JP2007037197A - Encrypted data delivery system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a distribution device for acquiring TRL (terminal revocation list), which is information for identifying a plurality of terminals and terminals to be invalidated and distributing data to only those terminals that are not to be invalidated and technology for suppressing the data volume of TRL, in a system comprising of a management device for generating the TRL. <P>SOLUTION: The management device 110 generates and transmits a TRL formed from data that expresses terminal IDs of all terminals to be invalidated (i.e. terminals whose IDs have a common bit string), by only the value and the position of the common bit string in the IDs, to the content key distribution device 120. Each terminal 130 holds a terminal ID that includes manufacturer type, a serial number and the like, and requests the distribution of a content key by sending the terminal ID with respect to the content key distribution device 120. The content key distribution device 120 refers to the TRL, decides whether the terminal ID transmitted from the terminal is that of an invalidated terminal; and if the terminal ID transmitted is not the terminal ID of the invalidated terminal, encrypts and transmits the content key to the terminal. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to an encryption communication system, and in particular, does not respond to requests from some terminal devices among a plurality of terminal devices, but receives requests from other terminal devices and transmits encrypted data to the terminal devices. The present invention relates to a cryptographic communication system including a cryptographic communication device.

  In recent years, with the development of Internet-related technology, electronic commerce systems using the Internet have been actively developed.

  Cryptographic techniques are used in data communication in electronic commerce and the like. For example, a public key cryptosystem encryption communication system is often used for authentication of a communication partner, and a secret key cryptosystem encryption communication system is often used to securely distribute data. Cryptographic techniques for public key and private key cryptosystems are described in detail in the document “Modern Cryptography” (Shinichi Ikeno, Kenji Koyama, IEICE, 1986).

  In public key cryptosystems, a public key certificate issued by an organization called a certificate authority is generally added to a public key in order to prove the correspondence between the public key and the person or object that owns it. Sent. A public key certificate is basically public information that does not need to be handled confidentially. Note that the secret key paired with the public key needs to be managed secretly.

  Normally, a public key certificate has a validity period, but if the private key paired with the public key is exposed or suspected of being exposed due to an accident or incident, the public key certificate will be published even during the validity period. The key certificate needs to be revoked.

  As a method of revoking public key certificates, the document “Digital Signature and Cryptography” (translated by Shinichiro Yamada, Pearson Education, pp. 189-196, 1997) includes a certificate revocation list (CRL: Certificate). It shows how to publish a Revocation List. This CRL contains the serial numbers of all public key certificates that should be revoked. Using the CRL, the public key certificate with the serial number described in the CRL can be revoked and used. A mechanism that can be eliminated can be constructed.

  By the way, for a large number of terminal devices for receiving and reproducing digital contents that are required to appropriately use digital contents such as movies that are encrypted for copyright protection and other purposes, a distribution apparatus is provided in response to the request. Considering a distribution service that distributes a key for decrypting digital content (hereinafter referred to as “content key”), in view of copyright protection, the distribution of the content key is performed on an appropriate terminal device. Should only be done for.

  In this distribution service, the terminal device has a device-specific secret key, and the distribution device on the key distribution side receives a notification of the terminal device-specific terminal identifier (terminal ID) along with a content key distribution request from the terminal device. Thus, it is considered that a distribution method or the like is used in which the content key is encrypted only by a secret key unique to the terminal device and transmitted to the terminal device.

  In this case, after it turns out that there is a problem in the method of mounting the secret key in the terminal device manufactured by a certain manufacturer, the content key is not distributed to a group of terminal devices of the manufacturer. It is necessary to do so.

  In addition, regarding a mechanism for preventing copying of digital contents in a terminal device, after a method for disabling the mechanism in a terminal device manufactured by a certain manufacturer was disclosed, the device was released to a group of terminal devices of the manufacturer. On the other hand, it is necessary not to distribute the content key.

  That is, it is necessary to stop the distribution of the content key to the terminal device that has become in an illegal state.

  As a method to meet this need, in the distribution service, the distribution device receives the terminal ID together with the content key distribution request from the terminal device, and all terminals to be invalidated instead of the serial number of the public key certificate described above A modified version of CRL (hereinafter referred to as “TRL” (Terminal Revocation List)), which is to describe the terminal ID of the device, is used, and the received terminal ID is described in the TRL. If so, a method may be considered in which the key is distributed in response to the distribution request only in the case where it is not described without responding to the distribution request.

  However, in the above method, when there are a large number of terminal devices to be invalidated, the terminal IDs of all the terminal devices are described, so the data size of the TRL becomes enormous.

  If it is assumed that about 4 billion terminal devices are targeted for the distribution service, the terminal ID is fixed length data of 4 bytes or more, and 1% of the terminal devices need to be invalidated. TRL has a data size of 160 megabytes or more.

  For this reason, in the distribution service, in order to support a large number of terminal devices, a large number of distribution devices that distribute content keys are distributed in each region, etc., and a TRL is generated by one management device. When an operation mode is assumed in which a TRL includes a digital signature or the like and is transmitted to each distribution apparatus through a public communication network or the like, and each distribution apparatus determines whether or not distribution to a terminal apparatus is possible based on the TRL, the communication data amount In addition, since the amount of data to be held by each distribution device increases, this distribution service may not be practical.

  For example, if TRL transmission is performed each time the number of terminal devices to be invalidated increases, communication congestion is caused due to a large amount of communication data. Also, if the distribution device requests the latest TRL from the management device at the time when the distribution device receives a distribution request with the terminal ID from the terminal device, and receives the TRL, the terminal ID is verified based on the TRL. Since the distribution device takes a long time to receive the TRL, the response to the request from the terminal device is delayed.

  Therefore, the present invention has been made in view of such problems, and encrypts and distributes content keys only to appropriate terminal devices except for some terminal devices to be revoked using TRL. It is an object of the present invention to provide a cryptographic communication system that provides services related to the above-described cryptographic communication, and has improved utility by suppressing the data size of the TRL.

  Another object of the present invention is to provide various techniques that contribute to the construction of the above-described cryptographic communication system.

  In order to achieve the above object, an encryption communication system according to the present invention has a function of transmitting an encryption communication device and a terminal identifier that is a bit string of a predetermined number of bits that can identify the terminal device to the encryption communication device. And a management device that generates invalidation terminal specifying information indicating one or more terminal identifiers as specifying a terminal device to be invalidated, wherein the management device includes the predetermined bit. An invalidated terminal that generates the invalidated terminal specifying information using a data format that comprehensively represents all terminal identifiers having the same part as the value by information that specifies a value of a part in a number of bit strings Specific information generating means, and output means for outputting the generated invalidated terminal specific information, wherein the cipher communication device outputs the invalidation output by the management device Invalidation terminal identification information acquisition means for acquiring terminal identification information, terminal identifier reception means for receiving the terminal identifier when the terminal identifier is transmitted from the terminal device, and the terminal identifier received by the terminal identifier reception means Determination means for determining whether or not the terminal device to be invalidated matches any of the terminal identifiers indicated by the invalidated terminal identification information, and the received terminal identifier is the invalidated terminal identification If it is determined by the determination means that it does not match any of the terminal identifiers indicated by the information, a predetermined encryption is performed between the terminal device that has transmitted the terminal identifier and the terminal device is encrypted. On the other hand, when the received terminal identifier matches any terminal identifier indicated by the invalidated terminal specifying information, the determination means When it is more determined, in between the terminal device which has transmitted the terminal identifier; and a communication unit that does not perform the predetermined communication.

  Here, the encryption communication device is, for example, a content key distribution device as shown in the first to third embodiments, the predetermined communication is, for example, transmission of an encrypted content key, and the invalidation terminal specifying information is, for example, It is TRL shown in the forms 1-3.

  According to the present invention, all terminal IDs including a certain bit string are comprehensively expressed by information specifying the value and position of a common bit string included therein, so that the amount of TRL data can be kept relatively small. As a result, there is a practical cryptographic communication system that provides services related to cryptographic communication such as encrypting and distributing content keys only to appropriate terminal devices excluding some terminal devices to be invalidated. Realized.

  The invalidated terminal specifying information generated by the invalidated terminal specifying information generating means specifies value information indicating a value of a part in a bit string having a predetermined number of bits and a bit position of the part in the bit string. 1 or more sets of corresponding position information, and a partial bit string in the terminal identifier that is located at the bit position specified by each position information is the position information. Is information for identifying all terminal devices identified by all terminal identifiers that are the same as the value indicated by the value information corresponding to the terminal devices to be invalidated, and the determining means identifies the invalidated terminal For each position information included in the information, a part located at a bit position specified by the position information in the terminal identifier received by the terminal identifier receiving means Whether the value of the actual bit string matches the value indicated by the value information corresponding to the position information, and if the bit string matches even once in the check, the received terminal identifier is invalidated. It may be determined that the terminal device matches with any one of the terminal identifiers indicated by the invalidated terminal specifying information as the terminal device to be specified.

  As a result, the invalidated terminal specifying information is in a format in which a part of the terminal ID value and a part of the position are associated with each other, so that it is not necessary to fix a part of the position by operating rules or the like. Since all terminal IDs having a common value in an arbitrary bit string range can be represented by information consisting of a set of values and positions, a large number of invalidated terminals can be represented by a small amount of information when operated effectively. Will be able to.

  The invalidated terminal specifying information generated by the invalidated terminal specifying information generating means includes one or more sets of representative value information that is a bit string having a predetermined number of bits and a mask flag having a predetermined number of bits in association with each other. In the portion in the terminal identifier, the value of the portion whose bit value in each mask flag is 1 is identified by each of all the terminal identifiers that are the same as the value of the portion in the representative value information corresponding to the mask flag. The terminal device received by the terminal identifier receiving unit for each mask flag included in the invalidated terminal specifying information. Whether the logical product of the mask flag matches the logical product of the representative value information corresponding to the mask flag and the mask flag. If the received terminal identifier matches even once in the inspection, it is determined that the received terminal identifier matches with any terminal identifier indicated by the invalidated terminal specifying information as specifying the terminal device to be invalidated. It is good to do.

  As a result, in a method of representing a large number of terminal IDs by a set of a part of the terminal ID and a part of the bit positions, the bit position constituting the part is set to 1 in the mask flag. A bit position which is indicated by a position and does not constitute a part of the position is indicated by a position where the value in the mask flag is 0. Therefore, from the terminal ID received from the terminal, the part to be checked against the value included in the invalidated terminal specifying information is extracted by a simple calculation with a small amount of calculation for obtaining the logical product of the terminal ID and the mask flag. Will be able to. This leads to faster determination in the encryption communication device.

  Further, the invalidated terminal specifying information generating means generates the invalidated terminal specifying information including isolated value information of a predetermined number of bits, and the invalidated terminal specifying information further has the same value as the isolated value information. The terminal identifier is also information that identifies the terminal device to be invalidated, and the determination means further includes a terminal identifier received by the terminal identifier reception means, and isolated value information included in the invalidation terminal identification information, If the received terminal identifiers coincide with each other, it may be determined that the received terminal identifier matches one of the terminal identifiers indicated by the invalidated terminal specifying information as specifying the terminal device to be invalidated.

  Here, the isolated value information is, for example, the individual information shown in FIG. 8, and accordingly, when the terminal ID of one invalidated terminal does not have a bit in common with the terminal ID of another invalidated terminal, that is, it is isolated. In this case, since the terminal ID of the one invalidated terminal is included in the invalidated terminal specifying information as isolated value information, when there are many isolated invalidated terminals, the terminal of the one invalidated terminal The invalidated terminal specifying information can be configured with a smaller amount of data than a format in which the ID is expressed by a set of the terminal ID value and a mask flag whose bits are all 1.

  Further, the invalidated terminal specifying information generated by the invalidated terminal specifying information generating means associates valid upper digit information indicating the number of bit digits and value information indicating the value of the bit string corresponding to the number of bit digits. And the bit string value for the number of bit digits indicated by each valid high-order digit information from the most significant bit in the terminal identifier is the same as the value indicated by the value information corresponding to the valid high-order digit information Is the information that identifies all of the terminal devices identified by all the terminal identifiers as terminal devices to be invalidated, and the determination means, for each valid upper digit information included in the invalidated terminal identification information, The value of the bit string corresponding to the number of bit digits indicated by the effective high-order digit information from the most significant bit in the terminal identifier received by the terminal identifier receiving means is the effective high-order digit information. It is checked whether or not the value indicated by the corresponding value information matches, and if it matches even once in the check, the received terminal identifier specifies the terminal device to be invalidated as the invalidation. It may be determined that it matches any one of the terminal identifiers indicated by the terminal identification information.

  As a result, all terminal IDs having a common value for an arbitrary number of bits from the top of the terminal ID can be represented by the valid high-order digit information and the value information indicating the number of bits. In general, terminal ID management operation, such as the manufacturer identifier that manufactured the terminal, such as information that distinguishes a group having a property common to the structure and function of the terminal to some extent is often positioned in the upper bits of the terminal ID. When a large number of terminals to be invalidated are generated in relation to a specific manufacturer, product structure, etc., the invalidated terminal specifying information can be configured with a relatively small amount of data.

