CN1779659A - Device and method for reproducing encrypted contents - Google Patents

Abstract

The invention provides a content regeneration device and content regeneration method which can protect copyright of contents and simultaneously improve convenience for users, wherein receiving content using information from a memory device, using content key which is included to information by utilizing the received content, proceeding encoding process to encrypted content data, storing state information which presents using state of the content using information, detecting the encoding of the encrypted content data which utilizes the content key, or proceeding consumption judgment of the content using information according to the detected time course by utilizing regeneration time course of the encrypted content data whose content key is coded, reflecting the consumption judgment of the content using information on the state information which is recorded in a recording memory part.

Description

Content player and content reproducing method

Technical field

The present invention relates to the content regeneration techniques, relate in particular to the content of encrypting is deciphered, the content player of Regeneration Treatment and method thereof.

Background technology

Copyright protection mode as the protection content-data; known: that content-data is encrypted; improve the mode that the content comprise its decoding key (being called " content key " below) uses the invisible of information (being called " permission data " below) and manage (such as, with reference to patent documentation 1).In patent documentation 1 disclosed content-data delivery system, as under unencrypted state to the device handled of permission data, enumerate server unit, as the storage card of memory storage, as 3 kinds of devices of the demoder of operative installations.In addition,, and between memory storage and the operative installations, construct the coded communication path,, permit the transmission of data to receive by this coded communication path at server unit and memory storage.In server unit, memory storage, operative installations, have and be used for TRM (Tamper Resistant Module) that the permission data of encrypting are handled.

In the constructing of this coded communication path, at first, provide the device (being called " generator " below) of permission data to send the certificate that comprises public-key cryptography to the device of enjoying the permission data (being called " the permission data are enjoyed device " below).In addition, this permission generator is verified this certificate, result as checking, at the certificate of enjoying the device transmission from permission is regular certificate, and being proved to be book deletes in the absence of thinking invalid of tabulating, utilize the public-key cryptography that comprises in this certificate, between device, carry out key change.And, sent to the permission data that the secret key encryption of device is enjoyed in permission from the permission generator, send to permission from the permission generator and enjoy device.TRM for physics mode to the invisible circuit module of protecting, it only constitutes just can obtain the permission data by the coded communication path.

In addition, when securing permission data, storage card be installed on can with the server unit termination device in communication on, by this end device, receive the permission data from server unit.In addition, when using content, storage card by end device, will permit that data send to demoder on being installed on the end device of demoder built-in.

Also have, in this system, storage card itself can be according to the restricted information in the permission data, the output of limiting permission data.Such as, the permission data comprise that expression can utilize the restricted information of the number of times of these permission data, reproducing contents data.When regeneration, storage card is confirmed the restricted information of the regeneration times in the permission data, judges whether exportable permission data.When output, carry out the renewal of this control information, after regenerating repeatedly, finally forbid permitting the output of data.

As mentioned above, in the content converting service, by the encryption of content-data, the copyright protection that realizes that up hill and dale content is relevant is sought in the concealment of permission data.In addition, the importing by use restrictions such as regeneration times controls can be applicable to various service forms.Like this, by seeking to realize up hill and dale the protection of content copyright, thus the person's that can protect the content rights right, the providing of safety that can realize content.Consequently, the battle array (lineup) of content that becomes the object of delivery service also increases, and can satisfy the user's of received content dispensing demand in wideer scope.

[patent documentation 1] international open WO01/43342 document

As mentioned above, in existing content delivery system, sent the permission data that regeneration times is restricted from memory storage to regenerating unit, still, do not utilized in regenerating unit under the situation of regeneration of these permission data, the user loses the right of regeneration.Even be purpose with audition, under the situation of the part of reproducing contents, same user loses the right of regeneration

Summary of the invention

The present invention be directed to such situation and propose, the object of the present invention is to provide a kind ofly in the literary property of protection content, improve the technology of user's convenience.

At above-mentioned problem, the present invention has following feature respectively.

The content player of a certain form of the present invention, its utilization be recorded in the memory storage, comprise that the content that is used for encrypted content data is deciphered the content key of processing uses information, this encrypted content data is deciphered, and regenerate, this content player comprises: interface, its and memory storage between the giving and accepting of control data; The content decoding part, it is deciphered encrypted content data by being contained in the content key in the content use information; The content key efferent, it uses information from above-mentioned memory storage received content, and the content key that comprises in the content use information that is received is outputed to the content decoding part; Recording storage portion, its storage representation content is used the status information of the user mode of information; Judging part, it obtains the elapsed time of the decoding of the encrypted content data that utilizes content key in the content decoding part, or in the foregoing decoding part, utilize content key to decipher elapsed time of regeneration of the encrypted content data of processing, according to the acquired elapsed time, judge whether to regard as and utilized content key, judged result is reflected in be recorded in the status information in the above-mentioned recording storage portion.

According to this form; elapsed time in regeneration is short under the situation that can regard as the degree of not using content key; because the status information of the situation of not utilizing content key is reflected in the status information of storing as record (log); thus; user's convenience can be sought, the right of regeneration can be protected.

Also can comprise the above-mentioned elapsed time, and it is notified to the elapsed time determination part of judging part.The elapsed time determination part is after the content key efferent outputs to the content decoding part with content key, and in the elapsed time when measuring the beginning from decoding or Regeneration Treatment, above-mentioned judging part exceeded schedule time according to the elapsed time, regarded as and had utilized content key.

Also can comprise and measure the elapsed time, and it is notified to the elapsed time determination part of judging part.The data volume that the elapsed time determination part is deciphered according to the content decoding part, or, calculate the elapsed time, and it is notified to judging part to the data volume that the encrypted content data of deciphering is regenerated, judging part exceeded schedule time according to the elapsed time, regarded as and had utilized content key.

Stipulated time is contained in the content use information, and the stipulated time that the content key efferent will be contained in the content use information that has received outputs to judging part.Stipulated time can be 45 seconds.

Judging part also comprises control part, and it is being judged to be under the situation of not utilizing content key, to the memory storage request, so that the content use information that is recorded in the memory storage returns to the state before that receives.

Control part also can will comprise the recorded information that is recorded in the status information in the recording storage portion and send to memory storage when the state before the memory storage request returns to reception with content use information.This recorded information can be used for also judging whether memory storage allows to recover.

Control part also can send to memory storage with recorded information with the hashed value of following information, and this information comprises shared key shared between content player and the memory storage.This hashed value also can be used for the legitimacy that memory storage is judged content player.

When recording storage portion uses information at received content, store at least a portion that this content is used information with virgin state, control part also can send to memory storage with the content use information that is stored in the virgin state in the recording storage portion when making the state of content use information before returning to reception to the memory storage request.

Another form of the present invention is a content reproducing method.This method is to utilize to be recorded in the memory storage, comprise that the content that is used for content key that encrypted content data is deciphered uses information, the content reproducing method that encrypted content data is deciphered and regenerated, wherein, use information from the memory storage received content, utilization is contained in the content key in the content use information that has received, encrypted content data is deciphered, the storage representation content is used the status information of the user mode of information in recording storage portion, acquisition has utilized elapsed time of decoding of the encrypted content data of content key, or utilize elapsed time of the regeneration of the encrypted content data that content key deciphers, according to the acquired elapsed time, judge whether to regard as and utilized content key, and judged result is reflected in be recorded in the status information in the recording storage portion.

Elapsed time is measured by timer during from the decoding or the beginning of Regeneration Treatment, in the time of can exceeding schedule time in the elapsed time, regards as and has utilized content key.According to through the data volume of decoding processing or the data volume that the encrypted content data after the decoding is regenerated, calculate the elapsed time, when exceeding schedule time, regard as and utilized content key in the elapsed time.Stipulated time is included in the content use information constantly.Stipulated time can be 45 seconds.

Be judged to be under the situation of not utilizing content key, to the memory storage request content use information that is recorded in the memory storage returned to and receive state before.

The content player that encrypted content data is deciphered, regenerated is to the memory storage request: when making content use information return to state before receiving, can will comprise that the recorded information that is recorded in the status information in the recording storage portion sends to memory storage.Memory storage also can reference record information, judges content uses the recovery of information whether to allow, and being judged to be when allowing to recover, content use information is returned to virgin state.Memory storage also can write down the status information that the expression content is used the user mode of information, and memory storage judges with further reference to the status information that itself writes down content uses the recovery of information whether to allow.

Also can send to memory storage with recorded information with being included in the hashed value of the information of shared key shared between content regenerating unit and the memory storage.Memory storage also can be with reference to hashed value, and having confirmed to ask content to use the content player of the recovery of information is that itself sends the device that this content is used information, when having confirmed, content use information is returned to virgin state.

Memory storage also can be when sending to content player with content use information, store at least a portion that this content is used information with virgin state, when making content use information return to virgin state from this content player request, override content by content use information and use information, thereby return to virgin state in order to the virgin state storage.

Recording storage portion also can be when having received content use information, store at least a portion that this content is used information with virgin state, when making the state of content use information before returning to reception to the memory storage request, the content use information that is stored in the virgin state in the recording storage portion is sent to memory storage.Memory storage also can override content use information and return to virgin state by the content use information with above-mentioned virgin state.

According to the description of embodiment given below, can understand feature of the present invention and even technical meaning more.But following embodiment is an embodiment of the invention fully, and the meaning of the term of the present invention and even each component part etc. is not limited to the form put down in writing in the following embodiment.

According to the present invention, when can be provided at the protection content copyright, improve the technology of user's convenience.

Description of drawings

Fig. 1 is the figure of the formation of the data management system of expression the 1st embodiment;

Fig. 2 is the figure of the formation of the delivery system of expression the 1st embodiment;

Fig. 3 is the figure of the formation of the regenerating unit of expression the 1st embodiment;

Fig. 4 is the figure of the formation of the memory storage of expression the 1st embodiment;

Fig. 5 is the figure of the formation of expression cipher engine shown in Figure 2;

Fig. 6 is the figure of the formation of expression cipher engine shown in Figure 3;

Fig. 7 is the figure of the formation of expression cipher engine shown in Figure 4;

Fig. 8 is the figure of the recording processing of explanation permission data;

Fig. 9 is the figure of the recording processing of explanation permission data;

The figure that Figure 10 handles for the use of explanation permission data;

The figure that Figure 11 handles for the use of explanation permission data;

The figure that Figure 12 handles for the use of explanation permission data;

The figure that Figure 13 handles for the use of explanation permission data;

Figure 14 is the figure of the formation of the delivery system of expression the 2nd embodiment.

Among the figure: the 100-delivery server; The 150-end device; The 200-memory storage; The 300-regenerating unit.

