The present disclosure relates to an information processing apparatus, an information storage apparatus, an information processing system, and information processing method and program. Particularly, the present disclosure relates to an information processing apparatus, an information storage apparatus, an information processing system, and information processing method and program which prevent improper use of content.
For example, content such as movie, music, and the like are provided to users via various media such as a DVD (Digital Versatile Disc), a Blu-ray Disc (registered trademark), and a flash memory, a network such as the Internet, or a broadcast wave. The users can reproduce the content using various information processing apparatuses such as a PC, a mobile terminal, a recording and reproducing apparatus such as a BD player, and a television.
However, copyright and distribution rights of most content such as music data and image data to be provided to the users are owned by creators or sellers thereof. Accordingly, content providers perform predetermined content use restrictions in providing content to the users in many cases.
According to a digital recording apparatus and a recording medium, it is possible to repeat recording and reproducing without degrading images and sound, for example, and there is a problem in that delivery of improperly copied content via the Internet or use of improperly copied content such as distribution of so-called pirate discs have been widespread.
In order to prevent such improper copying of data, various techniques for preventing illegal copying in a digital recording apparatus and a recording medium have been put to practical use.
For example, content encryption processing is one example. A key used for decoding encrypted data is given only to a reproducing apparatus which is licensed to have a content use right. A reproducing apparatus which is designed to follow a predetermined operation rule such as a rule that the reproducing apparatus does not perform improper copying is licensed. On the other hand, a reproducing apparatus which is not licensed does not have a key for decoding encrypted data, and therefore, the reproducing apparatus do not decode the encrypted data.
However, even if such content encryption is executed, content is still improperly used in a current situation.
One specific example of improper use of content will be described.
A configuration is assumed in which a content server delivers encrypted content to a user device such as a recording and reproducing apparatus, a PC, or a mobile terminal.
When the content server delivers encrypted content to the user device, the content server delivers data of
(a) encrypted content and
(b) an encryption key applied to encryption and decoding of the encrypted content
to the user device via a network, for example.
For example, when the same content such as the same movie is provided to multiple user devices, the content server executes the two following kinds of processing.
(A) The content server generates and provides differently encrypted content to the user devices by applying different individual encryption keys.
(B) The content server generates and provides same encrypted content which has been encrypted with a same encryption key to the plurality of user devices.
In consideration of security for preventing improper use of content, the above processing (A) is effective.
In order to perform the above processing (A), however, it is necessary to perform processing for setting individual encryption keys for multiple users and generating individually encrypted content, and there is a problem in that processing load on the server such as generation and management of encryption keys, encrypted content generation processing, and the like increases in accordance with the number of users to which the content is delivered.
Accordingly, the above processing (B), namely processing for generating the same encrypted content encrypted with the same encryption key for the same content and providing the encrypted content to the plurality of users is performed in many cases.
For example, one encryption key (=title key) is set for content with a certain title, the one title key is applied to generate the same encrypted content, and a data set of
(a) the encrypted content and
(b) the title key
is delivered to the multiple users.
By performing such processing, the processing load on the content server is reduced.
Hereinafter, an encryption key set in units of content titles will be described as a “title key”.
In addition, a title key is applied to encryption and decoding processing of encrypted content with the title.
However, if a same data set, that is, a combination of same data of
(a) encrypted content and
(b) title key
is delivered to multiple users, “unauthorized users” who are a part of the users may perform the following processing:
(1) The “unauthorized users” read a title key received from the server and release the read title key to an unspecified number of users; or
(2) The “unauthorized users” uses a title key A corresponding to certain encrypted content A to encrypt completely different content B and deliver a combination of data of
(X) the title key A and
(Y) the encrypted content B encrypted with the title key A to an unspecified number of users.
There is a possibility in that improper use is executed.
If the above processing (1) is performed, for example, multiple users who obtain the title key improperly released use the content, which has been improperly encrypted with the title key.