  Further, the management device has terminal identifier acquisition means for acquiring terminal identifiers of all terminal devices to be invalidated, and the invalidation terminal specifying information generation means is configured such that the predetermined number of bits is N, the terminal identifier Identifying one or more X values satisfying the condition that the number of terminal identifiers having the same X-bit value from the most significant bit among the terminal identifiers acquired by the acquisition means is a power of 2 (N−X); For each value of X, 2 (N−X) power terminal identifiers according to the condition are expressed as effective high-order digit information indicating the number of bit digits of X, and the X bit portion from the most significant bit of the terminal identifier. The invalidated terminal specifying information may be generated using a data format comprehensively expressed with value information indicating a bit string value.

  As a result, it is possible to construct invalidated terminal specifying information with a reduced amount of data without placing a special operation burden on the operator of the management apparatus.

  Each terminal device is manufactured by any one of a plurality of manufacturers, and each terminal identifier for identifying each terminal device is a bit string of a predetermined number of bits from the most significant bit in the terminal identifier. It is good also as showing the manufacturer of the said terminal device.

  As a result, it is possible to represent all terminal IDs that share a certain number of bits from the top by a set of small information, and since information indicating the manufacturer is included above the terminal ID, a specific manufacturer can Effectively reduce the amount of data of invalidated terminal identification information when the manufactured terminal is found to have a mechanical problem, for example, a defect that allows the user to copy content indefinitely by executing a certain procedure. It will be possible to suppress.

  Each terminal identifier for identifying each terminal device is a predetermined number of high-order bit strings following the bit string indicating the manufacturer in the terminal identifier, and indicates what type of product the terminal apparatus belongs to. Also good.

  As a result, when it turns out that there is a problem only with a certain product manufactured by a specific manufacturer, the amount of data of invalidation terminal identification information required to make all terminals equipped with that product invalidation terminals Can be suppressed.

  In addition, each of the plurality of terminal devices has a unique decryption key, and can further store encrypted content, which is content encrypted with a content key, in the terminal device itself. The output is performed by transmitting invalidated terminal specifying information to the encryption communication device, and the encryption communication device stores encryption keys corresponding to the decryption keys of all the terminal devices; Content key storage means for storing the content key, wherein the invalidated terminal specifying information acquiring means performs the acquisition by receiving the invalidated terminal specifying information transmitted by the output means, and the communication If the determination means determines that the received terminal identifier does not match any terminal identifier indicated by the invalidated terminal specifying information, The content key is encrypted and transmitted to the terminal device that has transmitted the terminal identifier using an encryption key corresponding to the decryption key of the terminal device, and the terminal device transmits the encryption transmitted from the encryption communication device. A decrypting unit that decrypts the already-used content key using the decryption key unique to the terminal device, and a content key decrypted by the decrypting unit when the encrypted content is stored inside the terminal device. Reproducing means for decrypting and reproducing the encrypted content may be provided.

  As a result, when a terminal realizes a system that takes into account copyright protection, etc., only when the encrypted content key is acquired from the encryption communication device, a group of products manufactured by a manufacturer can be obtained. When it turns out that the terminal has fallen into a state where copyright protection is not possible, the number of bit digits indicating the upper part of the terminal ID to the maker ID part and the data with a small amount of data such as the maker ID are invalid for the group. Since the information for identifying the terminal to be converted can be configured, the amount of data that must be transmitted from the management apparatus to the encryption communication apparatus can be suppressed, and the transmission time of the data can be shortened.

  The invalidated terminal specifying information generated by the invalidated terminal specifying information generating means includes one or more values in a bit string having a predetermined number of bits and comprehensive information specifying the part, and has a predetermined number of bits. Each of the exception information from among all the terminal identifiers that include one or more exception information and the part specified by each comprehensive information among the parts in the terminal identifier is the same as the value specified by the comprehensive information Is the information that identifies all the terminals except for the terminal identifier that is the same value as the terminal device to be invalidated, and the determining means includes the terminal identifier received by the terminal identifier receiving means in the invalidated terminal specifying information. When the part specified by any of the included comprehensive information is checked to see if it matches the value specified by the comprehensive information, and if it matches in the inspection Unless the received terminal identifier is equivalent to any exception information included in the invalidated terminal specifying information, the invalidated terminal identifier is assumed to identify the terminal device to be invalidated. It may be determined that it matches any one of the terminal identifiers indicated by the terminal identification information.

  Thus, there are cases where it is possible to specify the terminal IDs of all invalidation terminals with a small amount of data by using exception information rather than simply specifying the terminal IDs of invalidation terminals using only comprehensive information. For example, assuming that there are 15 invalidation terminals and all of their terminal IDs share the same value of all bit strings except the lower 4 bits, the lower 3 bits are excluded by one comprehensive information. Represents eight terminal IDs whose values of all bit strings are common, and expresses four terminal IDs whose values of all bit strings except for the lower 2 bits are common by another one comprehensive information, Compared with the case where invalidation terminal specifying information for specifying the terminal IDs of a total of 15 invalidation terminals is constructed as expressing the terminal ID by the value of one terminal ID itself, according to the present invention, for example, 1 16 pieces of terminal IDs that share a bit string excluding the lower 4 bits are represented by one comprehensive information, and the terminal ID of one terminal that is not an invalidated terminal among the 16 terminal IDs is represented by exception information. Since the invalidation terminal specific information of the same meaning as that can be constructed, it is possible to suppress the data volume of invalidated terminals specified information.

  Further, the management device has terminal identifier acquisition means for acquiring terminal identifiers of all terminal devices to be invalidated, and the invalidation terminal specifying information generation means is configured such that the predetermined number of bits is N, the terminal identifier An N-bit bit string obtained by inverting only the least significant bit of any of the terminal identifiers acquired by the acquisition unit, and a condition that the value is not the same as any of the other terminal identifiers acquired by the terminal identifier acquisition unit A bit string to be satisfied is defined as the exception information, the bit string is regarded as a terminal identifier, and the value of the X bit from the most significant bit is the same among the terminal identifier acquired by the terminal identifier acquisition unit and the determined terminal identifier. The value of X that satisfies the condition that the number of certain terminal identifiers is the power of (N−X) and that is less than N is 1 For each specified X value, specify the X value and the value of the bit string of the X bit portion from the most significant bit of 2 (N−X) power terminal identifiers according to the condition The invalidated terminal specifying information may be generated by defining the information to be performed as the comprehensive information.

  As a result, it is possible to construct invalidated terminal specifying information with a reduced amount of data in a certain situation without imposing a special operation burden on the operator of the management apparatus.

  Further, each of the plurality of terminal devices has a unique decryption key, and the encryption communication device has encryption key storage means for storing encryption keys corresponding to the decryption keys of all the terminal devices. When the determination unit determines that the received terminal identifier does not match any terminal identifier indicated by the invalidated terminal specifying information, the communication unit transmits the terminal identifier to the terminal device that has transmitted the terminal identifier. On the other hand, the communication data is encrypted using an encryption key corresponding to the decryption key of the terminal device, and the terminal device transmits the communication data transmitted from the encryption communication device to the decryption key unique to the terminal device. It is good also as decoding using.

  As a result, whether or not the terminal is normal even in a situation where a large number of terminals to be invalidated occur in a system including an encryption communication device that provides a service for transmitting communication data only to a normal terminal Since the data amount of the invalidated terminal specifying information necessary for the determination of whether or not can be reduced, the determination can be speeded up.

  Further, the output means performs the output by transmitting the invalidated terminal specifying information to the cryptographic communication device, and the invalidated terminal specifying information acquiring means is configured to specify the invalidated terminal specified by the output means. The acquisition may be performed by receiving information.

  As a result, the management apparatus can construct invalidation terminal specifying information required by the encryption communication apparatus with a reduced amount of data, and can quickly transmit the information to the encryption communication apparatus.

  The output unit includes a mounting unit to which a recording medium can be mounted, and performs the output by recording the invalidated terminal specifying information on the mounted recording medium. The recording medium can be mounted, and the acquisition may be performed by reading the invalidated terminal specifying information from the mounted recording medium.

  As a result, when the management device records the invalidation terminal specifying information required by the encryption communication device and transmits it on the recording medium, it becomes possible to use a conventional recording medium having a somewhat small recording allowable capacity. .

  Also, the management device according to the present invention, invalidated terminal identification information indicating each terminal identifier of one or more terminal devices to be invalidated among terminal identifiers that are bit strings of a predetermined number of bits capable of identifying each of a plurality of terminal devices. Using a data format that comprehensively expresses all terminal identifiers that have the same value as the value according to information that specifies the value of the part in the bit string of the predetermined number of bits, It is characterized by comprising invalidated terminal specifying information generating means for generating the invalidated terminal specifying information and output means for outputting the generated invalidated terminal specifying information.

  With this management device, the invalidated terminal identification information that is output can identify a large number of invalidated terminals with a relatively small amount of data, and the invalidated terminal identification information that is output can be transmitted to a transmission or recording medium. In terms of recording, it becomes easy to use.

  The invalidated terminal specifying information generated by the invalidated terminal specifying information generating means specifies value information indicating a value of a part in a bit string having a predetermined number of bits and a bit position of the part in the bit string. 1 or more sets of corresponding position information, and a partial bit string in the terminal identifier that is located at the bit position specified by each position information is the position information. It is good also as information which specifies all the terminal devices identified by each of all the terminal identifiers which are the same as the value shown by value information corresponding to as a terminal device which should be invalidated.

  As a result, the invalidated terminal specifying information is in a format in which a part of the terminal ID value and a part of the position are associated with each other, so that it is not necessary to fix a part of the position by operating rules or the like. Since all terminal IDs having a common value in an arbitrary bit string range can be represented by information consisting of a set of values and positions, a large number of invalidated terminals can be represented by a small amount of information when operated effectively. Will be able to.

  Each terminal device is manufactured by one of a plurality of manufacturers, and each terminal identifier for identifying each terminal device is a bit string in a predetermined range in the terminal identifier. It is good also as showing a manufacturer.

  As a result, when it is found that a terminal manufactured by a specific manufacturer has a mechanism defect, the data amount of invalidated terminal specifying information can be effectively suppressed.

  The cryptographic communication device according to the present invention is a cryptographic communication device that performs communication with each terminal device that holds a terminal identifier that is a bit string of a predetermined number of bits that can identify the terminal device among a plurality of terminal devices. And a terminal device to be invalidated by using a data format that comprehensively expresses all terminal identifiers in which the part is identical to the value by the information specifying the value of the part in the bit string of the predetermined number of bits. As a means for identifying the terminal, the invalidated terminal specifying information acquisition means for acquiring the invalidated terminal specifying information indicating each terminal identifier of one or more terminal apparatuses from the outside, and the terminal held by the terminal apparatus from the terminal apparatus The terminal identifier receiving means for receiving the terminal identifier when the identifier is transmitted, and the terminal identifier received by the terminal identifier receiving means specify the terminal device to be invalidated Determination means for determining whether or not any terminal identifier indicated by the invalidated terminal specifying information matches with any terminal identifier indicated by the invalidated terminal specifying information. If it is determined by the determining means that they do not match, the terminal device that has transmitted the terminal identifier performs predetermined communication by performing encryption unique to the terminal device, and the received terminal Communication that does not perform the predetermined communication with the terminal device that has transmitted the terminal identifier when the determination unit determines that the identifier matches any terminal identifier indicated by the invalidated terminal specifying information Means.

  Thereby, it is determined whether or not the terminal ID received from the terminal is the terminal ID of the invalidated terminal by acquiring and referring to invalidated terminal specifying information for identifying a large number of invalidated terminals with a relatively small amount of data. You can do it quickly.

  The invalidated terminal specifying information acquired by the invalidated terminal specifying information acquiring unit specifies value information indicating a value of a part in a bit string having a predetermined number of bits and a bit position of the part in the bit string. 1 or more sets of corresponding position information, and a partial bit string in the terminal identifier that is located at the bit position specified by each position information is the position information. Is information for identifying all terminal devices identified by all terminal identifiers that are the same as the value indicated by the value information corresponding to the terminal devices to be invalidated, and the determining means identifies the invalidated terminal For each position information included in the information, a part located at a bit position specified by the position information in the terminal identifier received by the terminal identifier receiving means Whether the value of the actual bit string matches the value indicated by the value information corresponding to the position information, and if the bit string matches even once in the check, the received terminal identifier is invalidated. It may be determined that the terminal device matches with any one of the terminal identifiers indicated by the invalidated terminal specifying information as the terminal device to be specified.

  As a result, the invalidated terminal specifying information is in a format in which a part of the terminal ID value and a part of the position are associated with each other, so that it is not necessary to fix a part of the position by operating rules or the like. Since all terminal IDs having a common value in an arbitrary bit string range can be represented by information consisting of a set of values and positions, a large number of invalidated terminals can be represented by a small amount of information when operated effectively. Will be able to.

  The information generation method according to the present invention is an information generation method for generating invalidated terminal specifying information for specifying a terminal apparatus to be invalidated among a plurality of terminal apparatuses, wherein each of the plurality of terminal apparatuses is identified. Among the terminal identifiers that are bit strings of a predetermined number of possible bits, the terminal identifier acquisition step of acquiring each terminal identifier of each terminal device to be invalidated, and the portion that is specified by the information that specifies the value of a part in the bit string of the predetermined number of bits Generating the invalidated terminal specifying information indicating all terminal identifiers acquired by the terminal identifier acquiring step using a data format that comprehensively represents all terminal identifiers having the same value as the value; It is characterized by including.

