(1) Field of the Invention
The present invention relates to a data usage controlling apparatus that limits the usage of main data according to judgements made on condition information recorded on a same recording medium as the main data. In particular, the invention relates to a data usage controlling apparatus that encrypts condition information using a type 2 key and records the encrypted condition information onto a recording medium along with the type 2 key that is encrypted using a type 1 key.
(2) Related Art
Images and music are increasingly being stored in a digital form. Digitization of such information allows high quality to be preserved regardless of how often the content is used. Since images and music are usually subject to copyrights, the ease with which digitized images and music can be transmitted, copied and distributed makes it relatively simple for users to use digitized images and audio in an illegal manner.
Legal steps are being taken to stop the illegal use of copyrighted material, though more importantly several data usage controlling systems have been proposed. Such systems allow valid usage of digital content, such as copyrighted material, but prevent illegal operations from being made.
Japanese Laid-Open Patent Application No. H09-185501 discloses a software executing system as one type of data usage controlling system. This system stops users from illegally using (i.e., executing) software, which is regarded as one form of digital content. This software executing system is described below.
FIG. 1 is a first block diagram showing the composition of a recording medium 300 and an executing apparatus 400 included in this conventional software executing system, while FIG. 2 is a second block diagram showing the compositions of the recording medium 300 and the executing apparatus 400. In these drawings, the executing apparatus 400 included in this software executing system is shown split into the part in FIG. 1 that handles the execution of software and the part shown in FIG. 2 that handles the updating (by encrypting with a random number) of the supplementary key of the recording medium. This depiction of the executing apparatus 400 in two parts is merely to assist understanding, and it should be remembered that both parts are provided within the same apparatus.
As shown in FIG. 1, this conventional software executing system includes a recording medium 300 that stores various programs to be executed and an executing apparatus 400 that selectively executes one of the programs recorded on the recording medium 300.
In more detail, the recording medium 300 stores the following information relating to the software program SA:
(1) an encrypted copy E(KA,SA) of the software program SA produced by encrypting the software program SA itself using the software key KA (the copy hereafter being referred to as the “encrypted software E(KA,SA)”);
(2) an encrypted software key/execution number E(RA, (KA,nA)) that is produced by encrypting a combination of the software key KA and the remaining number of possible executions nA for the software program SA using an exclusive supplementary key RA for the software program SA; and
(3) an encrypted supplementary key E(R,RA) produced by encrypting the supplementary key RA using a random number R.
In the same way, the recording medium 300 stores the following information relating to the software program SB:
(1) an encrypted copy E(KB,SB);
(2) an encrypted software key/execution number E(RB, (KB,nB)); and
(3) an encrypted supplementary key E(R,RB).
The notation E(y,x) used in this specification indicates that the information x has been encrypted using the information y as the encryption key. While the present example shows the case where the recording medium 300 only records the two software programs SA and SB, it is customary for three or more programs to be recorded with the information described above relating to their execution.
As shown in FIG. 1, the part of the executing apparatus 400 that handles the execution of software includes the following functional components 401–408. A random number storing unit 401 stores a random number in a manner that prevents its stored content being read or changed from outside the apparatus. A first decrypting unit 402 decrypts an encrypted supplementary key (e.g., E(R,RA)) stored on the recording medium 300 using the random number R stored in the random number storing unit 401. A second decrypting unit 403 decrypts an encrypted software key/execution number (e.g., E(RA, (KA,nA))) stored on the recording medium 300 using the supplementary key decrypted by the first decrypting unit 402. A third decrypting unit 404 decrypts the encrypted software (e.g., E(KA,SA)) using the software key decrypted by the second decrypting unit 403. A software executing unit 405 executes the software program decrypted by the third decrypting unit 404. An execution number examining unit 406 examines the (remaining) execution number decrypted by the second decrypting unit 403 when a software program is to be executed and informs the software executing unit 405 whether or not execution is permitted for the software program. An execution number updating unit 407 updates the execution number in accordance with executions of the software program. A first encrypting unit 408 encrypts the software key decrypted by the second decrypting unit 403 and the execution number updated by the execution number updating unit 407 using the supplementary key decrypted by the first decrypting unit 402 and updates the encrypted software key/execution number on the recording medium 300.
