•
DESCRIPTION
[Title of Invention]
RECORDING MEDIUM APPARATUS AND CONTROLLER
[Technical Field]
5 [0001]
The present invention relates to a recording medium device for recording of
content.
[Background Art]
[0002]
lOInrecent years, as digital technology rapidly spreads, systems have emerged
for distributing digitalized content (hereinafter simply referred to as content) either
by recording media, such as optical discs, or over a network.
[0003]
One characteristic of such content is that quality does not degrade despite
15 duplication. In order to protect the copyright of such content, it is necessary to
prevent the holder of the content from making unauthorized copies. Therefore,
within the system for distributing content, a transmission device that transmits .the
content and a playback device that plays back the received content each confirm that
the other device is a legitimate device that protects copyright. Only when such
20 confirmation is successful does the transmission device transmit the content to the
playback device. In this way, the devices that use the content can be restricted, thus
allowing for protection ofthe copyright on the content.
[0004]
Confirmation that the other device is legitimate makes use of authentication
25 technology based on a public key cryptosystem. An example of authentication
technology based on the public key cryptosystem in Patent Literature 1 is as follows.
[0005]
The transmission device transmits a random number to the playback device.
1
•
Next, the playback device uses a private key allocated to the playback device in
order to generate a signed text by applying a digital signature to the received random
number. The playback device then returns the signed text to the transmission device.
Finally, the transmission device verifies the received signed text using the public key
5 ofthe playback device.
[0006]
In such authentication technology that uses a public key cryptosystem, it is
assumed that the public key itself is valid. In order to perform authentication using a
public key cryptosystem, an organization referred to as a Public Key Certificate
10 Authority issues a public key certificate indicating that the public key corresponding
to a device is legitimate. The public key certificate authority also issues a revocation
list (also referred to as a Certificate Revocation List (CRL) or a Public Key
Revocation List) listing information identifying the revoked public key certificates,
in order to notify other devices that among the issued public key certificates, public
15 key certificates have been revoked for a reason such as the period of validity having
expired, the device to which the certificate was assigned having been operated
maliciously, or the private key having been divulged.
[0007]
The revocation list includes a plurality of pieces of revocation information.
20 Each piece of revocation information includes a serial number identifying the
revoked public key certificate.
[0008]
In Patent Literature 1, a personal computer is composed of a main body and
a drive unit that accesses a recording medium. A check unit included in the main
25 body reads a public key certificate from a buffer memory and extracts an identifier
ofthe drive unit from the read public key certificate. Next, the check unit determines
whether the extracted identifier is included in a drive identifier list that includes
revocation identifiers. When it is determined that the extracted identifier is included,
2
•
the main body considers the drive unit to be unauthorized and suspends
communication with the drive unit.
[Citation List]
[Patent Literature]
5 [0009]
Patent Literature 1: Japanese Patent Application Publication No.
2004-32706
Patent Literature 2: Japanese Patent Application Publication No.
2003-115838
10 Patent Literature 3: Japanese Patent Application Publication No.
2002-281013
Patent Literature 4: Japanese Patent Application Publication No.
2007-519994
[Summary of Invention]
15 [Technical Problem]
[0010]
The check unit in the main body of a personal computer, however, may be
tampered with maliciously. In this case, if the drive unit is unauthorized, then a
check unit that has been tampered with maliciously may determine that the identifier
20 of the unauthorized drive unit is not included in the drive identifier list. In other
words, an unauthorized drive unit may be determined to be valid. The problem of
unauthorized content being acquired from a recording medium via an unauthorized
drive unit may therefore occur.
[0011]
25 In order to resolve this sort of problem, it is an aim of an aspect of the
present invention to provide a recording medium device, a system, a control method,
a computer program, a recording medium, and a controller that can prevent
unauthorized output of content.
3
•
[Solution to Problem]
[0012]
In order to achieve the above aim, an aspect of the present invention is a
recording medium device comprising: a storage unit; and a tamper-resistant
5 controller, the storage unit storing a content and a revocation list including a
revocation identifier that is associated with the content and identifies a revoked
public key certificate allocated to an apparatus related to use of the content, and the
controller including: an acquisition unit configured to acquire an acquisition request
for the content from an apparatus into which the recording medium device is loaded
10 and to acquire an apparatus identifier identifying a public key certificate allocated to
the apparatus; a judgment unit configured to judge whether the acquired apparatus
identifier matches the revocation identifier associated with the content for which the
acquisition request is acquired; and a control unit configured to control to prohibit
output of the content to the apparatus when the judgment unit judges that the
15 apparatus identifier and the revocation identifier match.
[Advantageous Effects of Invention]
[0013]
With this structure, it is determined within the temper-resistant controller,
included in the recording medium device, whether the acquired apparatus identifier
20 and the revocation identifier match, and when the identifiers match, content is not
output, thereby preventing unauthorized output of content from the recording
medium device.
[Brief Description of Drawings]
[0014]
25 Fig. 1 is a configuration diagram showing an overall configuration of a
content management system 109 according to Embodiment 1.
Fig. 2 is a configuration diagram showing an overall configuration of a
content management system lOa according to Embodiment 2.
4
•
Fig. 3 is a block diagram showing the structure of a key issuing device 200.
Figs. 4A through 4D show an example of the data structure of a public key
certificate.
[0015]
5 Fig. 4A shows an example of the data structure of a key distribution device
certificate 252.
[0016]
Fig. 4B shows an example of the data structure of a terminal device
certificate 262.
10 [0017]
Fig. 4C shows an example of the data structure of a recording medium
device certificate 272.
[0018]
Fig. 4D shows an example of the data structure of a production device
15 certificate 282.
Fig. 5 shows an example ofthe data structure of a revocation file 242.
Fig. 6 is a block diagram showing the structure of a content production
device 500.
Fig. 7 shows an example ofa content information registration screen 551t.
20 Fig. 8 shows an example of the data structure of content information
registration data 541.
Fig. 9 shows an example of the data structure of content information
registration data 541 a.
Fig. 10 shows an example of the data structure of content information
25 registration data 541b.
Fig. 11 shows an example of the data structure of content information
registration data 541c.
Fig. 12 shows an example of the data structure of content information
5
•
registration data 541 d.
Fig. 13 shows an example of the data structure of content information
registration data 541 e.
Fig. 14 shows an example of the data structure of content information
5 registration data 541 f.
Fig. 15 is a block diagram showing the structure of a content distribution
device 400.
Fig. 16 shows an example of the data structure of distribution request
information 431.
10 Fig. 17 is a block diagram showing the structure of a key distribution device
100.
Fig. 18 shows an example of the data structure of a content information list
131c.
Fig. 19 shows an example of the data structure of a content information list
15 131a.
Fig. 20 shows an example of the data structure of a content information list
BIb.
Fig. 21 shows an example ofthe data structure ofa concatenated value 180.
Fig. 22 is a block diagram showing the structure of a mutual authentication
20 unit 105 and a mutual authentication unit 604.
Fig. 23 is a block diagram showing the structure of a recording medium
device 600.
Fig. 24 shows an example of the data structure of data stored in a title key
storage unit 611, a content information storage unit 612, a usage condition
25 information storage unit 613, and a revocation file storage unit 614.
Fig. 25 is a block diagram showing the structure of a terminal device 300.
Fig. 26 is a sequence diagram showing the sequence for key issuing and is
continued in Fig. 27.
6
•
Fig. 27 is a sequence diagram showing the seque:pce for key issuing and is
continued from Fig."l.'-
Fig. 28 is a sequence diagram showing the sequence for content production
and content registration and is continued in Fig. 29.
5 Fig. 29 is a sequence diagram showing the sequence for content production
and content registration and is continued from Fig. 28.
Fig. 30 is a sequence diagram showing the sequence for content distribution
and is continued in Fig. 31.
Fig. 31 is a sequence diagram showing the sequence for content distribution
10 and is continued in Fig. 32.
Fig. 32 is a sequence diagram showing the sequence for content distribution
and is continued in Fig. 33.
Fig. 33 is a sequence diagram shoWing the sequence for content distribution
and is continued in Fig. 34.
15 Fig. 34 is a sequence diagram showing the sequence for content distribution
and is continued from Fig. 33.
Fig. 35 is a sequence diagram showing the sequence for mutual
authentication and key sharing,and is continued in Fig. 36.
Fig. 36 is a sequence diagram showing the sequence for mutual
20 authentication and key sharing and is continued from Fig. 35.
Fig. 37 is a flowchart showing operations for generation of an individual
revocation list.
Fig. 38 is a sequence diagram showing the sequence for content playback
and is continued in Fig. 39.
25 Fig. 39 is a sequence diagram showing the sequence for content playback
and is continued from Fig. 38.
Fig. 40 is a block diagram showing the structure of a key issuing device
200a ~ccording to a modification.
7
15
•
Fig. 41 is a configuration diagram showing an overall configuration of a
content management system lOb according to Embodiment 3.
Fig. 42 is a block diagram showing the structure of a server device 400b.
Fig. 43 is a block diagram showing the structure of a terminal device 300b.
5 Fig. 44 shows notification data 331 b as an example of notification data.
Fig. 45 shows notification data 332b as an example ofnotification data.
Fig. 46 shows a request 350b as an example of a request transmitted by the
terminal device 300b.
Fig. 47 shows a request 360b as an example of a request transmitted by the
10 terminal device 300b.
Fig. 48 shows an example of the data structure of a management data table
370b.
Fig. 49 shows notification data 333b as an example of notification data of
"type 1".
Fig. 50 shows notification data 334b as an example of notification data of
"type 2".
Fig. 51 shows an example ofthe data structure of a control data table 341b.
Fig. 52 shows an example ofthe data structure ofa control data table 381b.
Fig. 53 is a configuration diagram showing an overall configuration of a
20 content management system 10c according to a modification.
Fig. 54 is a configuration diagram showing an overall configuration of a
content management system 10d according to a modification. -.-'
Fig. 55 is a configuration diagram showing an overall configuration of a
content management system 10e according to a modification.
25 Fig. 56 is a configuration diagram showing an overall configuration of a
content management system 1Of according to a modification.
[Description ofEmbodiments]
[0019]
8
•
An aspect of the present invention is a recording medium device including a
storage unit and a tamper-resistant controller. The storage unit stores a content and a
revocation list including a revocation identifier that is associated with the content
and identifies a revoked public key certificate of an apparatus related to use of the
5 content. The controller includes an acquisition unit configured to acquire an
acquisition request for the content from the apparatUs into which the recording
medium device is loaded and to acquire an apparatus identifier identifying a public
key certificate allocated to the apparatus; a judgment unit configured to judge
whether the acquired apparatus identifier matches the revocation identifier
10 associated with the content for which the acquisition request is acquired; and a
control unit configured to control to prohibit output of the content to the apparatus
when the judgment unit judges that the apparatus identifier and the revocation
identifier match.
[0020]
15 The storage unit may also store, in association with the content, usage
condition information indicating conditions for use of the content by a user and
including entry information indicating a storage position of the apparatus identifier
in the revocation list. The judgment unit may read the entry information from the
usage condition information stored in the storage unit, read the apparatus identifier
20 from the storage position in the revocation list as indicated by the read entry
information, and perform the judgment using the read apparatus identifier.
[0021]
The acquisition unit may acquire the revocation identifier identifying the
revoked public key certificate allocated to a playback device as the apparatus, the
25 playback device being capable ofplaying back the content.
[0022]
When the judgment unit judges that the acquired apparatus identifier does
not match the revocation identifier, the control unit may permit output of the content
9
•
to the apparatus.
[0023]
When the control unit pennits output of the content to the apparatus, the
control unit may perfonn control so that the title key for decoding the content is
5 output to the apparatus.
[0024]
Another aspect of the present invention is a system comprising a recording
medium device and an apparatus into which the recording medium device is loaded,
the recording medium device including a storage unit and a tamper-resistant
10 controller. The storage unit stores a content and a revocation list including a
revocation identifier that is associated with the content and identifies a revoked
public key certificate of an apparatus related to use of the content. The controller
includes an acquisition unit configured to acquire an acquisition request for the
content from the apparatus into which the recording medium device is loaded and to
15 acquire an apparatus identifier identifying a public key certificate allocated to the
apparatus; a judgment unit configured to judge whether the acquired apparatus
identifier matches the revocation identifier associated with the content for which the
acquisition request is acquired; and a control unit configured to control to prohibit
output of the content to the apparatus when the judgment unit judges that the
20 apparatus identifier and the revocation identifier match.
[0025]
Another aspect of the present invention is a control method used in a
tamper-resistant controller that, along with a storage unit, constitutes a recording
medium device. The storage unit stores a content and a revocation list. The
25 revocation list includes a revocation identifier that is associated with the content and
identifies a revoked public key certificate allocated to an apparatus related to use of
the content. The control method includes the steps of acquiring an acquisition
request for the content from the apparatus into which the recording medium device
10
•
is loaded and to acquire an apparatus identifier identifying a public key certificate
allocated to the apparatus; judging whether the acquired apparatus identifier matches
the revocation identifier associated with the content for which the acquisition
request is acquired; and controlling to prohibit output of the content to the apparatus
5 when the judgment unit judges that the apparatus identifier and the revocation
identifier match.
[0026]
Another aspect of the present invention is a computer-readable recording
medium having recorded thereon a computer program for control used in a
10 tamper-resistant controller that, along with a storage unit, constitutes a recording
medium device. The storage unit stores a content and a revocation list. The
revocation list includes a revocation identifier that is associated with the content and
identifies a revoked public key certificate allocated to an apparatus related to use of
the content. The controller is a computer, and the recording medium stores a
15 computer program for causing the computer to perform the steps of acquiring an
acquisition request for the content from the apparatus into which the recording
medium device is loaded and to acquire an apparatus identifier identifying a public
key certificate allocated to the apparatus; judging whether the acquired apparatus
identifier matches the revocation identifier associated with the content for which the
20 acquisition request is acquired; and controlling to prohibit output of the content to
the apparatus when the judgment unit judges that the apparatus identifier and the
revocation identifier match.
[0027]
Another aspect of the present invention is a computer program for control
25 used in a tamper-resistant controller that, along with a storage unit, constitutes a
recording medium device. The storage unit stores a content and a revocation list.
The revocation list includes a revocation identifier that is associated with the content
and identifies a revoked public key certificate allocated to an apparatus related to use
l 11
•
of the content. The controller is a computer, and the computer program causes the
computer to perform the steps of acquiring an acquisition request for the content
from the apparatus into which the recording medium device is loaded and to acquire
an apparatus identifier identifying a public key certificate allocated to the apparatus;
5 judging whether the acquired apparatus identifier matches the revocation identifier
associated with the content for which the acquisition request is acquired; and
controlling to prohibit output of the content to the apparatus when the judgment unit
judges that the apparatus identifier and the revocation identifier match.
[0028]
10 Another aspect of the present invention is a tamper-resistant controller that,
along with a storage unit, constitutes a recording medium device. The storage unit
stores a content and a revocation list. The revocation list includes a revocation
identifier that is associated with the content and identifies a revoked public key
certificate allocated to an apparatus related to use of the content. The controller
15 includes an acquisition unit configured to acquire an acquisition request for the
content from the apparatus into which the recording medium device is loaded and to
acquire an apparatus identifier identifying a public key certificate allocated to the
apparatus; a judgment unit configured to judge whether the acquired apparatus
identifier matches the revocation identifier associated with the content for which the
20 acquisition request is acquired; and a control unit configured to control to prohibit
output of the content to the apparatus when the judgment unit judges that the
apparatus identifier and the revocation identifier match.
[0029]
Another aspect ofthe present invention is a revocation list generation device
25 for generating a revocation list, comprising an acquisition unit configured to acquire,
for a content, a revocation identifier identifying a revoked public key certificate
allocated to an apparatus related to use of the content; a revocation list generation
unit configured to generate a revocation list including the acquired revocation
12
•
identifier associated with the content; and an output unit configured to output the
revocation list.
[0030]
The acquisition unit may acquire the revocation identifier identifying the
5 revoked public key certificate allocated to a playback device as the apparatus, the
playback device being capable ofplaying back the content.
[0031]
The revocation list generation device may be a content production device
for producing a content by editing material, and the output unit may output the
10 produced content along with the revocation list.
[0032]
The revocation list generation device may further comprise a content
information generation unit that generates content information including a title key
used to encrypt the content, and the output unit may output the generated content
15 information along with the content and the revocation list.
[0033]
The revocation list generation device may further comprise a signature unit
that generates signature data by applying a digital signature to the title key and the
revocation list, and the content information generation unit may generate the content
20 information by including the generated signature data.
[0034]
The content information generation unit may generate the content
information by including one of a content identifier identifying the content, genre
information indicating a genre into which the content is categorized, and quality
25 information indicating quality ofthe content.
[0035]
The revocation list generation device may further comprise a condition
information generation unit configured to generate usage condition information
13
•
indicating conditions for use of the content by a user and including entry
information indicating a storage position of the revocation identifier in the
revocation list, wherein the output unit outputs the generated usage condition
information along with the content and the revocation list.
5 [0036]
Another aspect of present invention is a content management system
comprising a revocation list generation device, a recording medium device, and an
apparatus into which the recording medium device is loaded. The revocation list
generation device generates a revocation list and includes an acquisition unit
10 configured to acquire, for a content, a revocation identifier identifying a revoked
public key certificate allocated to an apparatus related to use of the content; a
revocation list generation unit configured to generate a revocation list associated
with the content and including the acquired revocation identifier; and an output unit
configured to output the revocation list. The recording medium device includes a
15 storage unit and a tamper-resistant controller. The storage unit stores a content and a
revocation list including a revocation identifier that is associated with the content
and identifies a revoked public key certificate of an apparatus related to use of the
content. The controller includes an acquisition unit configured to acquire an
acquisition request .for the content from the apparatus into which the recording
20 medium device is loaded and to acquire an apparatus identifier identifying a public
key certificate allocated to the apparatus; a judgment unit configured to judge
whether the acquired apparatus identifier matches the revocation identifier
associated with the content for which the acquisition request is acquired; and a
control unit configured to control to prohibit output of the content to the apparatus
25 when the judgment unit judges that the apparatus identifier and the revocation
identifier match.
[0037]
Another aspect of the present invention is a revocation list generation
14
•
method used in a revocation list generation device for generating a revocation list,
comprising the steps of: acquiring, for a content, a revocation identifier identifying a
revoked public key certificate allocated to an apparatus related to use of the content;
generating a revocation list including the acquired revocation identifier associated
5 with the content; and outputting the revocation list.
[0038]
Another aspect of the present invention is a computer-readable recording
medium having recorded thereon a computer program for revocation list generation
used in a revocation list generation device for generating a revocation list. The
10 revocation list generation device is a computer, and the computer program causes
the computer to perform the steps of acquiring, for a content, a revocation identifier
identifying a revoked public key certificate allocated to an apparatus related to use
of the content; generating a revocation list including the acquired revocation
identifier associated with the content; and outputting the revocation list.
15 [0039]
Another aspect of the present invention is a computer program for
revocation list generation used in a revocation list generation device for generating a
revocation list. The revocation list generation device is a computer, and the
computer program causes the computer to perform the steps of acquiring, for a
20 content, a revocation identifier identifying a revoked public key certificate allocated
to an apparatus related to use of the content, generating a revocation list including
the acquired revocation identifier associated with the content, and outputting the
revocation list.
[0040]
25 Another aspect of the present invention is an integrated circuit
implementing a revocation list generation device for generating a revocation list,
comprising an acquisition unit configured to acquire, for a content, a revocation
identifier identifying a revoked public key certificate allocated to an apparatus
15
•
related to use of the content; a revocation list generation unit configured to generate
a revocation list including the acquired revocation identifier associated with the
content; and an output unit configured to output the revocation list.
[0041]
5 1. Embodiment 1
As Embodiment 1 of the present invention, a content management system
109 is described with reference to the drawings.
[0042]
(1) As shown in Fig. 1, the content management system 109 includes a
10 revocation list generation device 500g, an apparatus 300g, and a recording medium
device 600.
[0043]
The revocation list generation device 500g includes an acquisition unit 501g,
a revocation list generation unit 502g, and an output unit 503g.
15 [0044]
The acquisition unit 501g acquires, for a content, a revocation identifier
identifying a revoked public key certificate allocated to an apparatus related to use
ofthe content.
[0045]
20 The revocation list generation unit 502g generates a revocation list
including the acquired revocation identifier associated with the content.
[0046]
The output unit 503g outputs the revocation list.
[0047]
25 The recording medium device 600 includes a storage unit 601g and a
tamper-resistant controller 602g.
[0048]
The storage unit 601g stores a content 611g and a revocation list 612g. The
16
•
revocation list 612g includes a revocation identifier, associated with the content
611g, that identifies a revoked public key certificate and is allocated to an apparatus
related to use ofthe content 611 g.
[0049]
5 The controller 602g includes an acquisition unit 621g, a judgment unit 622g,
and a control unit 623g.
[0050]
The acquisition unit 621 g acquires an acquisition request for a content from
the apparatus 300g into which the recording medium device 600g is loaded and
10 acquires an apparatus identifier identifying a public key certificate allocated to the
apparatus 300g.
[0051]
The judgment unit 622g judges whether the acquired apparatus identifier
matches the revocation identifier associated with the content for which the
15 acquisition request is acquired.
[0052]
The control unit 623g controls to prohibit output of the content to the
apparatus 300g when the judgment unit 622g judges that the apparatus identifier and
the revocation identifier match.
20 [0053]
(2) The acquisition unit 501g may acquire the revocation identifier
identifying the revoked public key certificate allocated to a playback device as the
apparatus, the playback device being capable ofplaying back the content.
• [0054]
25 (3) The revocation list generation device 500g may be a content production
device for producing a content by editing material, and the output unit 503g may
output the produced content along with the revocation list.
