|
|
|
| United States Patent | 6581160 |
| Link to this page | http://www.wikipatents.com/6581160.html |
| Inventor(s) | Harada; Shunji (Osaka-fu, JP); Tatebayashi; Makoto (Takarazuka, JP); Kozuka; Masayuki (Arcadia, CA); Hirota; Teruto (Moriguchi, JP); Kamibayashi; Toru (Chigasaki, JP); Tamura; Masafumi (Chofu, JP) |
| Abstract | A storage medium (PM) 13 includes a controller 130 and two types of storage
regions, the concealed region 134 and the open region 131. The open region
131 includes an open RW 133 storing a digital content, an open ROM-W
region 132a storing, as revocation information, identification information
of an electronic appliance that is prohibited from accessing the digital
content, and an open ROM region 132 storing, as master revocation
information, identification information of an electronic appliance that is
prohibited from updating the revocation information. When the storage
medium is loaded into an electronic appliance that has identification
information which is registered in the open ROM region 132, the controller
130 prohibits the electronic appliance from updating the revocation
information. |
|
|
 |
Title Information  |
|
|
|
|
|
Drawing from US Patent 6581160 |
|
|
Revocation information updating method, revocation information updating
apparatus and storage medium |
|
|
|
|
|
| Publication Date |
June 17, 2003 |
|
|
|
|
|
| Filing Date |
October 20, 2000 |
|
|
|
|
|
|
|
|
|
|
|
| Parent Case |
This is a continuation-in part of application Ser. No. 09//436,035 filed
Nov. 8, 1999 |
|
|
|
|
|
|
|
|
|
|
 |
|
 |
Title Information |
|
|
|
References |
|
|
| *references marked with an asterisk below are user-added references |
 |
U.S. References |
|
|
| Add a new US reference: |
| | Reference | Relevancy | Comments | Reference | Relevancy | Comments | 21255
|  Your vote accepted
[0 after 0 votes] | | 35492
| Your vote accepted
[0 after 0 votes] | | 6278836
Kawara
386/94
Aug,2001 | Your vote accepted
[0 after 0 votes] | | 6233341
Riggins
380/277
May,2001 | Your vote accepted
[0 after 0 votes] | | 6128740
Curry
713/158
Oct,2000 | Your vote accepted
[0 after 0 votes] | | 6092201
Turnbull
Jul,2000 | Your vote accepted
[0 after 0 votes] | | 5949877
Traw
713/171
Sep,1999 | Your vote accepted
[0 after 0 votes] | | 5805699
Akiyama
705/58
Sep,1998 | Your vote accepted
[0 after 0 votes] | | 5805551
Oshima
705/57
Sep,1998 | Your vote accepted
[0 after 0 votes] | | 5699431
Van Oorschot
380/30
Dec,1997 | Your vote accepted
[0 after 0 votes] | | 5400319
Fite
369/275.5
Mar,1995 | Your vote accepted
[0 after 0 votes] | | 4740890
William
726/31
Apr,1988 | Your vote accepted
[0 after 0 votes] | | |
|
 |
|
|
|
U.S. References |
|
|
|
Foreign References |
|
|
|
|
|
|
|
|
Foreign References |
|
|
|
Other References |
|
|
|
|
|
|
|
|
Other References |
|
|
|
|
|
|
|
References |
|
|
|
|
|
|
| Market Size |
|
Estimate the gross annual revenues of the relevant market
sector:
|
| | |
| |
|
|
| Market Share |
|
Estimate the percentage of the relevant market sector this invention will capture:
|
| | |
| |
|
|
| Reasonable Royalty |
|
What percentage of gross sales should the inventor or assignee be paid?
|
| | |
| |
|
|
|
Public's "Guesstimation" of Royalty Value
|
| Market Size | N/A | [No votes] | | x | Market Share | N/A | [No votes] | | x | Reasonable Royalty | N/A | [No votes] |
| | N/A | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Market Review |
|
|
|
Technical Review |
|
|
|
Claims |
|
|
What is claimed is:
1. A storage medium that is used having been loaded into an electronic appliance, the storage medium comprising: a content storage area for storing a digital content; a
revocation information storage area for storing, as revocation information, information that corresponds to identification information of an electronic appliance that is prohibited from accessing the digital content stored in the content storage area; a
master revocation information storage area storing, as master revocation information, information that corresponds to identification information of an electronic appliance that is prohibited from updating the revocation information stored in the
revocation information storage area; content protecting means for performing a first judgment as to whether an electronic appliance into which the storage medium has been loaded has identification information that corresponds to the revocation
information stored in the revocation information storage region, and allowing the electronic appliance to access the digital content stored in the content storage region only if the first judgment is negative; and revocation information updating means
for performing a second judgment as to whether the electronic appliance into which the storage medium has been loaded has identification information that corresponds to the master revocation information stored in the master revocation information storage
region, and allowing the electronic appliance to update the revocation information stored in the revocation information storage region only if the second judgment is negative.
