JP4631291B2 - Information processing apparatus and method, recording medium, and program - Google Patents

Description

  The present invention relates to an information processing apparatus and method, a recording medium, and a program, and in particular, an information processing apparatus and method, a recording medium, and a content that can share content such as music and video among a plurality of playback devices belonging to the same group, And the program.

  Usually, protection processing such as encryption is applied to digital data such as music and video (hereinafter referred to as content) in order to prevent unauthorized use.

  On the other hand, there is a request on the user side of a playback device that plays back content to share the content that has been properly obtained by a plurality of playback devices under its control.

As a technique for responding to such a request, for example, Patent Document 1 discloses that reproduction devices are grouped, for example, in units of users, and only reproduction devices belonging to the same group hold the common key K _C. An invention is disclosed in which content is encrypted by using an encryption key K derived from a common key K _C to supply the content. According to the present invention, only a playback device that holds the common key K _C , that is, a playback device to which the same group belongs can decrypt and play back the content encryption.

US Patent Application Publication US2002 / 104401A1

In the invention described in Patent Document 1, based on the presence or absence of the common key K _C of the playback apparatus, but whether belonging to the same group are determined, as described for method for supplying to the reproducing apparatus common key K _C Not. Therefore, when considering a method of supplying the common key K _{C to} the playback device, since the playback device belongs to the same group without limitation and the content is not illegally shared, when supplying the common key K _C , There has been a problem that a server that centrally manages playback devices that can belong to the same group is required.

  Further, in this case, when the number of playback devices distributed in the market increases or the number of groups in the market increases, there is a problem that the cost of maintaining and managing the server increases.

  Also, when a user purchases a new playback device and adds it to an existing group, there is a problem that processing of the server is required.

  The present invention has been made in view of such a situation, and an object of the present invention is to enable setting of a group capable of sharing content without requiring an administrator such as a server.

The information processing apparatus of the present invention, a held unit carrying a common root key between the normal information processing device, belonging group identification information indicating the group to which the own belongs, and self, with the master unit in the group belongs A holding unit that holds a master unit flag indicating whether or not there is, a management unit that manages content data and a license for using the content data, and sharing of content data described in the license is permitted Only when the sharing permission group identification information indicating the group in question and the belonging group identification information match, the reproduction means for decrypting and reproducing the encryption of the content data corresponding to the license using the root key, and the self If the parent device can be added to the other device, other information processing that does not belong to the group to which it belongs. In response to a request from the device, the transmission unit that reads the belonging group identification information held in the holding unit, encrypts it using the root key, and transmits it to another information processing device, and the other information processing device as the master unit Registration means for decrypting the transmitted membership group identification information using the root key and registering it in the holding means.

When the information processing apparatus of the present invention is the parent device, the mutual group identification information is not changed after the mutual authentication using the root key in response to a request from another information processing apparatus. If the parent machine flag is changed to FALSE and the self is not the parent machine, the belonging group identification information held after mutual authentication using the root key with another information processing apparatus that is the parent machine To the same information processing apparatus as the other information processing apparatus that is the parent device, and further includes a parent device changing means for changing the parent device flag to TRUE.

When the transmission unit is a parent device, the transmission unit transmits the affiliation group identification information held to a finite number of other information processing apparatuses not belonging to the group to which the transmission unit belongs. Can also hold the remaining number of times the group identification information can be assigned to other information processing apparatuses.

The information processing apparatus of the present invention generates a root key that can be generated in common by legitimate information processing apparatuses based on a device node key uniquely assigned to the information processing apparatus and an enable key block included in the header of the content data. The generating means may further include.

An information processing method of the present invention, by the information processing apparatus, self of belonging group identification information indicating the Member, and self, the holding means master unit flag indicating whether or not the parent device in the groups to which they belong A holding step for holding, a management step for managing content data and a license for using the content data, and sharing permission group identification information indicating a group permitted to share the content data described in the license; A reproduction step of decrypting and reproducing the encryption of the content data corresponding to the license by using a common root key among legitimate information processing devices only when the group identification information matches, If it is a parent device that can add a child device to, it does not belong to the group to which it belongs. In response to a request from another information processing device, a transmission step of reading the belonging group identification information held in the holding means, encrypting it using the root key, and transmitting it to the other information processing device; A registration step of decrypting the transmitted membership group identification information using the root key and registering it in the holding means when the membership group identification information is transmitted from the information processing apparatus.

