1. Field of the Invention
The present invention relates to a decryption device and an encryption/decryption device for encrypting/decrypting digital contents, such as music, image, video, game, etc.
2. Description of the Related Art
In recent years, along with the propagation of digital contents, such as music, image, video, game, etc., preventing fraudulent acts on such digital contents has been becoming more important for protecting rights of a copyright owner, and a profit of a distributor, of such digital contents. The fraudulent acts include, for example, fraudulent obtainment of digital contents by means of interception of communications, eavesdropping, pretending to be an authorized person, etc., and making an illegal copy from and illegal alteration to data received and stored in a recording medium. In order to prevent these fraudulent acts, copyright protection techniques, such as encryption/authentication for determining whether or not it is an authorized system or for data scrambling, are required.
In recent years, copyright protection techniques have been provided in various consumer products. In general, a reproduction/recording apparatus for digital contents achieves encrypting/decrypting processing using an encryption/decryption device for performing encrypting/decrypting operations and a master control device for controlling the encryption/decryption device.
As described in the following, in the reproduction/recording apparatus, reproduction processing is performed using an encrypted content and an encrypted key (encrypted content-key) for decrypting the encrypted content.
In the first step, the master control device of the reproduction/recording apparatus reads data from a memory device (storage medium) storing encrypted contents and encrypted content-keys. An encrypted content-key read from the master control device is input to an encryption/decryption device. The encryption/decryption device decrypts this encrypted content-key using an internal-key, thereby obtaining a content-key. Then, the master control device inputs an encrypted content read from the memory device to the encryption/decryption device. The encryption/decryption device decrypts the encrypted content using the obtained content-key and outputs the decrypted content to the master control device. In this way, the reproduction processing for the encrypted content is performed.
Furthermore, in the reproduction/recording apparatus, recording processing is performed as follows.
In the first step, the master control device issues a content-key generation instruction to the encryption/decryption device, whereby a content-key used for encrypting a content is generated inside the encryption/decryption device. The encryption/decryption device encrypts the content-key using the internal-key so as to obtain an encrypted content-key, and outputs the encrypted content-key to the master control device. Then, the master control device inputs a content to the encryption/decryption device. The encryption/decryption device encrypts the content and outputs the encrypted content to the master control device. Thereafter, the master control device transfers the encrypted content and its encrypted content key to the memory device, whereby the recording processing is performed.
The encryption/decryption device operates in response to commands from the master control device. In the reproduction/recording apparatus, when the master control device is not tamper-resistant, the encryption/decryption device may be fraudulently operated. For example, it is possible to give the encryption/decryption device a command to encrypt or decrypt a content without providing a content-key in the encryption/decryption device.
In a conventional encryption/decryption device, in the case of encrypting a content or decrypting an encrypted content, encrypting or decrypting processing is initiated based on only a command supplied from outside. Therefore, when the encryption/decryption device receives a command to encrypt a content or decrypt an encrypted content without providing a content-key in the encryption/decryption device, the encryption/decryption device erroneously recognizes a value of a memory region in the encryption/decryption device, which is provided for storing a content-key, as a content-key, and this value is used as a content-key to encrypt a content or decrypt an encrypted content.
Such a value of the memory region is believed to be always the same when the encryption/decryption device is in the initial state e.g., immediately after the encryption/decryption device is powered-on. Furthermore, encryption/decryption devices produced based on the same standard operate in a similar manner. In the present specification, the value of the memory region in the encryption/decryption device, which is provided for storing a content-key when the encryption/decryption device is in the initial state, e.g., immediately after the encryption/decryption device is powered-on, is referred to as an “initial content-key”.
By fraudulently operating the encryption/decryption device, it is possible to encrypt a content or decrypt an encrypted content using the initial content-key. A typical example of fraudulent acts achieved by such a fraudulent operation is now described in the following steps (1), (2), and (3):
(1) A correlation between input data to and output data from the decryption device which decrypts an encrypted content using an initial content-key is examined. The output data is a result of decrypting the input data using the initial content-key. A correlation is examined for a number of pairs of input data and output data, whereby the initial content-key and an algorithm for decrypting processing are deciphered.
(2) When the initial content-key and the algorithm for decrypting processing are deciphered at step (1), an encryption device which encrypts any content using the initial content-key can be fraudulently achieved. With such a fraudulent encryption device, it is possible to encrypt a content using the initial content-key and produce a fraudulent medium in which the encrypted content is recorded.
Alternatively, with the encryption device which performs encryption with the initial content-key, step (2) can be achieved without step (1).
(3) Data in the fraudulent medium produced at step (2) can be fraudulently decrypted by a decryption device which decrypts an encrypted content using the initial content-key. Such a decryption device which can fraudulently decrypt an encrypted content is not limited to the decryption device used in step (1). Any decryption device may be used so long as it has the same initial content-key as that of the decryption device used in step (1). Furthermore, the decryption device does not need to be the same as the decryption device used in step (2). Therefore, such a fraudulent act can widely propagate without being limited within a single encryption/decryption device.
Thus, in the conventional encryption/decryption device, when the encryption/decryption device is fraudulently operated such that a content is encrypted or an encrypted content is decrypted using the initial content-key, there is a possibility that the security of the encryption/decryption device may be deteriorated.