the memory with the information processing device corresponding to the type/version of the type/version of the type/version of the public key Certificate is stored in the memory, the data processing unit is configured to record by checking the size/version of the update information of the Certificate in the Certificate to determine the application state the content code.

Furthermore, according to the 2nd embodiment of this invention, provides an information recording medium manufacturing apparatus, including: the content file generating apparatus, used for producing the stored record in the information recording medium of the content file of the content data; content code file generating device, when used for producing the storage use the content of the data processing procedures carried out by the content of the document the content code of the code; and recording device, in the information recording medium used for recording the content file generating device to generate the content file and content code file generating device to generate the content code file. The content code file generating device is configured to generate the execution of the application are stored stored in the each of the information processing equipment of the apparatus of the in the memory of the apparatus, check of the Certificate used for equipment inspection processing of document content code of the code, and generating equipment inspection stores a processing inspection device identifier selection and execution of the content of the security check code code file.

According to the present invention of the 2nd embodiment in the apparatus of manufacturing an information recording medium, preferably, the content code file generating device is configured to generate the stored equipment inspection processing after checking according to the device identifier is selected and executed data conversion processing of the contents of the conversion table in the content of the data code file.

Furthermore, according to the present invention of the 2nd embodiment in the apparatus of manufacturing an information recording medium, preferably, the content code file generating device is configured to generate memory contains only by the assigned to use the content of the group specific information processing apparatus the encryption key for decrypting the encrypted data content code of the content code file.

Furthermore, according to the present invention of the 2nd embodiment in the apparatus of manufacturing an information recording medium, preferably, encryption key corresponding to the key tree having a hierarchical structure in the corresponding to the information processing apparatus as the bottom node of the relative blade be provided with the device specific key, from the vanes to the top-level node on the path to each node of the group key, corresponding to the top node of the device manufacturing entity key, and an information processing device corresponding to the type of the key and the type of the information processing equipment version corresponding to a version of any one of the key.

Furthermore, according to the present invention of the 2nd embodiment in the apparatus of manufacturing an information recording medium, preferably, the content code file generating means is configured to perform the following processing: to be generated as in the information recording medium of the information recorded in the encrypted data portion designated and comprises key code encryption information content of the information, as the memory, which contains only by the assigned to use the content of the group specific information processing apparatus the encryption key for decrypting the content of the encrypted data content code of the code information corresponding to the document.

Furthermore, according to the 3rd embodiment of the present invention, provided is an information recording medium, including: storing a content file of the content data; and to use the content are stored when the device comprises a data processing program carried out by the content code of the content code file. The content code file is configured to contain the stored execution of the application are stored in each of the information processing equipment of the apparatus of the in the memory of the apparatus, check of the Certificate used for equipment inspection processing of document content code of the code, and stores a post-test inspection processing equipment device identifier are selected and the implementation of the security of the content code file check code.

According to the 3rd embodiment of the present invention the information recording medium in which, preferably, the content code contained in the document is configured to check the inspection process according to the equipment after the equipment identifier of the content of the selected and executed in the data conversion processing of the data conversion table.

Furthermore, according to the 3rd embodiment of the present invention the information recording medium in which, preferably, the content code file is stored, which contains only by the assigned to use the content of the group specific information processing apparatus the encryption key for decryption of the content of the encrypted data content code of the code document.

Furthermore, according to the 3rd embodiment of the present invention the information recording medium in which, preferably, encryption key corresponding to the key tree having a hierarchical structure in the corresponding to the information processing apparatus as the bottom node of the relative blade be provided with the device specific key, from the vanes to the top-level node on the path to each node of the group key, corresponding to the top node of the device manufacturing entity key, and an information processing device corresponding to the type of the key and the type of the information processing equipment version corresponding to a version of any one of the key.

Furthermore, according to the 3rd embodiment of the present invention the information recording medium in which, preferably, as the memory, which contains only by the assigned to use the content of the group specific information processing apparatus the encryption key to decrypt the encrypted data content code of the content of the information corresponding to the code file, containing encrypted data portion and comprises a key designated information of the encryption information content code as the recording information.

Furthermore, according to the 4th embodiment of the present invention, the information processing apparatus of a kind of application of the information recording medium in recording data to perform data processing of the information processing method comprises the following steps: obtaining the data processing unit in the information recording medium includes recording the data in the content code processing program; in the data processing unit in accordance with the content code used for equipment inspection processing of the application code stored in the memory of the apparatus in the implementation of device inspection processing; and in the data processing unit performs a content code processing, processing in the content code, acquisition records in the equipment, the equipment identifier of the Certificate, corresponding to the selected device identifiers of the content of the access code, application code execution of the selected content data processing.

According to the 4th embodiment of the present invention in the information processing method, preferably, the storage device credentials unique to the information processing device and a device identifier of the device Certificate device-specific key, or stored with corresponding to the information processing apparatus models or versions of the type identifier or version identifier and the models/version of the type/version of the public key Certificate. Furthermore, preferably, in the inspection process in the implementation of the apparatus, execution of the application and the device Certificate in the Certificate type/version of at least one of the processing apparatus checks, in obtaining recorded in the device Certificate with the recording device identifier of the Certificate in the size/version of the type identifier/version of any one of the identifiers. Furthermore, in the implementation of the content code, corresponding to the execution of the application to obtain the identifier of the data processing of the content code.

Furthermore, the 4th example according to the present invention in the information processing method, preferably, in the inspection process in the implementation of the equipment, the equipment is arranged in the Certificate to verify the signature processing to check the validity of the Certificate as equipment, the information processing apparatus using the stored in the memory of the special key to generate a new signature data, stored in the apparatus for use the public key in the Certificate to verify the signature data is generated, the signature implementation of the device is judged to be successful verification of the success of the examination device inspection processing.

Furthermore, the 4th example according to the present invention in the information processing method, preferably, the information processing equipment includes: a memory, stored in the same key tree having a hierarchical structure in the corresponding to the information processing apparatus as the bottom node of the relative blade be provided with the device specific key, from the vanes to the top-level node on the path to each node of the group key, corresponding to the top node of the device manufacturing entity key corresponding to device and series of data, memory and an information processing device corresponding to the type/version of the key/version of the type of key as type/version packet, and stores the key management center public key. Furthermore, preferably, the data processing unit application key management center public key is the signature of the content code to perform authentication processing, processing in the implementation of the content code key specific to the application device, group key, device manufacturing entity key, types of cipher key in the cipher key and version of any one of the contained in the content code to execute decryption processing of the data in the.

Furthermore, the 4th example according to the present invention in the information processing method, preferably, in the implementation of the content code, stored in the information recording medium from the data in the content code for acquiring a key in the decryption of the information and said designated content code of the encrypted data is arranged in the position of the position specifying information of the encryption data, selected according to the obtained information of the key to be applied, according to an encryption data position specifying information designated to be decrypted data, application of the selected key performs the decryption processing.

Furthermore, the 4th example according to the present invention in the information processing method, preferably, with the content code is contained in the content code as the size of the data in the 2 megabyte is set in units of blocks of the data structure of the signature, the data processing unit in order to size is 2 megabyte verify is performed in units of block the signature of the content code processing.

Furthermore, the 4th example according to the present invention in the information processing method, preferably, in the implementation of the content code, the decryption processing of the content code, to be executed from the corresponding to the code corresponding to the content of the selected device manufacturing entity key centralized selection key, thereby executing the application of the selected key decryption is contained in the content code of the data processing.

Furthermore, the 4th example according to the present invention in the information processing method, preferably, in the implementation of the content code, the data processing unit is contained in the content code execution of the application security check code in the security check processing and application is contained in the content code in the content of the data conversion table forming data in the data conversion processing of at least one, in the equipment as the application of the inspection processing carried out after the data processing of the content code.

Furthermore, the 4th example according to the present invention in the information processing method, preferably, performed in the data processing unit through the inspection recording the size/version of the update information of the Certificate in the Certificate to determine the content code of the application state. Furthermore, preferably, the information processing device is configured to the stored corresponding to the information processing apparatus is the type/version of the models/version of the type/version of the public key Certificate is stored in the memory.

Furthermore, according to the 5th embodiment of the present invention, an information recording medium manufacturing apparatus of the method of manufacturing an information recording medium, comprises the following steps: producing the storage recording in the information recording medium of the content file of the content data; to use the content is generated when the storage of the data processing procedures carried out by the content of the document the content code of the code; and in the information recording medium in recording the content file of the content file is generated and the code file generation of content in the content code file is generated. Content code in the document, stored with the execution of the application to produce stored in each of the information processing equipment in a memory of the apparatus device credentials used for inspection process after processing apparatus checks the content of the code of the code file, according to the apparatus, check, and a disposal check device identifier selection and execution of the content of the security check code code file.

According to the 5th embodiment of the present invention in the information recording medium manufacturing method, preferably, in the code file generation of content, the produce stored after inspection of the equipment based on inspection process equipment identifier selection and execution of data processing of the content in the content of the application data conversion table code file.

Furthermore, the invention according to the 5th embodiment of the method of manufacturing an information recording medium, preferably, in the code file generation of content, generated by the allocated memory, which contains only to use the content of the group specific information processing apparatus the encryption key for decrypting the encrypted data content code of the content code file.

Furthermore, the invention according to the 5th embodiment of the method of manufacturing an information recording medium, preferably, encryption key corresponding to the key tree having a hierarchical structure in the corresponding to the information processing apparatus as the bottom node of the relative blade be provided with the device specific key, from the vanes to the top-level node on the path to each node of the group key, corresponding to the top node of the device manufacturing entity key, and an information processing device corresponding to the type of the key and the type of the information processing equipment version corresponding to a version of any one of the key.

Furthermore, the invention according to the 5th embodiment of the method of manufacturing an information recording medium, preferably, in the document content code, carrying out the following processing: to be generated as in the information recording medium of the information recorded in the encrypted data portion designated and comprises key code encryption information content of the information, as the memory, which contains only by the assigned to use the content of the group specific information processing apparatus the encryption key for decrypting the content of the encrypted data content code of the code information corresponding to the document.

Furthermore, according to the 6th embodiment of the present invention, a kind of the information processing apparatus executes application information recording medium of the recorded data of the computer program of the data processing of the information processing device performs: obtaining a data processing unit in the information recording medium includes recording the data in the content code processing program; a data processing unit in accordance with the content code used for equipment inspection processing of the application code stored in the memory of the apparatus in the implementation of device inspection processing; a data processing unit and performs the content code processing, processing in the content code, acquisition records in the equipment, the equipment identifier of the Certificate, corresponding to the selected device identifiers of the content of the access code, the content of the execution of the application code of the selected data processing.

Furthermore, according to the 7th embodiment of the present invention, provides an information processing apparatus, including: 1st memory, the storage includes each of the information processing apparatus-specific data; and 2nd memory, its storage and information processing apparatus of the model and version of the corresponding data. Includes each of the information processing apparatus-specific data includes a device identifier of the device, corresponding to the device manufacturing entity key, the device is divided into groups of a total set of the predefined set of the group key unique to each apparatus and the key. The corresponding to the model and version of the data including the specific key, the key and includes unique version of the model and version of the apparatus the identifier of the Certificate.

According to the 7th embodiment of the present invention the information processing device, preferably, according to the program, on the basis of the apparatus implementation of the Certificate signature verification 1st, then corresponding to the results of a signature verification 1st further implementation of the use of apparatus-specific key signature verification, including models and versions is performed based on the equipment identifier of the Certificate signature verification 2nd, then corresponding to the result of the 2nd signature verification using the models further implementation specific key or version-specific key signature verification.

Furthermore, according to the present invention of the embodiment of the 6th computer program can be through the use of storage medium or communication medium supply may be capable of performing multiple procedures/code of the computer/system computer-readable format computer program. For example, by using the CD, a recording medium such as FD or MO or the network communication medium to provide a computer program. By providing a computer-readable format of the program, the computer/system corresponding to the program to realize the processing.

The adoption of the following embodiments of the present invention in the detailed description to refer to the attached diagram, other uses of the present invention, features and advantages will become obvious. Furthermore, in the specification of the system is a logical group of a plurality of devices. In other words, the same is not limited to, in the existing device in the chassis.

According to the configuration of the embodiment of the invention, the acquisition of the information recording medium includes recording the data in the content code processing program, then, according to the corresponding content code implementation of security inspection processing, is contained in the content of the data conversion processing or the equipment information embedding the processing of the content, such as in the configuration of processing data, stored in the execution of the application in the information processing equipment device Certificate or models/version of the Certificate as a checking processing apparatus checks the processing of the information processing apparatus, after the inspection processing of the equipment for obtaining stored in the device Certificate or models/version in the Certificate is used as the device identifier of the device ID, type or version ID ID, the application content code execution of the application at the time of the treatment of acquired device identifier corresponding to the content of the data processing of the code.

Furthermore, according to the invention another embodiment of the configuration, at least a portion of the content code is data for encryption, the key tree having a hierarchical structure in the, application includes as an encryption key as the information processing apparatus corresponding to the relative blade of the bottom node be provided with the device specific key, from the vanes to the top-level node on the path to each node of the group key, corresponding to the top node of the device manufacturing entity key, and an information processing device corresponding to the model and version of the set up of the same type and version of the encryption key of the cipher key in a. Therefore, can only allow particular information processing apparatus to the content of the group code execution processing. As a result, illegal against application can be implemented which is capable of processing the configuration of the content code.

