Data distribution system and recorder for use therein
First Claim
1. (Amended) A data distribution system comprising:
- a plurality of terminals (100, 101); and
a content provision device (10, 11) distributing encrypted content data ({Data}Kc) and a license key (Kc) to said plurality of terminals, said license key serving as a decryption key decrypting said encrypted content data to obtain plaintext content data (Data), wherein;
each said terminal includes a first interface unit (1102) provided to externally communicate data, and a distributed-data deciphering unit (110, 115) receiving and recording at least said license key therein;
said deciphering unit has a first authentication data hold unit (1400) holding first class certification data (Cmc(m)) determined to correspond to said deciphering unit, for output via said first interface unit when said license key is received, said first class certification data (Cmc(m)) being encrypted in a state authenticatable through decryption using an authentication key (KPma), and a first storage unit (1415, 1440) provided to record said encrypted content data and said license key therein; and
said content provision device includes a second interface unit (350) provided to externally communicate data, a first authentication unit (312) receiving from said second interface unit said first class certification data encrypted in a state capable of verifying authenticity through decryption using said authentication key, and decrypting said first class certification data with said authentication key to confirm said authenticity, a class revocation list hold unit (306) holding a class revocation list (CRL) listing said first class certification data subjected to revocation of said distribution, and a distribution control unit (315) suspending at least a distribution operation distributing said content key to each said terminal having said deciphering unit, if said first authentication unit obtains said first class certification data listed on said class revocation list held in said class revocation list hold unit.
1 Assignment
0 Petitions
Accused Products
Abstract
A license server (10) includes a CRL database (306) holding a revocation list recording therein classes predetermined corresponding respectively to a memory device, such as a memory card, and a content reproduction circuit, such as a cellular phone, that are subjected to revocation of distributing, reproducing and transferring content data. A distribution control unit (315) suspends an operation distributing content data if the distribution is addressed to a class listed on the revocation list. The revocation list is also held in the memory card and distribution control unit (315) in distributing content also transmits information for updating the revocation list in the memory card.
62 Citations
39 Claims
-
1. (Amended) A data distribution system comprising:
-
a plurality of terminals (100, 101); and
a content provision device (10, 11) distributing encrypted content data ({Data}Kc) and a license key (Kc) to said plurality of terminals, said license key serving as a decryption key decrypting said encrypted content data to obtain plaintext content data (Data), wherein;
each said terminal includes a first interface unit (1102) provided to externally communicate data, and a distributed-data deciphering unit (110, 115) receiving and recording at least said license key therein;
said deciphering unit has a first authentication data hold unit (1400) holding first class certification data (Cmc(m)) determined to correspond to said deciphering unit, for output via said first interface unit when said license key is received, said first class certification data (Cmc(m)) being encrypted in a state authenticatable through decryption using an authentication key (KPma), and a first storage unit (1415, 1440) provided to record said encrypted content data and said license key therein; and
said content provision device includes a second interface unit (350) provided to externally communicate data, a first authentication unit (312) receiving from said second interface unit said first class certification data encrypted in a state capable of verifying authenticity through decryption using said authentication key, and decrypting said first class certification data with said authentication key to confirm said authenticity, a class revocation list hold unit (306) holding a class revocation list (CRL) listing said first class certification data subjected to revocation of said distribution, and a distribution control unit (315) suspending at least a distribution operation distributing said content key to each said terminal having said deciphering unit, if said first authentication unit obtains said first class certification data listed on said class revocation list held in said class revocation list hold unit. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 14)
-
-
11. (Amended) A recording device comprising:
-
a first storage unit (1415, 1440) provided to record data (Kc) therein;
an authentication unit (1408) receiving first class certification data (Cp(n), Cmc(m)) provided from a destination of said data output via an interface unit (1202) and encrypted in a state authenticatable through decryption using an authentication key (KPma), and decrypting said first class certification data with said authentication key to confirm authenticity;
