The present invention relates to a method for controlling the activation of a content.
A reproduction apparatus that enables reproduction of games, music, photos, moving images, etc., browsing of web contents, and the like is normally provided with a firmware. The firmware meant here is a program for supplying a user with an interface for controlling the reproduction apparatus to realize such functions and realizing a function of transferring the control of the reproduction apparatus to a paid content program of a game or the like. A firmware is updated periodically for the purpose of adding new functions or the like and normally made available to the public free of charge. The user can run the new functions on his/her reproduction apparatus by acquiring updated functions through such procedure as downloading a new firmware.
Anyone can freely obtain a firmware, which is open to the public. Therefore, there are possibilities that the system in the firmware for transferring control to a content program is falsified or tampered with by a third party other than the firmware supplier and thus a content program that should not normally be executed by the reproduction apparatus, such as a content illegally extracted from a recording medium, is executed.
The present invention has been made in view of problems such as described above, and a purpose thereof is to provide a technology for controlling the activating of a program safely by a reproduction apparatus.
In order to resolve the above-described problems, one embodiment of the present invention relates to a method for activating a content by a processor. The method comprises: verifying whether a firmware for controlling the activation of the content has been falsified or not, prior to the activation of the content; setting a decoding key to the firmware, the decoding key being used to decode an encrypted activation program for activating the content, when the firmware has not been falsified; and decoding the encrypted activation program by using the firmware with the decoding key set thereto.
In order to resolve the above-described problems, another embodiment of the present invention relates to a content reproduction apparatus. The apparatus comprises: a firmware verification unit configured to verify whether a firmware for controlling the activation of a content has been falsified or not, prior to the activation of the content; a decoding key setting unit configured to set a decoding key to the firmware, the decoding key being used to decode an encrypted activation program for activating the content, when the firmware has not been falsified; and an activation program decoding unit configured to decode the encrypted activation program by using the firmware with the decoding key set thereto.
Optional combinations of the aforementioned constituting elements, and implementations of the invention in the form of methods, systems, computer programs, recording media recording the computer programs, and so forth may also be effective as additional modes of the present invention.
The present invention achieves a technique by which to safely control the activating of a program by a reproduction apparatus.
The preferred embodiments of the present invention (hereinafter referred to as “embodiments”) will be described by dividing them into three embodiments, namely, first embodiment, second embodiment, and third embodiment. These embodiments will be first outlined before a description thereof. Hereinbelow, an explanation of a content program will be given by taking a game program as an example.
The first embodiment is such that an activation program for activating a game is encrypted in advance and a key to be used in decoding the activation program is embedded in a firmware. The second embodiment is such that a verification to determine whether the firmware of a reproduction apparatus has been falsified or not is performed in a game program executed by the reproduction apparatus; if any falsification is verified, the game program is terminated. The third embodiment is such that a verification to determine whether the firmware of a reproduction apparatus has been falsified or not is performed prior to the activating of a game program; if the absence of any falsification is verified, a key used to decode a previously encrypted activation program for activating the game is put in a usable state. In the third embodiment, the verification to determine any falsification of the firmware and the setting of the key are done by a dedicated program which is different from the programs of the firmware, game, or the like. This program, which is read out before the activating of a game and executed, is not resident in memory.
The firmware 100 includes an execution instruction receiving section 102, a decoding key setting section 104, an activation program decoding section 106, a decoding key storage 108, and a firmware-side control transfer section 110. The execution instruction receiving section 102 receives an instruction for execution of a game program from the user of the reproduction apparatus. This can be accomplished by the use of a known technology such as GUI (Graphical User Interface). The decoding key setting section 104 first receives information on a game program from the execution instruction receiving section 102. Then the decoding key setting section 104 acquires a key to be used in decoding a program for activating the game from the decoding key storage 108.