Description of drawings

Fig. 1 shows information recording medium of the memory data, driving apparatus and information processing apparatus of the configuration and processing of the view;

Figure 2 is on the storage content of the information recording medium of the example content management unit the view of the arrangement of the;

Figure 3 is on the storage content of the information recording medium arranged unit key and a content management unit of the corresponding relationship between the view;

Figure 4 shows recording in the information recording medium and the contents of the required when reproducing the content of the view of the data conversion processing;

Fig. 5 shows content reproduction processing examples of view;

Figure 6 when the reproduction of a content is performed by the view of the data conversion processing;

Fig. 7 shows recording in the information recording medium the data directory configuration view;

Figure 8 shows recorded in the content in the information recording medium, management data contents configuration view;

Figure 9 shows the recording in the information recording medium is a content code to the view of the table of contents;

Figure 10A of the device Certificate is an example of the view of the data structure;

Figure 10B shows models/version of the Certificate example of the view of the data structure;

Figure 11 shows Certificate information to the information processing equipment and the distribution of the view of the key;

Figure 12 shows the memory in the information processing equipment and the key Certificate information of the view;

Figure 13 shows Certificate information to the information processing equipment and the distribution of the view of the key;

Figure 14 shows updating models/version of the view of the processing of the Certificate;

Figure 15 is the indication of each device manufacturing entity key and a Certificate of the view of the configuration of settings;

Fig. 16 shows each device manufacturing entity key and a Certificate of the view of the configuration of settings;

Figure 17 shows the key management center generates the key and Certificate processing of the view;

Figure 18 shows the key management center is the signature of the code corresponding to the contents of the processing of the view;

Figure 19 in the key management center is the signature of the code corresponding to the contents of the processing of the view;

Figure 20 shows in the information processing equipment in view of the use of the content code;

Figure 21 and is stored in an information recording medium is encrypted content in view of the processing of the code;

Figure 22 shows the information processing apparatus using content in view of the processing sequence of the code;

Figure 23 shows the information processing apparatus using content in view of the processing sequence of the code;

Figure 24 shows in the information processing apparatus using content code in the flow chart of the processing of the view of the sequence;

Figure 25 is shown in the information processing apparatus using content code in the flow chart of the processing of the view of the sequence;

Figure 26 shows the hardware configuration of the information processing equipment of the view of the example; and

Figure 27 shows information recording medium manufacturing apparatus of the configuration of the block diagram.

Mode of execution

In the below, refer to the attached diagram according to the present invention a detailed description of the embodiment of the information processing apparatus, information recording medium manufacturing apparatus, information recording medium, information processing method, method of manufacturing an information recording medium, and computer program. Furthermore, the order of the item in accordance with the following description.

1. Storage data of the information recording medium and driving (drive) and the host computer (host) a SUMMARY of the processing in the

2. Content management unit (CPS unit)

3. Comprising of distortion data of data structure of the content, and a SUMMARY of the data conversion processing

4. Content reproduction processing

5. Application security check code processing

6. The information processing apparatus the encryption key distribution and the configuration of the content code encryption and

7. The configuration of the information processing apparatus

8. Information recording medium manufacturing apparatus and information recording medium

1. Storage data of the information recording medium and a SUMMARY of the processing in the host computer

First of all, description information recording medium storing data and driving and a SUMMARY of the processing in the host computer. Figure 1 shows the storage content of the information recording medium 100, drive (drive) 120 and the host computer (host) 140 configuration. The host 140 in the PC is executed in an information processing apparatus, the data reproduction (or recording) application program. The host computer 140 according to a predetermined data processing sequences using PC as hardware of the information processing equipment for processing.

Information recording medium 100 is a blue optical disk (registered trademark) or information recording medium such as DVD, included in the grant content copyright or distribute the content rights holders of the so-called of the disc factory under a license of the data can be recorded in the information recording medium (for example, disk RE) or storage have authorized the information of the content recording medium (for example, ROM disk). Furthermore, in the following embodiment, as the information recording medium of a disk-shaped medium of examples; however, the use of various information recording medium in the configuration of the application of the invention.

As shown in Figure 1, the information recording medium 100 stores the encrypted part of the data processing and replacement processing encrypted content 101, as encrypted key block and on the basis of known as the broadcast encryption method of the tree structure of the key distribution method for MKB (media key block, media   key   block) 102, through the applied to content includes the title of the encryption process the encryption key obtained CPS unit key encrypted title key document 103, containing as the copy and reproduce the content of the control information CCI (copy control information,   information copycontrol) the license plate information of the encrypted content comprises using 104 and 101 of the data processing procedure performed by the content code of the 105.

The content code 105 comprises a registration in a predetermined region of the content of the substitute data corresponding to the conversion table the converted data (correction (Fix-Up) table) with 106 and used for verifying the content reproducing player (reproduction apparatus) the effectiveness of the security checking program code 107. Furthermore, the content code 105 include used for information processing equipment of equipment checks of equipment checks code 108, in other words, according to the type identifier (type ID), version identifier (version ID) or device identifier (device ID) to designate the corresponding to the information processing apparatus, for example, model, version or device equipment inspection code 108.

Content reproduction of the information processing apparatus, according to the is contained in the content code 105 security checks code 107 for verification player (reproduction apparatus) the validity of the authentication processing, after the authentication processing, according to the is contained in the content code 105 in extracting the data conversion processing program recorded in the is contained in the content code 105 of the conversion table (table Fix-up) 106 of the conversion data, to the contained in the content data in the replacement processing.

Furthermore, conversion table (table Fix-up) 106 or security check code 107 include allowing according to various reproducing apparatus or reproducing application program on the type of processing can be the implementation of security inspection processing or conversion processing of all kind of code. For example, various code includes "A" Company with the manufacturing of the product in the type A1, version a2 Aa3 and device for the corresponding security check code and conversion table and "B" Company with the manufacturing of the product in the type B1, version b2 Bb3 and device for the corresponding security check code and conversion table. The use of content from the security check code or conversion table to select the corresponding security check code or conversion table to carry out the processing.

To use the content in the information processing apparatus from the appropriate to select the corresponding security check code or conversion table to carry out the processing. For example, according to comprising the corresponding to the information processing apparatus "device", is defined as a plurality of devices of the group of the "type" or models of the concept of a "version" of the information processing device for the different groups, select the appropriate security check code or conversion table to carry out the processing. For example, the device identifier is provided for each of the information processing device-specific identifier.

The type identifier is set as belonging to the same model of a plurality of apparatus (information processing apparatus) shared.

The version identifier is different versions of the same type of the identifier. For example, assume that exist A version of model 1 and model version A 2, corresponding to the respective version is provided with an independent version identifier.

Information processing equipment through the application of device inspection code 108 to check the processing of the information processing device of the information processing device of the, type, version, then select the appropriate conversion table or security check code, to carry out the processing. Therefore, need to be inspected device identifier of the corresponding apparatus, type identifier or the version identifier. Check code the device 108 comprises used for carrying out the inspection processing of equipment checks processing program.

The use of the information of the content stored in the processing apparatus acquires memory of the information processing equipment (Figure 1 of the shown memory b161) in the device Certificate (  Cert Device) or models/version Certificate (  Cert MV), is contained in the content code implementation 105 check the apparatus in the code   108, the implementation of inspection information processing device of the, type or version of the processing. After the inspection process in the apparatus, information processing apparatus selects the device corresponding to the confirmed, type or version of the appropriate security check code or conversion table to carry out the processing. Device Certificate (DeviceCert) or models/version Certificate (  Cert MV) is stored with a public key of the public key Certificate. The later processing of the specific processing example.

Furthermore, the content code 105 in addition to including application conversion data from the conversion processing program, also includes the starting processing for the implementation and safety inspection processing of a plurality of processing of the information or program. A later description of the details of the content code. Furthermore, as shown in the Figure the stored data of the information recording medium is example, according to the type of stored data plate and so on is slightly different. In the below, a SUMMARY of various information.

(1) encrypting the content 101

In the information recording medium 100 stores various content. For example, various content including used as a high-definition motion picture data of the HD (high definition, high   definition) film content of the moving picture content such as AV (audio-visual, audio   visual) flow, or a specific standard designated by the game program, Image file, sound data or the contents of the text data. These contents are specific standard format AV data, the AV data format according to the particular storage thereof. Concretely, for example, according to the blue CD ROM (registered trademark) standard format of the content is stored as blue optical disk (registered trademark) standard data ROM.

Furthermore, for example, can be in the information recording medium 100 as the service data stored in the game program, Image file, voice data or text data. These content can be stored as a specific AV does not follow the data format of the data format of the data.

Exist comprising music data, moving picture and still Image, Image data, game program and WEB various content of the content. Content includes only can be made of from the information recording medium 100 of the use of data and various content information from the information recording medium can be 100 and from the data server is connected to the network, the content of the supplied information use of data. In the information recording medium for storing the contents of the in, in the independent content distribution of different key (CPS unit key or unit key (or commonly referred to as a title key)) under the condition of encrypted content, then store the content, in order to realize different the independent of the content use control. The allocation of a unit key of the unit referred to as the content management unit (CPS cell). Furthermore, will be contained in the content data set as a part of the use of the content data with the correct replacement of the different data segments of the data. Therefore, because only used for decryption processing can not reproduce the correct content, so the need for registration of the data in the conversion table to replace the processing of the data segments in order to carry out the reproduction. A later detailed description of the processing.

(2) MKB

(Media key block) MKB 102 is according to known as the broadcast encryption method a tree structure for key distribution method of the encryption key block is generated. MKB102 is only allowed to effectively on the basis of stored in the information processing equipment of the user from the device key processing (decryption) of the as to obtain the required content decrypting media key of the cipher key key information block. The application of the hierarchical tree structure under the so-called information distribution method. In other words, only when the user device (information processing device) has effectively permit, the media key can be obtained, however, the user device ineffective under the condition of (defeasance), media key cannot be obtained.

As a license entity management center may be made by changing the stored in the MKB used for encrypting the device key of key information can not be used to generate a specific user device stored in the device key decryption, that is, is not able to obtain the required content decryption key of the configuration of the media MKB. Therefore, permission can be only to provide an effective device for encrypted content can be decrypted, at the same time at a predetermined timing defeasance unauthorized device. By later decryption processing of the content.

(3) a title key file

As mentioned above, through the use of the content of the application is used to manage separate encryption key (title key (CPS unit key)) to encrypt the content or each of a set of a plurality of contents, then, stores it in the information recording medium 100 in. In other words, can be contained in the content of the AV stream (audio-visual), music data, moving picture and still Image, Image data, game program, such as content WEB to the management unit to use the content of the unit. Furthermore, the need to produce different unit after dividing the title key and decryption processing. Used for producing the title key information is the title key data. For example, by the media key by using a key generated title key to decrypt the encrypted title key is obtained. The title key data according to a predetermined encryption key generating sequence to produce a unit corresponding to each title key, the decryption of the content.

(4) the use of license information

User permission information includes, for example, copy and reproduction control information (CCI). In other words, reproduction and reproduction control information (CCI) is used for the memory in the information recording medium 100 encrypted content in the 101 using the control corresponding to the copy restriction information or reproduction restriction information. For example, the replication and reproduction control information (CCI) is set to as a content management unit of the information of the independent CPS unit, with a plurality of CPS or can be provided with the unit to copy and reproduction control information (CCI). In other words, can be arranged in various ways for copying and reproduction control information (CCI).

(5) the content code

The content code 105 comprises a registration in a predetermined region of the content of the substitute data corresponding to the conversion table the converted data (Fix-up table) with 106 and used for verifying the content reproduction of an information processing apparatus which security checks the validity of the program code 107. Furthermore, as mentioned above, content code 105 including is used for checking the information processing apparatus corresponding to the apparatus, models and versions of at least one of the identification information of equipment checks code 108.

As mentioned above, conversion table or security check the code includes various code in order to can be correspondent to used for various reproducing apparatus of an information processing apparatus (for example, device, type or version) of the type of processing. The use of the information of the content processing apparatus according to the equipment checking code 108 check device of the information processing equipment, model, version, then choose the corresponding to the information processing apparatus a security check code or conversion table in order to carry on the security check processing and data conversion processing.

The implementation of the content reproduction as a reproduction apparatus for reproduction of a host of the application program carrying out the data conversion processing is a virtual machine (VM, virtual   machine), according to the virtual machine (VM) from the information recording medium 100 is read in the code execution apparatus checks the content of the processing, the security check processing and data conversion processing, through the application of a conversion table (table Fix-up) 106 comprising the registration of the content to a part of the data in the data conversion processing.

Encryption in a predetermined manner is stored in the information recording medium 100 encrypted content in the 101, contained in the encrypted content 101 comprises a part of data in different data with the correct data-piece. When reproducing the content, the need for as the correct content data to replace the converted data in the processing data rewriting of the data segments. Registration table is a conversion data (Fix-up table) conversion table 106. The number of the data segments being set according to the content, when reproducing the data, require the use of the conversion table to replace the converted data is registered (rewrite) the treatment of the plurality of data segments. For example, through the application of conversion data, even when the encryption key leakage illegal-out of the content decryption, only because it is difficult to replace the data for the reproduction of the content by decrypting the content of the correct. As a result, illegal use of content can be prevented.