2. A storage medium in accordance with claim 1, wherein the master revocation information storage region is provided in a ROM (read only memory) in which the master revocation information is stored in advance.
3. A storage medium in accordance with claim 1, further comprising: a mutual authentication means for performing mutual authentication with the electronic appliance into which the storage medium has been loaded before the revocation information
updating means performs the second judgment and, if the mutual authentication succeeds, for generating a secret key that can be shared with the electronic appliance, wherein the revocation information updating means updates the revocation information
using the secret key generated by the mutual authentication means.
4. A storage medium in accordance with claim 1, wherein the revocation information updating means transmits a secret key, which the electronic appliance needs to update the revocation information, to the electronic appliance only if the second
judgment is negative.
5. A storage medium in accordance with claim 1, wherein the revocation information is sorted into a plurality of groups, the revocation information storage region includes a plurality of storage areas, and each group is stored in a different
storage area, and as the second judgment, the revocation information updating means judges (1) whether the electronic appliance into which the storage medium has been loaded as identification information that does not correspond to the master revocation
information stored in the master revocation information storage region, and (2) whether the electronic appliance has identification information that does not correspond to the revocation information in a specified group of revocation information that the
electronic appliance wishes to update, the second judgment being negative only when both (1) and (2) are affirmative, and the revocation information updating means allowing the electronic appliance to update only the revocation information in the
specified group.
6. A storage medium in accordance with claim 1, wherein the revocation information storage region stores, as the revocation information, information that has been generated by encrypting a predetermined secret key using identification
information of an electronic appliance that is prohibited from accessing the digital content as a key, the content protecting means transmits the revocation information stored in the revocation information storage region to the electronic appliance into
which the storage medium is loaded, and judges whether information received in reply from the electronic appliance exhibits a predetermined regularity to determine whether the electronic appliance has identification information that corresponds to the
revocation information stored in the revocation information storage region, the master revocation information storage region stores, as the master revocation information, information that has been generated by encrypting a predetermined secret key using
identification information of an electronic appliance that is prohibited from updating the revocation information as a key, and the revocation information updating means transmits the master revocation information stored in the master revocation
information storage region to the electronic appliance, and judges whether information received in reply from the electronic appliance exhibits a predetermined type of regularity so as to judge whether the electronic appliance has identification
information that corresponds to the master revocation information stored in the master revocation information storage region.
7. A method for updating revocation information on a storage medium, the storage medium being used having been loaded into an electronic appliance and including (1) a content storage area for storing a digital content, (2) a revocation
information storage area for storing, as revocation information, information that corresponds to identification information of an electronic appliance that is prohibited from accessing the digital content stored in the content storage area, and (3) a
master revocation information storage area storing, as master revocation information, information that corresponds to identification information of an electronic appliance that is prohibited from updating the revocation information stored in the
revocation information storage area, the method comprising: a detection step for detecting whether the storage medium has been loaded into an electronic appliance; a judgment step for performing a first judgment as to whether first identification
information of the electronic appliance does not correspond to the master revocation information stored in the master revocation information storage region of the storage medium; and an updating step for updating the revocation information stored in the
revocation information storage region only when the first judgment is affirmative.
8. The revocation information updating method of claim 7, wherein the updating step has information corresponding to second identification information of an electronic appliance stored in the revocation information storage region as new
revocation information.
9. A revocation information updating method in accordance with claim 8, further comprising: a mutual authentication step where mutual authentication is performed between the electronic appliance and the storage medium and, only if the mutual
authentication succeeds, a secret key that is to be shared by the electronic appliance and the storage medium is generated, wherein the updating step updates the revocation information using the secret key generated during the mutual authentication step.
