Data distribution system and recording device for use therein

US 20020191764A1
Filed: 06/04/2002
Published: 12/19/2002
Est. Priority Date: 12/06/1999
Status: Active Grant

First Claim

Patent Images

1. (Amended) A data distribution system comprising:

a data provision device (10, 11) provided to distribute a license key (Kc) serving as a decryption key decrypting encrypted content data ({Data}Kc} to obtain plaintext content data (Data) and;

a plurality of terminals (100, 101) receiving the distribution from said data provision device, wherein;

said data provision device includes a first interface unit (350) provided to communicate data externally, and a distribution control unit (315) operative, when said distribution is requested, to exert control for generating access restriction information (AC1) and distributing reproduction information (Kc//AC2, {Kc//AC2}Kcom) at least including said license key and said access restriction information via said first interface unit;

each said terminal includes a second interface unit (1102) provided to communicated data externally, a distributed-data deciphering device (110, 210) recording said reproduction information and said access restriction information received from said data provision device via said second interface unit, and a terminal control unit (1106) provided for controlling an operation of said terminal; and

said deciphering device has a storage unit (1415, 1430, 1440) provided to record said reproduction information and said access restriction information therein, and a control unit (1420) operative, when said terminal control unit issues a request to output said reproduction information recorded in said storage unit, to refer to said access restriction information in said storage unit to determine whether said reproduction information may be output, when said control unit determines that said reproduction information may be output said reproduction information being output and thereafter as required said control unit changing said access restriction information recorded in said storage unit.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A memory card (110) stores access restriction information (AC1) to a license information hold unit (1440) arranged in a TRM area. Access restriction information (AC1) has information for example of a frequency of reproduction allowed and a number of licenses owned. A controller (1420) in reproducing and transferring content initially confirms access restriction information (AC1) and thereafter effects reproduction and transfer and after the reproduction and transfer are effected updates access restriction information (AC1), as required, for storage in a license information hold unit (1440).

Citations

36 Claims

1. (Amended) A data distribution system comprising:
- a data provision device (10, 11) provided to distribute a license key (Kc) serving as a decryption key decrypting encrypted content data ({Data}Kc} to obtain plaintext content data (Data) and;
  
  a plurality of terminals (100, 101) receiving the distribution from said data provision device, wherein;
  
  said data provision device includes a first interface unit (350) provided to communicate data externally, and a distribution control unit (315) operative, when said distribution is requested, to exert control for generating access restriction information (AC1) and distributing reproduction information (Kc//AC2, {Kc//AC2}Kcom) at least including said license key and said access restriction information via said first interface unit;
  
  each said terminal includes a second interface unit (1102) provided to communicated data externally, a distributed-data deciphering device (110, 210) recording said reproduction information and said access restriction information received from said data provision device via said second interface unit, and a terminal control unit (1106) provided for controlling an operation of said terminal; and
  
  said deciphering device has a storage unit (1415, 1430, 1440) provided to record said reproduction information and said access restriction information therein, and a control unit (1420) operative, when said terminal control unit issues a request to output said reproduction information recorded in said storage unit, to refer to said access restriction information in said storage unit to determine whether said reproduction information may be output, when said control unit determines that said reproduction information may be output said reproduction information being output and thereafter as required said control unit changing said access restriction information recorded in said storage unit.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 20, 21, 22, 23, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 2. (Amended) The data distribution system of claim 1, wherein:
    - each said terminal (100, 101) further includes a content data reproduction unit (1516, 1518) operative, when said terminal control unit issues an instruction to reproduce said content data, to receive said reproduction information (Kc//AC2, {Kc//AC2}Kcom) from said deciphering device (110, 210) and use said license key (Kc) to decrypt and reproduce said encrypted content data ({Data}Kc);
      
      said access restriction information (AC1) includes reproduction control information (Sub_Play) limiting a frequency of outputting said reproduction information from said deciphering device for use to decrypt said encrypted content data;
      