Furthermore, conversion table 106 in addition to the normal conversion data, also includes analysis can be used to identify a content reproducing apparatus reproducing application program or the content of the identification information of the data conversion data (judicial mark (  mark forensic)). Specifically, conversion table 106 include, for example, : as corresponding to the identification data of the information processing equipment of the device ID (device identifier), models (models identifier) ID ID or the version identifier (version identifier), and the like, or recorded information based on the identifier of the identification information "containing identification mark conversion data (judicial mark)". Includes identifying mark is the converted data through in order to not affect the content of a slightly change the level of the reproduction of the content data of the correct data obtained with a bit value.

Furthermore, the content code 105 in addition to the above-mentioned conversion table contains an application 106 outside the data conversion processing program, also includes the starting processing for the implementation and safety inspection processing of a plurality of processing of the information or program. A later description of the details of the content code.

Next, the reference Figure 1 shows that the host 140 and drive 120 and the configuration of the outline of its treatment. When the data through the drive 120 is sent to the host computer 140 is, the implementation of the memory in the information recording medium 100 in the reproduction processing of the content.

In the host computer 140 in reproducing (player) is application program 150 and security VM160. Reproduction (player) application program 150 is a content reproducing processing unit, in the content reproducing processing, content decryption processing, decoding processing host computer 140 and driving authentication processing.

Security VM160 application content code is 105 processing of the data processing unit. The content code 105 includes the conversion table 106, safety check code 107 and equipment inspection code 108. Security VM160 according to equipment inspection code 108 comprising the models of the equipment, version of the device and equipment checks, corresponding to the selected apparatus after checking the security check code 107, then safety check processing, using conversion table 106 a part of the replacement processing of the data.

Used as security VM160 of the data processing unit is contained in the content code according to the equipment checking code 108 executes an application stored in the memory of the device (device Certificate and the models/version Certificate) of equipment checks processing. After inspection processing of the equipment, security VM160 acquisition records in the equipment, the equipment identifier of the Certificate (type ID, ID and device for version ID), for the application of the device identifier corresponding to the content of the data processing of the code.

Furthermore, the security VM160 set up as the host computer 140 of the virtual machine. Virtual machine (VM) is a direct analysis and implementation of intermediate language virtual computer. Virtual machine (VM) from the information recording medium 100 is read out in the middle of the platform does not depend on the order of the language code information, then analysis and implementation of the information.

Security VM160 used for obtaining recording in the information recording medium 100 includes the application information or the use of encrypted content 101 of the content code application program 105 data processing unit, according to the obtained content code 105 executing data processing.

Security VM160 security from a memory accessible to the VM memory b161 obtaining device Certificate (  Cert Device) or models/version (  Cert MV) Certificate information equipment such as, by the application of this Certificate to carry out equipment inspection processing, that is, in the device, type or version identifier processing of an inspection apparatus, according to the inspection equipment identification information from the information recording medium corresponding to the apparatus selected in the appropriate content code, then the code for the implementation of the selected content.

Furthermore, part of the content code is encrypted data, the encryption key for decrypting encrypted data stored in the memory and b161 in. Security VM160 application from memory b161 the key selected in the content decryption processing of code execution.

For example, the key will be used as device specific key specific to the device, a plurality of devices of the group of the group key, corresponding to the specific device type corresponding to the key or the type of the specific version of the specific type stored in the memory version key b161 in.

Furthermore, device specific key and group key includes a key tree having a hierarchical structure used in the information processing equipment from the corresponding blade of the most bottom layer node (leaf) to the top node of each path corresponding to a node of the node key. Each of the information processing equipment storage node key as a device-specific key with the group key. A later description details of the configuration of the key.

Code contained in the content in a decrypted in the case of the encryption code, the security VM160 from memory b161 unique key selecting device, a plurality of devices of the group of the group key, key or version the key as models node key, then the application of the selected key decryption of the content code. Furthermore, stored in the memory by later b161 of the encryption key in the details and the security VM160 the details of the implementation.

By the reproduction (player) application program 150 of the security VM160 security and the interrupt (INTRP) sequence VM160 (player) in reproducing application program 150 response (call) processing for reproducing (player) application program 150 and security VM160 sent or of information between processing request. Through the application of program 150 to the security VM160 security and the interrupt (INTRP) sequence VM160 (player) in reproducing application program 150 response (call) processing for information transmission or processing request.

Next, note the host computer 140 execution of main processing. Before in use, the implementation of drive 120 and the host computer 140 mutual authentication between. If the mutual authentication acknowledgement drive   120 and the host computer 140 is valid, then the encrypted content from the drive transmission to the host computer. Furthermore, in the host computer, implementation of the content decryption processing, using the above-mentioned conversion table and carrying out the data conversion processing, so as to perform a content reproduction.

Drive 120 data processing unit 121 implementation of when the use of content, from an information recording medium for reading data, the data is sent to the main computer processing, and the like carried out by the drive 120 and host authentication processing between.

The host computer 140 (player) reproduction of the application program 150 of the PC is executed in an information processing apparatus, the data reproduction (or recording) application program, according to a predetermined data processing sequences using PC hardware of an information processing apparatus, performing the processing.

The host computer 140 included in the host computer 140 and drive 120 to control or to transmit data between the mutual authentication processing data processing unit 151, the decryption of the encrypted content decryption processing unit 153, based on the conversion table 106 of the data registered in the data conversion processing of the data conversion processing unit 154 and decoding (for example, MPEG decoding) processing of the decoding processing unit 155.

In decryption processing unit 153 in, the application is stored in the memory 156 and a plurality of information from the information recording medium 100 is read in the data, to produce a decrypted content key, the encrypted content 101 performs the decryption processing. Data conversion processing unit 154 from the information recording medium 100 the data obtained in conversion processing program, application from the information recording medium 100 is registered in the conversion of the conversion table of the content data of the data of the replacement processing (re-write). Decoding processing unit 155 is decoded (for example, MPEG decoding) processing.

The device key (Kd), the mutual authentication processing or the decryption key information to the key information is stored in the information processing apparatus 150 memory 156 in. Furthermore, a later description of the details of the deciphering processing of the content. The device key (Kd) is applied in the processing of the MKB the key. Based on the MKB is only allowed to effectively permit stored in the information processing equipment of the user from the device key processing (decryption) to obtain as the content keys required to decrypt the media key key information block. The encrypted content is decrypted, information processing apparatus 150 application is stored in the memory 156 (Kd) the device key in processing the MKB. Furthermore, a later description of the details of the deciphering processing of the content.

2. Content management unit (CPS unit)

As mentioned above, in the information recording medium for storing the contents of the in, the unit distribution in the different conditions of the key of the encrypted content, then memory, in order to realize different to the unit of use of the control. In other words, the content into a content management unit (CPS unit), to the content management unit (CPS unit) in each of the independent encryption processing, so as to realize independent use management.

In order to use the content, first of all, the need to obtain the allocation of every unit CP   S unit key (also referred to as a title key). Furthermore, application of other necessary keys and for generating key information decryption processing sequence is executed based on a predetermined data processing, thereby to reproduce. In the below, reference Figure 2 shows that content management unit the arrangement of the (CPS cell).

As shown in Figure 2, with the content (A) index 210, (B) movie object 220, (C) play list 230 and (D) clip 240 of the layered structure. For example, when the designated reproduction by the application program such as the title of the visit of the index, designated and title, associated reproduction program, the selection is based upon the reproduction program specified by the program information designated for example, the content of the play list reproduction sequence.

Play list to be reproduced as data information of the play item. In the play list in the item designated by the play of the part of the reproduction of the clip information read out selectively as the actual content of the AV stream or order of data, thus carry on the AV stream reproduction and the execution of the order of. Furthermore, there are a plurality of play list and a plurality of play items, the play list is used as the identification information ID corresponding to the ID and play items in the play list each of the playing and a each of the items.

Figure 2 shows two CPS unit. These CPS unit stored in an information recording medium is formed in a part of the content. 1st content unit 271 and 2nd content unit 272 each is arranged to include as the title of the index, as a reproduction program file movie object, and as the actual content of the play list of the data unit of the AV stream file CPS unit.

1st content management unit (CPS unit) 271 including 1st title 211 and 2nd title 212, reproducing program 221 and 222, the play list 231 and 232 and clips 241 and 242. In principle, as contained in the two clips 241 and 242 in the actual data content of the AV stream data file 261 and 262 is at least the data to be encrypted, is set up as to employ the same as the corresponding to the 1st content management unit (CPS unit) 271 is title key of the encryption key (Kt1; also known as the CPS unit key) the encrypted data.

2nd content management unit (CPS unit) 272 includes 1st application program 213, reproducing program 224, the play list 233 and clips 243 as an index. The application as a 2nd content management unit (CPS unit) 272 is arranged corresponding to the title key of the encryption key (Kt2) to encryption as contained in the clip 243 in the actual data content of the AV stream data file 263.

For example, the user in order to carry out the content management unit corresponding to the 1st 271 of the content reproduction processing or the application program file, 1st to be obtained as with the content management unit (CPS unit) 271 is arranged corresponding to the title key of the encryption key Kt1, in order to carry out the decryption processing. In order to carry out corresponding to the 2nd content management unit 272 of the content reproduction processing or the application program file, the need to obtain 2nd content management unit (CPS unit) 272 is arranged corresponding to the title key of the encryption key Kt2, in order to carry out the decryption processing.

Figure 3 shows the arrangement of the CPS unit configuration and title key of the corresponding examples. Figure 3 shown as stored in the information recording medium in the use of the encrypted contents of the management unit CPS unit setting unit and applied to each of the CPS unit title key (CPS unit key) the correspondence between. Furthermore, may be set up to pre-stored CPS unit and follow-up data of the title key. For example, data unit 281 is a follow-up data.

Containing the title of the content exists, the application program and data of the CPS unit setting unit. Furthermore, the unit management table in the CPS CPS unit corresponding to the ID is set to the identifier of the CPS unit.

Reference fig. 3, for example, is entitled 1st 1st CPS unit. 1st at the decryption belongs to the   CPS unit 1 when the encrypted contents, title key Kt1 needs to produce and is executed based on the generated key Kt1 the title of the decryption processing.

As mentioned above, among the various unit is assigned a different key encrypted under the conditions stored in the information recording medium 100 in the content, then memory, in order to realize different to the unit of use of the control. For each of the content management unit (CPS unit) independent use management, set up and use the permission information (UR: use of the rules (  rule use)). As mentioned above, the use of the permission information is, for example, include content replication and reproduction control information (CCI) information, is included in each of the content management unit (CPS unit) of the encrypted contents of the copy restriction information or reproduction restriction information.

Furthermore, to be used in the information recording medium stores a plurality of information data processing in order to produce the title key. Detailed description of the processing of the later specific examples.

3. Comprising of distortion data of data structure of the content, and a SUMMARY of the data conversion processing

Next, containing of distortion data of note data structure of the content, and a SUMMARY of the data conversion processing. As mentioned above, included in the information recording medium 100 encrypted content in the 101 in, will be contained in the encrypted content 101 is a part of the data in the use of the content data with the correct replacement of the different data segments of the data. Therefore, because not only through the decryption processing of the content can reproduce the right, hence the need to use the registered conversion table to replace the converted data in the processing of the data segments in order to carry out the reproduction.

Reference fig. 4, stored in the information recording medium by the contents of the in and reproduction processing of the configuration of the outline. The films and AV (audio-visual) content is stored in the information recording medium 100 in. The later the following is a description of specific content reproducing processing: encryption these content, through the application of only the reproducing apparatus having a predetermined permission obtained in the processing of the encryption key to the encrypted contents, thus can reproduce the content. Encryption is stored in the information recording medium 100 in the content, the content has data to replace the deformation of the configuration of the content data.

Figure 4 show stored in the information recording medium 100 of the recording content in 291 example of the configuration of the. Recording content 291 includes undeformed normal content data 292 and as the deformation and the fracture of the data segments of the content 293. Through the use of data processing of the original content data segments broken to obtain 293. Therefore, when the application includes the content of the data segments 291 time, unable to carry out the normal content reproduction.

In order to carry out the content reproduction, the need to replace the normal use of the content data contained in the record content 291 the data segments in the 293 to produce the processing of reproducing content 296. Through from the recording in the information recording medium 100 in the content code 105 the conversion table in (FUT (Fix-up table)) 106 (reference Figure 1) a registered in the conversion of the 295 obtaining conversion of data, the data segments to the replacement processing of the data in the area, to reproduce the contents generated 296, for the reproduction of the conversion to the data segments corresponding to each of the normal of the area data of the content data (conversion data).

Furthermore, when the generated reproducing content 296 time, as the normal content data conversion data 297 replace the data piece 293 processing, and can be analyzed using a used for identifying a content reproducing apparatus reproducing or the content of the identification information of the application program (for example, device ID, type or version ID ID) data of the converted data is the identifier of the 298 to replacement recording content 291 of the partial region of the processing. For example, illegal copying of content in the case of leakage, can be through analyzing leakage in the content data is the identifier of the switch 298 to designate the cause of the leakage of illegal content.

Furthermore, the content may be through a specific between the data of the packets contained in the assigned as a conversion table containing conversion data of the conversion of the data item, to repeatedly recorded. In other words, the conversion data stored in the map 1 shown in the conversion table 106 in, also be recorded in the encrypted content 101 in, to carry out distribution. Therefore, repeatedly recording conversion data. Implementation of content reproduction of the information processing apparatus obtaining stored in the conversion table 106 of the conversion data in order to carry out the data replacement, or in a manner to assign in the content acquisition records in order to carry out the conversion of the data replacement items.

