JP2009033433A - Digital data recording/reproducing method and its device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To enable an individual user to easily record and easily reproduce data toughly encrypted by extending the existing content protection technology to an extent applicable to data of the individual user. <P>SOLUTION: In recording user's data, when a protection area data are requested to produce from a host 30W, a drive 20W adds a random number from a random number production function section 24 to a user key 36 from the host 30W to produce protection area data 12 and then forward the data to the host 30W. The host 30W produces a protection area key from these protection area data 12 to encrypt user data, which ought to be input, by using this protection area key, a device key 34 or the like. Then, when the host 30W requests a recording start to the driver 20W, the driver 20W records the protection area data 12 on a protection area of an optical disc 10 and further records the encrypted user data 13 from the host 30W on a user area of the optical disc 10. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to a digital data recording / reproducing method and recording / reproducing apparatus, and more particularly, digital data is encrypted and recorded on a recording medium, and content data encrypted and recorded on the recording medium is decrypted. The present invention relates to a digital data recording / reproducing method and a recording / reproducing apparatus for reproducing the data.

  In recent years, media capable of easily recording large-capacity digital data such as HDDs and optical discs have been widely distributed, and it has become possible to easily reproduce and copy high-quality works. As this technology evolves, copy control technology will be introduced to prevent the rights holder's interests from being harmed so that the copyrighted work cannot be duplicated, or a certain number of times cannot be duplicated. Is increasing.

  A DVD (Digital Versatile Disc) having a capacity of 4.7 gigabytes and capable of recording video and audio for 2 hours or more introduces CSS (Content Scrambling System) as a technology for encrypting digital contents. . In CSS, a master key managed by a CSS management mechanism such as a DVD device manufacturer, a disc key set for each disc arbitrarily determined by the copyright holder, and a title set for each title of content recorded on the disc The content recorded on the disc is protected by hierarchically combining three types of keys. A master key is assigned to each playback device and is used for decryption.

  The content data to be recorded on the disc is encrypted using the title key for each title and recorded on the disc. The title key used for encrypting the content data is encrypted with the disc key set on the disc and then recorded on the disc. The disc key used for encrypting the title key is encrypted with the master key and then recorded on the disc. At this time, a disc key corresponding to all valid master keys is recorded on the disc so that the disc key can be restored by an arbitrary reproducing apparatus. When content data is played back from such a disc, the disc key is decrypted with the master key of the playback device that plays the disc, the title key is decrypted with the decrypted disc key, and the decrypted title key is used. Decrypt the content data.

  Here, if the information of the master key assigned to a specific playback device is leaked, the disc created after that does not include the disc key corresponding to the master key from which this information was leaked. The key is recorded so that the leaked master key cannot be decrypted.

  Also, BD (Blu-ray Disc) and HD (High Definition) -DVD, which are attracting attention as next-generation optical discs, which have a recording capacity several times that of DVDs and can record video / audio information for two hours or more in high definition. Employs AACS (Advanced Access Content System) as copyright protection technology.

Here, AACS is positioned as an extension of CSS and uses three types of keys in a hierarchical combination, but AES (Advanced Encryption Standard) has been extended to a key length of 128 bits to increase its strength and (For example, see non-patent document 1).
There has been proposed a method of generating a media key necessary for reproducing content data protected by AACS and reproducing the content data using the media key (see, for example, Patent Document 1).

  In the method described in Patent Document 1, a media key for decrypting content data encrypted and recorded on a recording medium is generated by using an encryption value recorded on the recording medium (media) and a playback device. Generated from the disk key corresponding to the encrypted value.

  Here, in AACS, the disk keys are defined in a tree shape, and the lower layer disk key can be obtained by calculating the disk key of one higher layer, and the disk key of each of these layers Among them, a number of disc keys that can acquire the disc key of the lowest hierarchy are given to each playback device.

In the playback device, when a recording medium (media) is loaded, the encryption value of the recording medium (media) is read, and the disk key corresponding to the encryption value is the disk key assigned to the playback device. A media key for decrypting the content data recorded on the recording medium (medium) is generated from either of the above-described operations and the obtained disc key and the encrypted value.
Advanced Access Content System (AACS): Introduction and Common Cryptographic Elements Revision 0.91 2006 JP 2007-13440 A

  By the way, although the content protection technology such as CSS and AACS has a strong encryption technology, it is between the recording medium and the recording / reproducing apparatus and the recording / reproducing application incorporated in the host side. It is limited to the purpose of authenticating with the above, and does not include a mechanism for protecting confidential data generated by an individual user from a third party.

  Along with the advanced information and communication society in recent years, there are a great number of incidents and accidents in which a large amount of computerized information is leaked, which is a social problem. In April 2005, the “Act on the Protection of Personal Information” was enacted. Companies are promoting the establishment of a management system for personal information and corporate information, and making efforts to prevent the leakage of information. For specific protection measures for recordable media such as optical discs, please refer to the operating rules of each company. Based on this, socially reliable protection measures have not been generalized.

  The present invention has been made in view of such a point, and the purpose of the present invention is to extend existing content protection technology to be applicable to data generated by an individual user, and the individual user has been subjected to strong encryption. An object of the present invention is to provide a digital data recording / reproducing method and recording / reproducing apparatus that provide an environment in which data can be easily recorded and reproduced.

  In order to achieve the above object, the present invention is a method for recording digital data on a recording / reproducing medium, wherein the recording / reproducing medium is provided with a protected area and user data, and the user data is recorded on the recording / reproducing medium. A random number is generated based on the user key of the user to be recorded, and the generated random number is recorded as protected area data in the protected area of the recording / reproducing medium, and an encryption key is generated using the protected area data. The user data is generated and encrypted using the encryption key, and the encrypted user data is recorded in the user area of the recording / reproducing medium.