Program of the present invention includes a holding step self of belonging group identification information indicating the Member, and self, to retain the holding means master unit flag indicating whether or not the parent device in the group belong, content Management step for managing data and a license for using content data, sharing permission group identification information indicating a group permitted to share content data, and belonging group identification information described in the license Only when they match, the playback step of decrypting and playing back the encryption of the content data corresponding to the license using the root key common among the legitimate information processing devices, and the self adding the slave unit to the group If it is a parent machine that can In response to the request, the belonging group identification information held in the holding means is read out, encrypted using the root key and transmitted to another information processing apparatus, and the belonging group from the other information processing apparatus as the master unit When the identification information is transmitted, the computer of the information processing apparatus is caused to execute a process including a registration step of decrypting the encryption of the transmitted group identification information using the root key and registering it in the holding means.

In the present invention, belonging group identification information indicating a group to which the user belongs, and a parent machine flag indicating whether or not the self is a parent machine in the group to which the user belongs, are described in the license. The encryption of the content data corresponding to the license is common among the legitimate information processing devices only when the sharing permission group identification information indicating the group that is permitted to share the content data matches the belonging group identification information. It is decrypted and played back using the root key. In addition, if the self is a parent device that can add a child device to the group, the affiliation held in the holding means in response to a request from another information processing apparatus that does not belong to the group to which the self belongs When the group identification information is read, encrypted using the root key, transmitted to another information processing device, and the belonging group identification information is transmitted from another information processing device as a parent device, the transmitted affiliation The encryption of the group identification information is decrypted using the root key and registered in the holding means.

  According to the present invention, it is possible to set a group that can share content without requiring an administrator such as a server. Moreover, it is possible to suppress the expansion of the group by limiting the number of members that can belong to the group.

  The outline of the playback apparatus according to the embodiment of the present invention will be described below. As shown in FIG. 1, the playback device 1 can form a group having a plurality of playback devices 1 as members, and content and a right to use the content among the playback devices 1 belonging to the same group. Can be shared with each other (create a copy in the device and use it). Hereinafter, the playback device 1 belonging to the same group is also described as a member, and the playback device 1 not belonging to the same group is also described as a non-member.

  Of the members (playback apparatus 1) constituting the group, one of them is a parent device and the other is a child device. The parent device can make a non-member a member by belonging to a group. The user can change the parent device.

  In the case of FIG. 1, since the playback devices 1-1 to 1-3 are members of group X, the playback devices 1-1 to 1-3 can share content with each other. Further, since the playback device 1-4 is a non-member of group X, it cannot share content with the playback devices 1-1 to 1-3.

  The initialization device 2 performs initialization processing on all the playback devices 1 as a final manufacturing process or the like. Specifically, for example, a process of assigning a unique device node key DNK to each playback apparatus 1 is performed. In addition, a process is performed in which each playback device 1 belongs to a group configured independently and is set as a parent device of the group.

Also, instead of giving a unique device node key DNK to each reproduction apparatus 1, may be given a common root key K _R to each reproduction device 1.

  The details of the initialization process will be described later with reference to the flowchart of FIG.

  The content supply device 3 supplies the playback device 1 with the encrypted content 61 (FIG. 3) and the corresponding license 62 (FIG. 3). The license 62 includes a use permission GID indicating a group for which sharing of the corresponding content 61 is permitted. As a method for supplying the content 61 and the license 62, for example, the content 61 and the license 62 are supplied via a network such as the Internet, supplied using a broadcast signal such as a television, or supplied in a state of being recorded on a recording medium. It doesn't matter if you use any method.

  Next, a configuration example of the playback device 1 will be described with reference to FIG. The playback device 1 includes a CPU (Central Processing Unit) 11. An input / output interface 15 is connected to the CPU 11 via the bus 14. A ROM (Read Only Memory) 12 and a RAM (Random Access Memory) 13 are connected to the bus 14.

  The input / output interface 15 includes an input unit 16 for inputting various operations from the user, an output unit 17 for outputting audio and video as a result of content reproduction, a storage unit 18 including a hard disk drive for storing various data, A communication unit 19 that communicates with other playback devices 1 and the like, and a drive 20 that reads and writes data from and to the recording medium 21 are connected.

  The CPU 11 executes various processes described later by executing the content sharing program 31 that is read from the recording medium 21 and installed in the storage unit 18 and loaded from the storage unit 18 to the RAM 13.

  FIG. 3 shows a functional block diagram realized by the CPU 11 executing the content sharing program 31.

  The communication unit 41 executes communication processing with other playback devices 1, the initialization device 2, the content supply device 3, and the like. The management unit 42 holds content 61 supplied from the content supply device 3 or another communication device 1 and a license 62 corresponding thereto.

  The GID verification unit 43 mainly executes an initialization process, an identical group setting process, and a parent machine change process, which will be described later.

  The GID storage unit 44 stores a GID indicating a group to which the playback device 1 belongs and other information. FIG. 4 shows a list of information stored in the GID storage unit 44. The GID storage unit 44 stores a GID, a parent machine flag, a ready flag, a commit flag, an abort flag, a GID grant remaining number n, and a GID set remaining number m.

