JP2001067268A - Method for managing contents, and storage medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To make preventable the failure of security due to the alteration of a secret region operation command. SOLUTION: At the time of issuing a desired secret region operation command from an LCM to be realized on a PC for operating a secret R/W region 351 ensured so that its boundary can be brought into contact with a public R/W region 352 on a memory 35, the whole command or the parameter part of the command is enciphered, and the enciphered secret region operation command is transmitted to a PM 30 side. At the time of receiving the secret region operation command, a controller 31 of the PM 30 allows a command decoding part 32 to decode the whole command or the parameter part of the command, and the secret R/W region 351 is operated according to the decoded secret region operation command. In this case, when the command is a CHANGE command for changing the secret R/W region 351, the controller 31 deletes the data of the reduced/enlarged part of the secret R/W region 351 at the time of changing the secret R/W region 351.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a content management method and a storage medium suitable for protecting copyrights of various digital contents represented by image data and music data.

[0002]

2. Description of the Related Art In recent years, with the development of computer technology,
Various electronic devices, such as multimedia-compatible personal computers, set-top boxes, players, and game machines, have been developed. This type of electronic device can reproduce various digital contents such as image data and music data stored in a recording medium, and can also download and use digital contents through the Internet or the like.

[0003] These digital contents can be copied or downloaded without deteriorating their quality by employing digital encoding techniques such as MPEG2 and MP3. Therefore, recently, from the viewpoint of copyright protection, the necessity of a technique for protecting such digital contents from unauthorized use has been called out.
In particular, a removable storage medium, such as a memory card, which can record / reproduce even when moved to another device, is basically open in its specifications and can move / copy contents freely. It is important to be able to protect the content stored on the storage medium from unauthorized copying / moving.

Therefore, a storage medium in which a storage medium unit and a controller are integrated like a memory card can be accessed only by a specific procedure that is concealed and cannot be accessed by a user.
And copy control information, movement control information, etc.
By storing important information necessary for using the content, it is possible to protect the content.
Here, when copying / moving contents between electronic devices such as a personal computer, a set-top box, and a player and a storage medium, each performs a predetermined mechanism related to copyright protection (content protection) (that is, a predetermined content). (Authentication function) to mutually authenticate whether they are legitimate, and if they can be authenticated, obtain a common authentication key individually by exchanging keys according to the mutually shared key generation algorithm It is considered that the authentication key is used for encrypting / decrypting a content key (content decrypting key for decrypting the content) or encrypting / decrypting the content.

[0005]

A device (hereinafter, referred to as a host) equipped with an application for utilizing digital contents is provided with a storage medium (a storage medium such as a memory card) from the viewpoint of the above-mentioned copyright protection. It is necessary to reliably overwrite or delete the content key (content decryption key) stored in the secret area of the storage medium in which the controller and the controller are integrated.

However, a conventional command for writing or erasing a secret area of a storage medium (a secret area operation command)
Did not take account of tampering with the entire command or the parameters of the command. For this reason, there is a possibility that there is an attack on security, such as intercepting communication between the host and the storage medium, falsifying the command, and preventing erasure of specific data stored in the secret area of the storage medium. .

The present invention has been made in consideration of the above circumstances, and has as its object to provide a content management system capable of preventing a security breakdown due to a falsification of a command for instructing an operation on a secret area (a secret area operation command). It is to provide a method and a storage medium.

[0008]

SUMMARY OF THE INVENTION The present invention operates a secret area, which is secured on a storage medium on which digital content is recorded and in which information including a content decryption key necessary for decrypting the content is recorded. Therefore, when issuing a desired type of secret area operation command, the entire command or the parameter portion of the command is encrypted, and then the encrypted secret area operation command is transmitted to the storage medium. On the other hand, when the storage medium receives the secret area operation command in which the entire command or parameter portion is encrypted, the storage medium side decrypts the entire command or parameter portion of the command, and performs the encryption in accordance with the decrypted secret area operation command. The method is characterized by operating an area. Here, the encryption key used for encrypting the entire command or the parameter portion of the secret area operation command and the decryption key used for decrypting the entire encrypted command or the encrypted parameter portion of the secret area operation command are ciphers. What is necessary is just to generate | occur | produce according to the algorithm of key generation mutually shared through communication between the encryption side and the decryption side. Further, it is preferable that this key generation is performed before transmission of the secret area operation command every time the secret area operation command is transmitted.