  In the present invention, the input of the user key is accepted by a host device, and the input user key is transferred from the host device to the recording / reproducing device when the random number generation request is made.

  The present invention is also a method for reproducing digital data from a recording / reproducing medium, the recording / reproducing medium comprising a protected area in which protected area data is recorded and a user area in which encrypted user data is recorded. And reproducing the protected area data from the protected area, generating a decryption key based on the reproduced protected area data and the user key of the user who reproduces the encrypted user data, and The encrypted user data reproduced from is decrypted using the decryption key.

  Also, a digitel data recording apparatus according to the present invention is one in which the above recording method is implemented.

  Also, a digitel data reproducing apparatus according to the present invention is implemented with the above reproducing method.

  According to the present invention, by expanding the existing content protection technology, it becomes possible for an individual user to protect data to be recorded on a digital data recording / reproducing medium with strong encryption. It becomes possible to provide an environment in which a person cannot read illegally.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

  Note that the present invention is not limited to the optical disc recording / reproducing method, and is not limited to a certain content protection technique. A case where the present invention is applied to a system will be described as an example.

  FIG. 1 is a system configuration diagram showing a recording side of a digital data recording / reproducing method and recording / reproducing apparatus according to a first embodiment of the present invention, wherein 10 is a recordable optical disc, and 11 is an MKB (Media Key Brock: (Media key block), 12 is protected area data, 13 is encrypted user data, 20W is a drive on the recording side (recording system of the optical disk recording / playback apparatus), 21 is a drive key, and 22 is AACS authentication function unit, 23 is a MAC (Message Authentication Code operation function unit), 24 is a random number generation function unit, 25 is an addition unit, 30W is a recording-side host, 31 is a host key, 32 Is an AACS authentication function unit, 33 is a MAc authentication function unit, 34 is a device key, 35 is a protection area control function unit, and 36 is a user key. It is a (User Key).

  In the figure, the recording side of the first embodiment includes a recordable / reproducible optical disc 10, a recording drive 20W, and a host 30W such as a PC (Personal Coputer: personal computer) running a video / audio recording / reproducing application. Under such an environment, there is a mechanism for recording the protected area data in the protected area of the optical disc 10 and the user data in the user area.

  The optical disc 10 stores an MKB 11 composed of a plurality of encrypted media keys corresponding to device keys for each host that have undergone AACS authentication. The protected area data 12 is recorded in the protected area that cannot be freely read from the host 30W, and the encrypted user data 13 transferred from the host 30W is recorded in the user area.

  The drive 20W stores a drive key 21 that is managed by the AACS management mechanism and assigned to the AACS-certified drive, and uses the drive key 21 or the like to perform an operation based on an elliptic curve. The authentication function unit 22 that performs authentication processing with the host 30W, the MAC calculation function unit 23 that generates a message authentication code (MAC) from the bus key of the drive 20W, the random number generation function unit 24 that generates a random number, An adding unit 25 that adds the random number generated by the random number generating function unit 24 and the user key 36 from the host 30W is provided.

  Further, in the host 30W corresponding to the drive 20W, similarly to the drive key 21, the host (video / audio recording / reproducing application or video / audio recording / reproducing circuit) managed by the AACS management mechanism and receiving the AACS authentication is used. The assigned host key 31 and the device key 34 owned by each of the video / audio recording / playback application and the video / audio recording / playback circuit are stored, and the host key 31 or the like is used to perform an operation based on the elliptic curve, An authentication function unit 32 that performs authentication work with the drive 20W, and a MAC authentication function unit 33 that generates a message authentication code (MAC) from a bus key in the host 30W and compares it with the message authentication code (MAC) from the drive 20W; User data recorded in the user area using various keys for encryption A protected zone control function unit 35 that performs encryption is provided. The host 30W is given a user key 36 from an individual user who uses the host 30W.

  When the encrypted user data is recorded on the optical disc 10, a mutual authentication process for confirming that the other party is AACS-authenticated between the drive 20W and the host 30W is started as in the case of the conventional AACS. The This will be described with reference to FIG.

  In this mutual authentication process, the drive 20W reads the MKB 11 recorded on the optical disc 10 (step 100), stores it in the AACS authentication function unit 22 (step 101), and transfers it to the host 30W (step 102). When the host 30W receives the MKB 11, the AACS authentication function unit 32 generates data A from the MKB 11 and the host key 31 (step 103), stores it, and transfers it to the drive 20W (step 103). 104). When the drive 20W receives the data A, the AACS authentication function unit 22 confirms that the host 30W is AACS-authenticated based on the data A (step 105). Data B is generated from the stored MKB 11 (step 106), stored and transferred to the host 30W (step 107). The host 30W uses the AACS authentication function unit 32 to confirm that the drive 20W is an AACS authenticated device (step 108). This data B is also stored in the host 30W.

  As described above, it is confirmed that the drive 20W and the host 30W are AACS-authenticated devices.

  Next, the drive 20W generates data C by calculation based on the elliptic curve from the data A transferred from the host 30W by the AACS function unit 22 (step 109), and transmits the data C to the host 30W (step 110). After confirming the transferred data C, the host 30W generates a bus key (H) to be used in the MAC authentication function unit 33 by the AACS authentication function unit 32 (step 111), transferred from the drive 20W and stored. Data D is generated from the stored data B by calculation based on an elliptic curve (step 112), and transferred to the drive 20W (step 113). Finally, the drive 20W confirms this data D transferred from the host 30W, and generates a bus key (D) to be used later in the MAC operation function unit 23 in the AACS authentication function unit 22 (step 114).