  As a result, information for identifying a large number of invalidation terminals can be constructed with a small amount of data.

  The recording medium according to the present invention is a computer-readable recording medium in which invalidated terminal specifying data is recorded. The invalidated terminal specifying data is a bit string having a predetermined number of bits that can identify each of a plurality of terminal devices. In order to specify each terminal identifier of each terminal device to be invalidated, a terminal identifier specifying field in which partial specifying information for specifying a partial value in the bit string of the predetermined number of bits is provided. The part specifying information comprehensively represents all terminal identifiers having the same part as the value. Similarly, the invalidated terminal specifying data according to the present invention is to identify each terminal identifier of each terminal apparatus to be invalidated among terminal identifiers consisting of a predetermined number of bits that can identify each of a plurality of terminal apparatuses. It has a terminal identifier specifying field in which part specifying information for specifying a part of a value in the bit string of the predetermined number of bits is recorded, and by the part specifying information, all terminal identifiers in which the part is the same as the value It is characterized by comprehensive expression.

  As a result, all terminal IDs including a certain bit string are comprehensively expressed by information for specifying the value and position of the common bit string included in the terminal ID, so that the data amount of the invalidated terminal specifying data is kept relatively small. Will be able to.

  In addition, an encryption communication system according to the present invention includes an encryption communication device, a terminal device that transmits a key identifier having a predetermined number of bits to the encryption communication device, and an invalidation key identifier that specifies one or more key identifiers to be invalidated. An encryption communication system including a management device that generates specific information, wherein the management device includes all keys whose part is identical to the value by information specifying a value of a part of the bit string of the predetermined number of bits. Using a data format that comprehensively represents an identifier, invalidation key identifier specifying information generating means for generating the revocation key identifier specifying information, and output means for outputting the generated revocation key identifier specifying information And the encryption communication device receives the key identifier from the terminal device and the revocation key identifier specification information acquisition means for acquiring the revocation key identifier specification information output by the management device. A key identifier receiving means, a determining means for determining whether the key identifier received by the key identifier receiving means matches any key identifier specified by the revoked key identifier specifying information, and Only when it is determined by the determination means that the received key identifier does not match any key identifier specified by the revocation key identifier specifying information, between the terminal device that transmitted the key identifier, Communication means for performing predetermined communication by performing unique encryption on the key identifier.

  As a result, the data data required to confirm the validity of the key identifier in a system that provides a service that performs predetermined communication such as transmission of specific important data only to a terminal that has sent a valid key identifier. Since the amount can be reduced, the practicality of such a system can be increased.

Hereinafter, a content key distribution system which is an embodiment in which the present invention is applied to a system in consideration of copyright protection of content will be described with reference to the drawings.
<Embodiment 1>
<System configuration>
FIG. 1 is a configuration diagram of a content key distribution system according to Embodiment 1 of the present invention.

  The content key distribution system 100 distributes a plurality of content reproduction devices 130 for reproducing content and an encrypted content key (hereinafter referred to as “encrypted content key”) in response to a request from each content reproduction device. The key distribution device 120 includes a management device 110 that transmits to the content key distribution device 120 a revocation terminal list (TRL) that is information used to determine whether the encrypted content key can be distributed. In the content key distribution system 100, one or a plurality of content key distribution devices 120 are provided.

  Here, the content playback devices 130a, 130b, etc. are installed in each house, for example, acquire encrypted content via a communication path or a recording medium, and decrypt the content using a content key for playback. It is a device having a function to perform.

  In a system that takes copyright protection into consideration, it is assumed that content is encrypted and distributed. For this reason, unless the content reproduction device receives the encrypted content key from the content key distribution device 120 and decrypts it, the content reproduction device cannot decrypt the encrypted content and therefore cannot reproduce it.

  Each of the content playback devices 130 (hereinafter also referred to as “terminals”) includes a CPU, a memory, a hard disk, an external communication mechanism, and the like, so that a user can view content such as a movie through a display device or a speaker. As described above, the device performs the content reproduction processing to be reproduced, and functionally includes a terminal ID storage unit 131, a decryption key storage unit 132, an encrypted content storage unit 133, a request transmission unit 134, an encrypted content key reception unit 135, A decoding unit 136 and a reproduction unit 137 are included.

  The terminal ID storage unit 131 is a storage area such as a ROM (read only memory) that stores a terminal ID for identifying each terminal. For example, when 16 terminals can be used in the content key distribution system 100, the terminal ID is composed of a bit string of 4 bits or more that can identify 16 terminals. For example, when 5 billion terminals are assumed. The terminal ID is a bit string exceeding 32 bits. In the first embodiment, for convenience of explanation, description will be made mainly using an example in which 16 terminals are assumed and the terminal ID is 4 bits.

  The decryption key storage unit 132 is a storage area such as a ROM that stores a decryption key used for decrypting the encrypted content key. This decryption key is a secret key having a unique value for each terminal, and is composed of, for example, 128 bits.

  The encrypted content storage unit 133 is an area of a recording medium such as a hard disk that stores the encrypted content. Note that the terminal has a function of acquiring encrypted content from the outside by reception or the like and storing it in the encrypted content storage unit 133.

  The request transmission unit 134 has a function of transmitting transmission request information including the terminal ID stored in the terminal ID storage unit 131 to the content key distribution apparatus 120 through the communication path 101 such as a public network.

  The encrypted content key receiving unit 135 has a function of receiving an encrypted content key when the encrypted content key is transmitted from the content key distribution apparatus 120.

  Upon receiving the encrypted content key received by the encrypted content key receiving unit 135, the decrypting unit 136 decrypts the encrypted content key using the decryption key stored in the decryption key storage unit 132, and the decryption result The content key obtained as described above is sent to the playback unit 137.

  Further, the playback unit 137 has a function of decrypting and playing back the encrypted content stored in the encrypted content storage unit 133 using the content key transmitted from the decryption unit 136. When content is played back by the playback unit 137, the user can view the content.

  Note that some of the functions performed by the request sending unit 134, the encrypted content key receiving unit 135, the decrypting unit 136, and the reproducing unit 137 are realized by executing a control program stored in the memory on the CPU.

  The management device 110 is, for example, a computer or the like installed in an organization that conducts business related to the protection of the copyright of content, etc., and the copyright and the like when the decryption key stored in each terminal 130 is exposed. Content key distribution device by generating a TRL mainly containing information for identifying all terminals that cannot be protected, that is, all terminals that should not be distribution destinations of encrypted content keys 120 is a device that performs TRL generation transmission processing to be transmitted to 120. Hereinafter, a terminal that should not be a delivery destination of an encrypted content key is referred to as an invalidation terminal.

  As illustrated in FIG. 1, the management device 110 includes an invalidated terminal ID group acquisition unit 111, a TRL generation unit 112, and a TRL transmission unit 113.

  Here, the invalidated terminal ID group obtaining unit 111 has a function of obtaining information for identifying terminal IDs for all invalidated terminals and providing the obtained terminal IDs to the TRL generating unit 112.

  The TRL generation unit 112 has a function of generating a TRL mainly including information for specifying the invalidation terminal based on each terminal ID given from the invalidation terminal ID group acquisition unit 111 and transmitting the TRL to the TRL transmission unit 113. . The generation of TRL will be described in detail later.

  Further, the TRL transmission unit 113 has a function of transmitting the TRL transmitted from the TRL generation unit 112 to the content key distribution apparatus 120 through a communication path.

  The procedure of the TRL generation / transmission process performed by the management apparatus 110 will be described later.

  The management apparatus 110 is assumed to be operated so as to transmit the TRL to the content key distribution apparatus 120 periodically or when the information of the invalidation terminal to be included in the TRL changes.

  The content key distribution device 120 receives the encrypted content key transmission request from each terminal, and transmits the encrypted content key to the terminal only when the terminal is not an invalidated terminal. Functionally, the TRL storage unit 121, the TRL reception unit 122, the content key storage unit 123, the encryption key group storage unit 124, the transmission request reception unit 125, the verification unit 126, the encryption unit 127, and the An encrypted content key transmission unit 128 is included.

  Here, the TRL storage unit 121 is an area of a recording medium such as a hard disk for storing the TRL.

  The TRL reception unit 122 has a function of receiving the TRL transmitted from the management apparatus 110 and storing it in the TRL storage unit 121.

  The content key storage unit 123 is a storage area such as a memory that stores content keys.

  The encryption key group storage unit 124 is an area such as a hard disk that is stored in advance for each terminal in association with the encryption key corresponding to the decryption key and the terminal ID of the terminal.

  The transmission request reception unit 125 has a function of receiving a transmission request transmitted from each terminal through a public network or the like and transmitting the terminal ID included in the transmission request to the verification unit 126.

  The collation unit 126 collates whether or not the terminal ID transmitted from the transmission request reception unit 125 matches any of the invalidation terminals specified by the TRL, so that the transmission request source terminal is the invalidation terminal. If it is determined that the terminal is an invalid terminal, an instruction to return an error message to the transmission source is transmitted to the encrypted content key transmission unit 128, and if it is determined that the terminal is not an invalid terminal It has a function of transmitting the terminal ID transmitted from the transmission request receiving unit 125 to the encryption unit 127.

  When the encryption unit 127 receives the terminal ID from the verification unit 126, the encryption unit 127 uses the encryption key associated with the terminal ID in the encryption key group storage unit 124 to store the content key in the content key storage unit 123. It has a function of generating an encrypted content key by encrypting the stored content key and sending it to the encrypted content key transmission unit 128.

  In addition, when the encrypted content key transmission unit 128 is instructed by the verification unit 126 to return an error message to the transmission source, the encrypted content key transmission unit 128 transmits the error message to the terminal that issued the transmission request, and When the encrypted content key is transmitted from the encryption unit 127, the encrypted content key is transmitted to the terminal that issued the transmission request.

<Terminal ID / Decryption key / Encryption key>
FIG. 2 is a diagram showing a terminal ID and a decryption key stored in each terminal.

  In the case where the content key distribution system 100 includes 16 terminals and the terminal ID is 4 bits, as shown in the figure, for example, the terminal 0 holds the terminal ID “0000” and the decryption key DK0, 1 holds a terminal ID “0001” and a decryption key DK1, and the terminal 15 holds a terminal ID “1111” and a decryption key DK15. The decryption keys DK0, DK1,..., DK15 are all bit strings whose values do not match each other. Each terminal protects the decryption key in a secret state by a tamper resistant technique or the like.

  FIG. 3 is a conceptual diagram showing a method for determining the value of the terminal ID held by each terminal.

  For example, an organization that performs a business related to protection of copyrights, etc. assigns a terminal ID to each terminal manufactured by each manufacturer, and the manufacturer assigns the terminal ID assigned to each terminal according to the assignment in the terminal manufacturing stage. Set the ROM etc. that stores

  The circle in FIG. 3 is referred to as a node, and the straight line connecting the circles is expressed as a path. In FIG. 3, a tree structure of the binary tree is set so that each of the 16 terminals is associated with each node 12 of the lowest layer. And a value of “0” or “1” is assigned to each of two paths from a certain node to a node in a lower layer.

  The terminal ID of each terminal is the value “0” or “1” assigned to all paths connecting the node 11 of the highest layer to the node 12 of the lowest layer corresponding to the terminal, from the higher layer. It is represented by a bit string obtained by concatenating in the direction of the lower layer. Therefore, a terminal ID is determined for each terminal as shown in FIG.

  FIG. 4 is a diagram showing an example of the contents of data stored in the encryption key group storage unit 124 of the content key distribution apparatus 120.

  In the encryption key group storage unit 124, terminal IDs and encryption keys for all terminals are stored in association with each other as shown in FIG.

  For example, the encryption key EK0 is associated with the terminal ID “0000”, and this encryption key EK0 is a key corresponding to the decryption key DK0 held in the terminal 0. Therefore, data encrypted using the encryption key EK0 can be decrypted using the decryption key DK0.

  Note that the encryption key EKi and the corresponding decryption key DKi match EKi and DKi and use a public key cryptosystem if a secret key cryptosystem is used for the encryption algorithm for encrypting the content key. In this case, EKi and DKi are not matched but are a pair.

<System operation>
Hereinafter, an outline of the system operation of the content key distribution system 100 will be described.

<Operation of management device>
FIG. 5 is a flowchart showing TRL generation / transmission processing performed by the management apparatus 110.

  The TRL generating unit 112 of the management apparatus 110 acquires a terminal ID group for the invalidated terminal from the invalidated terminal ID group acquiring unit 111 (step S21), and an information part (hereinafter, “terminal” that identifies the invalidated terminal in the TRL. The TRL data generation process for calculating the content of “ID-related information” is performed (step S22). Details of the TRL data generation process will be described later.

  After the TRL data generation processing, the TRL generation unit 112 constructs a TRL including the generated terminal ID related information (step S23), transmits the TRL to the TRL transmission unit 113, and receives the TRL, thereby receiving the TRL transmission unit 113. Transmits the TRL to the content key distribution apparatus 120 through the communication path (step S24).

<Operation of content playback device>
FIG. 6 is a flowchart showing content reproduction processing performed by the content reproduction device 130.