  The GID indicates a group to which the playback device 1 belongs, and is given from the initialization processing device 2 or from another playback device 1 that is a parent device of the group when belonging to another group. It has been done.

  The parent device flag indicates whether the playback device 1 is a parent device (TRUE) or not (FALSE). The ready flag, commit flag, and abort flag are used to indicate whether or not the processing has been normally completed when the master unit is replaced with another playback device 1.

  The remaining GID grant number n indicates the remaining number of slave devices (other playback devices 1) that can belong to a group when the playback device 1 is a parent device. This GID remaining number n is decremented by 1 from the initial value set by the initialization device 2 every time a slave unit is added. By setting the remaining GID number n to a predetermined finite value in the initial setting, the number of members constituting the group can be limited.

  The remaining GID set number m indicates the remaining number of times that the group to which the slave belongs can be changed. This remaining GID set number m is decremented by one from the initial value set by the initialization device 2 every time the group to which it belongs is changed.

Returning to FIG. Whether the determination unit 45 matches the GID stored in the GID storage unit 44 with the use permission GID described in the license 62 corresponding to the content 61 to be reproduced, which is managed by the management unit 42. It is determined whether or not, and the determination result is notified to the decoding processing unit 47. The device node key storage unit 46 stores a device node key DNK incorporated at the time of manufacture. Then, the decryption processing unit 47 generates a root key K _R based on the device node key DNK stored in the device node key storage unit 46.

The decryption processing unit 47 reads the content 61 instructed to be reproduced and the license 62 corresponding to the content 61 from the management unit 42, and the device node key DNK in the device node key storage unit 46 and the unencrypted header of the read content 61. generating a root key K _R on the basis of an enable key block included in the (EKB (enable key block) (Fig. 5)). Further, using the generated root key K _R , the encrypted data and the encryption of the content communicated with the initialization device 2 and other playback devices 1 are decrypted. Here, the root key K _R, in which only the reproducing apparatus 1 manufactured in the normal can produce in common.

Incidentally, with respect to each reproduction device 1 from the initialization unit 2, the device node key DNK without embodiments that supplies a root key K _R is also conceivable. In that case, the root key K _R is stored in the device node key storage unit 46. In this case, the process of generating a root key K _R in the decoding management unit 47 is omitted.

  The playback unit 48 plays back the decrypted content. The output unit 49 outputs audio and video as a playback result by the playback unit 48. The operation input unit 50 receives a command from the user and notifies the information to each unit of the playback device 1.

  Further, the configuration of the playback apparatus 1 shown in FIG. 3 is realized by the CPU 11 executing the software (content sharing program 31). However, the functional blocks shown in FIG. You can make it happen.

  Next, FIG. 5 shows a format configuration of the content 61 held in the management unit 42. The content 61 includes a header and a data part (Data).

The header, content information (Content information), license ID (Lic.ID), enabling key block (enabling key block) (EKB (Enabling Key Block) ) and, using a root key K _R generated from the EKB K _S (K _C ) obtained by encrypting the content key K _C is arranged. EKB will be described later.

  The content information includes a content ID (CID) as identification information for identifying substantial data of music and video, which is stored in the data portion in an encoded and encrypted state, and the code of the content Information such as the conversion method is included.

The data part is composed of an arbitrary number of encryption blocks. Each encryption block is composed of an initial vector (IV) (Initial Vector), a seed (Seed), and data E _K′C (data) obtained by encrypting substantial data of content with a key K ′ _C. .

As shown by the following equation, the key K ′ _C includes a content key K _C and a value calculated by applying a value Seed set by a random number to a hash function.

K ' _C = Hash (K _C , Seed)

  The initial vector IV and the seed Seed are set to different values for each encrypted block.

  This encryption is performed every 8 bytes by dividing the substantial data of the content in units of 8 bytes. The subsequent 8-byte encryption is performed in a CBC (Cipher Block Chaining) mode, which is performed using the result of the previous 8-byte encryption.

  In the CBC mode, when encrypting the first 8-byte content data, there is no previous 8-byte encryption result. Therefore, when encrypting the first 8-byte content data, the initial vector IV is set to Encryption is performed as an initial value.

  By performing encryption in this CBC mode, even if one encrypted block is decrypted, the influence of the encrypted block on other encrypted blocks is suppressed. The encryption method is not limited to this.

  Next, FIG. 6 shows a list of information described in the license 62. The license 63 describes a license ID, a creation date and time, an expiration date, a use condition, a use permission GID, and an electronic signature.