10. A revocation information updating method in accordance with claim 9, wherein the updating step includes: a transfer substep for encrypting, when the first judgment is affirmative, information that corresponds to the second identification
information of the electronic appliance using the secret key generated during the mutual authentication step, and having the encrypted information transferred from the electronic appliance to the storage medium; and a storage substep for decrypting the
transferred encrypted information using the secret key and storing the information in the revocation information storage region as new revocation information.
11. A revocation information updating method in accordance with claim 8, wherein the judging step includes a judging substep for performing a third judgment as to whether the second identification information corresponds to the revocation
information stored in the revocation information storage region, and when the first judgment is affirmative and the third judgment is negative, the updating step has the second identification information stored in the revocation information storage
region as new revocation information.
12. A revocation information updating method in accordance with claim 8, wherein the master revocation information storage region stores, as the master revocation information, information produced by encrypting a special secret key using
identification information of an electronic appliance that is prohibited from updating the revocation information as a key, and the judging step transmitting the master revocation information stored in the master revocation information storage region to
the electronic appliance into which the storage medium has been loaded and judging whether the identification information of the electronic appliance corresponds to the master revocation information stored in the master revocation information restricted
region on the storage medium by judging whether a response received from the electronic appliance exhibits a predetermined type of regularity.
13. A revocation information updating apparatus for updating revocation information on a storage medium, the storage medium being used having been loaded into an electronic appliance and including (1) a content storage area for storing a digital
content, (2) a revocation information storage area for storing, as revocation information, information that corresponds to identification information of an electronic appliance that is prohibited from accessing the digital content stored in the content
storage area, and (3) a master revocation information storage area storing, as master revocation information, information that corresponds to identification information of an electronic appliance that is prohibited from updating the revocation
information stored in the revocation information storage area, the apparatus comprising: a first identification information storage means for storing first identification information that does not correspond to the master restricted region stored in the
master revocation information storage region of the storage medium; a permission obtaining means for obtaining, using information corresponding to the first identification information stored in the first identification information storage means,
permission from the storage medium to update the revocation information stored on the storage medium; and updating means for updating the revocation information stored on the storage medium in accordance with the permission obtained by the permission
obtaining means.
14. A revocation information updating apparatus in accordance with claim 13, wherein the updating means updates the revocation information using information that is stored beforehand and corresponds to second identification information.
15. A revocation information updating apparatus in accordance with claim 14, further comprising: a mutual authentication means for performing mutual authentication with the storage medium before the permission obtaining means tries to obtain
permission to update the revocation information and, only when the mutual authentication has succeeded, generating a secret key that can be shared with the storage medium, wherein the updating means updates the revocation information using the secret key
generated by the mutual authentication means.
16. A revocation information updating apparatus in accordance with claim 15, further comprising: wherein the updating means updates the revocation information by encrypting new revocation information corresponding to the second identification
information using the secret key generated by the mutual authentication means and has the encrypted information transferred from the electronic appliance to the storage medium.
17. A revocation information updating apparatus in accordance with claim 14, wherein the revocation information is sorted into a plurality of groups and the revocation information storage region includes a plurality of storage regions that each
store a different group, the updating means only updating the revocation information in a group that corresponds to the second identification information.
18. A revocation information updating apparatus in accordance with claim 14, wherein the master revocation information storage region stores, as the master revocation information, information produced by encrypting a predetermined secret key
using identification information of an electronic appliance that is prohibited from updating the revocation information as a secret key, and the permission obtaining means obtaining the permission by receiving the master revocation information sent from
the storage medium, decrypting the master revocation information using the first identification information of the electronic appliance, and sending a decrypted result and information that exhibits a predetermined type of regularity to the storage
medium. |
|
|
|
|
|
|
Claims |
|
|
|
Description |
|
|
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to a storage medium used to store digital contents, such as programs and digitized text, audio and video, and to a method for updating revocation information that is used to prevent unauthorized electronic appliances
from recording and reproducing digital contents.
2. Description of the Related Art
The advancements in digital and microprocessor technologies in recent years have enabled the development of a great variety of electronic appliances. Examples of such are personal computers with multimedia capabilities, set-top boxes,
reproduction devices and game consoles. In addition to reproducing image data, audio data and other types of digital contents from recording media, such appliances can also download digital contents from networks like the Internet.