[0055]
17
•
(4) The revocation list generation device 500g may further include a content
information generation unit (not shown in the figures) that generates content
information including a title key used to encrypt the content, and the output unit
503g may output the generated content information along with the content and the
5 revocation list.
[0056]
(5) The revocation list generation device 500g may further include a
signature unit (not shown in the figures) that generates signature data by applying a
digital signature to the title key and the revocation list, and the content information
10 generation unit may generate the content information by including the generated
signature data.
[0057]
(6) The content information generation unit generates the content
information by including one of a content identifier identifying the content, genre
15 information indicating a genre into which the content is categorized, and quality
information indicating quality ofthe content.
[0058]
(7) The revocation list generation device 500g may further include a
condition information generation unit (not shown in the figures) that generates usage
20 condition information indicating conditions for use of the content by a user and
including entry information indicating a storage position of the revocation identifier
in the revocation list, and the output unit 503g may output the generated usage
condition information along with the content and the revocation list.
[0059]
25 (8) The storage unit 601 g may also store, in association with the content
611g, usage condition information indicating conditions for use of the content by a
user and including entry information indicating a storage position of the apparatus
identifier in the revocation list 612g. The judgment unit 622g may read the entry
18
•
infonnation from the usage condition infonnation stored in the storage unit 601 g,
read the apparatus identifier from the storage position in the revocation list 612g as
indicated by the read entry infonnation, and perfonn the judgment using the read
apparatus identifier.
5 [0060]
(9) The acquisition unit 621 g may acquire the revocation identifier
identifying the revoked public key certificate allocated to a playback device as the
apparatus, the playback device being capable of playing back the content.
[0061]
10 (lO) When the judgment unit 622g judges that the acquired apparatus
identifier does not match the revocation identifier, the control unit 623g may pennit
output ofthe content to the apparatus 300g.
[0062]
(11) When the control unit 623g pennits output of the content to the
15 apparatus, the control unit 623g may perfonn control so that the title key for
decoding the content is output to the apparatus 300g.
[0063]
2. Embodiment 2
As Embodiment 2 of the present invention, a content management system
20 10a is described with reference to the drawings.
[0064]
2.1 Overall Configuration of Content Management System 10a
As illustrated in Fig. 2, the content management system 10a includes a key
distribution device 100, a key issuing device 200, a tenninal device 300, a content
25 distribution device 400, a content production device 500, and a recording medium
device 600.
[0065]
The key distribution device 100, the key issuing device 200, the tenninal
19
•
device 300, the content distribution device 400, and the content production device
500 are connected to each other over a network 20.
[0066]
The network 20 is, for example, the Internet. The recording medium device
5 600 is, for example, a memory card.
[0067]
2.2 Detailed Configuration ofKey Issuing Device 200
As illustrated in Fig. 3, the key issuing device 200 includes a key pair
generation unit 201, a root key pair storage unit 202, a certificate generation unit 203,
lOaprivate key certificate storage unit 204, an input unit 205, a revocation data storage
unit 206, a signature unit 207, a revocation file storage unit 208, a control unit 209, a
communications unit 210, and revocation file generation unit 211.
[0068]
The key issuing device 200 is a computer system composed of a CPU,
15 memory, a secondary storage unit, a network connection unit, a keyboard, and the
like. The root key pair storage unit 202, the private key certificate storage unit 204,
the revocation data storage unit 206, and the revocation file storage unit 208 are each
constituted by the secondary storage unit. The key pair generation unit 201, the
certificate generation unit 203, the signature unit 207, the control unit 209, and the
20 revocation file generation unit 211 are each constituted by the CPU and computer
programs running on the CPU. The communications unit 210 is constituted by the
network connection unit. Finally, the input unit 205 is constituted by the keyboard.
[0069]
Of course, the present invention is not limited to the above structure. For
25 example, the key pair generation unit 201, the certificate generation unit 203, and
the signature unit 207 may alternatively be constituted by dedicated hardware
circuits.
[0070]
20
•
(l) Root Key Pair Storage Unit 202, Private Key Certificate Storage Unit 204,
Revocation Data Storage Unit 206, and Revocation File Storage Unit 208
The root key pair storage unit 202 is provided with a region for storing a
root private key 231 and a root public key 232. The root private key 231 and the root
5 public key 232 are described below.
[0071]
The private key certificate storage unit 204 is provided with a region for
storing a key distribution device private key 251, a key distribution device certificate
252, a terminal device private key 261, a terminal device certificate 262, a recording
10 medium device private key 271, a recording medium device certificate 272, a
production device private key 281, and a production device certificate 282. The key
distribution device private key 251, the key distribution device certificate 252, the
terminal device private key 261, the terminal device certificate 262, the recording
medium device private key 271, the recording medium device certificate 272, the
15 production device private key 281, and the production device certificate 282 are
described below.
[0072]
The revocation data storage unit 206 is provided with a region for storing
revocation data 241. The revocation data 241 is described below.
20 [0073]
The revocation file storage unit 208 is provided with a region for storing a
revocation file 242. The revocation file 242 is described below.
[0074]
(2) Input Unit 205
25 By user operation, the input unit 205 receives input of a terminal device ID
that identifies a revoked terminal device and a recording medium device ill that
identifies a revoked recording medium device.
[0075]
21
•
Alternatively, the input unit 205 may receive input of a model II) for a
revoked terminal device or recording medium device. The model II) is a number
identifying the type of the terminal device or recording medium device. The input
unit 205 may instead receive input of identifying information that identifies the
5 public key certificate allocated to a revoked terminal device or recording medium
device.
[0076]
Next, the input unit 205 writes the received terminal device ID and
recording medium device ID in revocation data 241 stored in the revocation data
storage unit 206.
10 [0077]
In the example in Fig. 5, the revocation data 241 includes a terminal device
ID (243), a terminal device ID (244), ... , a recording medium device ID (245), a
recording medium device ID (246), ....
[0078]
15 Note that in order to distinguish between the terminal device IDs and the
recording medium device IDs included in the revocation data 241, differeJ}t values
may be embedded at the heads of these IDs. For example, terminal device IDs
may start with "00", and recording medium device IDs may start with "10".
20 [0079]
(3) Key Pair Generation Unit 201
The key pair generation unit 201 receives a key generation instruction from
the control unit 209. This key generation instruction indicates to generate the private
keys and the public keys that are to be allocated respectively to the key distribution
25 device 100, the key issuing device 200, the terminal device 300, the content
production device 500, and the recording medium device 600.
[0080]
Upon receiving the key generation instruction, the key pair generation unit
22
•
201 generates the private keys and the public keys to be allocated to the devices,
using the key generation method described below.
[0081]
The following is an example of the key generation method.
5 [0082]
For example, when using a public key cryptosystem based on elliptic curve
cryptography, the key pair generation unit 201 generates a random number x and
takes the random number x to be the private key. Next, the key pair generation unit
201 calculates Y = x * P and takes Y to be the public key. In this context, P is a point
lOon an elliptic curve, and a *B denotes multiplication on an elliptic curve.
[0083]
Note that instead of a public key cryptosystem based on elliptic curve
cryptography, the key pair generation unit 201 may generate the private key and the
public key using a public key cryptosystem based on RSA encryptio~.
15 [0084]
Using the above key generation method, the key pair generation unit 201
generates the root private key 231 and the root public key 232 to be allocated to the
key issuing device 200. Next, the key pair generation unit 201 writes the root private
key 231 and the root public key 232 in the root key pair storage unit 202.
20 [0085]
The root private key 231 and the root public key 232 form the security core
of the content management system lOa.
[0086]
Using the above key generation method, the key pair generation unit 201
25 then generates the key distribution device private key 251 and a key distribution
device public key 254 to be allocated to the key distribution device 100. Using the
above key generation method, the key pair generation unit 201 then generates the
terminal device private key 261 and a terminal device public key 264 to be allocated
23
•
to the terminal device 300. Furthermore, using the above key generation method, the
key pair generation unit 201 generates the recording medium device private key 271
and a recording medium device public key 274 to be allocated to the recording
medium device 600. Finally, using the above key generation method, the key pair
5 generation unit 201 generates the production device private key 281 and a
production device public key 284 to be allocated to the content production device
500.
[0087]
Next, the key pair generation unit 201 writes the key distribution device
10 private key 251, the terminal device private key 261, the recording medium device
private key 271, and the production device private key 281 in the private key
certificate storage unit 204.
[0088]
The key pair generation unit 201 then outputs the key distribution device
15 public key 254, the terminal device public key 264, the recording medium device
public key 274, and the production device public key 284 to the certificate
generation unit 203.
[0089]
(4) Certificate Generation Unit 203
20 The certificate generation unit 203 receives a certificate generation
instruction from the control unit 209. This certificate generation instruction indicates
to generate the public key certificates for the key distribution device 100, the
terminal device 300, the content production device 500, and the recording medium
device 600.
25 [0090]
Upon receiving the certificate generation instruction, the certificate
generation unit 203 generates the public key certificate for each of these devices as
shown below.
24
•
[0091]
The certificate generation unit 203 generates identifiers, described below,
uniquely identifying the public key certificates.
[0092]
5 The identifiers are generated as described below.
[0093]
An identifier is a numerical value. The certificate generation unit 203 stores
the identifier generated immediately before. When generating a new identifier, the
certificate generation unit 203 increments the stored identifier by one to yield the
10 new identifier.
[0094]
Next, the certificate generation unit 203 receives the public key allocated to
the device from the key pair generation unit 201. The certificate generation unit 203
then concatenates the generated identifier with the received public key, yielding a
15 concatenated value.
[0095]
Concatenated value =identifier II public key
A II B indicates a concatenated value generated by concatenating data A and
data B in this order. The identifier and the public key may be further concatenated
20 with other data to generate the concatenated value. Examples of other such data
include a format version of the public key certificate, an expiration date of the
certificate, and an identifier identifying the public key cryptosystem. Next, the
certificate generation unit 203 outputs the generated concatenated value to the
signature unit 207 and instructs the signature unit 207 to generate signature data.
25 [0096]
Next, the certificate generation unit 203 receives the signature data from the
signature unit 207.
[0097]
25
•
Signature data =Sign(root private key, concatenated value)
Here, Sign(A, B) indicates signature data that is generated with a signature
generation algorithm S1 by applying a digital signature to the data B using the key A.
The signature generation algorithm Sl is, for example, EC-DSA (Elliptic
5 Curve-Digital Signature Algorithm).
[0098]
Upon receiving the signature data, the certificate generation unit 203
generates a public key certificate that includes the generated concatenated value and
the received signature data, writing the generated public key certificate in the private
10 key certificate storage unit 204.
[0099]
Next, generation of the public key certificate for each ofthe key distribution
device 100, the terminal device 300, the recording medium device 600, and the
content production device 500 is described. Here, the public key certificate for the
15 key distribution device 100 is the key distribution device certificate 252, and the
public key certificate for the terminal device 300 is the terminal device certificate
262. The public key certificate for the recording medium device 600 is the recording
medium device certificate 272, and the public key certificate for the content
production device 500 is the production device certificate 282.
20 [0100]
Generation of the Key Distribution Device Certificate 252 for the Key Distribution
Device 100
The certificate generation unit 203 generates a key distribution device ID
(253) that uniquely identifies the key distribution device certificate 252. Next, the
25 certificate generation unit 203 receives the key distribution device public key 254
allocated to the key distribution device 100 from the key pair generation unit 201.
The certificate generation unit 203 then concatenates the key distribution device ID
(253) and the key distribution device public key 254 to generate a concatenated
26
•
value. Next, the certificate generation unit 203 outputs the generated concatenated
value to the signature unit 207. The certificate generation unit 203 then receives
signature data 255 from the signature unit 207.
[0101]
5 Signature data 255 = Sign(root private key, key distribution device ID (253)
II key distribution device public key 254)
Upon receiving the signature data 255, the certificate generation unit 203
generates the key distribution device certificate 252 to include the generated
concatenated value and the received signature data 255, as illustrated in Fig. 4A.
10 Next, the certificate generation unit 203 writes the generated key distribution device
certificate 252 in the private key certificate storage unit 204.
[0102]
Generation ofthe Terminal Device Certificate 262 for the Terminal Device 300
The certificate generation unit 203 generates a terminal device ID (263) that
15 uniquely identifies the terminal device certificate 262. Next, the certificate
generation unit 203 receives the terminal device public key 264 allocated to the
terminal device 300 from the key pair generation unit 201. The certificate generation
unit 203 then concatenates the terminal device ID (263) and the terminal device
public key 264 to generate a concatenated value. Next, the certificate generation unit
20 203 outputs the generated concatenated value to the signature unit 207. The
certificate generation unit 203 then receives signature data 265 from the signature
unit 207.
[0103]
Signature data 265 = Sign(root private key, terminal device ID (263) II
25 terminal device public key 264)
Upon receiving the signature data 265, the certificate generation unit 203
generates the terminal device certificate 262 to include the generated concatenated
value and the received signature data 265, as illustrated in Fig. 4B. Next, the
27
•
certificate generation unit 203 writes the generated terminal device certificate 262 in
the private key certificate storage unit 204.
[0104]
Generation of the Recording Medium Device Certificate 272 for the Recording
5 Medium Device 600
The certificate generation unit 203 generates a recording medium device ID
(273) that uniquely identifies the recording medium device certificate 272. Next, the
certificate generation unit 203 receives the recording medium device public key 274
allocated to the recording medium device 600 from the key pair generation unit 201.
10 The certificate generation unit 203 then concatenates the recording medium device
ID (273) and the recording medium device public key 274 to generate a
concatenated value. Next, the certificate generation unit 203 outputs the generated
concatenated value to the signature unit 207. The certificate generation unit 203 then
receives signature data 275 from the signature unit 207.
15 [0105]
Signature data 275 = Sign(root private key, recording medium device ID
(273) II recording medium device public key 274)
Upon receiving the signature data 275, the certificate generation unit 203
generates the recording medium device certificate 272 to include the generated
20 concatenated value and the received signature data 275, as illustrated in Fig. 4C.
Next, the certificate generation unit 203 writes the generated recording medium
device certificate 272 in the private key certificate storage unit 204.
[0106]
Generation of the Production Device Certificate 282 for the Content Production
25 Device 500
The certificate generation unit 203 generates a content provider ill (283)
that uniquely identifies the production device certificate 282. Next, the certificate
generation unit 203 receives the production device public key 284 allocated to the
28
•
content production device 500 from the key pair generation unit 201. The certificate
generation unit 203 then concatenates the content provider ID (283) and the
production device public key 284 to generate a concatenated value. Next, the
certificate generation unit 203 outputs the generated concatenated value to the
5 signature unit 207. The certificate generation unit 203 then receives signature data
285 from the signature unit 207.
[0107]
Signature data 285 = Sign(root private key, content provider ID (283) II
production device public key 284)
10 Upon receiving the signature data 285, the certificate generation unit 203
generates the production device certificate 282 to include the generated concatenated
value and the received signature data 285, as illustrated in Fig. 4D. Next, the
certificate generation unit 203 writes the generated production device certificate 282
in the private key certificate storage unit 204.
15 [0108]
(5) Revocation File Generation Unit 211
The revocation file generation unit 211 is controlled by the control unit 209
to read the revocation data 241 from the revocation data storage unit 206. Next, the
revocation file generation unit 211 outputs the revocation data 241 to the signature
20 unit 207 and instructs the signature unit 207 to generate signature data 247.
[0109]
The revocation file generation unit 211 then receives the signature data 247
from the signature unit 207.
[0110]
25 Signature data 247 = Sign(root private key, revocation data 241)
Next, the revocation file generation unit 211 generates the revocation file
242 to include the revocation data 241 and the signature data 247, as illustrated in
Fig. 5. The revocation file generation unit 211 then writes the generated revocation
29
•
file 242 in the revocation file storage unit 208.
[0111]
(6) Signature Unit 207
The signature unit 207 reads the root private key 231 from the root key pair
5 storage unit 202.
[0112]
Next, the signature unit 207 receives the concatenated value from the
certificate generation unit 203. The signature unit 207 also receives the revocation
data 241 from the revocation file generation unit 211.
10 [0113]
Upon receiving the concatenated value, the signature unit 207 generates
signature data by applying a digital signature with the signature generation
algorithm S1 to the received concatenated value using the read root private key 231.
[0114]
15 Signature data =Sign(root private key 231, concatenated value)
Next, the signature unit 207 outputs the generated signature data to the
certificate generation unit 203.
[0115]
Upon receiving the revocation data 241, the signature unit 207 generates
20 signature data by applying a digital signature with the signature generation
algorithm S1 to the received revocation data 241 using the read root private key 231.
[0116]
Signature data =Sign(root private key 231, revocation data 241)
Next, the signature unit 207 outputs the generated signature data to the
25 revocation file generation unit 211.
[0117]
(7) Communications Unit 210
The communications unit 210 is controlled by the control unit 209 to read
30
•
the root public key 232 from the root key pair storage unit 202. Next, the
communications unit 210 transmits the read root public key 232 over the network 20
to the key distribution device 100, the terminal device 300, and the recording
medium device 600.
5 [0118]
The communications unit 210 also reads the pair of the key distribution
device private key 251 and the key distribution device certificate 252 from the
private key certificate storage unit 204. Next, the communications unit 210 transmits
the read pair of the key distribution device private key 251 and the key distribution
10 device certificate 252 over the network 20 to the key distribution device 100.
[0119]
The communications unit 210 is also controlled by the control unit 209 to
read the pair of the terminal device private key 261 and the terminal device
certificate 262 from the private key certificate storage unit 204. Next, the
15 communications unit 210 transmits the read pair of the terminal device private key
261 and the terminal device certificate 262 over the network 20 to the terminal
device 300.
[0120]
The communications unit 210 is also controlled by the control unit 209 to
20 read the pair of the recording medium device private key 271 and the recording
medium device certificate 272 from the private key certificate storage unit 204. Next,
the communications unit 210 outputs the pair of the recording medium device
private key 271 and the recording medium device certificate 272 to the terminal
device 300 via a manufacturer's device, not shown in the figures, possessed by the
25 recording medium device manufacturer.
[0121]
The communications unit 210 is also controlled by the control unit 209 to
read the pair of the production device private key 281 and the production device
31
•
certificate 282 from the private key certificate storage unit 204. Next, the
communications unit 210 transmits the read pair of the production device private
key 281 and the production device certificate 282 over the network 20 to the content
production device 500.
5 [0122]
The communications unit 210 is also controlled by the control unit 209 to
read the revocation file 242 from the revocation file storage unit 208. Next, the
communications unit 210 transmits the revocation file 242 over the network 20 to
the key distribution device 100.
10 [0123]
(8) Control Unit 209
The control unit 209 generates a key generation instruction. As described
above, this key generation instruction indicates to generate the private keys and the
public keys that are to be allocated respectively to the key distribution device 100,
15 the key issuing device 200, the terminal device 300, the content production device
500, and the recording medium device 600. Next, the control unit 209 outputs the
generated key generation instruction to the key pair generation unit 201.
[0124]
The control unit 209 also generates a certificate generation instruction. As
20 described above, this certificate generation instruction indicates to generate the
public key certificates for the key distribution device 100, the terminal device 300,
the content production device 500, and the recording medium device 600.
[0125]
The control unit 209 also instructs the revocation file generation unit 211 to
25 generate the revocation file 242.
[0126]
Furthermore, the control unit 209 instructs the communications unit 210 to
transmit the root public key 232. The control unit 209 also instructs the
32
•
communications unit 210 to transmit the key distribution device private key 251 and
the key distribution device certificate 252, the tennina1 device private key 261 and
the tenninal device certificate 262, the recording medium device private key 271 and
the recording medium device certificate 272, the production device private key 281
5 and the production device certificate 282, and finally the revocation file 242.
[0127]
2.3 Detailed Configuration ofContent Production Device 500
As illustrated in Fig. 6, the content production device 500 includes a
material storage unit 501, an editing unit 502, an encryption unit 503, a content
10 storage unit 504, a content registration request unit 505, a control unit 506, a title
key generation unit 507, a title key storage unit 508, a private key certificate storage
unit 509, a signature unit 510, a content infonnation registration request unit 511, a
registration data storage unit 512, an input unit 513, a display unit 514, and a
communications unit 515.
15 [0128]
Note that the content production device 500 is a computer system
constituted by a CPU, a memory, a secondary storage unit, a network connection
unit, a keyboard, a liquid crystal display unit, and the like. The material storage unit
501, the content storage unit 504, the title key storage unit 508, the private key
20 certificate storage unit 509, and the registration data storage unit 512 are each
constituted by the secondary storage unit. The editing unit 502, the encryption unit
503, the content registration request unit 505, the control unit 506, the title key
generation unit 507, the signature unit 510, and the content infonnation registration
request unit 511 are each constituted by the CPU and computer programs running on
25 the CPU. The communications unit 515 is constituted by the network connection
unit. The input unit 513 is constituted by the keyboard. Finally, the display unit 514
is constituted by the liquid crystal display unit.
[0129]
33
•
Of course, the present invention is not limited to the above structure. For
example, the encryption unit 503, the title key generation unit 507, and the signature
unit 510 may alternatively be constituted by dedicated hardware circuits.
[0130]
5 (1) Material Storage Unit 501, Content Storage Unit 504, Title Key Storage Unit 508,
and Private Key Certificate Storage Unit 509
The material storage l;lnit 501 stores one or more materials such as video
and audio for a movie or the like. For each material, the video and audio are
digitalized, encoded, and compressed. As production of the video and the audio is
10 not related to the subject of the present invention, a description thereof is omitted.
[0131]
The content storage unit 504 is provided with a region for storing a content
532. As described below, the content 532 is generated by encrypting a plaintext
content 531.
15 [0132]
The title key storage unit 508 is provided with a region for storing a title key
533. The title key 533 is used to encrypt the plaintext content 531.
[0133]
The private key certificate storage unit 509 is provided with a region for
20 storing the production device private key 281 and the production device certificate
282. The production device private key 281 and the production device certificate
282 are received from the key issuing device 200.