  The license ID is identification information unique to the license 62. The creation date and time indicates the date and time when the license 62 was created. The expiration date indicates a time limit during which the corresponding content 61 can be reproduced based on the license 62. The usage conditions include the number of times content can be copied (allowed number of copies), the number of checkouts, the maximum number of checkouts based on the license 62, and the content recorded on the CD-R based on the license. Information indicating the right that can be copied, the number of times that the data can be copied to a PD (Portable Device), the right to transfer the license to the ownership (purchased state), the duty to take a usage log, and the like.

  The use permission GID is a GID of a group that can share the license 62. The use permission GID is supplied from the content supply device 3 in a state where the GID of the group to which the playback device 1 that acquired the content 61 corresponding to the license 62 belongs is described.

  The electronic signature is issued by the issuer of the license 61 using a secret key for the license ID, creation date and time, expiration date, use condition, and use permission GID.

  Next, initialization processing of the playback apparatus 1 will be described with reference to the flowchart of FIG. This initialization process is executed in cooperation with the initialization device 2 when the playback device 1 is shipped. It is assumed that the playback device 1 and the initialization device 2 are already connected. It is assumed that the initialization device 2 has already been assigned a unique device node key DNK.

  In step S <b> 1, the GID verification unit 43 of the playback device 1 generates a random number r, and outputs the generated random number r and a character string “NEW GID REQUEST” indicating that initialization is requested to the communication unit 41. The communication unit 41 transmits the character string “NEW GID REQUEST” and the random number r to the initialization device 2.

Corresponding to this, the initialization device 2 has a character string “NEW GID RESPONSE” indicating that it has responded to the initialization request, a GID uniquely assigned to the playback device 1 that has requested initialization, and a GID. The initial value of the assigned remaining number n, the initial value of the GID set remaining number m, and the random number r transmitted from the playback apparatus 1 that has requested initialization are encrypted using the root key K _R , The encrypted data obtained as a result and the EKB are returned to the playback apparatus 1.

In step S2, the communication unit 41 receives the encrypted data and EKB from the initialization device 2. In step S <b> 3, the decryption processing unit 47 generates a root key K _R using the device node key DNK stored in the device node key storage unit 46 and the EKB received by the communication unit 41.

Here, a device node key DNK, the EKB, the relationship between the root key K _R, will be described with reference to FIG. In the present invention, device node key DNK, EKB, keys such as root key K _R, as shown in FIG. 8, is managed based on the principle of a broadcast incremental options (Broadcast Encryption) method. The keys have a hierarchical tree structure, and different keys are assigned to the nodes indicated by circles in the figure. The lowermost node is called a leaf or a device node, and each corresponds to a different playback device 1. In the case of the example of FIG. 8, there are 16 playback devices 1 from number 0 to number 15. In the following description, a system composed of 16 playback devices 1 will be described, but a system composed of an arbitrary number of playback devices 1 can be handled by changing the depth of the hierarchy and the number of subordinate nodes for one node.

Each key is defined corresponding to each node of the hierarchical tree structure indicated by a circle in the figure. In this example, the root key K _R corresponds to the uppermost root node, the keys K0 and K1 correspond to the second node, the keys K00 to K11 correspond to the third node, Corresponding to the nodes in the fourth row, keys K000 to K111 are respectively associated. Keys K0000 to K1111 correspond to leaves (device nodes) as the lowermost nodes.

Since it has a hierarchical tree structure, for example, the upper key of the key K0010 and the key 0011 is K001, and the upper key of the key K000 and the key K001 is K00. Similarly, the upper key of the key K00 and the key K01 is K0, and the upper key of the key K0 and the key K1 is K _R.

The leaf (device node) corresponding to each playback device 1 and the keys assigned to the upper nodes are collectively referred to as a device node key DNK. For example, for reproducing device 1 corresponding to the leaf of the number 3 in FIG. 8, previously given key K0011, K001, K00, K0, K R as DNK.

The playback apparatus 1 obtains the latest root key K _R (t) using EKB and DNK (t is time). When the latest root key K _R (t) = K _R , EKB is empty data.

If for some reason one or more playback devices 1 can no longer be considered as legitimate, they change the latest root key K _R (t) to K _R, and the playback devices 1 receive the root key K _R ( EKB can be made so that t) is not obtained. For example, in order to prevent the reproduction apparatus 1 corresponding to the leaf number 3 in FIG. 8 from obtaining the root key K _R (t), K001, K00, K0, K _R are updated to K001 (t), K00 (t), K0 (t), K _R (t), and EKB Enc (K _R (t), K _S ), Enc (K0 (t), K _R (t)), Enc (K1, K _R (t)), Enc (K00 (t), K0 (t)), Enc (K01, K0 (t)), Enc (K001 (t), K00 (t)), Enc (K000, K00 (t)) ), Enc (K0010, K001 (t)). Since the reproducing apparatus 1 corresponding to the node of number 3 is only given K0011, K001, K00, K0, and K _R , the latest root key K _R (t) cannot be obtained from the updated EKB. On the other hand, since the reproducing apparatus 1 corresponding to the leaves other than the number 3 is given any one of K1, K01, K000, and K0010, the latest root key K _R (t) can be obtained.

