The present invention relates to an information processing system, an information processing method, and an information storage medium, and particularly to a data distribution system and method for providing various kinds of data such as content data to an authorized user by means of a process including a cryptographic process. More particularly, the present invention relates to an information processing system, an information processing method, and an information storage medium, in which a key block is produced using a hierarchical-tree key distribution technique depending on a device to which content is to be provided, and the key block is used in encryption of the content and also in transmission of a content key, thereby ensuring that the content, the content key, and other data are securely provided.
It is now very popular to distribute various kinds of software data such as a game program, audio data, and image data (hereinafter, such data will be referred to as content) via a network such as the Internet or via a distributable storage medium such as a DVD or a CD. After loading such content data onto a PC (Personal Computer) or a game machine of a user via data transmission, or after loading a storage medium on which content data is stored onto the PC or the game machine, the user can enjoy played-back content. Content stored on a storage medium may be stored into a storage device such as a memory card or a hard disk disposed in a PC or a recording/playing-back apparatus so that the content can be reproduced from the storage device.
An information apparatus such as a video game machine or a PC may include an interface for receiving content via a network or accessing a DVD or a CD, and further include a RAM, a ROM, or the like, used as a memory area for storing control means, a program, and data needed to reproduce content.
Various kinds of contents such as music data, video data, or a program may be read from a storage medium and played back on an information apparatus itself such as a game machine or a PC used as a playback device or played back on a display or by a speaker connected to the information apparatus. This may be done in response to a command input by a user directly to the information apparatus or indirectly via input means connected to the information apparatus.
In general, the right of distribution of software contents such as a game program, music data, or video data is held by producers or sellers of the software content. Software content is generally distributed under specific usage limitations to secure that only authorized users can use software content and that unauthorized copies thereof cannot be made.
One technique of limiting usage to specific users is to encrypt content. More specifically, content such as audio data, video data, or a game program is distributed via the Internet or the like after encrypting the content, and a decryption key, which is means for decrypting the encrypted content, is given only to authorized users.
The encrypted data can be converted into its original form (plaintext) by performing a predetermined decryption process upon the encrypted data. The technique of encrypting and decrypting information using an encryption key and a decryption key is well known in the art.
Various techniques of encrypting and decrypting data using an encryption key and a decryption key are known. One of them is a technique known as common key cryptography. In the common key cryptography, the same key, called a common key, is used as both an encryption key for encrypting data and a decryption key for decrypting the encrypted data. The common key is given only to authorized users so that unauthorized users who do not have the common key cannot access the data. A specific example of the common key cryptography is that based on the DES (Data Encryption Standard).
An encryption key for encrypting data and a decryption key for decrypting the encrypted data can be obtained from a password or the like using a unidirectional function such as a hash function. Herein, the unidirectional function refers to a function whose input is very difficult to guess from an output thereof. Although an encryption/decryption key can be generated using an output obtained by applying a unidirectional function to, for example, a password determined by a user, it is substantially impossible to determine, from the obtained encryption/decryption key, the password that is original data from which the encryption/decryption key is generated.
Another known technique is public key cryptography in which an encryption key used for encryption and a decryption key used for decryption are generated in accordance with different algorithms. In the public key cryptography, a public key, which is allowed to be used by any unspecified user, is issued by a particular user, and a document to be provided to that particular user is encrypted using the public key issued by the particular user. The document encrypted using the public key can only be decrypted using a secret key corresponding to the encryption key used to encrypt that document. The secret key is held only by the user who issued the public key, and thus the document encrypted using the public key can be decrypted only by the user having the secret key. A representative example of the public key cryptography is that based on the RSA (Rivest-Shamir-Adelman) algorithm. Using one of above-described cryptography techniques, it is possible to realize a system in which encrypted contents can be decrypted only by authorized users.
In such a content distribution system, encrypted contents are provided to users via a network or via a storage such as a DVD or a CD, and content keys used to decrypt the encrypted contents are provided only to authorized users. To prevent a content key from being copied in an unauthorized manner, it has been proposed to encrypt a content key and provide the encrypted content key to an authorized user so that only the authorized user can decrypt the encrypted content key using a decryption key held only by the authorized user.
A judgment of whether one is an authorized user or not is generally made by performing authentication between a user device and a content provider who is a sender of content, before transmitting content or a content key. In a usual authentication process, if the user is determined to be authorized, a session key is produced which can be used only during the present communication, and data such as content or a content key is transmitted after encrypting it using the session key. Authentication may be performed using the common key cryptography or the public key cryptography. In the case where authentication is performed using the common key encryptography, a common key for system-wide use is needed. This results in inconvenience in renewal. On the other hand, in the case where the public key encryptography is employed, undesirably complex calculations using a memory with an undesirably high capacity are required.