[0134]
(2) Editing Unit 502
25 By user operation, the editing unit 502 reads the material stored in the
material storage unit 501 and edits the read material to generate the plaintext content
531. The editing unit 502 outputs the generated plaintext content 531 to the
encryption unit 503.
34
•
[0135]
(3) Title Key Generation Unit 507
The title key generation unit 507 generates a 128-bit random number and
takes the generated random number to be the title key 533. The title key generation
5 unit 507 outputs the generated title key 533 to the encryption unit 503. The title key
generation unit 507 also writes the generated title key 533 in the title key storage
unit 508.
[0136]
(4) Encryption Unit 503
10 The encryption unit 503 receives the plaintext content 531 from the editing
unit 502. The encryption unit 503 also receives the title key 533 from the title key
generation unit 507.
[0137]
Next, the encryption unit 503 encrypts the plaintext content 531 with an
15 encryption algorithm El using the title key 533, thereby generating the content 532.
Unless otherwise noted, the content 532 hereinafter refers to content that has been
encrypted.
[0138]
The encryption algorithm El is an encryption algorithm that uses a private
20 key cryptosystem. The encryption algorithm El is, for example, AES (Advanced
Encryption Standard).
[0139]
Next, the encryption unit 503 writes the content 532 in the content storage
unit 504.
25 [0140]
(5) Content Registration Request Unit 505
The content registration request unit 505 is controlled by the control unit
506 to generate a registration request that requests registration of the content 532 in
35
•
the content distribution device 400. Next, the content registration request unit 505
reads the content 532 from the content storage unit 504.
[0141]
The content registration request unit 505 outputs the read content 532 and
5 the registration request generated for the content to the communications unit 515.
Next, the content registration request unit 505 instructs the communications unit 515
to transmit the content 532 and the registration request for the content to the content
distribution device 400.
[0142]
10 (6) Input Unit 513 and Display Unit 514
Display Unit 514
As illustrated in the example in Fig. 7, the display unit 514 displays a
content information registration screen 551t.
[0143]
15 The registration screen 55lt includes an input field 552t, an input field 553t,
an input field 554t, an input field 555t, an input field 556t, an input field 557t, an
input field 558t, a button 5591, and a button 560t.
[0144]
The input field 552t is a field for receiving input of the content provider ID
. 20 from the producer of the content. Here, the content provider ill is identifying
information that identifies the provider of the content.
[0145]
The input field 553t is a field for receiving input of the content ID from the
producer of the content. Here, the content ID is identifying information that
25 identifies the content.
[0146]
The input field 554t is a field for receiving input of the quality level from
the producer of the content. Here, the quality level is information indicating the level
36
•
of quality of the content. As an example, a quality level of "lID" indicates that the
content is high quality. Specifically, "lID" indicates that the content is high
resolution. A quality level of "SD" indicates that the content is standard quality.
Specifically, "SD" indicates that the content is standard resolution.
5 [0147]
The input field 555t is a field for receiving input of genre information from
the producer ofthe content. Here, the genre information is information indicating the
type or category of content and indicates the genre to which the content belongs.
Examples ofgenre include "action", fantasy", thriller", "comedy", and the like.
10 [0148]
The input field 556t is a field for receiving input of usage condition
information from the producer of the content. Here, the usage condition information
is information indicating conditions placed on the user of the content by the
producer of the content. Examples of usage condition information include limiting
15 the period of usage of the content or the number of times the content may be used,
e.g. "Usable through December 2012" or "playable up to 10 times".
[0149]
The input field 557t is a field for receiving input of authentication condition
information from the producer of the content. Here, the authentication condition
20 information is information indicating conditions placed on the user of the content by
the producer ofthe content.
[0150]
An example of authentication condition information is "confirm connection
once every three times". If "confirm connection once every three times" is set as the
25 authentication condition information, authentication is performed as follows. When
the content is used on the terminal device 300, the terminal device 300 requests
connection to the content distribution device 400 once every three usages. After the
connection is established, the content distribution device 400 confirms the
37
•
authenticity of the terminal device 300, the authenticity of the content, and the
authenticity of the recording medium device 600 on which the content is stored. If
the authenticity of any of the above cannot be confirmed, playback of the content is
not permitted. Conversely, when the authenticity of all of the above is confirmed,
5 playback ofthe content is permitted.
[0151]
Another example of authentication condition information is "confirm
connection of the title key". If "confirm connection of the title key" is set as the
authentication condition information, authentication is performed as follows. When
10 the content is used on the terminal device 300, the terminal device 300 requests
connection to the key distribution device 100. After the connection is established,
the key distribution device 100 confirms the authenticity of the terminal device 300,
the authenticity of the title key, and the authenticity of the recording medium device
600 on which the title key is stored. If the authenticity of any of the above cannot be
15 confirmed, playback of the content is not permitted. Conversely, when the
authenticity of all of the above is confirmed, use of the title key and playback of the
content is permitted.
[0152]
The input field 558t is a field for receiving input of a revoked device ID
20 from the producer of the content. Here, the revoked device ill is identifying
information that identifies a revoked device.
[0153]
An example of input of a revoked device ID is "0005, 0006". The numbers
"0005, 0006" indicate that the devices identified by identifying information "0005"
25 and "0006" have been revoked.
[0154]
Another example of input ofa revoked device ID is "0101-0106". The range
"0101-0106" indicates that the devices identified by identifying information "0101",
38
•
"0102", "0103", "0104", "0105", and "0106" have been revoked.
[0155]
Another example of input of a revoked device ill is "0101-0106,
0110-0120". The ranges "0101-0106,0110-0120" indicate that the devices identified
5 by identifying information "0101", "0102", ..., and "0106", as well as by identifying
information "011 0", "0111", ..., and "0120" have been revoked.
[0156]
The buttons 559t and 560t are for receiving input of whether the producer of
the content approves of revocation or not. The producer ofthe content selects one of
10 the buttons 559t and 56Ot.
[0157]
Approval of revocation indicates that the producer of the content approves
of confirmation, when the terminal device 300 uses the content, of whether the
terminal device 300 has been revoked based on an individual revocation list attached
15 to the content.
[0158]
In order to approve of revocation, the producer of the content selects the
button 559t. In order not to approve of revocation, the producer of the content
selects the button 56Ot.
20 [0159]
As described above, one of the buttons 559t and 560t must be selected.
When the button 559t is selected, the producer of the content must fill in the input
field 558t.
[0160]
25 Note that the registration screen is not limited to the registration screen 55lt
illustrated in Fig. 7.
[0161]
The registration screen 55lt need not include the input fields 554t, 555t,
39
•
556t, and 557t. Alternatively, the registration screen 551t need not include the input
fields 553t, 554t, 556t, and 557t. Finally, the registration screen 551t need not
include the input fields 553t, 555t, 556t, and 557t.
[0162]
5 Input Unit 513
The input unit· 513 receives the results of input from the producer of the
content for the input fields 552t, 553t, ..., 558t, and the buttons 559t and 560t. In
other words, the input unit 513 receives, from the producer of the content, input of
the content provider ID, the content ill, the quality level, the genre information, the
10 usage condition information, the authentication condition information, the revoked
device ID, and the revocation approval. Upon receiving input of the above, the input
unit 513 generates content information registration data 541 that includes the content
provider ill, the content ID, the quality level, the genre information, the usage
condition information, the authentication condition information, the revoked device
15 ID, and a revocation approval flag. Next, the input unit 513 writes the generated
registration data 541 in the registration data storage unit 512.
[0163]
Here, the revocation approval flag is set to "ON" when the button 559t is
selected. Conversely, when the button 560t is selected, the revocation approval flag
20 is set to "OFF".
[0164]
Items that were not input on the registration screen 551t are not included in
the registration data 541. For example, as described above, data might not be input
for the input fields 554t, 555t, 556t, 557t, and 558t. Accordingly, the quality level,
25 the genre information, the usage condition information, the authentication condition
information, and the revoked device ill might not be included in the registration data
541.
[0165]
40
•
(7) Signature Unit 510
The signature unit 510 receives an instruction to generate a signature from
the control unit 506. Upon receipt of the instruction to generate a signature, the
signature unit 510 reads the registration data 541 from the registration data storage
5 unit 512. The signature unit 510 then determines whether the revocation approval
flag included in the read registration data 541 is "ON" or "OFF".
[0166]
If the revocation approval flag is "OFF", the signature unit 510 does
nothing.
10 [0167]
If the revocation approval flag is "ON", the signature unit 510 reads the
production device private key 281 from the private key certificate storage unit 509.
Next, the signature unit 510 generates signature data by applying a digital signature
with the signature generation algorithm S1 to the read registration data 541 using the
15 production device private key 281.
[0168]
Here, the signature generation algorithm S1 is a signature generation
algorithm based on a public key cryptosystem. An example ofencryption technology
used in a public key cryptosystem is elliptic curve cryptography. In this case, the
20 signature generation algorithm SI is, for example, EC-DSA (Elliptic Curve-Digital
Signature Algorithm).
[0169]
Next, the signature unit 510 adds the generated signature data to the
registration data 541 and overwrites the registration data 541 stored in the
25 registration data storage unit 512 with the registration data 541 to which the
signature data has been added.
[0170]
(8) Content Information Registration Request Unit 511
41
•
The content infonnation registration request unit 511 is controlled by the
control unit 506 to read the title key 533 from the title key storage unit 508. Next,
the content infonnatioil registration request unit 511 appends the read title key 533
to the registration data 541 stored in the registration data storage unit 512.
5 [0171]
The content infonnation registration request unit 511 is controlled by the
control unit 506 to generate a registration request indicating a request to register
content infonnation registration data in the key distribution device 100. Next, the
content infonnation registration request unit 511 reads the registration data 541 from
10 the registration data storage unit 512, outputs the registration request and the
registration data 541 to the communications unit 515, and instructs the
communications unit 515 to transmit these items to the key distribution device 100.
[0172]
(9) Communications Unit 515
15 The communications unit 515 receives the production device private key
281 and the production device certificate 282 from the key issuing device 200 over
the network 20. Next, the communications unit 515 writes the production device
private key 281 and the production device certificate 282 in the private key
certificate storage unit 509.
20 [0173]
The communications unit 515 receives the production device private key
281 and the production device certificate 282 from the key issuing device 200 over
the network 20. Next, the communications unit 515 .writes the production device
private key 281 and the production device certificate 282 in the private key
25 certificate storage unit 509.
[0174]
The communications unit 515 receives the content registration request and
the content 532 from the content registration request unit 505. Next, the
42
•
communications unit 515 transmits the received registration request and content 532
to the content distribution device 400 over the network 20.
[0175]
The communications unit 515 receives the content information registration
5 request and the registration data 541 from the content information registration
request unit 511. Next, the communications unit 515 transmits the received
registration request and registration data 541 to the key distribution device 100 over
the network 20.
[0176]
10 (10) Registration Data Storage Unit 512
The registration data storage unit 512 stores the content information
registration data 541.
[0177]
Figs. 8 through 14 show examples of registration data. Note that in the
15 examples of registration data shown in Figs. 8 through 14, a title key and signature
data has been added.
[0178]
Registration Data 541
The registration data 541 shown in Fig. 8 includes a content provider ID
20 (542), a content ID (543), genre information 544, a quality level (545), a title key
546, usage condition information 547, connection condition information 548,
revocation information 549, and a revocation approval flag 552. The revocation
information 549 includes a terminal device ID (550) and a terminal device ID (551).
[0179]
25 Here, the revocation approval flag 552 is "ON", and therefore the
registration data 541 includes the revocation information 549.
[0180]
The registration data 541 thus indicates that the producer of the content
43
•
approves ofconfinnation, when the tenninal device 300 uses the content, of whether
the tenninal device 300 has been revoked based on an individual revocation list
attached to the content.
[0181]
5 Registration Data 541 a
The registration data 541 a shown in Fig. 9 includes a content provider ID
(542a), a content ID (543a), genre infonnation 544a, a quality level (545a), a title
key 546a, usage condition infonnation 547a, connection condition infonnation 548a,
and a revocation approval flag 552a.
10 [0182]
Here, the revocation approval flag 552a is "OFF", and therefore the
registration data 541a does not include revocation infonnation.
[0183]
The registration data 541 a thus indicates that the producer of the content
15 does not approve of confinnation, when the tenninal device 300 uses the content, of
whether the tenninal device 300 has been revoked based on an individual revocation
list attached to the content.
[0184]
Registration Data 541b
20 The registration data 541b shown in Fig. 10 includes a content provider ID
(542b), a content ID (543b), genre infonnation 544b, a quality level (545b), a title
key 546b, usage condition infonnation 547b, connection condition infonnation 548b,
revocation infonnation 549b, a revocation approval flag 552b, and signature data
553b. The revocation infonnation 549b includes a tenninal device ID (550b) and a
25 tenninal device ID (551b).
[0185]
Here, the revocation approval flag 552b is "ON", and therefore the
registration data 541b includes the revocation infonnation 549b.
44
•
[0186]
The signature data 553b is data generated by applying a digital signature
with the signature generation algorithm S1 to a concatenated value using the
production device private key 281. In this case, the concatenated value is a
5 concatenation, in the following order, of the content provider ID (542b), the co~tent
ID (543b), the genre information 544b, the quality level (545b), the title key 546b,
the usage condition information 547b, the connection condition information 548b,
the revocation information 549b, and the revocation approval flag 552b.
[0187]
10 The registration data 541b thus indicates that the producer of the content
approves of confirmation, when the terminal device 300 uses the content, of whether
the terminal device 300 has been revoked based on an individual revocation list
attached to the content.
[0188]
15 Registration Data 541 c
The registration data 541c shown in Fig. 11 includes a content provider ID
(542c), a content ID (543c), genre information 544c, a quality level (545c), a title
key 546c, usage condition information 547c, and connection condition information
548c.
20 [0189]
The registration data 541 c includes neither a revocation approval flag nor
revocation information.
[0190]
The registration data 541 c thus indicates that the producer of the content
25 does not approve of confirmation, when the terminal device 300 uses the content, of
whether the terminal device 300 has been revoked based on an individual revocation
list attached to the content.
[0191]
45
•
Registration Data 541d
The registration data 541d shown in Fig. 12 includes a content provider ID
(542d), a content ID (543d), genre information 544d, a quality level (545d), a title
key 546d, usage condition information 547d, connection condition information 548d,
5 revocation information 549d, a revocation approval flag 552d, and signature data
553d. The revocation information 549d includes a terminal device ID (550d) and a
terminal device ID (551d).
[0192]
Here, the revocation approval flag 552d is "ON", and therefore the
10 registration data 541d includes the revocation information 549d.
[0193]
The signature data 553d is data generated by applying a digital signature
with the signature generation algorithm S1 to a concatenated value using the
production device private key 281. In this case, the concatenated value is a
15 concatenation, in the following order, of the content provider ID (542d), the content
ID (543d), the genre information 544d, the quality level (545d), the title key 546d,
the usage condition information 547d, the connection condition information 548d,
the revocation information 549d, and the revocation approval flag 552d.
[0194]
20 Registration Data 541 e
The registration data 541 e shown in Fig. 13 includes a content provider ID
(542e), a content ID (543e), genre information 544e, usage condition information
547e, connection condition information 548e, revocation information 54ge, a
revocation approval flag 552e, and signature data 553e. The revocation information
25 54ge includes a terminal device ID (550e) and a terminal device ill (551e).
[0195]
Here, the revocation approval flag 552e is "ON", and therefore the
registration data 541e includes the revocation information 54ge.
46
•
[0196]
The signature data 553e is data generated by applying a digital signature
with the signature generation algorithm S1 to a concatenated value using the
production device private key 281. In this case, the concatenated value is a
5 concatenation, in the following order, of the content provider ID (542e), the content
ID (543e), the genre information 544e, the usage condition information 547e, the
connection condition information 548e, the revocation information 54ge, and the
revocation approval flag 552e.
[0197]
10 Registration Data 541 f
The registration data 541 f shown in Fig. 14 includes a content provider ID
(542f), a quality level (545f), usage condition information 547[, connection
condition information 548f, revocation information 549[, a revocation approval flag
552f, and signature data 553f. The revocation information 549f includes a terminal
15 device ID (550f) and a terminal device ID (551f).
[0198]
Here, the revocation approval flag 552f is "ON", and therefore the
registration data 541f includes the revocation information 549f.
[0199]
20 The signature data 553f is data generated by applying a digital signature
with the signature generation algorithm S1 to a concatenated value using the
production device private key 281. In this case, the concatenated value is a
concatenation, in the following order, of the content provider ID (542f), the quality
level (545f), the usage condition information 547f, the connection condition
25 information 548f, the revocation information 549f, and the revocation approval flag
552f.
[0200]
(11) Control Unit 506
47
•
The control unit 506 outputs an instruction to generate a signature to the
signature unit 510.
[0201]
The control unit 506 causes the content registration request unit 505 to
5 output a content registration request.
[0202]
The control unit 506 also causes the content information registration request
unit 511 to output a content information registration request.
[0203]
10 2.4 Detailed Configuration ofContent Distribution Device 400
As shown in Fig. 15, the content distribution device 400 includes a control
unit 401, a communications unit 402, a content storage unit 403, a mutual
authentication unit 404, and a display unit 405.
[0204]
15 The content distribution device 400 is a computer system composed of a
CPU, memory, a secondary storage unit, a network connection unit, and the like.
The content storage unit 403 is constituted by the secondary storage unit. The
control unit 401 is constituted by the CPU and computer programs running on the
CPU. The communications unit 402 is constituted by the network connection unit.
20 [0205]
(1) Content Storage Unit 403
The content storage unit 403 is provided with a region for storing the
content 532.
[0206]
25 (2) Communications Unit 402
The communications unit 402 receives a content registration request and the
content 532 from the content production device 500 over the network 20. Next, the
communications unit 402 writes the received content 532 in the content storage unit
48
•
403.
[0207]
The communications unit 402 receives distribution request information 431,
which indicates a content distribution request, from the terminal device 300 over the
5 network 20. The distribution request information 431 includes, for example, a
content provider ID (432) and a content ID (433), as shown in the example in Fig.
16. The communications unit 402 outputs the distribution request information 431 to
the control unit 401.
[0208]
10 The communications unit 402 receives a content from the control unit 401
and, based on an instruction from the control unit 401, transmits the received content
to the terminal device 300 over the network 20.
[0209]
(3) Control Unit 401
15 The control unit 401 receives the distribution request information 431 from
a distribution request reception unit 430. Upon receiving the distribution request
information 431, the control unit 401 searches within the content storage unit 403
for the content identified by the content ID (433) included in the distribution request
information 431. Upon finding the content identified by the content ID (433), the
20 control unit 401 reads the content from the content storage unit 403, outputs the read
content to the communications unit 402, and instructs the communications unit 402
to transmit the content to the terminal device 300.
[0210]
(4) Mutual Authentication Unit 404
25 The mutual authentication unit 404 performs mutual authentication and key
sharing with a connected device. Details are omitted here, as this processing is the
same as processing by a mutual authentication unit 105, described below, in the key
distribution device 100.
49
•
[0211]
(5) Display Unit 405
The display unit 405 is controlled by the control unit 401 to display
information.
5 [0212]
2.5 Detailed Configuration ofKey Distribution Device 100
As shown in Fig. 17, the key distribution device 100 includes a
communications unit 101, a revocation judgment unit 102, a revocation file storage
unit 103, a private key certificate storage unit 104, a mutual authentication unit 105,
10 a root public key storage unit 106, an encryption/decryption unit 107, a verification
unit 108, a content information generation unit 109, an update unit 11 0, a content
information list storage unit 111, a control unit 112, and a display unit 113.
[0213]
The key distribution device 100 is a computer system composed of a CPU,
15 memory, a secondary storage unit, a network connection unit, a liquid crystal display
unit, and the like. The revocation file storage unit 103, the private key certificate
storage unit 104, the root public key storage unit 106, and the content information
list storage unit 111 are each constituted by the secondary storage unit. The
revocation judgment unit 102, the mutual authentication unit 105, the
20 encryption/decryption unit 107, the verification unit 108, the content information
generation unit 109, the update unit 110, and the control unit 112 are each
constituted by the CPU and computer programs running on the CPU. The
communications unit 101 is constituted by the network connection unit. Finally, the
display unit 113 is constituted by the liquid crystal display unit.
25 [0214]
Of course, the present invention is not limited to the above structure. For
example, the encryption/decryption unit 107, the mutual authentication unit 105, and
the verification unit 108 may alternatively be constituted by dedicated hardware
50
•
circuits.
[0215]
(1) Root Public Key Storage Unit 106, Revocation File Storage Unit 103, Private
Key Certificate Storage Unit 104, and Content Information List Storage Unit 111
5 Root Public Key Storage Unit 106
The root public key storage unit 106 is provided with a region for storing
the root public key 232.
[0216]
Revocation File Storage Unit 103
10 The revocation file storage unit 103 is provided with a region for storing the
revocation file 242.
[0217]
Private Key Certificate Storage Unit 104
The private key certificate storage unit 104 is provided with a region for
15 storing the key distribution device private key 251 and the key distribution device
certificate 252.
[0218]
Content Information List Storage Unit 111
The content information list storage unit 111 stores a content information
20 list 131c. For example, the content information list 131c includes a plurality of
pieces of content related information, as shown in the data structure of the content
information list 131c in Fig. 18. Each piece of content related information includes
content information, revocation information, authentication condition information,
and usage condition information. The content information includes a content
25 provider ID, a content ill, genre information, a quality level, and a title key.
[0219]
The revocation information, the authentication condition information, the
usage condition information, the content provider ID, the content ID, the genre
51
•
information, the quality level, and the title key are as described above.