      when an external instruction is issued to reproduce said content data said terminal control unit (1106) issues a first request for output instructing said deciphering device to output said reproduction information for use to decrypt said encrypted content data and also instructs said content reproduction unit to reproduce content;
      
      when said terminal control unit (1106) issues said first request for output said control unit (1420) refers to said reproduction control information in said storage unit to determine whether said reproduction information may be output, and when said control unit (1420) so determines, said reproduction information is output and thereafter as required said control unit (1420) changes said reproduction control information in said storage unit.
  - 3. (Amended) The data distribution system of claim 1, wherein:
    - said access restriction information (AC1) includes a replication limit information (Sub_Move) defining a frequency allowed of outputting said reproduction information (Kc//AC2, {Kc//AC2}Kcom) from said deciphering device (110, 210) to another distributed-data deciphering device (112);
      
      when an external instruction is issued to move said reproduction information said terminal control unit issues a second request for output instructing said deciphering device to output said reproduction information to another deciphering device; and
      
      when said terminal control unit issues said second request for output said control unit (1420) refers to said replication limit information in said storage unit to determine whether an output may be provided to another deciphering device and when said control unit so determines said reproduction information is output and thereafter as required said control unit changes said replication limit information recorded in said storage unit.
  - 4. (Amended) The data distribution system of claim 1, wherein:
    - said data provision device (10, 11) further includes a first decryption unit (312) receiving via said first interface unit (350) a first public encryption key (KPmc(m)) predetermined to correspond to said deciphering device (110, 210), for decryption, said first public encryption key being encrypted in a state decryptable with an authentication key (KPma);
      
      a first session key generation unit (316) generating a first symmetric key (Ks1) updated whenever said reproduction information is communicated;
      
      a session key decryption unit (320) decrypting and extracting a second public encryption key (KPm(i)) and a second symmetric key (Ks2) encrypted with said first symmetric key and returned via said first interface unit;
      
      a first license data encryption unit (326) encrypting said reproduction information (Kc//AC2, {Kc//AC2}Kcom) and said access restriction information (AC1) with said second public encryption key decrypted by said session key decryption unit; and
      
      a second license data encryption unit (328) further encrypting an output of said first license data encryption unit with said second symmetric key decrypted by said session key decryption unit, for provision via said first interface unit for distribution;
      
      said deciphering device (110, 210) further has a first authentication data hold unit (1400) holding said first public encryption key determined to correspond to said deciphering device, for output when said reproduction information is newly recorded, said first public encryption key being encrypted in a state decryptable with said authentication key, a first key hold unit (1402) holding a first private decryption key (Kmc(m)) decrypting data encrypted with said first public encryption key, a first decryption unit (1404) receiving said first symmetric key encrypted with said public encryption key, for decryption with said first private decryption key, a second key hold unit (1416) holding said second public encryption key;
      
      a second session key generation unit (1418) generating said second symmetric key (Ks2) updated whenever said reproduction information is communicated, a first encryption unit (1406) encrypting said second symmetric key and said second public encryption key with said first symmetric key for output to said second interface unit (1202), a second decryption unit (1412) receiving said reproduction information and access restriction information encrypted with said second symmetric key and said second public encryption key and distributed from said data provision device, for decryption with said second symmetric key, a third key hold unit (1421) holding a second private decryption key (Km(i)) decrypting data encrypted with said second public encryption key, and a third decryption unit (1422) using a second private decryption key to decrypt said reproduction information and access restriction information encrypted; and
      
      said storage unit (1415, 1430, 1440) has a first storage block (1415, 1430) recording therein said reproduction information in one of a state encrypted with said second public encryption key and a state decrypted by said third decryption unit, and a second storage block (1440) storing said access restriction information therein.
  - 5. (Amended) The data distribution system of claim 4, wherein:
    - said second session key generation unit (1418) produces a third symmetric key (Ks3) in a reproduction operation decrypting said encrypted content data ({Data}Kc) with said reproduction information recorded in said storage unit, for reproduction;
      