As described above, the entire command or parameter portion of the secret area operation command for the secret area secured in the memory area of the storage medium is encrypted and sent to the storage medium, and the storage medium decrypts the command. By doing so, it is possible to prevent a security breakdown, such as erasure of specific data in the confidential area due to command tampering.

[0010] Here, when the entire confidential area operation command is encrypted, it is extremely difficult not only to falsify the position in the memory area specified by the parameter portion and the size to be operated. Even it is difficult to identify the command. On the other hand, when only the parameter part of the secret area operation command is encrypted, the OP code part is not encrypted. Therefore, when the storage area side receives the secret area operation command, the storage medium side immediately executes the interpretation processing of the command. To optimize the operation (assignment of processing) on the storage medium side while preventing falsification of the position in the memory area specified by the parameter portion and the size of the operation target Can be.

Further, the present invention divides a predetermined memory area on the storage medium and sets a boundary between the public area where digital contents are recorded and which can be accessed in a normal procedure, and the secret area. While being secured so as to be in contact with each other, one of the secret area operation commands is a specific secret area operation command (CH
ANGE command), and if the secret area operation command decoded on the storage medium side is a specific secret area operation command, the size of the secret area is moved by moving the boundary between the secret area and the public area. When the secret area is reduced and changed at least, the data of the changed part is deleted when the secret area is changed.

In the present invention, when a specific secret area operation command is used as the command while preventing the tampering of the secret area operation command, the size ratio between the secret area and the public area is changed, that is, the secret area operation command is changed. Shrinking the area and expanding the public area by the reduced amount,
Alternatively, the confidential area can be enlarged and the public area can be reduced by the enlargement. Accordingly, when the storage medium is used for storing video data having a large data size per content, for example, the confidential area is reduced while the public area is expanded while emphasizing the total content size that can be handled. When used for storing music data that requires a small data size per content, it is possible to expand the secret area and reduce the public area while emphasizing the total number of contents that can be handled.

Further, in the present invention, when at least the secret area is reduced and changed, the data of the changed part, that is, the current boundary between the secret area and the public area (the boundary before the change) is changed when the secret area is changed. Since the data between the later boundary is automatically deleted, even if the reduced area of the secret area is added to the public area due to the change in the reduction of the secret area, it is stored in the reduced area. There is no danger of leaking secret data. Here, even when the secret area is enlarged and changed, the data of the changed part may be automatically deleted. In this case,
After writing the desired data in the area part of the boundary with the secret area, by using the secret area operation command, by enlarging and changing the secret area so that the area part enters the secret area side,
Even if an "attack" is made to make freely available data that should be concealed in the enlarged part, it can be countered.

[0014]

Embodiments of the present invention will be described below with reference to the drawings. FIG. 1 is a block diagram mainly showing a configuration of a content use management system according to an embodiment of the present invention.

A content usage management system (hereinafter, LC)
M (referred to as License (SDMI-) Compliant Module) 1
0 is a storage medium such as a memory card (hereinafter referred to as PM (Po
It controls the number of copy contents that can be recorded in the PM 30 and records and reproduces the copy contents recorded in the PM 30. For example, the personal computer (hereinafter, referred to as PC) 1 It is implemented as executable software.

The LCM 10 has a function of receiving an encrypted content distributed from a content distribution server or the like or a license thereof (usage conditions and a decryption key for the encrypted content).