As shown in FIG. 2, the part of the executing apparatus 400 that handles the updating of the encrypted supplementary key includes a fourth decrypting unit 411, a random number updating unit 412, and a second encrypting unit 413. The fourth decrypting unit 411 decrypts the encrypted supplementary key of every software program on the recording medium 300 using the random number stored in the random number storing unit 401. The random number updating unit 412 updates the random number stored in the random number storing unit 401. The second encrypting unit 413 encrypts every supplementary key that has been decrypted by the fourth decrypting unit 411 using the random number that has been updated by the random number updating unit 412, and updates the encrypted supplementary key of each software program on the recording medium 300.
The executing apparatus 400 shown in FIGS. 1 and 2 uses the procedure described below to execute software programs stored on the recording medium 300 and update the execution numbers of the executed programs. This procedure is called the “software execution procedure”. In addition, the executing apparatus 400 updates the encrypted supplementary keys on the recording medium 300 in accordance with the execution of programs. This is achieved by updating the random number used for the encrypting and then replacing the encrypted supplementary keys using this updated random number. This procedure is called the “encrypted supplementary key updating procedure”.
FIG. 3 is a flowchart showing the software execution procedure performed by the executing apparatus 400, while FIG. 4 is a flowchart showing the encrypted supplementary key updating procedure performed by the executing apparatus 400. The illustrated example focuses on the case where the software program SA is executed, though the same procedures will be used when the software program SB is executed.
As shown in FIG. 3, the software execution procedure starts with the executing apparatus 400 obtaining the information relating to the software program SA (which has been indicated by a user) from the recording medium 300 (S301). This information is the encrypted supplementary key E(R,RA), the encrypted software key/execution number E(RA, (KA,nA)), and the encrypted software E(KA,SA). The first decrypting unit 402 then decrypts the encrypted supplementary key E(R,RA) using the random number R stored in the random number storing unit 401 to obtain the supplementary key RA (S302). The second decrypting unit 403 decrypts the encrypted software key/execution number E(RA, (KA,nA)) using this supplementary key RA to obtain the software key KA and the execution number nA (S303). The third decrypting unit 404 then decrypts the encrypted software E(KA,SA) to obtain the software program SA (S304).
After this, the execution number examining unit 406 examines whether the execution number nA obtained in S303 is at least one (S305). If not (S305:No), the procedure ends with the execution number examining unit 406 informing the software executing unit 405 that execution of the software program SA is not permitted. If the execution number nA obtained in S303 is one or greater (S305:Yes), the execution number examining unit 406 informs the software executing unit 405 that execution of the software program SA is permitted, so that the software executing unit 405 executes the software program SA (S306).
Once the software program SA has been executed, the execution number updating unit 407 updates the execution number nA to nA′ found by subtracting one from the current value (i.e., nA′=(nA−1)) (S307). The first encrypting unit 408 encrypts a combination of this updated execution number nA′ and the software key KA that was obtained in S302 using the supplementary key RA (S308). The encrypted software key/execution number E(RA, (KA,nA′)) produced by the first encrypting unit 408 is then written onto the recording medium 300 in place of the encrypted software key/execution number E(RA, (KA,nA)) (S309). This completes the software execution procedure.
As shown in FIG. 4, the encrypted supplementary key updating procedure starts with all of the encrypted supplementary keys on the recording medium 300 (in this case, the encrypted supplementary keys E(R,RA) and E(R,RB)) being obtained (S401). The fourth decrypting unit 411 decrypts these encrypted supplementary keys E(R,RA) and E(R,RB) using the random number R stored in the random number storing unit 401 to obtain the supplementary keys RA and RB (S402).
Next, the random number updating unit 412 updates the random number R in the random number storing unit 401 using the random number R′ (S403). The second encrypting unit 413 then encrypts the supplementary keys RA and RB obtained in S402 using the new random number R′ (S404). These encrypted supplementary keys E(R′, RA) and E(R′,RB) are then stored on the recording medium 300 in place of the encrypted supplementary keys E(R,RA) and E(R,RB) (S405). This completes the encrypted supplementary key updating procedure.
In this conventional software executing system, the software key and the execution number are stored on the recording medium in an encrypted form. This prevents users from editing the content of this data and so prevents the software programs from being used illegally.