Digital contents are generally copyrighted material that has been digitally encoded according to a technique such as MPEG 2 (Moving Pictures Experts Group 2) or MP3 (Moving Pictures Experts Group--Audio Layer 3). Such contents can be copied and
transmitted on networks with no loss in quality. This means there is a growing need for technologies to stop improper acts that violate the copyrights over such material.
Current electronic appliances such as personal computers, set-top boxes, and reproduction devices tend to use "reversible" recording media, which here refers to recording media that are not player-dependent. Such media operate according to
specifications that are usually made public. This makes it possible for users to transfer or copy digital contents onto other media at will, so that there is no effective way of protecting a digital content recorded on a recording medium.
Memory cards, where a recording medium and a controller are integrated, have recently appeared on the market. Such cards can be provided with a protected region (hereinafter called a "concealed region") that can be accessed by an access control
function of the controller according to a special procedure, but otherwise cannot be accessed by users. It is believed that digital contents can be protected more securely by using a concealed region to store important information (such as copy control
information and transfer control information) that relates to the way in which digital contents can be used.
The following describes one conceivable way to protect the copyright of a digital content. Whenever a digital content is transferred between any of the electronic devices mentioned above and a recording medium, both devices first perform mutual
authentication. This means that each device checks that the other is an authentic device equipped with the same copyright (content) protection mechanism (i.e., a predetermined content protection function). When both devices are authentic, they then
exchange keys according to a key generation algorithm provided in both devices. Both devices thus obtain an authentication key, and use this key to respectively encrypt and decrypt either a content key (a different key used to encrypt the digital
content), or the digital content itself.
The above technique has the following problem. The content protection mechanism (such as the information and/or program used for mutual authentication) has to be set in the electronic appliance before it is shipped from the factory. After
purchase, the electronic appliance (or more specifically the programs that run on an electronic appliance) may be subjected to tampering which renders the content protection mechanism inoperative. Such a modified electronic appliance cannot be detected
and stopped by mutual authentication alone, so that improper use of the contents becomes possible.
Digital contents could conceivably be afforded better protection by pre-recording revocation information in a special region on a recording medium. Revocation information shows invalid electronic appliances that should be prohibited from
accessing contents stored on a recording medium. Such revocation information can be in the form of a list of identification information for such invalid electronic appliances. When the recording medium is loaded into an electronic appliance registered
in the revocation information, the electronic appliance is prohibited from accessing the recording medium. In other words, the contents on the recording medium are protected by invalidating the electronic appliance's right to access the recording
medium.
This method has a drawback in that it is still necessary to set such revocation information in a non-rewritable region before the recording medium is shipped from the factory. This means that if tampering with electronic appliances (or programs
of such appliances) results in the appearance of new types of invalid electronic appliances after a recording medium has been produced, such appliances cannot be added to the revocation information on the medium. Illegal access by such appliances cannot
be prevented.
SUMMARY OF THE INVENTION
The present invention was conceived in view of the above problem, and has an object of providing a storage medium that can refer to revocation information and prohibit access to a content by an unauthorized electronic appliance, even when the
unauthorized electronic appliance appears after the storage medium has been manufactured. The invention also aims to provide a suitable revocation information updating apparatus and method for such medium.
The stated object can be achieved by a storage medium that is used having been loaded into an electronic appliance, the storage medium including: a content storage area for storing a digital content; a revocation information storage area for
storing, as revocation information, information that corresponds to identification information of an electronic appliance that is prohibited from accessing the digital content stored in the content storage area; and a master revocation information
storage area storing, as master revocation information, information that corresponds to identification information of an electronic appliance that is prohibited from updating the revocation information stored in the revocation information storage area.
With the stated construction, information corresponding to the identification information of unauthorized electronic appliances that should not be allowed to update the revocation information can be registered in advance in the master revocation
information storage area of the storage medium. By referring to this information, the storage medium can know whether an electronic appliance that is trying to access the revocation information is an authorized appliance or an unauthorized appliance.
The revocation information is stored in a secure rewritable storage region, so that even when an unauthorized electronic appliance appears after the storage medium is manufactured, information corresponding to the identification information of
the electronic appliance can be additionally registered in the revocation information storage region. In this way, the unauthorized electronic appliance can be prevented from accessing digital productions stored on the storage medium.