It is to be noted here that the activation program for activating the game is encrypted in advance by the creator of the game. The key to be used for encryption and decoding must be a latest key stored in the latest firmware 100 at the creation of the game. If the arrangement is such that a key is added whenever the firmware 100 is updated, then an attempt by a third party at decoding the activation program employing the latest key will fail even when there has been a leak of a past key to the third party through some means. Also, when a leak of a latest key to a third party has been confirmed, the firmware 100 may be again updated to one with a new key added.
Therefore, the “information on a game program” is information by which to identify a key for decoding an activation program of the game, or more specifically information such as the release date and title of the game or the version of the key. Also, the decoding key storage 108 stores all the keys having been created for the decoding of the activation programs of the games released in the past.
It is to be noted here that encryption and decoding of an activation program can be accomplished by the use of a known public key cryptosystem such as the RSA cryptosystem. Alternatively, they may be accomplished by the use of a shared key agreed upon in advance between the creator of the firmware 100 and the creator of the game program 200.
The activation program decoding section 106 receives the key which the decoding key setting section 104 has acquired from the decoding key storage 108 and decodes the activation program. With the activation program decoded, the firmware-side control transfer section 110 transfers the control of the reproduction apparatus to the game program 200.
The game program 200 includes a game program activation section 202, a game program execution section 204, and a game program-side control transfer section 206.
The game program activation section 202 performs an initialization for the execution of a game program at the reproduction apparatus by executing an activation program decoded by the activation program decoding section 106. The game program execution section 204 executes the main part of the game program and controls the reproduction apparatus, thereby presenting the game to the user. Upon termination of the game program at the game program execution section 204, the game program-side control transfer section 206 transfers the control of the reproduction apparatus to the firmware 100 by performing a post-processing such as memory release.
The execution instruction receiving section 102 receives an instruction for execution of a game program from the user of the reproduction apparatus (S10). The decoding key setting section 104 acquires a key for decoding an activation program from the decoding key storage 108 (S12). The activation program decoding section 106 receives the key which the decoding key setting section 104 has acquired from the decoding key storage 108 and decodes the activation program (S14). With the activation program decoded, the firmware-side control transfer section 110 transfers the control of the reproduction apparatus to the game program 200 (S16).
The game program activation section 202 performs an initialization for the execution of the game program at the reproduction apparatus by executing the activation program (S18). The game program execution section 204 controls the reproduction apparatus, thereby presenting the game to the user (S20). Upon termination of the game program at the game program execution section 204, the game program-side control transfer section 206 transfers the control of the reproduction apparatus to the firmware 100 (S22). With the completion of the transfer of control, the processings of the present flowchart come to an end.
A scene of actual use according to the first embodiment implementing the structure as described above is described below. First, the user inserts a recording medium storing a game program in the reproduction apparatus and instructs the start of the game. The firmware 100 verifies the information on the game program and sets the key for decoding the activation program. With the key set, the activation program is decoded and the user can play the game.
If the firmware 100 determines from the information on the game program that the firmware 100 does not have the key for decoding the activation program, the firmware 100 will issue a message to the user that the firmware 100 must be updated using an updating firmware stored in the recording medium storing the game program or that the firmware 100 must be updated by downloading a latest firmware through a network or the like.
Thus, according to the first embodiment, even when there has been a leak of a key possessed by the firmware 100 to a third party for some reason (for example, a third party obtains the key through analysis of the firmware 100), updating the firmware by adding a new key can prevent the third party from illegally playing the game with an activation program encrypted using the key.
The game program 200 according to the second embodiment, as with the game program 200 according to the first embodiment, includes a game program activation section 202, a game program execution section 204, and a game program-side control transfer section 206. The game program 200 in the second embodiment further includes a firmware verification section 210.
The game program activation section 202 performs an initialization for the execution of a game program at the reproduction apparatus by executing an activation program decoded by the activation program decoding section 106. With the game on by the execution of the activation program, the firmware verification section 210 performs a verification to determine whether the firmware 100 loaded in the reproduction apparatus has been falsified by a third party or not.