Embodiment

With reference to the accompanying drawings, embodiments of the present invention are described.In the present embodiment, propose: using information from the memory storage received content, encrypted content data is deciphered processing, and in its device of regenerating, in the situation of not carrying out Regeneration Treatment, even or carry out Regeneration Treatment, still under at the appointed time the situation, with memory storage in content use information in the relevant control information of the regeneration that comprises return to the technology of the state before the output.Utilizing regeneration times to exist in the Regeneration Treatment of the permission data that limit; regenerate with the change that is used for selecting or audition etc. is the part regeneration of purpose; by not regarding the regeneration of consuming licence as, thereby can protect the right of the content regeneration that the user has.

(the 1st embodiment)

Fig. 1 represents that the integral body of the data management system 10 of embodiment constitutes.Data management system 10 comprises: the regenerating unit 300 that sends end device 150 in memory storage 200 of the delivery server 100 of data, the data recording that will send from this delivery server 100, the data that are recorded in the memory storage 200 are regenerated, the memory storage 200 that record keeps data.

The memory storage 200 of present embodiment is not only the storage medium that keeps data, and be the structures such as controller that are included in the input and output of control data between itself and the host apparatus such as end device 150 or regenerating unit 300, the one-piece type memory storage of driving.In the present embodiment, be example with the hard disk drive, memory storage 200 is described.

Existing hard disk drive generally is fixedly connected on the host apparatus and uses, and still, the memory storage 200 of present embodiment constitutes: host apparatus such as end device 150 and regenerating unit 300 freely loads and unloads relatively.Promptly, the memory storage 200 of present embodiment is: it is identical with CD, DVD etc., can take off and transport from host apparatus, can be between end device 150, regenerating unit 300 and a plurality of host apparatus such as record regenerator that can write down and regenerate shared memory storage.

Like this, the memory storage 200 of present embodiment to be being connected to prerequisite with a plurality of host apparatus, such as, also have with the 3rd host apparatus beyond the owner and be connected, read the possibility of recorded data.When supposing in this memory storage 200 data that content, enterprise or the individual's of the copyright protection that record should be by music, image etc. confidential information etc. should hide; for not with the data leak of these concealments to outside; be preferably in the structure that is provided for the due care data in the memory storage 200 itself, have sufficient anti-tamper function.

According to such viewpoint, the memory storage 200 of present embodiment has: when between itself and main frame the concealment data being carried out input and output, be used for the structure that these concealment data are encrypted and exchanged.In addition, in order to store the concealment data, the confidential data storage area different with common storage area is set, this confidential data storage area constitutes: if not by the cipher engine that is arranged in the memory storage 200, then can not carry out access.This cipher engine only be verified as host apparatus and hide the input and output of data with legal authority.Below, also such data protection function is called " function of keeping secret ".By said structure and function, can suitably protect the concealment data that are recorded in the memory storage 200.

For feature with the movable medium of bringing into play memory storage 200 to greatest extent, best, even for not with the corresponding host apparatus of function of keeping secret, also can carry out input and output to common data.Thus, in the memory storage 200 of present embodiment, in order to keep the interchangeability with in the past hard disk, corresponding with the ATA (AT Attachment) as the standard specification of ANSI (American National Standards Institude), above-mentioned function of keeping secret is realized as the explosion command of ATA.

The following example of input and output as the concealment data is described the situation of content-datas such as record regenerating image.Though content-data itself can be handled as the concealment data,, in the present embodiment, content-data is carried out encryption, with the content-data itself after encrypting as common data recording in memory storage 200.In addition, with comprise the key (being called " content key " below) that is used for the content-data after encrypting is deciphered, with the use of content regeneration control or licence, move, duplicate the relevant information of the relevant control data of (being called " service regeulations " below) (being called " permission data " below) as hiding data, utilize above-mentioned function of keeping secret, carry out input and output and handle.Thus, can be when keeping sufficient anti-tamper function, the input and output of reduced data, the high speed of seeking to handle and the reduction of power consumption.

Here, the permission data not only comprise content key or service regeulations, also comprise the identifying information LicID that is used for specific permission data.In addition, as service regeulations, comprise the control information PC of expression with the upper limit of the output number of times of the permission data that are regenerated as purpose.Here, this control information PC is the signless integer of 1 bit, and the higher limit of the output number of times of its value representation permission data is whenever the output of permission data just deducts 1.In addition, PC=255, by way of exception, and the situation that expression does not have the upper limit of regeneration times to set, its value is not followed with the output of the permission data that are regenerated as purpose and is changed.In addition, the establishing method of the control information PC that here provides and application method are an example of present embodiment, have no particular limits.

In addition, below, host apparatus explosion commands in memory storage 200 issued command, that function of keeping secret is used such as delivery server 100, regenerating unit 300 are also referred to as " maintain secrecy order ", other order is also referred to as " normal commands ".

Fig. 2 represents the formation of the delivery server 100 and the end device 150 of embodiment.Delivery server 100 and end device 150 be respectively by communicator 104,153, is situated between to be connected by the internet 120 as an example of network.Delivery server 100 comprises: scrambler 102, cipher engine 103, communicator 104, content data base 105, permission database 106, customer data base 107, control their controller 101 and the data bus 110 that their are electrically connected.The formation of delivery server 100 is from hardware aspect, can wait by CPU, storer and other LSI of any computing machine and realize, from the software aspect, can wait and realize by being loaded into program in the storer, but, here, the collaborative functional block that realizes by them is described.Therefore, those having ordinary skill in the art will appreciate that: these functional blocks can only pass through hardware, only by software or by their combination, realize with various forms.

Scrambler 102 issue comprises the permission data LIC that is used for content key that encrypted content is deciphered, utilizes this content key, and the content that the coding that is stored in the content data base 105 is crossed is encrypted.Content after the encryption sends to end device 150, and is recorded in this memory storage 200 by data bus 110, communicator 104.

Cipher engine 103 is recorded in the memory storage 200 for the permission data LIC that will offer the user, between itself and memory storage 200 coded communication is controlled.Data bus 110 and the communicator 104, internet 20, the communicator 153 of end device 150, data bus 160, controller 151 and memory interface 152 of coded communication by delivery server 100 directly carries out between itself and memory storage 200.

Communicator 104 is by internet 20, carries out exchanges data with other device.Here, and carry out exchanges data between the above-mentioned end device 150.Content data base 105 keeps offering user's content.Permission database 106 keeps comprising the permission data that are used for content key that content is encrypted.The information that customer data base 107 keeps as the user that object is provided of content.Such as, can keep user's personal information, user's the purchase history, cost information etc. of address, content of end device 150.

The controller 101 of delivery server 100 is read content-data according to user's request from content data base 105, in addition, reads permission data LIC from permission database 106.Content key in the content-data read and the permission data LIC is passed to scrambler 102, in addition, will permit data LIC to pass to cipher engine 103.Then, in scrambler 102, with content key content-data is encrypted, the content-data after will encrypting by communicator 104 sends to end device 150.In addition, construct the coded communication circuit,, will permit data to send to end device 150 by it by cipher engine 103.The permission data LIC that end device 150 will receive is recorded in the memory storage 200.

If content-data after will encrypting and permission data LIC are recorded in the memory storage 200, the user who then is made as end device 150 has been provided by providing of content, for the counter value that this content is provided is charged, and updating user data storehouse 107.

End device 150 comprises: memory interface 152, communicator 153, control their controller 151 and the data bus 160 that they are electrically connected.The formation of end device 150 is from hardware aspect, can wait and realize by CPU, storer, other LSI of any computing machine, from the software aspect, can wait and realize by the record controls functional programs that has that is loaded in the storer, but, here, the functional block that realizes by working in coordination with of they is described.Therefore, those having ordinary skill in the art will appreciate that: these functional blocks can only pass through hardware, only by software or by their combination, realize with various forms.

152 pairs of input and output with the data of memory storage 200 of memory interface are controlled.Communicator 153 carries out exchanges data by internet 20 with other device.Carry out exchanges data with delivery server 100 here.The controller 151 of end device 150 is by communicator 153, and user's content converting request is sent to delivery server 100.In addition,,, receive content-data and permission data after the encryption that provides from delivery server 100,, be recorded in the memory storage 200 by memory interface 152 by communicator 153 as its response.

Fig. 3 represents that the inside of the regenerating unit 300 of embodiment constitutes.These functional blocks also can only pass through hardware, only by software or by their combination, realize with various forms.Regenerating unit 300 mainly comprises controller 301, memory interface 302, cipher engine 303, code translator 304, content decoders 305 and the data bus 310 that they are electrically connected.

302 pairs of input and output with the data of memory storage 200 of memory interface are controlled.Cipher engine 303 is in order to receive the permission data LIC that comprises content key from this memory storage 200, carries out the control of coded communication between itself and memory storage 200.Code translator 304 is deciphered the content after the encryption of reading from memory storage 200 by being contained in the content key from the permission data LIC that above-mentioned memory storage 200 receives.Content decoders 305 will be deciphered back output by the content that code translator 304 was deciphered.Such as, if be the content of mpeg format,, picture signal is exported to not shown display device then from content recovery picture signal and voice signal, voice signal is exported to not shown loudspeaker.The component part of 301 pairs of regenerating units 300 of controller is all together control.

Fig. 4 represents that the inside of the memory storage 200 of embodiment constitutes.Memory storage 200 mainly comprises: controller 201, memory interface 202, cipher engine 203, anti-tamper storage part 204, general data storage part 205 and the data bus 210 that they are electrically connected.

The input and output of the data of 202 pairs of delivery servers 100 of memory interface and regenerating unit 300 are controlled.Cipher engine 203 carries out the control of coded communication, and this coded communication is used for the concealment data that between itself and delivery server 100 and regenerating unit 300 input and output comprise the permission data LIC etc. of content key.General data storage part 205 is generic storage zones of interior perhaps common data behind the recording of encrypted etc.Anti-tamper storage part 204 is confidential data storage areas of the concealment data of the record permission data LIC etc. that comprises content key.General data storage part 205 is handled by the direct access from the outside, carries out the input and output of data, and still, anti-tamper storage part 204 constitutes: if not by cipher engine 203, just can't carry out the input and output of data.The component part of 201 pairs of memory storages 200 of controller is all together control.

Here, the key that utilizes in the present embodiment is described.In the present embodiment, key is expressed as fully from the character string of " K " beginning of upper case character.In addition, be under one of them the situation of " c ", " s ", " r " of lowercase character at the 2nd character, expression symmetric key (shared key).Specifically, " c " is the inquiry key, and expression is by the provisional symmetric key of the transmission source generation of permission data." s " is the conversation key, and expression is by the provisional symmetric key of the transmission object generation of permission data." r " recovers key, and expression is by the provisional symmetric key of the transmission object generation of permission data.In addition, be under the situation of upper case character " P " at the 2nd character, the public-key cryptography of expression public key cryptography mode.In this key, must there be corresponding privacy key, this privacy key is the statement of " P " of the upper case character of removing the 2nd character from the statement of public-key cryptography.

Character string at the expression key comprises under the situation of " d " of lowercase character that expression is every group of key that provides at device.In addition, the character string at the expression key comprises that expression is the key that provides at each device under the situation of " p " of lowercase character.Respectively as public-key cryptography and privacy key to and the public-key cryptography KPdx that provides, provide at each group as the public-key cryptography certificate C[KPdx that has electronic signature] and provide.