[0220]
As shown in Fig. 18, the content information list 131c includes a piece of
content related information 132, for example. The content information included in
5 the content related information 132 includes a content provider ID (133) "01 ", a
content ill (134) "0001", genre information 135 "action", a quality level136 "SD",
and a title key 137 "XXXX". The revocation information 138 does not include
anything. The authentication condition information 139 indicates "confirm
connection once every three times", and the usage condition information 140
10 indicates "playable up to 10 times". Note that the title key 137 "XXXX" does not
indicate that the title key is actually "XXXX". From the perspective of content
protection, it is not appropriate to display the title key as is, and therefore a value of
"XXXX" is displayed.
[0221]
15 In the content information list 131c shown in Fig. 18, the revocation
information is not set within any of the pieces of content related information.
[0222]
(2) Communications Unit 101
The communications unit 101 receives the root public key 232, the
20 revocation file 242, the key distribution device private key 251, and the key
distribution device certificate 252 from the key issuing device 200 over the network
20. Next, the communications unit 101 writes the received root public key 232 in the
root public key storage unit 106. The communications unit 101 also writes the
received revocation file 242 in the revocation file storage unit 103. Finally, the
25 communications unit 101 writes the received key distribution device private key 251
and key distribution device certificate 252 in the private key certificate storage unit
104.
[0223]
52
•
The communications unit 101 receives the content information registration
data 541 from the content production device 500 over the network 20. Next, the
communications unit 101 outputs the received registration data 541 to the update
unit 110.
5 [0224]
The communications unit 101 also receives a content information
transmission request from the content terminal device 300 over the network 20. Next,
the communications unit 101 outputs the content information transmission request to
the control unit 112.
10 [0225]
(3) Update Unit 110
The update unit 110 receives the registration data 541 from the
communications unit 101. Upon receiving the registration data 541, the update unit
110 outputs the received registration data 541 to the verification unit 108 and
15 instructs the verification unit 108 to verify the signature data. The update unit 110
receives the verification results from the verification unit 108. When the verification
results indicate that verification failed, the update unit 110 does not use the
registration data 541. Accordingly, the registration data 541 is not processed in this
case. On the other hand, when the verification results indicate that verification
20 succeeded, or when the verification results indicate that verification of the signature
data was not performed, the update unit 110 updates the content information list
131c stored in the content information list storage unit 111 using the received
registration data 541.
[0226]
25 The update unit 110 updates the content information list 131c as follows.
[0227]
The update unit 110 checks whether content related information containing
the same content ill as the content ID included in the registration data 541 is
53
•
included in the content information list 131c.
[0228]
(a) If content related information including the same content ill as the
content ID included in the registration data 541 is included in the content
5 information list 131c, the update unit 110 adds the other items included in the
registration data 541 to the content related information, or overwrites the items in
the content related information with the other items included in the registration data
541.
[0229]
10 For example, when revocation information is included in the registration
data 541, the update unit 110 adds the revocation information included in the
registration data 541 to the content related information, or overwrites the revocation
information in the content related information with the revocation information
included in the registration data 541. The same is true for other items in the
15 registration data 541. If the content related information already includes an item that
is the same as an item included in the registration data 541, it is not necessary to
overwrite the item in the content related information.
[0230]
(b) If content related information including the same content ill as the
20 content ID included in the registration data 541 is not included in the content
information list 131c, the update unit 110 generates content related information
including the items included in the registration data 541, and adds the generated
content related information to the content information list 131c.
[0231]
25 Content Information List 131a
Fig. 19 shows a content information list 131a as an example of a content
information list updated in the above way. In the content information list 131a, the
revocation information 138 in the content related information 132 shown in Fig. 18
54
•
is updated to revocation information 138a in the content related information 132a.
The revocation information 138a includes ''terminal device ill: 0005, terminal
device ill: 0006".
[0232]
5 The difference between the content information list 131a shown in Fig. 19
and the content information list 131c is that ''terminal device ID: 0005" and
"terminal device ID: 0006" have been added to the content related information 132
as revocation information. As shown in this example, the content production device
500 identifies a content ID, allowing for addition of revocation information to a
10 particular content.
[0233]
Content Information List 131b
Fig. 20 shows a content information list 131b yielded by further updating
the content information list 131a. In the content information list 131b, the content
15 related information 132b and content related information 132c have been updated.
[0234]
The content information list 131b is yielded by updating the content
information list 131a using the registration data 541 f shown in Fig. 14.
[0235]
20 The difference from the content information list 131a is the addition, to both
the content related information 132b and the content related information 132c, of
"terminal device ID: 0003" and ''terminal device ID: 0004" as revocation
information. As shown in this example, revocation information can be added to a
plurality of pieces of content related information by indicating both the content
25 provider ID and the quality level. Here, a content provider ill of "01" and a quality
level of "HD" are indicated, thereby adding revocation information of "terminal
device ill: 0003" and "terminal device ID: 0004" to both the content related
information 132b and the content related information 132c.
55
•
[0236]
(4) Verification Unit 108
The verification unit 108 receives the registration data 541 from the update
unit 110. Upon receiving the registration data 541, the verification unit 108
5 determines whether the revocation approval flag is included in the registration data
541. When the revocation approval flag is not included, the verification unit 108
does nothing with the registration data 541 and simply outputs, to the update unit
110, verification results indicating that the signature data was not verified.
[0237]
10 When the revocation approval flag is included, the verification unit 108
determines whether the revocation approval flag is "ON".
[0238]
When the revocation approval flag is "OFF", the verification unit 108 does
nothing with the registration data 541 and outputs, to the update unit 110,
15 verification results indicating that the signature data was not verified.
[0239]
On the other hand, when the revocation approval flag is "ON", the
verification unit 108 extracts data other than the signature data from the registration
data 541 and then extracts the signature data. The verification unit 108 also reads the
20 root public key 232 from the root public key storage unit 106. Next, the verification
unit 108 verifies the digital signature by applying a signature verification algorithm
VI to the data other than the signature data and the verification data in the
registration data 541, using the read root public key 232. The verification unit 108
generates verification results and outputs the verification results to the update unit
25 110. The verification results indicate whether verification of the digital signature
succeeded or failed.
[0240]
(5) Content Information Generation Unit 109
56
•
The content information generation unit 109 receives an instruction to
generate content information from the control unit 112. Upon receiving the
instruction to generate content information, the content information generation unit
109 extracts the content ill from the instruction.
5 [0241]
The content information generation unit 109 searches for the extracted
content ill within the content information list 131c stored in the content information
list storage unit 111. In other words, the content information generation unit 109
determines whether content related information including the extracted content ID is
10 located in the content information list 131c. When not finding the extracted content
ID, the content information generation unit 109 generates a message indicating that
the extracted content ID was not found. The content information generation unit 109
then transmits the generated message to the other device and suspends subsequent
processing.
15 [0242]
On the other hand, when finding the extracted content ID, the content
information generation unit 109 performs the following processing.
[0243]
Generation of Individual Revocation List 141
20 When finding the extracted content ID, the content information generation
unit 109 performs the following processing to generate an individual revocation list
141, an example ofwhich is shown in Fig. 21.
[0244]
The content information generation unit 109 initializes the individual
25 revocation list 141. In this state, the individual revocation list 141 contains nothing.
[0245]
Next, the content information generation unit 109 repeats steps (a) through
(e) for the content related information in the content information list 131c.
57
•
[0246]
(a) Read the content related infonnation.
[0247]
(b) Attempt to extract revocation infonnation from the read content related
5 infonnation.
[0248]
(c) When revocation infonnation exists, generate an entry ID. The entry ID
is generated by storing the most recently generated entry ID and incrementing the
stored entry ID by "1".
10 [0249]
(d) Generate individual revocation infonnation including the generated
entry ID and the revocation infonnation.
[0250]
(e) Add the generated individual revocation infonnation to the individual
15 revocation list 141.
[0251]
Generation of Encrypted Content Infonnation
The content infonnation generation unit 109 reads the content related
infonnation that includes the extracted content ID from the content infonnation list
20 131c. Next, the content infonnation generation unit 109 extracts the content
infonnation, the authentication condition infonnation, and the usage condition
infonnation from the read content related infonnation.
[0252]
As shown in Fig. 21, the content infonnation generation unit 109 generates
25 new content infonnation 161 by including the extracted authentication condition
infonnation in the extracted content infonnation. The content infonnation generation
unit 109 also extracts the entry ID corresponding to the extracted content ill from
the individual revocation list 141 and generates new usage condition infonnation
58
•
162 by including the extracted entry ill in the usage condition information, as shown
in Fig. 21.
[0253]
Next, the content information generation unit 109 reads the key distribution
5 device private key 251 from the private key certificate storage unit 104. As shown in
Fig. 21, the content information generation unit 109 then generates a concatenated
value 180 by concatenating the content information 161, the usage condition
information 162, and the individual revocation list 141. Next, the content
information generation unit 109 generates signature data 181 by applying a digital
10 signature with the signature generation algorithm 81 to the concatenated value 180
using the key distribution device private key 251.
[0254]
The content information generation unit 109 then outputs the concatenated
value 180 and the signature data 181 to the encryption/decryption unit 107. Next, the
15 content information generation unit 109 instructs the encryption/decryption unit 107
to encrypt the concatenated value 180 and the signature data 181 and transmit the
results to the recording medium device 600.
[0255]
(6) Mutual Authentication Unit 105
20 As shown below, the mutual authentication unit 105 performs mutual
authentication with the recording medium device 600 (or with the terminal device
300) and shares the same shared key with the recording medium device 600 (or with
the terminal device 300).
[0256]
25 As shown in Fig. 22, the mutual authentication unit 105 includes a random
number generation unit All, a random number comparison unit A12, a decryption
unit A13, an encryption unit A14, a verification unit A15, and a key sharing unit
A16.
59
•
[0257]
The random number generation unit AI0 generates a random number Rl
and outputs the generated random number Rl to the random number comparison
unit A12. The random number generation unit All also transmits the generated
5 random number Rl to the other device with which mutual authentication is being
performed (here, the recording medium device 600 or the terminal device 300).
[0258]
The decryption unit A13 receives an encrypted random number E3(Rl)
from the other device with which mutual authentication is being performed. Next,
10 the decryption unit A13 decrypts the received encrypted random number E3(Rl) by
applying a decryption algorithm D3, thereby generating decrypted text Rl', which
equals D3(E3(Rl)). The decryption unit A13 then outputs the generated decrypted
text Rl' to the random number comparison unit A12.
[0259]
15 The decryption algorithm D3 is a decryption algorithm that uses a secret
key cryptosystem. An example of the decryption algorithm D3 is AES. E3(A)
represents an encrypted text generated by applying an encryption algorithm E3 to a
plaintext A. D3(B) represents a decrypted text generated by applying the decryption
algorithm D3 to the encrypted text B.
20 [0260]
The random number comparison unit A12 receives the random number Rl
and the decrypted text Rl'. The random number comparison unit A12 then compares
the random number Rl and the decrypted text Rl'. If the random number Rl and the
decrypted text Rl' match, the mutual authentication unit 105 determines that the
25 other device is authentic. If the random number Rl and the decrypted text Rl' do not
match, the mutual authentication unit 105 determines that the other device with
which mutual authentication is being performed is not authentic.
[0261]
60
•
The encryption unit A14 receives the random number R2 from the other
device. Upon receiving the random number R2, the encryption unit A14 encrypts the
random number R2 by applying an encryption algorithm E4 to generate an
encrypted random number E4(R2) and transmits the generated encrypted random
5 number E4(R2) to the other device.
[0262]
The encryption algorithm E4 is an encryption algorithm that uses a secret
key cryptosystem. An example of the encryption algorithm E4 is AES. E4(A)
represents an encrypted text generated by applying the encryption algorithm E4 to a
10 plaintext A.
[0263]
When mutual authentication is successful, the verification unit A15 reads
the key distribution device certificate 252 from the private key certificate storage
unit 104. Next, the verification unit A15 transmits the read key distribution device
15 certificate 252 to the other device. From the other device, the verification unit A15
receives the public key certificate of the other device. When the other device is the
recording medium device 600 (or the terminal device 300), the public key certificate
is the recording medium device certificate 272 (or the terminal device certificate
262).
20 [0264]
The verification unit A15 then reads the root public key 232 from the root
public key storage unit 106 and verifies the public key certificate of the other device
using the read root public key 232.
[0265]
25 When verification fails, the following processing is not performed. When
verification is successful, the key sharing unit A16 calculates a shared key k by
performing key sharing processing.
[0266]
61
•
When mutual authentication with the other device is successful, the mutual
authentication unit 105 outputs verification results to the control unit 112 indicating
that mutual authentication was successful.
[0267]
5 (7) Revocation Judgment Unit 102
The revocation judgment unit 102 receives the identifying information of
the other device with which mutual authentication is performed from the mutual
authentication unit 105. The identifying information of the other device is included
in the public key certificate of the other device. Here, the other device with which
10 mutual authentication is being performed is the recording medium device 600 or the
terminal device 300. The identifying information of the other device is either the
terminal device ID identifying the terminal device 300 or the recording medium
device ID identifying the recording medium device 600. The identifying information
of the other device may instead be the model ID of the terminal device 300 or the
15 recording medium device 600. Alternatively, the identifying information ofthe other
device may be identifying information identifying the public key certificate
allocated to the device.
[0268]
The revocation judgment unit 102 judges whether the identifying
20 information of the other device is included in the revocation file 242 stored in the
revocation file storage unit 103.
[0269]
When judging that the identifying information of the other device is
included in the revocation file 242 stored in the revocation file storage unit 103, the
25 revocation judgment unit 102 considers the other device to be malicious, generates a
message indicating that the other device is malicious, and outputs the generated
message to the control unit 112, which suspends processing and transmission with
the other device.
62
•
[0270]
(8) Encryption/Decryption Unit 107
When the mutual authentication unit 105 successfully performs mutual
authentication with the other device, the encryption/decryption unit 107 receives the
5 shared key k from the mutual authentication unit 105.
[0271]
When transmitting plaintext data to the other device, the
encryption/decryption unit 107 encrypts the plaintext data to generate encrypted data
by applying an encryption algorithm E2 using the shared key k. Next, the
10 encryption/decryption unit 107 outputs the encrypted data to the communications
unit 101 and instructs the communications unit 101 to transmit the encrypted data to
the other device.
[0272]
When receiving encrypted data from the other device, the
15 encryption/decryption unit 107 decrypts the encrypted data to generate the original
plaintext data by applying a decryption algorithm D2 using the shared key k. Next,
the encryption/decryption unit 107 outputs the plaintext data to a constituent element
ofthe key distribution device 100.
[0273]
20 The encryption algorithm E2 is an encryption algorithm that uses a secret
key cryptosystem. An example of the encryption algorithm E2 is AES. The
decryption algorithm D2 is a decryption algorithm that uses a secret key
cryptosystem. An example of the decryption algorithm D2 is AES. The decryption
algorithm D2 decrypts encrypted text that was encrypted with the encryption
25 algorithm E2.
[0274]
The encryption/decryption unit 107 can thus protect data over the
communications channel.
63
•
[0275]
For example, the encryption/decryption unit 107 receives the concatenated
value 180 and the signature data 181 from the content information generation unit
109. Next, the encryption/decryption unit 107 encrypts the concatenated value 180
5 and the signature data 181 to generate an encrypted content information
concatenated value by applying the encryption algorithm E2 using the shared key k.
The encryption/decryption unit 107 then instructs the communications unit 101 to
transmit the generated encrypted content information concatenated value to the
recording medium device 600.
10 [0276]
(9) Control Unit 112
The control unit 112 receives a content information transmission request
from the content terminal device 300 over the network 20 via the communications
unit 101. Upon receiving the content information transmission request, the control
15 unit 112 instructs the mutual authentication unit 105 to perform mutual
authentication with the recording medium device 600. When mutual authentication
is successful, the control unit 112 instructs the revocation judgment unit 102 to
confirm whether the terminal device 300 or the recording medium device 600 has
been revoked.
20 [0277]
The control unit 112 receives authentication results, indicating success of
mutual authentication with the other device, from the mutual authentication unit 105.
Upon receiving the authentication results, the control unit 112 instructs the content
information generation unit 109 to generate content information.
25 [0278]
The control unit 112 controls each of the constituent elements in the key
distribution device 100.
[0279]
64
•
(10) Display Unit 113
The display unit 113 is controlled by the control unit 112 to display
information.
[0280]
5 2.6 Detailed Configuration ofRecording Medium Device 600
As shown in Fig. 23, the recording medium device 600 includes a controller
601, a memory 602, and an I/O unit 603.
[0281]
The controller 601 is tamper resistant and includes a mutual authentication
10 unit 604, a revocation judgment unit 605, an encryption/decryption unit 606, a
verification unit 607, and a control unit 608. The memory 602 includes a private key
certificate storage unit 609, a root public key storage unit 610, a title key storage
unit 611, a content information storage unit 612, a usage condition information
storage unit 613, a revocation file storage unit 614, and a content storage unit 615.
15 [0282]
The controller 601 is a computer system composed of a CPU, memory, an
I/O unit, and the like. The mutual authentication unit 604, the revocation judgment
unit 605, the encryption/decryption unit 606, the verification unit 607, and the
control unit 608 are each constituted by the CPU and computer programs running on
20 the CPU. Of course, the present invention is not limited to the above structure. For
example, the mutual authentication unit 604, the revocation judgment unit 605, the
encryption/decryption unit 606, and the verification unit 607 may alternatively be
constituted by dedicated hardware circuits within the controller 601.
[0283]
25 (1) Memory 602
Private Key Certificate Storage Unit 609
The private key certificate storage unit 906 is provided with a region for
storing the recording medium device private key 271 and the recording medium
65
•
device certificate 272.
[0284]
The recording medium device private key 271 and the recording medium
device certificate 272 are written into the private key certificate storage unit 609 by
5 the manufacturing device (not shown in the figures) that manufacturers the recording
medium device 600.
[0285]
Root Public Key Storage Unit 610
The root public key storage unit 610 is provided with a region for storing
10 the root public key 232. The root public key 232 is written into the root public key
storage unit 610 by the manufacturing device (not shown in the figures) that
manufacturers the recording medium device 600.
[0286]
Title Key Storage Unit 611
15 The title key storage unit 611 is provided with a region for storing a title key
175. The title key 175 is received from the key distribution device 100.
[0287]
Content Information Storage Unit 612
The content information storage unit 612 is provided with a region for
20 storing the content information 161. The content information 161 is received from
the key distribution device 100.
[0288]
The content information storage unit 612 receives content information from
the key distribution device 100. When signature verification is successful, the
25 content information storage unit 612 stores the content information or uses the
content information for updating.
[0289]
Usage Condition Information Storage Unit 613
66
•
The usage condition information storage unit 613 is provided with a region
for storing the usage condition information 162. The usage condition information
162 is received from the key distribution device 100.
[0290]
5 Revocation File Storage Unit 614
The revocation file storage unit 614 is provided with a region for storing the
individual revocation list 141. The individual revocation list 141 is received from the
key distribution device 100.
[0291]
10 When signature verification is successful upon receipt of the individual
revocation list 141 from the key distribution device 100, the revocation file of the
individual revocation list 141 in the revocation file storage unit 614 is updated, or
the individual revocation list 141 is stored in the revocation file storage unit 614.
[0292]
15 Content Storage Unit 615
The content storage unit 615 receives a content from the terminal device
300 and stores the content. The content storage unit 615 also receives a read request
from the terminal device 300 and transmits the content to the terminal device 300.
(2) I/O Unit 603
20 The I/O unit 603 receives an acquisition request from the terminal device
300 and transmits the title key to the terminal device 300.
[0293]
The I/O unit 603 receives the encrypted content information concatenated
value and outputs the received encrypted content information concatenated value to
25 the encryption/decryption unit 606.
[0294]
(3) Verification Unit 607
The verification unit 607 receives the concatenated value 180 and the
67
•
signature data 181 from the encryption/decryption unit 606. Upon receiving the
concatenated value 180 and the signature data 181, the verification unit 607 verifies
the digital signature by applying a signature verification algorithm VI to the
concatenated value 180 and the signature data 181 using the key distribution device
5 public key 254 included in the key distribution device certificate 252.
[0295]
When verification fails, the verification unit 607 generates a message
indicating that verification failed, and processing terminates.
[0296]
10 When verification is successful, the verification unit 607 generates a
message indicating that verification succeeded. Next, the verification unit 607
extracts the title key from the concatenated value 180 and writes the extracted title
key in the title key storage unit 611. The verification unit 607 also extracts content
information other than the title key from the concatenated value 180 and writes the
15 extracted content information in the content information storage unit 612.
Furthermore, the verification unit 607 extracts the usage condition information from
the concatenated value 180 and writes the extracted usage condition information in
the usage condition information storage unit 613. Finally, the verification unit 607
then extracts the individual revocation list from the concatenated value 180 and
20 writes the extracted individual revocation list in the revocation file storage unit 614.
[0297]
(4) Mutual Authentication Unit 604
The mutual authentication unit 604 performs mutual authentication with the
key distribution device 100 (or with the content distribution device 400) and shares a
25 shared key with the key distribution device 100 (or with the content distribution
device 400).
[0298]
As shown in Fig. 22, the mutual authentication unit 604 includes an
68
•
encryption unit BU, a random number generation unit B12, a decryption unit B13, a
random number comparison unit B14, a verification unit B15, and a key sharing unit
B16.
[0299]
5 The encryption unit B11 receives the random number Rl from the other
device (key distribution device 100). Upon receiving the random number Rl, the
encryption unit B11 encrypts the random number Rl by applying the encryption
algorithm E3 to generate the encrypted random number E3(Rl) and transmits the
generated encrypted random number E3(Rl) to the other device.
10 [0300]
The encryption algorithm E3 is an encryption algorithm that uses a secret
key cryptosystem. An example of the encryption algorithm E3 is AES. E3(A)
represents an encrypted text generated by applying the encryption algorithm E3 to a
plaintext A.
15 [0301]
The random number generation unit BI0 generates a random number R2.