By changing the method of creating the EKB as described above, it is possible to change the set of playback devices 1 that are regarded as normal, that is, that can obtain the latest root key K _R (t). Unless otherwise specified in the following description, the root key K _R means the latest root key K _R (t).

Returning to FIG. In step S4, the decoding processor 47, using the generated root key K _R, it decrypts the encrypted data received in the processing in step S2, and outputs the decoded result to the GID verification unit 43. In step S5, the GID verification unit 43 determines whether or not the random number r included in the decryption result of the encrypted data matches the random number r transmitted in step S1, and if it determines that they match, the process proceeds to step S6. .

  In step S6, the GID verification unit 43 stores the GID, the initial value of the remaining GID number n, and the initial value of the remaining GID set m obtained as a result of the decoding in step S4 in the GID storage. Stored in the unit 44. Further, the GID verification unit 43 sets the parent device flag of the GID storage unit 44 to TRUE indicating that it is a parent device, and sets the ready flag, commit flag, and abort flag to FALSE. By the processing in step S6, the playback device 1 is set as the parent device of the group constituted by itself.

  When it is determined in step S5 that the random number r included in the decryption result of the encrypted data does not match the random number r transmitted in step S1, the process returns to step S1 and the subsequent processes are performed again. . This is the end of the description of the initialization process.

  Next, content reproduction processing for reproducing acquired content will be described with reference to the flowchart of FIG. This content reproduction process is started, for example, when the content 61 is selected by the user and the reproduction is instructed.

  In step S <b> 11, the operation input unit 50 specifies the content 61 for which reproduction is instructed. In step S <b> 12, the determination unit 45 reads the license 62 corresponding to the content 61 instructed to be reproduced from the management unit 42.

  In step S <b> 13, the determination unit 45 reads the expiration date recorded in the license 62 and confirms whether or not the license 62 is valid. If it is confirmed that the license 62 is valid, the process proceeds to step S14.

  In step S <b> 14, the determination unit 45 determines whether the use permission GID recorded in the license 62 matches the GID stored in the GID storage unit 44, and sends the determination result to the decryption processing unit 47. Output. If it is determined that both match, the process proceeds to step S15.

  In step S15, the decryption processing unit 47 reads the content 61 instructed to be reproduced from the storage unit 42 and decrypts the encryption.

Decryption of the content 61 will be described with reference to FIG. Decoding unit 47, a device node key DNK stored in the device node key storage unit 46, and applied to EKB included in the header of the content 61 to acquire the root key K _R and. Next, the root key K _{R is applied} to the encrypted content key K _C (Enc (K _R , K _C )) to obtain the content key K _C. Then, the encryption of the data part of the content 61 is decrypted with the content key K _C.

  Returning to FIG. In step S <b> 16, the reproducing unit 48 reproduces the decoding result obtained by the decoding processing unit 47. The output unit 49 outputs the reproduction result by the reproduction unit 48 to a display, a speaker, or the like.

  If it is determined in step S13 that the read license 62 is not valid, the process proceeds to step S17. In step S14, when the determination unit 45 determines that the use permission GID recorded in the license 62 does not match the GID stored in the GID storage unit 44, the process proceeds to step S17. . In step S17, the output unit 49 notifies the user that the instructed content 61 cannot be reproduced. This is the end of the description of the content reproduction process.

  Next, content sharing processing will be described with reference to the flowchart of FIG. This content sharing process is performed between a plurality of playback devices 1 belonging to the same group, and is performed from the parent device to the child device, from the child device to the parent device, or from the child device to another device. It can be executed in any situation for the slave unit.

  Hereinafter, an example of an operation of copying the content 61 from the playback device 1 that already holds the content 61 (for example, the playback device 1-1) to the playback device 1 that does not hold the content 61 (for example, the playback device 1-1). Explained. It is assumed that the playback device 1-1 and the playback device 1-2 are already connected.

  In step S <b> 21, the management unit 41 of the playback device 1-1 reads the content 61 instructed to be shared by the user and the license 62 corresponding to the content 61 and outputs the content 61 to the communication unit 41. In step S22, the communication unit 41 transmits the content 61 input from the management unit 42 and the corresponding license 62 to the playback device 1-2. The content 61 and the license 62 corresponding to the content 61 are received by the communication unit 41 of the playback device 1-2 and held in the management unit 42 of the playback device 1-2. This is the end of the description of the content sharing process.