  Thus, the mutual authentication process between the drive 20W and the host 30W is completed.

  As a matter of course, for example, a part where processing is not normally performed in the course of such mutual authentication processing because one of the devices of the drive 20W and the host 30W is a device that has not received AACS authentication. If this occurs, the mutual authentication process is interrupted and the authentication ends as a failure.

  Next, a processing procedure for recording user data whose contents are protected by encryption on the optical disc 10 will be described with reference to FIG.

  The content protection by encryption here is not only for the purpose of protecting the copyright, but also protects the user data 13 recorded by the individual user from a third party, that is, this user except in a specific environment. The purpose is to make it impossible to read the data 13 from the optical disk 10.

  After the above mutual authentication processing work between the drive 20W and the host 30W is normally completed, the drive 20W receives a recording start position address (hereinafter referred to as the user data 13) that is encrypted and recorded from the host 30W. When a protection area data generation request is received together with a user key 36 given by an individual user (also referred to as LBA (Logical Block Addressing: position address by selector number)) (step 200), protection to be recorded in the protection area of the optical disc 10 is performed. The generation work of the area data 12 is started (step 201).

  As the protected area data 12, an addition value obtained by adding the random number generated by the random number generation function unit 24 in the drive 20W and the user key 36 transferred from the host 30W by the adding unit 25 is used. However, the adding process of the adding unit 25 performs an exclusive OR operation on these random numbers and the user key 36 for each bit.

  Next, the drive 20W uses the MAC calculation function unit 23 to create the protected area data 12 generated in this way, and the recording start position address of the encrypted user data 13 transferred from the host 30W on the optical disc 10. The message authentication code (D) is obtained using the bus key (D) in the drive 20W generated during the above mutual authentication processing (step 202) and transferred to the host 30W together with the protected area data 12 (step 203). .

  Accordingly, in the host 30W, the MAC authentication function unit 33 stores the transfer start position address of the transferred protected area data 12 and the encrypted user data 13 on the optical disk 10 and the host 30W generated during the above authentication process. A message authentication code (H) is obtained from the bus key (H) (step 204), and a match with the message authentication code (D) transferred from the drive 20W is confirmed (step 205). Then, in the protected area control function unit 35, a protected area key is generated from the protected area data 12 (step 206), a media key corresponding to the device key 34 is acquired from the MKB 11 (step 207), and this protected area key is used. The input user data is encrypted, and the encrypted user data 13 is obtained (step 208).

  The encrypted user data 13 obtained in this way is transferred to the drive 20W. At this time, recording from the recording start position address of the user data previously reported to the drive 20W from the host 30W is requested. (Step 209). In response to the recording request from the host 30W, the drive 20W records the previously generated protected area data 12 in the protected area of the optical disc 10 (step 210), and subsequently, the encryption transferred from the host 30W. Recording of the converted user data 13 is started from the designated recording start address (steps 211 and 212).

  In such a recording process, the user key 36 is added to the random number from the random number generation function unit 24 by the addition unit 25 (exclusive OR operation process) and recorded as the protected area data 12 on the optical disc. No information relating to the user key 36 is recorded on the optical disc 10.

  FIG. 4 is a system configuration diagram showing the playback side of the digital data recording / playback method and recording / playback apparatus according to the first embodiment of the present invention with respect to the recording side shown in FIG. (Reproduction system of recording / reproducing apparatus), 26 is an adding unit, 30R is a reproduction-side host, and 37 is a decoding function unit. Components corresponding to those in FIG.

  In the figure, the reproducing side of the first embodiment also includes an optical disc 10 on which the protected area data 12 and the encrypted user data 13 recorded on the recording side shown in FIG. In an environment including the drive 20R and the reproduction-side host 30R, the protected area data 12 recorded in the protected area of the optical disc 10 and the encrypted user data 13 recorded in the user area are reproduced. It has a mechanism to do.

  Here, the optical disk 10 is recorded with user data 13 encrypted on the recording side shown in FIG. The drive used for reproduction, that is, the reproduction-side drive 20R does not use the random number generation function unit 24 and the addition unit 25 in FIG. 1, but instead uses the protected area data 12 read from the optical disc 10 and the reproduction-side host 30R. An adding unit 26 that adds (exclusive OR operation processing) the user key 36 to be transferred is used. The host used for reproduction, that is, the reproduction-side host 30R, uses the decryption function unit 37 instead of the protect area control function unit 35 in FIG.

  In this example, the playback-side drive 20R and the recording-side drive 20W shown in FIG. 1 constitute the same recording / playback apparatus. Therefore, the drive key 21 and the AACS authentication function of the playback-side drive 20R are used. The unit 22 and the MAC calculation function unit 23 are the same as the drive key 21, the AACS authentication function unit 22, and the MAC calculation function unit 23 of the recording-side drive 20, respectively. However, the recording side drive 20 may be a recording device, and the reproduction side drive 20R may be a separate reproduction device.

  Further, the reproduction-side host 30R forms one host with the recording-side host 30W shown in FIG. For example, one PC is configured to have functions of a recording-side host 30W and a reproducing-side host 30R.

  The optical disk 10 stores the MKB 11 composed of the plurality of encrypted media keys described in FIG. 1, and, as described in FIG. 1, protect area data in a protected area that cannot be freely read from the host 30R. 12, user data 13 encrypted is recorded in the user area.

  The drive 20R also stores a drive key 21 that is managed by the AACS management mechanism and assigned to the drive that has been AACS-certified, and uses the drive key 21 or the like to perform calculations based on an elliptic curve. Authentication function unit 22 that performs authentication work with host 30R, MAC calculation function unit 23 that generates a message authentication code (MAC) from the bus key in drive 20R, and the protected area data read from the protected area of optical disk 10 13 and the user key 36 from the host 30R are added (addition unit 26) for adding (exclusive OR operation processing).