In addition, if the above processing (2) is performed, an improper data set created by the “unauthorized users”, namely
(X) the title key A and
(Y) the encrypted content B encrypted with the title key A are obtained from the “unauthorized users”, and the multiple users uses the improperly encrypted content B.
As a result, the number of users who legitimately purchase an original legitimate data set, namely
the encrypted content B and
a title key B corresponding to the encrypted content B is reduced, and the benefits of owners of copyrights and owners of distribution rights are significantly damaged.
Further specific description will be given of an example of improper processing.
It is assumed that a content server owns the following data sets of encrypted content (C) and a title key (Kt) from (1) to (3).
(1) (Kt11, C11)
(2) (Kt12, C12)
(3) (Kt13, C13)
Here, Cnn represents a content file, and
Ktnn represents a title key used in encrypting content.
(Kt11, C11) is a data set of a title key (Kt11) and content (C11) encrypted with the title key (Kt11),
For example, it is assumed that, an “unauthorized user Ux” purchases all of the above three data sets, namely
(1) (Kt11, C11)
(2) (Kt12, C12)
(3) (Kt13, C13).
It is assumed that the purchase processing itself is performed by a predetermined appropriate purchase procedure between a user device of the “unauthorized user Ux” such as a PC and the content sever.
The “unauthorized user Ux” records the above data sets (1) to (3) in a medium such as hard disk of the PC as the user device.
The “unauthorized user Ux” reads the above data sets (1) to (3) from the medium such as hard disk of the PC as the user device PC and decodes all encrypted content with the title keys of its own once to obtain the following data.
Title keys: Kt11, Kt12, Kt13
Decoded content: C11, C12, C13
Although a title key is typically not read to the outside when a legitimate content reproduction program is used in an appropriate reproducing apparatus, there is a possibility in that the title key itself is read by a method of installing an improper program on an apparatus such as a PC, and it is difficult to completely prevent the title key from being read in a current situation.
Furthermore, the “unauthorized user Ux” generates data C11∥C12∥C13
obtained by coupling the decoded content C11 to C13 and encrypts the coupled data with the title key Kt11.
That is, the “unauthorized user Ux” generates the following data set
(Kt11, C11∥C12∥C13)
and improperly distributes the data set via a network, for example, sells the data set at an inexpensive price or provides the data set to many users for free.
If such processing is performed, many general users can obtain the above improperly created data set, namely the improper data set of
(Kt11, C11∥C12∥C13)
from the “unauthorized user Ux”.
The data set is configured by
(a) the encrypted content encrypted with the title key Kt11 and
(b) the title key Kt11,
and has the same data configuration as that of the content in the data set provided from the legitimate content provider to the user.
For this reason, an appropriate licensed reproducing apparatus including an appropriate content reproducing program can decode and reproduce the encrypted content [C11∥C12∥C13] without any problems using the title key Kt11.
As a result, content is not legitimately purchased, and improper use is widespread. Since the number of users who legitimately purchase content of C11 to C13 and the like drops, the benefits of owners of appropriate rights are damaged.
Further specific description will be given. For example, in a case of series content including twelve titles from the first episode to the twelfth episode such as a drama, it is assumed that content purchase units are set in units of episodes as follows:
First episode=(Kt01, C01)
Second episode=(Kt02, C02)
Third episode=(Kt03, C03)
:
Twelfth episode=(Kt12, C12)
In such a case, an “unauthorized user” purchases all twelve titles from the first episode to the twelfth episode in the series, couples the content C01 to C12 of the first to twelfth episodes, generates a data set encrypted again with a title key Kt01 corresponding to the first episode, namely
(Kt01, C01∥C02∥C03 . . . ∥C12)
and release the data set on the network. Otherwise, the unauthorized user performs processing for improperly selling the data set.
In such a case, it becomes possible to obtain, reproduce, and use the improper data set created by the “unauthorized user”, namely
(Kt01, C01∥C02∥C03 . . . ∥C12)
by multiple user devices.
