1. Field of the Invention
The present invention relates to a recording/reproducing apparatus in which illegal copying and illegal use of copy-generation managed data is prevented. Further, the present invention also relates to a method for moving data and a method for deleting data in which illegal copying and illegal use of copy-generation managed data is prevented.
2. Description of the Related Art
In recent years, various digital recording/reproducing apparatuses have been developed and marketed. Among these digital recording/reproducing apparatuses, data can be copied without deteriorating the image quality and sound quality of the data. Thus, a digitalized, copyrighted production can be copied into a widespread, large capacity recording medium, such as a D-VCR, DVD-RAM, etc., with high image- and sound-qualities. By copying a production in such a way, illegally copied products called “bootlegs” can be made. The illegally copied products can be readily distributed among the general public anonymously, and accordingly, the copyright of the production is violated. It is therefore necessary to prevent such illegally copied products in order to protect copyrights.
A known technique for preventing production of such an illegally copied product is described in Japanese Laid-Open Publication No. 2001-16542. According to this technique, a predetermined ID bit for preventing illegal copying (a prohibition code of the CGMS (copy generation management system) standard) is superposed on an analog signal obtained by converting a digital signal recorded on an original recording medium. With such a superposed ID bit, illegal copying is prevented.
However, even if the above technique described in Japanese Laid-Open Publication No. 2001-16542 is employed, when data is transferred between apparatuses, a fraudulent party can steal the data from a data transfer path between the apparatuses so as to make an illegally copied product.
A known technique for invalidating illegally copied data is described in Japanese Laid-Open Publication No. 11-39895. In this technique, digital data includes: an encrypted main part of the data; encrypted copy management information for managing permission/prohibition of copy for the main part of the data; and key information for decrypting the encrypted main part of the data. When the copy management information indicates that copying of the main part of the data is prohibited, decryption of the illegally copied, encrypted data is disabled by updating the key information.
However, even if the above technique described in Japanese Laid-Open Publication No. 11-39895 is employed, since the encrypted main part of the data and the key information used for decrypting the encrypted main part of the data are included in the same digital data, a fraudulent party can copy (harbor) the digital data in an external recording device or the like in a byte-by-byte manner before the key information is updated, so as to decrypt the illegally copied, encrypted main part of the data.
Furthermore, recently, movement of data which is stored in a large capacity recording device, such as a hard disc, to a highly-reliable medium, such as an optical disc for making a backup copy has been demanded.
In general, data distributed by digital broadcasting is protected from being stored, but there is some data that can be stored for the sake of user's convenience only for a predetermined time period. There is a demand to surely delete such data such that a fraudulent party cannot illegally copy the data.
FIG. 1 shows a structure of a conventional video recording/reproducing apparatus 910. The video recording/reproducing apparatus 910 includes: a data input section 900; an encryption section 901; a temporary storage section 902; a data output section 903; a decryption section 904; a central processing unit (CPU) 905; an input/output section 906; a fixed storage device 907; a read/write section 908; and an information recording medium 909. The CPU 905 controls the data input section 900; the encryption section 901; the temporary storage section 902; the data output section 903; the decryption section 904; the input/output section 906; and the read/write section 908.
The data input section 900 converts externally-input analog image data into digitally compressed image data. If copy generation management information attached to the compressed image data, which is input to the encryption section 901, is free-content information indicating that the compressed data is a free content, the encryption section 901 does not perform an encryption process. If the copy generation management information indicates that production of a child copy (first generation copy) is permitted, the encryption section 901 changes the copy generation management information into copy prohibition information, and the compressed image data is encrypted and stored in the temporary storage section 902. The temporary storage section 902 is a high speed memory, such as an SDRAM or the like. Since the above described sections work based on different data transfer rates, the temporary storage section 902 is used as buffer means for buffering the transfer rate difference among the sections. The decryption section 904 decrypts encrypted data and outputs the decrypted data to the data output section 903. The data output section 903 converts the decrypted, digitally compressed image data into analog image data, and outputs the analog image data to an external apparatus. The input/output section 906 is a communication control means, such as IDE, SCSI, or the like, which controls data transfer to/from the fixed storage device 907, such as a hard disc. The read/write section 908 writes data in and/or reads data from the portable information recording medium 909, such as a DVD-RAM or the like.
Next, a data recording operation of the video recording/reproducing apparatus 910 is described.
The data input section 900 externally receives analog image data, such as a broadcast wave, and digitally compresses the analog image data based on MPEG The compressed image data is transferred to the encryption section 901. If the copy generation management information attached to the compressed image data is the copy prohibition information, the encryption section 901 is controlled by the CPU 905 so as to stop a recording operation. If the copy generation management information is information which permits making a first generation copy, the encryption section 901 changes the copy generation management information into copy prohibition information, and encrypts the compressed image data using a title key Dh which includes information inherent to the fixed storage device 907. The encrypted data is transferred to the temporary storage section 902. If copy generation management information is free-content information, the encryption section 901 does not perform an encryption process and transfers the compressed image data as it is to the temporary storage section 902. The data stored in the temporary storage section 902 is then transferred to, and stored as a file in, the fixed storage device 907 through the input/output section 906. In this way, recording of the image data is performed.