Here, the storage medium may further include: a content protecting unit for performing a first judgment as to whether an electronic appliance into which the storage medium has been loaded has identification information that corresponds to the
revocation information stored in the revocation information storage region, and allowing the electronic appliance to access the digital content stored in the content storage region only if the first judgment is negative; and a revocation information
updating unit for performing a second judgment as to whether the electronic appliance into which the storage medium has been loaded has identification information that corresponds to the master revocation information stored in the master revocation
information storage region, and allowing the electronic appliance to update the revocation information stored in the revocation information storage region only if the second judgment is negative.
With the stated construction, only electronic appliances with identification information that does not correspond to the content of the master revocation information storage region are allowed to update the revocation information stored on the
storage medium. This means that unauthorized electronic appliances can be prevented from tampering with the revocation information.
Here, the master revocation information storage region may be provided in a ROM (read only memory) in which the master revocation information is stored in advance.
This protects the storage medium from attacks that try to tamper with the master revocation information after the storage medium has been manufactured.
Here, the storage medium may further include: a mutual authentication unit for performing mutual authentication with the electronic appliance into which the storage medium has been loaded before the revocation information updating means performs
the second judgment and, if the mutual authentication succeeds, for generating a secret key that can be shared with the electronic appliance, wherein the revocation information updating unit updates the revocation information using the secret key
generated by .the mutual authentication unit
With the stated construction, the crucial identification information relating to which devices have authorization to update the revocation information is transferred between the storage medium and an electronic appliance in a secure manner. This
increases the security with which the revocation information is protected.
Here, the revocation information updating unit may transmit a secret key, which the electronic appliance needs to update the revocation information, to the electronic appliance only if the second judgment is negative.
As a result, the result of the judgment as to whether an electronic appliance has authority to update the revocation information is kept secret. This thwarts third parties that try to intercept the communication between the storage medium and an
electronic appliance.
Here, the revocation information may be sorted into a plurality of groups, the revocation information storage region may include a plurality of storage areas, and each group may be stored in a different storage area, and as the second judgment,
the revocation information updating means may judge (1) whether the electronic appliance into which the storage medium has been loaded has identification information that does not correspond to the master revocation information stored in the master
revocation information storage region, and (2) whether the electronic appliance has identification information that does not correspond to the revocation information in a specified group of revocation information that the electronic appliance wishes to
update, the second judgment being negative only when both (1) and (2) are affirmative, and the revocation information updating means allowing the electronic appliance to update only the revocation information in the specified group.
As a result, even when an unauthorized third party manages to tamper with the revocation information, the damage will be limited to one group of revocation information. Other groups of revocation information are unaffected.
The stated object can also be achieved by a method for updating revocation information on a storage medium, the method including: a detection step for detecting whether the storage medium has been loaded into an electronic appliance; a judgment
step for performing a first judgment as to whether first identification information of the electronic appliance does not correspond to the master revocation information stored in the master revocation information storage region of the storage medium; and
an updating step for updating the revocation information stored in the revocation information storage region only when the first judgment is affirmative.
The stated object can also be achieved by a revocation information updating apparatus for updating revocation information on a storage medium, the apparatus including: a first identification information storage unit for storing first
identification information that does not correspond to the master restricted region stored in the master revocation information storage region of the storage medium; a permission obtaining unit for obtaining, using information corresponding to the first
identification information stored in the first identification information storage means, permission from the storage medium to update the revocation information stored on the storage medium; and an updating unit for updating the revocation information
stored on the storage medium in accordance with the permission obtained by the permission obtaining unit.
BRIEF DESCRIPTION OF THE DRAWINGS
These and other objects, advantages and features of the invention will become apparent from the following description taken in conjunction with the accompanying drawings which illustrate a specific embodiment of the invention. In the drawings:
FIG. 1 shows the overall construction of a copyright protection system that is an embodiment of the present invention;
FIG. 2 is a block diagram showing the construction of a content distribute system (CDS);
FIG. 3 is a block diagram showing the construction of a PM (recording medium);
FIG. 4 shows the composition and recorded content of an open ROM region of a PM;
FIG. 5 shows the logical storage regions of the CDS;
FIG. 6 is a block diagram showing the construction of a recording/playback apparatus (portable device (PD);
FIG. 7 shows the logical storage regions of the PD;
FIG. 8 is a block diagram showing the construction of a content usage management system (License Compliant Module (LCM));
FIG. 9 shows the logical storage regions of the LCM;
FIG. 10 shows the former part of the communication between the CDS and the PM and the processing flow;
FIG. 11 shows the latter part of the communication between the CDS and the PM and the processing flow; and
FIG. 12 shows the communication between the PM and the PD and the processing flow.
