Terminal Device, Verification Device, Key Distribution Device, Content Playback Method, Key Distribution Method, and Computer Program

1. A key distribution system that distributes a key of content from a key distribution device to a terminal device, wherein the key distribution device comprises: a content holding unit configured to hold therein encrypted content that is content encrypted with use of a title key; a content signature holding unit configured to hold therein a content signature generated by an authorized signature device for verifying whether the encrypted content is authorized; a title key holding unit configured to hold therein the title key; a key generation unit configured to generate a converted title key by converting the title key with use of a parameter of the content signature, wherein a reconstructed title key can be subsequently generated as an authorized title key by reversely converting the converted title key with use of the parameter of said content signature; and a recording unit configured to record the encrypted content, the content signature, and the converted title key into a recording medium device, and the terminal device comprises: a receive unit configured to receive the encrypted content, the content signature, and the converted title key from the key distribution device; and a write unit configured to write the encrypted content and the content signature into the recording medium device, and to write the converted title key into a protected area of the recording medium device, wherein subsequently, said converted title key can be reversely converted to generate a reconstructed title key to decrypt said encrypted content and to play back the decrypted content.

2. The terminal device used in the key distribution system of claim 1 .

3. A terminal device comprising: a receive unit configured to receive encrypted content that is content encrypted with use of a title key, a content signature, and a converted title key from a key distribution device, the converted title key having been converted and calculated from a parameter of the title key by the key distribution device with use of another parameter of the content signature generated by an authorized signature device; and a write unit configured to write the encrypted content and the content signature into a recording medium device, and to write the converted title key into a protected area of the recording medium device, wherein subsequently, said converted title key can be reversely converted to generate a reconstructed title key as an authorized title key with use of the parameter of said content signature so as to decrypt said encrypted content and to play back the decrypted content.

4. The terminal device of claim 3 , wherein the receive unit receives a usage condition of the encrypted content, the write unit writes the usage condition into the recording medium device, and the converted title key has been generated from the content signature generated by the authorized signature device, the usage condition, and the title key.

5. The terminal device of claim 4 , wherein the converted title key has been generated as a result of a predetermined calculation performed on concatenated data and the title key, the concatenated data being obtained by concatenating the content signature and the usage condition.

6. The terminal device of claim 3 , further comprising: a read unit configured to read a medium identifier indentifying the recording medium device; and a transmission unit configured to transmit the medium identifier to the recording medium device, wherein the receive unit receives, from the key distribution device, a message authentication code (MAC) that has been calculated by the key distribution device from the medium identifier and the title key, the write unit writes the MAC into the recording medium device, and the terminal device compares the received MAC to an MAC that is calculated from the medium identifier read from the recording medium device and the title key, and when the received MAC does not match the calculated MAC, the terminal device refrains from starting playback of the encrypted content.

7. A content recording method used in a terminal device, the content recording method comprising the steps of: receiving encrypted content that is content encrypted with use of a title key, a content signature and a converted title key from a key distribution device, the converted title key having been converted and calculated from a parameter of the title key by the key distribution device with use of another parameter of the content signature generated by an authorized signature device; and writing the encrypted content and the content signature into a recording medium device, and writing the converted title key into a protected area of the recording medium device, wherein subsequently, said converted title key can be reversely converted to generate a reconstructed title key as an authorized title key with use of the parameter of said content signature so as to decrypt said encrypted content and to play back the decrypted content.

8. The content recording method of claim 7 , further comprising the steps of: receiving a usage condition of the encrypted content; and writing the usage condition into the recording medium device, wherein the converted title key has been generated from the content signature generated by the authorized signature device, the usage condition, and the title key.

9. The content recording method of claim 8 , wherein the converted title key has been generated as a result of a predetermined calculation performed on concatenated data and the title key, the concatenated data being obtained by concatenating the content signature and the usage condition.

10. The content recording method of claim 7 , further comprising: reading a medium identifier indentifying the recording medium device; transmitting the medium identifier to the recording medium device; receiving, from the key distribution device, a message authentication code (MAC) that has been calculated by the key distribution device from the medium identifier and the title key; writing the MAC into the recording medium device; and controlling playback of the encrypted content, by comparing the received MAC to an MAC that is calculated from the medium identifier read from the recording medium device and the title key, and when the received MAC does not match the calculated MAC, refraining from starting the playback of the encrypted content.