1. Field of the Invention
The present invention relates to a method and an apparatus of checking the authenticity of confidential information stored in a target apparatus or the presence or absence of tampering thereof.
2. Description of the Related Art
Contents relating to copyrighted works, identity information, or the like (e.g., representatively, music data and video data) have to be protected from unauthorized duplication or leakage to the outside. Such contents are stored in an encrypted state in a target apparatus. An authentication process is performed between a host apparatus and the target apparatus before the host apparatus handles the encrypted contents stored in the target apparatus. If the authentication fails, the host apparatus cannot obtain a content key for decrypting the encrypted contents from the target apparatus. If the authentication is successful, the host apparatus can access and use the contents stored in the target apparatus. With such a system, it is possible to prevent an unauthorized host apparatus from decrypting the encrypted contents. Note that the target apparatus is, for example, a memory card, such as an SD card or the like. The host apparatus is, for example, a semiconductor integrated circuit of reading data from the memory card, a set apparatus comprising the semiconductor integrated circuit, or a content distribution apparatus of distributing contents to a target apparatus.
Next, a storage area of a conventional target apparatus and confidential information stored in the storage area will be described with reference to FIG. 17. Note that, in the following description, confidential information refers to information which is required to reproduce contents (e.g., key information, etc.).
The storage area of the target apparatus is divided into a system area 901, a protected area 902, and an ordinary area 903. The system area 901 is an area in which information for performing authentication between the target apparatus and a host apparatus is stored. The host apparatus can access the system area 901 in only a predetermined process in which an access to the system area 901 is permitted. The protected area 902 is an area which cannot be arbitrarily accessed by the user (host apparatus), and can be accessed only after authentication is successful. The ordinary area 903 is an area which can be arbitrarily accessed by the user. In the system area 901, an authentication key is stored. In the protected area 902, an encrypted content key is stored. In the ordinary area 903, encrypted contents are stored.
Next, a method which is used by the host apparatus to decrypt and utilize the encrypted contents stored in the target apparatus, will be described. The host apparatus performs authentication using an authentication key stored in itself and an authentication key stored in the target apparatus. If the authentication is successful, the host apparatus uses these authentication keys to generate an intermediate authentication key. The intermediate authentication key is defined as a key for decrypting the encrypted content key. Therefore, the host apparatus obtains the encrypted content key from the target apparatus, and decrypts the encrypted content key using the intermediate authentication key to generate a content key in plain text (unencrypted form). Further, the host apparatus obtains the encrypted contents from the target apparatus, and uses the content key in plain text to decrypt the encrypted contents to generate contents in plain text. Thereby, the contents can be put to use. By performing the above-described process, only a host apparatus which is successful for authentication can utilize encrypted contents stored in a target apparatus.
In the above-described content decryption, if authentication is successful, an intermediate authentication key is generated, and therefore, if authentication is successful, encrypted contents can be decrypted. Therefore, any authorized host apparatus can utilize encrypted contents stored in a target apparatus.
In recent years, there has been an active movement such that encrypted contents are transmitted via an electronic distribution system to a specific user so that only the specific user can utilize the contents. In such an electronic distribution system, however, the encrypted contents transmitted to the specific user need to be decrypted by only a specific host apparatus possessed by the specific user. However, this requirement is not satisfied by the above-described method.
Therefore, a method has been newly proposed in which a valid domain key is set for only a specific user. When the domain key is set, contents are encrypted using a content key, and the content key is encrypted using the domain key set for only the specific user, but not using an intermediate authentication key. Further, the domain key itself is encrypted using an intermediate authentication key or another key generated based on information of the intermediate authentication key, and is then stored in a target apparatus. Thereby, the confidentiality of the domain key itself is secured.
Confidential information stored in the storage area of a target apparatus when the domain key is thus set, will be described with reference to FIG. 18. Even when the domain key is set, the area of a target apparatus needs to be divided in the same manner as that of conventional target apparatuses in order to maintain compatibility therewith. If both the domain key and the content key are stored in the protected area 902, the domain key is stored in the area having the same security level as that of the content key, though the domain key is a key which is used to decrypt the content key. Therefore, to maintain the security and the compatibility, when the domain key is set, the domain key is stored in an encrypted state in the protected area 902. The content key is stored in an encrypted state in the ordinary area 903.
However, as described above, the ordinary area 903 is an area which can be arbitrarily accessed by the user. Therefore, it is important to certify the authenticity of the encrypted content key stored in the ordinary area 903. In other words, it is important to check tampering thereof.
Note that a technique relating to the present invention is described in Japanese Unexamined Patent Publication No. 2001-203686. In Japanese Unexamined Patent Publication No. 2001-203686, a piece of content data is divided into a plurality of portions, a check value is calculated for each portion, and the check value is compared with a check value previously held. Thereby, it is possible to perform a tampering check for only a required portion.