In addition, be documented in the last character of character string of expression key, such as " 2 " of public-key cryptography KPd2 for being used to discern the mark of the cipher engine that this key is provided.In the present embodiment, providing under the clear and definite situation of object, be expressed as numeral " 1 ", " 2 ", " 3 ", at key for beyond this cipher engine, providing, provide under indefinite situation of object or the unspecified situation, explain by English characters such as " x ", " y ".In the present embodiment, utilize distinguished symbol " 1 ", utilize distinguished symbol " 2 ", utilize distinguished symbol " 3 " at the cipher engine 303 of regenerating unit 300 at the cipher engine 203 of memory storage 200 at the cipher engine 103 of delivery server 100.

Fig. 5 represents that the inside of the cipher engine 103 of delivery server shown in Figure 2 100 constitutes.Cipher engine 103 comprises: certificate proof department the 120, the 1st password portion 121, the 125, the 3rd password portion 126 of random number generating unit the 122, the 1st decoding part the 123, the 2nd decoding part the 124, the 2nd password portion, certificate efferent 127, control part 128 and the local bus 130 that at least a portion in these component parts is electrically connected.

The certificate C[KPd2 that 120 checkings of certificate proof department obtain from memory storage 200].This certificate C[KPd2] by the information (being called " certificate main body " below) of the plaintext that comprises public-key cryptography KP2, constitute with the electronic signature of adding on the certificate main body.This electronic signature is by the root key Ka as the authentication institute (not shown) of the 3rd mechanism, following result is carried out encryption and the data that form, and this result carries out the computing (below this calculation process being called " hash operations ") of hash function and forms the certificate main body.The root key Ka non-public key that authentication institute carries out strict control of serving as reasons, its be authentication privacy key.Certificate proof department 120 keeps and the paired authentication secret Kpa of this root key Ka.This authentication secret Kpa is the public-key cryptography of the testimonial legitimacy of checking.Testimonial checking is judged by testimonial legitimacy and testimonial validity.

Being confirmed to be of testimonial legitimacy to operation result with respect to the hash function of the testimonial certificate main body that should verify, with by authentication secret Kpa the processing that the result of processing compares is deciphered in electronic signature, when both were consistent, it was legal to be judged to be.Certificate proof department 120 keeps the certificate deletion tabulation (Certificate Revocation List: be called " CRL ") as invalid testimonial tabulation, and under the testimonial situation that record should not verified in this CRL, judgement is effective.Like this, judge testimonial legitimacy and validity, the legal testimonial processing of approval is called " checking ".

Certificate proof department 120 takes out the public-key cryptography KPd2 of memory storage 200 when being proved to be successful, it is passed to the 1st password portion 121, notice checking result.Output authentication error notice under the situation of authentication failed.

The certificate C[KPd1 of certificate efferent 127 output delivery servers 100].This certificate is by the certificate main body of the public-key cryptography KPd1 that comprises delivery server 100, constitute with the electronic signature that makes an addition on the certificate main body.It is identical with the certificate of memory storage 200 to sign electronically, by the authentication root key Ka, carry out encryption.

Random number generating unit 122 generates inquiry key K c1, this inquiry key K c1 be for its with memory storage 200 between carry out coded communication and the temporary transient key of use.When carrying out coded communication, inquire key K c1 at every turn, thereby the possibility of cracking inquiry key K c1 can be suppressed at minimum degree by generating according to random number.The inquiry key K c1 that has generated is passed to the 1st password portion 121 and the 1st decoding part 123.

The 1st password portion 121 uses the public-key cryptography KPd2 of the memory storage that takes out by certificate proof department 120 that inquiry key K c1 is encrypted for to memory storage 200 notice inquiry key K c1, and generation encrypted challenge key E (KPd2, Kc1).In addition, encrypted challenge key E (KPd2 is Kc1) with the certificate C[KPd1 that exports from certificate efferent 127] combine, formation inquiry message E (KPd2, Kc1) //C[KPd1].

Here, the connection of symbol " // " expression data, E (KPd2, Kc1) //C[KPd1] expression with encrypted challenge key E (KPd2 is Kc1) with certificate C[KPd1] data rows that is connected side by side.In addition, E represents encryption function, and (c1 carries out data encrypted to E to the inquiry key K for KPd2, Kc1) expression public-key cryptography KPd2.

123 pairs of the 1st decoding parts have carried out ciphered data by inquiry key E and have deciphered processing.Because the public-key cryptography KPp2 that is kept by the conversation key s2 and the memory storage 200 of memory storage 200 issue is as call-information E (Kc1, E (KPd1, Ks2) //KPp2), supply with from memory storage 200, so inquiry key K c1 that the 1st decoding part 123 utilizes random number generating unit 122 to generate, call-information is deciphered, and (KPd1 is Ks2) with public-key cryptography KPp2 to take out speech scrambling key E.The public-key cryptography KPp2 that has taken out is passed to the 2nd password portion 125, and (KPd1 Ks2) passes to the 2nd decoding part 124 with speech scrambling key E.

The key K d1 that the 2nd decoding part 124 usefulness are paired with public-key cryptography KPd1 is to (KPd1 Ks2) deciphers, and takes out conversation key K s2 from the 1st decoding part 123 that transmit, encrypted by the public-key cryptography KPd1 of itself speech scrambling key E.The conversation key K s2 that has taken out is passed to the 3rd password portion 126.

The permission data LIC of the content key of issue when the 2nd password portion 125 obtains and comprises 102 pairs of contents of scrambler and encrypt, and these permission data LIC is deciphered with the public-key cryptography KPp2 of the memory storage that object is provided 200 of permission data, generation E (KPp2, LIC).And (KPp2 LIC) is delivered to the 3rd password portion 126 with the E that generated.

The 3rd decoding part 126 is by the conversation key K s2 by memory storage 200 issues, and (KPp2 LIC) further encrypts, and generates encrypted permission data E (Ks2, E (KPp2, LIC)) to the E from 125 transmission of the 2nd password portion.

Control part 128 is according to the indication of the controller 101 of delivery server 100, between the control of the inside component part of itself and cipher engine 103 and outside structure, intermediary carried out in the input and output of data.In addition, in Fig. 5, the line of the control of each component part of expression control part 128 inside is omitted.

As shown in Figure 5, in the present embodiment, constitute: if not by control part 128, cipher engine 103 just can't carry out exchanges data with the outside.About connecting the form of each component part, consider variety of way, but, in the present embodiment, the inquiry key K c1 that random number generating unit 122 generates, the conversation key K s2 that receives from memory storage 200, each key that inside utilized of cipher engine 103 of key K d1 etc. of itself constitute the outside that does not directly flow out to cipher engine 103.Thus, prevent to leak into outside situation, can improve confidentiality in each key that inside utilized of cipher engine 103 other component parts by delivery server 100 etc.

Fig. 6 represents the inner structure of the cipher engine 303 of regenerating unit shown in Figure 3 300.Cipher engine 303 comprises: certificate efferent 320, random number generating unit 321, the 324, the 2nd password portion of certificate proof department the 322, the 1st decoding part the 323, the 1st password portion the 325, the 2nd decoding part the 326, the 3rd decoding part 327, content key efferent 328, elapsed time determination part 329, recording storage portion the 330, the 4th decoding part 331, record signature section 332, control part 333 and the local bus 340 that at least a portion in these component parts is electrically connected.

The certificate C[KPd3 of certificate efferent 320 output regenerating units 300].Certificate both can be kept by certificate efferent 320, also can remain in the not shown certificate maintaining part, and it is read.Certificate is by the certificate main body of the public-key cryptography KPd3 that comprises regenerating unit 300, constitute with the electronic signature that makes an addition on the certificate main body.It is identical with the certificate of memory storage 200 to sign electronically, by the authentication root key Ka carry out encryption.

Random number generating unit 321 is in order to carry out coded communication between itself and the memory storage 200 and to generate the conversation key K s3 of interim use.The conversation key K s3 that is generated is passed to the 324, the 2nd password portion 326 of the 1st password portion, recording storage portion 330.

Certificate proof department 322 carries out the certificate C[KPd2 of memory storage 200] checking.The particular content of checking is as described above.

The 1st decoding part 323 secret key K d3 is to deciphering by public-key cryptography KPd3 ciphered data.When regeneration, owing to supplied with from memory storage 200 by the public-key cryptography KPd3 encryption back of regenerating unit 300 by the inquiry key K c2 of memory storage 200 issues, the 1st decoding part 323 is deciphered taking-up inquiry key K c2 to it by the key K d3 of itself.The inquiry key K c2 that is taken out is passed to the 2nd password portion 325.

The 1st password portion 324 usefulness are from the certificate C[KPd2 of memory storage 200] the public-key cryptography KPd2 that takes out, carry out the encryption of data.For the key K s2 that will converse is notified to memory storage 200, the conversation key K s3 that generates by random number generating unit 321 is encrypted, generation speech scrambling key E (KPd2, Ks3).(KPd2 Ks3) passes to the 2nd password portion 325 with the encrypted challenge key E that generated.

The inquiry key K c2 of the 2nd password portion 325 by taking out from the 1st password portion 323 carries out the encryption of data.The speech scrambling key E that will transmit from the 1st password portion 324 (KPd2 Ks3) is connected with the public-key cryptography KPp3 of itself, and it is encrypted, generation call-information E (Kc2, E (KPd2, Ks3) //KPp3).

Processing is deciphered by conversation key K s3 ciphered data by 326 pairs in the 2nd password portion.Because permission data LIC is as the encrypted permission data E (Ks3 by public-key cryptography KPp3 and conversation key K s3 double-encryption, E (KPp3, LIC)), supply with from memory storage 200, the conversation key K s3 that the 2nd password portion 326 is generated by random number generating unit 321, decipher processing, will (KPp3 LIC) passes to the 3rd decoding part 327 as its result's encrypted permission data E.

The 3rd decoding part 327 carries out the decoding of the data of encrypting by public-key cryptography KPp3.By the secret key K p3 paired with public-key cryptography KPp3, (KPp3 LIC) deciphers, and takes out permission data LIC to the encrypted permission data E as the decode results of the 2nd decoding part 326.

The permission data LIC of content key efferent 328 from taking out by the 3rd decoding part 327 takes out and the maintenance content key.In addition, content key efferent 328 offers code translator 304 with the content key that is kept, and monitors that simultaneously the decoding of this content key that utilizes code translator 304 is handled, and this situation is passed to elapsed time determination part 329.