      said storage unit (1415, 1430, 1440) is controlled by said control unit (1420) to output said reproduction information in said reproduction operation;
      
      said third decryption unit (1422) in said reproduction operation decrypts said reproduction information output from said first storage block and encrypted, to extracts said reproduction information (Kc//AC2, {Kc//AC2}Kcom);
      
      said second decryption unit (1412) in said reproduction operation decrypts data encrypted with said third symmetric key and returned from said terminal, to extract a fourth symmetric key (Ks4) updated in said terminal for each communication of said reproduction information in said terminal effecting said reproduction operation;
      
      said first encryption unit (1406) in said reproduction operation receives said reproduction information from one of said third decryption unit and said first storage block for encryption with said fourth symmetric key extracted by said second decryption unit (1412);
      
      each said terminal (100, 101) further includes a content reproduction unit;
      
      said content reproduction unit has a second authentication data hold unit (1500) holding a third public encryption key (KPp(i)) predetermined to correspond to said content reproduction unit and encrypted in a state decryptable with said authentication key, for output to said deciphering device according to said reproduction operation, a third session key generation unit (1508) producing said fourth symmetric key, a fourth decryption unit (1510) decrypting and extracting said reproduction information from said reproduction information encrypted with said fourth symmetric key and transmitted from said deciphering device, a content data reproduction unit (1516, 1518) operative, when an instruction is issued to effect said reproduction, to receive said encrypted content data from said deciphering device (110, 210) and using said license key (Kc) in said reproduction information to decrypt and reproduce said encrypted content data, a fourth key hold unit (1502) holding a third private decryption key (Kp(i)) decrypting data encrypted with said third public encryption key, a fifth decryption unit (1504) decrypting data encrypted with said third public encryption key and returned from said deciphering device, to obtain said third symmetric key, and a second encryption unit (1506) using said third symmetric key received from said fifth decryption unit, to encrypt said fourth symmetric key for output to said deciphering device;
      
      said deciphering device further has an authentication unit (1408) receiving from said content reproduction unit said third public encryption key encrypted, for decryption with said authentication key, and a third encryption unit (1410) controlled by said control unit to encrypt said third symmetric key with said third public encryption key received from said authentication unit, for output to said content reproduction unit corresponding thereto;
      
      said access restriction information (AC1) includes a reproduction control information (Sub_Move) limiting a frequency of outputting said reproduction information from said deciphering device to said content data reproduction unit for use to decrypt said encrypted content data for reproduction;
      
      when an external instruction is issued to reproduce content data said terminal control unit (1106) issues a first request for output to indicating that said reproduction information be output to said deciphering device for use to decrypt said encrypted content data and said terminal control unit provides to said content reproduction unit said reproduction information output from said deciphering device in response to said first request for output and said encrypted content data; and
      
      in response to said first request for output from said terminal control unit when an instruction is issued to effect said reproduction operation said control unit (1420) controls an operation of each component of said deciphering device, and refers to said reproduction control information in said second storage block to determine whether said reproduction information may be output, and when said control unit so determines, said reproduction information is output and thereafter as required said control unit changes said reproduction control recorded in said second storage block.
  - 6. (Amended) The data distribution system of claim 4, wherein:
    - said deciphering device further includes an authentication unit (1408) operative in a replication operation replicating said reproduction information for another deciphering device (102), to receive said first public encryption key (KPmc(m)) corresponding to said another deciphering device for decryption with said authentication key to extract said first public encryption key corresponding to said another deciphering device, said first public encryption key being encrypted in a state decryptable with said authentication key, and a third encryption unit (1410) operative in said replication operation to encrypt with said first public encryption key corresponding to said another deciphering device said third symmetric key generated in said second session key generation unit of said deciphering device for output to said another deciphering device;
      
      more than one said second session key generation unit corresponding to said deciphering device and said another deciphering device, respectively, produce said third and second symmetric keys (Ks3, Ks2), respectively, according to said replication operation effected in response to the external instruction;
      
