For example, content, such as a movie or music, is provided to a user, through a digital versatile disc (DVD) or Blue-ray disc (a registered trademark), various media such as a flash memory, a network such as the Internet, a carrier wave, or the like. The user can perform reproducing of content, for example, using a recording and reproducing apparatus, such as a PC, a portable terminal, and a BD player, and various information apparatuses, such as a television.
However, authors or sellers of many pieces of content, such as music data and image data, that are provided to the user, have copyright, distribution rights, and the like. Therefore, if content is provided to the user, in most cases, a provider of the content imposes predetermined use limitation on the content.
For example, it is possible for a digital recording apparatus and a recording medium to repeat recording and reproducing without image or voice deterioration, and there occurs a problem that use of illegitimate copy content is prevalent such as distribution of the illegitimate copy content over the Internet or circulation of so-called pirated discs.
As a specific configuration for preventing such an illegitimate use of content, encryption processing of content is available. With such a configuration, setting is performed in a manner that encrypts the content that is provided to the user and thus enables only an authorized user to obtain a key to the content. Such processing is disclosed, for example, in PTL 1 (Japanese Unexamined Patent Application Publication No. 2008-98765).
The key that is used to decrypt the encrypted data is given to only a reproducing apparatus that receives a license that gives the right to use the content. The license, for example, is given to the reproducing apparatus that is designed in a manner that complies with predetermined operational regulations, such as one that prohibits conducting of illegitimate copying. On the other hand, the reproducing apparatus that does not receive the license does not have the key for decrypting the encrypted data, and because of this, cannot perform the decrypting of the encrypted data.
However, although such content encryption is executed, there is an actual situation in which illegitimate use of content is performed.
One example of the illegitimate use of content is described.
The content is recorded in media (memory card) such as a flash memory.
A media key set (MKS) that is an encryption key set inherent to the memory card is stored, in advance, in the memory card.
The encryption key set (MKS), for example, is configured from a key set including a public key and a private key that are issued by a license management apparatus (license authority (LA)). Moreover, in most cases, the public key is stored in a public key certificate (PKC) and thus is used.
In addition to the public key, the public key certificate (PKC) has an identifier (ID) of a device (host or media) and the like, as recording data, and is a certificate in which a signature of the license management apparatus (LA) is set.
For example, if content stored in a memory card is reproduced, or if new content is recorded in a certain memory card, mutual authentication processing is executed between an apparatus (host) into which the memory card is mounted and the memory card. For example, the mutual authentication processing according to a public key encryption method is executed and the encryption key set (MKS) described above is applied.
In the authentication processing, the host and the media mutually confirm that the other party is not an illegitimate device. As a condition for establishing the authentication, the host is allowed to read the content recorded in the memory card, or an encryption key that is applied to decrypting of the content.
Moreover, the license management apparatus (LA) issues a revocation list of identifiers (ID) of illegitimate devices, and provides the revocation list to the device that executes the mutual authentication described above. Referring to such a revocation list, the device that performs the mutual authentication executes processing that confirms whether or not the ID of the other party's device to be authenticated is registered.
If the ID is registered with the revocation list, it is confirmed that such a device is illegitimate, and the reproducing or recording of the content is prohibited.
The revocation list is issued by the license management apparatus (LA) and is successively updated. Furthermore, an electronic signature of the license management apparatus (LA) that is an issuing body is given and is configured in a manner that prevents falsification.
For example, a user apparatus that performs content reproducing and the like confirms legitimacy of the revocation list, with signature verification of the revocation list, and thereafter confirms whether or not an ID of a reproducing apparatus or a storage device that is used is registered with the revocation list. Thus, only if it is confirmed that the ID is not registered, a subsequent processing, such as reproducing of the content, is allowed.
If a new illegitimate device is found, the license management apparatus (LA) executes update processing of the revocation list that additionally registers the ID of the new illegitimate device. That is, the revocation list that is version-updated is successively distributed.
The updated revocation list is provided to the user apparatus over a network. Alternatively, the updated revocation list is recorded in the media in which the content is recorded and is provided to the user apparatus.
As a general rule, one of the encryption key sets (MKS) described above is set to be in one device. Therefore, the same encryption key set (MKS) is not stored in multiple memory cards.
However, a case where a manufacturer of the memory card creates a copy of one encryption key set (MKS) and stores the same encryption key set (MKS) in multiple memory cards and thus circulates the multiple memory cards can occur.
In most cases, because the encryption key set (MKS) is provided, for a fee, from the license management apparatus (LA), there is likelihood that a situation will occur where in order to decrease the cost, a manufacturer of illegitimate memory cards stores one key set in multiple memory cards and thus circulates lower-priced memory cards in the market.
When the media (memory card) in which the same key set (MKS) is stored is circulated, content use management in media units is not possible.
For example, if an illegitimate media is found, the setting can be provided in such a manner that the ID of such media is added to the revocation list described above, the authentication establishment with the specific media is made impossible, and thus content reproducing or new content recording is not executed thereafter. However, when the same key set is recorded in many of the media, such use control in the media units is prevented. As a result, there occurs a problem that strict use management cannot be realized.