4. Content reproduction processing

Next, the reference Figure 5 shows that the host computer to execute the content reproduction processing. Reference to Figure 5, in the following order from the left side of the shown memory encrypted contents information recording medium 330, is provided with an information recording medium 330 and performing data reading drive 340 and is connected to the drive to the drive and to carry out data communication through the drive 340 is stored in the information recording medium obtained 330 in the content, then executing reproduction of the reproduction process of the host computer application program 345.

Furthermore, in fig. 5 the host computer shown in 345 in, reproducing is shown independently of each other (player) application program block 350 and with safety VM361 security of the VM block 360. In reproducing (player) application program block 350 in, out of the content decryption and decoding, data conversion processing, and the like. Security VM361 based on the recording in the information recording medium to the apparatus in the content code inspection processing program to carry out equipment inspection, in other words, using the device identifier, the type identifier or version identifier processing of the assigned equipment, security check code based on the implementation of the security check processing and on the basis of the conversion table of the conversion treatment of parameter calculation processing.

Information recording medium 330 comprising MKB (media key block) 331, title key block 332, encrypted content 333 and the content code 334 as a recording data. First of all, as previously the reference Figure 4 of the, encrypted content 333 is obtained from a conversion table for data replacement of a portion of the content thereof.

The content code 334 includes a content reproduction for verifying the player (reproduction apparatus) the effectiveness of the security check code of the procedure of registration 335 and in a predetermined region of the content of the substitute data corresponding to the conversion table the converted data (table Fix-up) 336. Host 345 in the processing of the MKB application from the device key 351.

In the below, note Figure 5 shown in the host computer of the 345 through the drive 340 is stored in the information recording medium obtained 330 in the content, then the content of the processing sequence of the obtained. First of all, the read is stored in the information recording medium 330 before the contents of in, in step S101 in, host 345 and drive 340 to perform mutual authentication. Mutual authentication is inspection host computer and the drive are valid equipment or application program software processing. Can be applied to a plurality of processing a mutual authentication processing sequence. Through the mutual authentication processing, drive 340 and host 345 sharing the shared private key for the session (session) key (Ks).

In step S101, and the drive of the host computer in order to perform authentication of each other between the shared session key after (Ks), in step S102 the, host 345 (player) reproduction of the application program block   350 through the drive access to recorded in the information recording medium 330 MKB331 in, through the application of stored in the memory, from the device key 351 to MKB331 from MKB331 performing the processing to obtain the media key (kilometer).

As mentioned above, (media key block) MKB 331 is according to known as the broadcast encryption method of the tree structure generated by key distribution method of the encryption key block. Furthermore, (media key block) MKB 331 is only allowed on the basis of stored in the device with effective permission in processing (Kd) the device key (decryption) and obtain as the key required for decrypting content media key of the key information block (kilometer).

Furthermore, in step S103 in, through the application in step S102 in the MKB of the media key obtained in processing and implementation (kilometer) from the information recording medium 330 title key document read out in 332 to obtain the decryption of the title key (Kt). Stored in the information recording medium 330 of the title key file 332 is a media key for the encrypted data file. The media key can be through for processing to obtain the title of the content decryption key (Kt). Furthermore, in the step S103 in the decryption processing in, for example, AES encryption algorithm application.

Furthermore, host 345 (player) reproduction of the application program block 350 through the drive 340 is stored in the information recording medium read 330 encrypted content of 333, and read track buffer (trace) 352 in order to store the content. Furthermore, in the step S104 in, the title key (Kt) application stored in the buffer 352 in decryption of the content, so as to obtain the decrypted content.

The decrypted content is stored in plain-text (plain   sentence) TS buffer 353 in. "Code TS" is meant the decryption of the plain-text transmission stream. In this case, stored in the code buffer TS 353 decrypted contents in that it includes the content of the above-mentioned data segments. Therefore, a predetermined data conversion should be carried out (through the rewrite of data replacement) by the reproduction the decrypted content.

In the step S105 in, security VM361 from the content code 334 change required data generated in the processing of the parameters and the like. Furthermore, in step S106 in, through the real-time event processor 356 support and the resumption of the control of the data conversion processing. Through the real-time event processor 356 control, reproducing (player) application program block 350 is contained in the content, according to the switching of the data segment of the request is outputted to the parameter of the security VM361 calculated as the interrupt (INTRP), then receives from the security VM361 parameter, through to the conversion table block for decryption or operation to obtain plain-text sentence conversion table block, contained in the obtained is obtained in the conversion of a multibyte the conversion of.

In the conversion for recording conversion data, i.e., (a) conversion of data, (b) setting conversion data identifier (judicial mark), and the conversion data in the content of the designated recording position of the information. In the step S106 in, reproducing (player) application program block 350 execution as with the content reproduction processing or an external output processing parallel for real-time processing of the data recorded in the designated position of the data conversion processing.

Security VM361 according to the content code is generated and output is applied to, for example, as is contained in the content data in the different parameters of each section. For example, in parameter (SP1, SP2, SP3, ... ) With each one a predetermined portion of the content of the data unit of the conversion of the section corresponds to an exclusive-or (XOR) operation on the condition of the parameter, step S106 in the resumption of the processing of the table are as follows.

[Conversion item 1] (XOR),

[Conversion item 2] (XOR),

[Conversion item 3] (XOR), ...

Through the implementation of the XOR arithmetic processing to obtain contained in the conversion table block the transitions in the data item. Furthermore, in the above-mentioned expression, assuming that (XOR) and A B the intention of the exclusive-or operation between.

Therefore, the recording in the information recording medium the content of 333 on parameters of the conversion (SP1, SP2, SP3, ... ) For the exclusive-or operation, then the memory. Subsequently, the security VM361 obtain the parameter and output.

In step S106 the restoration and data of table in the converting process, from the application parameter (SP1, SP2, SP3, ... ) Or operation of the decryption of the encryption processing is obtained by obtaining a converted in data conversion, use as is contained in the content in the conversion of the effective data is contained in the content data in the data segments of the, part of the contents data the replacement identifier conversion data is data rewrite processing, will be stored in the codes TS buffer 353 into the converted data in the data. The reference Figure 6 diagrammatically illustrate data conversion processing.

First of all, will be stored in the information recording medium in encrypted content of 333 stored in the host computer track buffer 352 in. (1) Figure 6 shows the track buffer to store the data 401. The performed by the decryption processing of encrypted content decryption as traces buffer to store the data 401, the decryption result data stored in the code buffer TS 353 in. (2) Figure 6 shown the decryption result data 402.

Decryption result data 402 is contained in the content comprises a non-normal data in the data-piece 403. Data of the host computer as the implementation of the conversion processing unit is contained in the content in the converted data in the correct data 404 replace the data-piece 403 processing. For example, as a re-write (rewrite) has been completed to the plain-text TS buffer 353 of the record of the part of the data in the data replacement processing.

Furthermore, in the host computer to execute data conversion processing, as shown in Figure 6, to be used as the normal content data to replace the converted data in the processing of the data segments is provided by the identifier and converting data 405 to replace part of data decrypted result 402 processing.

As mentioned above, can be analyzed identifier is used to identify content reproducing apparatus reproducing application program or the content of the identification information of the data. In particular, identifier contained in the used as is, for example, according to the implementation of the host application of the player identification information of the information processing equipment (for example, device ID, type or version ID ID) generated by the data in the identification mark, or ID. As mentioned above, data is an identifier by which the content is reproduced is not affected the level of correct change bit value of the content data of the data obtained.

The content is provided with a plurality of identifiers in the set conversion data 405, for example, through the overall analysis of the plurality of identifier set conversion data 405 to determine the device ID. For example, the device ID is unique to the information processing equipment of the identification information, an identifier can be set up through the overall analysis of the conversion of data 405 to designate the information processing apparatus. Identifier set conversion data 405 is produced by normal reproducing content can be the level of a normal content data change the bit of the data obtained. Furthermore, conversion of data set identifier 405 can be through the MPEG bit stream analysis to determine bit (identification mark forming bit) data.

In the memory in the information recording medium of the conversion table, registered with fig. 6 is shown in a plurality of conversion of data 404 and a plurality of set conversion data 405, is also registered with a its recording position information. Based on the information stored in the conversion table of the data conversion processing, using the picture 6 of in (3) conversion complete data 406 stored in the replacement code TS buffer 353 in the data.

Furthermore, the conversion complete TS (transport stream, transport   stream) output to the outside through the network, then the external reproduction apparatus reproducing. Alternatively, in the step S107 in, through the use of the demultiplexer processing (TS) from the transmission stream to the basic stream (ES, elementary   stream) conversion, then decoding processing (step S108) by display loudspeaker to reproduce.

5. Application security check code processing

At the beginning of the above-mentioned content before reproduction processing, the security VM361 stored in the acquisition memory of the information processing equipment (Figure 1 of the shown memory b161) Certificate in, the device Certificate (  Cert Device) or models/version Certificate (  Cert MV), is contained in the content code in the implementation of equipment checks code, in other words used in inspection apparatus, type or version of the program code, for the implementation of inspection of the corresponding apparatus, type or version of the processing, then select the appropriate or to the conversion table corresponding to the device after checking, type or version of the security check code to carry out the processing. Furthermore, if necessary, even though the content reproduction processing implementation, security VM361 also application security check code 335 implementation of the security check.

Security VM361 in the event processor 354 under the control of the is contained in the content code 334 security checks code 335 to carry out the authentication player (reproduction apparatus) the validity of the processing. Furthermore, as mentioned above, the conversion table (table Fix-up) 336 or security check code 335 arranged to be incorporated into a variety of codes so as to make it possible according to the player as a reproducing apparatus of the type to be carried out and processing.

Security VM361 by obtaining stored in the reproduction apparatus in a memory cell is used as the player information 335 of the device Certificate of the Certificate (  Cert Device) or models/version Certificate (  Cert MV) processing of equipment checks the execution of the identified equipment information, is contained in the content code from 334 security checks code 335 VM361 selecting and security of the information processing apparatus corresponding to the security check code, then the implementation of security inspection processing. In other words, corresponding to the identification information of the security check code or corresponding to the attribute information of the information processing equipment, and then based on the selected implementation of the security check processing.

In the security VM361 in the security check, if it is confirmed that according to the device information of the device allow to use the content of effective equipment and not to the external illegal output content, the reproduction of the content is performed.

According to the reproducing apparatus can be of the configuration and application program to request a different type of security checks. Therefore, the security check code is recorded in the content code as in corresponding to various apparatus or a group of codes of the application program.

Next, reference Description of drawings in the information recording medium for recording the content code. Fig. 7 shows memory in the information recording medium of the data directory configuration view. Will be stored in the information recording medium is roughly divided into data in the two data item. A is provided with includes the content management data, CPS unit key, the content use control information (CCI) and the content of the data associated with the content of BDMV contents, another is provided with comprises a security check code and BD content code conversion table of the   SVM contents.

The reference Figure 8 and 9 illustrate a detailed example of the directory. First of all, in the above-mentioned reference Figure 2 having a hierarchical structure of the contents stored in the information recording medium, according to fig. 8 is shown in the table of contents, for example, recorded as an independent file content code of various data or program to be stored in the information recording medium.

(A) Figure 2 in index 210 is 8 shown in the catalog of documents index.bdmv

(B) Figure 2 in the object 220 is 8 shown in the catalog of documents MovieObject.bdmv

(C) Figure 2 show the list 230 is 8 in the shown in the PLAYLIST directory of the directory to the file

(D) Figure 2 the film in 240 is 8 shown in the catalog of documents belonging to the CLIPINF directory STREAM contents of the document and, wherein, the documents and the CLIPINF directory STREAM contents of the file has the same number of documents, and corresponding to each other in pairs.

(E) other, for example, will store the voice data or FONT data AUXDATA file, stores the meta data (metadata) of the documents and MATA BD-J BDJO of the object stored in the information file is stored in a recording medium.

As mentioned above, will be contained in the memory in the information recording medium in the content of the data is part of the content data with the correct replacement of the different data segments of the data. Therefore, because only through the decryption processing of the content does not reproduce the right, therefore the need for registration of the data in the conversion table (conversion data) to replace the processing of the data segments in order to carry out the reproduction. In the replacement process, the application stored in the information recording medium in the content code, executed based on the conversion table (table Fix-up) the data is registered in the data conversion processing.

Also the conversion table and comprising safety inspection content code of the code as an independent file stored in the information recording medium. Figure 9 shows the table of contents is provided with the configuration of the content code. Figure 9, for example, is shown with the Figure 8 configuration of the table of contents in the contents of the AV content, produce code directory configuration.

As indicated above, content code including the security check code, and a conversion table used for equipment inspection code. As shown in Figure 9, will be stored in the information recording medium is stored in the content code in the catalog BDSVM a plurality of separate document in [nnnnn.svm]. Furthermore, the backup data as copy data in the directory BACKUP.

As shown in Figure 9, the content code file comprises the following types of files.

The content code file [00000. svm]: applied to the device, the type and version information of the code

The content code file [00001. svm] and [00002. svm]: selected code according to device information (for example, 00001. svm is type A code, 00002. svm B is model code)

The content code file [00003. svm]: does not depend on the equipment information processing (for example, the release of the content after the selling apparatus execute the 00003. svm disclosed in the default code).