      said second decryption unit (1412) in said replication operation decrypts data encrypted with said third symmetric key corresponding to said deciphering device, and returned from said another deciphering device, to obtain said second symmetric key produced by said another deciphering device and said second public encryption key (KPm(i)) corresponding to said another deciphering device;
      
      said first storage block (1415, 1430) is controlled by said control unit (1420) to output said reproduction information in response to an instruction being issued to effect said replication operation;
      
      said third decryption unit (1422) in said replication operation decrypts said reproduction information output from said first storage block and encrypted, to extract said reproduction information (Kc//AC2, {Kc//AC2}Kcom);
      
      said deciphering device (110, 210) further has a fourth encryption unit (1424) operative, when external instruction is issued to effect said replication operation, to encrypt said reproduction information received from one of said third decryption unit and said first storage block, for encryption with said second public encryption key corresponding to said another deciphering device;
      
      said first encryption unit (1406) in said replication operation receives said second symmetric key obtained by said second decryption unit (1412) and an output of said fourth encryption unit and further encrypts said output of said fourth encryption unit with said second symmetric key for output to said another deciphering device;
      
      said access restriction information (AC1) includes replication limit information (Sub_Move) defining a frequency allowed of outputting said reproduction information from said deciphering device (110, 210) to another distributed-data deciphering device (102, 112);
      
      when an external instruction is issued to effect said replication operation replicating said reproduction information said terminal control unit issues a second request for output to instruct said deciphering device to output said reproduction information for another deciphering device; and
      
      when said terminal control unit issues said second request for output said control unit (1420) refers to said replication limit information in said second storage block to determine whether an output is allowed for another deciphering device and if so then said reproduction information is output and thereafter as required said control unit changes said replication limit information recorded in said second storage block.
  - 7. (Amended) The data distribution system of claim 5, wherein:
    - said data provision device (10) further includes a fifth key hold unit (322) holding a common secret key (Kcom) reproducible in said content reproduction unit, and a third license data encryption unit (324) encrypting said reproduction information (Kc//AC2, {Kc//AC2}Kcom) with said common secret key for output to said first license data encryption unit (326); and
      
      said content reproduction unit further has a sixth key hold unit (1512) holding said common secret key, and a sixth decryption unit (1514) receiving an output of said fourth decryption unit (1510), decrypting said reproduction information with said common secret key held in said sixth key hold unit, and extracting said license key (Kc) for output to said content data reproduction unit (1516, 1518).
  - 8. (Amended) The data distribution system of claim 5, wherein:
    - said data provision device (10) further includes a fifth key hold unit holding a fourth public encryption key reproducible in said content data reproduction unit, and a third license data encryption unit encrypting said reproduction information with said fourth public encryption key for output to said first license data encryption unit; and
      
      said content reproduction unit further includes a sixth key hold unit holding a fourth private decryption key capable of decrypting said reproduction information encrypted with said fourth public encryption key, and a sixth decryption unit receiving an output of said fourth decryption unit, decrypting said reproduction information (AC//Kc2) with said fourth private decryption key held in said sixth key hold unit, and extracting said license key (Kc) for output to said content data reproduction unit (1516, 1518).
  - 9. (Amended) The data distribution system of claim 1, wherein said deciphering device (110, 210) is a recording device detachably attached to said terminal (100, 101).
  - 10. The data distribution system of claim 9, wherein said recording device is a memory card.
  - 11. The data distribution system of claim 1, wherein said first interface unit (350) and said second interface unit (1202) are connected by a cellular phone network.
  - 12. The data distribution system of claim 1, wherein said storage unit (1415, 1430,1440) is arranged in a security area (TRM) inaccessible directly from outside.
  - 13. (Amended) The data distribution system of claim 1, wherein:
    - said deciphering device (110) further records encrypted content data ({Data}Kc);
      