Elapsed time determination part 329 is measured and is utilized the content key that content key efferent 328 provides and the recovery time of the encrypted content of deciphering.This elapsed time determination part 329 has the function of judging part simultaneously, judges and to follow the recovery time to surpass T second of regulation, and carry out the Regeneration Treatment of content key, that is, consumption is by 1 regeneration times of regeneration right of the control information PC regulation of permission data.Otherwise, not passing through under the situation that stops to regenerate under the T state of second, judge and do not carry out the regeneration of content key, that is, do not consume right by the regeneration of permission data regulation.In other words, if surpass T second from the elapsed time that begins of regeneration, 329 of elapsed time determination parts are regarded as not utilize and are permitted the contained content key that has of data; If surpass T second, then regard as and utilized content key.

For the formation of elapsed time determination part 329, there are various formation methods, still, here, provide and utilize timer, measure the formation example in the elapsed time after regeneration begins.Elapsed time determination part 329 comprises timer.In addition, begin, then reset timer, the mensuration in beginning elapsed time if content key efferent 328 offers the decoding of the content key of code translator 304.And, if then be judged to be and regenerate the T second through stipulating.Here, T represents to judge each content type (music/image etc.) is regenerated, and promptly consumes the border time of licence, and it is predetermined.Thus, such as, if before T process second, the content key that content key efferent 328 is kept is deleted, the decoding of code translator 304 is handled and is stopped, and then judges the Regeneration Treatment of not carrying out this content key.And, this result of determination is reflected among the information ST3 that is stored in the recording storage described later portion 330.In addition, under the situations such as audition of supposition, above-mentioned border time T is set at 45 seconds such as music.

The historical information that the communication of the 330 storing authorization data LIC of recording storage portion is relevant with consumption.This historical information is the information of the communication usefulness of the information LicID of specific permission data LIC, specific permission data LIC, comprise the conversation key K s3 that the communication of expression by permission data LIC generates, information ST3 from the communication of permission data to the state of consumption (regeneration).Historical information also can comprise the information of address that stores the permission data, but the original control information PC that perhaps comprises in the data.

Information ST3 is formed by the information of the arbitrary state in the following three state of expression: the state (being called " state RP " below) that generates the conversation key; Receive the state (being called " state RL " below) of permission data LIC; Be judged to be the state (being called " state CL " below) that begins to regenerate by elapsed time determination part 329.

The 4th decoding part 331 carries out the decoding of the data of encrypting by public-key cryptography KPp3 to be handled.By the secret key K p3 paired with public-key cryptography KPp3, (KPp3 Kr2) deciphers processing, takes out and recovers key K r2 to the recovering information E from memory storage 200 supplies.

Record signature section 332 is utilized the recovery key K r2 that takes out by the 4th decoding part 331, with the historical information that is stored in the recording storage portion 330, the status information LicID//ST3//H (Kr2//Kr3//LicID//ST3) of the reception of the permission data LIC in the generation understanding regenerating unit 300 or the situation of consumption.This status information can have in the cipher engine 203 of Kr2 and Kr3 at the same time, verifies its legitimacy.Here, H represents hash function, the hash operations result of H (Kr2//Kr3//LicID//ST3) expression data Kr2//Ks3//LicID//ST3.

Control part 333 is according to the indication of the controller 301 of regenerating unit 300, between the control of the component part of the inside of cipher engine 303 and outside structure, carries out the input and output of data and handles.In addition, in Fig. 6, the line of the control of each component part of inside of expression control part 333 omits.

Even in cipher engine shown in Figure 6 303, also considered various forms at the form that connects each component part, but in the present embodiment, constitute: if not by control part 333, cipher engine 303 just can't carry out the exchange of data with the outside.Thus, prevent conversation key K s3 that random number generating unit 321 generates, the conversation key K s2 that receives with the paired key K d3 of public-key cryptography and Kp3, from memory storage 200, recover that employed keys leak into the outside in the cipher engine 303 such as key K r2.

Fig. 7 represents the inner structure of the cipher engine 203 of memory storage shown in Figure 4 200.These functional blocks also can only pass through hardware, only by software or by their combination, realize with various forms.Cipher engine 203 comprises: control part 220, random number generating unit 221, certificate efferent 22, certificate proof department 223, the 1st decoding part 224, the 1st password portion 225, the 2nd password portion 226, the 2nd decoding part 227, the 3rd decoding part 228, the 3rd password portion 229, the 4th decoding part 230, the 5th decoding part 231, the 4th password portion 232, the 5th password portion 233, recording storage portion 234, the 6th password portion 235, record proof department 236, and the local bus 240 that is electrically connected of at least a portion during these constitute are divided.

Control part 220 is according to the indication of the controller 201 of above-mentioned memory storage 200, the formation of the inside of control cipher engine 203, in addition, in itself and the outside input and output processing of carrying out data between constituting.

Random number generating unit 221 is created on the temporary transient conversation key K s2 that uses in the coded communication between delivery server 100 or the regenerating unit 300, inquiry key K c2, recovers key K r2 by the random number computing.Now the purposes of each key is appended explanation.

The certificate C[KPd2 of certificate efferent 222 output memory storages 200].Certificate both can be kept by certificate efferent 222, also can remain in the storage area of the regulation of memory storage 200, in anti-tamper storage part 204, and it is read.Certificate comprise the public-key cryptography KPd2 with memory storage 200 the certificate main body, with make an addition to electronic signature on the certificate main body.Electronic signature by the authentication root key Ka encrypt.

Certificate proof department 223 is provided by the testimonial checking that provides from the outside.Specifically, by authentication secret Kpa, the certificate C[KPd1 that checking obtains from delivery server 100] and the certificate C[KPd3 that obtains from regenerating unit 300].The particular content of checking as previously described.

224 pairs of data of encrypting by the public-key cryptography KPd2 of itself of the 1st decoding part are deciphered processing.Specifically, in when record, the inquiry key K c1 that issues by delivery server 100 is encrypted with the public-key cryptography KPp2 of memory storage 200, and from delivery server 100 supplies, thus, the public-key cryptography KPd2 by itself deciphers processing to it, taking-up inquiry key K c1.The inquiry key K c1 that has taken out is passed to the 2nd password portion 226.

The 1st password portion 225 carries out encryption by the public-key cryptography KPd1 of delivery server 100 to data.Specifically, by public-key cryptography KPd1, the conversation key K s2 that random number generating unit 221 is generated carries out encryption, and generation speech scrambling key E (KPd1, Ks2).The public-key cryptography KPd1 of the delivery server 100 that is here utilized is by control part 220, from the certificate C[KPd1 of memory storage 200] inside take out, and transmit by local bus 240.

The inquiry key K c1 of the 2nd password portion 226 usefulness delivery servers, 100 issues carries out encryption to data.Specifically, the speech scrambling key K that will receive from the 1st password portion 225 (KPd1 Ks2) is connected with the public-key cryptography KPp2 of itself, with inquiring that key K c1 carries out encryption to it, generation converse key E (Kc1, E (KPd1, Ks2) //KPp2).

The data that 227 couples of conversation key K s2 that generate with random number generating unit 221 of the 2nd decoding part encrypted are deciphered processing.Specifically, from delivery server 100, will permit data LIC as the E (Ks2 that crosses by public-key cryptography KPp2 and conversation key K s2 double-encryption, E (KPp2, LIC)) receives, by conversation key K s2, it is deciphered processing, its result is passed to the 3rd decoding part 228.

228 pairs of data of encrypting with the public-key cryptography KPp2 of itself of the 3rd decoding part are deciphered processing.With the own key K p2 paired with public-key cryptography KPp2, (KPp2 LIC) deciphers, and takes out permission data LIC to the permission data E from 227 transmission of the 2nd decoding part.

The permission data LIC that has taken out supplies to data bus 210 by local bus 240, control part 220, according to the indication of controller 201, is stored in the anti-tamper storage part 204.

The public-key cryptography KPp3 of the 3rd password portion 229 usefulness regenerating units 300 carries out encryption to data.Specifically, to permit data LIC to offer under the situation of regenerating unit 300, with the public-key cryptography KPp3 that takes out from the certificate C " KPd3 " that receives by this regenerating unit 300, inquiry key K c2 to 221 issues of random number generating unit carries out encryption, generation encrypted challenge key E (KPd3, Kc2).(KPd3 Kc2) by local bus 240, passes to control part 220 to the encrypted challenge key E that has generated.In control part 220, with it and from certificate C[KPd2 of certificate efferent 222 output itself] is connected, generation inquiry message E (KPd3, Kc2) //C[KPd2].

230 pairs of data of encrypting with the inquiry key K c2 of random number generating unit 221 issues of the 4th decoding part are deciphered processing.The inquiry key K c2 that generates with random number generating unit 221 to the conversation key E that receives from regenerating unit (Kc2, E (KPd2, Ks3) //KPp3) decipher processing, take out speech scrambling key E (KPd2, Ks3) and the public-key cryptography KPp3 of regenerating unit 300.(KPd2 Ks3) passes to the 5th decoding part 231, and public-key cryptography KPp3 is passed to the 4th password portion 232 and recording storage portion 234 with the speech scrambling key E that taken out.

231 pairs of data of encrypting with the public-key cryptography KPp2 of itself of the 5th decoding part are deciphered processing.Specifically, (KPd2 Ks3) deciphers processing, takes out conversation key K s3 to the speech scrambling key E from 230 transmission of the 4th decoding part with key K d2 own.The conversation key K s3 that has taken out is passed to the 5th password portion 233.

The public-key cryptography KPp3 of the 4th password portion 232 usefulness regenerating units 300 carries out encryption to data.To permit data to offer under the situation of regenerating unit 300, and use the public-key cryptography KPp3 that receives from regenerating unit 300, LIC carries out encryption to the permission data.These permission data LIC reads from anti-tamper storage part 204 according to the indication of controller 201, by data bus 210, control part 220 and local bus 240, passes to the 4th password portion 232.Here, (KPp3 LIC) passes to the 5th password portion 233 with the permission data E that encrypted.

The conversation key K s3 of the 5th password portion 233 usefulness regenerating units, 300 issues carries out encryption to data.Specifically, use conversation key K s3, to permission data E (KPp3, LIC) further encryption, generation encrypted permission data E (Ks3, the E (KPp3, LIC)) that in the 4th password portion 232, encrypts.

234 storages of recording storage portion are with the communication of permitting data LIC and consume relevant historical information.Historical information is the information LicID that is used for specific permission data LIC, the information that is used for the communication of specific permission data LIC, and it comprises conversation key K s3 that the communication by permission data LIC generates, the expression information ST2 from the communication of permission data to the state of consumption (regeneration).

Intrinsic public-key cryptography KPp3 constituted during information ST2 was sent by the information of representing the arbitrary state in following 3 states, permission, and these 3 states refer to: the state (being called " state SP " below) that receives the conversation key; In order to regenerate, send the state (being called " state SL " below) of permission data LIC, with after being regenerated as purpose and will permit data LIC output, the permission data LIC that is write down is returned to output state (being called " state SR " below) before.

The public-key cryptography KPp3 of storage carries out encryption to data in the 235 usefulness recording storage portions 234 of the 6th password portion.Specifically, under the situation of regenerating unit 300 receive status information LicID//ST3//H (Kr2//Ks3//LicID//ST3), with the public-key cryptography KPd3 that receives and be stored in from regenerating unit 300 the recording storage portion 234, recovery key K r2 to 221 issues of random number generating unit carries out encryption, generation recovering information E (KPp3, Kr2).