a second storage unit (1430, 2145) holding a class revocation list (CRL) listing first class certification data subjected to revocation of output of said data; and
a control unit (1420) operative in response to an external instruction issued to output said data, to issue an instruction to output said data via said interface unit, wherein said control unit suspends outputting said data to said destination having output said first class certification data received, if said class revocation list includes the first class certification data obtained from said authentication unit decrypting said encrypted first class certification data input externally via said interface unit together with said external instruction. - View Dependent Claims (12, 13, 16, 17, 18, 19, 20, 21, 22, 23, 24, 26, 28, 29, 30, 31, 32, 33, 36, 38)
-
-
15. (Amended) A data distribution system comprising:
-
a content provision device (10, 11) provided to distribute encrypted content data ({Data}Kc) and a license key (Kc) serving as a decryption key decrypting said encrypted content data to obtain plaintext content data (Data); and
a plurality of terminals (100, 101) receiving the distribution from said content provision device (10, 11), wherein;
said content provision device includes a first interface unit (350) provided to externally communicate data, a first authentication unit (312) receiving via said first interface unit first class certification data (Cmc(m)) and a first public encryption key (KPmc(m)) transmitted from each said terminal and encrypted in a state authenticatable through decryption using an authentication key (KPma), for decryption with said authentication key to confirm authenticity, a class revocation list hold unit (350) holding a class revocation list (CRL) listing said first class certification data subjected to revocation of distribution of said license key, a distribution control unit (315) suspending a distribution operation distributing first reproduction information at least including said license key to a terminal corresponding to a source of said first class certification data received, if said first authentication unit obtains said first class certification data listed on said class revocation list held in said class revocation list hold unit, a first session key generation unit (316) generating a first symmetric key (Ks1) updated whenever said distribution is effected, a session key encryption unit (318) effecting an encryption process using said first public encryption key to encrypt said first symmetric key for transmission via said first interface unit to the terminal corresponding to the source of said first class certification data received, a session key decryption unit (320) decrypting and extracting a second public encryption key (KPm(i)) and a second symmetric key (Ks2) encrypted with said first symmetric key and returned via said first interface unit from the terminal corresponding to the source of said first class certification data received, a first license data encryption unit (326) encrypting said first reproduction information with said second public encryption key decrypted by said session key decryption unit, and a second license data encryption unit (328) effecting an encryption process further encrypting an output of said first license data encryption unit with said second symmetric key decrypted by said session key decryption unit, for transmission via said first interface unit for distribution to the terminal corresponding to the source of said first class certification data received;
each said terminal includes a second interface unit (1102) provided to externally communicating data, and a distributed-data deciphering unit (110, 115) receiving and recording said encrypted content data therein;
first class certification data (Cmc(m)) and a first public encryption key (KPmc(m)) are determined to correspond to said deciphering unit;
said deciphering unit has a first authentication data hold unit (1400) holding said first class certification data and first public encryption key encrypted in a state capable of verifying said authenticity through decryption using said authentication key, for output when said first reproduction information is received, a first key hold unit (1402) holding a first private decryption key (Kmc(m)) decrypting data encrypted with said first public encryption key, a first decryption unit (1404) receiving said first symmetric key encrypted with said first public encryption key, for decryption, a second key hold unit (1416) holding said second public encryption key, a second session key generation unit (1418) producing said second symmetric key updated whenever said encrypted content data is communicated, a first encryption unit (1406) encrypting said second symmetric key and said second public encryption key with said first symmetric key for output to said second interface unit, a second decryption unit (1412) receiving encrypted said first reproduction information from said second license data encryption unit for decryption using said second symmetric key, a third key hold unit (1421) holding a second private decryption key (Km(i)) decrypting data encrypted with said second public encryption key, a third decryption unit (1422) providing a decryption using said second private decryption key, and a first storage unit (1415, 1440) recording said first reproduction information and said encrypted content data therein.