      said storage unit (1415, 1440) includes a first storage block (1415) provided to record therein said encrypted content data and said reproduction information encrypted, and a second storage block (1440) provided to record said access restriction information therein, said second storage block being arranged in a security area (TRM) inaccessible directly from outside.
  - 14. (Amended) The data distribution system of claim 1, wherein:
    - said deciphering device (110) further records encrypted content data ({Data}Kc); and
      
      said storage unit (1415, 1430, 1440) includes a first storage block (1415) provided to record said encrypted content data therein and a second storage block (1430, 1440) provided to record said access restriction information and said reproduction information therein, said second storage block being arranged in a security area (TRM) inaccessible directly from outside.
  - 15. (Amended) The data distribution system of claim 1, wherein:
    - said deciphering device (110, 120) further has an authentication data hold unit (1400) holding authentication data previously provided for said deciphering device;
      
      said terminal control unit issues an instruction to transmit said authentication data to said data provision device via said second interface;
      
      said distribution control unit (315) receives via said first interface said authentication data transmitted of said terminal of a destination and effects an authentication process based on the received authentication data to authenticate said deciphering device (119, 120) of the destination and when said deciphering device is authenticated said distribution control unit outputs said reproduction information (Kc//AC2, {Kc//AC2}Kcom) and said access restriction information (AC1) via said first interface unit (350).
  - 16. (Amended) The data distribution system of claim 1, wherein;
    - when a request is issued to output said reproduction information said deciphering device (110, 120) receives authentication data from a destination of said reproduction information for use to effect an authentication process for the destination and when said deciphering device authenticates the destination said deciphering device outputs said reproduction information; and
      
      said terminal control unit outputs via said second interface unit (1102) said reproduction information output from said deciphering device.
  - 17. (Amended) The data distribution system of claim 3, wherein:
    - said control unit (1420) in response to said second request for output outputs said access restriction information (AC1) for another distributed-data deciphering device (112) together with said reproduction information (Kc//AC2, {Kc//AC2}Kcom); and
      
      said control unit produces said replication limit information (Sub_Move) for said another deciphering device and also output to said another deciphering device said access restriction information with the replication limit information in said access restriction information in said storage unit (1415, 1430, 1430) changed to said replication limit information produced.
  - 18. (Amended) The data distribution system of claim 6, wherein:
    - said control unit (1420) in response to said second request for output outputs said access restriction information (AC1) for another distributed-data deciphering device (112) together with said reproduction information (Kc//AC2, {Kc//AC2}Kcom);
      
      said control unit produces said replication limit information (Sub_Move) for said another deciphering device, and also changes said replication limit information included in said access restriction information recorded in said storage unit (1415, 1430, 1430), to said replication limit information produced; and
      
      said fourth encryption unit encrypts said access restriction information changed, for application to said first encryption unit together with said reproduction information.
  - 20. (Amended) The recording device of claim 19, wherein:
    - said access restriction information (AC1) includes reproduction control information (Sub_Play) limiting a frequency of outputting said reproduction information from said recording device for use to reproduce said encrypted data; and
      
      when an external instruction is issued to output said reproduction information for use to reproduce said encrypted data said control unit (1420) refers to said reproduction control information in said storage unit to determine whether said reproduction information may be output and if said control unit so determines then said reproduction information is output and thereafter as required said control unit changes said reproduction control information recorded in said storage unit.
  - 21. (Amended) The recording device of claim 19, wherein:
    - said access restriction information (AC1) includes replication limit information (Sub_Move) limiting a frequency allowed of replication defining a frequency of outputting said reproduction information (Kc//AC2, {Kc//AC2}Kcom) to another said recording device (112); and
      
      when an external instruction is issued to output said reproduction information to said another recording device said control unit (1420) refers to said replication control information in said storage unit to determine whether an output may be provided and when said control unit so determines said reproduction information is output and thereafter as required said control unit changes said replication control information recorded in said storage unit.
  - 22. (Amended) The recording device of claim 19, further comprising:
    - a secret key hold unit (1421) holding a private decryption key (Km(i)) decrypting data encrypted with a public encryption key (KPm(i)) predetermined to correspond to said recording device; and
      