DESCRIPTION OF THE PREFERRED EMBODIMENT
The following describes an embodiment of the present invention with reference to the attached figures.
FIG. 1 shows the construction of a copyright protection system 100 according to the present embodiment.
This copyright protection system 100 protects the copyrights over digital material that is distributed electronically or through the use of recording media. As shown in FIG. 1, the copyright protection system 100 is composed of a content
distribute system (CDS) 1 in the form of a vending machine that electronically distributes music contents via a communication network such as the Internet, a recording medium (hereinafter portable media (PM)) 13 for storing music contents, a
recording/playback apparatus (hereinafter, portable device (PD)) 12 that is portable and can record music contents onto the PM 13 and playback music contents from PM 13, and a content usage control system (hereinafter, license compliant module (LCM) 21)
that manages the recording, playback and transfer of music contents.
The CDS 1, the PM 13, and the PD 12 are equipped with a function or construction that updates the revocation information described above to prevent unauthorized electronic appliances from making improper accesses to digital productions, even if
the existence of such unauthorized appliances is discovered after the manufacture of the CDS 1, the PM 13, the PD 12, and the LCM 21.
FIG. 2 is a block diagram showing the construction of the CDS 1. The frame numbered 40 represents an electronic music distributor (EMD), such as a music server or broadcast station. The frame numbered 41 represents a revocation information
licensing entity (RLE). When an unauthorized electronic appliance is newly discovered, this RLE 41 issues new revocation information including identification information for that electronic appliance.
The CDS 1 can be realized by a specialized terminal (such as a kiosk terminal) and can be located in a record shop as one example. This CDS 1 is connected to the EMDs 40 and RLE 41 via transfer paths, and is composed of a secure music server
(SMS) 2, an EMD_I/F (interface) unit 3, a PD_I/F unit 5, a media_I/F unit 6, a concealed region driver 7, a registry storing unit 8, a license storing unit 9, a music data storing unit 10, a revocation information receiving unit 14, a user I/F unit 15,
and a revocation information storing unit 16.
The functions of the CDS 1 are described below.
(1) Content Recording (Purchasing) Function
The CDS 1 records a content indicated by the user onto a PM 13 loaded into the CDS 1. This corresponds to when the user purchases the content.
(2) Revocation Information Updating Function
The CDS 1 updates the revocation information on a PM 13 loaded into the CDS 1. This revocation information shows which electronic appliances should be invalidated.
The EMD_I/F unit 3 is a communication adapter or the like for connecting the CDS 1 to a plurality of EMD 40. The PD_I/F unit 5 is a USB (Universal Serial Bus) or the like that connects a PD 12 to the CDS 1. The media_I/F unit 6 is a PCMCIA
(Personal Computer Memory Card International Association) card slot or the like for loading a PM 13 into the CDS 1. The revocation information receiving unit 14 is a communications adapter, or the like, which receives revocation information that is to
be newly registered. The user I/F unit 15 includes an LCD (liquid crystal display) and switches, button keys, or the like.
The music data storing unit 10 is a flash memory for storing encrypted music contents. The registry storing unit 8 is a memory storing attribute information and the like for the music contents stored in the music data storing unit 10.
The license storing unit 9 is a memory for storing a key, or other such information, that is used when decrypting an encrypted music content stored in the music data storing unit 10. The revocation information storing unit 16 is a memory for
temporarily storing revocation information, such as revocation information received from the RLE 41.
The concealed region driver 7 is a control circuit, or the like, for accessing the protected storage regions (described later) of the registry storing unit 8 and the like using a confidential procedure that is not made public. The SMS 2 is a CPU
(Central Processing Unit) or the like for executing processing that controls the other components to achieve the two functions mentioned above.
The following describes the functions of the components of the CDS 1 and the control performed by the SMS 2 separately for the two functions (1) and (2) given above.
(1) Content Recording (Purchasing) Function
In the CDS 1, contents are protected against unauthorized use by having the contents encrypted and decrypted using identification information (a media ID) of each recording medium (PM 13) onto which the contents are recorded.