For example, it is assumed that a legitimate price of each of the twelve episodes is 2,000 JPY.
In such a case, the price of all twelve episodes is 12×2,000 JPY=24,000 JPY.
The “unauthorized user” sells the improper data set, namely
(Kt01, C01∥C02∥C03 . . . ∥C12)
with the price of 6,000 JPY, for example. In such a case, many users purchase the less expensive content, and as a result, legitimate content sales are interrupted, and the benefits and rights of persons who originally own copyright and sale rights are damaged.
In addition to the above example, it is possible to use a title key Kt11 set corresponding to one piece of certain content C11 for encrypting other various kinds of content Cxx without any relationships as
(Kt11, Cxx), Content Cxx may be various kinds of content, and there is a problem in that all content can be decoded and reproduced with one title key without any limitation.
That is, even if a reproducing apparatus, reproduction of plain text content with which is inhibited, is created, it is possible to decode and reproduce plain text content using the improper data set in the same manner as in legitimately purchased content.
Furthermore, the “unauthorized user” can start services of replacing title keys and encrypting content again and can behave as if the “unauthorized user” were an authorized server.
As described above, it is difficult to prevent improper use of content only with a countermeasure of content encryption processing.
As a method eliminating improper use of content other than the encryption processing, there is a method in which a reproducing apparatus is caused to execute falsity verification on content. By applying this method, it is possible to stop using falsified content when any modification (falsity) is made on content in a distribution process of the improper content, for example.
Specifically, a user device which reproduces content is designed to have a controlled configuration in which the user device is made to execute processing for verifying presence of content falsity, to reproduce the content only when it is confirmed that no falsity exists in the content, and not to reproduce content when it is determined that falsity has been made.
For example, Japanese Unexamined Patent Application Publication No. 2002-358011 discloses a controlled configuration in which a hash value is calculated from a content file to be reproduced, the hash value is compared with a hash value for a cross-check prepared in advance, namely a hash value for a cross-check calculated in advance based on appropriate content data, it is determined that the content has not been falsified when the newly calculated hash value coincides with the hash value for a cross-check, and processing moves on to content reproduction processing.
However, if a capacity of the content data as original data for calculating the hash value is large in executing the processing for calculating the hash value based on the content as described above, significantly large processing load and long processing time are necessary for the calculation. Recently, video image data has higher quality, and the amount of data per content ranges from several GB to several tens of GB in many cases. There is a problem in that it is necessary that the user device has a significantly high data processing ability and a problem in that the content reproduction processing is not effectively performed due to long content verification time if the user device which reproduces the content is made to perform such processing for calculating a hash value of content based on large capacity data.
In addition, Japanese Patent No. 4576936 discloses a configuration in which a hash value for each hash unit set as classified data of stored content on an information recording medium is recorded in a content hash table and the content hash table is stored with content on the information recording medium.
With such a disclosed configuration, an information processing apparatus which reproduces content executes processing for cross-checking the hash values based on one or more randomly selected hash units. With such a configuration, it is possible to calculate a hash value based on hash units with less amount of data, to perform cross-check processing regardless of the amount of content data, and to thereby efficiently verify content by the user device which reproduces the content.
However, the configuration disclosed in Japanese Patent No. 4576936 is on the assumption of processing for content stored on an information recording medium. Although the disclosed configuration can be applied to a case in which a hash value can be recorded with content in manufacturing the information recording medium, for example, there is a problem in that it is difficult to apply the configuration to content downloaded from a server, for example.
Both Japanese Unexamined Patent Application Publication No. 2002-358011 and Japanese Patent No. 4576936 put emphasis on content falsity verification, and there is a problem in that distribution of improperly copied content with no falsity is not controlled at all.
As described above, encryption and falsity verification processing of content in the related art do not exhibit a sufficient effect of preventing distribution of improperly copied content and divulging of content encryption keys in a current situation.