  The content reproduction device 130 (terminal) performs content reproduction processing when receiving an operation for instructing the user to reproduce content, for example.

  First, the request sending unit 134 of the terminal transmits a transmission request composed of data including the terminal ID unique to the terminal stored in the terminal ID storage unit 131 to the content key distribution apparatus 120 through the communication path. The transmission of the encrypted content key is requested (step S31). In response to this transmission request, the content key distribution apparatus 120 sends an encrypted content key or an error message.

  After the transmission request, the encrypted content key receiving unit 135 determines whether the encrypted content key has been successfully received (step S32), and the encrypted content key is received only when the encrypted content key is normally received. The key is transmitted to the decryption unit 136. In response to this, the decryption unit 136 decrypts the encrypted content key using the decryption key held in the decryption key storage unit 132, and transmits the content key obtained as a result of the decryption to the reproduction unit 137 (step S33). ).

  When the content key is transmitted, the reproducing unit 137 reproduces the encrypted content stored in the encrypted content storage unit 133 while decrypting the content using the content key (step S34). By this reproduction, for example, video, audio, etc. are output through a display device or a speaker, and the user can view the content.

<Operation of Content Key Distribution Device>
FIG. 7 is a flowchart showing content key distribution processing performed by the content key distribution device 120.

  The content key distribution device 120 receives the TRL at least once by the TRL reception unit 122 and stores it in the TRL storage unit 121 before performing the content key distribution processing, and a transmission request is sent from the content reproduction device 130. The content key distribution process is performed every time.

  When a transmission request is sent from the content reproduction device 130 (terminal), the transmission request receiving unit 125 receives the transmission request and notifies the collation unit 126 of the terminal ID included in the transmission request (step S41).

  When the terminal ID is transmitted, the matching unit 126 performs a TRL matching process by referring to the TRL to determine whether or not the terminal ID is the terminal ID of the invalidated terminal (step S42). Details of the TRL matching process will be described later.

  As a result of the TRL matching process, when it is determined that the terminal ID related to the transmission request is the terminal ID of the invalidated terminal (step S43), the matching unit 126 returns an error message to the transmission source terminal of the transmission request. An instruction to do so is transmitted to the encrypted content key transmitting unit 128, and in response to this, the encrypted content key transmitting unit 128 performs error processing such as transmitting an error message to the terminal (step S47), and content key distribution processing Exit.

  If it is determined in step S43 that the terminal ID related to the transmission request is not the terminal ID of the invalidated terminal as a result of the TRL verification process, the verification unit 126 sends the terminal ID related to the transmission request to the encryption unit 127. In response, the encryption unit 127 extracts the encryption key corresponding to the terminal ID from the encryption key group storage unit 124 and stores the encryption key in the content key storage unit 123 using the encryption key. The content key is encrypted to generate an encrypted content key, and the encrypted content key is transmitted to the encrypted content key transmission unit 128 (step S45).

  When the encrypted content key is transmitted, the encrypted content key transmission unit 128 transmits the encrypted content key to the terminal that issued the transmission request (step S46), and the content key distribution process is completed.

<Structure of TRL>
FIG. 8 is a diagram showing a data structure of the TRL in the first embodiment.

  In addition, although the example of the bit size in the figure assumes the case of 16 terminals, the parentheses correspond to the case where the number of terminals is several hundred million or more as a practical example for reference. An example of the bit size is shown. Hereinafter, a description will be given by using a bit size example in the case of 16 terminals.

  As shown in the figure, the TRL is composed of 8-bit version information 210, terminal ID related information 220, and 64-bit signature information 230.

  The version information 210 is information indicating the version number of the TRL. For example, each time a TRL having a different content is newly generated, the version number is changed.

  The terminal ID related information 220 includes group information 221 and individual information 225.

  The group information 221 includes one or a plurality of sets of IDs 223 and mask data 224, and includes an entry number 222 indicating the number. If the number of sets is M, the value indicated by the entry number 222 is M.

  Here, the mask data 224 is data in a format in which the upper X bits of the 4-bit bit string constituting this are set to “1” and if there are remaining lower bits, all the lower bits are set to “0”. X is expressed as follows.

  The ID 223 paired with the mask data 224 representing X is useful only for the contents of the upper X bits of the 4-bit bit string constituting the ID 223, and the other values are in the form of “0”, for example. It becomes data.

  Based on the set of the ID 223 and the mask data 224, all terminal IDs whose upper X bits represented by the mask data 224 match the value of the ID 223, that is, terminals of 2 (4-X) invalidation terminals. Indicates the ID.

  Therefore, the group information 221 includes one or a plurality of sets that comprehensively express the terminal IDs of a plurality of invalidated terminals.

  The individual information 225 includes one or a plurality of IDs 227, and includes an entry number 226 indicating the number. If the number of IDs 227 is N, the value indicated by the number of entries 226 is N.

  This ID 227 indicates the terminal ID of the invalidated terminal. Accordingly, the individual information 225 includes one or a plurality of pieces of information that individually express the terminal ID of the invalidated terminal.

  The signature information 230 is a so-called digital signature created reflecting the entire version information 210 and terminal ID related information 220.

  FIG. 9 is a diagram illustrating an example of the contents of the TRL.

  In the drawing, as group information, a group in which ID 223 is a bit string “1100” and mask data 224 is a bit string “1100”, and a group in which ID 223 is a bit string “0110” and mask data 224 is a bit string “1110”. And TRL including information whose ID 227 is a bit string “0001” is illustrated as individual information.

  The set of the mask data “1100” and the ID “1100” represents the terminal IDs of four invalidation terminals “1100”, “1101”, “1110”, and “1111”. A pair of mask data “1110” and an ID “0110” represents the terminal IDs of two invalidated terminals “0110” and “0111”.

  Therefore, the TRL shown in FIG. 9 indicates the terminal IDs of a total of seven invalidation terminals, which is six pieces of group information and one piece of individual information.

<Data generation processing for TRL>
FIG. 10 is a flowchart showing a TRL data generation process that is a part of the TRL generation and transmission process performed by the management apparatus 110 according to the first embodiment. In the figure, the terminal ID is expressed as N bits for general purposes, but here it will be described as being 4 bits.

  In the management apparatus 110, the TRL generation unit 112 performs a TRL data generation process after acquiring the terminal ID group for the invalidated terminal from the invalidated terminal ID group acquisition unit 111 (see FIG. 5).

  First, the TRL generation unit 112 stores the acquired terminal ID group in a work ID area that is an area of a storage medium such as a memory (step S201), and a work bit area that is an area of the storage medium such as a memory. 1 bit data “0” and “1” are stored (step S202), and variable X is set to 1 (step S203).

  Subsequently, the TRL generating unit 112 pays attention to one of the X-bit bit data that has not been focused in the work bit area (step S204), and among the terminal IDs stored in the work ID area, The number of items satisfying the condition that the X bit matches the bit data under consideration is counted (step S205).

  As a result of step S205, when the count number becomes 2 to the power of (4-X) (step S206), the TRL generation unit 112 deletes the terminal ID satisfying the condition in step S205 from the work ID area. (Step S207) For the terminal ID satisfying the condition, a bit of which the upper X bits are “1” and the other bits are “0” is set as mask data, and the upper X bits are further focused bits. A 4-bit bit string that is the same as the data and has the other bits set to “0” is used as an ID, and the mask data and the ID are associated with each other and stored as group information in an area of a storage medium such as a memory (step S208). The determination in step S209 is performed.

  When the count number is 0 or 1 as a result of step S205 (step S206), the TRL generating unit 112 skips steps S207 and S208 and performs the determination of step S209.

  Also, if the result of step S205 is that the count is not a power of 2 to the (4-X) power or 0 or 1 (step S206), the TRL generating unit 112 selects the terminal ID that satisfies the condition in step S205. If there are two or more X + 1 bits with “0” from the upper bit, the bit data formed by adding “0” of one bit to the lower bit of the bit data of interest is stored in the work bit area. (Step S210) If there are two or more terminal IDs satisfying the condition, the X + 1 bit from the top is “1”, and one bit “1” is added to the bottom of the bit data of interest. The bit data to be processed is stored in the working bit area (step S211), and the determination in step S209 is performed.

  In step S209, the TRL generation unit 112 determines whether there is unfocused X-bit bit data, and if unfocused X-bit bit data still exists, the process returns to step S204 to return the next bit data. If there is no unfocused X-bit bit data, the variable X is incremented by 1 (step S212), and it is determined whether the variable X is equal to 4 (step S213).

  If the TRL generation unit 112 determines in step S213 that the variable X is not equal to 4, the process returns to step S204 and performs processing while paying attention to the next bit data, and determines that the variable X is equal to 4. In this case, if the terminal ID remains in the work ID area, all the terminal IDs are stored as an ID in the individual information in one area of a storage medium such as a memory (step S214), thereby generating TRL data. The process ends.

  5 is constructed by adding the number of entries to the group information and individual information stored in one area of the storage medium by the TRL data generation process described above, and further adding version information and It is executed by adding signature information.

  Therefore, for example, the TRL generation unit 112 receives seven terminals “0001”, “0110”, “0111”, “1100”, “1101”, “1110”, and “1111” from the invalidated terminal ID group acquisition unit 111. When the ID is acquired, the TRL having the contents illustrated in FIG. 9 is generated by the above-described procedure. This TRL indicates that the group of terminals 6 and 7 adjacent to each other in FIG. 3, the group of terminals 12 to 15, and the terminal 1 is an invalidated terminal.

  When there is no invalidation terminal, the number of entries in the TRL group information is 0, and the number of entries in the individual information is also 0.

<TRL verification process>
FIG. 11 is a flowchart showing a TRL verification process that is a part of the content key distribution process performed by the content key distribution apparatus 120 according to the first embodiment.

  The collation unit 126 of the content key distribution apparatus 120 performs this TRL collation process every time the terminal ID transmitted from the terminal is obtained from the transmission request reception unit 125.

  The collation unit 126 determines whether or not the ID 227 that matches the terminal ID sent from the terminal exists in the individual information 225 in the TRL stored in the TRL storage unit 121 (step S221). If the ID 227 exists, it is determined that the terminal ID acquired from the terminal is the terminal ID of the invalidated terminal (step S222), and the TRL matching process is terminated.

  If it is determined in step S221 that the ID 227 that matches the terminal ID sent from the terminal is not included in the TRL individual information 225, the collation unit 126 sets a set of IDs 223 in the TRL group information and It is checked whether any terminal ID represented by the mask data 224 matches the terminal ID sent from the terminal (steps S223 and S224).

  That is, the collation unit 126 obtains a bitwise logical product of the terminal ID sent from the terminal and the mask data 224 (step S223), and the obtained logical product matches the ID 223 paired with the mask data 224. (Step S224), if they match, it is determined that the terminal ID acquired from the terminal is the terminal ID of the invalidated terminal (step S222), and the TRL matching process is terminated.

  If they do not match in step S224, the collation unit 126 determines whether or not the processing in steps S223 and S224 has been performed for all combinations of ID 223 and mask data 224 in the TRL group information (step S225). If not all the sets have been processed, the processes of step S223 and step S224 are performed again.

  If it is determined in step S225 that all sets have been processed, the collation unit 126 determines that the terminal ID acquired from the terminal is not the terminal ID of the invalidated terminal (step S226), and performs TRL collation processing. finish.

  Hereinafter, assuming that the TRL stored in the TRL storage unit 121 is the content illustrated in FIG. 9, the transmission request including the terminal ID “1101” from the terminal 13 is a content using FIGS. 7 and 11. A specific operation of the content key distribution device 120 will be described assuming that the content key distribution device 120 is sent to the key distribution device 120.

  The transmission request reception unit 125 of the content key distribution device 120 acquires the terminal ID “1101” sent from the terminal 13 and transmits it to the verification unit 126 (step S41), and the verification unit 126 receives the terminal transmitted from the terminal 13. It is determined whether or not the ID “1101” is included in the individual information of the TRL (step S221). Since the individual information includes only the ID “0001”, the terminal ID “1101” is included in the group information. The logical product with the mask data “1100” is obtained (step S223).

  The logical product obtained in step S223 is “1100”, and the collation unit 126 determines whether or not the obtained bit string “1100” matches the ID “1100” (step S224). Then, it is determined that the terminal ID acquired from the terminal is the ID of the invalidated terminal (step S222), and as a result (step S43), the encrypted content key transmitting unit 128 is notified that the error message should be transmitted. In response, the encrypted content key transmission unit 128 transmits an error message to the terminal 13 (step S47).

  Next, assuming the case where a transmission request including the terminal ID “0010” is sent from the terminal 2 holding the decryption key DK2 to the content key distribution apparatus 120 under the same assumption, the specifics of the content key distribution apparatus 120 A typical operation will be described.

  The transmission request reception unit 125 of the content key distribution device 120 acquires the terminal ID “0010” sent from the terminal 2 and transmits it to the collation unit 126 (step S41), and the collation unit 126 receives the terminal sent from the terminal 2. It is determined whether or not the ID “0010” is included in the TRL individual information (step S221), but since the individual information includes only the ID “0001”, the terminal ID “0010” is included in the group information. The logical product with the mask data “1100” is obtained (step S223).