Here the firmware verification section 210 can accomplish the verification with the supplier of the firmware providing an API (Application Program Interface) to the developer of the game. The API verifies whether the firmware has been falsified by a third party or not by a known method such as checking on the memory assignment of the execution program and data of the firmware 100 which have been loaded in the memory 400.
When the firmware verification section 210 has confirmed the validity of the firmware 100 as being one provided by the supplier of the firmware, the game program execution section 204 presents the game to the user by controlling the reproduction apparatus. Upon termination of the game program at the game program execution section 204, the game program-side control transfer section 206 transfers the control of the reproduction apparatus to the firmware 100. If the firmware verification section 210 determines the invalidity of the firmware 100, the firmware verification section 210 conveys it to the game program-side control transfer section 206, which transfers the control of the reproduction apparatus to the firmware 100.
Or it may also be so arranged that when the firmware verification section 210 determines the invalidity of the firmware 100, the game program execution section 204 executes the game program in an invalidity detection mode different from when the validity of the firmware 100 is determined. The “invalidity detection mode” meant here is a mode into which the game program execution section 204 enters when the firmware verification section 210 has determined the invalidity of the firmware 100. In this mode, the game program execution section 204 displays a message indicating the invalidity of the firmware or executes the game program by raising the challenge level of the game higher than normal. The adjustment of the challenge level of the game can be made by adjusting the parameters in the execution of the game, such as quickening the progress speed of the game or making an enemy in the game stronger.
With the game on by the execution of the activation program, the firmware verification section 210 performs a verification to determine whether the firmware 100 loaded in the reproduction apparatus has been falsified by a third party or not (S24). If the firmware 100 is valid (S26Y), the game program execution section 204 will present the game to the user by controlling the reproduction apparatus (S28). Upon termination of the game program at the game program execution section 204, the game program-side control transfer section 206 transfers the control of the reproduction apparatus to the firmware 100 (S30). If the firmware 100 is not valid (S26N), the game program will not be executed, with the control of the reproduction apparatus transferred immediately to the firmware 100 (S30). With the control of the reproduction apparatus transferred to the firmware 100, the processings of the present flowchart come to an end. Note that provided the game program execution section 204 has an “invalidity detection mode”, the arrangement may also be such that when the firmware 100 is not valid (S26N), the game program is executed with the game program execution section 204 entering the “invalidity detection mode”.
A scene of actual use according to the second embodiment implementing the structure as described above is described below. Similar to the first embodiment, the user first inserts a recording medium storing a game program in the reproduction apparatus and instructs the start of the game. The firmware 100 verifies the information on the game program and sets the key for decoding the activation program. With the key set, the activation program is decoded and the game program starts running.
With the start of the game program, a verification to determine whether the firmware 100 has been falsified by a third party or not is performed within the game program. If it is determined that the firmware 100 has been falsified by a third party, then the processings of the game program will be terminated without the main part of the game executed. Thus, even when the game program is executed illegally as a result of falsification of the firmware 100 by a third party and a leak of the key for decoding the activation program, the game program can be terminated without the main part thereof being executed.
The firmware 100 includes an execution instruction receiving section 102, an activation program decoding section 106, and a firmware-side control transfer section 110. When the execution instruction receiving section 102 receives an instruction for execution of a game program from the user of the reproduction apparatus, the decoding key setting program 300 is loaded into the memory 400 and executed.
The decoding key setting program 300 includes a firmware verification section 310, a decoding key setting section 304, and a decoding key storage 308. When the decoding key setting program 300 is started, the firmware verification section 310 first performs a verification to determine whether the firmware 100 loaded in the reproduction apparatus has been falsified by a third party or not. If the absence of any falsification in the firmware 100 is verified, the decoding key setting section 304 will select a key for decoding an activation program from the decoding key storage 308, based on information on a game program received from the execution instruction receiving section 102 via the firmware verification section 310, and will hand over the key to the activation program decoding section 106. When the activation program decoding section 106 receives the key, the execution of the decoding key setting program 300 is terminated and the program 300 is released from the memory 400.