Record proof department 236 is on one side with reference to the historical information that is stored in the recording storage portion 234, checking is on one side carried out the judgement that could recover of these permission data from the legitimacy of the status information LicID//ST3//H (Kr2//Ks3//LicID//ST3) of regenerating unit 300 receptions.

Fig. 8 and Fig. 9 represent the order delivery server 100 writes down permission data LIC in memory storage 200 till.In this recording processing, between the cipher engine 203 of the cipher engine 103 of delivery server 100 and memory storage 200, construct the coded communication circuit, by this coded communication circuit, will permit data LIC to send to memory storage 200 from delivery server 100.In the drawings, the end device 150 (controller 151) of dividing into delivery server 100 (cipher engine 103), memory storage 200 (cipher engine 203) and carry out exchanges data between delivery server 100 and memory storage 200 is represented to handle.

At first, the controller 151 of end device 150 is to memory storage 200 issue certificate output commands (S102).Controller 201 then to the order of the testimonial output of cipher engine 203 issues, is read certificate C[KPd2 if normally accept certificate output command (S104) from cipher engine 203], and it is outputed to the controller 151 (S106) of end device 150.If controller 151 obtains certificate C[KPd2 from memory storage 200] time, then send it to delivery server 100 (S108).

The controller 101 of delivery server 100 is if receive from the certificate C[KPd2 of memory storage 200 issues] (S110), then it is passed to cipher engine 103, certificate proof department 120 usefulness authenticate key Kpa verify certificate (S112).Under the situation of approval certificate not ("No" among the S112), certificate proof department 120 passes to controller 101 with mistake.Transmitted wrong controller 101 the authentication error notice has been sent to end device 150 (S190).The controller 151 of end device 150 is if receive error notification (S192), then end process singularly.

Under the situation of approval certificate ("Yes" among the S112), cipher engine 103 generates inquiry key K c1 by random number generating unit 122, and the inquiry key K c1 that has generated is passed to the 1st password portion 121 and the 1st decoding part 123.Keep this inquiry key K c1 (S114) in the inside of the 1st decoding part 123.In addition, in the 1st password portion 121, use from certificate C[KPd2] the public-key cryptography KPd2 of the memory storage 200 that takes out, c1 carries out encryption to this inquiry key K, generation encrypted challenge key E (KPd2, Kc1).And rise, with the encrypted challenge key E that generated (KPd2 is Kc1) with itself certificate C[KPd1 from 127 outputs of certificate efferent] combine, generate encrypted challenge key E (KPd2, Kc1) //C[KPd1], and it is passed to controller 101.The encrypted challenge key E that controller 101 will generate (KPd2, Kc1) //C[KPd1] send to end device 150 (S116).

If the controller 151 of end device 150 from delivery server 100 receive inquiry message E (KPd2, Kc1) //C[KPd1] (S118), then to above-mentioned memory storage 200 issue inquiry message verification commands (S120).In memory storage 200, if controller 201 receives the inquiry message verification commands, then to above-mentioned end device 150 request query information E (KPd2, Kc1) //C[KPd1] input (S122).The controller 151 of end device 150 is according to this request, with inquiry message E (KPd2, Kc1) //C[KPd1] output to memory storage 200 (S124).

If memory storage 200 receives inquiry message E (KPd2, Kc1) //C[KPd1] (S126), then in cipher engine 203, control part 220 is from inquiry message E (KPd2, Kc1) //C[KPd1] in take out certificate C[KPd1], and it is passed to certificate proof department 223.Certificate proof department 223 authentication secret KPa, the certificate C[KPd1 that checking is transmitted], will verify that the result passes to control part 220 (S128).

Under the situation of approval certificate not ("No" among the S128), certificate proof department 223 passes to control part 220 with the authentication error notice, and the control part 220 that receives the authentication error notice is notified to controller 201 with it.And the authentication error notice that controller 201 will receive by memory interface 202, sends to the controller 151 (S194) of end device 150.If controller 151 Receipt Validation error notifications (S192) then finish this processing singularly.

Under the situation of approval certificate ("Yes" among the S128), control part 220 from inquiry message E (KPd2, Kc1) //C[KPd1] in, take out public-key cryptography KPd1 and encrypted challenge key E (KPd2, Kc1), they are passed to the 1st password portion the 225, the 1st decoding part 224 respectively.

The public-key cryptography KPd1 that 225 maintenances of the 1st password portion are transmitted.The key K d2 of the 1st decoding part 224 usefulness itself, (KPd2 Kc1) deciphers processing, takes out inquiry key K c1 (S130) to the encrypted challenge key E that transmitted.The inquiry key K c1 that has taken out is transmitted and remains in the 2nd password portion 226 (S132).

On the other hand, if the processing of inquiry message verification command in memory storage 200 finishes, then the controller 151 of end device 150 generates order (S134) to memory storage 200 issue call-informations.In memory storage 200, if controller 201 receives call-information and generates order (S316), then in cipher engine 203 according to the indication of control part 220, random number generating unit 221 generates conversation key K s2, and the conversation key K s2 that has generated is passed to the 2nd decoding part 227 and the 1st password portion 225.The conversation key K s2 (S138) that 227 maintenances of the 2nd decoding part are transmitted.

The 1st password portion 225 is used among the S 130 the public-key cryptography KPd1 that keeps, and the conversation key K s2 that is transmitted is carried out encryption, and (KPd1 Ks2), and passes to the 2nd password portion 226 with it to generate speech scrambling key E.The 2nd password portion 226 with speech scrambling key E (KPd1 Ks2) is connected with public-key cryptography KPp2 itself, is used in the inquiry key K c1 that keeps among the S132, and it is carried out encryption, generate the key E that converses (Kc1, E (KPd1, Ks2) //KPp2) (S140).

If in above-mentioned memory storage 200, call-information generates process of commands to be finished, then the controller 151 issue call-information output commands (S142) of end device 150.If memory storage 200 receives call-information output commands (S144), then controller 201 from cipher engine 203, read conversation key E (Kc1, E (KPd1, Ks2) //KPp2), and it is outputed to the controller 151 (S146) of end device 150.If the controller 151 of end device 150 from memory storage 200 receive conversation key E (Kc1, E (KPd1, Ks2) //KPp2), then send it to delivery server 100 (S148).

The controller 101 of delivery server 100 if receive conversation key E (Kc1, E (KPd1, Ks2) //KPp2) (S150), then it is passed to cipher engine 103.The 1st decoding part 123 usefulness of cipher engine 103 remain on the inquiry key K c1 of its inside, to the conversation key E that transmitted (Kc1, E (KPd1, Ks2) //KPp2) decipher processing, take out speech scrambling key E (KPd1, Ks2) and the public-key cryptography KPp2 of memory storage 200.(KPd1 Ks2) passes to the key K d1 of the 2nd decoding part 124, the 2 decoding parts 124 usefulness itself, it is deciphered to handle take out conversation key K s2 (S152) with the speech scrambling key E that taken out.

Then, the public-key cryptography KPp2 of the 2nd password portion 125 usefulness memory storages 200 of cipher engine 103 carries out encryption to the permission data LIC of scrambler 102 issue, and (KPp2 LIC), and passes to the 3rd password portion 126 with it to generate E.The conversation key K s2 of the 3rd password portion 126 usefulness memory storages 200 issue, (KPp2 LIC) further encrypts, and generates encrypted permission data E (Ks2, E (KPp2, LIC)), and it is passed to controller 101 to the E that transmitted.(Ks2, E (KPp2, LIC)) sends to end device 150 (S154) to controller 101 with the encrypted permission data E that transmitted.

(Ks2, E (KPp2, LIC)) (S156) then permit data write commands (S158) to memory storage 200 issues to the controller 151 of end device 150 if receive the encrypted permission data E that sends from delivery server 100.This permission write command is attended by the address of specifying the record position on the anti-tamper storage part 204.Said here " address " presentation logic address is not the address of directly specifying the record position of anti-tamper storage part 204, controls by controller 201, so that the data that write down behind the assigned address are read by specifying identical address.But it also can be the physical address of the position in the anti-tamper storage part 204 of expression.

If in memory storage 200, the permission write command of receiver terminal device 150 issues, then permit data (S160) to the controller 151 request passwords of end device 150, the controller 151 of end device 150 is according to this request, with encrypted permission data E (Ks2, E (KPp2, LIC)) outputs to memory storage 200 (S162).

(Ks2, E (KPp2, LIC)) (S164) then pass to it the 2nd decoding part 227 in cipher engine 203 if memory storage 200 receives encrypted permission data E.The 2nd decoding part 227 usefulness remain in the conversation key K s2 of its inside, to encrypted permission data E (Ks2, E (KPp2, LIC)) deciphers processing, take out the permission data E that encrypted with public-key cryptography KPp2 itself (KPp2, LIC).And (KPp2 LIC) passes to the 3rd decoding part 228 with the permission data E that taken out.The secret key K p2 that the 3rd decoding part 228 usefulness are paired with public-key cryptography KPp2, (KPp2 LIC) deciphers processing, takes out permission data LIC (S166) to the encrypted permission data E that transmitted, and, it is outputed to data bus 210 by local bus 240, control part 220.Controller 201 will output in the address of the appointment of permission data store in anti-tamper storage part 204 of data bus 210 (S168).

The controller 151 of end device 150 after the processing of permission data write command finishes in memory storage 200, judges whether then record permission data (S170).Under then record permission data conditions ("Yes" among the S170), transfer to S134, from the issue of the generation order of call-information, handle repeatedly.This is under a plurality of permission data conditions of record, to simplify the order that is treated to purpose by having testimonial checking processing jointly.In addition, here, though then data permitted in record,, needn't behind the record of 1 permission data, carry out the record of next permission data at once.If have the state of identical inquiry key K c1 jointly for the cipher engine 203 of the cipher engine 103 of delivery server 100 and memory storage 200, specifically, the 1st decoding part 123 for the cipher engine 103 of delivery server 100, keep the state of identical inquiry key K c1 with the 2nd password portion 226 of the cipher engine 203 of memory storage 200, then can be for constantly arbitrarily.In addition, even then writing down under the permission data conditions, even if handle repeatedly also without any problem from S102.("No" of S170), normally end process under discontinuous record permission data conditions.

By above order, will decipher and regenerate permission data LIC required being recorded in the above-mentioned memory storage 200 to the content of encrypting.Because encrypted content is a general data, and carries out record by the normal commands in the memory storage 200, so here, omit its description.

In addition, the record of permission data LIC and encrypted content data order, formerly all it doesn't matter for which.In addition, also can be in the vacant time of the record of encrypted content data, write down permission data LIC by cutting apart the issue order of maintaining secrecy.