The LCM 10 has a secure content server 11 at the center of the LCM 10. The secure content server 11 stores the encrypted content received by the LCM 10 and purchased by the user in a data storage unit (not shown), and stores the decryption key (content decryption key) in a license storage unit (not shown). I do. Note that the received encrypted content is often decrypted once and then subjected to format conversion and re-encryption. The content managed by the secure content server 11 can be reproduced on the LCM 10 by the server 11.

The secure content server 11 also transmits content data (digital content) to the PM 30 that can be mounted on the media I / F unit 13.
It has a function of outputting via the / F unit 13. This PM
Reference numeral 30 denotes a dedicated recording / reproducing device (hereinafter simply referred to as PD (Port
20), the content recorded in the PM 30 can be reproduced on the PD 20. The secure content server 11 sends the PM 30 set in the PD 20 a P
It also has a function of outputting via the D I / F unit 12 and the PD 20. That is, the recording of the content from the secure content server 11 to the PM 30 is performed by the media I / F unit 1.
3 directly or through the PD I / F unit 12
And via the PD 20.

The I / F units 12 and 13 transmit the I / F units 12 and 13 from the secure content server 11 respectively.
Confidential R / W area operation command (a confidential R / W area 35 described later)
Command encryption units 120 and 130 for encrypting (commands for instructing the operation for 1).

The secure content server 11 further has a user I / F unit 14 for receiving an input from an input / output device (not shown) of the PC 1. An instruction input by the user by operating an input device such as a keyboard and a mouse is accepted by the user I / F unit 14 and passed to the secure content server 11. These instructions include:
An instruction to change the size of the secret R / W area 351 described later is also included.

FIG. 2 shows the structure of the PM 30. As shown in the figure, PM 30 can be either directly from LCM 10 or
A controller 31 that interprets and executes commands sent via the D20, a command decryption unit 32 that decrypts encrypted commands, and a RAM that can be accessed only by the controller 31 and the command decryption unit 32, for example, is configured. A work memory 33, a ROM 34 as a read-only nonvolatile memory, and a flash memory 35 as a rewritable nonvolatile memory are provided.

The storage area of the ROM 34 is
Procedures not disclosed through 1 (that is, concealed specific procedures)
And a read-only storage area (hereinafter, referred to as a secret ROM area) 341 accessible only by the user, and a read-only storage area (hereinafter, referred to as a public ROM area) 342 accessible by ordinary procedures. .

The secret ROM area 341 has a corresponding PM
A constant such as a secret media ID, which is secret information unique to 30, is stored in advance. On the other hand, in the public ROM area 342,
A media ID as identification information of the corresponding PM 30, information indicating a device (LCM, PD) for which an access request for recording or reproduction of digital content should be invalidated, and the like are stored.

Next, the storage area of the flash memory 35 includes a storage area (hereinafter, referred to as a secret R / W area) 351 that can be accessed only by a secret procedure through the controller 31 and a storage area that can be accessed by a normal procedure. Area (hereinafter, referred to as a public R / W area) 352.

In the public R / W area 352, encrypted content data (encrypted content) is stored. On the other hand, in the secret R / W area 351, a content key (content decryption key) for decrypting the content data corresponding to the content data stored in the public R / W area 352 is stored. Secret R / W area 3
51 also stores information on the start address and size of the secret R / W area 351. This information is confidential R /
It is stored at a predetermined position on the end address side of the W area 351. The addresses used here are, unless otherwise noted
It represents the address of the address space to which the memory is assigned, not the physical address of the memory.

FIG. 3 shows an example of a memory map of the storage area of the flash memory 35. As shown in the figure, in the present embodiment, the secret R / W area 351 is assigned to the high address side of the storage area of the flash memory 35, and the public R / W area
The / W area 352 is also assigned to the lower address side. Here, the end address of the secret R / W area 351 matches the address of the memory address space to which the final physical address of the flash memory 35 is allocated, and
The start address of the W area 352 coincides with the address of the memory address space to which the leading physical address (address 0) of the flash memory 35 is allocated. Also, the start address of the secret R / W area 351 matches the end address of the public R / W area 352. In the present embodiment, the secret R /
Start address of W area 351 (= public R / W area 352
End address), that is, the boundary between the confidential R / W area 351 and the public R / W area 352 is set to L in accordance with the user's instruction.
The designated size can be changed by executing a dedicated command (command) called a CHANGE command (confidential R / W area change command) issued from the CM 10 side.

