The present invention relates to an information recording medium on which encrypted information and encrypted key information obtained by encrypting key information used for decrypting the encrypted information to restore original information, a recording apparatus for the information recording medium, an information transmission system for transmitting information from the information recording medium to another device to decrypt the information, and a decryption apparatus for decrypting the encrypted information using the encrypted key information to obtain original information.
At present, we can get information worldwide via the Internet. Recently, some charging systems for information services within specific domains (regions, areas) have been put into practice. Along with the penetration of the Internet into our society, it is of urgent necessity to assure security for the purpose of preventing unauthorized use.
Objectives of security include:
A) to specify each user who is entitled to the service the provider intends to provide, and prevent eavesdroppers from connecting themselves to the information transmission path and stealing service information (information steal protection); and PA0 B) to prevent a third party other than the service provider from using original service information for other commercial purposes, which is a violation of the copyright (information copy protection). PA0 1. The user issues a public key and secret key, and transmits the public key to an information service provider together with an information service request. PA0 2. The information service provider encrypts service information on the basis of the public key sent from the user, and sends it to the user. PA0 3. The user decrypts the encrypted information using the secret key issued by himself or herself, and uses the service information. PA0 a] If the user copies the service information to an HDD or optical disk, he or she cannot be charged for each information service provided. PA0 b] As long as the common key is used, a third party other than the information service provider can easily illicitly use the encrypted information for commercial purposes. PA0 1) The key may be illicitly copied by a third party during its transfer. PA0 2) Key management is complicated. PA0 3) The destination user can easily alter encrypted data itself. More specifically, after the destination user decrypts the encrypted data using the common key and alters it, he or she can easily encrypt the data using the common key again. PA0 I] Encryption/decryption is time intensive. PA0 II] The information service provider must inquire public keys of a CA center (authentication center) in units of users every time the provider sends information to the users. PA0 III] The system heavily loads the user in terms of the custody of the secret key. PA0 encrypted information; and PA0 encrypted key information obtained by encrypting key information for decrypting the encrypted information to obtain original information, PA0 wherein non-encrypted condition information used upon decrypting the encrypted information is recorded in the encrypted key information. PA0 setting means for setting encrypted key draft information and condition information used upon decryption; PA0 first generation means for generating encrypted key information on the basis of the encrypted key draft information and the condition information which is not encrypted; PA0 recording means for recording common key information; PA0 second generation means for generating key information by decrypting the encrypted key information generated by the first generation means using the common key information recorded in the recording means; PA0 input means for inputting information to be encrypted; PA0 third generation means for generating encrypted information by encrypting the information to be encrypted input by the input means using the key information generated by the second generation means; and PA0 recording means for recording the encrypted key information including the condition information generated by the first generation means and the encrypted information generated by the third generation means on an information recording medium in correspondence with each other. PA0 wherein non-encrypted condition information used upon decrypting the encrypted information is recorded in the encrypted key information recorded on the information recording medium of the first apparatus, the first apparatus comprises: PA0 transmission means for transmitting the encrypted key information including the condition information and the encrypted information recorded on the information recording medium to the second apparatus, PA0 the second apparatus comprises: PA0 first output means for outputting the condition information, encrypted key information, and encrypted information received from the first apparatus to a processing medium for performing decryption; and PA0 execution means for executing processing in accordance with decrypted information from the processing medium, and PA0 the processing medium comprises: PA0 determination means for determining based on the condition information from the second apparatus if decryption is granted; PA0 decryption means for, when the determination means determines that decryption is granted, decrypting the encrypted information on the basis of the encrypted key information from the second apparatus; and PA0 second output means for outputting the information decrypted by the decryption means to the second apparatus. PA0 recording means which records second specific information generated based on first specific information and common key information; PA0 setting means for setting the first specific information; PA0 generation means for generating the common key information on the basis of the first specific information set by the setting means and the second specific information recorded on the recording means; PA0 first decryption means for obtaining key information by decrypting the encrypted key information using the common key information generated by the generation means; and PA0 second decryption means for obtaining information before encryption by decrypting the encrypted information using the key information obtained by the first decryption means. PA0 an input unit at which first specific information and common key information are input; PA0 first generation means for generating second specific information on the basis of the first specific information and the common key information input at the input unit; PA0 recording means for recording the second specific information generated by the first generation means; PA0 inhibition means for inhibiting input from the input unit after recording on the recording means; PA0 setting means for setting the first specific information; PA0 second generation means for generating the common key information on the basis of the first specific information set by the setting means and second specific information recorded on the recording means; PA0 first decryption means for obtaining key information by decrypting the encrypted key information using the common key information generated by the second generation means; and PA0 second decryption means for obtaining information before encryption by decrypting the encrypted information using the key information obtained by the first decryption means. PA0 recording means which records second specific information generated based on first specific information and common key information; PA0 setting means for setting the first specific information; PA0 generation means for generating the common key information on the basis of the first specific information set by the setting means and the second specific information recorded on the recording means; PA0 first decryption means for obtaining key information by decrypting the encrypted key information using the common key information generated by the generation means; PA0 second decryption means for obtaining information before encryption by decrypting the encrypted information using the key information obtained by the first decryption means; PA0 determination means for determining based on the condition information if decryption is granted; and PA0 control means for controlling execution of decryption by the first and second decryption means on the basis of the determination result of the determination means.