For example, the content code file is classified into the following categories (a)-(d).

(A) a total of all content and all devices with the content code

(B) content unique content code

(C) device, models or versions of the content code

(D) content and the apparatus-specific content code (for example, device, type or version)

As applied to the identification information according to each inspection and hope that the implementation of content reproduction of information processing apparatus corresponding to the apparatus, model and version of the code of the inspection processing carried out by the device code of the apparatus, check, and as full content codes to set up a total of all devices of the content code. Information processing apparatus using the code to execute inspection type, version or device processing. As the inspection result obtained on the basis of the device information, from the information processing apparatus based on the above-mentioned (a)-(d) of each of the code corresponding to the information processing apparatus to conduct safety check of the security check code processing, based on the carry out, include corresponding to the information processing apparatus of data converting the conversion table of the content reproduction.

Furthermore, as the application memory in the information processing equipment device Certificate and the models/version of the Certificate is performed processing for checking comprises a device, the identification information of the model and version of the apparatus, check processing. Device Certificate and the models/version check Certificate for the Certificate of the right to use the content, content management of the management entity issuing device Certificate and the models/version Certificate.

The reference Figure 10A and 10B note device Certificate and the models/version of the example of the data structure of the Certificate. Figure 10A shown device Certificate data structure example, chart 10B shown type/version of the example of the data structure of the Certificate.

As shown in Figure 10A shown, device Certificate with a device Certificate size, device Certificate version, device manufacturers identifier, device identifier, signature date, device public key and electronic signature data.

On the other hand, as shown in Figure 10B shown, type/version comprising models/version of the Certificate the size of the Certificate, the Certificate type/version of version, the manufacturer identifier types, models identifier, version identifier, the identifier changes, signature date, device public key and electronic signature data.

Figure 5 the safety VM361 shown in from the information recording medium for read out in the processing apparatus checks the code (program) to carry out the authentication device Certificate and the models/version in the Certificate processing of at least one of the, check confirms that the effectiveness of the type of the after, version and device for at least one of in, and then to use the content processing of the code, for example, according to the confirmed information selection is used for safety checking to be applied, or the codes of the conversion table is selected.

For example, as using the device Certificate specific processing, security VM361 first device Certificate to verify the signature processing. For example, through the application of as implementing device Certificate signature of the entity public key of the management center to perform signature verification. As a management center's public key, can be applied pre-obtained, is then stored in the memory of the apparatus the public key in. Optionally, can be from an information recording medium or a network management center's public key.

If the signature verifies the validity of the Certificate without confirming the device, the stop comprising a data conversion of the follow-up content reproduction. If it is confirmed that the validity of the Certificate as the device, is selected to be performed by the security check code corresponds to the device. The Certificate can be obtained from the device for such basic information device manufacturers. Models or versions to the processing of the unit, carrying out to use the models/version of the Certificate processing apparatus checks.

Security VM361 and device Certificate to verify the validity of the Certificate type/version of the processing. If it is confirmed the validity, is performed with the information processing apparatus to obtain an application program, or the content of the identification information or corresponding to the attribute information, that is, from the record in the information in the Certificate of the manufacturer, type, version, or at the device or application program of the processing of the Serial number. According to the obtained information, the information corresponding to the selected safety check code, then the implementation of the code based on the selected safety check processing. Later reference flowdiagram description of the details of the processing sequence.

6. The encryption key of the information processing equipment and the distribution of the content code the configuration of the encryption and use

As previously stated, security VM361 based on the implementation of the recording in the information recording medium of the content code of the code of the security check in security check processing and processing based on the conversion table for use in the conversion of parameter calculation processing. In the processing, the security VM361 according to the reference Figure 1 the apparatus checks the code 108 executing application device Certificate or models/version of the Certificate processing apparatus checks.

Information processing apparatus for verifying device Certificate in the Certificate and models/version of the effectiveness of at least one of the processing. If it is confirmed the validity, then the information processing apparatus according to the Certificate of the recording information to determine the content of the information processing apparatus or the application program, selection information corresponding to the determined security check of the code, the code is executed based on the selected safety check processing, the use of a conversion table is calculated (table Fix-up) in data conversion processing of the converted content required parameter.

As mentioned above, in accordance with a conversion table in the implementation of the data replacement, the implementation of application (a) conversion data and (b) an identifier of the data conversion is the conversion of the (judicial mark).

The use of security check code implementation of the security check or accordance with a conversion table according to the data conversion processing is based on the correct device, type or version identification information of the contents selected by the implementation of the code processing. However, for example, when the unauthorized reproduction apparatus from another apparatus duplicating device Certificate or models/version of the Certificate, can carry out unauthorized use of Certificate information processing. If only determined on the basis of a Certificate verification of the information processing device corresponding to the device type, the type of the information processing equipment, version or the type of device, and on the basis of the content code implementation of the security check processing or data conversion processing, can be used instead of content usually require security checks. Furthermore, embedded content in the original set up the identifier of the conversion of data (the mark) can be changed into comprising not the correct device information data. Even if the tracking is embedded with the unauthorized device information of the content, will also produce tracking has been performed to the problem of illegal processing equipment.

Furthermore, for example, very strict requirement for a security check of the information processing apparatus, the PC may be copied only use relaxed security check can be used for reproduction of the content only device Certificate of the device, the device will be duplicated in the Certificate is stored in the PC. Furthermore, in the PC, through the application of the device for reproducing only the device Certificate to carry out equipment inspection processing. As a result, can be through the implementation of the relaxed security check to use the content.

Therefore, if the information processing apparatus does not provide the correct device information (device, model and version of one of the identification information), the illegal use of content, and it is difficult to maintain the tracking of the illegal use. In other words, if the providing is not the correct equipment information, can not be carried out correctly security checks, based on the conversion table is not able to carry out the correct data conversion, is not able to correctly perform the content embedded device information (device, model and version of one of the identification information). Now note prevent the disposition of such illegal acts.

In other words, configuration described as follows: even if when the apparatus offering the unauthorized when the apparatus information, it is also able to select corresponding to the correct each apparatus of the content code, so as to use the information of the content processing apparatus or a reproducing application program corresponding to the normal safety inspection processing, even in the application of the above-mentioned conversion table in the data conversion processing, can also be the implementation of the correct embedding of the apparatus information.

In this example, in order to is selected and executed in the information processing apparatus corresponding to a content code to correct, for the implementation of a plurality of content reproduction of each of the information processing equipment according to the specific one of the allocated a set of rules specific encryption key. Furthermore, the recorded in the information recording medium, the content of the security VM implementation at least a portion of the code known as the application of the information processing apparatus the encryption key distribution of the encrypted data. In the below, note distribution encryption key of the configuration and processing example.

First of all, the reference includes Figure 11 of stored in the information processing equipment Description of drawings in the configuration of the encryption key. Key management centre to the information processing apparatus which performs content reproduction of encryption key information processing apparatus. Key management center in the registration information to be allocated for the purpose of encryption key on the ground. Device identifier, type identifier and the version identifier corresponding to the information processing apparatus. As mentioned above, is the device identifier for each of the information processing device-specific identifier.

The type identifier is set as belonging to the same model of a plurality of apparatus (information processing apparatus) a total of.

The version identifier is different versions of the same type of the identifier. For example, assume that exist A version of model 1 and model version A 2, corresponding to the various version is provided with an independent version identifier.

Key management center to maintain and manage the identifier of the information processing equipment and distributed to these encryption key of the information processing equipment of the registry correspond to each other. On the other hand, the information processing apparatus sends the various key data or other Certificate data stored in the reference Image 1 note memory b161 in, various key data includes as a device unique key device-specific key, a plurality of devices of the group of the group key, corresponding to the specific device models types of the key and corresponding to the specific types of specific version of version key. Key management center, for example, manufacturer-assigned the data, then, in the manufacture of the information processing apparatus to record in the memory.

Figure 11 includes a key management center is assigned to key of the information processing equipment of the view of the data of the information. The key management center distribution of the information processing apparatus in the data of each of the as shown in Figure 11 are roughly divided into three kinds of data item. In particular, is (a) corresponding to the device and series of data, (b) types of/version packet and (c) key management center public key. In the below, note corresponding to the types of data.

(A) corresponding to the device and data of the group by the

And manufacturing LSI or reproducing the information of the content processing device of the provided correspondingly to the manufacturing entity with key [device manufacturing entity key (manufacturer key)] as a vertex key tree. From a vertex or branch point (node) start, "N" is (in Figure 11 is shown in the example n=256) the most bottom layer key. For example, immediately following the is located at the apex of the key tree device manufacturing entity key the following key is used for the device manufactured and sold without the manufacturing entities to the equipment or the LSI classified according to the group. In the group for each set of G1-1-G1-256 that is, 256 different group key G1.

Furthermore, the cipher key is used for the 3rd stage G1 layer in each of the further classification, to set G2-1-G2-256 × 256 key, in other words 2562 different group key G2. Subsequently, in a 4th-stage, the group G2 in each of the is further classified as 2563 different group key G3. Furthermore, in the 5th stage, set 2   564 different the bottom node (blade). For each device of each of the nodes, is provided corresponding to each of the device specific key.

Each device has: corresponding to the top-level node device manufacturing entity key; used as corresponding to the device corresponding to the one of the most bottom layer node (blade) of the device specific key of the key; and corresponding to the device and from the vanes to the top node of the nodes on the path of the corresponding key, in other words group key (corresponding to group G1, G2 and G3 of the key).

For example, in fig. 11 in a layered structure is shown, the bottom blade to the corresponding to the left part of the group key device G1   501, and not to the right half part of the blade corresponding to the group key device G1   501. Furthermore, in fig. 11 in a layered structure is shown, the bottom blade to the left corresponding to a quarter of the device key distribution group G2   502, but not to the corresponding to the bottom blades of the other three quarters of the device key distribution group G2   502. Therefore, different set assigned to each device a group encryption key. Furthermore, each device is allocated device and special key as corresponding to the device for storing a public key of the public key Certificate of the device Certificate. Device Certificate has the above-mentioned reference Image 10A and 10B the data structure of the note.

Furthermore, in the Figure 11 of the (a) is shown in relation to the top layer of the hierarchical structure of the blade is provided with a pair of nodes to the key known as the group of keys and layered key or node key. Furthermore, examples of the layer classification is merely examples. For example, a recipient can be set according to the permission, platform, sales areas or manufacturing data to carry out the group classification.

As corresponding to the device for storing a public key of the public key Certificate of the Certificate device for storing a device identifier. Each player has a different device identifier (ID). For example, the value 0x00000000 to 0xFFFFFFFF is set as corresponding to the device ID of the device.

(B) type/version packet

In the information processing equipment, also stores included in Figure 11 of the (b) the type/version shown in the data of the packet. Type/version packet containing the following data.

(B1) types of key

(B2) version key

(B3) type/version private key

(B4) type/version Certificate

Types of key is corresponding to the information processing apparatus of the specific type of key data, the key is the version corresponding to the information processing apparatus of the specific version of the key data. Type/version special key and the models/version of the respectively corresponding to the certificates in the public key encryption with public key stored in the system and the private key of the public key Certificate. These is set as corresponding to each of the information processing equipment of the type/version unique key information. Type/version Certificate storing the above-mentioned reference Figure 10 the data of the note.

The models/version Certificate configured for DWV ID=X, version ID=Z ID=Y and deformation is the code corresponding to the Certificate.

If models/version of the Certificate has a different X, Y and Z value , then the type/version of the Certificate is set up as the different certificates. Furthermore, deformation ID (Z) is that when such as updating firmware or reproduction application program without updating device updated by hardware when the code. When the information processing apparatus executes the firmware is updated, the information recording medium through the network or more new models/version more certificates as new result information processing apparatus.

As mentioned above, when the embedded identification information (the mark) to the designated device, through the model number key, version key and the models/version of the device and the unique Certificate key and the device Certificate, can prevent incorrect identification information is embedded.

Furthermore, by independently management and Figure 11 a (a) shown in the Figure and the device and group 11 of the (b) the type/version shown in the data corresponding to, for example manufacturing factory can be assigned, in accordance with the embedded LSI manufacturer is provided with different LSI device and the value of the group corresponding to the data, and other components through assembling the LSI is manufactured by manufacturer of the information processing equipment   (digit caption) embedding models/version packet.

Therefore, for example, even if the LSI is intercommunity the, models or versions may also be changed. In this case, because the digit caption only need to be embedded is embedded with the different types of the key the value of the, so does not need the digit caption different in each device ID is embedded in the. As a result, the burden of the digit caption is reduced. Furthermore, even if the models or versions change, use can also be purchased from the LSI manufacturer of LSI, the LSI does not need to be adjusted. Because of the reason, the same is not always stored in the physical memory with diagram 11 of (a) the device and set as shown in Figure and 11 of the (b) the type/version shown in the data of the corresponding pocket, and can be stored in a separate memory.

Therefore, fig. 11 of the (a) group in the key (layered key, node key) is set to be a designated predetermined classification key of the device, and Figure 11 a (b) the type of the key and in the version according to the key is of the so-called information processing apparatus (for example, is used for reproducing the optical disk reproduction apparatus) of the "model number" key. These key does not need to correspond to each other.

(C) key management center public key

Furthermore, in the information processing device storing the above-mentioned (a) and (b) data, also stores Figure 11 of the (c) in the center of key management of the public key (KIC). For example, when the information processing apparatus authenticated key management center to the signature of the content code, using the public key.