In addition, Fig. 8 and shown in Figure 9, the order end device 150 will be recorded in this memory storage 200 from the permission data LIC that delivery server 100 sends before is the example of situation about normally handling.

Figure 10～Figure 13 represents: the order of reading the Regeneration Treatment till the content key that permission data LIC, deletion read to regenerating unit 300 from this memory storage 200.In this Regeneration Treatment, between the cipher engine 303 of the cipher engine 203 of memory storage 200 and regenerating unit 300, construct the coded communication circuit, by this coded communication circuit, will permit data LIC to send to regenerating unit 300 from this memory storage 200.In addition, this figure controller 301 of regenerating unit 300 of dividing into the cipher engine 303 of memory storage 200 (cipher engine 203), regenerating unit 300 and carrying out the exchange of the data between them illustrates processing.

At first, the controller 301 of regenerating unit 300 carries out testimonial output request (S302) to cipher engine 303.If cipher engine 303 receives this and sends request (S304), prove that then efferent 320 is with certificate C[KPd3] pass to controller 301 (S306).If transmit certificate C[KPd3 from cipher engine 303] (S308), then controller 301 is to memory storage 200 issue certificate verification commands (S310).

In memory storage 200, if receive certificate verification command (S312), then to regenerating unit 300 request certificates.The controller 301 of regenerating unit 300 is according to this request, the certificate C[KPd3 that will transmit from cipher engine 303] export to memory storage 200 (S314).If memory storage 200 receives certificate C[KPd3 (S316), then with the certificate C[KPd3 that is received] pass to inner cipher engine 203.In cipher engine 203, according to the indication of control part 220, certificate proof department 223 authentication secret KPa, checking certificate C[KPd3] (S318).

In S318, under the situation of approval certificate not ("No" among the S318), certificate proof department 223 by control part 220, controller 201, memory interface 202, sends to controller 301 (S490) with the authentication error notice.Controller 301 1 receives error notification (S492), just finishes this processing singularly.

On the other hand, in S318, under having approved testimonial situation ("Yes" among the S318), the control part 220 of cipher engine 203 is from certificate C[KPd3], take out public-key cryptography KPd3, and it is passed to the 3rd password portion 229.The public-key cryptography KPd3 (S320) that 229 maintenances of the 3rd password portion have been transmitted.

If in memory storage 200, the certificate C[KPd3 of approval cipher engine 303], then the controller 301 of regenerating unit 300 is to memory storage 200, and the issue inquiry message generates order (S322).If memory storage 200 receives the inquiry message of regenerating unit 300 issues and generates order (S324), then in cipher engine 203, indication according to control part 220, random number generating unit 221 generates inquiry key K c2, and the inquiry key K c2 that will generate passes to the 3rd password portion 229 and the 4th decoding part 230.

The 4th decoding part 230 remains in its inside (S326) with the inquiry key K c2 that is transmitted.The 3rd password portion 229 is used in the public-key cryptography KPd3 that keeps among the S320, and the inquiry key K c2 that has transmitted is carried out encryption, and generation encrypted challenge key E (KPd3, Kc2).Then, from the certificate C[KPd2 of certificate efferent 222 acquisitions itself], and with its with the encrypted challenge key E that generates (KPd3, Kc2) combination, generate inquiry message E (KPd3, Kc2) //C[KPd2] (S328).

In regenerating unit 300, if inquiry message generates the process of commands end in memory storage 200, then controller 301 is issued inquiry message output commands (S330).If memory storage 200 receives the inquiry message of regenerating unit 300 issues and generates order (S332), then controller 201 takes out inquiry message E (KPd3 from cipher engine 203, Kc2) //C[KPd2], it is outputed to the controller 301 (S334) of regenerating unit 300.

In regenerating unit 300, controller 301 if receive inquiry message E (KPd3, Kc2) //C[KPd2] time, then it is passed to cipher engine 303 (S336).Then, if cipher engine 303 reception inquiry message E (KPd3, Kc2) //C[KPd2] (S338), then the certificate proof department 322 authentication secret Kpa in the cipher engine 303 verifies the certificate (S340) that has transmitted.

Under the situation of approval certificate not ("No" among the S340), certificate proof department 322 sends to controller 301 (S394) with the authentication error notice.Controller 301 then finishes this processing singularly if receive error notification (S492).

On the other hand, under having approved testimonial situation ("Yes" among the S340), (KPd3 Kc2) deciphers the secret key K d3 of the 1st decoding part 323 usefulness self of cipher engine 303, and takes out inquiry key K c2 (S342) to encrypted challenge key E.The inquiry key K c2 that is taken out is transmitted and remains in the 2nd password portion 325.

On the other hand, controller 301 is to memory storage 200 issue permission sense commands (S346).This permission sense command is attended by the address of the read-out position of specifying anti-tamper storage part 204.

Memory storage 200 is if receive the permission sense command (S348) of regenerating unit 300 issues, then read the permission data LIC at the address place that is stored in the appointment in the anti-tamper storage part 204, the permission data LIC that is read remains in the 4th password portion 232 of cipher engine 203 (S350).

Then, controller 301 is to cipher engine 303 request call-informations (S352).If cipher engine 303 receives this request (S354), then random number generating unit 321 generates conversation key K s3, and it is passed to the 1st password portion the 324, the 2nd decoding part 326, recording storage portion 330.The 2nd decoding part 326 and recording storage portion 330 remain in its inside with the conversation key K s3 that is transmitted.At this moment, recording storage portion 330 keeps the information (S355) of the expression " state RP " as information ST3 in the lump.In addition, the 1st password portion 324 usefulness are from the public-key cryptography KPd2 of the memory storage 200 of certificate " KP12 " taking-up, and s2 carries out encryption to the conversation key K, and generation speech scrambling key E (KPd2, Ks3).(KPd2 Ks3) passes to the 2nd password portion 325 with the speech scrambling key E that generated.The 2nd password portion 325 is with the public-key cryptography KPp3 of itself, with the speech scrambling key E (KPd2 that is transmitted, Ks3) combination, be used in the inquiry key K c2 that keeps among the S344, they are carried out encryption, generate call-information E (Kc2, E (KPd2, Ks3) //KPp3), and send it to controller 301 (S356).

If controller 301 from cipher engine 303 receive call-information E (Kc2, E (KPd2, Ks3) //KPp3) (S358), then to memory storage 200 issue call-information processing commands (S360).

If memory storage 200 receives from the call-information processing command (S362) of regenerating unit 300 issues, then to regenerating unit 300 request call-informations, the controller 301 of regenerating unit 300 is according to this request, will be from the call-information E (Kc2 of cipher engine 303 receptions, E (KPd2, Ks3) //KPp3) export to memory storage 200 (S364).

If memory storage 200 receive call-information E (Kc2, E (KPd2, Ks3) //KPp3) (S366), then it is passed to the 4th decoding part 230 of cipher engine 203.The 4th decoding part 230 is used in the inquiry key K c2 that keeps among the S326, to the call-information E that transmitted (Kc2, E (KPd2, Ks3) //KPp3) decipher processing.Then, take out speech scrambling key E (KPd2, Ks3) and the public-key cryptography KPp3 of regenerating unit 300, with speech scrambling key E (KPd2, Ks3) pass to the 5th decoding part 231, in addition, public-key cryptography KPp3 is passed to the 4th password portion 232 and recording storage portion 234.

Then, the 5th decoding part 231 usefulness and public-key cryptography KPd2 itself the are paired secret key K d2 of itself, (KPd2 Ks3) deciphers processing to the speech scrambling key E that transmitted, take out conversation key K s3, and it is passed to the 5th password portion 233 and recording storage portion 234.Conversation key K s3 and public-key cryptography KPp3 that 234 maintenances of recording storage portion are transmitted.In addition, at this moment, also keep the information (S368) of expression " state SP " in the lump.

The public-key cryptography KPp3 of the regenerating unit 300 that the 4th password portion 232 usefulness are transmitted from the 4th decoding part 230 carries out encryption to the permission data LIC that keeps in S350, (KPp3 LIC), and passes to the 5th password portion 233 with it to generate encrypted permission data E.The conversation key K s3 that the 5th password portion 233 usefulness are transmitted from the 5th decoding part 231, (KPp3 LIC) carries out encryption, and (Ks3, E (KPp3, LIC)) (S370) to generate encrypted permission data E to the encrypted permission data E by 232 generations of the 4th password portion.

The controller 301 of regenerating unit 300, if the processing of call-information processing command finishes in memory storage 200, that is, (Ks3, (KPp3 LIC), then issues encrypted permission output commands (S372) to memory storage 200 to E to generate encrypted permission data E.If memory storage 200 receives the encrypted permission output command (S374) of regenerating unit 300 issues, then the control part 220 of cipher engine 203 is recorded in the affirmation (S376) of the control information PC among the permission data LIC.

At control information PC (IV of S376) under 0 the situation, control part 220 is judged to be the permission data of the restriction with regeneration times, and the regeneration of limited number of times finishes, the regeneration condition error notification by controller 201, memory interface 202, is sent to the controller 301 (S3901) of regenerating unit 300.If the error notification (S392) that the controller of regenerating unit 300 301 receiving/storing devices 200 send then finishes this processing singularly.

In addition, in S376, under the situation of control information PC in 1～254 scope (C among the S376), the control information PC that control part 220 will be stored in the permission data in the anti-tamper storage part 204 becomes and subtracts 1 and the value (S378) that obtains.

In addition, in S376, control information PC is (" NA " among the S376) under 255 the situation, and after S378, control part 220 is by controller 201, memory interface 202, with encrypted permission data E (Ks3, E (KPp3, LIC)) export to the controller 301 of regenerating unit 300, and in recording storage portion 234, keep the identifying information LicID of the permission data LIC that exported, information ST2 is become " state SL " (S380).

(Ks3, E (KPp3, LIC)) then send it to cipher engine 303 (S382) if the controller 301 of regenerating unit 300 receives encrypted permission data E from above-mentioned memory storage 200.If cipher engine 303 receives encrypted permission data E (Ks3, E (KPp3, LIC)) (S384), then the 2nd decoding part 326 is used in the conversation key K s3 that keeps among the S354, to encrypted permission data E (Ks3, E (KPp3, LIC)) deciphers processing, with decoding result E (KPp3 LIC) passes to the 3rd decoding part 327.

The own key K p3 that the 3rd decoding part 327 usefulness are paired with public-key cryptography KPp3, to the E (KPp3 that is transmitted, LIC) decipher processing, take out permission data LIC, the identifying information LicID of the permission data LIC that taken out is passed to recording storage portion 330, in addition, content key is passed to content key efferent 328.

The identifying information LicID that 330 maintenances of recording storage portion are transmitted becomes " state RL " (S386) with information ST3, and 328 beginnings of content key efferent provide content transmitted key (S388) to code translator 304.

Controller 301 is in that be in can be when code translator 304 provides the state of content key, confirm whether should realize the affirmation of regeneration ending, promptly, the regeneration ending that is caused is finished in the regeneration of encrypted content data, or ends the regeneration ending (S390) that indication (comprising the indication that regeneration such as end operation, selection operation stop) being caused from user's regeneration.