The random number generation unit B10 then outputs the generated random number
R2 to the random number comparison unit B14. The random number generation unit
B10 also transmits the generated random number R2 to the other device with which
20 mutual authentication is being performed (the key distribution device 100).
[0302]
The decryption unit B13 receives the encrypted random number E4(R2)
from the other device with which mutual authentication is being performed. Next,
the decryption unit B13 decrypts the received encrypted random number E4(R2) by
25 applying a decryption algorithm D4, thereby generating decrypted text R2', which
equals D4(E4(R2)). The decryption unit B13 then outputs the generated decrypted
text R2' to the random number comparison unit B14.
[0303]
69
•
The decryption algorithm D4 is an encryption algorithm that uses a secret
key cryptosystem. An example of the decryption algorithm D4 is AES. E4(A)
represents a decrypted text generated by applying the decryption algorithm D4 to the
encrypted text A. D4(B) represents a decrypted text generated by applying the
5 decryption algorithm D4 to the encrypted text B.
[0304]
The random number comparison unit B14 receives the random number R2
and the decrypted text R2'. The random number comparison unit B14 then compares
the random number R2 and the decrypted text R2'. If the random number R2 and the
10 decrypted text R2' match, the mutual authentication unit 604 determines that the
other device is authentic. If the random number R2 and the decrypted text R2' do not
match, the mutual authentication unit 604 determines that the other device with
which mutual authentication is being performed is not authentic.
[0305]
15 When mutual authentication is successful, the verification unit B15 reads
the recording medium device certificate 272 from the private key certificate storage
unit 609. Next, the verification unit B15 transmits the read recording medium device
certificate 272 to the other device. From the other device, the verification unit B15
receives the public key certificate of the other device. When the other device is the
20 key distribution device 100, the public key certificate is the key distribution device
certificate 252. The verification unit B15 then reads the root public key 232 from the
root public key storage unit 610 and verifies the public key certificate of the other
device using the read root public key 232.
[0306]
25 When verification fails, the following processing is not performed. When
verification is successful, the key sharing unit B16 calculates a shared key k' by
performing key sharing processing.
[0307]
70
•
When mutual authentication with the other device is successful, the mutual
authentication unit 604 outputs verification results to the control unit 608 indicating
that mutual authentication was successful.
[0308]
5 (5) Revocation Judgment Unit 605
The revocation judgment unit 605 receives the identifying information of
the other device with which mutual authentication is performed from the mutual
authentication unit 604. The identifying information of the other device is included
in the public key certificate of the other device. In this case, the other device with
10 which mutual authentication is performed is the terminal device 300. The identifying
information of the other device is the terminal device ID identifying the terminal
device 300. The identifying information of the other device may instead be the
model ill of the terminal device 300. Alternatively, the identifying information of
the other device may be identifying information identifying the public key certificate
15 allocated to the device.
[0309]
The revocation judgment unit 605 judges whether the identifying
information of the other device is included in the individual revocation information
that (i) corresponds to the content ID identifying the content that is to be played
20 back and (ii) is listed in the individual revocation list 141 stored in the revocation
file storage unit 103.
[0310]
When the identifying information of the other device is included in the
individual revocation information, the revocation judgment unit 605 considers the
25 terminal device 300 to be malicious and generates a message indicating that the
terminal device 300 is malicious. Next, the revocation judgment unit 605 outputs the
generated message to the control unit 112, which suspends processing and
transmission with the terminal device 300.
71
•
[0311]
(6) Encryption/Decryption Unit 606
When data is transmitted during communication for mutual authentication
between the recording medium device 600 and the key distribution device 100, or
5 between the recording medium device 600 and the terminal device 300, the
encryption/decryption unit 606 encrypts the data using the shared key k' generated
by the mutual authentication unit 604. When data is received, the
encryption/decryption unit 606 decrypts the data using the shared key k'. Data is
thus protected over the communications channel.
10 [0312]
For example, the encryption/decryption unit 606 receives the encrypted
content information concatenated value from the I/O unit 603. Upon receiving the
encrypted content information concatenated value, the encryption/decryption unit
606 decrypts the encrypted content information concatenated value by applying the
15 decryption algorithm D2 using the shared key k' . As a result, the
encryption/decryption unit 606 generates the concatenated value 180 and the
signature data 181 shown in Fig. 21. Next, the encryption/decryption unit 606
outputs the concatenated value 180 and the signature data 181 to the verification unit
607.
20 [0313]
2.7 Detailed Configuration of Terminal Device 300
As shown in Fig. 25, the terminal device 300 includes a private key
certificate storage unit 301, root public key storage unit 302, revocation judgment
unit 303, a mutual authentication unit 304, an I/O unit 305, a revocation file storage
25 unit 306, a extraction unit 307, an encryption/decryption unit 308, a communications
unit 309, a content playback unit 310, a content decryption unit 311, a control unit
312, an input unit 313, and a display unit 314.
[0314]
72
•
The terminal device 300 is a computer system composed of a CPU, memory,
a secondary storage unit, a network connection unit, a memory card connection unit,
and the like. The private key certificate storage unit 301, the root public key storage
unit 302, and the revocation file storage unit 306 are each constituted by the
5 secondary storage unit. The revocation judgment unit 303, the mutual authentication
unit 304, the extraction unit 307, the encryption/decryption unit 308, the content
playback unit 310, the content decryption unit 311, and the control unit 312 are each
constituted by the CPU and computer programs running on the CPU. The
communications unit 210 is constituted by the network connection unit. Finally, the
10 I/O unit 305 is constituted by the memory card connection unit.
[0315]
Of course, the present invention is not limited to the above structure. For
example, the mutual authentication unit 304, the encryption/decryption unit 308, the
content playback unit 310, and the content decryption unit 311 may alternatively be
15 constituted by dedicated hardware circuits.
[0316]
(1) Private Key Certificate Storage Unit 301, Root Public Key Storage Unit 302, and
Revocation File Storage Unit 306
Private Key Certificate Storage Unit 301
20 The private key certificate storage unit 301 is provided with a region for
storing the terminal device private key 261 and the terminal device certificate 262.
The terminal device private key 261 and the terminal device certificate 262 are
written into the private key certificate storage unit 301 by the manufacturing device
that manufacturers the terminal device 300.
25 [0317]
Root Public Key Storage Unit 302
The root public key storage unit 302 is provided with a region for storing
the root public key 232. The root public key 232 is written into the root public key
73
•
storage unit 302 by the manufacturing device (not shown in the figures) that
manufacturers the terminal device 300.
[0318]
Revocation File Storage Unit 306
5 The revocation file storage unit 306 is provided with a region for storing the
revocation file 242.
[0319]
The revocation file 242 is written in the revocation file storage unit 306
when verification of the signature data attached to the revocation file 242 is
10 successful.
[0320]
(2) Mutual Authentication Unit 304
The mutual authentication unit 304 performs mutual authentication with the
key distribution device 100 or with the recording medium device 600 and shares a
15 shared key with the key distribution device 100 or with the recording medium
device 600. Note that the mutual authentication unit 304 has the same configuration
as the mutual authentication units 105 and 604 shown in Fig. 22, and thus a
description thereof is omitted.
[0321]
20 (3) Revocation Judgment Unit 303
The revocation judgment unit 303 judges whether the ID of the recording
medium device 600 specified during mutual authentication, i.e. the recording
medium device ID, matches information listed in the revocation file stored in the
revocation file storage unit 306. If so, the revocation judgment unit 303 considers
25 the recording medium device 600 that is attempting to communicate to be malicious
and suspends processing and communication by the mutual authentication unit 304.
If the IDs do not match, processing continues.
[0322]
74
•
(4) Encryption/Decryption Unit 308
During communication between the terminal device 300 and the key
distribution device 100, or between the terminal device 300 and the recording
medium device 600, the encryption/decryption unit 308 encrypts data upon
5 transmission and decrypts data upon reception using the shared key shared by the
mutual authentication unit 304. Data is thus protected over the communications
channel.
[0323]
The encryption/decryption unit 308 receives the revocation file in an
10 encrypted state from the communications unit 309. Upon receiving the revocation
file in an encrypted state, the encryption/decryption unit 308 generates the
revocation file by decrypting the revocation file in an encrypted state. Next, the
encryption/decryption unit 308 outputs the generated revocation file to the extraction
unit 307.
15 [0324]
(5) Extraction Unit 307
The extraction unit 307 receives the title key from the recording medium
device 600 via the encryption/decryption unit 340.
[0325]
20 The extraction unit 307 receives the revocation file from the key distribution
device 100 over the network 20 via the communications unit 309 and the
encryption/decryption unit 308. The extraction unit 307 performs signature
verification using the signature data included in the received revocation file. When
verification is successful, the extraction unit 307 writes the received revocation file
25 in the revocation file storage unit 306. When verification fails, the extraction unit
307 prohibits the writing of the received revocation file in the revocation file storage
unit 306.
[0326]
75
•
(6) I/O Unit 305
The I/O unit 305 reads the content from the recording medium device 600.
The I/O unit 305 then outputs the read content to the content decryption unit 311.
[0327]
5 The I/O unit 305 receives the content from the communications unit 309.
Upon receiving the content, the I/O unit 305 writes the received content in the
recording medium device 600.
[0328]
(7) Content Decryption Unit 311
10 The content decryption unit 311 receives the content from the I/O unit 305.
The content decryption unit 311 also receives the title key from the extraction unit
307. Upon receiving the content and the title key, the content decryption unit 311
decrypts the content by applying the decryption algorithm D1 using the title key. As
a result, the content decryption unit 311 generates decrypted content and outputs the
15 decrypted content to the content playback unit 310.
[0329]
(8) Content Playback Unit 310
The content playback unit 310 receives the decrypted content from the
content decryption unit 311. Upon receiving the decrypted content, the content
20 playback unit 310 plays the decrypted content back, outputting the result to the
display unit 314. Note that alternatively, the content playback unit 310 may direct
output to a television receiver or to a monitor or other form of display device
connected to the terminal device 300.
[0330]
25 (9) Communications Unit 309
The communications unit 309 receives a content from the content
distribution device 400.
[0331]
76
•
The communications unit 309 receives the revocation file from the key
distribution device 100 in an encrypted state. Upon receiving the revocation file in
an encrypted state, the communications unit 309 outputs the revocation file in an
encrypted state to the encryption/decryption unit 340.
5 [0332]
(10) Control Unit 312
The control unit 312 controls each of the constituent elements in the
terminal device 300.
[0333]
10 (11) Input Unit 313 and Display Unit 314
The input unit 313 receives input of operations and data from the user. Next,
the input unit 313 outputs operation information indicating the received operations
to the control unit 312. The input unit 313 also outputs data for which input has been
received to the control unit 312.
15 [0334]
The display unit 314 is controlled by the control unit 312 to display
information.
[0335]
2.8 Operations of Content Management System lOa
20 The following describes operations ofthe content management system lOa.
[0336]
(1) Key Issuing Operations
The following describes key issuing operations within the content
management system lOa with reference to the sequence diagrams in Figs. 26 and 27.
25 [0337]
The key pair generation unit 201 in the key issuing device 200 generates a
root key pair composed ofthe root private key 231 and the root public key 232. Next,
the key pair generation unit 201 writes the generated root key pair in the root key
77
•
pair storage unit 202 (step 8101).
[0338]
Next, the key pair generation unit 201 generates a key distribution device
key pair composed of the key distribution device private key 251 and the key
5 distribution device public key 254. The key pair generation unit 201 then writes the
. key distribution device key pair in the private key certificate storage unit 204. The
certificate generation unit 203 generates the key distribution device certificate 252
and writes the key distribution device certificate 252 in the private key certificate
storage unit 204 (step 8102).
10 [0339]
Next, the key pair generation unit 201 generates a terminal device key pair
composed of the terminal device private key 261 and the terminal device public key
264. The key pair generation unit 201 then writes the terminal device key pair in the
private key certificate storage unit 204. The certificate generation unit 203 generates
15 the terminal device certificate 262 and writes the terminal device certificate 262 in
the private key certificate storage unit 204 (step 8103).
[0340]
Next, the key pair generation unit 201 generates a recording medium device
key pair composed of the recording medium device private key 271 and the
20 recording medium device public key 274. The key pair generation unit 201 then
writes the recording medium device key pair in the private key certificate storage
unit 204. The certificate generation unit 203 generates the recording medium device
certificate 272 and writes the recording medium device certificate 272 in the private
key certificate storage unit 204 (step 8104).
25 [0341]
Next, the key pair generation unit 201 generates a production device key
pair composed of the production device private key 281 and the production device
public key 284. The key pair generation unit 201 then writes the production device
78
•
key pair in the private key certificate storage unit 204. The certificate generation unit
203 generates the production device certificate 282 and writes the production device
certificate 282 in the private key certificate storage unit 204 (step 8105).
[0342]
5 By user operation, the input unit 205 receives input of revocation data, i.e. a
tenninal device ID that identifies a revoked tenninal device and a recording medium
device ID that identifies a revoked recording medium device (step 8106).
[0343]
The revocation file generation unit 211 generates the revocation file 242
10 from the revocation data 241 stored in the revocation data storage unit 206. The
revocation file generation unit 211 then writes the generated revocation file 242 in
the revocation file storage unit 208 (step 8107).
[0344]
The communications unit 210 transmits the root public key 232, the
15 revocation file 242, the key distribution device private key 251, and the key
distribution device certificate 252 to the key distribution device 100 (step 8108). The
communications unit 101 in the key distribution device 100 writes the root public
key 232 in the root public key storage unit 106 (step 8109), writes the revocation file
242 in the revocation file storage unit 103 (step 8110), and writes the key
20 distribution device private key 251 and the key distribution device certificate 252 in
the private key certificate storage unit 104 (step 8111).
[0345]
The manufacturing device (not shown in the figures) that manufactures the
tenninal device 300 receives the tenninal device private key 261 and the tenninal
25 device certificate 262 from the key issuing device 200 (step 8112) and writes the
tenninal device private key 261 and the tenninal device certificate 262 in the private
key certificate storage unit 301 in the tenninal device 300 (step 8113).
[0346]
79
•
The manufacturing device (not shown in the figures) that manufactures the
recording medium device 600 receives the recording medium device private key 271
and the recording medium device certificate 272 from the key issuing device 200
(step S114) and writes the recording medium device private key 271 and the
5 recording medium device certificate 272 in the private key certificate storage unit
609 in the recording medium device 600 (step S115).
[0347]
The communications unit 210 in the key issuing device 200 transmits the
production device private key 281 and the production device certificate 282 to the
10 content production device 500 (step S116).
[0348]
The communications unit 515 in the content production device 500 writes
the production device private key 281 and the production device certificate 282 in
the private key certificate storage unit 509 (step S117).
15 [0349]
(2) Operations for Content Production and Content Registration
The following describes operations for content production and content
registration within the content management system lOa with reference to the
sequence diagrams in Figs. 28 and 29.
20 [0350]
The content production device 500 acquires material such as video and
audio for a movie or the like and stores the acquired material in the material storage
unit 501 (step S131).
[0351]
25 By user operation, the editing unit 502 reads the material stored in the
material storage unit 501 and edits the read material to generate the plaintext content
531 (step S132).
[0352]
80
•
The title key generation unit 507 generates the title key 533 and writes the
generated title key 533 in the title key storage unit 508 (step S133).
[0353]
The encryption unit 503 encrypts the plaintext content 531 using the title
5 key 533 to generate the content 532 and writes the content 532 in the content storage
unit 504 (step S134).
[0354]
The content registration request unit 505 generates the content registration
request (step S135) and then reads the content 532 from the content storage unit 504
10 (step S136).
[0355]
The communications unit 515 transmits the content registration request and
the content 532 to the content distribution device 400 over the network 20 (step
S137).
15 [0356]
The communications unit 402 in the content distribution device 400
receives the content registration request and the content 532 from the content
production device 500 over the network 20 (step S137). Next, the communications
unit 402 writes the received content 532 in the content storage unit 403 (step S138).
20 [0357]
Subsequently, the input unit 513 in the content production device 500
receives input of a content provider ID, a content ID, a quality level, genre
information, usage condition information, authentication condition information, one
or more revoked device IDs, and revocation approval and generates the content
25 information registration data 541 that includes the content provider ID, the content
ID, the quality level, the genre information, the usage condition information, the
authentication condition information, the one or more revoked device IDs, and a
revocation approval flag (step S139).
81
•
[0358]
The content information registration request unit 511 adds the title key 533
to the registration data 541 (step 8140).
[0359]
5 The signature unit 510 generates signature data by applying a digital
signature to the registration data 541 using the production device private key 281.
Next, the signature unit 510 adds the generated signature data to the registration data
541 (step 8141).
[0360]
10 The content information registration request unit 511 generates a
registration request to register registration data for the content information (step
8142). Next, the content information registration request unit 511 reads the
registration data 541 from the registration data storage unit 512 (step 8143), and the
communications unit 515 transmits the registration request and the registration data
15 541 to the key distribution device 100 (step 8144). Processing then terminates.
[0361]
When the revocation approval flag is not included in the registration data
541, or the revocation approval flag is "OFF" (step 8145), the verification unit 108
in the key distribution device 100 shifts control to step 8150.
20 [0362]
On the other hand, when the revocation approval flag is "ON" (step 8145),
the verification unit 108 verifies the signature data in the registration data 541 (step
8146). When verification fails ("failure" in step 8147), the verification unit 108
generates a message indicating failure of verification (step 8148) and displays the
25 generated message (step 8149). Processing then terminates.
[0363]
On the other hand, when verification is successful ("success" in step 8147),
or when the verification results indicate that verification of the signature data was
82
•
not performed ("OFF" or "none" in step 8145), the update unit 110 updates the
content information list 131c stored in the content information list storage unit 111
using the registration data 541 (step 8150). Processing then terminates.
[0364]
5 (3) Content Distribution Operations
The following describes content distribution operations within the content
management system 10a with reference to the sequence diagrams in Figs. 30
through 34.
[0365]
10 The input unit 313 in the terminal device 300 receives a content ID
identifying a content and an operation indicating acquisition of a content from the
user (step 8161).
[0366]
Next, the mutual authentication unit 304 in the terminal device 300 and the
15 mutual authentication unit 404 in the content distribution device 400 perform mutual
authentication and key sharing (step 8162). The mutual authentication and key
sharing between the terminal device 300 and the content distribution device 400 is
the same as the mutual authentication and key sharing between the key distribution
device 100 and the recording medium device 600 described below, and thus a
20 description thereof is omitted.
[0367]
When authentication by the mutual authentication unit 304 fails ("failure" in
step 8163), the control unit 312 generates a message indicating failure of
authentication (step 8164), the display unit 314 displays the generated message (step
25 8165), and processing by the terminal device 300 terminates.
[0368]
When authentication by the mutual authentication unit 404 fails ("failure" in
step 8166), the control unit 401 generates a message indicating failure of
83
•
authentication (step 8167), the display unit 405 displays the generated message (step
8168), and processing by the content distribution device 400 terminates.
[0369]
When authentication by the mutual authentication unit 304 succeeds
5 ("success" in step 8163), the control unit 312 generates distribution request
information (step 8169). Next, the control unit 312 transmits the distribution request
information to the content distribution device 400 over the network 20 via the
communications unit 309 (step 8170).
[0370]
10 When authentication by the mutual authentication unit 404 succeeds
("success" in step 8166), the control unit 401 receives the distribution request
information over the network 20 via the communications unit 402 (step 8170).
[0371]
The control unit 401 searches in the content storage unit 403 for the content
15 identified by the content ID (step 8171). Upon not finding the content (step 8172;
''NO''), the control unit 401 generates a message indicating that the content was not
found (step 8184). Next, the control unit 401 transmits the generated message to the
terminal device 300 over the network 20 via the communications unit 402 (step
8185) and then terminates processing. The display unit 405 in the terminal device
20 300 displays the message (step 8186) and then terminates processing.
[0372]
When finding the content (step 8172: "YE8"), the mutual authentication
unit 604 in the recording medium device 600 and the mutual authentication unit 404
in the content distribution device 400 perform mutual authentication and key sharing
25 (step 8173). The mutual authentication and key sharing between the recording
medium device 600 and the content distribution device 400 is the same as the mutual
authentication and key sharing between the key distribution device 100 and the
recording medium device 600 described below, and thus a description thereof is
84
•
omitted.
[0373]
When authentication by the mutual authentication unit 604 fails ("failure" in
step 8176), the control unit 608 generates a message indicating failure of
5 authentication (step 8177). Next, the control unit 608 outputs the message to the
terminal device 300 via the I/O unit 603 (step 8178) and then terminates processing.
The display unit 314 in the terminal device 300 displays the message (step 8179)
and then terminates processing.
[0374]
10 When authentication by the mutual authentication unit 404 fails ("failure" in
step 8174), the control unit 401 generates a message indicating failure of
authentication (step 8175). Next, the control unit 401 transmits the generated
message to the terminal device 300 over the network 20 via the communications unit
402 (step 8185) and then terminates processing. The display unit 314 in the terminal
15 device 300 displays the message (step 8186) and then terminates processing.
[0375]
When authentication by the mutual authentication unit 404 succeeds
("success" in step 8174), the control unit 401 reads the content 5~2 from the content
storage unit 403 (step 8180). Next, the control unit 401 transmits the read content
20 532 to the recording medium device 600 over the network 20 via the
communications unit 402 and the terminal device 300 (steps 8181 and 182).
[0376]
When authentication by the mutual authentication unit 604 succeeds
("success" in step 8176), the I/O unit 603 writes the received content 532 in the
25 content storage unit 615 (step 8183).
[0377]
Next, the control unit 312 in the terminal device 300 generates a content
information transmission request (step 8187). The control unit 312 then transmits
85
•
the generated content information transmission request to the key distribution device
100 over the network 20 via the communications unit 309 (step S188).