  Further, in the host 30R corresponding to the drive 20R, similarly to the drive key 21, to the host (video / audio recording / playback application or video / audio recording / playback circuit) that is managed by the AACS management mechanism and receives AACS authentication. The assigned host key 31 and the device key 34 owned by each of the video / audio recording / playback application and the video / audio recording / playback circuit are stored, and the host key 31 or the like is used to perform an operation based on the elliptic curve, An AACS authentication function unit 32 that performs authentication work with the drive 20R, and a MAC authentication function unit 33 that generates a message authentication code (MAC) from a bus key in the host 30R and compares it with the message authentication code (MAC) from the drive 20R. And user keys of the optical disc 10 using various keys for encryption. A decryption function unit 37 for performing descrambling of the user data 13 that has been encrypted is reproduced is provided from A. The host 30R is given a user key 36 by an individual user who uses the host 30R.

  When reproducing the encrypted user data 13 from the optical disk 10 between the drive 20R and the host 30R, together with a reproduction request for the encrypted user data 13 desired on the optical disk 10 by an individual user. As in the case of the recording system shown in FIG. 1, a mutual authentication process for confirming that the other party has performed AACS authentication between the drive 20W and the host 30W using the MKB 11 or the like stored in the optical disk 11. Work is done.

  Hereinafter, the reproduction processing operation after completion of the mutual authentication processing operation will be described. FIG. 5 is a flowchart showing a specific example of the reproduction processing operation, which will be described below with reference to FIG.

  When this processing operation ends normally, the host 30R transfers the user key 36 given by the individual user and the reproduction start LBA (position address by sector number) of the encrypted user data 13 to the drive 20R for reproduction. A request is made to transfer the protected area data 12 corresponding to the requested user data 13 (step 300). In response to this transfer request, the drive 20R reads the protected area data 12 from the protected area of the optical disc 10 (step 301), and adds the user key 36 transferred from the host 30R by the adder 26 (exclusive OR operation). Then, addition protection area data is generated (step 302).

  Next, the drive 20R adds the added value from the adder 26 (hereinafter referred to as addition protected area data), the reproduction start LBA of the user data 13 from the host 20R, and the drive 20R in the drive 20R obtained by the mutual authentication process. A message authentication code (D) is generated from the bus key (D) using the MAC calculation function unit 23 (step 303), and transferred to the host 30R together with the addition protection area data (step 304).

  In the host 30R, the MAC authentication function unit 33 performs arithmetic processing with the addition protected area data received from the drive 20R, the reproduction start LBA of the encrypted user data 13, and the bus key (H) in the host 30R acquired at the time of authentication. The message authentication code (H) is obtained (step 305), and a match with the message authentication code (D) transferred from the drive 20R is confirmed (step 306).

  After this confirmation work, the host 30R acquires the media key corresponding to the device key 34 from the MKB 11 (step 307), generates a protected area key using this media key and the added protected area data (step 308), A reproduction request for the encrypted user data 13 from the reproduction start LBA on the optical disk 10 notified to the drive 20R is made (step 309). As a result, the encrypted user data 13 is started from the playback start LBA on the optical disc 10 (step 310) and transferred to the host 30R (step 311). In the host 30R, the transferred user data 13 is decrypted by the decryption function unit 37 using the previously generated protected area key (step 312). Thereby, the decoding and reproduction processing of the user data 13 is performed.

  As described above, in order to reproduce the encrypted user data 13 from the optical disk 10, it is necessary to obtain correct addition protected area data by the addition unit 26 using the user key 36. If the correct user key 36 is not transferred from the host 30R to the drive 20R, the MAC authentication function unit 33 of the host 30R obtains the added protect area data, the reproduction start LBA, and the bus key (H) in the host 30R. The message authentication code (H) to be transmitted does not match the message authentication code (D) transferred from the drive 20R, and the correct protected area key cannot be obtained. Therefore, the user data 13 encrypted by the decryption function unit 37 is not obtained. The cipher cannot be broken.

  FIG. 6 is a flowchart showing another specific example of the transfer method of the user key 36 from the host 30W to the drive 20W in the recording system shown in FIG.

  In the recording process of the encrypted user data 13 on the recording side shown in FIG. 1, as shown by the step 200 in FIG. 3, the user key 36 is a protected area after the AACS authentication process for starting the recording shown in FIG. When the data 12 is generated, it is transferred from the host 30W to the drive 20W together with the recording start LBA of the user data 13 to be encrypted. On the other hand, in the specific example shown in FIG. 6, the user key 36 is transferred to the drive 20 when the host 30W is activated. This will be described below with reference to FIG.

  In FIG. 6, the host 30W inquires of the drive 20 about the performance of the drive 20 at the time of startup (step 400). The inquiring performance includes, for example, the type of recordable optical disc 10, the maximum transfer rate in recording, and the presence / absence of defect management. At this time, the host 30W also makes an inquiry about whether or not the user key 36 can be supported in content protection.

  In response to this inquiry, the drive 20W corresponding to the user key returns a response indicating that it corresponds to the user key 36 to the host 30W (step 401). In response to this response, the host 30 requests the individual user who is using the system to input a password via a display or the like (step 402), and uses the acquired individual user password as the user key 36 to drive the password. Transfer to 20 W (step 403). The drive 20W stores the transferred user key 36 in a built-in memory (not shown in FIG. 1) for use in later recording / playback processing (step 404).

  The stored user key 36 is used to generate the protected area data 12 after the AACS authentication process as in step 201 of FIG.