      an access restriction information decryption block (1422) decrypting said access restriction information (AC1) encrypted with said public encryption key and input via said interface unit (1202), for input to said storage block, wherein said storage unit includes;
      
      a first storage block (1440) recording therein said access restriction information (AC1) therein; and
      
      a second storage block (1415) recording therein said reproduction information encrypted with said public encryption key, wherein said first storage block is arranged in a security area (TRM) inaccessible directly from outside.
  - 23. (Amended) The recording device of claim 19, wherein said storage unit includes:
    - a first storage block (1440) recording said access restriction information (AC1) therein; and
      
      a second storage block (1415) recording said reproduction information therein, wherein said first and second storage blocks (1430, 1440) are arranged in a security area (TRM) inaccessible directly from outside.
  - 25. (Twice amended) The recording device of claim 24, wherein:
    - said access restriction information includes output frequency limit information (Sub_Play) limiting a frequency of outputting said data storage from said recording device to different equipment;
      
      said session key generation unit (1418) produces a third symmetric key (Ks3) in response to an external first instruction issued to output said data storage (Kc//AC2, {Kc//AC2}Kcom) to another equipment (100, 101);
      
      said recording device further includes an authentication unit (1408) receiving via said interface unit a third public encryption key (KPp(n)) predetermined to correspond to said another equipment and encrypted in a state decryptable with said authentication key (KPma), for decryption with said authentication key, and a second encryption unit (1410) operative in response to said first instruction to use said third public encryption key received from said authentication unit, to encrypt said third symmetric key for output to said another equipment, wherein;
      
      in response to said first instruction said interface unit receives and transmits to said second decryption unit (1412) a fourth symmetric key (Ks4) produced in said another equipment and encrypted with said third symmetric key and returned;
      
      in response to said first instruction said second decryption unit uses said third symmetric key received from said session key generation unit, to extract said fourth symmetric key (Ks4) encrypted with said third symmetric key;
      
      said storage unit is controlled by said control unit (1420) to output said data storage in response to said first instruction;
      
      in response to said first instruction said third decryption unit (1422) decrypts said data storage encrypted and output from said storage unit, to extract said data storage;
      
      in response to said first instruction said first encryption unit (1406) receives said data storage from one of said third decryption unit and said storage unit for encryption with said fourth symmetric key extracted by said second decryption unit (1412), for output via said interface unit to said another equipment; and
      
      in response to said first instruction said control unit (1420) controls an operation of each component internal to said recording device and said control unit refers to said access restriction information to determine whether said data storage may be output and said control unit refers to said output frequency limit information in said storage unit to determine whether said data storage may be output and when said control unit so determines said data storage is output and thereafter as required said control unit changes said output frequency limit information recorded in said storage unit.
  - 26. (Twice amended) The recording device of claim 24, wherein:
    - said access restriction information includes replication frequency limit information (Sub_Move) limiting a frequency of outputting said data storage from said recording device to another recording device;
      
      said session key generation unit (1418) produces said third symmetric key (Ks3) in response to an external second instruction issued to output said data storage (Kc//AC2, {Kc//AC2}Kcom) from said recording device to another recording device (112);
      
      said recording device further comprises an authentication unit (1408) receiving through said interface unit (1202) and obtaining through decryption said first public encryption key (KPmc(m)) decryptably encrypted with said authentication key (KPma) and corresponding to said another recording device, and a second encryption unit (1410) responsive to said second instruction to use said first public encryption key corresponding to another recording device to encrypt said third symmetric key generated at said session key generation unit, for output to said another recording device;
      
      in response to said second instruction said interface unit receives a fourth symmetric key (Ks4) generated at said another recording device and encrypted with said third symmetric key and returned, and transmits said fourth symmetric key to said second decryption unit (1412);
      
