In recent years there has been extensive development of systems for conducting electronic business transactions and the like using the Internet.
Encryption technology is used in data communications conducted as part of electronic business transactions and the like. For example, public key encryption related encryption communications systems are often used for authenticating another communications party, and secret key encryption related encryption communications systems are often used for distributing data safely. Encryption technology relating to public key and secret key encryption systems is described in detail in Contemporary Encryption Theory (Nobuichi Ikeno, Kenji Koyama, Institute of Electrical and Electronic Engineers, 1986)
In relation to public key encryption related encryption communications systems, generally a public key certificate, issued by an organ known as the authentication bureau and for verifying the correspondence between a public key and the whoever or whatever has possession of the public key, is sent attached to the public key. The public key certificate is basically public information that does not need to be handled secretly. A secret key paired with a public key, however, needs to be managed secretly.
Normally, a public key certificate has a valid period, although if as the result of an accident or incident a secret key paired with a public key either has been or has possibly been disclosed, the public key certificate needs to be invalidated, even if still within the valid period.
As a method of invalidating a public key certificate, a method involving the public release of a certificate revocation list (CRL) is shown in Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption (Warwick Ford, Michael S. Baum, Prentice Hall, 1997). A CRL includes the serial numbers of all public key certificates to be invalidated, and a mechanism can be constructed that, using a CRL, invalidates and makes unusable public key certificates having serial numbers included in the CRL.
Also, in the case of a distribution service in which a distribution device distributes keys for decrypting digital content (hereafter “content keys”) in response to requests from a large number of terminals that receive/playback digital content and which are required to appropriately use video and other digital content encrypted for reasons of copyright protection and the like, the distribution of content keys should, in view of copyright protection and the like, be carried out only with respect to appropriate terminals.
In this distribution service, it is imagined that a distribution system or the like be used in which terminals each have a unique secret key, and a distribution device for distributing keys receives, from a terminal, notification of a terminal identifier (terminal ID) unique to the terminal, together with a content key distribution request, performs on a content key an encryption that is only possible using the secret key unique to the terminal, and transmits the encrypted content key to the terminal.
In this case, if ascertained that a problem exists with a secret key packaging method in a terminal manufactured by a certain manufacturer, it will be necessary to stop distribution of content keys to all terminals produced by this manufacturer.
Furthermore, in relation to a mechanism that, for example, prevents the copying of digital content in a terminal, it will be necessary to stop distribution of content keys to all terminals produced by a certain manufacturer if a method for neutralizing this mechanism in terminals manufactured by the manufacturer is disclosed.
In other words, it will sometimes be necessary to stop the distribution of content keys to terminals that have been corrupted.
As a method of responding to this requirement, a distribution device in a distribution service can be structured to receive a terminal ID together with a content key distribution request from a terminal, to use a “terminal revocation list” (TRL), being a variant of the above CRL in which, instead of the serial numbers of public key certificates, the terminal IDs relating to all terminals to be invalidated are included, to distribute keys in response to a distribution request only when the received terminal ID is not included in the TRL, and to not respond to a distribution request if the terminal ID is included in the TRL.
According to the above method, however, a data size of the TRL when a large number of terminals require invalidating is enormous, since the terminal IDs of all of these terminals are included.
As an example, if 40 terminals are targeted by the distribution service, each terminal ID is a piece of fixed length data of 4 bytes or more, and 1% of these terminals require invalidating, the data size of the TRL will be at least 160 megabytes.
For this reason, in is feared that a distribution service in which, in order to handle a large number of terminals, (i) a large number of distribution devices for distributing content keys are provided and dispersed throughout various regions or the like, (ii) a TRL is generated in a single management device and sent, after having a digital signature included therein, to the distribution devices via a public communications network or the like, and (iii) each distribution device judges, based on the TRL, whether distribution of a content key to a terminal is permissible, will not prove practical because of either the voluminous communication data or the voluminous data that the distribution devices are required to hold.
For example, if a TRL is sent out every time there is an increase in the number of terminals to be invalidated, communication bottlenecks are likely to occur due to the large volume of communication data. Moreover, if a distribution device is structured to request a new TRL from a management device when a distribution request is received from a terminal together with a terminal ID, and, after receiving the TRL, to collate the received terminal ID based on the TRL, the response by the distribution device to the request from the terminal will be delayed as a result of the length of time required in the reception of the TRL.