Figure 12 show stored in the information processing apparatus of the configuration of the data in the memory. As shown in Figure 12, information processing apparatus stores the following data (1)-(12).

(1) device manufacturing entity key (  Key Manufacturer)

(2) 1st group key (Group1   Key)

(3) 2nd group key (Group2   Key)

(4) 3rd group key (Group3   Key)

(5) device-specific key (  Key   Specific Device)

(6) device-specific key (  Key   Private Device)

(7) key types (  Key#X Model) #X

(8) version key #Y (  Key#Y Version)

(9) the type/version special key (  Key   Private Model/Version)

(10) device Certificate (  Cert Device)

(11) type/version Certificate (MV_CERT (X, Y, Z=Y) (Model/VersionCERT))

(12) public key key management center (KIC   Key   Public)

In the above-mentioned data, needs to be closed to store in addition to device Certificate, the Certificate type/version of the public key and key management center of the data (1)-(9) in order to prevent the data-leak, will be stored in the safety in the memory thereof. Does not need to prevent the device Certificate, the Certificate and models/version of the public key of the key management center leakage.

Figure 13 shows that the above-mentioned reference Image 11 of the key management center of the note data distribution and the above-mentioned reference pattern 12 of the note data storage of the information processing equipment of the view of the correlation between the. As shown in Figure 13, the following data (1)-(6) as the device and data of the group by the corresponding to (a), stored in the secure memory.

(1) device manufacturing entity key (  Key Manufacturer)

(2) 1st group key (Group1   Key)

(3) 2nd group key (Group2   Key)

(4) 3rd group key (Group3   Key)

(5) device-specific key (  Key   Specific Device)

(6) device-specific key (  Key   Private Device)

Furthermore, the following data (7)-(9) as comprising the size/version of the packet (b) in the data stored in the secure memory.

(7) key types (  Key#X Model) #X

(8) version key #Y (  Key#Y Version)

(9) the type/version special key (  Key   Private Model/Version)

Furthermore, as the security is not required the data stored in the memory, the following data (10)-(12) stored in the memory of the information processing apparatus.

(10) device Certificate (  Cert Device), its contained in the corresponding to the device and series of data (a) in

(11) type/version Certificate (MV_CERT (X, Y, Z=Y) (Model/VersionCERT)), comprising in comprising in in the bag type/version (b) data

(12) public key key management center (KIC   Key   Public), its contained in (c) of the public key of the key management center

Initially, these key and a Certificate information is stored in the information processing apparatus in order to offer to the user. Furthermore, as mentioned above, for example, when the update firmware or reproduction application program the hardware does not update the device, the information recording medium through the network or more new models/version more certificates as new result information processing apparatus.

In this case, as shown in Figure 14, the updated models/version management center through the cipher key Certificate provided to the user or manufacturer of the information processing apparatus. For example, when the updating of the models/version of the Certificate recording in the memory content when the information recording medium, information processing apparatus to read out the content, then the implementation of the information processing apparatus is recorded in the replacing of the Certificate. Alternatively, for example, through the network can be used to download the Certificate is a Certificate updated Certificate to replace.

The deformation of the by reference to the Certificate ID (Z) models/version Certificate to check whether it is the updated Certificate (reference Figure 10A and 10B). For example, the upgrade each time, deformation of the increased ID (+ 1). Deformation by reference ID, updates the status of the Certificate can be checked.

For example, the use of information processing devices/version of the Certificate under the situation of the device, stored in the inspection in the memory of the information processing equipment of the type/version certificates to check update state. According to the update state, the security check can be carried out accurately the choice of the code or a conversion table.

Manufacturing information processing apparatus or set up in the information processing equipment manufacturing various devices of the LSI each of the entities can be independently setting up the above-mentioned reference Figure 11 and 13 of the (a) corresponding to the device and series of data and (b) the type/version. The reference Figure 15 and 16, note each device manufacturing entity key data of the example configuration of settings.

Figure 15 shows a manufacturing entity of each device is set up independently [(a) corresponding to the device and series of data] example. For example, device manufacturing entities, including the manufacturer of the DVD player, is arranged in the DVD player of the LSI manufacturers and reproducing the manufacturer of the software application program. Device manufacturing entity in each of a predetermined number of defined corresponding to the device ID of the device, for example [0x00000000-0xFFFFFFFF], corresponding to the ID of the device tree structure blade, from the vanes to the vertex on the path as the key and a Certificate is stored in each device key. As mentioned above, on the path of the key and a Certificate includes the following data.

(1) device manufacturing entity key (  Key Manufacturer)

(2) 1st group key (Group1   Key)

(3) 2nd group key (Group2   Key)

(4) 3rd group key (Group3   Key)

(5) device-specific key (  Key   Specific Device)

(6) device-specific key (  Key   Private Device)

(7) device Certificate (  Cert Device)

Figure 1   5 shows device manufacturing entity (manufacturer) 1-N. "N" device in manufacturing entities can be provided with each of the above-mentioned (1) device manufacturing entity key (ManufacturerKey)-(7) device Certificate (  Cert Device) stored in the data as the data in the information processing apparatus. In this case, in the information processing equipment, as a device to the manufacturing entity registered by the setting of the quantity of the number which is the same as (1) device manufacturing entity key (  Key Manufacturer)-(7) device Certificate (  Cert Device) of the data is stored in the memory.

Similarly, each device manufacturing entity can also independently provided [(b) type/version packet]. Figure 16 shown device manufacturing entity (manufacturer) 1-N. As shown in Figure 16, for "N" manufacturing entity can be arranged each of [(b) type/version packet] as the storage of the data in the information processing equipment.

As mentioned above, (b) types of/version packet comprises the following data.

(1) types of key #X (  Key#X Model)

(2) version key #Y (  Key#Y Version)

(3) models/version special key (  Key   Private Model/Version)

(4) type/version Certificate (MV_CERT (X, Y, Z=Y) (Model/VersionCERT))

Furthermore, each device manufacturing entity independently set contains the above-mentioned data packet.

As shown in Figure 16 the device manufacturing entities in (manufacturers 1) is shown, each device manufacturing entity (Manufacturer) according to the device manufacturing entity is the type of device (X) and (Y) but of a different size/version packet. Storage in the information processing equipment information processing apparatus corresponds to package the type/version of the packet data.

Furthermore, the information processing apparatus can be provided by the digit caption of the type/version package and is set in the information processing equipment provided by the manufacturer of the LSI of the type/version of a package type/version package is stored in the information processing equipment. In other words, in the information processing device, the manufacturer of the information processing apparatus, such as the manufacturer of the components or digit caption plurality of different device manufacturing entity corresponding to a set of independent key stored in the memory. When the decrypting the content code, is used as the information processing apparatus of data processing unit from the VM corresponding to the security of the content code performed by the selection device corresponding to the manufacturing entity key centralized selection key, then the application of the selected key is contained in the content code decryption processing is performed on the data.

Furthermore, key management center generates the key data or Certificate data, provided to the device manufacturing entity. The reference Figure 17, now state that is generated in the key management center key data and Certificate data processing. Figure 17 shows (a), (b1) and (b2) produce the data shown in the three examples.

Figure 17 a (a) and corresponding to the device shown in the example of the data. First, the key management center through the use of, for example, a random number generation processing with the number of the device corresponding to the device specific data, then make the data generation unit 521 carried out in order to the device specific data as the input value of the data processing, thus generating device specific key and containing device Certificate and apparatus for the proprietary key [(a) corresponding to the device and series of data].

(B1) shown to produce (b) type/version of the example of the bag. First, the key management center through the use of, for example, the random number generating process to generate models/version of the corresponding to the number of specific data, then make the data generating unit 522 for the implementation of the specific data as the input data processing, thus produced containing type key, version key and the models/version of the Certificate [(b) type/version packet].

(B2) containing is shown in (b) in the bag type/version of the Certificate type/version of the example of the data after being updated. First, the key management center through the use of, for example, a random number generation processing to produce with the updated models/version corresponding to the specific data, then make the data generating unit 523 carried out in order to the specific data as the input value of the data processing, so as to produce the updated Certificate of the type/version. Furthermore, the updated models/version of the Certificate is recorded with the recording medium after updating of the models/version updates the deformation of the increase in the ID " 1 the obtained [...] the deformation of the data structure of ID. Through the network or the disc (disc) as a recording medium to the information such as the information processing device user equipment to provide the updated Certificate of the type/version, so that the type/version of the updated Certificate replacement have been stored in the information processing apparatus of the type/version updates Certificate.

First of all, as previously the reference chart 1, note, will contain key management center distribution of the information processing apparatus of data sets of key information is roughly divided into the following three kinds of (a)-(c).

(A) corresponding to the device and data of the group by the

(B) type/version packet

(C) key management center public key

In (a)-(c) in, (c) key management center to the public key used for verification of the electronic signature of the content code. In other words, (c) key management center for verifying the public key stored in the information recording medium is not change whether the content code to the authorized code.

Reference fig. 18 is the content code example of an electronic signature. Key management center (KIC) implementation of fig. 18 shown in a step S201 of the processing. Key management center including equipment check code input (KIC), security check code or a code conversion table, such as the processing of a document of the various content code [000xx. svm]. These code is the content provider or device manufacturing entity generated by the various entities such as documents. The input content key management center code file (KIC), to verify that the content code file, in the document is generated and each of the output application key management center (KIC) of the private key signature. In the output, the content code file for each set of signature.

In the information processing apparatus from the information recording medium in and read out the content code executes various processing under the condition of, information processing device first to carry out the authentication to the read content code processing of an electronic signature of the file. Application key management center public key executing the processing. Only when the through the verification confirm the content code is not change the authorization code, included in the document execution of the application in the processing of the content code.

Various ways may have been set up to grant of the signature. The reference Figure 19 an example of the signature by grant. Figure 19 shows the content code file [00000. svm] is an example of the signature. As the input of the content code file is a content provider or device manufacturing entities, documents generated by the various entities. Pre-division of the file into a 2 megabyte blocks of the data unit. Furthermore, for the 2 megabyte for the data units of each of the block, the empty data (dummy   data) recorded in the file area as storage of the signature.

Key management center including null data input (KIC) of the content code file, each 2 megabyte data to verify content code file, the 2 megabyte in a block of each of the generating and outputting the key management center (KIC) of the private key signature.

In the information processing apparatus from the information recording medium in and read out the content code executes various processing under the condition of, the first information processing apparatus to carry out the authentication of the document read by the content code of the area of the processing of an electronic signature. Application key management center public key executing the processing. Only when the through the verification confirm which belongs to the document using the content code is not the data of the area of the alteration of the authorization code, the execution of the application in the area of the document including the content of the processing of the code.

The reference chart 20 read the content code file by the specific data area and the information processing apparatus is the implementation of the signature verification processing in the specific example. Figure 20 a (1) stored in the information recording medium shown in the content code. Here, shown two content code file [AAAAA.svm] and [BBBBB.svm].

Figure 20 a (2) shown arranged to read out the information recording medium of the information processing apparatus in a storage area, in particular, can use the above-mentioned reference chart 1 VM160 the security of the VM storage area as storage space. Security VM executes a content code processing. When the read out from the information recording medium of the designated content code of the specific area, security of the VM (CALL_LoadContentCode) of the file data as a content code reading of the function of the execution of the order, this is the predefined code read command.

The content code read command file data (CALL_LoadContentCode) is, for example, include the following order of specified information.

UINT8   ntcode   conte: the content code (=AAAAA) document number

UINIT32   block: in the content code file block number = 2

UINT32   Offset: in content code to the position of the loading block

UINT32   len: the loaded code length of the file the content of the

UINT8^* dstPtr: VM loading the destination memory address

The content of the information comprises the designated code file data reading the execution of the order (  Code   Content CALL_Load) function, will be located in a predetermined content code file data in a predetermined area of the memory area of the loaded into the VM.

Furthermore, when in the loading, the implementation of signature verification. For example, document loading content code of [AAAAA.svm] 2nd block of the specific processing sequence is as follows.

(Step 1) document AAAAA.svm 2nd block to the head of the

(Step 2) to visit block signature verification

(Step 3) from the offset byte of the block corresponding to the loaded loading starting at the location of the content of the byte code file length (len), then copied to the same memory address from the VM (^* dstPtr) VM to space of the memory area of the

Through the processing step, the implementation and data loading for signature verification. Furthermore, if the signature verification data change is judged to be possible, loading processing is not performed and the processing of the content code.

Next, the reference Figure 21, stored in the information recording medium by the content code in the encryption. First of all, as previously the reference Figure 9 the note, the content code document is divided into the following four kinds of (a)-(d).

(A) a total of all content and all devices with the content code

(B) content unique content code

(C) device, models or versions of the content code

(D) content and the apparatus-specific content code (for example, device, type or version)

Each content code will be used as an independent file stored in the information recording medium, or the whole content code as a file to be stored in the information recording medium. Various types of the content belonging to the entity of the code can be different. For example, as a content of the room corresponding to the manufacturer (b) the content of the specific data content code. Furthermore, manufacturing reproducing apparatus or reproducing application program entities produced in many cases (c) device, the unique data models or versions.

Therefore, the reference Figure 21 shows that until the different entities of the content code is stored in the information recording medium of the sequence. Reference fig. 21, [00000. svm]-[ 00003. svm] representing different entity, in other words, the production of content and editing studio, production Company apparatus or a reproducing application program and the manufacturer or in the information processing equipment component such as the LSI is generated by the manufacturer of the content code file 551.