The CDS 1 includes three reception units numbered #1 to #3 that each correspond to one of the three EMDs 40 also numbered #1 to #3. Encrypted contents (in the present example, music contents) and license information (usage conditions, encrypted
content decryption keys etc.) distributed by the three EMDs 40 are received via the corresponding reception units #1 to #3. The encrypted contents distributed by the each EMD 40 can be produced using different encryption methods and different audio
encoding methods. Each of the receiving units #1 to #3 may also be equipped with functions for playing back received audio and for billing the user. This billing function enables the user to purchase contents as desired.
The SMS 2 receives, via the EMD_I/F unit 3, encrypted contents that have been purchased by the user. When necessary, the EMD_I/F unit 3 decrypts encrypted contents that have been subjected to the audio encoding and encryption methods used by the
different EMDs 40 and converts (re-encrypts) the contents using an audio coding format and encryption format used by the CDS 1.
On receiving an encrypted content, the SMS 2 stores the encrypted content in the music data storing unit 10 and stores the key (the encrypted content decryption key) for decrypting the encrypted content in the license storing unit 9. The SMS 2
may be provided with a playback function to allow users to listen to a music content that has been distributed. When this is the case, the music contents managed by the SMS 2 may be reproduced on the CDS 1.
The SMS 2 is equipped with a function for outputting an encrypted content (music content) stored in the music data storing unit 10 via the media_I/F unit 6 to a PM 13, such as a memory card, that is loaded into the media_I/F unit 6.
By setting a PM 13 in the PD 12, the user can have the encrypted contents (music contents) recorded on the PM 13 decrypted and played back by the PD 12. The SMS 2 can record contents on the PM 13 either directly via the media_I/F unit 6 or
indirectly via the PD 12.
The user can also set the PM 13 in the LCM 21. The LCM 21 decrypts and plays back the encrypted (music) contents recorded on the PM 13. Alternatively, the user can have the encrypted (music) contents on the PM 13 transferred onto the LCM 21 for
storage in the LCM 21 thereafter.
(2) Revocation Information Updating Function
The revocation information is used to identify electronic appliances (PDs, LCMs, etc.) that should be invalidated from using a PM 13 in order to protect the contents on the PM 13. Here, "using a PM 13" means recording contents on a PM 13 or
reading and/or playing back contents recorded on a PM 13. This revocation information is prerecorded on a PM 13 during manufacture.
The revocation information updating function is performed by an electronic appliance that has special permission (CDS 1 in the present example). When necessary, this function uses new revocation information to update the revocation information
that was recorded on a PM 13 during manufacture. The revocation information needs to be updated when unauthorized appliances that should be invalidated are newly discovered.
The CDS 1 is equipped with a revocation information receiving unit 14 that receives new revocation information from the RLE 41. The new revocation information transferred from the RLE 41 to the CDS 1 is encrypted to prevent tampering on the
transfer path between the two devices. As one example, this encryption may use an encryption key that is shared by the RLE 41 and the CDS 1 beforehand.
The SMS 2 receives the encrypted new revocation information that has been issued by the RLE 41 via the revocation information receiving unit 14. The SMS 2 decrypts the encrypted new revocation information and stores the resulting new revocation
information in the revocation information storing unit 16. When a PM 13, such as a memory card, is loaded into the media_I/F unit 6 (i.e., when the media_I/F unit 6 detects that a PM 13 has been inserted), a function provided in the SMS 2 has the new
revocation information in the revocation information storing unit 16 outputted to the PM 13 via the media_I/F unit 6. The SMS 2 can record new revocation information on a PM 13 directly via the media_I/F unit 6 or indirectly via a PD 12.
The following describes the various types of revocation information. Note that the recording media (here, PM 13) is not limited to the storage of digitized music, and may alternatively be used for recording an application system, like a
so-called "electronic book". In this case, revocation information is issued for each application system. As a result, electronic appliances can be revoked separately for each of the application systems and so that only electronic appliances with
special permission for a given application system can be allowed to update the revocation information corresponding to that application system. In the present example, the CDS 1 is permitted to update only the revocation information for electronic
appliances (e.g., PD, LCM) that handle digitized music.
With this arrangement, even if a user tampers with the revocation information updating function of the CDS 1, this will not affect other application systems as the user will still be prevented from updating the revocation information of other
application systems.
It is also possible to revoke an electronic appliance, such as the CDS 1, that has the special permission to update the revocation information using special revocation information (he | | |