In S390, under the unclosed situation of regeneration ("No" among the S390), the encrypted content data of playback record in the general data storage part 205 of memory storage 200, and it is supplied to code translator 304 (S392).At this moment, controller 301 is supplied with code translator 304 discontinuously with the encrypted content data of necessary amount, so that successfully carry out Regeneration Treatment in content decoders 305.Then, stopping during code translator 304 supplies, turning back to S390 once more, finish to judge.

On the other hand, then parallel if be in the state that content key can be provided to code translator 304 in cipher engine 303 with the processing of controller 301, begin to monitor that the supervision that the decoding of the code translator 304 of content key efferent 328 is handled handles (S400).The regeneration of the content key that whether begins to provide is provided for content key efferent 328, or does not utilize content key and finish regenerate (S402).

If in S402, confirm to have begun Regeneration Treatment ("Yes" among the S402), then reset the timer of elapsed time determination part 329, begin to decipher the mensuration of the continuous time of processing, wait for through T second (S404).Then, if through T second ("Yes" among the S404), then will permit the information of the situation of data LIC to pass to recording storage portion 330 from the 329 dispensing consumption of elapsed time determination part.Received this recording of information storage part 330 the canned data ST3 of institute has been become " state CL " (S406), finished the supervision of cipher engine 303 and handle.

In addition,, confirmed the end (S among the S402, or the S among the S404) of regeneration, then finished the supervision of cipher engine 303 and handle if in S402 or S404.In the case, be stored in the state that information ST3 in the recording storage portion 330 is in " state RL ".

If in S390, controller 301 is confirmed regeneration ending ("Yes" among the S390), confirms then whether the recovery time surpasses T second (S394).In this is confirmed, such as, the timer that both can use controller 301 to be provided with in inside is confirmed, also can confirm with reference to the elapsed time determination part 329 of cipher engine 303, in addition, also can judge according to the state of the information ST3 of the recording storage portion 330 of cipher engine 303.

In S394, to regenerate and passing through under the T situation of second ("Yes" of S394), controller 301 is regarded as and has been consumed the permission data, judges whether then next content to be carried out Regeneration Treatment (S396).Then do not carry out Regeneration Treatment, that is, do not reading under other the permission data conditions ("No" among the S396), normally finishing this processing.

In S396, plan then to carry out Regeneration Treatment, that is, to read under other the permission data conditions ("Yes" among the S396), controller 301 can be transferred to S346, handles repeatedly from the issue of permission sense command.This is with by in the reading of a plurality of permission data, and handles by shared testimonial checking and simplifies the flow process that is treated to purpose.In addition, though then read the permission data, needn't after read 1 permission data, carry out next and read at once.If be the state of cipher engine 303 and memory storage 200 shared inquiry key K c2, specifically, the 2nd password portion 325 for the cipher engine 303 of regenerating unit 300, keep the state of identical inquiry key K c2 with the 4th decoding part 230 of the cipher engine 203 of memory storage 200, also can be arbitrarily constantly.In addition, even then reading under the permission data conditions, even if from step S302 beginning flow process, also without any problem.Under the permission data conditions of then not reading other ("No" among the S386), controller 301 still normally finishes this processing.

In addition, in S394, less than the T regeneration of second, or under the situation of regenerating ("No" among the S394), controller 301 is judged not consumption permission data, and the recovery of the permission data LIC of opening entry in memory storage 200 is handled.

The controller 301 of regenerating unit 300 generates order (S410) to memory storage 200 issue recovering information.If memory storage 200 receives the recovering information of regenerating unit 300 issues and generates order (S412), then in cipher engine 203, indication according to control part 220, random number generating unit 221 generates recovers key K r2, and the recovery key K r2 that has generated is passed to the 6th password portion 235 and record proof department 236.The recovery key K r2 (S414) that record proof department 236 is transmitted in the inside maintenance.The 6th password portion 235 usefulness remain in the public-key cryptography KPp3 in the recording storage portion 234, and the recovery key K r2 that is transmitted is carried out encryption, generate recovering information E (KPp3, Kr2) (S416).

On the other hand, if recovering information generates the command process end in memory storage 200, then the controller 301 of regenerating unit 300 is issued recovering information output commands (S418).If memory storage 200 receives the recovering information output command (S420) of regenerating units 300 issues, then controller 201 takes out recovering information E from cipher engine 203 (KPp3 Kr2), and outputs to the controller 301 (S422) of regenerating unit 300 with it.(KPp3 in the time of Kr2), sends it to cipher engine 303 (S424) to the controller 301 of regenerating unit 300 receiving the recovering information E that exports from memory storage 200.

If cipher engine 303 receive recovering information E (KPp, Kr2) (S426), the key K p3 of the 4th decoding part 331 usefulness itself of cipher engine 303 then, (KPp3 Kr2) deciphers processing, taking-up recovery key K r2 (S428) to recovering information E.The recovery key K r2 that is taken out is passed to record signature section 332.Record signature section 332 is taken out conversation key K s3, identifying information LicID, information ST3 from recording storage portion 330, they are combined with the recovery key K r2 that transmits from the 4th decoding part 331, generates data Kr2//Ks3//LicID//ST3.Then, carry out hash operations, calculate H (Kr2//Ks3//LicID//ST3), with this operation result and identifying information LicID, status information ST3 combination, generate status information LicID//ST3//H (Kr2//Ks3//LicID//ST3), and output it to the controller 301 (S430) of regenerating unit 300.

If from cipher engine 303 receiving status information LicID//ST3//H (Kr2//Ks3//LicID//ST3) (S432), then the controller 301 of regenerating unit 300 is to memory storage 200 issued state information processing orders (S434).If memory storage 200 receives from the status information processing command (S436) of regenerating unit 300 issues, then to regenerating unit 300 requesting state information.The controller 301 of regenerating unit 300 will output to memory storage 200 (S438) from the status information LicID//ST3//H (Kr2//Ks3//LicID//ST3) of cipher engine 303 outputs according to this request.

If memory storage 200 receiving status information LicID//ST3//H (Kr2//Ks3//LicID//ST3) (S340), then it is passed to inner cipher engine 203.In cipher engine 203, according to the indication of control part 220, whether 236 pairs of status informations of having transmitted of record proof department are verified judge reliably according to status information, whether recover to permit data, promptly whether will permit data to return to the judgement (S442) of the preceding state of output.

In the checking of the status information of S442, confirm following 2 projects.

1) whether the identifying information LicID in the status information consistent with the identifying information LicID in being stored in recording storage portion 234?

2) with identifying information LicID, status information ST3 in the status information, remain in the conversation key K s3 in the recording storage portion 234, the recovery key K r2 combination that in step S414, keeps, to the H as a result (Kr2//Ks3//LicID//ST3) that the data after this combination are carried out the hash function computing, whether consistent with the hashed value H (Kr2//Ks3//LicID//ST3) in the status information?

In the affirmation of above-mentioned 2 projects, under any one all inconsistent situation, decision state information is insecure information, is not the object ("No" among the S442) that recovers.Control part 220 will recover the controller 301 (S450) that error notification sends to regenerating unit 300 by controller 201, memory interface 202.If the controller of regenerating unit 300 301 receives from the error notification (S452) of memory storage 200 outputs, then transfer to S396, continue this processing.

On the other hand, in the affirmation of above-mentioned 2 projects, under 2 equal consistent situations of project, assert that status information is reliable data, in addition, according to information ST3 and the information ST2 that is stored in the recording storage portion 234, judge whether these permission data are to become the permission data of recovering object.The reason of doing like this is from the position of right of the literary property of protection content, be limited to become recover object the permission data from memory storage 200 outputs, and consumption condition in regenerating unit 300 not.Specifically, be limited to information ST2 and be " state RP " for " state SL " and information ST3, or the situation when " state RL ".

If in above-mentioned judgement, be judged to be the object ("Yes" among the S442) of recovery, then the control information PC of the permission data in being stored in anti-tamper storage part 204 is not under 255 the situation, this control information PC is become add 1 and the value (S444) that forms thereon.Then, control part 220 will recover the controller 301 (S446) that notice sends to regenerating unit 300 by controller 201, memory interface 202.The controller 301 of regenerating unit 300 is then transferred to S396 if receive from the error notification (S448) of memory storage 200 outputs, proceeds this processing.

In addition, Figure 10～shown in Figure 13, regenerating unit 300 utilizes the flow process that is stored in the permission data in the memory storage 200 for handling the example of the situation of normally carrying out.

In addition, at the mensuration of recovery time of the judgement of the consumption of permission data, in the present embodiment, measure the elapsed time that the decoding of code translator 304 is handled, but, elapsed time that provides of 305 decode results also can be provided from code translator 304 to content decoders.In addition, also can measure the elapsed time that the decoding of content decoders 305 is handled, or from elapsed time that provides of the regenerated signal of content decoders 305 outputs.

Also have, in the present embodiment, at each content type, such as music, image etc., preset judgment still, also can comprise service regeulations for not being the border time T of " consumption " of permission data in permission data LIC, in addition, also can and use them.Such as, be not set in the border time under the situation of service regeulations, can utilize the predetermined border time.

Have again, in the present embodiment, under the situation of the mensuration in the elapsed time after the regeneration that the consumption of permission data is judged begins, elapsed time determination part 329 comprises timer, utilizes the timer minute, follow the border time T process of second, the judgement of consuming, still, also can be according to the data volume of having handled (decoding or regeneration), derive the elapsed time after regeneration begins, judge the consumption of permission.The reason of doing like this is can be according to the characteristic of the coded system of content-data being carried out form after the encoding process, by the deal with data amount prediction recovery time of content-data.In addition, be under the situation of picture material in content, also can judge the consumption of permission according to handling through decoding or, deriving the elapsed time through the frame number of the view data of Regeneration Treatment.Also can such as " time_code " among the TS that imbeds mpeg data, calculate the elapsed time with reference to the time mark in the flow data (stamp).

In addition, though according to the recovery time, permit the judgement of the consumption of data,, also can be according to the setting of the data boundary amount of the content-data that is made as " consumption ", through the mensuration of the data volume of Regeneration Treatment, the judgement of consuming.Also can calculate the data volume of the time quantum that is not judged to be the right of having consumed regeneration in advance, the data of this amount are offered content decoders 305.Also can be when the regeneration ending of time that is not judged to be the right of having consumed regeneration or data volume, whether the inquiry user continues Regeneration Treatment once more.When the user indicates the end of regeneration, carry out the recovery flow process of above-mentioned permission data.When the user has indicated the continuation of regeneration, continue Regeneration Treatment, do not recover to permit data.