These content code file [00000. svm]-[ 00003. svm] with assuming that the use of models/version/device-specific key, in other words the above-mentioned reference Image 11-13 has node key of the note (group key or device specific key), types of key or the version of the content code key to encrypt a part of the content code of the preparation.

Furthermore, generating content code file [00000. svm]-[ 00003. svm] with the encryption of the content code of the configuration information of the configuration information of the encrypted content code 552, then encryption configuration information content code 552 and the generated content code is sent to the key management center. As shown in Figure 21, the encryption configuration information content code 552 including the identification information as a content code corresponding to the contents of the data of the code number, encryption of the encryption section and apply to the information to the designated information cipher key.

In the key management center, from various content code to the entity receiving the generated code execution in the content of encrypted configuration information based on the content code 552 encryption. In other words, the key management center selection according to the content code encryption configuration information 552 designated device manufacturing entity key, group key or device specific key or key type key or version of the key, the encrypted configuration information according to the content code 552 designated by the content of the encrypted code of the designated portion.

Therefore, generating Figure 21 shown in completed content code encryption of 553. The encrypted content code completion 553 is sent to the as the information recording medium manufacturing entity of the disc factory, then be recorded in the disc. Furthermore, also the encrypted configuration information content code 552 is transmitted to the disc factory, then be recorded in the disc. Furthermore, the content code can be encryption configuration information 552 contained in the form of the data in the content code, so as to record it in the information recording medium, or in the information recording medium as a unique independent file recorded.

Figure 21 shown as encryption complete content code 553 of the four content code file [00000. svm]-[ 00003. svm]. In the content code each comprise a part of the encrypted encrypted data. For example, encrypt the application encryption key is device manufacturing entity key, group key or device type key or unique key or version key, encrypted application configuration information according to the content code 552 of the selected key implementation of encryption.

For example, assume that application Figure 11 a (a) shown in the key of the group G1   501 encryption of the content code file 00000. svm, only a group key G1   501 device can decrypt the encrypted data. Therefore, only with the corresponding to the Figure 11 shows the hierarchical structure of the blade in the bottom of the left half portion of the device corresponding to the device can use the content code 00000. svm the encrypted data. Because of the vane corresponds to the bottom of the right half part of the device is not has the group key G1   501, it would not be able to use the content code 000   00.svm the encrypted data.

In the same way, for example, assume that application diagram 11 of the (a) group key shown in G2502 encryption of the content code file 00001. svm, only a group key G2   502 device can decrypt the encrypted data. Therefore, only with the Figure 11 shows the hierarchical structure of the blade in the bottom of the left corresponding to a quarter of the device can use the content code 00001. svm the encrypted data.

Therefore, because application group key Gn or device specific key, secret key encryption type keys or version of the content code, can be limited and the use of the content code can decrypt the number of the device. As mentioned above, the content code is used for safety checking the safety check code and applied to the content of the conversion table data conversion. Furthermore, can be set to only the particular device implementation of security inspection processing or data conversion processing.

Therefore, in the application from the other device, for example, by copying device Certificate or models/version of the Certificate is a Certificate of unauthorized under the condition of the apparatus, check, because the content code includes only stored in the Certificate can be used for the information processing apparatus in the data decrypted key, therefore, even if access information corresponding to the device in order to carry out the specific content code equipment inspection processing, nor can decrypt content code. In other words, even if the implementation of the application of the apparatus, check, Certificate, information processing apparatus also does not include the key corresponding to the Certificate, that is, device manufacturing entity key, group key Gn or device specific key, types of key or version key, therefore, can not decryption of the content code. As a result, illegal use can be prevented with the unauthorized Certificate of the designated apparatus information corresponding to the particular content code.

Next, the reference Figure 22 shows that the content of the information processing device executes code processing. Implementation of content reproduction of data processing of the information processing equipment of the security of the VM obtains recorded in the information recording medium comprising a data processing program in the content-code, based on the content code to execute data processing. As mentioned above, application device manufacturing entity key, group key Gn or device specific key, types of cipher key in the cipher key and version of encrypted content to any one of at least a portion of the code.

Security VM obtained and is applied to the decryption of the content key in said specifying information and stored in the information recording medium from the data in the content code of the encrypted data is set in the position of the position specifying information of the encryption data, from the memory according to the obtained information application chooses to the key, according to an encryption data position specifying information designated to be decrypted data, application of the selected key performs the decryption.

Figure 22 shows the security VM652 view of the processing to be carried out. Security VM652 stored in an information recording medium is read out in the content code, then proceed to processing. Security VM652 from the information recording medium by the read out the security code is stored in the content of the memory of the VM 651 to executing the processing.

Furthermore, in the device storage key 650 in, key management center (KIC) shown in the above-mentioned reference map allocated 11-13 key of the note, that is, device manufacturing entity key, group key Gn or device specific key, key types, version key, device Certificate and the models/version Certificate.

First of all, in step S251 in, security VM652 stored in the security of the VM from memory 651 memory stores data in 661 for acquiring a content code to be processed is set in the encrypted key data 662. Furthermore, security VM652 from the contained in the content code or other data files in the recording of the data in the key designation information obtained from the player storage key 650 to choose to apply to in encryption key data 662 decrypting the key. Key designated information is according to the above-mentioned reference Figure 21 the configuration information of the encrypted content code 552 recording in the information recording medium of the information.

In this example, assume that the key designated information is used for the designated key ID=4 that is, device-specific key information (Device_Specific_Key). Security VM652 according to the key designated information [key ID=4] from the device storage key 650 (Device_Specific_Key) selecting device-specific key, the encrypted key data 662 performs the decryption processing.

As a result of the decryption process, a portion of the content code obtained by encrypting the original encryption key is obtained by. Furthermore, in step S252 in, security VM652 application obtained original encryption key decrypted corresponding to the content code of the input data of the encrypted portion 663, the decrypted result as output data 664 security VM stored in the memory 651   in. Because this processing, the information processing apparatus can be used for the unique content code, for example.

Furthermore, the security of the VM implementation of content reproduction of the reproduction processing of the application program (player) and interrupt (INTRP) sequence for reproducing (player) of the security of the application program (call) acknowledgement of VM processing, the implementation of security VM652 processing. For example, the following function is performed by invoking the deciphering processing of the content code.

CALL_AES (output destination address, input data address, AES processing block number, key address, key ID)

The function used for making by using the key ID (Figure 22 ID=4 in) the designated player key private key pair held by the designated address of the 128 bit value (Figure 22 an encryption key data 662) for decryption, by using the decryption key decryption results as to the beginning of the address from the input data processing blocks AES × 16 bytes corresponding to the data is decrypted, the decrypted in the data output to the output destination address. As mentioned above, using the device key unique embedded identification information. Therefore, even if the embedding 2nd to 1st device identification information of the device, device is not 1st 2nd Device_specific_Key of the device can be obtained, therefore, cannot perform decryption 2nd device data. As a result, because it could not be designated another device identification information, the predetermined device can be reliably specified.

Next, reference Figure 23 indicate the other information processing device to execute a content code processing. Figure 23 shows an application device storage key 650 the device in special key signature processing view.

In step S272 in, security VM652 for example employ SHA-1 Hash (harsch), such as is stored in the safety function the memory of the VM 651 memory stores data in 671 input data 672 Hash value of. Furthermore, as the calculation of the step before Hash value of step S271 in, can increase player information or media information. Furthermore, in step S273 in, from the device storage key 650 device-specific key obtained in, Hash value on the electronic signature,   EC-DSA algorithm is executed based on, for example, electronic signature, the signature of the data as the output data 673 security VM stored in the memory 651 in. Later, output data 673, then the implementation of the content code signature verification is performed, therefore, it is possible to verify the validity of the information processing apparatus. In the above description, even if the is set to the key EC-DSA, can also be set up by the RSA to the key of the RSA signature.

Furthermore, for example, when the security VM652 the following function call, the implementation of signature setting processing.

CALL_Private_Key (output destination address, input data address, to the signature length of the data, option designated, key ID)

This function is used for the address extracted from the input data corresponding to the data of the data length of the signature, by using SHA-1 for a byte row increase the designated media/player the option of the information is converted to Hash value, used for making the device's own private key signature as a result of the conversion, then record in the output destination address.

As noted above, in using the stored in the information recording medium of the information processing equipment of the content, in addition to storing the above-mentioned reference Image 11-13 key management center of the note (KIC) distribution device manufacturing entity key, group key Gn, device specific key, key types, version key, and the models/version of the device Certificate from Certificate, key data and also stores a Certificate data. Information processing apparatus using content code, by selectively the application of these key encryption processing to set the signature. Through the selected because will include the unique key encryption of the data part of the content code is stored in the information recording medium, only stores the unique key of the selected specific equipment can use content code.

Next, the reference Figure 24 and 25 in the information processing apparatus using content code in the processing sequence. Figure 24 shows the application device Certificate (  Cert Device) and models/version Certificate (  Cert MV) equipment inspection of the flow chart of the sequence processed, Figure 25 shows by selecting corresponding to the models/version of the conversion table (table Fix_up) and safety inspection code sequence of the flow chart of the implementation. Figure 24 and 25 of the two flow-chart is in Figure 1 shown in the security of the VM   160 of the processing executed by the, by means of the read-out is stored in the information recording medium to a content code in the implementation of the processing.

As the application is contained in the content code of equipment checks code to carry out the processing of fig. 24 shown in the device inspection processing. For equipment inspection processing of the code comprises the following function, security VM implementation of the code.

[Call_Discovery]

[Call_PrivateKey]

Function used for making the inner from the information processing apparatus obtaining device in a memory of the type/version of the Certificate or certificates, in order to carry out the signature verification processing.

Furthermore, as mentioned above, function is used for the address extracted from the input data and the length of the signature corresponding to the data of the data, so that the device's own private key signature in order to record the same in the output destination address.

Next, according to fig. 24 in that the process of the apparatus of the information processing device executes the process of inspection process. First of all, in step S301 in, begin processing the content code (here, equipment inspection processing). Furthermore, in step S302 in, security processing apparatus checks whether the VM code is included in the implementation of the carrying out the call and verification device Certificate processing function. If the judged to include the Certificate verification device for carrying out the call and the function of the treatment of, function is performed. Furthermore, in step S303 in, the memory from the information processing apparatus obtaining device Certificate (  Cert Device). If it is determined that the call does not include the implementation of the device Certificate and verify the function of the processing, the processing to the step S308.

In the step S303 in the memory from the information processing apparatus obtaining device Certificate after (  Cert Device), in step S304 in, as stored in the information processing apparatus for use in the memory of the key management center of public key signature verification processing to carry out the authentication of the device Certificate (  Cert Device) set in the processing of the signature. If the signature verification failed to recognize the effectiveness of the device Certificate, the processing stop.

In the step S303 in, if the signature verification confirm the validity of the Certificate as the device, to the processing of the step S305. In step S305 in, is contained in the content code in the implementation of the function. In other words, the use of information processing device of the special key implementation of the information processing apparatus generates random number or from the information recording medium the signature of the data read processing. Furthermore, in step S306 in, verification generated signature. Through the application of from confirmed the effectiveness of the device obtained device Certificate public key to carry out the authentication.

If signature verification is not successful, it is judged as the information processing device is not obtained from the device Certificate corresponding to the public key of the device of the device of the correct special key, therefore, the processing stop. If signature verification is successful, the processing to the step S307. In the step S307 in, determining information corresponding to the processing device has the device obtained from the device public key Certificate of the correct device private key. In other words, the information processing apparatus is determined effective information processing apparatus. Therefore, from the device Certificate acquisition device identifier (device ID), corresponding to the thus, the device ID of the information processing apparatus.

Furthermore, in step S308 in, security processing apparatus checks whether the VM code is included in the implementation of the carrying out the call and verification models/version of the function of the processing of the Certificate. If the judged to include the carrying out the call and verification models/version of the function of the processing of the Certificate, function is performed. Furthermore, in the step S310 in, the memory from the information processing apparatus obtaining models/version Certificate (  Cert MV). If it is determined the implementation does not include the transferring and verification models/version of the Certificate the function of the processing, it is judged as the conventional equipment inspection process has been completed, the completion of the processing.

In step S309 in a memory from the information processing apparatus obtaining models/version Certificate after (  Cert MV), in the step S310 in, as stored in the information processing apparatus for use in the memory of the key management center of public key signature verification processing to perform authentication Certificate the size/version (  Cert MV) set in the processing of the signature. By signature verification, if there is no confirmation models/version the validity of the Certificate, the processing stop.

In the step S310 in, if the signature verification confirm type/version the validity of the Certificate, the processing to the step S311. In the step S311 in, is contained in the content code in the implementation of the function. In other words, the use of information processing devices/version of the implementation of a private key of the information processing apparatus generates random number or from the information recording medium the signature of the data read processing. Furthermore, in step S312 in, verification generated signature. Through the application of from confirming the validity of the models/version of the obtained models/version of the Certificate of the public key to carry out the authentication.

If signature verification is not successful, it is determined that the information processing device is not from the models/version corresponding to the type/version of the Certificate to obtain the correct public key of the type/version special key, therefore, the processing stop. If signature verification is successful, the processing to the step S313. In the step S313 in, determining information corresponding to the processing device has the Certificate obtained from the models/version of the public key of the type/version of the correct models/version special key. In other words, the information processing apparatus is determined effective information processing apparatus. Therefore, from the models/version Certificate acquisition models/version identifier (type/version ID), thereby determining the corresponding to the information processing apparatus type ID ID or version.

