There are systems in which information (contents) such as music is encrypted and is sent to an information processing device of a user with whom a predetermined contract has been signed, and the user decrypts contents with the information processing device to use the contents.
For example, cases where two content sending devices and a content receiving device are provided as shown in FIG. 96 will be described.
A first content sending device 600 has a data encrypting portion 601, a data encrypting portion 602, a content key generating portion 603 and a tamper resistant memory 604. Furthermore, the tamper resistant memory cited herein may be one that cannot be easily read out by a third party, and does not require a particular limitation in terms of hardware (for example, it may be a hard disk placed in an entrance-controlled room, a hard disk of a password-controlled personal computer, or the like). A distribution key Kd required for encrypting a content key Kco is supplied in advance to the tamper memory 604 from an electronic distribution service center (not shown) and is stored therein.
For generating data to be passed to the content receiving device 620, the content sending device 600 uses the content key generating portion 603 to generate the content key Kco1, and uses this key to encrypt contents at the content encrypting portion 601. Also, the content key Kco1 is encrypted at the data encrypting portion 602 using the distribution key Kd. The encrypted contents and content key Kco1 are sent to the content receiving device 620.
In this connection, as in the case of the content sending device 600, a second content sending device 610 has a data encrypting portion 611, a data encrypting portion 612, a content key generating portion 613 and a tamper resistant memory 614, generates the content key Kco2 at the content key generating portion 613, and encrypts contents by the data encrypting portion 611 using this key. Also, the data encrypting portion 612 encrypts the content key Kco2 using the distribution key Kd supplied from the electronic distribution service center (not shown). In this way, the second content sending device 610 sends the encrypted contents and the encrypted content key Kco2 to the content receiving device 620.
The content receiving device 620 has a sending and receiving portion 621, a host controller 622, a cipher processing portion 623, a memory 624, a data decrypting portion 625, a data decrypting portion 626 and a tamper resistant memory 627. Furthermore, since any number of users use contents and it is impossible to understand how content users manipulate an apparatus, the tamper resistant memory cited herein needs to have internal data protected in terms of hardware, and thus the cipher processing portion 623 is a semiconductor chip having a structure that is hardly accessed from the outside, and has a multi-layer structure, and its internal tamper resistant memory is sandwiched between dummy layers such as aluminum layers, and also the range of operating voltage and/or frequency is narrow, and so on, thus characteristically making it difficult to read out data illegally from the outside. And, in the tamper resistant memory 627, the distribution key Kd supplied in advance from the electronic distribution service center (not shown) is stored.
In this connection, the tamper resistant memories 604, 614 of the content sending devices, 600, 610 are memories that can be accessed from the outside, but constraints are added to methods of making an access to those memories. It may be a password or room entrance-control. On the other hand, in the tamper resistant memory 627 of the content receiving device 620, the memory itself has a structure that is not accessed illegally from the outside, methods of reading internal data from the outside using normal accessing means are limited, or there are no such methods at all. Furthermore, for the tamper resistant memory 627, its internal data cannot be read at all from the outside, but there may be a accessing method in which only the change of data can be performed from the outside if previous key data and the like are used. Also, in the cipher processing portion 623, predetermined data can be read out by making an access to the memory, while the internal memory cannot be read out from the outside.
The contents and the content keys Kco1 and Kco2 sent from the content sender 600 or 610 are received at the sending and receiving portion 621, and are delivered to the host controller 622. The host controller 622 stores these data in the memory on a temporary basis, and passes the content key Kco and the contents to the cipher processing portion 623 in case of using the contents. The cipher processing portion 623 which receives them performs decryption using the distribution key Kd stored in advance in the tamper resistant memory 627 at the data decrypting portion 625, and then decrypts contents at the data decrypting portion 626 using the content key Kco, and uses the contents. At this time, accounting may be involved.
However, in the conventional information processing system shown in FIG. 96, the content sending devices 600 and 610 use the same distribution key Kd, thus raising a problem that content information can be pirated by each other. As one method for solving this problem, the method in which the piracy of content information among sending devices is avoided by using a different distribution key Kd for each content sending device is conceivable. In this case, however, there is a disadvantage that the content receiving device needs to retain all the distribution keys Kd, thus making a configuration and receiving method of the content receiving device more complicated.
Also, an information receiving device that does not have content usage right, among information receiving devices that receive contents, can hardly use the contents.
Furthermore, information needed for using the distribution key Kd and the other contents distributed from the information sending device is updated in predetermined timing, and information receiving devices that do not have a new key Kd and other information hardly use the contents.
Furthermore, in the case where registration information for using contents is different among a plurality of information receiving devices that use the contents, it is difficult to exchange content data between information receiving devices different from each other in such registration information.