      in response to said second instruction said second decryption unit (1412) decrypts data encrypted with said third symmetric key corresponding to said recording device, and returned from said another recording device, to obtain said second symmetric key (Ks2) produced by said another recording device and said second public encryption key (KPm(i)) corresponding to said another recording device;
      
      said storage unit is controlled by said control unit (1420) to output said data storage in response to said second instruction;
      
      in response to said second instruction said third decryption unit (1422) decrypts said data storage output from said storage unit and encrypted, to extract said data storage;
      
      said recording device further has a third encryption unit (1424) operative, when said second instruction issued, to encrypt said data storage received from one of said third decryption unit and said storage unit, with said second public encryption key corresponding to said another recording device;
      
      in response to said second instruction said first encryption unit (1406) further encrypts an output of said third encryption unit with said second symmetric key produced by said another recording device, for output via said interface unit to said another recording device; and
      
      in response to external said second instruction said control unit (1420) controls an operation of each component of said recording device, and refers to said replication frequency limit information in said storage unit to determine whether said data storage may be output and when said control unit so determines said data storage is output and thereafter as required said control unit changes said replication frequency limit information stored in said storage unit.
  - 27. (Amended) The recording device of claim 24, wherein:
    - said storage unit (1415, 1430, 1440) further records therein encrypted content data ({Data}Kc) input externally via said interface unit (1202); and
      
      said data storage (Kc//AC2, {Kc//AC2}Kcom) includes a license key (Kc) serving as a decryption key decrypting said encrypted content data to obtain plaintext content data (Data).
  - 28. (Amended) The recording device of claim 24, provided in a form of a memory card.
  - 29. (Amended) The recording device of claim 24, wherein said storage unit (1415, 1430, 1440) is arranged in a security area (TRM) inaccessible directly from outside.
  - 30. (Amended) The recording device of claim 24, wherein:
    - said storage unit (1415, 1430, 1440) includes a first storage block (1430, 1440) arranged in a security area (TRM) inaccessible directly from outside and a second storage block (1415) accessible directly from outside;
      
      said access restriction information (AC1) is recorded in said first storage block; and
      
      said data storage (Kc//AC2, {Kc//AC2}Kcom) is encrypted and recorded in said second storage block.
  - 31. (Amended) The recording device of claim 24, wherein:
    - a storage unit (1415, 1430, 1440) includes a first storage block (1430, 1440) arranged in a security area (TRM) inaccessible directly from outside and a second storage block (1415) accessible directly from outside; and
      
      said data storage (Kc//AC2, {Kc//AC2}Kcom) and access restriction information (AC1) are recorded in said first storage block.
  - 32. (Amended) The recording device of claim 19, wherein when an instruction is issued to output said reproduction information said recording device (110, 120) receives authentication data from a destination of said reproduction information and uses the received data to effect an authentication process for the destination and when the destination is authenticated said reproduction information is output.
  - 33. The recording device of claim 21, wherein:
    - said control unit (1420) outputs said access restriction information (AC1) for another recording device (112) together with said data storage (Kc//AC2, {Kc//AC2}Kcom); and
      
      said control unit produces said replication limit information (Sub_Move) for said another recording device and also outputs to said another recording device said access restriction information with said replication limit information in said access restriction information in said storage unit (1415, 1430, 1430) changed to said replication limit information produced.
  - 34. The recording device of claim 26, wherein:
    - in response to said second instruction said control unit (1420) outputs said access restriction information (AC1) for another recording device (112) together with said data storage (Kc//AC2, {Kc//AC2}Kcom);
      
      said control unit produces said reproduction limit information (Sub_Move) for said another recording device and also changes said replication limit information in said access restriction information in said storage unit (1415, 1430, 1430) to said replication limit information produced; and
      
      said third encryption unit encrypts said access restriction information changed, together with said data storage, for application to said first encryption unit.
  - 35. (Added/Amended) The recording device of claim 23, wherein:
    - said storage unit (1415, 1430, 1440) further has a third storage block storing therein encrypted data ({Data}Kc) through said interface unit (1202), said third storage block being accessible externally through said interface.
  - 36. (Added/Amended) The recording device of claim 24, wherein:
    - said storage unit (1415, 1430, 1440) further has a third storage block storing therein encrypted data ({Data}Kc) through said interface unit (1202), said third storage block being accessible externally through said interface.