FIG. 4 shows the format of a secret R / W area operation command (secret area operation command) issued from the LCM 10 to the PM 30.

Here, each confidential R / W area operation command (command data) is transmitted to the PM 30 by a transmission command called SEND. This command data includes, in order from the top, an operation code of the secret R / W area, that is, an OP code as a command code indicating the command type, and a secret R / W area.
/ W area storage area to be operated (secret R / W area 3
ADDRESS indicating the address (start address) in the address space of the start position of the area (area 51 in FIG. 51), and the secret R / W
LENGTH indicating the size of the area to be operated on, for example, in bytes. In the present embodiment, the OP code is represented by 1 byte, ADDRESS is represented by 4 bytes, and LENGTH is represented by 2 bytes. Of the command data, data excluding the OP code is called an operand or a parameter. The secure R / W area operation command applied in the present embodiment includes, in addition to the CHANGE command (confidential R / W area change command) described above, data reading from the designated area of the secure R / W area 351. READ command to instruct (Confidential R / W
Area read command), a WRITE command for instructing data writing to a designated area of the secure R / W area 351 (a secure R / W area write command), and ERASE for instructing data erasure of a designated area in the secure R / W area 351. There is a command (secret R / W area deletion command).

Next, the operation of this embodiment will be described with reference to FIGS.
This will be described with reference to the flowchart of FIG. First, LCM1
0 from the secure content server 11 to the media I
/ F section 13 (or PD I / F section 12)
It is assumed that transmission of the secret R / W area operation command to M30 has been requested and the corresponding command data has been passed. Then, the I / F unit 13 (or 12) processes the entire command data passed from the secure content server 11,
That is, the command encryption unit 130 (or 120) converts the command data of a total of 7 bytes of the OP code (1 byte), ADDRESS (4 bytes), and LENGTH (2 bytes) using the command encryption key of the LCM 10.
And encrypts the encrypted command data with S
According to the END command, it is transmitted to the controller 31 of the PM 30 as it is (or via the PD 20) (step S1).

The controller 31 in the PM 30
When receiving the encrypted command sent from the 10 side, the encrypted command is passed to the command decryption unit 32 and a decryption request is made (step S2).

Then, the command decryption unit 32 decrypts the encrypted command passed from the controller 31 with the command decryption key generated corresponding to the command encryption key used for encrypting the command (step S3). . This command decryption key is transmitted by the controller 31 according to a key generation algorithm shared between the LCM 10 and the controller 31 of the PM 30, for example, through communication between the LCM 10 and the controller 31 of the PM 30 performed prior to transmission of the corresponding confidential R / W area operation command. Generated. The generated command decryption key is P
It is stored in the working memory 33 of M30. On the other hand, a command encryption key corresponding to the command decryption key is generated by the secure content server 11 of the LCM 10.

After decrypting the encrypted command, the command decryption unit 32 returns the decrypted command, that is, a plain text command, to the controller 31 (step S4). Accordingly, the controller 31 interprets the OP code of the command (the decrypted confidential R / W area operation command) returned from the command decrypting unit 32 and determines the command type (command type) (step S5).

If the OP code specifies a READ command (secret R / W area read command) (step S6), the controller 31 sends the parameters (operands) ADDRESS, LEN of the READ command.
According to GTH, the secret R / specified by ADDRESS
LENGTH byte data is read from the position of the W area 351 (step S7), and the read data is
The data is transferred to the CM 10, and the operation (execution of the READ command) is completed (step S8).

