Content such as movies or music is provided to users via various kinds of media including a DVD (Digital Versatile Disc), a Blu-ray Disc (registered trademark) and a flash memory, a network such as the Internet, broadcasting waves, and the like. Users can reproduce the content using, for example, various information processing devices, including a recording and reproduction device such as a PC, a mobile terminal or a BD player, a television, and the like.
However, producers or distributors of many kinds of content such as music data, image data, and the like provided to users hold copyrights, distribution rights, and the like. Thus, when content is provided to the users, content providers impose predetermined content usage restrictions.
There is a problem spreading in digital recording devices and recording media in that recording and reproduction can be repeated without deteriorating images and sounds, and uses of fraudulently copied content including distribution of such fraudulently copied content through the Internet or distribution of so-called pirated discs are prevalent.
A concrete configuration for preventing such fraudulent use of content includes a process of encrypting the content. In this configuration, content to be provided to users is encrypted and an encryption key is set to be acquired only by regular users. This process is described, for example, in Patent Literature 1 (Japanese Patent Laid-Open Publication No. 2008-98765) or the like.
A key used to decode the encrypted data is given only to a reproduction device with a license which is a content use right. The license is given to, for example, a reproduction device designed to conform to predetermined action regulations, such as not to perform fraudulent copying. On the other hand, since a reproduction device with no license has no key for decoding the encrypted data, it is difficult to perform decoding of the encrypted data.
However, even when such content encryption is executed, fraudulent use of the content is performed.
An example of the fraudulent use of the content will be described.
The content is recorded, for example, in a medium (memory card) such as a flash memory.
A media key set (MKS) which is an encryption key set specific to the memory card has been stored in the memory card in advance.
This encryption key set (MKS), for example, includes a key set including a public key and a private key issued by a license management device (LA: License Authority). Further, in many cases, the public key is stored in a public key certificate (PKC) and provided.
The public key certificate (PKC) is a certificate which includes an identifier (ID) of a device (a host or a media) as recorded data, in addition to the public key. A signature of the license management device (LA) is set in the public key certificate.
For example, when the content stored in the memory card is reproduced or when new content is recorded in the memory card, a cross-authentication process is executed between a device (host) having the memory card mounted thereon and the memory card. For example, the cross-authentication process of a public key cryptosystem is performed, and the encryption key set (MKS) described above is applied.
In the authentication process, the host and the medium mutually confirm that the partner device is not a fraudulent device. If this authentication is successful, the host is permitted to read the content or the encryption key applied to decoding of the content, which has been recorded in the memory card.
Further, the license management device (LA) issues a revocation list which is a list of identifiers (IDs) of fraudulent devices and provides the revocation list to the device executing the cross-authentication described above. The device executing the cross-authentication executes a confirmation as to whether an ID of the authentication partner device is registered in the revocation list with reference to the revocation list.
When the ID of the authentication partner is recorded in the revocation list, the authentication partner is confirmed to be fraudulent, the authentication fails, and subsequent processes such as content reproduction and recording are prohibited.
The revocation list is issued and sequentially updated by the license management device (LA). In addition, an electronic signature of the license management device (LA) which is an issuing entity is given and a structure in which falsification is prevented is adopted.
For example, a user device performing content reproduction or the like confirms validity of the revocation list through signature verification of the revocation list, and then confirms registered IDs of the revocation list. In other words, the user device confirms whether the ID of the reproduction device or the storage device is registered, and performs a subsequent process, that is, a process such as content reproduction only when the ID is confirmed not to be registered.
When a new fraudulent device is found, the license management device (LA) executes a process of updating the revocation list to additionally register an ID of the new fraudulent device. In other words, a revocation list which has a higher version (which is updated) is sequentially distributed.
The updated revocation list is provided to the user device over a network. Alternatively, the revocation list is recorded in a medium having the content recorded therein and provided to the user device.
For example, when a host device executing reproduction of the content stored in the medium, such as a memory card, is recognized as a fraudulent device, the license management device generates a revocation list of the latest version obtained by recording, in the revocation list, an identifier (ID) of the fraudulent host device or an identifier (ID) of a host public key certificate (Host Certificate) in which a public key of a host provided to the host device is stored, and distributes the revocation list to the user device (a reproduction device, a recording device, a PC, a recording medium, etc.) over a network or a content recording medium.
When the revocation list acquired through the network or the revocation list acquired through connection with another device has a newer version than the revocation list stored in a storage unit of the own device, the user device performs a process of replacing the revocation list of a lower version stored in the storage unit of the own device with the revocation list of the new version.
Thus, the revocation list stored in each user device is sequentially replaced with the revocation list of the new version. Therefore, when a new fraudulent device is found, it is possible to steadily prohibit use of the fraudulent device.
However, for example, when the host device is revoked and its host device ID is registered in the revocation list, it is difficult for the host device to use all content.
In other words, this usage control using the revocation list realizes the usage control in units of hosts, but suffers from a problem that it is difficult to execute usage control in units of pieces of content. For example, there is a problem in that it is difficult to perform usage control in units of individual pieces of content so that use of content X by one host A is permitted and use of content Y is not permitted.
A specific example of the usage control in units of pieces of content includes, for example, the following usage control.
Reproduction of certain content X by only a set of specific hosts (a host group A) is permitted and reproduction by a set of other hosts (a host group B or C) is not permitted.
Further, reproduction of content Y by the host groups A and B is permitted and reproduction by the other host group (the host group C) is not permitted.
It is difficult for a process of changing a usage permission host or a usage prohibition host in units of individual pieces of content as described above to be realized using the revocation list in related art.
Thus, the usage control using the revocation list in the related art realizes the control in units of hosts to limit the use of all content in units of hosts, but suffers from a problem in that it is difficult to freely set the usage permission host or the usage prohibition host in units of individual pieces of content.