[0378]
The mutual authentication unit 604 in the recording medium device 600 and
5 the mutual authentication unit 105 in the key distribution device 100 then perform
mutual authentication and key sharing (step S189).
[0379]
When authentication by the mutual authentication unit 604 fails ("failure" in
step S190), the control unit 608 generates a message indicating failure of
10 authentication (step S191). Next, the control unit 608 outputs the message to the
terminal device 300 via the I/O unit 603 (step S192) and then terminates processing.
The display unit 314 in the terminal device 300 displays the message (step S193)
and then terminates processing.
[0380]
15 When authentication by the mutual authentication unit 105 fails ("failure" in
step S194), the control unit 112 generates a message indicating failure of
authentication (step S195), performs control for display of the generated message
(step S196), and then terminates processing.
[0381]
20 When authentication by the mutual authentication unit 105 succeeds
("success" in step S194), the revocation judgment unit 102 checks whether the
terminal device ID has been revoked (step S197). When the terminal device ID
exists in the revocation file 242, i.e. when the terminal device ID has been revoked
("YES" in step S198), the control unit 112 generates a message indicating that the
25 terminal device ID has been revoked (step S199). Next, the control unit 112
transmits the generated message to the terminal device 300 over the network 20 via
the communications unit 101 (step S200). The control unit 112 then terminates
processing. The display unit 314 in the terminal device 300 displays the message
86
•
(step S201), and the terminal device 300 then terminates processing.
[0382]
When the terminal device ill is not located in the revocation file 242, i.e.
when the terminal device ID has not been revoked (''NO'' in step S198), the
5 revocation judgment unit 102 checks whether the recording medium device ID has
been revoked (step S201). When the recording medium device ill is located in the
revocation file 242, i.e. when the recording medium device ID has been revoked
("YES" in step S203), the control unit 112 generates a message indicating that the
recording medium device ill has been revoked (step S205). Next, the control unit
10 112 transmits the generated message to the terminal device 300 over the network 20
via the communications unit 101 (step S205). The control unit 112 then terminates
processing. The display unit 314 in the terminal device 300 displays the message
(step S206), and the terminal device 300 then terminates processing.
[0383]
15 When the recording medium device ID is not located in the revocation file
242, i.e. when the recording medium device ID has not been revoked (''NO'' in step
S203), the content information generation unit 109 searches for the requested
content related information in the content information list 131c stored in the content
information list storage unit 111 (step S207).
20 [0384]
When the content related information is not located in the content
information list 131c ("not present" in step S208), the content information
generation unit 109 transmits a message indicating that the content related
information was not found to the terminal device 300 over the network 20 via the
25 communications unit 101 (step S209). Processing then terminates. The display unit
314 in the terminal device 300 displays the message (step S210) and then terminates
processing.
[0385]
87
•
When the content related information is located in the content information
list 131c ("present" in step 8208), the content information generation unit 109
generates the individual revocation list 141 (step 8211), reads the content related
information (step 8212), and generates and attaches signature data (step 8213). The
5 encryption/decryption unit 107 encrypts the concatenated value and the signature
data (step 8214) and transmits the encrypted content information conca!enated value
to the recording medium device 600 over the network 20 via the communications
unit 101 and the terminal device 300 (step 8215).
[0386]
10 The encryption/decryption unit 606 in the recording medium device 600
decrypts the encrypted content information concatenated value (step 8216).
[0387]
The verification unit 607 verifies the signature data (step 8217). When
verification fails ("failure" in step 8218), the control unit 608 generates a message
15 indicating failure (step 8219). Next, the control unit 608 outputs the generated
message to the terminal device 300 via the I/O unit 603 (step 8220) and then
terminates processing. The display unit 314 in the terminal device 300 displays the
message (step 8221) and then terminates processing.
[0388]
20 When verification is successful ("success" in step 8218), the verification
unit 607 writes the content information in the content information storage unit 612
(step 8222). Next, the verification unit 607 writes the title key in the title key storage
unit 611 (step 8223). The verification unit 607 then writes the usage condition
information in the usage condition information storage unit 613 (step 8224) and
25 writes the individual revocation list 141 in the revocation file storage unit 614 (step
8225). The verification unit 607 then terminates processing.
[0389]
(4) Mutual Authentication and Key 8haring Operations
88
•
The following describes mutual authentication and key sharing operations
between the key distribution device 100 and the recording medium device 600
within the content management system lOa with reference to the sequence diagrams
in Figs. 35 and 36.
5 [0390]
The random number generation unit Al 0 generates the random number Rl
(step 8251). The random number generation unit AI0 then transmits the generated
random number Rl to the recording medium device 600 (step 8252).
[0391]
10 The encryption unit B11 receives the random number Rl from the key
distribution device 100 (step 8252). Next, the encryption unit B11 encrypts the
random number Rl by applying the encryption algorithm E3 to generate the
encrypted random number E3(Rl) (step 8253) and transmits the generated encrypted
random number E3(Rl) to the key distribution device 100 (step 8254).
15 [0392]
The decryption unit A13 receives the encrypted random number E3(Rl)
from the recording medium device 600 (step 8254). Next, the decryption unit A13
decrypts the received encrypted random number E3(Rl) by applying a decryption
algorithm D3, thereby generating decrypted text Rl', which equals D3(E3(Rl))
. 20 (step 8255).
[0393]
The random number comparison unit A12 compares the random number Rl
and the decrypted text Rl' (step 8256). When the random number Rl and the
decrypted text Rl' do not match ("do not match" in step 8256), the mutual
25 authentication unit 105 determines that the recording medium device 600 is not
authentic, outputs the results of authentication, and terminates authentication
processing.
[0394]
89
•
The random number generation unit B10 generates the random number R2
(step 8257). The random number generation unit B10 then transmits the generated
random number R2 to the key distribution device 100 (step 8258).
[0395]
5 On the other hand, if the random number R1 and the decrypted text R1'
match ("match" in step 8256), the mutual authentication unit 105 determines that the
other device is authentic. The encryption unit A14 receives the random number R2
from the other device (step 8258). The encryption unit A14 encrypts the random
number R2 by applying the encryption algorithm E4 to generate the encrypted
10 random number E4(R2) (step 8259) and transmits the generated encrypted random
number E4(R2) to the recording medium device 600 (step 8260).
[0396]
The decryption unit B13 receives the encrypted random number E4(R2)
from the key distribution device 100 (step 8260). Next, the decryption unit B13
15 decrypts the received encrypted random number E4(R2) by applying the decryption
algorithm D4, thereby generating decrypted text R2', which equals D4(E4(R2))
(step 8261).
[0397]
The random number comparison unit B14 compares the random number R2
20 and the decrypted text R2' (step 8261). If the random number R2 and the decrypted
text R2' do not match ("do not match" in step 8262), the mutual authentication unit
604 determines that the key distribution device 100 is not authentic and outputs
results indicating that authentication failed.
[0398]
25 On the other hand, if the random number R2 and the decrypted text R2'
match ("match" in step 8262), the mutual authentication unit 604 determines that the
other device is authentic and outputs results indicating that authentication was
successful.
90
•
[0399]
When mutual authentication is successful, the verification unit A15 reads
the key distribution device certificate 252 from the private key certificate storage
unit 104 (step 8263). Next, the verification unit A15 transmits the read key
5 distribution device certificate 252 to the recording medium device 600 (step 8264).
[0400]
When mutual authentication is successful, the verification unit B15 reads
the recording medium device certificate 272 from the private key certificate storage
unit 609 (step 8265). Next, the verification unit B15 transmits the read recording
10 medium device certificate 272 to the key distribution device 100 (step 8266).
[0401]
Next, the verification unit B15 reads the root public key 232 from the root
public key storage unit 610 (step 8273) and verifies the key distribution device
certificate using the read root public key 232 (step 8274).
15 [0402]
When verification fails ("failure" in step 8275), the verification unit B15
generates a message indicating failure (step 8276). Next, the verification unit B15
outputs the generated message to the terminal device 300 (step 8277) and terminates
processing. The display unit 314 in the terminal device 300 displays the message
20 (step 8272) and terminates processing.
[0403]
Next, the verification unit A15 reads the root public key 232 from the root
public key storage unit 106 (step 8267). The verification unit A15 then verifies the
recording medium device certificate using the read root public key 232 (step 8268).
25 [0404]
When verification fails ("failure" in step 8269), the verification unit A15
generates a message indicating failure (step 8270). Next, the verification unit A15
transmits the generated message to the terminal device 300 (step 8271) and
91
•
tenninates processing. The display unit 314 in the tenninal device 300 displays the
message (step 8272) and tenninates processing.
[0405]
When verification is successful ("success" in step 8269), the key sharing
5 unit A16 sets xA (step 8281). Next, the key sharing unit A16 calculates YA = xA * G
(step 8282). Here, G is a point on an elliptic curve. The key sharing unit Al6 then
transmits YA to the recording medium device 600 (step 8283).
[0406]
When verification is successful ("success" in step 8275), the key sharing
10 unit B16 sets xB (step 8284). Next, the key sharing unit B16 calculates YB = xB * G
(step 8285). The key sharing unit Bl6 then transmits YB to the key distribution
device 100 (step 8286).
[0407]
The key sharing unit A16 calculates the shared key k = xA * YB (step
15 8287).
[0408]
The key sharing unit B16 calculates the shared key k' = xB * YA (step
8288).
[0409]
20 Here, the shared key k =xA *YB
=xAx (xB * G)
=xB x (xA * G)
=xB *YA
=shared key k'
25 (5) Operations for Generation of Individual Revocation List 141
The following describes operations of the key distribution device 100 for
generation of the individual revocation list 141 with reference to the flowchart in Fig.
37.
92
•
[0410]
The content information generation unit 109 initializes the individual
revocation list 141 (step 8300).
[0411]
5 Next, the content information generation unit 109 repeats steps 8302
through 8307 for every piece of content related information in the content
information list 131c (steps 8301 through 8308).
[0412]
The content information generation unit 109 reads the content related
10 information (step 8302). Next, the content information generation unit 109 attempts
to extract revocation information from the read content related information (step
8303). When revocation information exists (YE8 in step 8304), the content
information generation unit 109 generates an entry ID (step 8305). Next, the content
information generation unit 109 generates individual revocation information
15 including the generated ID and the revocation information (step 8306) and adds the
generated individual revocation information to the individual revocation list 141
(step 8307).
[0413]
(6) Content Playback Operations
20 The following describes content playback operations within the content
management system lOa with reference to the sequence diagrams in Figs. 38
through 39.
[0414]
The input unit 313 in the terminal device 300 receives a content ID
25 identifying a content and an operation indicating playback of a content from the user
(step 8331).
[0415]
The control unit 312 generates playback request information that indicates a
93
•
request to play back content and includes the content ID (step 8332). Next, the
control unit 312 outputs the playback request information to the recording medium
device 600 via the I/O unit 305 (step 8333).
[0416]
5 The mutual authentication unit 604 in the recording medium device 600 and
the mutual authentication unit 304 in the terminal device 300 then perform mutual
authentication and key sharing (step 8334). The mutual authentication and key
sharing between the recording medium device 600 and the terminal device 300 is the
same as the mutual authentication and key sharing between the key distribution
10 device 100 and the recording medium device 600 described above, and thus a
description thereof is omitted.
[0417]
When authentication by the mutual authentication unit 604 fails ("failure" in
step 8335), the control unit 608 generates a message indicating failure of
15 authentication (step 8336) and outputs the message to the terminal device 300 (step
8337), and the recording medium device 600 terminates processing. The display unit
314 in the terminal device 300 displays the message (step 8340), and processing in
the terminal device 300 terminates.
[0418]
20 When authentication by the mutual authentication unit 304 fails ("failure" in
step 8338), the control unit 312 generates a message indicating failure of
authentication (step 8339), the display unit 314 displays the generated message (step
8340), and processing by the terminal device 300 terminates.
[0419]
25 When authentication by the mutual authentication unit 604 is successful
("success" in step 8335), the revocation judgment unit 605 reads the individual
revocation information corresponding to the content ID (step 8341) and judges
whether the terminal device ID is located within the read individual revocation
94
•
information (step S342). When the terminal device ID is located within the read
individual revocation information ("present" in step S343), the control unit 608
generates a message indicating the presence of the terminal device ID (step S344)
and outputs the message to the terminal device 300 (step S345), and the recording
5 medium device 600 terminates processing. The display unit 314 in the terminal
device 300 displays the message (step S349), and processing in the terminal device
300 terminates.
[0420]
When authentication by the mutual authentication unit 304 succeeds
10 ("success" in step S338), the revocation judgment unit 303 checks whether the
recording medium device ID is located within the revocation file 242 (step S346).
When the recording medium device ill is located within the revocation file 242
("present" in step S347), the control unit 312 generates a message indicating the
presence of the recording medium device ill (step S348), the display unit 314
15 displays the generated message (step S349), and processing by the terminal device
300 terminates.
[0421]
When the terminal device ill is not located in the individual revocation
information ("not present" in step S343), the encryption/decryption unit 308 reads
20 the title key (step S350), encrypts the read title key (step S351), and outputs the
encrypted title key to the terminal device 300 via the I/O unit 603 (step S352).
[0422]
When the recording medium device ID is not located in the revocation file
242 ("not present" in step S347), the I/O unit 305 receives the encrypted title key
25 (step S352), and the encryption/decryption unit 308 decrypts the encrypted title key
(step S353).
[0423]
Next, the I/O unit 603 reads the content 532 from the content storage unit
95
•
615 (step 8354) and outputs the read content 532 to the terminal device 300 (step
8355).
[0424]
The I/O unit 305 receives the content 532 (step 8355), the content
5 decryption unit 311 decrypts the content using the title key (step 8356), and the
content playback unit 310 plays back the decrypted content (step 8357). Processing
then terminates.
[0425]
2.9 Modification to Key Issuing Device 200
10 The key issuing device 200 may also be structured as follows. The
following describes a key issuing device 200a as a modification to the key issuing
device 200.
[0426]
As shown in Fig. 40, the key issuing device 200a includes a root key pair
15 generation unit 20lal, a root key pair storage unit 202a, a root public key
transmission unit 2l0al, a key distribution device key pair generation unit 20la2, a
certificate generation unit 203a2, a key distribution device private key certificate
storage unit 204a2, a key distribution device private key certificate transmission unit
2l0a2, a terminal device key pair generation unit 20la3, a certificate generation unit
20 203a3, a terminal device private key certificate storage unit 204a3, a terminal device
private key certificate transmission unit 2l0a3, a recording medium device key pair
generation unit 201a4, a certificate generation unit 203a4, a recording medium
device private key certificate storage unit 204a4, a recording medium device private
key certificate transmission unit 21 Oa4, a production device key pair generation unit
25 "20la5, a certificate generation unit 203a5, a production device private key certificate
storage unit 204a5, a production device private key certificate transmission unit
2l0a5, an input unit 205a, a signature unit 207a, a revocation file storage unit 204a6,
and a revocation file transmission unit 21 Oa6.
96
•
[0427]
The root key pair generation unit 201a1 generates a key pair composed of
the root private key 231 and the root public key 232 ofthe key issuing device 200.
[0428]
5 The root key pair storage unit 202a stores the key pair composed of the root
private key 231 and the root public key 232 generated by the root key pair
generation unit 201a1.
• [0429]
The root public key transmission unit 210a1 transmits the root public key
10 232 stored by the root key pair storage unit 202a to the key distribution device 100,
the terminal device 300, and the recording medium device 600.
[0430]
The key distribution device key pair generation unit 201 a2 generates a key
distribution device key pair composed of the key distribution device private key 251
15 and the key distribution device public key 254 allocated to the key distribution
device 100.
[0431]
The certificate generation unit 203a2 generates signature data for the key
distribution device public key 254, generated by the key distribution device key pair
20 generation unit 201a2, using the root private key 231 stored in the root key pair
storage unit 202a. Next, the certificate generation unit 203a2 generates the key
distribution device certificate 252 by attaching the generated signature data.
[0432]
The key distribution device private key certificate storage unit 204a2 stores
25 the pair of the key distribution device private key 251 generated by the key
distribution device key pair generation unit 201 a2 and the key distribution device
certificate 252 generated by the certificate generation unit 203a2.
[0433]
97
•
The key distribution device private key certificate transmission unit 210a2
transmits the pair of the key distribution device private key 251 and the key
distribution device certificate 252 stored in the key distribution device private key
certificate storage unit 204a2 to the key distribution device 100.
5 [0434]
The terminal device key pair generation unit 201a3 generates a terminal
device key pair composed of the terminal device private key 261 and the terminal
device public key 264 allocated to the terminal device 300.
[0435]
10 The certificate generation unit 203a3 generates signature data for the
terminal device public key 264, generated by the terminal device key pair generation
unit 201a3, using the root private key 231 stored in the root key pair storage unit
202a. Next, the certificate generation unit 203a3 generates the terminal device
certificate 262 by attaching the generated signature data.
15 [0436]
The terminal device private key certificate storage unit 204a3 stores the pair
of the terminal device private key 261 generated by the terminal device key pair
generation unit 201a3 and the terminal device certificate 262 generated by the
certificate generation unit 203a3.
20 [0437]
The terminal device private key certificate transmission unit 210a3
transmits the pair of the terminal device private key 261 and the terminal device
certificate 262 stored in the terminal device private key certificate storage unit 204a3
-to the terminal device 300.
25 [0438]
The recording medium device key pair generation unit 201 a4 generates a
recording medium device key pair composed of the recording medium device
private key 271 and the recording medium device public key 274 allocated to the
98
•
recording medium device 600.
[0439]
The certificate generation unit 203a4 generates signature data for the
recording medium device public key 274, generated by the recording medium device
5 key pair generation unit 201a4, using the root private key 231 stored in the root key
pair storage unit 202a. Next, the certificate generation unit 203a4 generates the
recording medium device certificate 272 by attaching the generated signature data.
[0440]
The recording medium device private key certificate storage unit 204a4
10 stores the pair of the recording medium device private key 2ql generated by the
recording device key pair generation unit 201 a4 and the recording medium device
certificate 272 generated by the certificate generation unit 203a4.
[0441]
The recording medium device private key certificate transmission unit
15 210a4 transmits the pair of the recording medium device private key 271 and the
recording medium device certificate 272 stored in the recording medium device
private key certificate storage unit 204a4 to the recording medium device 600.
[0442]
The production device key pair generation unit 201 a5 generates a
20 production device key pair composed of the production device private key 281 and
the production device public key 284 allocated to the content production device 500.
[0443]
The certificate generation unit 203a5 generates signature data for the
production device public key 284, generated by the production device key pair
25 generation unit 201 a5, using the root private key 231 stored in the root key pair
storage unit 202a. Next, the certificate generation unit 203a5 generates the
production device certificate 282 by attaching the generated signature data.
[0444]
99
•
The production device private key certificate storage unit 204a5 stores the
pair ofthe production device private key 281 generated by the production device key
pair generation unit 201 a5 and the production device certificate 282 generated by the
certificate generation unit 203a5.
5 [0445]
The production device private key certificate transmission unit 210a5
transmits the pair of the production device private key 281 and the production
device certificate 282 stored in the production device private key certificate storage
unit 204a5 to the content production device 500.
10 [0446]
The input unit 205a accepts input of revocation data 241 that includes a
tenninal device ID and a recording medium device ID that are to be revoked.
[0447]
The signature unit 207a generates signature data for the revocation data 241
15 which includes the tenninal device ID and the recording medium device ID input
into the input unit 205a. Next, the signature unit 207a generates the revocation file
242 by attaching the generated signature data.
[0448]
The revocation file storage unit 204a6 stores the revocation file 242.
20 [0449]
The revocation file transmission unit 210a6 transmits the revocation file 242
stored in the revocation file storage unit 204a6 to the key distribution device 100.
[0450]
3. Embodiment 3
25 As Embodiment 3 of the present invention, a content management system
lOb is described with reference to the drawings.
[0451]
3.1 Overall Configuration of Content Management System lOb
100
•
As illustrated in Fig. 41, the content management system lOb includes a
server device 400b and a terminal device 300b. The server device 400b and the
terminal device 300b are connected via a network 20b.
[0452]
5 A content provider 500b provides the server device 400b with a content and
with key data, as well as with notification data for users. In order to protect the
content from being disclosed without authorization, digitalized video data and audio
data are encrypted. The key data is a key used to decrypt the encrypted digitalized
video data and audio data. The notification data includes messages of which users
10 are to be notified.
[0453]
The content provider 500b may be a content providing device. The content
management system lOb may be composed of a plurality of devices, such as a
content providing device, a key distribution device, a notification data providing
15 device, and the like.
[0454]
The server device 400b receives, from the content provider 500b, a content,
key data, and notification data and stores the received content, key data, and
notification data.
20 [0455]
The terminal device 300b receives, from a user, a request for use of content.
In this context, use of content refers to streaming playback of content, downloading
and storage of content, playback of recorded content, movement or copying of
recorded content to another recording medium, and the like. Next, when connection
25 to the server device 400b is required based on the received request, the terminal
device 300b transmits the request from the user to the server device 400b. Next, the
terminal device 300b receives the desired data (some or all of the content, the key
data, and the notification data). The terminal device 300b then does either or both of
101
•
the following: displays the received notification data, and uses the content.
[0456]
The following describes details on the server device 400b and the terminal
device 300b.
5 [0457]
3.2 Structure of Server Device 400b
As illustrated in Fig. 42, the server device 400b includes a notification data
receiving unit 40 Ib, a notification data storage unit 402b, a content receiving unit
403b, a content storage unit 404b, a key data storage unit 405b, a judgment unit
10 406b, a transmission/reception unit 407b, a management data storage unit 408b, and
a control unit 409b.