  The logical product thus obtained is “0000”, and the collation unit 126 determines whether or not the obtained bit string “0000” and the ID “1100” match (step S224). The logical product of the terminal ID “0010” sent from the terminal and the mask data “1110” in the group information is obtained (steps S225 and S223).

  The logical product thus obtained is “0010”, and the collation unit 126 determines whether or not the obtained bit string “0010” and the ID “0110” match (step S224). Since there is no mask data in the group information (step S225), it is determined that the terminal ID “0010” acquired from the terminal is not the terminal ID of the invalidated terminal (steps S226 and S43), and the terminal ID “0010” is This is transmitted to the encryption unit 127.

  In response to this, the encryption unit 127 extracts the encryption key EK2 (see FIG. 4) corresponding to “0010” from the encryption key group storage unit 124 and uses it, thereby being stored in the content key storage unit 123. The encrypted content key is encrypted (step S45), and the resulting encrypted content key is transmitted to the encrypted content key transmission unit 128.

When the encrypted content key is transmitted, the encrypted content key transmission unit 128 transmits the encrypted content key to the terminal 2 (step S46). Accordingly, the terminal 2 that has acquired the encrypted content key can decrypt the content key by using the decryption key DK2 held therein.
<Embodiment 2>
The content key distribution system according to the second embodiment will be described below.

  The content key distribution system according to the second embodiment has basically the same system configuration as the content key distribution system 100 shown in the first embodiment, and basically performs the same system operation. Therefore, each device is indicated by using the reference numerals attached in FIG. 1 and the like, and the description of the parts equivalent to those in Embodiment 1 is omitted.

  However, in Embodiment 2, the data structure of the terminal ID is determined to be special, and the data structure of TRL is different from that in Embodiment 1. Therefore, the management apparatus 110 performs a TRL data generation process that is different from the TRL data generation process described in the first embodiment, and the content key distribution apparatus 120 has a TRL that is different from the TRL verification process illustrated in the first embodiment. Perform verification processing.

<Terminal ID>
FIG. 12 is a diagram illustrating a data configuration of the terminal ID in the second embodiment.

  This figure shows a configuration example in which the terminal ID is 128 bits so that the number of terminals in the content key distribution system can correspond to hundreds of millions or more.

  The terminal ID includes a 32-bit manufacturer ID field 301, a 32-bit product ID field 302, a 32-bit product version ID field 303, and a 32-bit serial number field 304.

  Here, the manufacturer ID field 301 stores a manufacturer ID for identifying each manufacturer that manufactures the content reproduction apparatus.

  The product ID field 302 stores a product ID for identifying each product in the manufacturer determined by the manufacturer ID.

  The product version ID field 303 stores a product version ID indicating a version number or the like that is changed every time the product is determined by the product ID.

  The serial number field 304 stores a serial number assigned to each product.

<Structure of TRL>
FIG. 13 is a diagram illustrating a data structure of the TRL in the second embodiment.

  The figure shows an example of the data structure of TRL corresponding to the case where the number of terminals is several hundred million or more.

  As shown in the figure, the TRL includes 8-bit version information 310, 128-bit issuer information 320, 128-bit invalidated terminal number 330, terminal ID related information 340, and 320-bit signature information 350. It consists of.

  The version information 310 is information indicating the version number of the TRL. For example, each time a TRL having a different content is newly generated, the version number is changed.

  The issuer information 320 is information indicating a TRL issuer such as a management device.

  The number of invalidated terminals 330 is the number of invalidated terminals.

  The terminal ID related information 340 includes one or a plurality of sets of a 128-bit ID 342 and an 8-bit mask bit 343, and includes an entry number 341 indicating the number. If the number of sets is N, the value indicated by the entry number 341 is N.

  Here, the mask bit 343 takes values from 1 to 128. Assuming that the value of the mask bit 343 is X, mask data in a format in which the upper X bits of the 128-bit string are “1” and the remaining lower bits are all “0” if there are remaining lower bits. Can be derived.

  The ID 342 paired with the mask bit 343 is useful only for the content of the number of bit digits of the value indicated by the mask bit 343 from the upper part of the 128-bit bit string constituting this, and the other values are For example, the data is in a format of “0”.

  By the combination of the ID 342 and the mask bit 343, all the terminal IDs whose upper X bits represented by the value X of the mask bit 343 match the value of the ID 342, that is, 2 (128−X) powers. Indicates the terminal ID of the invalidated terminal.

  The signature information 350 is a so-called digital signature created reflecting the entire version information 310, issuer information 320, invalidated terminal number 330, and terminal ID related information 340.

<Data generation processing for TRL>
FIG. 14 is a flowchart illustrating a TRL data generation process that is a part of the TRL generation and transmission process performed by the management apparatus 110 according to the second embodiment.

  Here, the terminal ID is described as being N bits. N is, for example, 128 bits.

  In the management apparatus 110, the TRL generation unit 112 performs a TRL data generation process after acquiring the terminal ID group for the invalidated terminal from the invalidated terminal ID group acquisition unit 111 (see FIG. 5).

  First, the TRL generation unit 112 stores the acquired terminal ID group in a work ID area that is an area of a storage medium such as a memory (step S301), and a work bit area that is an area of the storage medium such as a memory. 1 bit data “0” and “1” are stored (step S302), and variable X is set to 1 (step S303).

  Subsequently, the TRL generation unit 112 pays attention to one of the X-bit bit data that has not been noticed in the work bit area (step S304), and among the terminal IDs stored in the work ID area, The number of items satisfying the condition that the X bit matches the bit data under consideration is counted (step S305).

  As a result of step S305, when the count number becomes (N−X) power of 2 (step S306), the TRL generation unit 112 deletes the terminal ID satisfying the condition in step S305 from the work ID area. (Step S307) For the terminal ID satisfying the condition, the value of the variable X is set as the mask bit, and the upper X bits are made the same as the bit data of interest and the other bits are set to “0”. Using the bit string as an ID, the mask bit and the ID are stored as a set in an area of a storage medium such as a memory (step S308), and the determination in step S309 is performed.

  When the count number is 0 or 1 as a result of step S305 (step S306), the TRL generation unit 112 skips steps S307 and S308 and performs the determination of step S309.

  Further, when the result of step S305 is that the count is not the power of (N−X), 0, or 1 (step S306), the TRL generating unit 112 selects the terminal ID satisfying the condition in step S305. If there are two or more X + 1 bits with “0” from the upper bit, the bit data formed by adding “0” of one bit to the lower bit of the bit data of interest is stored in the work bit area. (Step S310) If there are two or more terminal IDs satisfying the condition, those having an X + 1 bit of “1” from the upper order are present by adding “1” of 1 bit to the lower order of the bit data of interest. The bit data to be processed is stored in the working bit area (step S311), and the determination in step S309 is performed.

  In step S309, the TRL generation unit 112 determines whether or not unfocused X-bit bit data exists, and if unfocused X-bit bit data still exists, the process returns to step S304 to return to the next bit data. If there is no unfocused X-bit bit data, the variable X is incremented by 1 (step S312), and it is determined whether the variable X is equal to N (step S313).

  If the TRL generation unit 112 determines in step S313 that the variable X is not equal to N, the process returns to step S304 and performs processing while paying attention to the next bit data, and determines that the variable X is equal to N. In this case, if there are terminal IDs remaining in the work ID area, all the terminal IDs are stored in one area of a storage medium such as a memory, with N being a mask bit and the terminal ID as a set. (Step S314) Thus, the TRL data generation process is terminated.

  In the second embodiment, the construction of the TRL shown in step S23 of FIG. 5 is performed by using one or a plurality of IDs and mask bits stored in one area of the storage medium by the TRL data generation process described above. This is executed by adding the number of entries to the set, and adding the version, issuer information, number of invalidated terminals, and signature information.

  FIG. 15 is a diagram illustrating an example of the contents of a TRL.

  In this figure, the contents of the TRL include the data items shown in FIG. 13 as items, the terminal ID is a 4-bit bit string, and the mask bits are 2-bit data representing 1 to 4. Is shown.

  Note that the terminal IDs of all invalidation terminals represented by the terminal ID related information illustrated in FIG. 15 are the same as the terminal IDs of all invalidation terminals represented by the terminal ID related information illustrated in FIG.

<TRL verification process>
FIG. 16 is a flowchart showing a TRL verification process that is a part of the content key distribution process performed by the content key distribution apparatus 120 according to the second embodiment.

  The collation unit 126 of the content key distribution apparatus 120 performs this TRL collation process every time the terminal ID transmitted from the terminal is obtained from the transmission request reception unit 125.

  The collation unit 126 checks whether the terminal ID sent from the terminal matches the terminal ID represented by one of the ID and mask bits in the terminal ID related information of the TRL (step S321). ~ S324).

  That is, the collation unit 126 focuses on one unfocused mask bit in the TRL, derives mask data corresponding to the value of the mask bit as described above (step S321), and is sent from the terminal. The logical product for each bit of the obtained terminal ID and the derived mask data is obtained (step S322), and it is determined whether or not the obtained logical product matches the ID 342 paired with the mask bit 343 under consideration. (Step S323) If they match, it is determined that the terminal ID acquired from the terminal is the terminal ID of the invalidated terminal (Step S326), and the TRL matching process is terminated.

  If they do not match in step S323, the collation unit 126 determines whether or not the processing in steps S321 to S323 has been performed by paying attention to all the mask bits 343 in the TRL (step S324), and all masks are used. If the processing is not performed focusing on the bit 343, the process returns to step S321 to perform the processing focusing on the unfocused mask bit.

  If it is determined in step S324 that all the mask bits have been processed, the collation unit 126 determines that the terminal ID acquired from the terminal is not the terminal ID of the invalidated terminal (step S325), and TRL collation The process ends.

<Discussion>
In the content key distribution system shown in the second embodiment, since the terminal ID has a data structure as shown in FIG. 12, any content playback device mounted on a specific version of a product manufactured by a certain manufacturer is invalidated. In such a case, the management device generates a TRL that specifies all of a group of content playback devices that differ only in the content of the serial number field of the terminal ID held in the device with a small amount of data, and the content It can be transmitted to the key distribution device.

The TRL, for example, sets the value of the mask bit 343 to 96, specifies the version of the product of the manufacturer of the ID 342, and sets only one set of bit strings in which the serial number is 0. The terminal ID related information Will be included.
<Embodiment 3>
The content key distribution system according to Embodiment 3 will be described below.

  The content key distribution system according to the third embodiment has basically the same system configuration as the content key distribution system 100 shown in the first embodiment, and basically performs the same system operation. Therefore, each device is indicated by using the reference numerals attached in FIG. 1 and the like, and the description of the parts equivalent to those in Embodiment 1 is omitted.

  However, in the third embodiment, the data structure of the terminal ID is the same as that shown in the second embodiment, and the data structure of the TRL is different from that in the first embodiment and is slightly different from the TRL in the second embodiment. The data item is added. Therefore, the management apparatus 110 performs a TRL data generation process that is slightly different from the TRL data generation process described in the second embodiment, and the content key distribution apparatus 120 is slightly different from the TRL collation process described in the second embodiment. A different TRL matching process is performed.

<Structure of TRL>
FIG. 17 is a diagram illustrating a data structure of the TRL in the third embodiment.

  The figure shows an example of the data structure of TRL corresponding to the case where the number of terminals is several hundred million or more.

  As shown in the figure, the TRL includes 8-bit version information 410, 128-bit issuer information 420, 128-bit invalidated terminal number 430, terminal ID related information 440, and 320-bit signature information 450. It consists of.

  Version information 410, issuer information 420, and invalidation terminal number 430 are the same as version information 310, issuer information 320, and invalidation terminal number 330 described in the second embodiment.

  The terminal ID related information 440 includes one or a plurality of sets of a 128-bit ID 442 and an 8-bit mask bit 443, and the number of entries 441 indicating the number is shown in the second embodiment. The terminal ID related information 340 is the same as the terminal ID related information 340, but includes one or a plurality of 128-bit exception IDs 445, and an exception entry number 444 indicating the number. If the number of exception IDs is M, the value indicated by the exception entry number 444 is M.

  Here, the exception ID 445 is a terminal ID of a terminal that is not an invalidated terminal.

  In this terminal ID related information 440, terminal IDs of a plurality of terminals are comprehensively expressed by a set of ID442 and masking bit 443, but the terminal ID expressed by the set is not an invalidated terminal ID. It is indicated by an exception ID 445.

  Therefore, according to the terminal ID related information 440, for example, when the terminal ID is 4 bits and the terminals 0 to 15 are assumed as terminals, the other terminals 8 to 15 excluding the terminal 10 are invalidated. In the case of a terminal, the content of the terminal ID related information is a set of an ID 442 of “1000” and a mask bit 443 having a value of 1 and an exception ID of “1010”.

  The signature information 450 is a so-called digital signature created by reflecting the version information 410, the issuer information 420, the number of invalidated terminals 430, and the terminal ID related information 440 as a whole.

<Data generation processing for TRL>
FIG. 18 is a flowchart illustrating a TRL data generation process that is a part of the TRL generation and transmission process performed by the management apparatus 110 according to the third embodiment.

  Here, the terminal ID is described as being N bits. N is, for example, 128 bits.