If the OP code specifies a WRITE command (a secret R / W area write command) (step S9), the controller 31
Command parameters ADDRESS (address), L
ENGTH (data length) is temporarily stored in the work memory 33 (step S10). By the processing in step S10, information indicating the storage location (start position) and the data length of the write data transferred from the LCM 10 following the WRITE command is held in the work memory 33.

After executing step S10, the controller 31 receives write data transferred from the LCM 10 (step S11). The LCM 10 then stores the received write data in accordance with the parameters ADDRESS and LENGTH of the WRITE command stored in the work memory 33 in the previous step S10.
LEN from the position of the secret R / W area 351 specified by S
Only the GTH byte is written and the operation (execution of the WRITE command) ends (step S12).

If the OP code specifies an ERASE command (erase command) (step S1)
3), the controller 31 performs AD control according to the parameters ADDRESS and LENGTH of the ERASE command.
The data corresponding to the data length (byte length) specified by LENGTH is erased from the position of the secret R / W area 351 specified by DRESS, and the operation (execution of the ERASE command) is completed (step S14). Here, data erasing is performed by storing predetermined data, for example, 0 in a corresponding area.
Is written, that is, by replacing the data in the corresponding area with 0.

If the OP code specifies a CHANGE command (secret R / W area change instruction) (step S15), the controller 31 sends the CHANGE command to the CHANGE command.
ADDRESS in the command (that is, the start address of the confidential R / W area 351 that has been changed and specified) and the start address of the confidential R / W area 351 stored at a predetermined position in the confidential R / W area 351 (that is, the current start address). By comparing with the secret R / W area 351 (the start address of the secret R / W area 351), the secret R / W
It is determined whether reduction of the W area 351 is designated (that is, whether enlargement is designated) (step S1).
6).

If the designated start address of the secret R / W area 351 is larger than the current start address, the controller 31 determines that reduction of the secret R / W area 351 is specified, and The corresponding data is erased from the address by the data length indicated by LENGTH in the CHANGE command (that is, up to the designated start address) (step S17). Then, the controller 31 determines the start position of the secret R / W area 351 (the secret R / W
The boundary position between the area 351 and the public R / W area 352 is C
Change to the position specified by ADDRESS in the HANGE command, and change the secret R / W area 351 to CHANGE.
At the same time as reducing by the size specified by LENGTH in the command, the public R / W area 352 is expanded by the same size, and the operation (execution of the CHANGE command) ends (step S18). The process of step S18 is a process in which information on the start address and size of the secret R / W area 351 stored at a predetermined position on the end address side of the secret R / W area 351 is stored in the secret R / W area 351. This is realized by rewriting the information after reduction.

On the other hand, if the designated start address of the secret R / W area 351 is smaller than the current start address, the controller 31 determines that the enlargement of the secret R / W area 351 has been designated, and From the specified start address (the address of the flash memory 35 specified by ADDRESS in the CHANGE command), data corresponding to the data length indicated by LENGTH in the CHANGE command (that is, up to the current start address) is erased (step S19). . And controller 3
1 indicates that the start position of the secret R / W area 351 is CHANGE.
The position is changed to the position specified by ADDRESS in the command, the confidential R / W area 351 is enlarged by the size specified by LENGTH in the CHANGE command, and the public R / W area 352 is reduced by the same size. CHANGE command execution) is ended (step S20). The process of step S20 is a process in which information on the start address and size of the secret R / W area 351 stored at a predetermined position on the end address side of the secret R / W area 351 is stored in the secret R / W area 351. This is realized by rewriting the information after the enlargement.

FIG. 8 shows a state in which the start address of the secret R / W area 351 is AD1, and A
7 shows a memory map of the flash memory 35 after execution of the CHANGE command when a change to D2 (where AD2> AD1) is specified. Here, the area 353 from AD1 to AD2 in the flash memory 35
Are erased in step S17. Then, the secret R / W area 351 is reduced by the area 353, and the public R / W area 352 is expanded.