  When the above processing is performed, the host 30W is activated, but the recording process of the encrypted user data 13 after the activation is performed, except that the user key 36 is not transferred when the protected area data 12 is generated. This is the same as the processing described in FIG.

  FIG. 7 is a flowchart showing another specific example of the transfer method of the user key 36 from the host 30R to the drive 20R in the reproduction system shown in FIG.

  In the reproduction process of the encrypted user data 13 on the reproduction side shown in FIG. 4, the user key 36 generates the protected area data 12 after the AACS authentication process for starting recording, as indicated by the step 300 in FIG. At the time of the request, it is transferred from the host 30R to the drive 20R together with the reproduction start LBA of the user data 13 to be encrypted. On the other hand, in the specific example shown in FIG. 7, the user key 36 is transferred to the drive 20R when the host 30R is activated. This will be described below with reference to FIG.

  In FIG. 7, the host 30R inquires of the drive 20R about the performance of the drive 20R when the host 30R is started (step 500). The inquired performance includes, for example, the type of the optical disc 10, the maximum transfer rate in reproduction, and the presence / absence of defect management. At this time, the host 30R also makes an inquiry about whether or not the user key 36 is supported in content protection.

  In response to this inquiry, the drive 20R corresponding to the user key returns a response indicating that it corresponds to the user key 36 to the host 30R (step 501). In response to this response, the host 30 requests the individual user who is using the system to input a password via a display or the like (step 502), and uses the acquired individual user password as a user key 36 to drive the password. Transfer to 20R (step 503). The drive 20R stores the transferred user key 36 in a built-in memory (not shown in FIG. 1) for use in later playback processing (step 504).

  The stored user key 36 is used to generate the protected area data 12 after the AACS authentication process, as in steps 301 and 302 in FIG.

  When the above processing is performed, the host 30R is activated, but the reproduction processing of the encrypted user data 13 after the activation is performed except that the user key 36 is not transferred when the protected area data 12 is generated. This is the same as the processing described in FIG.

  FIG. 8 is a system configuration diagram showing the recording side of the second embodiment of the digital data recording / reproducing method and recording / reproducing apparatus according to the present invention, in which 27 is a serial number, 28 is an adder, and FIG. Corresponding portions are denoted by the same reference numerals and redundant description is omitted.

  In the same figure, the recording side of the second embodiment also has an environment composed of an optical disk 10 capable of recording / playback, a recording drive 20W, and a host 30W such as a PC running a video / audio recording / playback application. There is a mechanism for recording protected area data in the protected area of the optical disc 10 and user data in the user area. The drive 20W is further provided with an adder 28, and a serial number assigned to the drive 20W. 27 is also used. The other configuration is the same as that of the recording system of the first embodiment shown in FIG. As a result, in the second embodiment, the environment is such that a specific individual user (user key 36) can record and reproduce user data only with a specific drive (serial number 27).

  When recording user data, first, as in the recording system shown in FIG. 1, mutual authentication processing is performed between the drive 20W and the host 30W shown in FIG. 2 to confirm that the other party is AACS-authenticated. When the authentication process ends normally, a process for recording user data is performed. The recording process shown in FIG. 1 also uses the serial number 27 of the drive 20W in addition to the random number from the random number generation function unit 24 and the user key 36 from the host 30W to generate the protected area data 12. It is only different from the system.

  That is, with reference to FIG. 3, after the mutual authentication process between the drive 20W and the host 30W has been normally completed, the drive 20W will record the user key 13 together with the recording start position address of the user data 13 to be encrypted and recorded. 36 is received from the host 30W (step 200), and protected area data 12 to be recorded in the protected area of the optical disc 10 is generated (step 201). The protected area data 12 includes a random number generated by the random number generation function unit 24 in the drive 20W, a user key 36 transferred from the host 30W, and a serial number 27 for drive identification assigned to the drive 20W. The adder 28 adds the serial number 27 to the user key 36 (exclusive OR operation for each bit), and the adder 28 adds the addition result to the adder 25. The same addition processing as the random number from the random number generation function unit 24 is performed.

  Next, in the drive 20W, the MAC calculation function unit 23 generates the protected area data 12 and the recording start position address of the user data 13 transferred from the host 30W and the mutual authentication process (step 114 in FIG. 2). The message authentication code (D) is generated using the bus key (D) in the generated drive (step 202) and transferred to the host 30W together with the protected area data 12 (step 203).

  In the host 30W, the MAC authentication function unit 33 uses the protected area data 12 transferred, the recording start position address of the user data, and the bus key (H) in the host 30W generated at the time of authentication (step 111 in FIG. 2). A message authentication code (H) is calculated and generated (step 204), and a match with the message authentication code (D) transferred from the drive 20W in step 203 is confirmed (step 205). When the coincidence is confirmed, the protected area control function unit 35 generates a protected area key from the protected area data 12 transferred from the drive 20W in step 203 (step 206), and the media obtained from the device key 34 and the MKB 11 Along with the key, this protected area key is used to encrypt input user data. At this time, a request is made to start recording from the recording start position address of the user data previously reported from the host 30W to the drive 20W (step 208).

  In response to this request, the drive 20W records the protected area data 12 previously generated in the step 201 in the protected area of the optical disc 10 (step 209), and then encrypts data continuously transferred from the host 30W. The recorded user data 13 is recorded from the designated recording start address of the optical disc 10.

  As described above, even in the recording process of the second embodiment, the information about the user key 36 and the serial number 27 of the drive 20W is recorded on the optical disc 10 on which the encrypted user data 13 is recorded. Not. In addition, the serial number 27 of the drive 20W is used to generate the protected area data 12. This serial number is used so that it is difficult for a user using the system to obtain or predict the serial number. The number 27 is appropriately converted. For example, as shown in FIG. 8, each bit is exclusive-ORed with a single or a plurality of bits of the serial number 27 with the user key 36 to generate converted information. By using it, an individual user who manages user data can also provide a stronger environment that can be used only by a specific drive.