  In the management apparatus 110, the TRL generation unit 112 performs a TRL data generation process after acquiring the terminal ID group for the invalidated terminal from the invalidated terminal ID group acquisition unit 111 (see FIG. 5).

  First, the TRL generation unit 112 stores the acquired terminal ID group in a work ID area that is one area of a storage medium such as a memory (step S401), and among the terminal IDs, terminal IDs that differ only in the least significant bit. Is not present in the work ID area, a terminal ID that differs only in the least significant bit is generated and stored in the work ID area, and the generated terminal ID is stored as an exception ID (step S402).

  Subsequently, the TRL generation unit 112 stores two pieces of 1-bit bit data “0” and “1” in a working bit area that is one area of a storage medium such as a memory (step S403), and a variable X Is set to 1 (step S404).

  Subsequent to step S404, the TRL generation unit 112 pays attention to one of unfocused X-bit bit data in the work bit area (step S405), and stores the terminal ID stored in the work ID area. Among them, the number of those satisfying the condition that the upper X bits coincide with the bit data of interest is counted (step S406).

  As a result of step S406, when the count number becomes (N−X) power of 2 (step S407), the TRL generation unit 112 deletes the terminal ID satisfying the condition in step S406 from the work ID area. (Step S408) For the terminal ID satisfying the condition, the value of the variable X is used as a mask bit, and the upper X bits are made the same as the bit data being focused on and the other bits are set to “0”. Using the bit string as an ID, the mask bit and the ID are stored as a set in one area of a storage medium such as a memory (step S409), and the determination in step S410 is performed.

  If the result of step S406 is that the count is not a power of 2 (N−X) (step S407), the TRL generating unit 112 determines that the X + 1-th bit from the top of the terminal IDs satisfying the condition in step S406 is If there are two or more “0” s, the bit data formed by adding “0” of 1 bit to the lower order of the bit data of interest is stored in the working bit area (step S411), and the condition If there are two or more terminal IDs satisfying the above, the X + 1 bit from the top is “1”, the bit data formed by adding “1” of 1 bit to the bottom of the bit data of interest The data is stored in the bit area (step S412), and the determination in step S410 is performed.

  In step S410, the TRL generation unit 112 determines whether or not unfocused X-bit bit data exists, and if unfocused X-bit bit data still exists, the process returns to step S405 to return to the next bit data. If there is no unfocused X-bit bit data, the variable X is incremented by 1 (step S413), and it is determined whether the variable X is equal to N (step S414).

  If the TRL generation unit 112 determines in step S414 that the variable X is not equal to N, the process returns to step S405 and performs processing while paying attention to the next bit data, and determines that the variable X is equal to N. In this case, the TRL data generation process is terminated.

  In the third embodiment, the construction of the TRL shown in step S23 of FIG. 5 is performed by using one or a plurality of IDs and mask bits stored in one area of the storage medium by the TRL data generation process described above. This is executed by adding the number of entries to the pair, the number of entries added to the exception ID, and the version, issuer information, number of invalidated terminals, and signature information.

<TRL verification process>
FIG. 19 is a flowchart showing a TRL verification process that is a part of the content key distribution process performed by the content key distribution apparatus 120 according to the third embodiment.

  The collation unit 126 of the content key distribution apparatus 120 performs this TRL collation process every time the terminal ID transmitted from the terminal is obtained from the transmission request reception unit 125.

  The collation unit 126 checks whether the terminal ID sent from the terminal matches the terminal ID represented by any of the set of ID and mask bit in the terminal ID related information of the TRL (step S421). ~ S424).

  That is, the collation unit 126 focuses on one unfocused mask bit in the TRL, derives the mask data corresponding to the value of the mask bit as described above (step S421), and is sent from the terminal. A logical product for each bit of the obtained terminal ID and the derived mask data is obtained (step S422), and it is determined whether or not the obtained logical product matches the ID 442 paired with the mask bit 443 under consideration. (Step S423).

  If they match as a result of the determination in step S423, the collation unit 126 checks whether the terminal ID sent from the terminal matches any of the exception IDs in the TRL (step S426), and any of the exception IDs If they do not match, it is determined that the terminal ID acquired from the terminal is the terminal ID of the invalidated terminal (step S427), and the TRL matching process is terminated. If it is determined as a result of the inspection in step S426 that any of the exception IDs matches, the collation unit 126 determines that the terminal ID acquired from the terminal is not the terminal ID of the invalidated terminal (step S425), and performs the TRL collation process. Exit.

  In step S423, if the obtained logical product does not match the ID 442 paired with the mask bit 443 under consideration, the collation unit 126 pays attention to all the mask bits 443 in the TRL and performs steps S421 through S421. It is determined whether or not the process of S423 has been performed (step S424), and if the process is not performed paying attention to all the mask bits 443, the process returns to step S421 and the process is performed focusing on the unfocused mask bits. .

  If it is determined in step S424 that all the mask bits have been processed, the collation unit 126 determines that the terminal ID acquired from the terminal is not the terminal ID of the invalidated terminal (step S425), and TRL collation The process ends.

<Discussion>
According to the content key distribution system shown in the third embodiment, for example, several of the dozens of terminals having consecutive serial numbers where the bit string having some number of digits above the terminal ID has the same value. In the case where all other than the above are invalidation terminals, the ID including the bit string having the same value is set as the ID in the terminal ID related information of the TRL, and the value indicating the number of digits of the part having the same value is Since it is possible to specify the invalidated terminal by the TRL that is defined as a mask bit that forms a pair with the ID, and the terminal IDs for the several units are defined as exception IDs in the terminal ID related information, the data amount of the TRL is It becomes possible to suppress it little.
<Embodiment 4>
The content key distribution system according to Embodiment 4 will be described below.

  FIG. 20 is a configuration diagram of a content key distribution system according to Embodiment 4 of the present invention.

  The management device 110 in the content key distribution system 100 shown in the first embodiment transmits the TRL to the content key distribution device 120 through the communication channel, whereas the content key according to the fourth embodiment In the distribution system 500, the management apparatus 510 records the TRL on a recording medium 501 such as a magneto-optical disk, and the content key distribution apparatus 520 reads the TRL from the recording medium 501.

  20, components that are basically equivalent to the components shown in Embodiment 1 (see FIG. 1) are denoted by the same reference numerals, and the components are not described in detail here.

  The management device 510 is, for example, a computer or the like installed in an organization that conducts business related to the protection of the copyright of the content, and the copyright etc. when the decryption key stored in each terminal 130 is exposed. A TRL containing mainly information for identifying all terminals that are in a situation where protection of the contents cannot be achieved, that is, all terminals that should not be the distribution destination of the encrypted content key, is recorded on the recording medium. The revocation terminal ID group acquisition unit 111, the TRL generation unit 112, and the TRL recording unit 513 can be mounted, and a recording medium 501 such as a magneto-optical disk can be mounted.

  Here, the TRL generation unit 112 generates a TRL mainly including information for specifying the invalidation terminal based on each terminal ID given from the invalidation terminal ID group acquisition unit 111 and transmits the TRL to the TRL recording unit 513. It has a function.

  The TRL recording unit 513 has a function of recording the TRL transmitted from the TRL generation unit 112 on the recording medium 501 mounted on the management apparatus 510.

  The management apparatus 510 performs a TRL generation / transmission process in which the step S24 shown in FIG. 5 is replaced with a process for recording the TRL on a recording medium.

  The recording medium 501 on which the TRL is recorded by the management apparatus 510 is delivered to the content key distribution apparatus 520 by hand. For example, every time a TRL having new contents is generated, the TRL is recorded on a recording medium and delivered to the content key distribution apparatus.

  The content key distribution apparatus 520 receives the encrypted content key transmission request from each terminal and transmits the encrypted content key to the terminal only when the terminal is not an invalidated terminal. Functionally, the TRL storage unit 121, the TRL reading unit 522, the content key storage unit 123, the encryption key group storage unit 124, the transmission request reception unit 125, the verification unit 126, the encryption unit 127, and An encrypted content key transmission unit 128 is provided, and a recording medium 501 such as a magneto-optical disk can be mounted.

  Here, the TRL reading unit 522 has a function of reading the TRL from the recording medium 501 attached to the content key distribution device 520 and storing it in the TRL storage unit 121.

  Therefore, in the content key distribution system 500, even when the management device 510 and the content key distribution device 520 are not connected via a communication path, TRL transmission is realized via the recording medium.

The TRL used in the fourth embodiment may be the one shown in any of the first to third embodiments, and the content key distribution apparatus performs a TRL matching process according to the structure of the TRL. do it.
<Supplement>
As described above, the cryptographic communication system according to the present invention has been described with reference to the first to fourth embodiments applied as a content key distribution system. However, the present invention is not limited to such an embodiment. That is,
(1) In the first to third embodiments, a communication path for distributing TRL between the management device and the content key distribution device is shown. In the fourth embodiment, a recording medium used for TRL delivery is shown. The TRL may be transmitted between the management device and the content key distribution device by using a communication path and a recording medium together. For example, the TRL may be delivered from the management device to another communication device using a recording medium, and the TRL may be delivered from the communication device to the content key distribution device through a communication path.
(2) The content reproduction device shown in each embodiment does not necessarily have to obtain the encrypted content in advance and then send a transmission request to the content key distribution device. For example, after acquiring the content key Alternatively, the encrypted content may be obtained and played back.
(3) The content reproduction device shown in each embodiment holds a terminal ID unique to the device and a decryption key unique to the device, and the content key distribution device encrypts all decryption keys. However, the content playback device has a plurality of decryption keys, and includes a decryption key ID for identifying each decryption key in a transmission request and sends it to the content key distribution device. The content key distribution device holds the encryption key corresponding to all the decryption keys in association with the decryption key ID, and reproduces the content key using the encryption key corresponding to the sent decryption key ID. It is good also as transmitting to an apparatus. In this case, instead of the terminal ID of the invalidated terminal, the decryption key ID corresponding to the decryption key to be invalidated is specified by the TRL terminal ID related information shown in each embodiment, and the TRL What is necessary is just to make decryption key ID into collation object instead of terminal ID in collation processing etc.

Note that the decryption key and the decryption key ID may be recorded on an IC card that can be attached to and detached from the content playback apparatus.
(4) In the first to third embodiments, the TRL generation unit 112 of the management apparatus automatically generates the TRL by the TRL data generation process (FIGS. 10, 14, and 18) and the like. The algorithm for generating the related information is not limited to this. In addition, the TRL may be generated in response to an input operation by an operator or the like, or the TRL generated in the external apparatus is acquired in the management apparatus, and then the TRL transmitting unit 113 distributes the TRL. It is good.

Also, there may be a plurality of management devices in the content key distribution system, and the TRL may be transmitted from one management device to another management device. In addition, when the content key distribution apparatus issues a request to the management apparatus, the management apparatus may transmit the TRL, and the content key distribution apparatus periodically or when there is a transmission request from the terminal. May be requested to the management apparatus.
(5) The data structure of the terminal ID shown in Embodiment 2 is not necessarily the contents shown in FIG. However, by including a bit string representing the manufacturer, product, etc. in the terminal ID, it is possible to reduce the amount of TRL data when all terminals manufactured by a certain manufacturer are invalidated terminals. Become.

In the second embodiment, an example in which the terminal ID is defined as representing the manufacturer ID in the upper bit string is shown. However, the lower bit string in the terminal ID is defined as the terminal ID representing the manufacturer ID. Alternatively, the terminal ID may be defined with the bit string between the upper and lower levels in the terminal ID representing the manufacturer ID.
(6) The mask bits in the terminal ID related information of the TRL shown in the second embodiment are fixed length data such as 8 bits. However, as variable length data, pair with information indicating the data length. It is good also to leave.
(7) Regarding the terminal ID related information obtained as a result of the TRL data generation process shown in the third embodiment, when the terminal ID is 128 bits, the ID and mask with the least significant bit set to 0 from the exception ID When a set indicating the value of 127 for the terminal bit is present in the terminal ID related information, the set bit and the exception ID are deleted, and the least significant bit of the exception ID is inverted as a mask bit. A set of 128 may be added to the terminal ID related information.

In the third embodiment, each exception ID represents one terminal ID, but instead of the exception ID shown in FIG. 17, one or a plurality of pairs of exception IDs and exception mask bits are used. Included exception group information may be included in the terminal ID related information of the TRL. That is, all of the terminal ID groups indicated by all the combinations of ID442 and mask bits, excluding the terminal ID groups indicated by all of the combinations of the exception ID and exception mask bits, are all invalid. The terminal ID related information may be configured to be the terminal ID of the integrated terminal.
(8) In the first to fourth embodiments, an example in which the cryptographic communication system according to the present invention is applied to a content key distribution system has been shown. As long as it is a communication system that determines whether or not to execute some communication process according to the determination result, the content of the communication process is not limited to the transmission of the encrypted content key. For example, it is possible to determine whether or not to execute processing for receiving important data sent from the terminal side by performing encryption unique to the terminal, according to the determination result as to whether or not the terminal is invalidated.
(9) The processing procedure of the content key distribution system shown in the first to third embodiments (the procedure shown in FIGS. 5 to 7, FIG. 10, FIG. 11, FIG. 14, FIG. 16, FIG. 18, FIG. 19, etc.) A computer program to be executed by a computer or the like can be recorded on a recording medium or distributed and distributed via various communication paths. Examples of such a recording medium include an IC card, an optical disk, a flexible disk, and a ROM. The computer program distributed and distributed is used by being installed in a computer or the like, and the computer or the like executes the computer program to perform various processes as shown in the first to third embodiments. Will be able to.