[0458]
Note that the server device 400b is a computer system constituted by a CPU,
a memory, a secondary storage unit, a network connection unit, a keyboard, and the
15 like. The notification data storage unit 402b, the content storage unit 404b, the key
data storage unit 405b, and the management data storage unit 408b are each
constituted by the secondary storage unit. The judgment unit 406b and the control
unit 409b are each constituted by the CPU and computer programs running on the
CPU. The transmission/reception unit 407b is constituted by the network connection
20 unit. Furthermore, the notification data receiving unit 401 b and the content receiving
unit 403b are each constituted by the keyboard.
[0459]
The function blocks of the server device 400b, such as the notification data
storage unit 402b, the content storage unit 404b, the key data storage unit 405b, the
25 judgment unit 406b, the transmission/reception unit 407b, the management data
storage unit 408b, and the control unit 409b are typically implemented as an LSI,
which is a type of integrated circuit. Each unit may be separately integrated into a
single chip, or a single chip may include a plurality of units or a portion of each unit.
102
•
Each function block may be implemented by software, or by a combination of an
LSI and software. The software may be tamper resistant.
[0460]
(1) Notification Data Receiving unit 401b and Notification Data Storage Unit 402b
5 The notification data receiving unit 401b receives input of notification data
provided by the content provider 500b. The notification data storage unit 402b stores
the notification data.
[0461]
Figs. 44 and 45 illustrate an example ofthe notification data.
10 [0462]
Notification data 331b illustrated in Fig. 44 is notification data for the case
when the content provider is a movie company A. In this example, the user is shown
the following notification: "Movie company A has determined that this terminal
device is unauthorized. Use of content is therefore not permitted. Please call
15 03-XXXX-XXXX (telephone number for movie company A)".
[0463]
Making it clear to whom the user should direct inquiries prevents the user
from complaining to or contacting the manufacturer of the terminal device. Rather,
the user can direct inquiries to the content provider.
20 [0464]
Notification data 332b illustrated in Fig. 45 is notification data for the case
when the content provider is a movie company B. In this example, the user is shown
the following notification: "Movie company B has determined that this terminal
device is unauthorized. Use of content is therefore not permitted. In order to use the
25 content, you must update your software. Do you wish to update?"
[0465]
This notification makes it possible to encourage the user to correct
unauthorized software (or an unauthorized terminal device 300b).
103
•
[0466]
(2) Content Receiving unit 403b, Content Storage Unit 404b, and Key Data Storage
Unit 405b
The content receiving unit 403b receives a content and key data provided by
5 the content provider 500b. The content storage unit 404b and the key data storage
unit 405b each store content and key data.
[0467]
Here, it is not required that the content and the key data be stored on one
server device for transmission to the terminal device. The content and the key data
10 may be stored on separate server devices and transmitted from the respective server
devices to the terminal device. The content may be recorded on a recording medium,
and the recording medium may be distributed, with only the key data being
transmitted from the server device. Alternatively, the key data may be recorded on a
recording medium, and the recording medium may be distributed, with only the
15 content being transmitted from the server device.
[0468]
(3) Judgment Unit 406b, Transmission/Reception Unit 407b, and Management Data
Storage Unit 408b
(Management Data Storage Unit 408b)
20 The management data storage unit 408b includes, for example, a
management data table 370b as illustrated in Fig. 48.
[0469]
The management data table 370b includes a plurality of pieces of
management data. Each piece of management data includes a content provider and a
25 set of one or more pieces of notification data. In other words, a set of notification
data exists for each content provider. Each set of notification data includes one or
more terminal device identifiers and one or more notification data types.
[0470]
104
•
The content provider is information indicating the supplier or the like, such
as a movie company, who provides the content. The terminal device identifier is
identifying information on a terminal device.
[0471]
5 The terminal identifiers "0x20...011 to Ox20...F20" in the management data
370b represent the 3856 terminal device identifiers included in the range from
"0x20...011" to "0x20...F20". Note that the character string following "Ox" is
represented in hexadecimal.
[0472]
10 The notification data type indicates the type of the notification data. Here,
the notification data type is either "type 1" or "type 2". Fig. 49 illustrates an
example of "type I" ofthe notification data. As illustrated in Fig. 49, "type I" of the
notification data includes a message indicating who to contact with inquiries when
use of content is not permitted. On the other hand, Fig. 50 illustrates an example of
15 "type 2" ofthe notification data. As illustrated in Fig. 50, "type 2" of the notification
data includes a message requesting a software update for use of content when use of
content is not permitted.
[0473]
(Transmission/Reception Unit 407b)
20 The transmission/reception unit 407b receives requests from the terminal
device 300b.
[0474]
Figs. 46 and 47 illustrate examples of requests received from the terminal
device 300b.
25 [0475]
The request 350b illustrated in Fig. 46 is an example of when a terminal
device identified by a terminal device identifier 353b "0x20...011" requests use of
the content identified by a movie title 352b "PPP in QP" provided by the content
105
•
provider (351b) "Movie company A". As illustrated in Fig. 46, the request 350b
includes request data 354b. The request data 354b includes the content provider
(351b) "Movie company A", the movie title 352b "PPT in QT", and the terminal
device identifier 353b "0x20...011".
5 [0476]
The request 360b illustrated in Fig. 47 is an example of when a terminal
device identified by a terminal device identifier 363b "0x20...011" requests use of
the content identified by a movie title 362b "1234 to BCG" provided by the content
provider (361b) "Movie company B". As illustrated in Fig. 47, the request 360b
10 includes request data 364. The request data 364 includes the content provider (361b)
"Movie company B", the movie title 362b "1234 to BCG", and the terminal device
identifier 363b "0x20 ...011 ".
[0477]
The request transmitted by the terminal device 300b may include either or
15 both of an identifier uniquely identifying the terminal device 300b (terminal device
identifier) and an identifier uniquely identifying the recording unit, such as an
internal memory, a memory card, a hard disk, or the like, in the terminal device 300b
on which the content is recorded (recording medium identifier).
[0478]
20 The transmission/reception unit 407b receives the content, the key data, or
the notification data from the judgment unit 406b and transmits the received content,
key data, or notification data to the terminal device 300b.
[0479]
(Judgment Unit 406b)
25 Based on the request for content use from the terminal device 300b received
by the transmission/reception unit 407b, the judgment unit 406b judges whether to
transmit the notification data, or whether to transmit the content and the key data, to
the terminal device 300b based on the management data stored by the management
106
•
data storage unit 408b.
[0480]
This judgment is made as follows.
[0481]
5 The judgment unit 406b extracts the content provider and the terminal
device identifier from the request received from the terminal device 300b. Next, the
judgment unit 406b determines whether the management data that includes the
extracted content provider and the terminal device identifier is located within the
management data table 370b.
10 [0482]
When the management data that includes the extracted content provider and
the terminal device identifier is not located within the management data table 370b,
the judgment unit 406b determines that the content and the key data are to be
transmitted.
15 [0483]
When the management data that includes the extracted content provider and
the terminal device identifier is located within the management data table 370b, the
judgment unit 406b determines that the notification data is to be transmitted. The
judgment unit 406b reads the management data that includes the extracted content
20 provider and the terminal device identifier from the management data table 370b and
extracts the notification data type from the read management data. Next, the
judgment unit 406b determines the type of notification data based on the extracted
notification data type.
[0484]
25 When the notification data type is ''type 1", the judgment unit 406b reads,
for example, the notification data 333b illustrated in Fig. 49. On the other hand,
when the notification data type is "type 2", the judgment unit 406b reads, for
example, the notification data 334b illustrated in Fig. 50. Next, the judgment unit
107
•
406b fills the name of the content provider and the contact number for the content
provider into the read notification data.
[0485]
For a request from the terminal device having a terminal identifier not
5 recorded in the management data table 370b, the judgment unit 406b transmits the
content and the key data, without transmitting the notification data.
[0486]
Next, the judgment unit 406b outputs the content and the key data or the
notification data to the transmission/reception unit 407b.
10 [0487]
Note that mutual authentication and key sharing processing may be
performed in order to establish a secure communication channel between the server
device 400b and the terminal device 300b. Well-known technology is used during
mutual authentication and key sharing processing, such as ECDS (an Elliptic Curve
15 Digital Signature Algorithm) or other digital signature technology and ECDH
(Elliptic curve Diffie-Hellman) or other key sharing technology. A description
thereof is thus omitted here.
[0488]
(4) Control Unit 409b
20 The control unit 409b manages and controls the notification data receiving
unit 401b, the notification data storage unit 402b, the content receiving unit 403b,
the content storage unit 404b, the key data storage unit 405b, the judgment unit 406b,
the transmission/reception unit 407b, and the management data storage unit 408b
and achieves the transmission of appropriate data in response to a request received
25 from the terminal device 300b.
[0489]
3.3 Structure of Terminal Device 300b
The following describes the structure of the terminal device 300b in detail.
108
•
[0490]
As illustrated in Fig. 43, the terminal device 300b includes a
transmission/reception unit 301b, a receiving unit 302b, a display unit 303b, a
content storage unit 304b, an update unit 305b, a decryption unit 306b, a content
5 playback unit 307b, and a control unit 308b.
[0491]
The terminal device 300b is a computer system composed of a CPU,
memory, a secondary storage unit, a network connection unit, a keyboard, a liquid
crystal display unit, and the like. The content storage unit 304b is constituted by the
10 secondary storage unit. The content playback unit 307b, the update unit 305b, the
decryption unit 306b and the control unit 308b are each constituted by the CPU and
computer programs running on the CPU. The transmission/reception unit 301b is
constituted by the network connection unit. The receiving unit 302b is constituted by
the keyboard. Finally, the display unit 303b is constituted by the liquid crystal
15 display unit.
[0492]
The function blocks of the terminal device 300b, such as the
transmission/reception unit 301b, the content playback unit 307b, the update unit
305b, the decryption unit 306b, the content storage unit 304b, and the control unit
20 308b are typically implemented as an LSI, which is a type of integrated circuit. Each
unit may be separately integrated into a single chip, or a single chip may include one
or more units or a portion of each unit. In addition, the method for assembling
integrated circuits is not limited to LSI, and a dedicated communication circuit or a
general-purpose processor may be used. An FPGA (Field Programmable Gate Array),
25 which is programmable after the LSI is manufactured, or a reconfigurable processor,
which allows reconfiguration of the connection and setting of circuit cells inside the
LSI, may be used. Each function block may be implemented by software, or by a
combination of an LSI and software. The software may be tamper resistant.
109
•
[0493]
(1) Content Storage Unit 304b
The content storage unit 304b is provided with a region for storing the
content and the key data received by the transmission/reception unit 301b.
5 [0494]
(2) Transmission/Reception Unit 30Ib, Receiving Unit 302b, and Display Unit 303b
The receiving unit 302b receives input of a request for content from the user.
Examples of such a request are as illustrated in Figs. 46 and 47.
[0495]
10 The receiving unit 302b also receives an operation by the user for updating
of software. Upon receiving the operation for updating software, the receiving unit
302b outputs an instruction indicating to perform an update to the update unit 305b.
[0496]
The transmission/reception unit 30Ib transmits the request for content from
15 the user received by the receiving unit 302b to the server device 400b. The
transmission/reception unit 30Ib also transmits the content and the key data or the
notification data from the server device 400b.
[0497]
Upon receiving the content and the key data, the transmission/reception unit
20 30Ib writes the received content and key data in the content storage unit 304b.
[0498]
Upon receiving the notification data, the transmission/reception unit 301b
outputs the received notification data to the display unit 303b.
[0499]
25 The display unit 303b receives notification data from the
transmission/reception unit 30Ib. Upon receiving the notification data, the display
unit 303b displays the received notification data.
[0500]
110
•
(3) Decryption Unit 306b and Content Playback Unit 307b
The decryption unit 306b reads the key data and the content from the
content storage unit 304b and uses the read key data to decrypt the read content,
thereby generating decrypted content. Next, the decryption unit 306b outputs the
5 decrypted content to the content playback unit 307b.
[0501]
The content playback unit 307b receives the decrypted content and plays
back the received decrypted content.
[0502]
10 (4) Update Unit 305b
When type 2 notification data is received from the transmission/reception
unit 301b, the received notification data is displayed on the display unit 303b. The
user is thus encouraged to update the software. At this point, as described above, the
receiving unit 302b receives an operation by the user for updating of software. In
15 this case, the update unit 305b receives instruction to perform a software update
from the receiving unit 302b.
[0503]
Upon receiving the instruction, the update unit 305b performs a software
update. Specifically, the update unit 305b accesses a software distribution server
20 device (not illustrated in the figures) on which software for use in updating has been
prepared. Next, the update unit 305b downloads the software for use in updating and
uses the downloaded software in order to update the non-updated software. Since
software updating is well-known technology, a description thereof is omitted.
[0504]
25 (5) Control Unit 308b
The control unit 308b manages and controls the transmission/reception unit
301b, the receiving unit 302b, the display unit 303b, the content playback unit 307b,
the update unit 305b, the decryption unit 306b, and the content storage unit 304b.
111
•
The control unit 308b transmits a user request to the server device 400b, and based
on data received from the server device 400b, implements functions such as
displaying the notification data and storing or playing back the content.
[0505]
5 4. Other Modifications
While embodiments of the present invention have been described, aspects of
the present invention are of course not limited to these embodiments. The present
invention also includes cases such as the following.
[0506]
10 (l) In Embodiment 2, it is assumed that key information is a key pair
formed by the private key and the public key, and authentication is based on the
private key and the public key. Authentication is not limited in this way, however,
and may instead be based on Media Key Block (MKB) technology. Alternatively,
authentication technology based on a different encryption scheme may be used.
15 [0507]
(2) In Embodiment 2, the recording medium device is assumed to be a
memory card such as an SD card, but aspects ofthe present invention are not limited
in this way. A device that incorporates a control LSI into a storage device, such as 1111
HDD, may be used instead. Furthermore, instead of a removable component such as
20 a memory card, a control LSI may be incorporated into an internal memory device in
a cellular phone, eBook, NetBook, or the like.
[0508]
(3) In Embodiment 3, a request for use of content from a user is a request
for acquisition of content from a server device. The acquired content is then stored
25 and played back. The present invention is not, however, limited to this structure.
[0509]
For example, when playing back pre-stored content that is recorded on a
recording medium, such as an internal memory, a memory card, a hard disk, or the
112
•
like, a connection may be established with the server device based on control data
corresponding to the content stored in the terminal device (or stored on the recording
medium).
[0510]
5 In this case, the terminal device further includes a control data storage unit
and a judgment unit.
[0511]
The control data storage unit stores, for example, a control data table 341b
illustrated in Fig. 51.
10 [0512]
The control data table 341b includes a plurality of pieces of control data, as
illustrated in Fig. 51. Each piece of control data includes a movie title, a content
provider, a server connection requirement, a resolution, and a window.
[0513]
15 Here, the movie title is a name identifying the content. The content provider
is a name identifying the provider of the content. The server connection requirement
indicates conditions for connection from the terminal device to the server device.
For example, the server connection requirement is one of "continuous connection
required", "connection required once every three times", or "no connection
20 required". "Continuous connection required" is a requirement that the terminal
device and the server device be continually connected over a network. "Connection
required once every three times" is a requirement that every three times the terminal
device uses the content, the terminal device and the server device must be connected
over a network. ''No connection required" means that the terminal device and the
25 server device are not required to be connected over a network. The resolution
indicates the resolution of the content. The window indicates the time period (term)
during which the content is provided to the user. A video window indicates the time
period (term) during which the content is stored on a recording medium, such as a
113
•
DVD, and released to the market. An early window refers to the short time period
(term) from when a movie is no longer shown in theaters until when the movie is
stored on a recording medium, such as a DVD, and distributed. During this early
window, content is distributed over a network, for example.
5 [0514]
When the user issues an instruction for playback of content that is stored on
the terminal device, provided by the content provider "Movie company A", and
identified by the movie title "PPP in QP", the judgment unit obeys the control
indicated by the control data 342b in the control data table 341b. This is because the
10 content provider and the movie title contained in the user instruction match the
content provider and the movie title included in the control data 342b in the control
data table 341b. In this case, the terminal device confirms the requirement for
connection to the server device and then connects to the server device. When the
server device transmits notification data, the terminal device displays the
15 notification data.
[0515]
(4) The terminal device may also include a notification data storage unit that
stores the notification data and a control data storage unit storing a control data table
381b for determining whether display of the notification data is required.
20 [0516]
Fig. 52 illustrates an example ofthe control data table 381b.
[0517]
The control data table 381b includes a plurality of pieces of control data, as
illustrated in Fig. 52. Each piece of control data includes a movie title, a content
25 provider, a server connection requirement, an acquisition method, a notification data
display requirement, playback permission, a resolution, and a window. The movie
title, content provider, server connection requirement, resolution, and window are as
described above.
114
•
[0518]
The acquisition method indicates the method of acquiring the content. For
example, acquisition methods are "digital copy", "distribution service V", and
"distribution service N". "Digital copy" indicates acquisition of content by copying.
5 "Distribution service V" and "distribution service N" represent acquisition of
content by respective content distribution services. The notification data display
requirement indicates whether or not display of notification data is required. The
playback permission indicates whether or not playback is permitted.
[0519]
10 When the user issues an instruction for playback of content that is stored on
the terminal device, provided by the content provider "Movie company B", and
identified by the movie title "1234", the judgment unit confirms the conditions of
the requirement for connection to the server connection device, the notification data
display requirement, and the playback permission. The content provider "Movie
15 company B" and the movie title "1234" in the instruction are included in the control
data 382b included in the control data table 381. Therefore, in accordance with the
control data 382b, the terminal device does not connect to the server device, but
rather starts playback of content after displaying the notification data.
[0520]
20 In this way, the terminal device may store control data listing conditions
such as a requirement for connection to the server device, a notification data display
requirement, and playback permission, and the terminal device may control use of
the content and display ofthe notification data based on the control data.
[0521]
25 (5) In modifications (3) and (4), the terminal device controls playback of
content stored therein. The present invention is not, however, limited to these
structures.
[0522]
115
•
For example, when the content stored by the terminal device (or the
recording medium) is moved or copied to another terminal device (or recording
medium), the terminal device may store control data listing conditions such as a
requirement for connection to the server device, a notification data display
5 requirement, move information, and copy permission, and the terminal device may
control use of the content and display of the notification data based on the control
data.
[0523]
(6) In modifications (3) through (5), the control data used for judgment by
10 the judgment unit is managed based on movie titles. The present invention is not,
however, limited to these structures.
[0524]
For example, notification data may be displayed for every content provided
by a particular content provider.
15 [0525]
Furthermore, notification data may be displayed for every early window
content provided by a particular content provider. Here, an early window content is a
content whose provision is highly valued during the early window.
[0526]
20 Furthermore, notification data may be displayed for every content with a
resolution offull HD (FHD) provided by a particular content provider.
[0527]
Alternatively, notification data may be displayed for every content provided
by a particular content provider depending on the path by which the content is
25 obtained (obtained by a distribution service, obtained by copying packaged media,
or obtained by recording a broadcasted program).
[0528]
Use of content may be controlled and notification data may be displayed in
116
•
this way based on instructions from the content provider or control data created by
the content provider.
[0529]
(7) In Embodiment 3, the server device determines whether to transmit data,
5 such as notification data, based on the terminal device identifier received from the
terminal device. The present invention is not, however, limited to this structure.
[0530]
For example, the data transmitted to the terminal device may be controlled
based on a recording medium identifier uniquely identifying the recording medium,
10 such as an internal memory, a memory card, or a hard disk, on which the content is
stored.
[0531]
Alternatively, the data transmitted to this terminal device may be controlled
based on both the terminal device identifier and the recording medium identifier.
15 [0532]
(8) In Embodiment 3, the server device determines whether to transmit data,
such as notification data, based on the terminal device identifier received from the
terminal device. The present invention is not, however, limited to this structure.
[0533]
20 For example, the server device may transmit, to the terminal device, a
program that can confirm the security level of the terminal device, such as the
version of the software stored on the terminal device, the installation state of an
update program, whether or not a virus checker is installed, etc. This program may
confirm the security level of the terminal device and, based on the security level of
25 the terminal device, determine whether to display the notification data. The program
may also be configured to control recording, playback, movement, copying, etc. of
the content based on the security level ofthe terminal device.
[0534]
117
•
(9) The server device of Embodiment 3 may include an analysis unit that
analyzes the notification data display requirement, the number of times that display
is required, or the like as indicated by the content provider for each terminal device
or for each manufacturer ofterminal devices.
5 [0535]
Such an analysis unit can rank terminal device manufacturers. This allows
for permission to use content and for control in accordance with the rank of each
terminal device manufacturer.
[0536]
10 (10) In addition to Embodiment 3, in the case of content with a high value,
such as early window content, the target of recording onto the terminal device (or
the recording medium device) may be restricted to encrypted content. At this time,
the terminal device may access the server device to acquire the key data for
decrypting the content each time the content is played back on the terminal device.
15 [0537]
In this case as well, when the server device does not accept playback on the
terminal device (or the recording medium device) and does not transmit key data,
the server device transmits notification data to the terminal device and displays
notification that termination is at the content provider's request.
20 [0538]
(11) In Embodiment 3, the content and the key data are transmitted by the
server device. The present invention is not, however, limited to this structure.
[0539]
For example, the content may be copied from packaged media, with only
25 the key data being transmitted by the server device.
[0540]
Conversely, the key data may be copied from packaged media, with only the
content being transmitted by the server device.
118
•
[0541]
Furthermore, notification data stored by a notification data storage unit and
control data stored by a control data storage unit in the terminal device may be
received via packaged media.
5 [0542]
(12) In Embodiment 3, the control unit of the terminal device controls
communication with the server device, recording of content, playback, and the like.
The present invention is not, however, limited to this structure.
[0543]
10 The following structure may be adopted.
[0544]
As illustrated in Fig. 53, a content management system 10c of the present
modification may include a server device 400c and a terminal device 300c. The
server device 400c and the terminal device 300c are connected via a network 20c.
