The present invention relates to a data processing apparatus, and a data processing method, and more particularly, to a method and apparatus for verifying that data constituting a data content is valid, that is, checking whether or not the data has been tampered with; as well as a method for imparting verification values; and also to an apparatus and a method capable of enhancing security by generating individual keys necessary for encryption processing using master keys corresponding to their respective individual keys. Moreover the present invention provides a configuration that eliminates illegal usage of content data. More specifically, the invention relates to an apparatus and a method capable of identifying illegal reproduction devices and eliminating illegal use of content. Furthermore, the present invention relates to an apparatus and a method capable of easily setting content only available to the data processing apparatus using content data and content data also available to other data processing apparatuses based on information specific to the data processing apparatus, etc. Still further, the present invention relates to a method, apparatus and verification value assignment method for verifying the validity of data configuring data contents, that is, verifying the presence or absence of tampering.
Furthermore, the present invention relates to a data processing apparatus, a content data generating method, and a data processing method that realizes a content data configuration to provide and utilize content data under high security management. The content data is in a configuration in which data (including at least any one of voice information, image information and program data) is applied to encryption processing. The content data is provided to a content user together with various kinds of header information, and the content user performs reproduction, execution, or storing processing in a recording device.
Still further, the present invention relates to a data processing apparatus, a data processing method and a content data generating method for providing a configuration for efficiently executing reproduction processing. For instance, the data contents may be compressed voice data, image data or the like. More specifically, it enables a configuration of content data in which compressed data and an expansion processing program are combined to retrieve and extract an applicable expansion processing program based on header information of compressed data contents in which an applied expansion processing program is stored as header information to execute reproduction processing.
The present invention further relates to a configuration and method for reproducing various content such as sounds, images, games, or programs which are available through various recording media. The recording media include DVDs, CDs, wire or radio communication means such as CATV, the Internet, and satellite communication. Reproduction occurs in a recording and reproducing device of a user. The contents are stored in an exclusive recording device such as, for example, a memory card, a hard disk, or a CD-ROM. Use limitations, such as limitations selected by a content distributor, are stored along with content to provide security such that the distributed content will not be illegally used.
Various data such as game programs, sound data, image data, or documenting programs (these are hereafter referred to as “contents”) are now distributed via a network such as the Internet or via distributable storage media such as DVDs or CDs. These distributed contents can be stored in a recording device such as a memory card or a hard disk that is attached to a recording and reproducing apparatus such as a personal computer (PC) or a game apparatus of a user so that once stored, the contents can be reproduced from the storage media.
The main components of a memory card used in a conventional information apparatus such as a video game apparatus or a PC include a control means for controlling operations, a connector for connection to a slot connected to the control means and formed in the information apparatus, and non-volatile memory connected to the control means for storing data. The non-volatile memory provided in the memory card comprises, for example, an EEPROM, flash memory, or the like.
Various contents such as data or programs that are stored in the memory card are invoked from the non-volatile memory in response to a user's command from an information apparatus main body such as a game apparatus or a PC. The game apparatus or PC can be used as a reproduction apparatus or to respond to a user's command provided via a connected input means. The contents are reproduced from the information apparatus main body or from a display, speakers, or the like which are connected thereto.
Software content such as game programs, music data or image data generally have their distribution rights held by their creators or sellers. Thus, in distributing this content, a configuration is generally used which places specified limitations on the usage. That means the use of software is permitted only for regular users so as to prevent unauthorized copying or the like. In other words, security is taken into consideration.
One method for realizing limitations on the use by a user is a process for encrypting distributed content. This process comprises distributing various content such as sound data, image data, or game programs which are encrypted, for example, via the Internet, and decrypting the distributed content that has been encrypted. Decryption takes place only for people confirmed to be regular users. Distributing the various content corresponds to a configuration with a means for imparting a decryption key.
Encrypted data can be decrypted into, for example, plain text by a decryption process based on a predetermined procedure. A data encrypting and decrypting method that uses an encryption key for an information encrypting process while using a decryption key for such a decryption process is conventionally known.
There are various types of aspects of data encrypting and decrypting methods using an encryption key and a decryption key. One example is called a common key cryptosystem. The common key cryptosystem uses a common encryption key for a data encrypting process and a common decryption key for a data decrypting process and imparts these common keys for the encryption and decryption processes to regular users while excluding data access by illegal users that have no key. A representative example of this cryptosystem is the Data Encryption Standard (DES).