As described above, the secret R / W area operation command is
A case has been described where the data is encrypted including the code (that is, the entire command data is encrypted) and sent from the LCM 10 (the media I / F unit 13 or the PD I / F unit 12 therein) to the PM 30 by the SEND instruction. It is not limited to this. For example, a command (instruction) in the form of FIG.
, The OP code in the command data is not encrypted, only the parameter (operand) is encrypted, and the command data itself in which only the parameter is encrypted is L.
You may send it from CM10 to PM30 side.

The operation of the PM 30 in this case will be briefly described.

First, when the controller 31 receives from the LCM 10 an encrypted command of the format shown in FIG. 9 in which only the parameters are encrypted, the controller 31 interprets the unencrypted OP code in the command, and according to the result of the interpretation. PM30
(Operation allocation) is optimized.

The size of the OP code is 1 byte, which is short data. However, when the OP code is also encrypted as in the above example, the OP code also needs to be decrypted, and the decryption requires a certain overhead.

However, if the OP code is not encrypted, the OP code can be interpreted immediately upon receipt of the command from the LCM 10.
The operation of M30 can be optimized. That is, the controller 31 determines whether the received command is a READ command, a WRITE command, an ERASE command, or a CHANGE command among the confidential R / W area operation commands by interpreting the OP code.
Immediately enters the execution sequence of the determined command. Then, in the execution sequence, the controller 31 passes a portion excluding the OP code in the received command, that is, an encrypted parameter (operand) to the command decryption unit 32, and requests decryption.

The command decryption unit 32 includes a controller 31
Decrypts the encryption parameter (operand) passed from. The decryption operation of the command decryption unit 32 is the same as the previous decryption of the encrypted command, except that the decryption target is an encryption parameter. When decrypting the encrypted parameter, the command decryption unit 32 returns the decrypted parameter, that is, the plaintext parameter (operand) to the controller 31.

When the controller 31 receives a plaintext parameter from the command decoding unit 32 in the execution sequence, the controller 31 performs an operation unique to the sequence, that is, an operation for instructing the previously interpreted command, according to the parameter.

[0048]

As described above in detail, according to the present invention, the whole or parameter portion of the secret area operation command for operating the secret area secured in the storage medium used for recording / reproducing digital contents is controlled. Since the data is encrypted and sent to the storage medium, and the storage medium decrypts and executes the data, it is possible to prevent security from being broken due to falsification of the secret area operation command.

Further, according to the present invention, the boundary between the secret area and the public area continuously secured on the memory area of the storage medium is moved by the specific secret area operation command, and the size ratio of the secret area and the public area is changed. Not only can be changed, but at least when the secret area is reduced and changed, the data of the changed part is automatically deleted when the secret area is changed, so that leakage of the secret data can be prevented.

[Brief description of the drawings]

FIG. 1 is a block diagram mainly showing the configuration of a content use management system according to an embodiment of the present invention.

FIG. 2 is a block diagram showing a configuration of a PM 30 in FIG.

FIG. 3 is a view showing an example of a memory map of a storage area of a flash memory 35 in FIG. 2;

FIG. 4 is a diagram showing a format of a secret R / W area operation command encrypted including an OP code.

FIG. 5 is a diagram showing a part of a flowchart for explaining a series of operations from transmission to execution of an encryption command for operating a secret R / W area;

FIG. 6 is a diagram showing another part of the flowchart for explaining a series of operations from transmission to execution of the encryption command for operating the secret R / W area.

FIG. 7 is a view showing the rest of the flowchart for explaining a series of operations from transmission to execution of the encryption command for operating the secret R / W area.

FIG. 8 shows that the start address of the secret R / W area 351 is AD1.
In the state of, AD2 (however,
AD2> AD1)
Flash memory 3 after execution of the CHANGE command
5 is a diagram showing a memory map of FIG.

FIG. 9 is a diagram showing a format of a secret R / W area operation command in which only parameters are encrypted.