  FIG. 9 is a system configuration diagram showing a playback side with respect to the recording side shown in FIG. 8 of the second embodiment of the digital data recording / playback method and recording / playback apparatus according to the present invention, and 29 is an adder. Portions corresponding to 8 are assigned the same reference numerals and redundant description is omitted.

  In the figure, the reproducing side of the second embodiment also has a recording / reproducing optical disc 10 on which the protected area data 12 and the encrypted user data 13 are recorded on the recording side shown in FIG. In an environment including the drive 20R and the reproduction-side host 30R, the protected area data 12 recorded in the protected area of the optical disc 10 and the encrypted user data 13 recorded in the user area are reproduced. However, the drive 20R uses the serial number 27 (same as the serial number 27 on the recording side shown in FIG. 8), and is provided with an adder 29, and the recording side shown in FIG. In the same manner as this, the serial number 27 is added to the user key 36 from the host 30R by the adder 29, and the addition result is sent to the adder 26. It is intended to supply. The other configuration is the same as that of the reproduction system of the first embodiment shown in FIG. As a result, in the second embodiment, the environment is such that a specific individual user (user key 36) can record and reproduce user data only with a specific drive (serial number 27).

  When reproducing user data, first, as in the reproduction side shown in FIG. 4, mutual authentication processing is performed between the drive 20W and the host 30W shown in FIG. 2 to confirm that the other party is AACS-authenticated. When the authentication process ends normally, a process for reproducing user data is performed. This reproduction process also differs from the reproduction side shown in FIG. 4 in that the serial number of the drive 20R and the user key 36 from the host 30W are used to generate the protected area data 12. Hereinafter, the reproduction process will be described with reference to FIG.

  When this processing operation ends normally, the host 30R transfers the user key 36 given by the individual user and the reproduction start LBA (position address specified by the sector number) of the encrypted user data 13 to the drive 20R. Then, the transfer of the protected area data 12 corresponding to the user data 13 requested to be reproduced is requested (step 300). In response to this transfer request, the drive 20R reads the protected area data 12 from the protected area of the optical disc 10 (step 301). Further, the user key 36 transferred from the host 30R and the serial number 27 of the drive 20R are added (exclusive OR operation) by the adder 29, and the addition result is read by the adder 26 and protected. By adding (exclusive OR operation) with the area data 13, addition protected area data is generated (step 302).

  Next, the drive 20R uses the addition protected area data from the addition unit 26, the reproduction start LBA of the user data 13 from the host 20R, and the bus key (D) in the drive 20R obtained by the mutual authentication process. A message authentication code (D) is generated using the MAC operation function unit 23 (step 303), and is transferred to the host 30R together with the addition protection area data (step 304).

  In the host 30R, the MAC authentication function unit 33 performs arithmetic processing with the addition protected area data received from the drive 20R, the reproduction start LBA of the encrypted user data 13, and the bus key (H) in the host 30R acquired at the time of authentication. The message authentication code (H) is obtained (step 305), and a match with the message authentication code (D) transferred from the drive 20R is confirmed (step 306).

  When this confirmation operation is completed, the host 30R generates a media key from the MKB 11 and the device key 34 (step 307), and generates a protected area key using this media key and the added protected area data (step 308). Then, the reproduction request for the encrypted user data 13 from the reproduction start LBA on the optical disk 10 notified to the drive 20R is made (step 309). As a result, the encrypted user data 13 from the reproduction start LBA on the optical disc 10 is reproduced (step 310) and transferred to the host 30R (step 311). In the host 30R, the transferred user data 13 is decrypted by the decryption function unit 37 using the previously generated protected area key (step 312). As a result, the decoding and reproduction processing of the user data 13 is performed.

  As described above, in order to reproduce the encrypted user data 13 from the optical disc 10, it is necessary to obtain correct addition protected area data by the adder 26 using the user key 36 and the serial number 27 of the drive 20R. It becomes. Therefore, unlike the recording side shown in FIG. 8, it is difficult for the user using the system to acquire or predict the serial number 27 to be added to the random number when recording the encrypted user data 13. When the value is added to the random number after being converted to a value, the reproduction side shown in FIG. 9 generates the correct addition protected area data from the protected area data reproduced from the optical disc 10 in order to generate the addition protected area data. The serial number 27 of the drive 20R must be subjected to the same conversion process as that on the recording side (FIG. 8). Therefore, if the correct user key 36 is not transferred from the host 30R to the drive 20R, the MAC authentication function unit 33 of the host 30R adds the protected area data, the reproduction start LBA, and the bus key (H in the host 30R). The message authentication code (H) obtained from (2) does not match the message authentication code (D) transferred from the drive 20R, and the correct protected area key cannot be obtained. The user data 13 cannot be decrypted.

  FIG. 10 is a system configuration diagram showing the recording side of the third embodiment of the digital data recording / reproducing method and recording / reproducing apparatus according to the present invention, in which 24a is a random number generation function unit, which corresponds to FIG. Are given the same reference numerals, and redundant description is omitted.

  In this figure, the third embodiment also realizes an environment that makes it difficult to analyze the elliptic curve used in AACS, and starts a recordable optical disk 10W, drive 20W, and a video / audio recording / playback application. In the environment using the host 30W such as a PC, the protected area data 12 is recorded in the protected area of the optical disc 10 and the encrypted user data 13 is recorded in the user area. However, the drive 20W is provided with a random number generation function unit 24a that generates a random number using the user key 36 from the host 30W as a seed for the drive 20W shown in FIG. The generated random number is added to the random number from the random number generation function unit 24 in the addition unit 25 (exclusive logic). Operation) is intended to. The other configuration is the same as that of the recording system of the first embodiment shown in FIG.