Therefore, information processing equipment application device Certificate and the models/version of the special key or Certificate or device type key/version of at least one of the cipher key in to carry out equipment inspection processing. The processing result is that, of the assigned equipment device ID, type I   D and version at least one of the ID. In other words, through the use of corresponding to each device a unique key or models or versions of shared key and electronic Certificate, can be reliably specified information processing apparatus.

Next, the reference fig. 25 flow chart of in, by selecting the note corresponding to the models/version of the conversion table (table Fix_up) and safety inspection code sequence of the implementation.

The processing is also Figure 1 the safety VM160 shown in the processing to be carried out, by means of the read-out is stored in the information recording medium to a content code in the implementation of the processing. As the application is contained in the content code of the conversion table (table Fix_up) and safety inspection code processing to carry out this processing.

First of all, in step S321 in, whether the recording in the information recording medium is included in the content of the code in the above-mentioned reference Image 2   4 shows that the apparatus of the type specified in the inspection process ID, in the ID version ID and device corresponding to at least one of the security checking code (inherent code). If judge for the does not include the security check code, to omit the safety inspection, go to step S324.

If the recording in the information recording medium with the content code of the equipment the type specified in the inspection process ID, in the ID version ID and device corresponding to at least one of the security checking code (inherent code), the processing to the step S322. In the step S322 in, the implementation of DWV ID, version ID or device ID corresponding to the security check code (inherent code). Furthermore, when the implementation of the code, by a signature verification to check the validity of the code. Only when the confirmed the effectiveness, executing the processing. Furthermore, use of the selected key, i.e., device manufacturing entity key, group key Gn or device specific key, types of key or version key to encrypt at least a portion of the code. In this case, first of all, according to the above-mentioned reference Image 21 ciphering configuration of the content code information 552 key designated information, from the memory to obtain the corresponding key to execute decryption processing.

In many cases, the safety of equipment required size/version of the code is a code. Therefore, for the implementation of the security code, if not designated device ID (i.e., even without the implementation of fig. 24 steps S302-S307), through chart 24 processing S308-S313 can also be reliably specified type. Therefore, ID is not special needs of the treatment of the designated device.

On the other hand, at the release the content of unauthorized copying, therefore embedded in the illegal copy has been designated in the identification data of the particular illegal copy is used in the case of the device, will be obtained through the network or recording in the recording medium with the content code device configured to the designated ID corresponding to the illegal copy of a device used in the contents of the unique code. In other words, even in the condition of the same models, to one particular device to carry out specific processing, but does not carry out the content code.

If in step S323 in the conventional safety check is completed, the processing to the step S324. If not yet completed the conventional safety inspection, the code does not allow to use the content, to stop the processing.

In the step S324 in, started to reproduce the content. When the reproduction of a content, first of all, according to the above-mentioned reference Figure 5 to carry out processing sequence of the note corresponding to the title of the content using the decryption processing of the cipher key. Furthermore, in step S325 in, choose the type of the corresponding to the designated ID, version ID and device for at least one of the ID conversion table (Fix_up_table) in order to carry out the conversion of the content data (media conversion). Furthermore, in step S326 in, for example, the conversion complete content data is output to the display unit in order to carry out the content reproduction.

In the application of conversion table (table Fix_up) of content data in the conversion (media conversion), comprising the content data conversion is contained in the content of the processing of normal data and corresponding to the information processing apparatus included in the identification information is embedded in the content of processing in a portion of data. Furthermore, corresponding to the information processing to embed the identification information of the apparatus, and inserting the designated device corresponding to the device ID of the ID data can be. In other words, do not need to specify types. For example, when the does not include the corresponding to the models/version of the security code, the content code recorded in the recording medium, by only executing device ID to obtain the content code designated (for example, Figure 24 steps S302-S307) and elliptical models/version designated processing (for example, Figure 24 steps S308-S313), can quickly carry out the processing of embedding identification information.

7. The configuration of the information processing apparatus

Next, the reference Figure 26, the application of reproducing (player) of the VM application program and security of data processing hardware configuration of the information processing equipment of the example. Information processing apparatus 80 comprises: CPU809, its implementation according to the OS or the content of the application program for the reproduction or recording of various treatment, mutual authentication processing and content reproduction, in other words, the implementation of the code comprising the above-mentioned according to the content processing apparatus checks, based on the security check code security check processing and application conversion table of the data conversion processing of the program a plurality of data processing; used for storing program, parameters and the like of the area of ROM808; memory 810 ; input, the output digital signal of the input/output I/F802; input, and outputs the analog signal having A/D, D/A converter 805 input-output I/F804; executing MPEG encoding of the data, the decoded MPEG   CODEC   803 ; implementation (transport stream) and PS TS (program stream, programstream) processing and TS PS processing unit 806 ; mutual authentication carry out, include a plurality of code processing and the processing of the decryption of the encrypted content code processing unit 807 ; recording medium such as hard disk 812 ; performing data recording and reproduction of the input signal, an output drive 811, each block both coupled to the bus 801.

Information processing apparatus (host computer) 800 through a connecting bus ATAPI-BUS is connected to the drive. Through the digital signal input/output I/F802 input, output conversion table, such as content. Code processing unit 807 application, for example, AES algorithm to perform encryption processing or decryption processing.

Furthermore, for example, will carry out the content reproduction or recording processing program stored in the ROM808 in. In the executive program, memory 810 is used as the working area according to requirements or parameters and data storage area. For example, ROM808 or recording medium storing the above-mentioned key data or Certificate data.

When reproducing the content or the content is output to the outside, from the information recording medium obtained by the data conversion processing program execution decryption of the encrypted content, or on the basis of restoration of conversion table data stored in the conversion table for recording conversion data processing, according to the above-described processing sequence.

8. Information recording medium manufacturing apparatus and information recording medium

Next, note information recording medium manufacturing apparatus and information recording medium. In other words, note for the manufacturing in the above-mentioned content reproduction processing in the information recording medium of the apparatus and method of the information recording medium and.

Information recording medium manufacturing apparatus for manufacturing a memory is for example the above-mentioned reference Figure 1 the information of the recorded data of the recording medium 100 of the apparatus. In the information recording medium 100 in, storage equipment inspection code and security check code or content code conversion table. If the above-mentioned reference Image 21 of the, various selected content code key to encrypt at least a portion of.

As shown in Figure 27, information recording medium manufacturing apparatus includes: the content file generating unit 901, the produce stored in the information recording medium with recording of the contents data in the contents file; content code file generation unit 902, the content is used for the implementation of the content code processing apparatus checks, comprising is used for safety checking the contents of the processing program storing applied to content code and data conversion of the contents of the conversion table code file; and recording unit 903, in the information recording medium 910 is recorded in the content file generating unit 901 in the content file is generated and in the content code file generation unit 902 in the content code file is generated.

The content code file generation unit 902 used for carrying out the produce stored for storage in each of the information processing equipment in a memory of the apparatus of the apparatus, check of the Certificate of the content code file check code, storage can be inspected by the inspection processing of the equipment based on the equipment identifier selectively performing a security check of the content code of the code file, and can be stored with the inspection by the inspection processing of the equipment based on the equipment identifier of the content of the selectively performing the data conversion processing in the content of the application data conversion table code file.

The content code file generation unit 902 may be used for producing the stored assigned to use only the information processing equipment to use the content of the encryption key of encrypted data can be decrypted content code of the content code file. In this case, in the above-mentioned reference Image 11-13 the layered structure of the note in the key tree, the application includes as an encryption key corresponding to the information processing apparatus as the bottom node of the relative blade be provided with the device specific key, from the vanes to the top node of the nodes on the path of the corresponding to the group key, corresponding to the top node of the device manufacturing entity key, the type of the information processing apparatus is provided corresponding to the type of the key and with the information processing apparatus is provided correspondingly to the Edition of the version of the encryption key of a key.

Furthermore, the memory has a use allocation to use the content only to a specific group of information processing apparatus the encryption key can decrypt the encrypted data content code corresponding to the content of the information of the code file, the content code file generation unit 902 produced to carry out the above-mentioned reference Image 21 encrypted content code specified by the configuration information, that is, as in the information recording medium of the information recorded includes key designated information and content code of the encrypted data portion of the content code the information processing of the ciphering configuration.

Manufacturing the information recording medium of the information recording medium manufacturing apparatus 910 in, recording a reference Figure 1, the various data of the note. In particular, at least includes storing the content of the content file data, a stored for when using the content processing apparatus checks performed by the content code of at least one of the content of the content code of the code file, which is used for safety checking the procedure of treatment and contained in the memory in the information recording medium of the data in the content of the application data conversion processing of the data generating processing code.

Recording in the information recording medium 910 in code file includes storing the content of a use allocation to use the content only to a specific group of information processing apparatus the encryption key can decrypt the encrypted data content code of the content code file. In this case, in the above-mentioned reference Image 11-13 the layered structure of the note in the key tree, the application includes as an encryption key corresponding to the information processing apparatus as the bottom node of the relative blade be provided with the device specific key, from the vanes to the top node of the nodes on the path of the corresponding to the group key, corresponding to the top node of the device manufacturing entity key, the type of the information processing apparatus is provided corresponding to the type of the key and with the information processing apparatus is provided correspondingly to the Edition of the version of the encryption key of a key.

Furthermore, the memory has a use allocation to use the content only to a specific group of information processing apparatus the encryption key can decrypt the encrypted data content code corresponding to the content of the information of the code file, in the information recording medium 910 is recorded in the above-mentioned reference Figure 21 the configuration information of the encrypted content code, comprising a key designated information and the content of the encrypted data portion of the code encryption configuration information of the content code.

In the text, reference to the detailed description of a particular embodiment of the invention. However, it can be known, the technicians of this field can be carried out to the embodiment and various changes in shape, and can not be separated from the spirit of this invention or the range. In other words, it should be understood, the above embodiment is not restrictive, but rather illustrative. In order to determine the spirit or scope of this invention, should reference the annexed claim.

Furthermore, hardware can be used to, software or hardware and software of the two synthetic configured to execute the processing described in the specification. Software in use under the condition of executing the processing, processing sequence is recorded can be installed on and placed in a special procedures in the hardware in the memory in the computer in order to carry out the program, or the program can be installed in a plurality of processing can be carried out of the common computer in order to carry out this procedure.

For example, can be used as a recording medium in advance on a hard disk or a ROM (read-only memory, read   only   memory) in recording program. Optionally, the procedure could be temporary or lasting storage (recording) comprising the floppy disk, CD-ROM (compact disc-read only memory,   read   only   memory compactdisc), MO (magnetic-optical, magneto   optical) disk, DVD (digital versatile disc, digital   versatile   disc), magnetic disc and of the semiconductor memory in the removable storage medium. Can be used as a so-called package software (  software   ge packa) to provide the removable storage medium.

Optionally, in addition to the removable storage medium from the outside is installed in the computer program, can also be through LAN (local area network, local   area   network) or the Internet, to wireless network will be transmitted to the computer or wired to send to the computer. Furthermore, the computer can receive a wireless transmitting or wired to the transmitted program, then the program is mounted on the in the computer in a recording medium such as hard disk.

Furthermore, not only can in order to sequence and can be in a parallel way, or according to the execution of the processing performance of the equipment is carried out independently or in the specification of a plurality of processing of the note. Furthermore, in the specification, the system is a logical group of a plurality of devices. In other words, it is not limited with a shell of the existing device.

Furthermore, the use of the signature of the public key or private key can be based on the use of the so-called RSA method or use of the so-called elliptical code (ellipticalcode) (EC-DSA) method.

As mentioned above, according to the configuration of the embodiment of the invention, the acquisition of the information recording medium includes recording the data in the content code processing program, then the implementation of security inspection processing, is contained in the content of the data conversion processing or according to the corresponding content code embedded content the apparatus information to the processing of data processing in the configuration of, and the like, as a check of the information processing equipment stored in the execution of the application to process in the information processing device or device Certificate of the Certificate type/version of device inspection processing, inspection processing of the equipment after the device is used as a recording obtained or Certificate in the Certificate type/version of the device of the equipment identifier ID, type or version ID ID, in the application processing the content code, the execution of the application of the device identifier corresponding to the content of the data processing of the code. As a result, and the application can be selected corresponding to each of the appropriate content code of the equipment.

In addition according to the invention another embodiment of the configuration, is at least a portion of the content code data for encryption, the key tree of the hierarchical structure, the application includes as an encryption key corresponding to the information processing apparatus as the bottom node of the relative blade be provided with the device specific key, from the vanes to the top node of the nodes on the path of the corresponding to the group key, and the top node is set corresponding to the manufacturing entity key and the device of the type and of the information processing equipment version corresponding to the model and version of the encryption key of the cipher key in any one of. Therefore, can only allow particular information processing apparatus to the content of the group code execution processing. As a result, illegal against application can be implemented which is capable of processing the configuration of the content code.

The technicians of this field should be understood, can be in the attached claim or its equivalent within the scope of the, according to the design requirements and other factors to various deformation, combined, sub-combinations and replacement.

The invention comprises 6 February 2006 in the Japanese Patent JP Japan submitted hopes especially   2006-028338 the subject of the claims, including all of its content with this by reference.