  Next, the same group setting process for adding to group members will be described with reference to the flowchart of FIG. The same group setting process is performed between a parent device (for example, the playback device 1-1) of a group and a non-member (for example, the playback device 1-4) that is to belong to the group. It is assumed that the parent device and the non-member are already connected.

  In step S41, the non-member GID verification unit 43 determines whether or not the remaining GID set number m stored in the GID storage unit 44 is 1 or more. Proceed to S42. In step S <b> 42, the non-member GID verification unit 43 generates a random number r and outputs the generated random number r and a character string “GID REQUEST” indicating a request to belong to a group to the communication unit 41. The non-member communication unit 41 transmits the character string “GID REQUEST” and the random number r to the parent device.

  In the base unit that has received this, in step S51, the GID verification unit 43 determines whether or not the base unit flag stored in the GID storage unit 44 of the base unit is TRUE, and the base unit flag is TRUE. If it is determined that there is, the process proceeds to step S52, and it is determined whether or not the remaining GID grant number n stored in the GID storage unit 44 is 1 or more. If it is determined that the remaining GID number n is 1 or more, the process proceeds to step S53.

  If it is determined in step S51 that the parent machine flag stored in the GID storage unit 44 of the parent machine is not TRUE (the parent machine flag is FALSE), the process proceeds to step S54. Also, if it is determined in step S52 that the GID grant remaining number n stored in the GID storage unit 44 of the parent device is not 1 or more (the GID grant remaining number n is 0), the process is also step S54. Proceed to In step S54, the output unit 49 of the master unit notifies the user that a member cannot be added.

In step S <b> 53, the GID verification unit 43 of the parent device decrements the GID grant remaining number n stored in the GID storage unit 44 by one. Further, the GID verifying unit 43 of the parent device, the character string “GID RESPONSE” indicating that the request to belong to the group has been accepted, the GID stored in the GID storage unit 44, and the random number transmitted from the non-member r is encrypted using the root key K _R, and the encrypted data obtained as a result is returned to the non-member.

In the non-member who has received this encrypted data, in step S43, the decryption processing unit 47 decrypts the received encrypted data using the root key K _R and outputs the decryption result to the GID verification unit 43. In step S44, the GID verification unit 43 determines whether or not the random number r included in the decryption result of the encrypted data matches the random number r transmitted in step S42. If it is determined that the number matches, the process proceeds to step S45. .

  In step S45, the non-member GID verification unit 43 updates the GID stored in the GID storage unit 44 using the GID (the same GID as that of the parent device) obtained as a result of the decoding in step S43. The GID set remaining number m stored in the GID storage unit 44 is decremented by one. Further, if the parent machine flag stored in the GID storage unit 44 is TRUE, it is set to FALSE. As a result of the processing in step S45, the playback device 1-2 that was a non-member is added as a member of the group to which the playback device 1-1 that is the parent device belongs.

  When it is determined in step S41 that the remaining GID set number m stored in the non-member GID storage unit 44 is not 1 or more (the remaining GID set number m is 0), this non-member Since the playback device 1-2 cannot change the group to which it belongs, the process proceeds to step S46. If it is determined in step S44 that the random number r included in the decryption result of the encrypted data does not match the random number r transmitted in step S42, the process proceeds to step S46. In step S46, the non-member output unit 49 notifies the user that the group to which the user belongs cannot be changed. Above, description of the same group setting process is complete | finished.

  As described above, according to the same group setting process, the parent device of the group (for example, the playback device 1-1), for example, the playback device 1-1 that already owns the non-member playback device 1-4, etc. Can belong to a group consisting of As a result, the playback device 1-4 can also share the content 61 acquired by the playback devices 1-1 to 1-3.

  In addition, since the number of child devices that the parent device can belong to the group is limited, it is also possible to prevent the group from becoming infinite.

  Next, the master change process for changing the master will be described with reference to the flowchart of FIG. Hereinafter, the current parent device before execution of the parent device changing process is described as the current parent device, and the device that becomes the parent device in place of the current parent device is described as the new parent device. At this time, the new parent device may belong to the same group as the current parent device or may belong to another group. It is assumed that the current master unit and the new master unit are already connected.

  In step S101, the GID verification unit 43 of the new parent device generates a random number r1 and outputs the generated random number r1 and a character string “PARENT HOOD REQUEST” indicating a request for changing the parent device to the communication unit 41. The communication unit 41 of the new parent device transmits the character string “PARENT HOOD REQUEST” and the random number r1 to the current parent device.

In the current parent device that has received this, in step S121, the GID verification unit 43 sets the ready flag stored in the GID storage unit 44 to TRUE, and sets the commit flag and abort flag to FALSE. In step S122, the GID verification unit 43 has transmitted the character string “PARENTHOOD TRANSFER READY” indicating that the base unit is ready to be prepared, the GID stored in the GID storage unit 44, and the new base unit. a random number r1, and a random number r2 of newly generated, encrypted using the root key K _R, and returns the encrypted data obtained as a result to the new master unit.