15 [0545]
The server device 400c includes a communication control system 407c and
a management information control system 409c and stores content management
information 41 Oc and terminal device management information 411 c.
[0546]
20 The terminal device 300c includes a communication control device 301c, a
content playback unit 307c, a content display unit 309c, and an internal memory
310c. A portable, detachable memory card 315c is inserted into the terminal device
300c.
[0547]
25 The internal memory 310c includes a controller 311c with a copyright
protection function and a flash memory 312c. The flash memory 312c includes an
area for storing content management information 313c and a content 314c.
[0548]
119
•
The internal memory 310c may include a hard disk instead of the flash
memory 312c.
[0549]
The memory card 315c includes a controller 316c with a copyright
5 protection function and a flash memory 317c. The flash memory 317c includes an
area for storing content management information 318c and a content 319c.
[0550]
The flash memory 312c in the internal memory 310c and the flash memory
317c in the memory card 315c inserted into the terminal device 300c store content
10 management information 313c and 318c and contents 314c and 319c. The
controllers 311 c and 316c (hereinafter, control units) with a copyright protection
function in the internal memory and the memory card, respectively, may control use
(playback, movement, copying, and the like) ofthe contents 314c and 319c.
[0551]
15 In the example illustrated in Fig. 53, the contents 314c and 319c have
already been recorded on the terminal device 300c or the memory card 315c.
[0552]
At this point, control by each of the control units causes communication
with the server device 400c (a request for use of content) to be performed via a
20 communication control unit 301c in the terminal device 300c.
[0553]
The server device 400c determines whether to respond to the request by
permitting use (playback, movement, copying, and the like) of content based on the
stored content management information 410c or terminal device management
25 information 411 c. The server device 400c also determines whether to transmit
notification data.
[0554]
The method of determination and the notification data are as described in
120
•
Embodiments 2 and 3 and in other modifications.
[0555]
An example of the content management information 410c and the terminal
device management information 411 c stored by the server device 400c is the
5 management data table 370b illustrated in Fig. 48.
[0556]
In the example illustrated in Fig. 48, information is managed as one
management data table, but the content management information 410c and the
terminal device management information 411c may be managed as separate
10 management data tables.
[0557]
Furthermore, the terminal device management information 411 c need not
include only identifiers uniquely identifying terminal devices, but may also include
identifiers identifying the manufacturer of the terminal device or the type or model
15 of the terminal device. Alternatively, identifiers may be included to identify the
controller with a copyright protection function in the internal memory and memory
card, and identifiers may be included to uniquely identify the flash memory.
Similarly, identifiers may be included to identify the manufacturer of the internal
memory, the manufacturer of the memory card, or the model and production unit of
20 the internal memory and the memory card.
[0558]
The content management information 410c stored by the terminal device is,
for example, the control data table 341b illustrated in Fig. 51.
[0559]
25 (13) In (12), the terminal device 300c already stores the content (content has
already been recorded), but the present invention is not limited to this structure.
[0560]
The following structure may be adopted.
121
•
[0561]
As illustrated in Fig. 54, a content management system 10d of the present
modification may include the server device 400c, a recording device 700d, and a
terminal device 300c. The server device 400c, the recording device 700d, and the
5 terminal device 300c are connected via a network 20d.
[0562]
The server device 400c and the terminal device 300c of the content
management system 10d respectively have the same structure as the server device
400c and the terminal device 300c ofthe content management system 10c.
10 [0563]
The recording device 700d includes a communication control unit 701d and
a content recording control unit 702d and stores content management information
703d and a content 704d.
[0564]
15 The recording device 700d already stores the content 704d. With permission
from the server device 400c, the recording device 700d may move or copy the
content 704d to the internal memory 310c of the terminal device 300c or to the
memory card 315c.
[0565]
20 In the content management system 10d, the recording device 700d transmits,
to the server device 400c, a request to move or copy the content. The server device
400c determines whether to respond to the request from the recording device 700d
by permitting recording or copying of the content 704d based on the stored content
management information 410c or terminal device management information 411c.
25 The server device 400c also determines whether to transmit notification data. The
method of determination and the notification data are as described in Embodiments
2 and 3 and in other modifications.
[0566]
122
•
Furthermore, when playing back the content 314c or 319c moved or copied
to the internal memory 31 Oc of the terminal device 300c or to the memory card 315c,
a request may be issued again to the server device 400c for permission to play back
the content 314c or 319c. In this case, permission may be requested upon every
5 playback. Alternatively, a structure may be adopted whereby permission is only
requested at the first playback, i.e. only once. The server device 400c determines
whether to respond to the request from the recording device 700d by permitting
movement or copying of the content 704d based on the stored content management
information 410c or terminal device management information 411c. The server
10 device 400c also determines whether to transmit notification data. The method of
determination and the notification data are as described in Embodiments 2 and 3 and
in other modifications.
[0567]
(14) The following structure may be adopted.
15 [0568]
As illustrated in Fig. 55, a content management system 10e of the present
modification may include the server device 400c, the recording device 700d, and the
terminal device 300c. The recording device 700d acquires a content from a packaged
media 800 and records the content internally. In this context, the packaged media is
20 a distributed disc on which the content is recorded. The server device 400c, the
recording device 700d, and the terminal device 300c are connected via the network
20d.
[0569]
The server device 400c, the recording device 700d, and the terminal device
25 300c of the content management system 10e respectively have the same structure as
the server device 400c, the recording device 700d, and the terminal device 300c of
the content management system 10d.
[0570]
123
In this case, the recording device 700d transmits a request to the server
device 400c to internally store the content recorded on the packaged media 800. The
server device 400c determines whether to respond to the request from the recording
device 700d by permitting storing of the content based on the stored content
5 management information 410c or terminal device management information 411c.
The server device 400c also determines whether to transmit notification data. The
method of determination and the notification data are as described in Embodiments
2 and 3 and in other modifications. Playback of the content 3l4c or 319c by the
terminal device 300c is as described in Embodiments 2 and 3 and in other
10 modifications.
[0571]
(15) The following structure may be adopted.
[0572]
As illustrated in Fig. 56, a content management system lOf of the present
15 modification may include the server device 400c, a content distribution server
device 400f, the recording device 700d, and the terminal device 300c. The server
device 400c, the content distribution server device 400f, the recording device 700d,
and the terminal device 300c are connected via the network 20d.
[0573]
20 The server device 400c, the recording device 700d, and the terminal device
300c of the content management system 1Of respectively have the same structure as
the server device 400c, the recording device 700d, and the terminal device 300c of
the content management system 10e.
[0574]
25 As illustrated in Fig. 56, the recording device 700d may acquire a content
from the content distribution server device 400f and record the acquired content
internally as the content 704d.
[0575]
124
•
In this case, the recording device 700d transmits a request to the server
device 400c to record the content internally. The server device 400c determines
whether to respond to the request from the recording device 700d by permitting
recording of the content based on the stored content management information 410c
5 or terminal device management information 411 c. The server device 400c also
determines whether to transmit notification data. The method of determination and
the notification data are as described in Embodiments 2 and 3 and in other
modifications.
[0576]
10 Playback of the content 314c or 319c by the terminal device 300c is as
described in Embodiments 2 and 3 and in other modifications.
[0577]
Here, the server device 400c and the content distribution server device 400f
may communicate with each other to maintain the content management information
15 arid the terminal device management information in the most recent state, i.e. to
share these pieces of information with each other. Furthermore, when transmitting a
request to the server device 400d to record the content 704d, the recording device
700d may also transmit a request to ~he content distribution server device 400f to
transmit the content 704d. Upon receiving the request, the content distribution server
20 device 400fmay determine whether to permit transmission ofthe content.
[0578]
Alternatively, upon receiving the request, the content distribution server
device 400f may inquire of the server device 400d as to whether transmission of the
content is to be permitted. At this point, the content distribution server device 400f
25 receives a response to the inquiry from the server device 400d. Next, the content
distribution server device 400f outputs the response to the inquiry to the recording
device 700d.
[0579]
125
•
The method of determination and the notification data are as described in
Embodiments 2 and 3 and in other modifications. Playback of content by the
terminal device 300c is as described in Embodiments 2 and 3 and in other
modifications.
5 [0580]
(16) The following structure may be adopted.
[0581]
A time during which the content is usable (either an absolute time or a
relative time) may be included in the content management information stored by the
10 terminal device. In this case, when the terminal device transmits a request to the
server device for permission to record content, the terminal device may also transmit
the information on the time during which the content is usable as listed in the .
content management information. The terminal device acquires time information
from the server device. The control unit of the terminal device, the controller with a
15 copyright protection function in the internal memory, and the controller with a
copyright protection function in the memory card determine whether to play back
the content using the acquired time information. The control unit and the controllers
thus control playback of the content. Based on the results of determination, the
server device transmits the time information and permission information or the
20 notification data to the terminal device. The method of determination and the
notification data are as described in Embodiments 2 and 3 and in other
modifications.
[0582]
During playback of content, the terminal device may again transmit a
25 request for continued playback to the server device. At this point, when permission
for playback of the content is not obtained from the server device, the terminal
device may suspend playback and display notification data from the content provider.
When this terminal device cannot connect to the server device, the terminal device
126
•
5
may display notification data from the content provider that was previously received
along with the content and recorded. The terminal device thus suspends playback of
the content. This structure allows for services such as rental ofcontent.
[0583]
(17) The following structure may be adopted.
[0584]
An aspect of the present invention is a distribution device that manages
content information. The distribution device stores a content/apparatus
correspondence list that allows for management of a list of revoked apparatuses for
10 each content. When an apparatus issues a request to the distribution device for
access to the content, the distribution device determines whether the accessing
apparatus is revoked by checking the content/apparatus correspondence list.
[0585]
Another aspect of the present invention is a recording medium storing a
15 content thereon. The recording medium further stores a content/apparatus
correspondence list that allows for management of a list of revoked apparatuses for
each content. When an apparatus attempts to access the content on the recording
medium, the recording medium determines whether the accessing apparatus is
revoked by checking the content/apparatus correspondence list.
20 [0586]
The distribution device may transmit the content/apparatus correspondence
list to the recording medium.
[0587]
Another aspect of the present invention is a distribution system including a
25 distribution device, an apparatus, and a recording medium. The distribution system
stores a content/apparatus correspondence list that allows for management of a list
of revoked apparatuses for each content. When an apparatus attempts to access the
content, the distribution system determines whether the accessing apparatus is
127
•
revoked by checking the content/apparatus correspondence list and transmits the
content/apparatus correspondence list to the recording medium. The recording
medium stores the received content/apparatus correspondence list. When an
apparatus attempts to access the content on the recording medium, the recording
5 medium determines whether the accessing apparatus is revoked by checking the
content/apparatus correspondence list.
[0588]
Another aspect of the present invention is a management server that
manages use of a content. The management server comprises a notification data
10 storage unit storing notification data determined in advance by a content provider; a
management data storage unit storing management data for a terminal device that
uses the content; and a judgment unit configured to judge whether to transmit
permission for use of the content or to transmit the notification data in response to a
request from the terminal device.
15 [0589]
Another aspect of the present invention is a terminal device that uses a
content. The terminal device comprises a reception unit configured to receive
permission for use of the content or notification data; a storage unit storing content
management information; a display unit configured to display the notification data;
20 and a control unit configured to control use of the content. When the notification
data is received, the control unit causes the notification data to be displayed and
controls whether to prevent use of the content based on the content management
information.
[0590]
25 The control unit of the terminal device may be a controller provided in an
internal memory.
[0591]
Another aspect of the present invention is a memory card for insertion into
128
the terminal device. The memory card comprises a controller having a function
equivalent to the control unit ofthe terminal device.
[0592]
Another aspect of the present invention is a content use management system
5 including a management server that manages use of a content and a terminal device
that uses a content. The management server comprises a notification data storage
unit storing notification data determined in advance by a content provider; a
management data storage unit storing management data for a terminal device that
uses the content; and a judgment unit configured to judge whether to transmit
10 permission for use of the content or to transmit the notification data in response to a
request from the terminal device. The terminal device comprises a reception unit
configured to receive permission for use ofthe content or notification data; a storage
unit storing content management information; a display unit configured to display
the notification data; and a control unit configured to control use of the content.
15 When the notification data is received, the control unit causes the notification data to
be displayed and controls whether to prevent use of the content based on the content
management information.
[0593]
(17) The following structure may be adopted.
20 [0594]
An aspect of the present invention is a recording medium device including a
storage unit and a tamper-resistant controller. The storage unit stores a content and a
revocation list including a revocation identifier that is associated with the content
and identifies a revoked public key certificate allocated to an apparatus related to use
25 of the content.
[0595]
The controller includes an acquisition circuit configured to acquire an
acquisition request for the content from the apparatus into which the recording
129
•
medium device is loaded and to acquire an apparatus identifier identifying a public
key certificate allocated to the apparatus; a judgment circuit configured to judge
whether the acquired apparatus identifier matches the revocation identifier
associated with the content for which the acquisition request is acquired; and a
5 control circuit configured to control to prohibit output ofthe content to the apparatus
when the judgment unit judges that the apparatus identifier and the revocation
identifier match.
[0596]
An aspect of the present invention is a recording medium device including a
10 storage unit and a tamper-resistant controller. The storage unit stores a content and a
revocation list including a revocation identifier that is associated with the content
and identifies a revoked public key certificate of an apparatus related to use of the
content. The controller is provided with a memory unit storing a computer program
composed of a combination of a plurality of computer instructions and a processor
15 configured to fetch the computer instructions one at a time from the computer
program stored in the memory unit, decode each computer instruction, and operate
in accordance with the result of decoding. The controller is a computer, and the
computer program causes the computer to perform the steps of acquiring an
acquisition request for the content from the apparatus into which the recording
20 medium device is loaded and to acquire an apparatus identifier identifying a public
key certificate allocated to the apparatus; judging whether the acquired apparatus
identifier matches the revocation identifier associated with the content for which the
acquisition request is acquired; and controlling to prohibit output of the content to
the apparatus when the apparatus identifier and the revocation identifier are judged
25 to match.
[0597]
(18) In the above embodiments and modifications, one device has a
plurality of functions (constituent elements). The present invention is not, however,
130
•
limited to the structure. The same functions and advantageous effects may be
achieved by distributing the plurality of functions (constituent elements) among a
plurality ofdevices that operate in coordination.
[0598]
5 (19) In the above embodiments and modification, a portion or all of the
structural elements composing each device may be constituted by an IC card, or an
individual module, that is removable from the device. The IC card/module is a
computer system that includes a microprocessor, ROM, RAM, etc. The IC card or
the module may include an ultra-multifunctional LSI. The microprocessor operates
10 according to computer programs, and the IC card or the module thereby
accomplishes its functions. The IC card/module may be tamper resistant.
[0599]
(20) Aspects of the present invention may be control methods for
controlling the devices in the above embodiments and modifications thereto. An
15 aspect of the present invention may also be a computer program that achieves the
control methods with a computer or may be a digital signal comprising the computer
program.
[0600]
An aspect of the present invention may also be a computer-readable
20 recording medium, such as a flexible disk, hard disk, CD-ROM, MO, DVD,
DVD-ROM, DVD-RAM, BD (Blu-ray Disc), or semiconductor memory, on which
the above computer program or digital signal is recorded. The present invention may
also be the digital signal recorded on such a recording medium.
[0601]
25 An aspect of the present invention may also be the computer program or
digital signal to be transmitted via networks, of which telecommunications networks,
wire/wireless communications networks, and the Internet are representative, or via
data broadcasting, for example.
131
•
[0602]
An aspect of the present invention may also be a computer system provided
with a microprocessor and memory, the memory storing the computer program, and
the microprocessor operating in accordance with the computer program.
5 [0603]
Also, another independent computer system may execute the computer
program or digital signal after the computer program or digital signal is transferred
by being recorded on the recording medium or by being transferred over a network
or the like.
10 [0604]
(21) The above embodiments and modifications may be combined with one
another.
[Industrial Applicability]
[0605]
15 A recording medium device according to the present invention prevents
unauthorized output of content from the recording medium device and is useful as a
recording medium device for recording content.
[Reference Signs List]
[0606]
20 109 content management system
300g apparatus
500g revocation list generation device
600g recording medium device
lOa content management system
25 100 key distribution device
200 key issuing device
300 terminal device
400 content distribution device
132
•
5
500 content production device
600 recording medium device
lOb content management system
300b terminal device
400b server device
133

•
Claims as Amended under PCT Article 34
1. . A recording medium device comprising:
a storage unit; and
5 a tamper-resistant controller,
the storage unit storing a content and a revocation list including a
revocation identifier that is associated with the content and identifies a revoked
apparatus related to use of the content, and
the controller including:
10 an acquisition unit configured to acquire an acquisition request
related to the content from an apparatus into which the recording medium device
is loaded and to acquire an apparatus identifier identifying the apparatus;
a judgment unit configured to judge whether the acquired apparatus
identifier matches the revocation identifier associated with the content to which
15 the acquisition request is related; and
a control unit configured to control to prohibit output of the content
to the apparatus· when the judgment unit judges that the apparatus identifier and
the revocation identifier match.
20 2. The recording medium device of claim 1, wherein
the storage unit further stores, in association with the content, usage
condition information indicating a condition for use of the content by a user and
including entry information indicating a storage position of the revocation
identifier in the revocation list, and
25 the judgment unit reads the revocation identifier from the storage position
in the revocation list indicated by the entry information included in the usage
condition information stored by the storage unit and performs the judgment using
the read revocation identifier.
1
•
3. ·The recording medium device of claim 11, wherein
the acquisition unit acquires the revocation identifier identifying the
5 revoked public key certificate allocated to a playback device as the apparatus, the.
playback device being capable of playing back the content.
4. The recording medium device of claim 1, wherein
when the judgment unit judges that the acquired apparatus identifier does
10 not match the revocation identifier, the control unit permits output of the content
to the .apparatus.
5. The recording medium device of claim 4, wherein
when permitting output of the content to the apparatus, the control unit
15 performs control so that a title key for decoding the content is output to the
apparatus.
6. A system comprising a recording medium device and an apparatus
into which the recording medium device is loaded,
. 20 the recording medium device including a storage unit and a tamperresistant
controller,
the storage unit storing a content and a revocation list including a
revocation identifier that is associated with the content and identifies a revoked
apparatus related to use ofthe content, and
25 the controller including:
an acquisition unit configured to acquire an acquisition request
related to the content from an apparatus into which the recording medium device
is loaded and to acquire an apparatus identifier identifying the apparatus;
2
e'
a judgment unit configured to judge whether the acquired apparatus
identifier matches the revocation identifier associated with the content to which
the acquisition request is related; and
a control unit configured to control to output of the content to the
5 apparatus when the judgment unit judges that the apparatus identifier and the
revocation identifier match.
7. ' A control method used in a tamper-resistant controller, the
controller and a storage unit constituting a recording medium device,
10 the storage unit storing a content and a revocation list including a
revocation identifier that is associated with the content and identifies a revoked
apparatus related to use ofthe content, and
the control method comprising the steps of:
acquiring an acquisition request related to the content from an apparatus
15 into which the recording medium device is loaded and acquiring an apparatus
identifier identifying the apparatus;
judging whether the acquired apparatus identifier matches the revocation
identifier associated with the content to which the acquisition request is relate~;
and
20 controlling to prohibit output of the content to the apparatus when the
. apparatus identifier and the revocation identifier are judged to match in the
judging step.
8. i~mendeci' A computer-readable recording medium having recorded thereon a
25 cQJllputer program for control used in a tamper-resistant controller, the controller
and a storage unit constituting a recording medium device,
the storage unit storing a content and a revocation list including a
revocation identifier that is associated with the content and identifies a revoked
3
•
apparatus related to use of the content,
, the controller being a computer, and
the computer program causing the computer to perform the steps of:
acquiring an acquisition request related to the content from an apparatus
5 into which the recording medium device is loaded and acquiring an apparatus
identifier identifying the apparatus;
judging whether the acquired apparatus identifier matches the revocation
identifier associated with the content to which the acquisition request is related;
and
10 controlling to prohibit output of the content ~Q the apparatus when the
apparatus identifier and the revocation identifier are judged to match in the
judging step.
9. A computer program for control used in a tamper-resistant
15 controller, the controller and a storage unit constituting a recording medium
device,
the storage unit storing a content and a revocation list including a
revocation identifier that is associated with the content and identifies a revoked
apparatus related to use ofthe content,
20 the controller being a computer, and
the computer program causing the computer to perform the steps of:
acquiring an acquisition request related to the content from an apparatus
into which the recording medium device is loaded and acquiring an apparatus
identifier identifying the apparatus;
25 judging whether the acquired .apparatus identifier matches the revocation
identifier associated with the content to which the acquisition request is related;
and
controlling to prohibit output of the content to the apparatus when the
4
apparatus identifier and the revocation identifier are judged to match in the
judging step.
10. A tamper-resistant controller, the controller and a storage unit
5 constituting a recording medium device,
the storage unit storing a content and a revocation list including a
revocation identifier that is associated with the content and identifies a revoked
10
apparatus related to use ofthe content, and
the controller including:
an acquisition unit configured to acquire an acquisition request
related to the content from an apparatus into which the recording medium device
is loaded and to acquire an apparatus identifier identifying the apparatus;
a judgment unit configured to judge whether the acquired apparatus
identifier matches the revocation identifier associated with the content to which
15 the acquisition request is related; and
a control unit configured to control to output of the content to the
apparatus when the judgment unit judges that the apparatus identifier and the
revocation identifier match.
20 11. (New) The recording medium device of claim 1, wherein
the revocation identifier is identifying information that identifies a revoked
public key certificate allocated to an apparatus related to use ofthe content, and
the acquisition unit acquires the apparatus identifier identifying a public
key certificate allocated to the apparatus.
- ----------_._._---- ..----_... _....
Dated this February 20,2013
_..... _._----------------
(SHRlMANT ~INGH)
OF REMFRY & rAGAR