In addition, in the present embodiment, respectively inquiry key K c2 and recovery key K r2 are described, but, also can make the generation that recovers key K r2 become the renewal of inquiry key K c2 at the situation of the shared key that generates by random number generating unit 221 as the memory storage 200 of the transmission object of permission data.In the case, in the cipher engine 203 of memory storage 200, to also pass to the recovery key K r2 that 230 maintenances of the 4th decoding part 230, the 4 decoding parts have been transmitted by the recovery key K r2 that random number generating unit 221 generates, and the inquiry key K c2 that replacement is kept.In addition, from the processing repeatedly of S346, utilize the recovery key K r2 that has kept, and replace inquiry key K c2, carry out the decoding of call-information and handle.In the cipher engine 303 of regenerating unit 300, will pass to the recovery key K r2 that 325 maintenances of 325, the 2 password portions of the 2nd password portion have been transmitted by the recovery key K r2 that the 4th decoding part 331 takes out, and replace the inquiry key K c2 of maintenance.Then, from the processing repeatedly of S346, when generating call-information, replace inquiry key K c2, and utilize the recovery key K r2 that has kept.

In above-mentioned flow process, in the time will permitting that data return to virgin state, the control information PC that the control part 220 of memory storage 200 will be stored in the permission data in the anti-tamper storage part 204 adds 1, returns to the processing of virgin state.In another example, also can be when memory storage 200 export permit data, control information PC before the output of these permission data is recorded in the recording storage portion 234, when the recovery of the data that ask for permission, control information PC before overriding the output that is recorded in the recording storage portion 234 on the control information PC by the permission data in being stored in anti-tamper storage part 204, and return to virgin state.Thus, can positively will permit the control information PC of data to return to virgin state.

In a further example, also can be recorded at the control information PC before the output that will permit data in the recording storage portion 330 of regenerating unit 300, when regenerating unit 300 asks for permission the recovery of data, from recording storage portion 330, read the control information PC before the output of these permission data, and be sent to memory storage 200, it is override on the control information PC that is stored in the permission data in the anti-tamper storage part 204.In the case, regenerating unit 300 also can by its with memory storage 200 between shared shared key, such as the key K s2 etc. that converses, control information PC and identifying information LicID are carried out encryption, and send it to memory storage 200.220 pairs of the control parts of memory storage 200 are 300 that receive from regenerating unit, decipher processing through the control information PC of encryption, and it is override on the control information PC that is stored in the permission data in the anti-tamper storage part 204.

In above-mentioned flow process, being given in provides the permission data side and enjoys the example that side constitutes unidirectional coded communication circuit, still, in another example, also can form two-way coded communication circuit.In the case, also can be the direction that no matter sends the permission data, memory storage 200 is with the communication protocol of slave mode action.Such as, also can be to construct between regenerating unit 300 and the memory storage 200 under the situation of two-way coded communication path, the regenerating unit 300 of enjoyment permission data one side is realized leading function, and the function of the memory storage 200 realization subordinates of a side of permitting data is provided.Thus, can simplify the structure of memory storage 200.In this communication pattern, whether regenerating unit 300 also can make regenerating unit 300 that status information is outputed to memory storage 200 to the ask for permission situation of recovery of data of memory storage 200, in regenerating unit 300 sides, judge and recover to allow.Also can be under the situation of the recovery that allows the permission data, as above-mentioned, regenerating unit 300 will permit the original control information PC of data to send to memory storage 200, override this control information PC among the control information PC of the permission data in being stored in anti-tamper storage part 204, to return to virgin state.

(the 2nd embodiment)

Figure 14 represents the formation of the content delivery system of the 2nd embodiment.The content delivery system of present embodiment is identical with the 1st embodiment, comprise delivery server 100, the received content of distributed contents the end device that provides 150, record the memory storage 200 of the content that offers end device 150, delivery server 100 and end device 150 be respectively by communicator 104,153, by linking as the internet 20 of an example of network.

Be with the difference of the 1st embodiment: in end device 150, the scrambler 102 and the cipher engine 103 of delivery server 100 is set.

In addition; in order to ensure the safety of data in the communication between delivery server 100 and user's the end device 150; between delivery server 100 and user's end device 150,, protect safely according to the digital content management mode separately of SSL or dispensing operator defined.Thus, bring into play function in the same manner with the 1st embodiment.

More than embodiments of the present invention are described, but, present embodiment is an illustration, the invention is not restricted to this embodiment, those having ordinary skill in the art will appreciate that: in the combination of these each component parts or handling procedure, various variation can be arranged, in addition, such distortion example is all at this

In the scope of invention.

Such as, in the above-described embodiment, the functional block carry out encryption and the functional block of deciphering processing are set respectively in cipher engine, still, also can be in these component parts common circuit.Thus, the circuit capable of inhibiting scale helps miniaturization, low consumption electrification.

In the scope of the technical conceive that embodiments of the present invention can provide in the scope of technical scheme, suitably carry out various changes.

Claims (23)

1. content player, wherein utilize be recorded in the memory storage, comprise that the content that is used for content key that encrypted content data is deciphered uses information, encrypted content data is deciphered and is regenerated, it is characterized in that, comprising:

Interface, its and above-mentioned memory storage between the giving and accepting of control data;

Content decoding part, its utilization are contained in the content key in the described content use information, and described encrypted content data is deciphered;

The content key efferent, it receives described content from described memory storage and uses information, and the content key that comprises in the content use information that is received is outputed to described content decoding part;

Recording storage portion, the described content of its storage representation is used the status information of the user mode of information;

Judging part, it obtains the decoding of the described encrypted content data that utilizes described content key in the described content decoding part, or in described content decoding part, utilize described content key and the elapsed time of the regeneration of decoded described encrypted content data, according to the obtained elapsed time, judge whether to regard as and utilized described content key, and judged result is reflected in the status information that is recorded in the described recording storage portion.

2. content player according to claim 1 is characterized in that,

Also comprise and measure the described elapsed time and it is notified to the elapsed time determination part of described judging part;

Described elapsed time determination part after described content key efferent is exported to content key described content decoding part, the elapsed time when measuring the beginning from decoding or Regeneration Treatment;

Described judging part exceeded schedule time according to the described elapsed time, regarded as and had utilized described content key.

3. content player according to claim 1 is characterized in that,

Also comprise and measure the described elapsed time and it is notified to the elapsed time determination part of described judging part;

The data volume that described elapsed time determination part is deciphered according to described content decoding part, or, calculate the elapsed time to the data volume that the encrypted content data after the decoding is reproduced, and it is notified to described judging part;

Described judging part exceeded schedule time according to the described elapsed time, regarded as and had utilized described content key.

4. according to claim 2 or 3 described content players, it is characterized in that the described stipulated time is contained in the described content use information;

The described stipulated time that described content key efferent will be contained in the content use information that is received is exported to described judging part.

5. according to any one described content player in the claim 2～4, it is characterized in that the described stipulated time is 45 seconds.

6. according to any one described content player in the claim 1～5, it is characterized in that, described judging part also comprises control part, it is being judged to be under the situation of not utilizing described content key, to described memory storage request the content use information that is recorded in the described memory storage is returned to and receives state before.

7. content player according to claim 6, it is characterized in that, described control part will comprise the recorded information that is recorded in the described status information in the described recording storage portion and send to described memory storage when the state that returns to described memory storage request before receiving described content use information.

8. content player according to claim 7, it is characterized in that described control part will comprise that the hashed value of the information of shared key shared between described content player and the described memory storage sends to described memory storage with described recorded information.

9. content player according to claim 6 is characterized in that, described recording storage portion stores at least a portion that this content is used information with virgin state when having received described content and use information;

Described control part sends to described memory storage with the content use information that is stored in the virgin state in the described recording storage portion when making the state of described content use information before returning to reception to described memory storage request.

10. content reproducing method, wherein utilize be recorded in the memory storage, comprise that the content that is used for content key that encrypted content data is deciphered uses information, encrypted content data is deciphered and is regenerated, it is characterized in that,

Use information from described memory storage received content, utilize the content key that is contained in the content use information that is received, described encrypted content data is deciphered;

Use the status information of the user mode of information to be stored in the recording storage portion the described content of expression;

Acquisition utilizes the decoding of the described encrypted content data of described content key, or utilize described content key and the elapsed time of the regeneration of decoded described encrypted content data, according to the elapsed time that is obtained, judge whether to regard as and utilized described content key, and this judged result is reflected in the status information that is recorded in the described recording storage portion.

11. content reproducing method according to claim 10 is characterized in that,

The described elapsed time is measured by timer during from the decoding or the beginning of Regeneration Treatment;

When exceeding schedule time, regard as and utilized described content key in the described elapsed time.

12. content reproducing method according to claim 10 is characterized in that,

The described elapsed time is according to the data volume of being deciphered, or the data volume that the encrypted content data after the decoding is reproduced is calculated;

When exceeding schedule time, regard as and utilized described content key in the described elapsed time.

13., it is characterized in that the described elapsed time is contained in the content use information according to claim 11 or 12 described content reproducing methods.

14., it is characterized in that the described stipulated time is 45 seconds according to any one described content reproducing method in the claim 11～13.

15. according to any one described content reproducing method in the claim 10～14, it is characterized in that, be judged to be under the situation of not utilizing described content key, to described memory storage request the content use information that is recorded in the described memory storage returned to and receive state before.

16. content reproducing method according to claim 15, it is characterized in that, the content player that described encrypted content data is deciphered and regenerated, when the state that returns to described memory storage request before receiving described content use information, will comprise that the recorded information that is recorded in the described status information in the described recording storage portion sends to described memory storage.

17. content reproducing method according to claim 16, it is characterized in that described memory storage judges whether to allow described content to use the recovery of information with reference to described recorded information, when being judged to be the permission recovery, described content use information is returned to virgin state.

18. content reproducing method according to claim 17, it is characterized in that, described memory storage also writes down the status information that the described content of expression is used the user mode of information, described memory storage judges whether to allow described content to use the recovery of information with further reference to the described status information that itself writes down.

19. according to claim 16 or 17 described content reproducing methods, it is characterized in that, with being included in the hashed value of the information of shared key shared between described content player and the described memory storage, send to described memory storage with described recorded information.

20. content reproducing method according to claim 18, it is characterized in that, described memory storage is with reference to described hashed value, confirm that it is that itself sends the device that this content is used information that the described content of request is used the content player of the recovery of information, when having confirmed, described content use information is returned to virgin state.

21. according to any one described content reproducing method in the claim 15～19, it is characterized in that, described memory storage is when sending to described content player with described content use information, store at least a portion that this content is used information with virgin state, when making this content use information return to virgin state from this content player request, override content by content use information and use information, thereby return to virgin state in order to the virgin state storage.

22. according to any one described content reproducing method in the claim 15～19, it is characterized in that,

Described recording storage portion stores at least a portion that this content is used information with virgin state when having received described content and use information;

When the state that returns to described memory storage request before receiving described content use information, the content use information that is stored in the virgin state in the described recording storage portion is sent to described memory storage.

23. content reproducing method according to claim 22 is characterized in that, described memory storage overrides content by the content use information with described virgin state and uses information, thereby returns to virgin state.

Images