-
-
25. (Amended) A data distribution system comprising:
-
a content provision device (10, 11) distributing encrypted content data ({Data}Kc) and a license key (Kc) serving as a decryption key decrypting said encrypted content data to obtain plaintext content data (Data); and
a plurality of terminals (100, 101) receiving the distribution from said content provision device (10, 11), wherein;
said content provision device (10, 11) includes a first interface unit (350) externally communicating data, an authentication unit (312) receiving, via said first interface unit, class certification data (Cmc(m)) encrypted in a state authenticatable through decryption using an authentication key (KPma), for decryption with said authentication key, a class permission list hold unit holding a class permission list listing said class certification data subjected to permission of distribution of said encrypted content data, and a distribution control unit (315) effecting at least a distribution operation to distribute said license key, if said authentication unit obtains said class certification data listed in said class permission list held in said class permission list hold unit;
each said terminal (100, 101) includes a second interface unit (1102) externally communicating data, and a distributed-data deciphering unit (110, 115) receiving and recording at least said license key therein;
said class certification data is determined to correspond to said decryption unit;
said deciphering unit has an authentication data hold unit (1400) holding said class certification data encrypted in a state capable of verifying authenticity through decryption using said authentication key, for output via said second interface unit when said license key is received, and a first storage unit (1415, 1440) recording said encrypted content data and said license key therein.
-
-
27. (Amended) A recording device receiving and recording therein encrypted content data ({Data}Kc) and first reproduction information including a license key (Kc) serving as a decryption key decrypting said encrypted content data to obtain plaintext content data (Data), comprising:
-
an interface unit (1202) externally communicating data;
a first storage unit (1415, 1440) recording said first reproduction information and said encrypted content data therein;
a second storage unit (1430, 2415) holding a class revocation list listing said first class certification data (Cp(n), Cmc(m)) subjected to revocation of communicating said reproduction information;
a control unit (1420) operative, when said first reproduction information is received, to produce update information (CRL_ver) capable of specifying an update of said class revocation list held in said second storage;
an authentication data hold unit (1400) holding second class certification data (Cmc(m)) and a first public encryption key (KPmc(m)) of a data recording device determined to correspond to said recording device and encrypted in a state capable of authenticatable through decryption using an authentication key (KPma), for external output via said interface unit when said first reproduction information is received;
a first key hold unit (1402) holding a first private decryption key (Kmc(m)) decrypting data encrypted with said first public encryption key;
a first decryption unit (1404) receiving externally via said interface unit a first symmetric key (Ks1) encrypted with said first public encryption key, for decryption;
a second key hold unit (1416) holding a second public encryption key (KPm(i)) determined for each said recording device;
a session key generation unit (1418) producing a second symmetric key (Ks2) updated whenever said content data is communicated;
a first encryption unit (1406) encrypting said update information, said second symmetric key and said second public encryption key with said first symmetric key for external output via said interface unit;
a second decryption unit (1412) receiving, via said interface unit, said first reproduction information encrypted with said second public encryption key encrypted with said second symmetric key, and updating data based on said update information and input and used to update said class revocation list held in said second storage, for decryption with said second symmetric key;
a third key hold unit (1421) holding a second private decryption key (Km(i)) decrypting data encrypted with said second public encryption key; and
a third decryption unit (1422) using said second private decryption key to effect decryption, wherein said control unit refers to said updating data decrypted by said second decryption unit, to update content of said class revocation list held in said second storage.
-
-
34. (Amended) A recording device comprising:
-
a first storage unit (1415, 1440) recording data (Kc) therein;
an authentication unit (1408) receiving class certification data (Cmc(m)) input via an interface unit (1202) and encrypted in a state authenticatable through decryption using an authentication key (KPma), for decryption with said authentication key to confirm authenticity;
a second storage unit holding a class permission list listing class certification data subjected to permission to output said data; and
a control unit (1420) operative in response to an external instruction issued to output said data, to control outputting said data via said interface unit, wherein said control unit effects outputting said data, if said class permission list includes the class certification data obtained from said authentication unit decrypting said class certification data encrypted and input externally via said interface unit together with said external instruction.