The new base unit which has received the encrypted data, in step S102, the decoding processor 47, the received encrypted data is decrypted using the root key K _R, and outputs the decoded result to the GID verification unit 43. In step S103, the GID verification unit 43 determines whether or not the random number r1 included in the decryption result of the encrypted data matches the random number r1 transmitted in step S101. If it determines that they match, the process proceeds to step S104. .

In step S104, the ready flag in the GID storage unit 44 of the new base unit is set to TRUE, and the commit flag and abort flag are set to FALSE. Next, in step S105, the GID verification unit 43 of the new base unit sends the character string “PARENTHOOD ACCEPT READY”, the GID (the same GID as the current base unit) included in the decryption result in step S102, and the random number r2 to the root. It is encrypted using the key K _R, and returns the encrypted data obtained as a result to the current parent machine.

On the other hand, the current master unit the new base unit receives the encrypted data transmitted as the processing of step S105, in step S123, the decoding unit 47, the received encrypted data is decrypted using the root key K _R The decryption result is output to the GID verification unit 43. In step S124, the GID verification unit 43 determines whether or not the random numbers r2 and GID included in the decryption result of the encrypted data match the random numbers r2 and GID transmitted in step S122. The process proceeds to step S125. In step S125, the GID verification unit 43 receives the character string “PARENTHOOD TRANSFER COMMIT” instructing execution of the base unit change, the GID stored in the GID storage unit 44, the remaining GID number n, and the new base unit. the random number r1 which is transmitted, encrypted using the root key K _R, and returns the encrypted data obtained as a result to the new master unit. Next, in step S126, the current master unit GID verification unit 43 sets the ready flag and master unit flag stored in the GID storage unit 44 to FALSE and the commit flag to TRUE. As a result, the current parent device remains in the same group and is changed to a child device.

  If it is determined in step S124 that the random number r2 included in the decryption result in step S123 does not match the random number r2 transmitted in step S122, the process proceeds to step S127, and It is notified that the machine change process was not performed normally. In this case, the commit flag is set to FALSE and the abort flag is set to TRUE. Next, error recovery processing is performed. That is, the new base unit is notified that the base unit change process has been stopped, and the state is restored before the process is executed. Since this process is general as a two-phase commitment, detailed description is omitted.

In the new parent device that has received the encrypted data transmitted by the current parent device as the processing of step S125, in step S106, the decryption processing unit 47 decrypts the received encrypted data using the root key K _R and decrypts it. The result is output to the GID verification unit 43. In step S107, the GID verification unit 43 determines whether or not the random number r1 and GID included in the decryption result of the encrypted data match the random number r1 transmitted in step S101 and the GID obtained in step S102. If it is determined that they match, the process proceeds to step S108. In step S108, the GID verification unit 43 of the current base unit uses the GID obtained as the decoding result in step S106 and the GID addition remaining number n to store the GID and GID storage stored in the GID storage unit 44. The remaining number n is updated. Further, the parent machine flag is set to TRUE. As a result, the new parent device is changed to the parent device of the group to which the current parent device belongs.

  If it is determined in steps S103 and S107 that the random number r1 included in the decryption result of the encrypted data does not match the random number r1 transmitted in step S101, the process proceeds to step S109, and the parent device cannot be replaced. Is notified to the user. In this case, error recovery processing is performed. This requests a message from the new base unit to inform the current base unit of the result of the base change process, and the current base unit determines the result of the base change process depending on the commit flag and abort flag values (TRUE or FLASE). Send a message after judging. Since this process is general as a two-phase commitment, a description thereof will be omitted.

  As described above, according to the parent machine replacement process, the existing parent machine is replaced with a newly purchased new parent machine that is generally considered to be relatively less likely to fail than the existing current parent machine. be able to. By performing this master change process, it is possible to prevent a situation in which a member cannot be added to the group due to a failure of the current master.

  As described above, in the present invention, the determination is based on whether or not the same GID is held. Since the GID is set after the side receiving the GID authenticates the side giving the GID, a server or the like that centrally manages the side receiving the GID becomes unnecessary.

  Note that the playback device 1 according to the present embodiment is various electronic devices such as a portable player, a television receiver, a home server, and a personal computer, and is not necessarily the same type of electronic device.

  In the present specification, the step of describing the program recorded in the recording medium is not limited to the processing performed in time series according to the described order, but is not necessarily performed in time series, either in parallel or individually. The process to be executed is also included.

