It is now very popular to distribute various kind of software data such as a game program, audio data, and image data (hereinafter, such data will be referred to as a content) via a network such as the Internet or via a distributable storage medium such as a DVD or a CD. After loading such content data onto a PC (Personal Computer) or a game machine of a user via data transmission, or after loading a storage medium on which content data is stored onto the PC or the game machine, the user can enjoy played back content. A content stored on a storage medium may be stored into a storage device such as a memory card or a hard disk disposed in a PC or a recording/playing-back apparatus so that the content can be reproduced from the storage device.
An information apparatus such as a video game machine or a PC may include an interface for receiving a content via a network or accessing a DVD or a CD, and further include a RAM, a ROM, or the like, used as a memory area for storing control means, a program, and data needed to reproduce a content.
Various kinds of contents such as music data, video data, or a program may be read from a storage medium and played back on an information apparatus itself such as a game machine or a PC used as a playback device or played back on a display or by a speaker connected to the information apparatus, in response to a command input by a user directly to the information apparatus or indirectly via input means connected to the information apparatus.
In general, the right of distribution of software contents such as a game program, music data, or video data is held by producers or sellers or the software contents. Software contents are generally distributed under specific usage limitation to secure that only authorized users can use software contents and that unauthorized copies thereof cannot be made.
One technique of limiting usage to specific users is to encrypt a content. More specifically, a content such as audio data, video data, or a game program is distributed via the Internet or the like after encrypting the content, and a decryption key, which is means for decrypting the encrypted content, is given only to authorized users.
The encrypted data can be converted into its original form (plaintext) by performing a predetermined decryption process upon the encrypted data. The technique of encrypting and decrypting information using an encryption key and a decryption key is well known in the art.
Various techniques of encrypting and decrypting data using an encryption key and a decryption key are known. One of them is a technique known as common key cryptography. In the common key cryptography, the same key called a common key is used as both an encryption key for encrypting data and a decryption key for decrypting the encrypted data, and the common key is given only to authorized users so that unauthorized users who do not have the common key cannot access the data. A specific example of the common key cryptography is that based on the DES (Data Encryption Standard).
An encryption key for encrypting data and a decryption key for decrypting the encrypted data can be obtained from a password or the like using a unidirectional function such as a hash function. Herein, the unidirectional function refers to a function whose input is very difficult to guess from an output thereof. Although an encryption/decryption key can be generated using an output obtained by applying a unidirectional function to, for example, a password determined by a user, it is substantially impossible to determine, from the obtained encryption/decryption key, the password that is original data from which the encryption/decryption key is generated.
Another known technique is public key cryptography in which an encryption key used for encryption and a decryption key used for decryption are generated in accordance with different algorithms. In the public key cryptography, a public key, which is allowed to be used by any unspecified user, is issued by a particular user, and a document to be provided to that particular user is encrypted using the public key issued by the particular user. The document encrypted using the public key can only be decrypted using a secret key corresponding to the encryption key used to encrypt that document. The secret key is held only by the user who issued the public key, and thus the document encrypted using the public key can be decrypted only by the user having the secret key. A representative example of the public key cryptography is that based on the RSA (Rivest-Shamir-Adelman) algorithm. Using one of above-described cryptography techniques, it is possible to realize a system in which encrypted contents can be decrypted only by authorized users.
In such a content distribution system, encrypted contents are provided to users via a network or via a storage such as a DVD or a CD, and content keys used to decrypt the encrypted contents are provided only to authorized users. To prevent a content key from being copied in an unauthorized manner, it has been proposed to encrypt a content key and provide the encrypted content key to an authorized user so that only the authorized user can decrypt the encrypted content key using a decryption key held only by the authorized user.
A judgment of whether one is an authorized user or not is generally made by performing authentication between a user device and a content provider who is a sender of a content, before transmitting a content or a content key. In a usual authentication process, if the user is determined to be an authorized one, a session key is produced which can be used only during the present communication, and data such as a content or a content key is transmitted after encrypting it using the session key. Authentication may be performed using the common key cryptography or the public key cryptography. In the case where authentication is performed using the common key cryptography, a common key for system-wide use is needed. This results in inconvenience in renewal. On the other hand, in the case where the public key cryptography is employed, undesirably complex calculations using a memory with an undesirably high capacity are required.