  The cryptographic communication system according to the present invention can be used to perform services related to cryptographic communication such as encrypting and distributing content keys only to appropriate terminal devices excluding some terminal devices to be invalidated. .

It is a block diagram of the content key distribution system which concerns on Embodiment 1 of this invention. It is a figure which shows terminal ID and the decryption key which each terminal has memorize | stored. It is a conceptual diagram which shows the determination method of the value of terminal ID which each terminal hold | maintains. 6 is a diagram showing an example of the content of data stored in an encryption key group storage unit 124 of the content key distribution apparatus 120. FIG. It is a flowchart which shows the TRL production | generation transmission process which the management apparatus 110 performs. It is a flowchart which shows the content reproduction process which the content reproduction apparatus 130 performs. It is a flowchart which shows the content key delivery process which the content key delivery apparatus 120 performs. 3 is a diagram illustrating a data structure of a TRL in Embodiment 1. FIG. It is a figure which shows the example of the content of TRL. 6 is a flowchart illustrating a TRL data generation process that is a part of the TRL generation and transmission process performed by the management apparatus 110 according to the first embodiment. 6 is a flowchart showing a TRL verification process that is a part of the content key distribution process performed by the content key distribution apparatus 120 according to the first embodiment. FIG. 10 is a diagram showing a data configuration of a terminal ID in the second embodiment. 6 is a diagram illustrating a data structure of a TRL in Embodiment 2. FIG. 10 is a flowchart illustrating a TRL data generation process that is a part of the TRL generation and transmission process performed by the management apparatus 110 according to the second embodiment. It is a figure which shows the example of the content of TRL. 10 is a flowchart showing a TRL verification process that is a part of the content key distribution process performed by the content key distribution apparatus 120 according to the second embodiment. FIG. 10 is a diagram illustrating a data structure of a TRL in a third embodiment. 10 is a flowchart illustrating a TRL data generation process that is a part of the TRL generation and transmission process performed by the management apparatus 110 according to the third embodiment. 10 is a flowchart illustrating a TRL verification process that is a part of a content key distribution process performed by the content key distribution apparatus 120 according to the third embodiment. It is a block diagram of the content key distribution system which concerns on Embodiment 4 of this invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 100 Content key distribution system 101 Communication path 110 Management apparatus 111 Invalidation terminal ID group acquisition part 112 TRL generation part 113 TRL transmission part 120 Content key distribution apparatus 121 TRL storage part 122 TRL reception part 123 Content key storage part 124 Encryption key group Storage unit 125 Transmission request reception unit 126 Verification unit 127 Encryption unit 128 Encrypted content key transmission unit 130 Content playback device (terminal)
131 Terminal ID storage unit 132 Decryption key storage unit 133 Encrypted content storage unit 134 Request transmission unit 135 Encrypted content key reception unit 136 Decryption unit 137 Playback unit 500 Content key distribution system 501 Recording medium 510 Management device 513 TRL recording unit 520 Content Key distribution device 522 TRL reading unit

Claims (36)