In particular, the above procedure has an updated random number stored in the executing apparatus 400 and on the recording medium 300 whenever a software program is executed. As one example, even if all the information on the recording medium 300 is copied, the copied recording medium 300 cannot be executed on any executing apparatus aside from the executing apparatus 400. Also, if a user somehow stopped the executing apparatus 400 writing (i.e. updating) information on the recording medium 300, the executing apparatus 400 would thereafter not be able to use the recording medium 300. This means that this conventional software executing system is capable of preventing users from making certain illegal uses of software.
The above software executing system is however incapable of preventing users from illegally using software by backing up and later restoring part of the information on the recording medium 300. Users can back up an encrypted software key/execution number of a program recorded on the recording medium 300, execute the program a number of times, and then restore the backed-up copy of the encrypted software key/execution number. Execution of the software will thereafter be permitted according to this restored software key/execution number, so that users will be able to execute the software program in excess of the permitted number of executions.
The following is a detailed description of the illegal use of software in the above software executing system. FIG. 5 shows a specific example of the processing by the executing apparatus 400 and the changes in the data on the recording medium 300 that accompany the execution of the software program SA in the above software executing system. FIG. 6 is a first drawing showing illegal usage of a conventional software execution system, while FIG. 7 is a second drawing showing illegal usage.
In the example in FIG. 5, the value “09185501” (in base 10) is used as supplementary key RA, the value “11119442” is used as the software key KA, the value “02834370” as the random number R, and the value “97477116” as the random number R′. These supplementary keys, software keys and random numbers are used as decryption and encryption keys by the respective decrypting units and encrypting units when performing predetermined decryption and encryption algorithms.
In this conventional software executing system, the execution of the software program SA is accompanied by the execution number updating unit 407 updating the execution number nA (=5) to the updated execution number nA′ (=4). The first encrypting unit 408 encrypts this updated execution number nA′ along with the software key KA using the supplementary key RA and stores the result on the recording medium 300, so that the encrypted software key/execution number E(RA, (KA,nA)) on the recording medium 300 is replaced with the encrypted software key/execution number E(RA, (KA,nA′).
When the software program SA is executed, the random number updating unit 412 updates the random number R to the random number R′. This updated random number R′ is then used to encrypt the supplementary key RA and the result is stored on the recording medium 300. As a result, the encrypted supplementary key E(R,RA) is replaced with the encrypted supplementary key E(R′,RA).
As shown in FIG. 6, the software execution procedure described above (FIG. 3) updates the encrypted software key/execution number and the encrypted supplementary key updating procedure (FIG. 4) updates the encrypted supplementary keys.
When the software program SA is executed for the first time, the software execution procedure updates the encrypted software key/execution number. E(RA, (KA,nA′)) where nA′=nA−1 (see columns (a) and (b) in FIG. 6), while the encrypted supplementary key updating procedure updates the encrypted supplementary key from E(R0,RA) to E(R1,RA) where R1≠R0. Here, assume that the encrypted software key/execution number E(RA, (KA,nA1)) is recorded (“backed up”) by a given information recording apparatus (see columns (b) and (c) in FIG. 6).
As shown in FIG. 7, when the software program SA is executed for a kth time (the software program SA having already been executed k−2 times where k is an integer that is two or greater), the software execution procedure updates the encrypted software key/execution number from E(RA, (KA,nA(k−1))) where nA(k−1)=nA0−k+1 to E(RA, (KA,nAk)) where nAk=nA0−k (see columns (a) and (b) in FIG. 7). The encrypted supplementary key updating procedure updates the encrypted supplementary key from E(Rk−1,RA) to E(Rk,RA), where Rk−1≠R0,R1, . . . ,Rk−2 and Rk≠R0,R1, . . . ,Rk−1 (see columns (b) and (c) in FIG. 7)
Assume that after the software program SA has been executed for the kth time, the user restores the backed-up encrypted software key/execution number E(RA, (KA,nA1)) onto the recording medium 300 (see column (d) in FIG. 7). An executing apparatus 400 with the construction and operation shown in FIGS. 1 to 4 will end up executing the software program SA in accordance with the illegally restored encrypted software key/execution number E(RA, (KA,nA1)), resulting in the user executing the software program SA more that the permitted number of times. By repeating this restoring of the encrypted software key/execution number E(RA, (KA,nA1)), the user can completely invalidate the setting of the execution number and can execute software on the recording medium as many times as he or she likes.