1. Field of the Invention
The present invention relates to a storage medium conversion method, a program and a device capable of converting stored contents of a first storage medium so that the first storage medium compliant with an encryption dual key system such as MQbic (registered trademark) can comply with an encryption (single) key system such as SD audio.
2. Description of the Related Art
Recently, development of the information society has been accompanied by widespread use of a content distribution system which distributes content of computerized books, newspapers, music or moving images (simply referred to as content hereinafter) to user terminals to enable reading of the content.
However, as this content can be easily copied, illegal actions ignoring a copyright easily occur. Accordingly, from the standpoint of protecting the content from the illegal actions, the content is usually encrypted by an encryption key to be recorded, and decrypted during playback. As a content protection technology of this type, Content protection for prerecorded media (CPPM) is available. For example, a standardized encryption key system such as SD-Audio, SD-video or SD-ePublish (SD electronic publishing) is used (e.g., see 4C Entity, LLC, <URL: http://www.4Centity.com/>).
FIG. 1 is a schematic diagram showing a configuration of an SD card and a user terminal corresponding to the encryption key system. The SD card SDa is an example of a secure storage medium which stores data to be secure. An index a of the SD card SDa denotes correspondence to an SD audio standard. Not limited to this, however, it can correspond to all currently defined SD monomedia standards such as an SD video standard and an SD epublish standard.
The SD card SDa includes a system area 1, a hidden area 2, a protected area 3, a user data area 4, and an encryption/decryption section 5. Data is stored in each of areas 1 to 4 corresponding to the SD Audio standard.
Specifically, key management information MKB (media key block) and a media identifier IDm are stored in the system area 1. A media unique key Kmu is stored in the hidden area 2. An encrypted title key Enc (Kmum, Kt) is stored in the protected area 3. Encrypted content Enc (Kt, C) is stored in the user data area 4. A notation of Enc (A, B) means data B encrypted by data A in the description.
The system area 1 is a read-only area to be accessed from the outside of the SD card. The hidden area 2 is a read-only area to be referred to by the encryption/decryption section 5 of the SD card, and all access from the outside is inhibited. The protected area 3 is an area to enable reading/writing from the outside of the SD card when authentication succeeds. The user area 4 is an area to enable free reading/writing from the outside of the SD card. The encryption/decryption section 5 has an encrypting/decrypting function of executing authentication, key exchange or encryption communication between the protected area 3 and the outside of the SD card.
With respect to the SD card SDa, a playback user terminal 10a logically operates as follows. The user terminal 10a subjects key management information MKB read from the system area 1 of the SD card SDa to MKB processing by a preset device key Kd (ST1) to obtain a media key Km. Next, the user terminal 10a executes hash processing based on the media key Km and a media identifier IDm read from the system area 1 of the SD card SDa (ST2) to obtain a media unique key Kmu.
Subsequently, based on the media unique key Kmu, the user terminal 10a executes authentication key exchange (AKE) with the encryption/decryption section 5 of the SD card SDa (ST3) to share a session key Ks with the SD card SDa. The authentication key exchange processing of the step ST3 succeeds when the media unique key Kmu of the hidden area 2 referred to by the encryption/decryption section 5 and the media unique key Kmu generated by the user terminal 10a matches each other, and the session key Ks is shared.
Then, the user terminal 10a reads an encrypted title key Enc (Kmu, Kt) from the protected area 3 via encryption communication using the session key Ks (ST4). The user terminal 10a decrypts the encrypted title key Enc (Kmu, Kt) by the media unique key Kmu (ST5) to obtain a title key Kt.
Lastly, the user terminal 10a decrypts encrypted content Enc (Kt, C) read from the user area 4 by the title key Kt (ST6) to play the obtained content C.
According to the above encryption key system, the title key Kt is singly encrypted by the media unique key Kmu. On the other hand, an encryption dual key system in which a content key Kc (=title key Kt) is dually encrypted by a user key Ku and a media unique key Kmu below has been proposed. For example, the encryption dual key system of this type is used for MQbic (registered trademark).
FIG. 2 is a schematic diagram showing a configuration of an SD card and a user terminal corresponding to the encryption dual key system, and different from FIG. 1 in the following three points (i) to (iii).
(i) A first point is that an encrypted user key Enc (Kmu, Ku) is stored in place of the encrypted title key in the protected area 3. The user key Ku is an encryption/decryption key for the content key Kc, and commonly used for a plurality of encrypted content key Enc (Ku, KC1), Enc (Ky, Kc2), . . . in the same SD card SDq. An index q of the SD card SDq indicates correspondence to MQbic (registered trademark).
(ii) A second point is that an encrypted content key Enc (Ky, Kc) is stored in place of the encrypted content in the user data area 4. On the other hand, the encrypted content may be stored in an external storage medium, not limited in a memory 11q of a user terminal 10q. 
(iii) A third point is that between steps ST5 and ST6, decryption processing (ST5q) is executed to obtain a content key (=title key) Kc by decrypting the encrypted content key based on a decryption result (user key Ku) by the media unique key Kmu.
Because of the difference of the above three points, the SD card SDq and the user terminal 10q of FIG. 2 operate in steps ST1 to ST3 as in the case of FIG. 1, but operates as follows in step ST4 and after.
The user terminal 10q reads the encrypted user key Enc (Kmu, Ku) from the protected area 3 via encryption communication using the session key Ks (ST4). The user terminal 10q decrypts the encrypted user key Enc (Kmu, Ku) by the media unique key Kmu (St5) to obtain a user key Ku.
Then, the user terminal 10q decrypts the encrypted content key Enc (Ku, Kc) read from the user data area 4 (ST5) to obtain a content key Kc.
Lastly, the user terminal 10a decrypts the encrypted content Enc (Kc, C) read from the memory 11q by the content key Kc (ST6) to play the obtained content C.
As the above encryption dual key system holds the encrypted content key in the user data area 4 larger in storage capacity than the protected area 3, there is an advantage that a greater volume of encrypted content keys can be held than the SD Audio. Moreover, according to the encryption dual key system, the encrypted content can be held outside the SD card. Thus, it is expected that distribution of the encrypted content will be promoted.