In recent years, with development of information society, a content data distribution system is widely used. In this system, the content data including electronic data such as a book, newspaper, music, or an moving pictures, is distributed to a user terminal, which enables browsing of content data in the user terminal.
However, since electric content data (heretofore, it is referred to as “content data”) can be copied easily, the electronic content data tends to induce illegal acts that disregard copyright. From a viewpoint of protecting content data from such an illegal act, content data is encrypted and recorded by the encryption key and is usually decoded at the time of reproducing.
Content data protection technologies like this include CPRM (Content Protection for Prerecorded Media) which uses a standardized encryption key scheme in SD audio, SD video, SD E-e-Publish (SD computer-assisted publishing) or the like (for example, refer to nonpatent literature 1) The encryption-key scheme adapted in this nonpatent literature 1 is an encryption single key scheme which enciphers a title key with a medium unique key. On the other hand, the encryption double key scheme in which the content key is doubly encrypted with the user key and the medium unique key is known (for example, refer to nonpatent literature 2). This kind of encryption double key scheme is used in MQbic (registered trademark) for example.
FIG. 10 is a schematic diagram showing the configuration of the SD card and a user terminal corresponding to the encryption double key scheme adopted in Mqbic. A SD card SDq is an example of a secure storage medium which securely stores data. The SD card SDq has a system area 1, a hidden area 2, a protection area 3, a user data area 4, and an encryption/decryption unit 5, and the data is stored in each area 1-4.
In a SD card SDq like this, key management information MKB (Media Key Block) and the medium identifier IDm are stored in the system area 1. The medium unique key Kmu is stored in the hidden area 2. The encrypted user key Enc (Kmu, Ku) is stored in the protection area 3 and the encrypted content key data Enc (Ku, Kc) is stored in the user data area 4. The expression of Enc (A, B) means the data B encrypted with data A in this specification. Here, the user key Ku is encryption/decryption key to the content key Kc, and is used in common also to two or more encrypted content key data Enc (Ku, Kc1) Enc (Ku, Kc2) . . . . Moreover, the subscript q of The SD card SDq denotes that it conforms to MQbic (registered trademark).
Here, the system area 1 is a read-only area which can be accessed from outside of the SD card. The hidden area 2 is a read-only area that the SD card itself refers to, and cannot be accessed at all from external. The protection area 3 is an area in which data read and write is possible from external of the SD card when authentication is accomplished.
The user data area 4 is an area in which read/writing is freely possible from outside of the SD card. The encryption/decryption unit 5 performs authentication key exchanging, and cryptography, and has a function of encryption/decryption.
The user terminal 10q for reproducing operates logically as follows to such the SD card SDq. That is, the user terminal 10q, performs MKB processing of the key management information MKB read from the system area 1 of the SD card SDq with the device key Kd set up beforehand (ST1), to obtain a medium key Km. Next, the user terminal 10q carries out the hash processing of both the medium key Km and the medium identifier IDm read from the system area 1 of the SD card SDq (ST2), and obtains the medium unique key Kmu.
Thereafter, the user terminal 10q performs based on the medium unique key Kmu, an authentication process and a key exchanging process (AKE: Authentication Key Exchange) with the decryption/encryption unit 5 of the SD card SDq, to share a session key with the SD card SDq (ST3).
Note that the authentication and key exchanging process in the step ST3 succeeds when the medium unique key Kmu in the hidden area 2 referred to at the decryption/encryption unit 5 coincides with the medium unique key Kmu generated by the user terminal 10q, thereby the session key Ks being shared.
Then, the user terminal 10q reads out the encrypted user key Enc (Kmu, Ku) from the protection area 3 through a cipher communication using the session key Ks (ST4). This results in the encrypted user key Enc (Kmu, Ku) being decrypted by the medium unique key Kmu (ST5). Then, the user key Ku will be obtained.
Finally, when the encrypted content key Enc (Ku, Kc) is read from the user data area 4 of the SD card SDq, the user terminal 10q carries out the decryption processing of the encrypted content key Enc (Ku, Kc) with the user key Ku to obtain a content key Kc (ST5q). Finally, when the encrypted content data Enc (Kc, C) is read from Memory 11q, the user terminal 10q performs the decryption processing of the encrypted content data Enc (Kc, C) with the content key Kc (ST6). Thereby, the user terminal 10q reproduces the obtained content data C.
Note that although the above-mentioned example stores encrypted content data in the memory 11q of the user terminal 10q, it may be stored in the external storage medium.
The above-mentioned encryption double key scheme stores encrypted content key data at the user data area 4 having a large memory capacitance compared to the protection area 3. Therefore, it has an advantage in that it can store a lot of encrypted content key data compared to encryption single key scheme.
Moreover, since the encryption double key scheme may store encrypted content data in the SD card, it may urge the distribution of encrypted content data.
Furthermore in the encryption double key scheme, the medium identifier as an identifier is given to each SD card, and a unique user key is issued per medium identifier. This user key is also encrypted and stored in the protection area (protected area) of an SD card. Encryption of the user key depends on the medium identifier, and the user key can be decoded only with a authentic player. For this reason, content data cannot be acquired even if a trespasser copies only a content key unjustly from a user data area.