19. (Amended) A recording device for storing therein reproduction information (Kc//AC2, {Kc//AC2}Kcom) for encrypted data ({Data}Kc) containing a license key (Kc) serving as a decryption key decrypting said encrypted data to obtain plaintext data (Data), comprising:
- an interface unit (1202) provided to communicate data externally;
  
  a storage unit (1415, 1430, 1440) provided to record therein said reproduction information and access restriction information (AC1) used to control outputting said reproduction information from said recording device; and
  
  a control unit (1420) operative, when an external instruction is issued to output said reproduction information recorded in said storage unit, to refer to said access restriction information in said storage unit to determine whether said reproduction information may be output, when said control unit so determines said reproduction information being output and thereafter as required said control unit changing said access restriction information recorded in said storage unit.

24. (Amended) A recording device, comprising:
- an interface unit (1202) for externally communicating data;
  
  a storage unit (1415, 1430, 1440) for storing therein data storage (Kc//AC2, {Kc//AC2}Kcom) and access restriction information (AC1) received through said interface unit, said access restriction information (AC1) being used to control outputting said data storage from said recording device;
  
  an authentication data hold unit (1400) holding a first public encryption key (KPmc(m)) determined to correspond to said recording device and encrypted in a state decryptable with an authentication key (KPma), for external output via said interface unit (1202) when said data storage (Kc//AC2, {Kc//AC2}Kcom) and said access restriction information (AC1) are received;
  
  a first key hold unit (1442) holding a first private decryption key (Kmc(m)) provided to decrypt data encrypted with said first public encryption key;
  
  a first decryption unit (1404) receiving externally via said interface unit a first symmetric key (Ks1) encrypted with said first public encryption key, and decrypting said first symmetric key;
  
  a second key hold unit (1416) holding a second public encryption key (KPm(i)) different for each said recording device;
  
  a session key generation unit (1418) producing a second symmetric key (Ks2) updated whenever said data storage is communicated;
  
  a first encryption unit (1406) encrypting said second symmetric key and said second public encryption key with said first symmetric key for output externally via said interface unit;
  
  a second decryption unit (1412) receiving said data storage and access restriction information input via said interface unit, for decryption with said second symmetric key, said data storage and access restriction information being encrypted with said second symmetric key and said second public encryption key;
  
  a third key hold unit (1421) holding a second private decryption key (Km(i)) provided to decrypt data encrypted with said second public encryption key;
  
  a third decryption unit (1422) using said second private decryption key to decrypt said data storage and access restriction information encrypted;
  
  a control unit (1420) operative, when an external instruction is issued to output said data storage recorded in said storage unit, to refer to said access restriction information in said storage unit to determine whether reproduction information for said data storage may be output, wherein said storage unit (1415, 1430, 1440) records therein said data storage in one of a state encrypted with said second public encryption key and a state decrypted by said third decryption unit, and when said control unit determines that said data storage may be output said data storage is output and thereafter as required said control unit changes said access restriction information recorded in said storage unit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu Limited, Sanyo Electric Company Limited (Panasonic Holdings Corporation), Renesas Electronics Corporation
Original Assignee
Renesas Electronics Corporation
Inventors
Anazawa, Takeaki, Tonegawa, Tadaaki, Yoshioka, Makoto-shi, Hasebe, Takayuki, Hioki, Toshiaki, Hatakeyama, Takahisa, Takahashi, Masataka, Hori, Yoshihiro, Kanamori, Miwa

Granted Patent

US 7,945,517 B2
Time in Patent Office

Days
Field of Search
US Class Current

379/200
CPC Class Codes

G06F 21/109 by using specially-adapted ...

Data distribution system and recording device for use therein

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Data distribution system and recording device for use therein

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links