When it is verified that the firmware 100 is falsified, the firmware verification section 310 does nothing and hands over the processing to the activation program decoding section 106, so that the execution of the decoding key setting program 300 is terminated and the program 300 is released from the memory 400.
If the activation program decoding section 106 receives the key from the decoding key setting section 304, it will decode the activation program. If the activation program decoding section 106 does not receive the key from the decoding key setting section 304, it will do nothing. The firmware-side control transfer section 110 transfers the control of the reproduction apparatus to the game program 200.
The game program activation section 202 attempts to start an activation program. Where the activation program is decoded by the activation program decoding section 106, the activation program is properly executed and an initialization for the execution of the game program is performed at the reproduction apparatus. After the initialization, the game program execution section 204 executes the main part of the game and presents the game to the user. Upon termination of the game, the game program execution section 204 transfers the control to the game program-side control transfer section 206.
If the activation program is not decoded by the activation program decoding section 106, the game program activation section 202 cannot start the activation program. In such a case, the game program activation section 202 transfers the control to the game program-side control transfer section 206 without starting the activation program. If the activation program is not decoded, it will be assumed that the firmware 100 has been falsified and therefore a message indicating as such to the user may be displayed and/or a message prompting the user to update the firmware 100 may be displayed.
The game program-side control transfer section 206 transfers the control of the reproduction apparatus to the firmware 100.
A flow of processings done by the firmware 100, the game program 200 and the decoding key setting program 300 from an execution instruction to the end of a game will be described with reference to
When the execution instruction receiving section 102 receives an instruction for execution of a game program from the user of the reproduction apparatus (S32), the execution instruction receiving section 102 loads the decoding key setting program 300 into the memory 400 and executes the program 300 (S34). The firmware verification section 310 performs a verification to determine whether the firmware 100 has been falsified by a third party or not (S36). If it is verified that the firmware 100 is one in which no falsification has been found, namely the firmware 100 is valid (S38Y), the decoding key setting section 304 will acquire a key used to decode the activation program, from the decoding key storage 308 (S40). Upon receipt of the key from the decoding key setting section 304, the activation program decoding section 106 will decode the activation program (S42).
If it is verified that the firmware 100 has been falsified (S38N), the decoding key setting program 300 will transfer the control to the activation program decoding section 106 of the firmware 100 without acquiring the key. The firmware-side control transfer section 110 transfers the control of the reproduction apparatus to the game program 200, regardless of whether the activation program decoding section 106 has decoded the activation program or not.
The game program activation section 202 attempts to start the activation program (S46). If the activation program is decoded by the activation program decoding section 106, the start of the activation program is successful (S48Y) and an initialization for the execution of a game program is performed at the reproduction apparatus. After the initialization, the game program execution section 204 executes the main part of the game and presents the game to the user (S50). Upon termination of the game, the game program-side control transfer section 206 transfers the control of the reproduction apparatus to the firmware 100 (S52).
If the activation program is not decoded by the activation program decoding section 106, the game program activation section 202 cannot start the activation program (S48N). In such a case, the main part of the game is not executed and the game program-side control transfer section 206 transfers the control of the reproduction apparatus to the firmware 100 (S52). When the control of the reproduction apparatus is transferred to the firmware 100, the processing in this flowchart comes to an end.
A scene of actual use according to the third embodiment implementing the structure as described above is described below. Similar to the first embodiment, the user first inserts a recording medium storing a game program in the reproduction apparatus and instructs the start of the game. The firmware 100 verifies the information on the game program and executes the decoding key setting program 300. If the firmware 300 is not falsified, the decoding key setting program 300 will properly set a key for decoding the activation program, so that the user can play the game.
If the firmware 100 determines from the information on the game program that the firmware 100 does not have the key for decoding the activation program, the firmware 100 will replace it by the decoding setting program 300 for use in data update, which is stored in the recording medium storing the game program. Alternatively, the firmware 100 will issue a message to the user that the decoding key setting program 300 must be updated by downloading a latest decoding key setting program through a network or the like.