However, a piece of content data is only divided into portions. The technique is basically different from the present invention, in which, as described below, when there are a plurality of content keys corresponding to one domain key, a tampering check is performed by matching of data buried in the domain key in association with these content keys.
Hereinafter, the confidential information stored in the target apparatus will be described in greater detail with reference to FIG. 19. In the protected area 902 of the target apparatus, n encrypted domain keys Ku(1) to Ku(n) (n is an integer of 1 or more) are stored. The domain keys Ku(1) to Ku(n) are given n pieces of domain key management information UR[u](1) to UR[u](n) in one-to-one correspondence.
In the ordinary area 903 of the target apparatus, a plurality of content keys are stored. Each content key corresponds to any one of the domain keys Ku(1) to Ku(n). In other words, one domain key can be used to decrypt a plurality of encrypted content keys. For example, the domain key Ku(1) corresponds to m content keys Kt(1-1) to Kt(1-m) (m is an integer of 1 or more). The content keys Kt(1-1) to Kt(1-m) are given m pieces of content key management information UR[t](1-1) to UR[t](1-m) and m pieces of additional information info(1-1) to info(1-m) in one-to-one correspondence.
Note that, in FIG. 19, a set of the domain keys Ku(1) to Ku(n) and the domain key management information UR[u](1) to UR[u](n) is referred to as a “domain key group UKURE”, and a set of the content keys Kt(1-1) to Kt(1-m), the content key management information UR[t](1-1) to UR[t](1-m), and the additional information info(1-1) to info(1-m) is referred to as a “content key group TKURE(1)”.
Decryption of encrypted contents requires a content key in plain text. Also, decryption of an encrypted content key requires a domain key. To quickly determine which content key is encrypted using which domain key, a key correspondence table Address List is also stored in the ordinary area. On the key correspondence table Address List, a correspondence relationship between domain keys and content keys is described. For example, the domain key Ku(1) is associated with the content keys Kt(1-1) to Kt(1-m) which can be decrypted using the domain key.
To check if confidential information stored in a target apparatus has been tampered as described above, a method of using a hash function for each piece of confidential information is generally employed. Also in general, when a hash calculation is used to check tampering of confidential information, the hash calculation is carried out over all information relating to the confidential information.
Next, a description will be given of the case where a hash function is used to check tampering with respect to confidential information stored in a target apparatus. Note that the term “Enc” is used as a prefix indicating an encrypted state. For example, “EncUR[u](1)” indicates the domain key management information UR[u](1) which is encrypted.
Encrypted content keys EncKu(1-1) to EncKu(1-m), which can be decrypted using the domain key Ku(1), encrypted content key management information EncUR[t](1-1) to EncUR[t](1-m) corresponding to the encrypted content keys EncKt(1-1) to EncKt(1-m), and additional information info(1-1) to info(1-m) corresponding to the encrypted content keys EncKt(1-1) to EncKt(1-m) are concatenated together to perform a hash calculation. A hash value obtained by the hash calculation is stored into the domain key management information UR[u] (1).
Next, in order to decrypt the encrypted content key EncKt(1-1), the host apparatus references the key correspondence table Address List to read the content key group TKURE(1) from the ordinary area 903 of the target apparatus, and performs a hash calculation. Also, the host apparatus uses an intermediate authentication key obtained by authentication to decrypt the encrypted domain key management information EncUR[u](1) stored in the protected area 902 of the target apparatus. Next, the host apparatus extracts a hash value from the domain key management information UR[u](1) obtained by the decryption. Next, the host apparatus compares the hash value obtained by the hash calculation with the hash value extracted from the domain key management information UR[u](1). When these hash values match, the host apparatus determines that tampering is not present, and decrypts an encrypted content key. When the hash values do not match, the host apparatus determines that tampering is present, and does not decrypt encrypted contents.
However, the tampering check method of FIG. 19 requires a huge amount of calculation. Specifically, to check tampering with respect to a single content key (content key Kt(1-1)), the host apparatus needs to read all content keys which can be decrypted using the same domain key and all information accompanying them (the content key group TKURE(1)) from the target apparatus and perform a hash calculation with respect to the read information. Particularly, as the number of contents stored in the target apparatus is increased, the number of content keys is increased. As a result, the number of content keys associated with a single domain key is increased, so that a processing time also increases.
It may be assumed that contents and a content key are distributed as a set of data over a network or the like. In this case, a content key associated with a domain key may be added/deleted. However, in conventional methods, when a content key is added/deleted, a hash calculation needs to be performed again with respect to all content keys corresponding to a domain key (e.g., the domain key Ku(1), etc.) and information accompanying the content keys (e.g., the content key group TKURE(1), etc.), and the calculated hash function needs to be buried into domain key management information accompanying the domain key (e.g., the domain key management information UR[u](1), etc.).