-
-
35. (Amended) The data provision device (10, 11) provided to distribute encrypted content data ({Data}Kc) and a license key (Kc) serving as a decryption key decrypting said encrypted content data to obtain plaintext content data (Data) or said license key alone to a plurality of terminals each having a data recording unit holding first class certification data (Cmc(m)) determined to correspond to said data recording unit and encrypted in a state authenticatable through decryption with an authentication key (KPma), comprising:
-
an interface unit (350) provided to externally communicate data;
an authentication unit (312) receiving from said interface unit said first class certification data encrypted in a state capable of verifying authenticity through decryption with said authentication key, for decryption with said authentication key to confirm said authenticity;
a class revocation list hold unit (306) holding a class revocation list (CRL) listing said first class certification data subjected to revocation of said distribution; and
a distribution control unit (15) suspending at least a distribution operation distributing said license key to each said terminal having said data recording unit, if said first authentication unit obtains said first class certification data listed on said class revocation list held in said class revocation list hold unit.
-
-
37. (Amended) A data provision device (10, 11) distributing encrypted content data ({Data}Kc) and a license key (Kc) decrypting said encrypted content data to obtain plaintext content data (Data) or said license key alone to a plurality of terminals each having a data recording unit holding first class certification data (Cmc(m)) determined to correspond to said data recording unit and encrypted in a state decryption unit, to further encrypt an output of said first license data encryption unit for distribution via said interface unit to the terminal corresponding to the source of said first class certification data received.
-
39. (Amended) A data provision device (10, 11) distributing encrypted content data ({Data}Kc) and a license key (Kc) serving as a decryption key decrypting said encrypted content data to obtain plaintext content data (Data) or said license key alone to a plurality of terminals each having a data recording unit holding class certification data (Cmc(m)) determined to correspond to said data recording unit and encrypted in a state authenticatable through decryption with an authentication key (KPma), comprising:
-
an interface unit (350) provided to externally communicate data;
an authentication unit (312) receiving via said interface unit said class certification data encrypted in a state capable of verifying authenticity through decryption with said authentication key, for decryption with said authentication key to confirm said authenticity;
a class permission list hold unit holding a class permission list listing said class certification data subjected to permission to distribute said encrypted content data; and
a distribution control unit (315) effecting at least a distribution operation distributing said license key, if said authentication unit obtains said class certification data listed on said class permission list held in said class permission list hold unit. authenticatable through decryption with an authentication key (KPma), comprising;
an interface unit (350) provided to externally communicate data;
an authentication unit (312) receiving via said interface unit said first class certification data (Cmc(m)) and a first public encryption key (KPmc(m)) transmitted from each said terminal and encrypted in a state authenticatable through decryption with said authentication key, for decryption with said authentication key to confirm authenticity;
a class revocation list hold unit (306) holding a class revocation list (CRL) listing said first class certification data subjected to revocation of distributing said license key;
a distribution control unit (315) suspending a distribution operation distributing first reproduction information at least including said license key to a terminal corresponding to a source of said first class certification data received, if said first authentication unit obtains said first class certification data listed on said class revocation list held in said class revocation list hold unit;
a first session key generation unit (316) generating a first symmetric key (Ks1) updated whenever said distribution is effected;
a session key encryption unit (318) effecting an encryption process using said first public encryption key to encrypt said first symmetric key for transmission via said interface unit to the terminal corresponding to the source of said first class certification data received;
a session key decryption unit (320) decrypting and thus extracting a second public encryption key (KPm(i)) and a second symmetric key (Ks2) encrypted with said first symmetric key and returned via said interface unit from the terminal corresponding to the source of said first class certification data received;
a first license data encryption unit (326) encrypting said license key with said second public encryption key decrypted by said session key decryption unit; and
a second license data encryption unit (328) effecting an encryption process using said second symmetric key decrypted by said session key
-
Specification