It is a figure for demonstrating the outline | summary of the reproducing | regenerating apparatus which is one embodiment of this invention. FIG. 2 is a block diagram illustrating an internal configuration example of the playback apparatus of FIG. 1. FIG. 2 is a diagram illustrating a configuration example of functional blocks of the playback device in FIG. 1. It is a figure which shows the list of the information memorize | stored in the GID memory | storage part of FIG. It is a figure which shows the structure of the format of the content shared. It is a figure which shows the list of the information described in the license for utilizing a content. It is a flowchart explaining an initialization process. It is a figure explaining the relationship between a root key, EKB, and a device node key. It is a flowchart explaining a content reproduction process. It is a figure for demonstrating the process which decodes encryption of a content. It is a flowchart explaining a content sharing process. It is a flowchart explaining the same group setting process. It is a flowchart explaining a main | base station change process.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 1 Playback apparatus, 2 Initialization apparatus, 3 Content supply apparatus, 11 CPU, 31 Content sharing program, 41 Communication part, 42 Management part, 43 GID verification part, 44 GID storage part, 45 Judgment part, 46 Device node key storage part , 47 Decoding processing section, 48 Playback section, 49 Output section

Claims (6)

In an information processing apparatus that shares content data within a group consisting of one master unit and one or more slave units,
And held means for carrying the common root key between the normal information processing device,
Holding unit for holding group identification information indicating a group to which the user belongs, and a parent unit flag indicating whether the group is the parent unit in the group to which the group belongs;
Management means for managing content data and a license for using the content data;
The encryption of the content data corresponding to the license is performed only when the sharing-permitted group identification information indicating the group that is permitted to share the content data described in the license and the belonging group identification information match. reproducing means for reproducing the by decoding by using the root key,
When the self is a parent device that can add a child device to the group, in response to a request from another information processing apparatus that does not belong to the group to which the self belongs, Transmitting means that reads out belonging group identification information, encrypts it using the root key, and transmits it to the other information processing apparatus;
A registration unit that decrypts the encryption of the transmitted group identification information using the root key and registers it in the holding unit when the group identification information is transmitted from another information processing apparatus as a master unit; Including information processing apparatus. When self is the master unit, the master unit flag is set to FALSE without changing the belonging group identification information after mutual authentication using the root key in response to a request from another information processing apparatus. change,
When the self is not the parent device, after the mutual authentication using the root key with the other information processing device as the parent device, the retained group identification information is used as another information processing device as the parent device. The information processing apparatus according to claim 1, further comprising: a parent device changing unit that changes the parent device flag to TRUE. The transmitting means, when the self is a parent device, transmits the belonging group identification information held to a finite number of other information processing devices not belonging to the group to which the self belongs,
The information processing apparatus according to claim 1, wherein the holding unit also holds a remaining number of times that the assigning unit can give the belonging group identification information to the other information processing apparatus. And a generation unit that generates the root key that can be generated in common by authorized information processing devices based on a device node key uniquely assigned to the device and an enable key block included in the header of the content data. The information processing apparatus according to claim 1 . In an information processing method of an information processing apparatus that shares content data within a group composed of one master unit and one or more slave units,
According to the information processing apparatus,
A holding step belonging group identification information indicating the self belongs to a group, and self, to retain the holding means master unit flag indicating whether or not said master unit in the group membership,
A management step of managing content data and a license for using the content data;
The encryption of the content data corresponding to the license is performed only when the sharing-permitted group identification information indicating the group that is permitted to share the content data described in the license and the belonging group identification information match. A playback step for decrypting and playing back using a root key common among legitimate information processing devices ;
When the self is a parent device that can add a child device to the group, in response to a request from another information processing apparatus that does not belong to the group to which the self belongs, A transmission step of reading belonging group identification information, encrypting using the root key, and transmitting to the other information processing device;
A registration step of decrypting the encryption of the transmitted belonging group identification information using the root key and registering it in the holding means when the belonging group identification information is transmitted from another information processing apparatus as a master unit; Information processing method including. A program for controlling an information processing apparatus that shares content data within a group composed of one master unit and one or more slave units,
A holding step belonging group identification information indicating the self belongs to a group, and self, to retain the holding means master unit flag indicating whether or not said master unit in the group membership,
A management step of managing content data and a license for using the content data;
The encryption of the content data corresponding to the license is performed only when the sharing permission group identification information indicating the group permitted to share the content data described in the license matches the belonging group identification information. A playback step of decrypting and playing back using a common root key among legitimate information processing devices ;
When the self is a parent device that can add a child device to the group, in response to a request from another information processing apparatus that does not belong to the group to which the self belongs, A transmission step of reading belonging group identification information, encrypting using the root key, and transmitting to the other information processing device;
A registration step of decrypting the encryption of the transmitted group identification information using the root key and registering it in the holding means when the group identification information is transmitted from another information processing apparatus as a master unit; A program that causes a computer of an information processing apparatus to execute processing including the processing.

Images