The encryption and decryption keys used for the encryption and decryption processes are obtained, for example, by applying a one-way function such as a hash function based on a password or the like. The one-way function makes it difficult to determine the input of the function from the output of the function. For example, a password decided by a user is used as an input to a one-way function so as to generate an encryption key and a decryption key based on the output from the one-way function. Determining the password (which is the original data for the keys) from the encryption and decryption keys is substantially impossible.
In addition, a method called a “public key cryptosystem” uses different algorithms for a process based on an encryption key used for encryption and for a process based on a decryption key used for decryption. The public key cryptosystem uses a public key available to unspecified users so that an encrypted document for a particular individual is decrypted using a public key issued by this particular user. The document encrypted with the public key can only be decrypted with a secret key corresponding to the public key used for the decryption process. Since the secret key is owned by the individual that has issued the public key, the document encrypted with the public key can be decrypted only by individuals having the secret key. A representative public key cryptosystem is the RSA (Rivest-Shamir-Adleman) encryption.
The use of such a cryptosystem enables encrypted contents to be decrypted only for regular users. A conventional content distributing configuration employing such a cryptosystem will be described with reference to FIG. 1.
FIG. 1 shows an example of a configuration in which a reproduction means 10 such as a PC or a game apparatus reproduces a program, sound or video data, or the like (content) obtained from a data providing means such as a DVD or CD 30, or the Internet 40 and wherein data obtained from the DVD or CD 30, Internet 40, or the like are stored in a storage means 20 such as a floppy disk, a memory card, a hard disk, or the like.
The content, such as a program, sound or video data, is provided to a user having the reproduction means 10. A regular user obtains encryption data as well as key data that are their encryption and decryption keys.
The reproduction means 10 has a CPU 12 to reproduce input data by means of a reproduction process section 14. The reproduction process section 14 decrypts encrypted data to reproduce content such as a provided program, sound or image data.
The regular user saves the content to the storage means 20 in order to use the provided program again. The reproduction means 10 has a storage process section 13 for executing this content storage process. The storage process section 13 encrypts and saves the data in order to prevent the data stored in the storage means 20 from being illegally used.
A content encrypting key is used to encrypt the content. The storage process section 13 uses the content encrypting key to encrypt the content and then stores the encrypted content in a storage section 21 of the storage means 20 such as a floppy disk (FD), a memory card, or a hard disk.
To obtain and reproduce the stored content from the storage means 20, the user obtains encrypted data from the storage means 20 and causes the reproduction process section 14 of the reproduction means 10 to execute the decryption process using a content decrypting key. That is, the decryption key is used in order to obtain and reproduce decrypted data from the encrypted data.
According to the conventional example of the configuration shown in FIG. 1, the stored content is encrypted in the storage means 20 (such as a floppy disk or memory card) and thus cannot be read externally. When, however, this floppy disk is to be reproduced by a reproduction means of another information apparatus, such as PC or game apparatus, the reproduction is impossible unless the reproduction means has the same content key (i.e., the same decryption key for decrypting the encrypted content). Accordingly, to implement a form available to a plurality of information apparatuses, a common decryption key must be provided to users.
The use of a common content encrypting key, however, means that there will be a higher possibility of distributing the encryption process key to users not having a regular license. Consequently, it may not be possible to prevent the illegal use of the content by users not having the regular license. Thus, it will be difficult to exclude the illegal use in PCs, game apparatuses, or the like by users who do not have the regular license.
In case that key information leaks from one of the apparatuses, the use of common content encrypting key and decryption key can cause damage to the whole system which utilizes the keys.
Furthermore, in an environment using a common key as described above, it is possible to easily copy, for example, content created on a certain PC and initially saved to a storage means such as a memory card or floppy disk, to a second floppy disk. Consequently, using the second copied floppy disk instead of the original content data will be possible so that a large number of copied content data available to information apparatuses such as game apparatuses or PCs may be created or tampered.
A method which is conventionally used includes verifying an integrity check value in content data to check the validity of the data. That is, in order to determine whether or not the data have been tampered with, a recording and reproducing device collates an integrity check value (generated based on the data to be verified) with the integrity check value contained in the content data to verify the data.
The integrity check value for the data content, however, is generally generated for the entire set of data. Collating the integrity check value generated for the entire set of data requires a integrity check value to be generated for the entire set of data to be checked. If, for example, a integrity check value (ICV) is to be determined using a Message Authentication Code (MAC) generated in a DES-CBC (Cipher Block Chaining) mode, the DES CBC process must be executed on the entire set of data. The amount of such calculations increases linearly with the data length, thereby disadvantageously reducing processing efficiency.