FIG. 2 shows the structure of the fixed storage device 907. The fixed storage device 907 has data structure information including: a management region 1111 for storing management information, such as an address and data size of stored data; and an object region 1112 for storing the data and the title key Dh used for encrypting the data. The management information is updated every time data comes to the object region and is stored therein.
Next, a data reproduction operation of the video recording/reproducing apparatus 910 is described.
The CPU 905 reads management information from the management region 1111 of the fixed storage device 907 through the input/output section 906. The input/output section 906 searches for a position of data to be reproduced based on the read information (address) and reads the data from the position in the object region 1112 into the temporary storage section 902. The CPU 905 transfers the data stored in the temporary storage section 902 to the decryption section 904. The decryption section 904 decrypts the data using the title key Dh. The decrypted data is transferred to the data output section 903. The data output section 903 converts the decrypted, compressed image data into analog image data, which is output to an external apparatus, such as a TV monitor or the like. In this way, reproduction of image data is performed.
FIG. 3 illustrates a procedure for moving data in the video recording/reproducing apparatus 910 from the fixed storage device 907 to the information recording medium 909. Herein, the data is a program, for example.
FIG. 4 shows the inside states of the fixed storage device 907 and the information recording medium 909 during a data movement operation. For the sake of simplicity, among the components of the video recording/reproducing apparatus 910 shown in FIG. 1, only the fixed storage device 907 and the information recording medium 909 are shown in FIG. 4. With reference to FIGS. 3 and 4 in conjunction with FIG. 1, a procedure for moving an encrypted program from the fixed storage device 907 to the information recording medium 909 is described in steps 1100 to 1105 below. Movement of data (program P1) from the fixed storage device 907 to the information recording medium 909 begins at State (I).                Step 1100:        
Based on management information A stored in the management region 1111, the program P1 and the title key Dh used for encrypting the program P1 are read from the object region 1112 to the temporary storage section 902.                Step 1101:        
The program P1 is moved to the decryption section 904 and decrypted using the title key Dh.                Step 1102:        
The decrypted program P1 is transferred to the encryption section 901. In the encryption section 901, the decrypted program P1 is encrypted again using a title key Dd which includes information inherent to the information recording medium 909, and transferred to the temporary storage section 902.                Step 1103:        
There-encrypted program P1 in the temporary storage section 902 is written in the information recording medium 909 by the read/write section 908.                Step 1104:        
Steps 1100 to 1103 are repeated until all the data included in the program P1 to be moved is moved to the information recording medium 909.                Step 1105:        
All the data of the program P1 has been moved to the information recording medium 909 (at this time, the fixed storage device 907 and the information recording medium 909 are in State (II)), the program P1 which has been moved to the information recording medium 909 are deleted from the object region 1112, and the management information A stored in the management region 1111 is updated to management information A′. At this time, the fixed storage device 907 and the information recording medium 909 are in State (III), which means that movement of the programs has been completed
Data recorded in the video recording/reproducing apparatus 910 shown in FIG. 1 is data from which production of only a first generation copy (child copy) is permitted. Thus, copying of such data into the information recording medium 909, such as an optical disc, is not permitted, and accordingly, the fixed storage device 907 and the information recording medium 909 never simultaneously store the same data.
However, in the above structure, a plurality of illegal copies can be produced by connecting another fixed storage device 911, such as a personal computer having a hard disk, to the video recording/reproducing apparatus 910 shown in FIG. 1, and harboring the data in the fixed storage device 911.
Now, assume that the video recording/reproducing apparatus 910 moves data P1 from the fixed storage device 907 to the information recording medium 909. At State (I) of FIG. 4, data structure information stored in the fixed storage device 907 is harbored into the personal computer 911 in a byte-by-byte manner. Then, when the video recording/reproducing apparatus 910 is at State (III), the data harbored into the personal computer 911 (data structure information at State (I)) is returned to the fixed storage device 907, so that the management region 1111 and the object region 1112 are changed from the post-movement/deletion state, i.e., State (III), to the pre-movement state, i.e., State (I). As a result, the video recording/reproducing apparatus 910 results in a state where an illegal copy can be made, i.e., State (IV). In this state, the fixed storage device 907 and the information recording medium 909 simultaneously store the same data (for example, the program P1). By performing the above processing, a plurality of illegal copies can be readily produced. On the other hand, the video recording/reproducing apparatus 910 itself determines that the data movement operation has been successfully achieved because the moved data was once deleted from the fixed storage device 907 of the video recording/reproducing apparatus 910.
Although music data of about three minutes in length can be quickly moved in a moment, the video recording/reproducing apparatus 910 cannot complete movement of large video data, such as a piece of movie, in a moment. Thus, when the operation of the video recording/reproducing apparatus 910 is interrupted by, for example, turning off the power supply at any timing during data movement (for example, between State (II) and State (III) In FIG. 4), the video recording/reproducing apparatus 910 cannot delete the data from the fixed storage device 907. As a result, the data movement operation is interrupted when the video recording/reproducing apparatus 910 is at State (II), so that the fixed storage device 907 and the information recording medium 909 simultaneously store the same data (for example, the program P1). By performing the above processing, a plurality of illegal copies can be readily produced.