One or more as specifying a plurality of terminal devices having a function of transmitting a cryptographic communication device and a terminal identifier comprising a bit string of a predetermined number of bits capable of identifying the terminal device to the cryptographic communication device, and a terminal device to be invalidated And a management device that generates invalidated terminal specifying information indicating the terminal identifier of
The management device
The invalidated terminal specifying information is generated using a data format that comprehensively expresses all terminal identifiers having the same part as the value by the information specifying the part of the bit string of the predetermined number of bits. Invalidation terminal specific information generation means;
Output means for outputting the generated invalidated terminal specifying information,
The encryption communication device is:
Invalidation terminal identification information acquisition means for acquiring the invalidation terminal identification information output by the management device;
Terminal identifier receiving means for receiving the terminal identifier when the terminal identifier is transmitted from the terminal device;
Determining means for determining whether or not the terminal identifier received by the terminal identifier receiving means matches any terminal identifier indicated by the invalidated terminal specifying information as specifying a terminal device to be invalidated;
If it is determined by the determining means that the received terminal identifier does not match any terminal identifier indicated by the invalidated terminal specifying information, the terminal is connected to the terminal device that has transmitted the terminal identifier. When predetermined communication is performed by performing encryption unique to the device, while the determination unit determines that the received terminal identifier matches any of the terminal identifiers indicated by the invalidated terminal identification information The communication system includes a communication unit that does not perform the predetermined communication with the terminal device that has transmitted the terminal identifier. The invalidated terminal specifying information generated by the invalidated terminal specifying information generating means is:
Including one or more sets of value information indicating a value of a part in a bit string of a predetermined number of bits and position information for specifying a bit position of the part in the bit string,
All terminals in which a partial bit string in a terminal identifier and a partial bit string located at a bit position specified by each position information is the same as a value indicated by value information corresponding to the position information Information that identifies all of the terminal devices identified by the identifiers as terminal devices to be invalidated,
The determination means includes
For each piece of position information included in the invalidated terminal specifying information, the value of the partial bit string located at the bit position specified by the position information in the terminal identifier received by the terminal identifier receiving unit is the position information. Check whether it matches the value indicated by the value information corresponding to
If it matches even once in the inspection, it is determined that the received terminal identifier matches with any terminal identifier indicated by the invalidated terminal specifying information as specifying the terminal device to be invalidated. The cryptographic communication system according to claim 1, wherein: The invalidated terminal specifying information generated by the invalidated terminal specifying information generating means is:
Including one or more sets of representative value information, which is a bit string having a predetermined number of bits, and a mask flag having a predetermined number of bits,
A terminal identified by each of all terminal identifiers having the same value as the value of the portion in the representative value information corresponding to the mask flag, in the portion of the terminal identifier where the bit value of each mask flag is 1 Information that identifies all of the devices as terminal devices to be invalidated,
The determination means includes
For each mask flag included in the invalidated terminal specifying information, a logical product of the terminal identifier received by the terminal identifier receiving unit and the mask flag, representative value information corresponding to the mask flag, and the mask flag Check whether the logical product matches,
If it matches even once in the inspection, it is determined that the received terminal identifier matches with any terminal identifier indicated by the invalidated terminal specifying information as specifying the terminal device to be invalidated. The cryptographic communication system according to claim 1, wherein: The invalidated terminal specifying information generating means generates the invalidated terminal specifying information including isolated value information of a predetermined number of bits,
The invalidated terminal specifying information is information that further specifies a terminal identifier having the same value as the isolated value information as a terminal device to be invalidated,
The determination means further includes
Even when the terminal identifier received by the terminal identifier receiving means matches the isolated value information included in the invalidated terminal specifying information, the received terminal identifier specifies the terminal device to be invalidated. The cryptographic communication system according to claim 3, wherein it is determined that the terminal identifier matches any one of the terminal identifiers indicated by the invalidated terminal specifying information. The invalidated terminal specifying information generated by the invalidated terminal specifying information generating means is:
Including one or more sets of associated upper significant digit information indicating the number of bit digits and value information indicating the value of the bit string corresponding to the number of bit digits,
The value of the bit string for the number of bit digits indicated by each effective high-order digit information from the most significant bit in the terminal identifier is the same as the value indicated by the value information corresponding to the effective high-order digit information. Information that identifies all of the identified terminal devices as terminal devices to be invalidated,
The determination means includes
For each valid high-order digit information included in the invalidated terminal specifying information, a bit string value corresponding to the number of bit digits indicated by the valid high-order digit information from the most significant bit in the terminal identifier received by the terminal identifier receiving means is , Check whether it matches the value indicated by the value information corresponding to the effective high-order digit information,
If it matches even once in the inspection, it is determined that the received terminal identifier matches with any terminal identifier indicated by the invalidated terminal specifying information as specifying the terminal device to be invalidated. The cryptographic communication system according to claim 1, wherein: The management device has terminal identifier acquisition means for acquiring terminal identifiers of all terminal devices to be invalidated,
When the predetermined number of bits is N, the invalidated terminal specifying information generating means has 2 terminal identifiers having the same X-bit value from the most significant bit among the terminal identifiers acquired by the terminal identifier acquiring means. 1 or more of X values that satisfy the condition of (N−X) to the power of (N−X), and for each X value, 2 (N−X) power terminal identifiers according to the condition are represented by a bit digit of X The invalidated terminal specifying information is generated using a data format comprehensively represented by the valid high-order digit information indicating the number and the value information indicating the value of the bit string from the most significant bit to the X bit portion of the terminal identifier. The cryptographic communication system according to claim 5, wherein: Each of the terminal devices is manufactured by one of a plurality of manufacturers,
7. The cryptographic communication system according to claim 6, wherein each terminal identifier for identifying each terminal apparatus indicates a manufacturer of the terminal apparatus by a bit string having a predetermined number of bits from the most significant bit in the terminal identifier. Each terminal identifier for identifying each terminal device is a predetermined number of high-order bit strings following the bit string indicating the manufacturer in the terminal identifier, and indicates what type of product the terminal apparatus belongs to. The cryptographic communication system according to claim 7. Each of the plurality of terminal devices has a unique decryption key, and can further store encrypted content, which is content encrypted with a content key, within the terminal device.
The output means performs the output by transmitting the invalidated terminal specifying information to the encryption communication device,
The encryption communication device is:
An encryption key storage means for storing an encryption key corresponding to the decryption keys of all the terminal devices;
Content key storage means for storing the content key;
The invalidated terminal specifying information acquisition means performs the acquisition by receiving the invalidated terminal specifying information transmitted by the output means,
When the determination unit determines that the received terminal identifier does not match any terminal identifier indicated by the invalidated terminal specifying information, the communication unit transmits the terminal identifier to the terminal device that has transmitted the terminal identifier. And encrypting and transmitting the content key using an encryption key corresponding to the decryption key of the terminal device,
The terminal device
Decryption means for decrypting the encrypted content key transmitted from the encryption communication device using the decryption key unique to the terminal device;
And a reproducing unit that decrypts and reproduces the encrypted content using the content key decrypted by the decrypting unit when the encrypted content is stored in the terminal device. 8. The cryptographic communication system according to 7. The invalidated terminal specifying information generated by the invalidated terminal specifying information generating means is:
Including one or more values of a part of a bit string of a predetermined number of bits and comprehensive information specifying the part, and including one or more exception information of a predetermined number of bits,
Of the part in the terminal identifier, the part specified by each comprehensive information is the same as the value specified by the comprehensive information, except for the terminal identifier that is the same value as each exception information. It is information that identifies all as terminal devices to be invalidated,
The determination means includes
It is checked whether the terminal identifier received by the terminal identifier receiving means matches the value specified by the comprehensive information in the part specified by any comprehensive information included in the invalidated terminal specifying information. ,
If they match in the inspection, the terminal identifier is a terminal device to be invalidated unless the received terminal identifier is equivalent to any exception information included in the invalidated terminal specifying information. The cryptographic communication system according to claim 1, wherein it is determined that it matches any one of the terminal identifiers indicated by the invalidated terminal specifying information as specified. The management device has terminal identifier acquisition means for acquiring terminal identifiers of all terminal devices to be invalidated,
When the predetermined number of bits is N, the invalidated terminal specifying information generating means
An N-bit bit string obtained by inverting only the least significant bit of one of the terminal identifiers acquired by the terminal identifier acquisition unit, and the value is not the same as any of the other terminal identifiers acquired by the terminal identifier acquisition unit A bit string that satisfies the condition is defined as the exception information, and the bit string is regarded as a terminal identifier.
Among the terminal identifiers acquired by the terminal identifier acquisition means and the regarded terminal identifiers, the condition is that the number of terminal identifiers having the same X-bit value from the most significant bit is 2 to the power of (N−X). One or more X values that satisfy the value of X and less than N are specified, and for each specified X value, the value of X and 2 (N−X) powers of the condition 11. The cipher communication system according to claim 10, wherein the invalidated terminal specifying information is generated by defining, as the comprehensive information, information specifying a bit string value of an X bit portion from the most significant bit of a terminal identifier. . Each of the terminal devices is manufactured by one of a plurality of manufacturers,
12. The cryptographic communication system according to claim 11, wherein each terminal identifier for identifying each terminal apparatus indicates a manufacturer of the terminal apparatus by a bit string having a predetermined number of bits from the most significant bit in the terminal identifier. Each of the plurality of terminal devices has a unique decryption key, and can further store encrypted content, which is content encrypted with a content key, within the terminal device.
The output means performs the output by transmitting the invalidated terminal specifying information to the encryption communication device,
The encryption communication device is:
An encryption key storage means for storing an encryption key corresponding to the decryption keys of all the terminal devices;
Content key storage means for storing the content key;
The invalidated terminal specifying information acquisition means performs the acquisition by receiving the invalidated terminal specifying information transmitted by the output means,
When the determination unit determines that the received terminal identifier does not match any terminal identifier indicated by the invalidated terminal specifying information, the communication unit transmits the terminal identifier to the terminal device that has transmitted the terminal identifier. And encrypting and transmitting the content key using an encryption key corresponding to the decryption key of the terminal device,
The terminal device
Decryption means for decrypting the encrypted content key transmitted from the encryption communication device using the decryption key unique to the terminal device;
And a reproducing unit that decrypts and reproduces the encrypted content using the content key decrypted by the decrypting unit when the encrypted content is stored in the terminal device. 12. The cryptographic communication system according to 12. Each of the terminal devices is manufactured by one of a plurality of manufacturers,
2. The cryptographic communication system according to claim 1, wherein each terminal identifier for identifying each terminal apparatus indicates a manufacturer of the terminal apparatus by a bit string in a predetermined range in the terminal identifier. Each of the plurality of terminal devices has a unique decryption key,
The encryption communication device has encryption key storage means for storing encryption keys corresponding to the decryption keys of all the terminal devices,
When the determination unit determines that the received terminal identifier does not match any terminal identifier indicated by the invalidated terminal specifying information, the communication unit transmits the terminal identifier to the terminal device that has transmitted the terminal identifier. Then, the communication data is encrypted and transmitted using the encryption key corresponding to the decryption key of the terminal device,
The encryption communication system according to claim 1, wherein the terminal device decrypts communication data transmitted from the encryption communication device using the decryption key unique to the terminal device. The output means performs the output by transmitting the invalidated terminal specifying information to the encryption communication device,
2. The cryptographic communication system according to claim 1, wherein the invalidated terminal specifying information acquisition unit performs the acquisition by receiving the invalidated terminal specifying information transmitted by the output unit. The output means includes a mounting unit to which a recording medium can be mounted, and performs the output by recording the invalidated terminal specifying information on the mounted recording medium,
2. The encryption according to claim 1, wherein the invalidation terminal specifying information acquisition unit is capable of mounting the recording medium, and performs the acquisition by reading the invalidation terminal specifying information from the mounted recording medium. Communications system. A management device that generates invalidated terminal specifying information indicating each terminal identifier of one or more terminal devices to be invalidated among terminal identifiers that are bit strings of a predetermined number of bits that can identify each of a plurality of terminal devices,
The invalidated terminal specifying information is generated using a data format that comprehensively expresses all terminal identifiers having the same part as the value by the information specifying the part of the bit string of the predetermined number of bits. Invalidation terminal specific information generation means;
An output unit that outputs the generated invalidated terminal specifying information. A management apparatus, comprising: The invalidated terminal specifying information generated by the invalidated terminal specifying information generating means is:
Including one or more sets of value information indicating a value of a part in a bit string of a predetermined number of bits and position information for specifying a bit position of the part in the bit string,
All terminals in which a partial bit string in a terminal identifier and a partial bit string located at a bit position specified by each position information is the same as a value indicated by value information corresponding to the position information The management device according to claim 18, wherein the management device is information that specifies all of the terminal devices identified by the identifiers as terminal devices to be invalidated. Each of the terminal devices is manufactured by one of a plurality of manufacturers,
20. The management apparatus according to claim 19, wherein each terminal identifier for identifying each terminal apparatus indicates a manufacturer of the terminal apparatus by a bit string in a predetermined range in the terminal identifier. An encryption communication device that performs communication with each terminal device that holds a terminal identifier that is a bit string of a predetermined number of bits that can identify the terminal device among a plurality of terminal devices,
The terminal device to be invalidated is configured by using a data format that comprehensively expresses all terminal identifiers in which the part is identical to the value by the information specifying the part value in the bit string of the predetermined number of bits. Invalidated terminal specifying information acquisition means for acquiring disabled terminal specifying information indicating each terminal identifier of one or more terminal devices as an external device,
A terminal identifier receiving means for receiving the terminal identifier when the terminal identifier held by the terminal device is transmitted from the terminal device;
Determining means for determining whether or not the terminal identifier received by the terminal identifier receiving means matches any terminal identifier indicated by the invalidated terminal specifying information as specifying a terminal device to be invalidated;
If it is determined by the determining means that the received terminal identifier does not match any terminal identifier indicated by the invalidated terminal specifying information, the terminal is connected to the terminal device that has transmitted the terminal identifier. When predetermined communication is performed by performing encryption unique to the device, and the received terminal identifier matches any of the terminal identifiers indicated by the invalidated terminal specifying information, An encryption communication device comprising: a communication unit that does not perform the predetermined communication with a terminal device that has transmitted the terminal identifier. The invalidated terminal specifying information acquired by the invalidated terminal specifying information acquiring means is:
Including one or more sets of value information indicating a value of a part in a bit string of a predetermined number of bits and position information for specifying a bit position of the part in the bit string,
All terminals in which a partial bit string in a terminal identifier and a partial bit string located at a bit position specified by each position information is the same as a value indicated by value information corresponding to the position information Information that identifies all of the terminal devices identified by the identifiers as terminal devices to be invalidated,
The determination means includes
For each piece of position information included in the invalidated terminal specifying information, the value of the partial bit string located at the bit position specified by the position information in the terminal identifier received by the terminal identifier receiving unit is the position information. Check whether it matches the value indicated by the value information corresponding to
If it matches even once in the inspection, it is determined that the received terminal identifier matches with any terminal identifier indicated by the invalidated terminal specifying information as specifying the terminal device to be invalidated. The cryptographic communication apparatus according to claim 21, wherein An information generation method for generating invalidated terminal identification information for identifying a terminal apparatus to be invalidated among a plurality of terminal apparatuses,
A terminal identifier obtaining step of obtaining each terminal identifier of each terminal device to be invalidated among terminal identifiers consisting of a bit string of a predetermined number of bits capable of identifying each of the plurality of terminal devices;
Obtained by the terminal identifier obtaining step using a data format that comprehensively expresses all terminal identifiers in which the part is identical to the value by the information specifying the value of the part in the bit string of the predetermined number of bits. A generation step of generating the invalidated terminal specifying information indicating all terminal identifiers. In the generation step, assuming that the predetermined number of bits is N, the number of terminal identifiers having the same X-bit value from the most significant bit among the terminal identifiers acquired in the terminal identifier acquisition step is 2 (N−X ) Specify at least one X value that satisfies the condition that it is a power, and for each X value, valid high-order digit information indicating the number of bit digits of X, and a bit string of the X bit portion from the most significant bit of the terminal identifier 24. The invalidated terminal specifying information including all pairs of the associated valid higher-order digit information and value information in association with value information indicating the value of the generated value is generated. Information generation method. Each of the terminal devices is manufactured by one of a plurality of manufacturers,
25. The information generation method according to claim 24, wherein each terminal identifier for identifying each terminal apparatus indicates the manufacturer of the terminal apparatus by a bit string having a predetermined number of bits from the most significant bit in the terminal identifier. In the generating step, when the predetermined number of bits is N,
An N-bit bit string obtained by inverting only the least significant bit of one of the terminal identifiers acquired in the terminal identifier acquisition step, and the value is not the same as any of the other terminal identifiers acquired in the terminal identifier acquisition step A bit string that satisfies the condition is defined as exception information, and the bit string is regarded as a terminal identifier.
Among the terminal identifiers acquired in the terminal identifier acquisition step and the regarded terminal identifiers, the condition is that the number of terminal identifiers having the same X bit value from the most significant bit is 2 to the power of (N−X). Specify one or more X values that satisfy X and less than N;
For each identified X value, the X value is associated with the value of the bit string from the most significant bit of the 2 (N−X) power terminal identifiers to the X bit portion according to the condition. 24. The information generation method according to claim 23, wherein the invalidated terminal specifying information including all sets of values and the exception information as components is generated. Each of the terminal devices is manufactured by one of a plurality of manufacturers,
27. The information generation method according to claim 26, wherein each terminal identifier for identifying each terminal apparatus indicates a manufacturer of the terminal apparatus by a bit string having a predetermined number of bits from the most significant bit in the terminal identifier. A program for causing a computer to execute information generation processing for generating invalidated terminal specifying information for specifying a terminal apparatus to be invalidated among a plurality of terminal apparatuses,
The information generation process includes
A terminal identifier obtaining step of obtaining each terminal identifier of each terminal device to be invalidated among terminal identifiers consisting of a bit string of a predetermined number of bits capable of identifying each of the plurality of terminal devices;
Obtained by the terminal identifier obtaining step using a data format that comprehensively expresses all terminal identifiers in which the part is identical to the value by the information specifying the value of the part in the bit string of the predetermined number of bits. And a generating step of generating the invalidated terminal specifying information indicating all terminal identifiers. A recording medium recording a program for causing a computer to execute information generation processing for generating invalidated terminal specifying information for specifying a terminal device to be invalidated among a plurality of terminal devices,
The information generation process includes
A terminal identifier obtaining step of obtaining each terminal identifier of each terminal device to be invalidated among terminal identifiers consisting of a bit string of a predetermined number of bits capable of identifying each of the plurality of terminal devices;
Obtained by the terminal identifier obtaining step using a data format that comprehensively expresses all terminal identifiers in which the part is identical to the value by the information specifying the value of the part in the bit string of the predetermined number of bits. A generation step of generating the invalidated terminal specifying information indicating all terminal identifiers. A program for causing a computer to execute a determination process for determining whether the terminal device is a terminal device to be invalidated based on a terminal identifier transmitted from the terminal device,
The determination process includes
A terminal identifier receiving step for receiving a terminal identifier of a predetermined number of bits transmitted from the terminal device;
One or more terminal devices to be invalidated using a data format that comprehensively expresses all terminal identifiers in which the part is identical to the value by the information specifying the value of the part in the bit string of the predetermined number of bits. An invalidated terminal specifying information acquisition step for acquiring invalidated terminal specifying information for specifying each terminal identifier;
The program characterized by including the determination step which determines whether the terminal identifier received by the said terminal identifier reception step corresponds with any terminal identifier specified by the said invalidation terminal specific information. A recording medium recording a program for causing a computer to execute a determination process for determining whether the terminal device is a terminal device to be invalidated based on a terminal identifier transmitted from the terminal device,
The determination process includes
A terminal identifier receiving step for receiving a terminal identifier of a predetermined number of bits transmitted from the terminal device;
One or more terminal devices to be invalidated using a data format that comprehensively expresses all terminal identifiers in which the part is identical to the value by the information specifying the value of the part in the bit string of the predetermined number of bits. An invalidated terminal specifying information acquisition step for acquiring invalidated terminal specifying information for specifying each terminal identifier;
A recording medium comprising: a determination step of determining whether or not the terminal identifier received in the terminal identifier reception step matches any terminal identifier specified by the invalidated terminal specifying information. A computer-readable recording medium in which invalidated terminal specific data is recorded,
The invalidated terminal specifying data is for identifying each terminal identifier of each terminal apparatus to be invalidated among terminal identifiers consisting of a bit string of a predetermined number of bits capable of identifying each of a plurality of terminal apparatuses.
A terminal identifier specifying field in which part specifying information for specifying a part of a value in the bit string of the predetermined number of bits is recorded;
A recording medium characterized in that the part identification information comprehensively represents all terminal identifiers having the same value as the value. The terminal identifier specifying field includes
A value information field in which value information indicating a value of a part of a bit string of a predetermined number of bits is recorded;
It is configured to include at least one set that is associated with a position information field that records position information for specifying the bit position of the portion in the bit string,
The invalidated terminal specifying data is:
The value of the partial bit string in the terminal identifier that is located at the bit position specified by each position information in each position information field corresponds to the position information field in which the position information is recorded. 33. Data identifying all terminal identifiers that are identical to the value indicated in the value information recorded in the value information field to be specified as terminal identifiers of each terminal device to be invalidated. Recording media. Each of the terminal devices is manufactured by one of a plurality of manufacturers,
34. The recording medium according to claim 33, wherein each terminal identifier for identifying each terminal apparatus indicates a manufacturer of the terminal apparatus by a bit string in a predetermined range in the terminal identifier. In order to identify each terminal identifier of each terminal device to be invalidated among terminal identifiers consisting of a bit string of a predetermined number of bits that can identify each of a plurality of terminal devices,
A terminal identifier specifying field in which part specifying information for specifying a part of a value in the bit string of the predetermined number of bits is recorded;
Invalidated terminal specifying data, characterized in that the part specifying information comprehensively represents all terminal identifiers having the same value as the value. An encryption device comprising: an encryption communication device; a terminal device that transmits a key identifier having a predetermined number of bits to the encryption communication device; and a management device that generates revocation key identifier specifying information that specifies one or more key identifiers to be revoked A communication system,
The management device
The revocation key identifier specifying information is generated by using a data format that comprehensively expresses all key identifiers in which the part is identical to the value by the information specifying the value of the part in the bit string of the predetermined number of bits. An invalidation key identifier specifying information generating means for performing,
Output means for outputting the generated invalidation key identifier specifying information,
The encryption communication device is:
Revocation key identifier specific information acquisition means for acquiring the revocation key identifier specific information output by the management device;
Key identifier receiving means for receiving a key identifier from a terminal device;
Determining means for determining whether or not the key identifier received by the key identifier receiving means matches any key identifier specified by the revocation key identifier specifying information;
Only when it is determined by the determination means that the received key identifier does not match any key identifier specified by the revocation key identifier specifying information, between the terminal device that has transmitted the key identifier. And a communication means for performing predetermined communication by performing unique encryption on the key identifier.

Images