  When recording user data, first, as in the recording system shown in FIG. 1, mutual authentication processing is performed between the drive 20W and the host 30W shown in FIG. 2 to confirm that the other party is AACS-authenticated. When the authentication process ends normally, a process for recording user data is performed. This recording process also differs from the recording system shown in FIG. 1 in that the random number from the random number generation function unit 24 and the random number obtained by converting the user key 36 by the random number generation function unit are used to generate the protected area data 12. is there.

  That is, the recording process will be described with reference to FIG. 3. After the mutual authentication process between the drive 20W and the host 30W has been normally completed, the drive 20W is recorded with the recording start position address of the user data 13 to be encrypted and recorded. The user key 36 is received from the host 30W (step 200), and the protected area data 12 to be recorded in the protected area of the optical disc 10 is generated (step 201). The protected area data 12 is added by a random number generated by the random number generation function unit 24a using the user key 36 transferred from the host 30W as a seed and the random number generated by the random number generation function unit 24 by the addition unit 24 (for each bit). (By exclusive OR processing).

  Next, in the drive 20W, the MAC calculation function unit 23 generates the protected area data 12 and the recording start position address of the user data 13 transferred from the host 30W and the mutual authentication process (step 114 in FIG. 2). The message authentication code (D) is generated using the bus key (D) in the generated drive (step 202) and transferred to the host 30W together with the protected area data 12 (step 203).

  In the host 30W, the MAC authentication function unit 33 transfers the protected area data 12 transferred, the recording start position address of the user data, and the bus key (H) in the host 30W generated at the time of authentication (step 111 in FIG. 2). The message authentication code (H) is calculated and generated from (step 204), and a match with the message authentication code (D) transferred from the drive 20W in step 203 is confirmed (step 205). When the match is confirmed, the protected area control function unit 35 generates a protected area key from the protected area data 12 transferred from the drive 20W in step 203 (step 206), and is obtained from the device key 34 and the MKB 11. In addition to the media key, this protected area key is used to encrypt input user data. At this time, a request is made to start recording from the recording start position address of the user data previously reported from the host 30W to the drive 20W (step 208).

  In response to this request, the drive 20W records the protected area data 12 previously generated in the step 201 in the protected area of the optical disc 10 (step 209), and then encrypts data continuously transferred from the host 30W. The recorded user data 13 is recorded from the designated recording start address of the optical disc 10.

  In this way, even in the recording process of the third embodiment, no information regarding the user key 36 is recorded on the optical disc 10 on which the encrypted user data 13 is recorded. For this reason, it is necessary to know the correct user key 36 in order to release the encryption of the two user data during reproduction. In this recording process, the user key 36 supplied from the host 30W to the drive 20W is once converted into a numerical value by the random number generation function unit 24a, so the value of the user key 36 transferred from the host 30W to the drive 20W. And the value of the message authentication code (D) obtained by the MAC calculation function unit 23 can be thinned. Therefore, for example, a malicious user changes the user key 36 transferred from the host 30W to the drive 20W, observes the message authentication code (D) transferred from the drive 20W to the host 30W, and performs the MAC operation function unit. Even if the various key information and calculation algorithms used in H.23 are analyzed, the difficulty of the analysis is maintained at the original level of AACS.

  FIG. 11 is a system configuration diagram showing a playback side with respect to the recording side shown in FIG. 10 of the third embodiment of the digital data recording / playback method and recording / playback apparatus according to the present invention. The same reference numerals are assigned and duplicate descriptions are omitted.

  In the figure, the reproducing side of the third embodiment also has a recording / reproducing optical disk 10 in which protected area data 12 and encrypted user data 13 are recorded on the recording side shown in FIG. In an environment including the drive 20R and the reproduction-side host 30R, the protected area data 12 recorded in the protected area of the optical disc 10 and the encrypted user data 13 recorded in the user area are reproduced. In the drive 20R, the user key 36 from the host 30R is converted into a random number by using the random number generation function unit 24a in the drive 20W in FIG. 10 and the random number is read from the optical disc 10 in the drive 20R. Addition protection data 12 is added by the adder 26 (exclusive OR processing for each bit) and added And it generates a preparative area data. The other configuration is the same as that of the reproduction system of the first embodiment shown in FIG. As a result, in the third embodiment, the environment is such that a specific individual user (user key 36) can record and reproduce user data only with a specific drive (serial number 27).

  When reproducing user data, first, as in the reproduction side shown in FIG. 4, mutual authentication processing is performed between the drive 20W and the host 30W shown in FIG. 2 to confirm that the other party is AACS-authenticated. When the authentication process ends normally, a process for reproducing user data is performed. This reproduction process also differs from the reproduction side shown in FIG. 4 in that the user key 36 from the host 30W is converted into a random number by the random number generation function unit 24a and used to generate the protected area data 12. Hereinafter, the reproduction process will be described with reference to FIG.

  When this processing operation ends normally, the host 30R transfers the user key 36 given by the individual user and the reproduction start LBA (position address specified by the sector number) of the encrypted user data 13 to the drive 20R. Then, the transfer of the protected area data 12 corresponding to the user data 13 requested to be reproduced is requested (step 300). In response to this transfer request, the drive 20R reads the protected area data 12 from the protected area of the optical disc 10 (step 301). Further, the user key 36 transferred from the host 30R is converted into a random number by the random number generation function unit 24a, and this random number is added to the read protected area data 13 by the addition unit 26 (exclusive OR operation). As a result, addition protected area data is generated (step 302).