Especially, demands associated with information copy protection described in (B) are expected to increase rapidly in the future, since network computers are being enthusiastically developed.
The network computer under development has no HDD and downloads even an OS from a host server via radio upon startup. At the network computer, the user executes his or her jobs while installing required functional programs via radio when he or she requires application software programs.
Hence, conventionally, the user purchases various application package software programs and installs them in an hard disk device ("HDD") so as to use these programs.
However, when the user uses the network computer, he or she need not purchase such programs in advance; the user uses a required functional program by downloading it when he or she wants to use it. In this case, the user is charged each time he or she downloads the functional program. The functional program is not a large-size program unlike a package program but is a function-limited, very small-size program described in, e.g., JAVA.TM..
Hence, when the user uses the network computer, the functional program must be prevented from being copied and re-used by the user in terms of the above-mentioned specific charging method.
As the methods of providing security, the following three methods using asymmetric or two-key encryption are known.
However, when these methods are used, the information service provider must encrypt information every time it receives user's request, resulting in very high service cost.
To avoid such problem, the following method may be used. That is, symmetric or single-key encryption using a common key common to encryption and decryption is adopted, the encrypted common key is sent to the user together with encrypted service information, and only the user who knows the common key can decrypt the encrypted information.
However, this method has the following problems.
In the above description, information services using a network computer have been mainly described. Likewise, services using satellite broadcast are also available. When broadcast is used, an asymmetric cryptosystem (a method using a public key and secret key) cannot be used. So, a symmetric cryptosystem using a public key is adopted, so that only a specific user who knows the public key can receive services.
However, in this case as well, problems [a] and [b] mentioned above commonly recur.
The above-mentioned problems will be elaborated in terms of the encryption technique.
As is conventionally known, the common key (symmetric) scheme in which the source and destination use an identical key suffer the following three shortcomings.
By contrast, the asymmetric scheme using a public key and secret key can solve the above-mentioned problems but suffers the following shortcomings.
These shortcomings make the load on the information service provider heavier.
Also, this system poses the following problem.
For example, if the secret key is stolen, it becomes impossible to assure security. Also, since the user can easily copy an FD or IC card that stores the secret key, the copied key information may be illicitly used.
As a method of solving the above-mentioned problems, a hybrid system for encrypting data itself using a common key and encrypting only the common key using a public key has been proposed. This method can relax "[I] increase in encryption/decryption time" but cannot reduce the complexity of [II] and [III].
In a system for encrypting information and transmitting or recording the encrypted information, when a key used upon encrypting the information is also transmitted or recorded, the key used in encryption is not directly transmitted or recorded to make the key secret, but is transmitted or recorded as key information which is independently encrypted using an encryption means different from that for the information. On the information reproduction side, using the key obtained by decrypting the key information by a decryption means for the key, the encrypted information is decrypted using a decryption means for the information.
Using this system, a method of preventing reproduction control information from being altered by including the reproduction control information in the key before encryption is proposed.
However, with this method, the information reproduction side must decrypt the key information to know the reproduction control information, and this entails a serious problem in case of the following information reproduction system.
For example, an information reproduction system in which a disk drive device, which has neither decryption means for key information nor decryption means for encrypted information and merely reads recorded data, is made to determine reproduction inhibition information so as to control data transfer to an information reproduction apparatus with the decryption means will be described below.
In this case, the disk drive device must have the decryption means for key information, resulting in high cost of the disk drive device. Furthermore, security of the whole system may lower since the disk drive device must have the decryption means for the key information which is not originally required for the disk drive device.