[Explanation of symbols]

DESCRIPTION OF SYMBOLS 1 ... PC (personal computer) 10 ... LCM (content use management system, content management device) 11 ... Secure content server 12 ... PD I / F part (transmission means) 13 ... Media I / F part (transmission means) 14 ... User I / F unit 20 ... PD (recording / reproducing device) 30 ... PM (storage medium, storage medium) 31 ... Controller 32 ... Command decryption unit 33 ... Work memory 34 ... ROM 35 ... Flash memory 120,130 ... Command encryption Part 351: Secret R / W area 352: Public R / W area

Continued on the front page F term (reference) 5B017 AA07 BA07 BB00 CA14 5C064 BA07 BB02 BC06 BC16 BC25 CA14 CB08 CC04 5J104 AA12 EA10 NA02

Claims (5)

[Claims] 1. A confidential area secured on a storage medium on which digital content is recorded, in which information including a content decryption key necessary for decrypting the content is recorded, and which can be accessed only by a specific procedure. Is a content management method of operating a secret area operation command that is a dedicated command, and when issuing a desired type of secret area operation command for the storage medium, encrypts the entire command or a parameter portion of the command. When the storage medium side receives the secret area operation command in which the entire command or parameter portion is encrypted, the storage medium side decodes the entire command or parameter portion of the command, and performs the encryption in accordance with the decrypted secret area operation command. Content management method characterized by operating an area . 2. A predetermined memory area on a storage medium is divided to decode the content, which is secured in contact with a public area where digital content is recorded and which can be accessed in a normal procedure. A content management method in which information including a content decryption key necessary for the above is recorded, and a secret area accessible only by a specific procedure is operated by a secret area operation command that is a dedicated command. Issuance of a desired type of secret area operation command, the entire command or the parameter part of the command is encrypted, and the storage medium receives the secret area operation command in which the entire command or the parameter part is encrypted. In this case, the entire command or parameter part of the command Operate the secret area according to the secret area operation command that was performed, if the command is a specific secret area operation command to instruct the change of the size of the secret area,
The size of the secret area is changed by moving a boundary between the secret area and the public area, and at least when the secret area is reduced and changed, data of the changed part is erased when the secret area is changed. A content management method characterized by the following. 3. A confidential area secured on a storage medium on which digital content is recorded, in which information including a content decryption key necessary for decrypting the content is recorded, and which can be accessed only by a specific procedure. Is operated by a secret area operation command that is a dedicated command, and when issuing a desired type of secret area operation command for the storage medium, encrypts the entire command or a parameter portion of the command. A content encryption device for transmitting, to the storage medium, a confidential area operation command in which the entire command or the parameter portion is encrypted by the command encryption unit. . 4. A storage medium on which digital content is recorded, wherein information including a content decryption key necessary for decrypting the content recorded on the storage medium is recorded, and can be accessed only by a specific procedure. And a dedicated command for operating the secret area,
Command decryption means for decrypting the entire command or parameter portion of the encrypted secret area operation command when receiving the secret area operation command in which the entire command or the parameter part of the command is encrypted; A storage medium comprising: a controller that operates the secret area in accordance with the secret area operation command decrypted by the means. 5. A public area in which digital content is recorded and accessible by ordinary procedures, and information including a content decryption key necessary for decrypting the content recorded in the public area are recorded. A memory secured with a secret area accessible only in a specific procedure and bordered, and a dedicated command for operating the secret area,
Command decryption means for decrypting the entire command or parameter portion of the encrypted secret area operation command when receiving the secret area operation command in which the entire command or the parameter part of the command is encrypted; A controller for operating the secret area in accordance with the secret area operation command decrypted by the means, wherein when the command is a specific secret area operation command for instructing a change in the size of the secret area, the secret area and the public A controller that changes the size of the secret area by moving the boundary with the area, and at least, when the secret area is reduced and changed, erases the data of the changed part when the secret area is changed. Characteristic storage medium.