Thus, according to the third embodiment, even when the firmware 100 is analyzed by a third party, there is no key available to decode the activation program in the firmware 100 and therefore the key will not be leaked to any third party. In a case of the second embodiment, a verification to determine whether the firmware 100 has been falsified by a third party or not is performed within the game program 200. Therefore there are possibilities in the second embodiment that this verification process may be skipped and a game can be illegally played if the third party falsifies the game program. By employing the third embodiment, if it is verified that the firmware 100 is not valid, the game program 200 will not be started at all in the first place. This can prevent the third party from illegally executing the game program 200 by falsifying it.
As described above, the firmware 100 not only serves a function of transferring the control of the reproduction apparatus to the game program 200 by decoding the activation program but also performs a role of reproducing still or moving images on the reproduction apparatus and achieving a function of viewing Web contents and the like. In order to update the firmware 100, all of these functions must be at least verified to operate properly and therefore the frequency of updating the firmware 100 is limited to once in a few months.
According to the third embodiment, the decoding key setting program 300 for performing a verification to determine whether the firmware 100 has been falsified or not and setting the key used to decode the activation program resides separately from the firmware 100. The updating of the decoding key setting program 300 is not bound or affected by the update timing of the firmware 100, so that the frequency of updating the decoding key setting program 300 can be set higher than that of updating the firmware 100. Thus, if a third party attempts to falsify the firmware 100 and the decoding key setting program 300 and illegally execute a game, the decoding key setting program 300 can be updated at an early stage and therefore a new key can be added promptly.
Further, the decoding key setting program 300, which differs from the firmware 100, is a program specialized in the activating of a game. Thus, the decoding key setting program 300 can be distributed to users in such a manner that the decoding key setting program 300 is stored, together with the game program 200, in the recording medium storing the game program 200. This is because the decoding key setting program 300 is not required by a user who does not play the game. In this modification, as compared with a case where the firmware 100 is made available to the public through the Internet or the like, there is less chance for a third party to obtain the decoding key setting program 300. This is advantageous in that the program is less likely to be falsified. Also, the decoding key setting program 300 is called prior to the start of the game program 200 and then it is released from memory when the processing comes to an end. Since the decoding key setting program 300 is not resident in memory, this achieves another advantageous affect in that it is difficult for the third party to analyze the program.
Also, it suffices that the size of the decoding setting program 300 is about one several tenth of that of the firmware 100. This is further advantageous in the following point. That is, this is stress-free on user's part if a new decoding key setting program 300 is automatically downloaded after he/she has connected the reproduction apparatus to the Internet or the like, for instance. This is because the downloading is completed in a short time as compared with a case where the firmware 100 is downloaded.
The present invention has been described based upon illustrative embodiments. The above-described embodiments are intended to be illustrative only and it will be obvious to those skilled in the art that various modifications to the combination of constituting elements and processes could be developed and that such modifications are also within the scope of the present invention.
A description is given so far of a case where the creator of a game encrypts beforehand the activation program. In another modification, the creator of a game can not only encrypt the activation program but also add an electronic signature to the activation program. In such a case, an arrangement is such that the activation program decoding section 106 decodes the activation program and, at the same time, verifies the digital signature. Or a digital signature verification section (not shown) may be provided inside the activation program decoding section 106, so that the digital signature verification section may verify the digital signature. In addition to the encryption of the activation program, the digital signature is given, so that this modification is further advantageous in that the possible falsification of the activation program can be verified.
The invention is applicable to the controlling of activating a content.
Number | Date | Country | Kind |
---|---|---|---|
2009226894 | Sep 2009 | JP | national |
Filing Document | Filing Date | Country | Kind | 371c Date |
---|---|---|---|---|
PCT/JP10/02849 | 4/20/2010 | WO | 00 | 2/3/2011 |