  Next, the drive 20R uses the addition protected area data from the addition unit 26, the reproduction start LBA of the user data 13 from the host 20R, and the bus key (D) in the drive 20R obtained by the mutual authentication process. A message authentication code (D) is generated using the MAC operation function unit 23 (step 303), and is transferred to the host 30R together with the addition protection area data (step 304).

  In the host 30R, the MAC authentication function unit 33 performs arithmetic processing with the addition protected area data received from the drive 20R, the reproduction start LBA of the encrypted user data 13, and the bus key (H) in the host 30R acquired at the time of authentication. The message authentication code (H) is obtained (step 305), and a match with the message authentication code (D) transferred from the drive 20R is confirmed (step 306).

  When this confirmation operation is completed, the host 30R generates a media key from the MKB 11 and the device key 34 (step 307), and generates a protected area key using this media key and the added protected area data (step 308). Then, the reproduction request for the encrypted user data 13 from the reproduction start LBA on the optical disk 10 notified to the drive 20R is made (step 309). As a result, the encrypted user data 13 from the reproduction start LBA on the optical disc 10 is reproduced (step 310) and transferred to the host 30R (step 311). In the host 30R, the transferred user data 13 is decrypted by the decryption function unit 37 using the previously generated protected area key (step 312). As a result, the decoding and reproduction processing of the user data 13 is performed.

  As described above, in order to reproduce the encrypted user data 13 from the optical disc 10, the user key 36 is converted into a random number by the random number generation function unit 24a, and additional protected area data is obtained. And the random number generated from this is difficult to understand.

  As described above, in each embodiment, a user key of an individual user is combined with an existing content protection technique, and a protected area key used for decryption at the time of reproduction is acquired for each individual user.

  When the present invention is applied to an optical disc recording / reproducing apparatus, a change in a communication interface with a host called a command in software operating on a system microcomputer that controls the optical disc recording / reproducing apparatus, for example, a user transferred from the host Just recognizing the key and adding some new functions, for example, adding the user key to the random number generated by the random number generator, and modifying or adding hardware, especially do not need.

  By utilizing the present invention, the existing content protection technology is expanded and the individual user can protect the data recorded on the digital data recording / reproducing medium with strong encryption. An environment is provided in which data can be read from and written to the recording / reproducing recording medium only by a specific recording / reproducing apparatus, that is, an environment in which it is impossible to illegally read data to be protected from the recording / reproducing medium.

1 is a system configuration diagram showing a recording side of a first embodiment of a digital data recording / reproducing method and a recording / reproducing apparatus according to the present invention. 3 is a flowchart showing a specific example of a procedure of mutual authentication processing work in the recording system shown in FIG. 1. It is a flowchart which shows a specific example of the procedure of the recording process of the user data after the mutual authentication process work shown in FIG. FIG. 2 is a system configuration diagram showing a reproduction system for the recording system shown in FIG. 1. 5 is a flowchart showing a specific example of a procedure of user data reproduction processing work in the reproduction system shown in FIG. 4. 6 is a flowchart showing another specific example of a method for transferring a user key from a host to a drive in the recording system shown in FIG. 6 is a flowchart showing another specific example of a method for transferring a user key from a host to a drive in the reproduction system shown in FIG. It is a system configuration | structure figure which shows the recording side of 2nd Embodiment of the digital data recording / reproducing method and recording / reproducing apparatus by this invention. FIG. 9 is a system configuration diagram showing a reproduction side with respect to the recording side shown in FIG. 8 of the second embodiment of the digital data recording / reproducing method and recording / reproducing apparatus according to the present invention. It is a system block diagram which shows the recording side of 3rd Embodiment of the digital data recording / reproducing method and recording / reproducing apparatus by this invention. It is a system block diagram which shows the reproducing side with respect to the recording side shown in FIG. 10 of 3rd Embodiment of the digital data recording / reproducing method and recording / reproducing apparatus by this invention.

Explanation of symbols

10 recordable optical disc 11 MKB (media key block)
12 Protected Area Data 13 Encrypted User Data 20W Recording Drive 20R Playback Drive 21 Drive Key 22 AACS Authentication Function Unit 23 MAC (Message Authentication Code Calculation Function Unit)
24, 24a Random number generation function unit 25, 26 Addition unit 27 Serial number 28, 29 Addition unit 30W Recording side host 30R Playback side host 31 Host key 32 AACS authentication function unit 33 MAC authentication function unit 34 Device key 35 Protection area control Function part 36 User key 37 Decryption function part

Claims (5)

A method of recording digital data on a recording / reproducing medium,
The recording / reproducing medium is provided with a protected area and user data,
A random number is generated based on a user key of a user who records user data on the recording / reproducing medium, and the generated random number is recorded as protected area data in the protected area of the recording / reproducing medium,
An encryption key is generated using the protected area data, the user data is encrypted using the encryption key, and the encrypted user data is recorded in the user area of the recording / reproducing medium. Digital data recording method. The recording method according to claim 1,
The input of the user key is accepted by the host device,
The recording method, wherein the input user key is transferred from the host device to the recording / reproducing device when the random number generation is requested. In a method of reproducing digital data from a recording / reproducing medium,
The recording / reproducing medium has a protected area in which protected area data is recorded and a user area in which encrypted user data is recorded,
The protected area data is reproduced from the protected area, a decryption key is generated based on the reproduced protected area data and the user key of the user who reproduces the encrypted user data, and is reproduced from the user area. A method for reproducing digital data, comprising: decrypting the encrypted user data using the decryption key.   A digital data recording apparatus, comprising the recording method according to claim 1 or 2.   A digital data reproducing apparatus, comprising the reproducing method according to claim 3.

Images