Authoring system, authoring key generator, authoring device, authoring method, and data supply device, information terminal and information distribution method

US 20030079042A1
Filed: 08/20/2002
Published: 04/24/2003
Est. Priority Date: 08/22/2001
Status: Active Grant

First Claim

Patent Images

1. An authoring system for authoring content data (Content), comprising:

an authoring device; and

an authoring key generator which generates;

a content identifier (CID) uniquely allocated to each of the content data (Content);

an authoring key enabling key (CEK) uniquely allocated to the authoring device for authoring the content data (Content); and

an authoring key (CED) obtained by encrypting a content key (Kc) and a second content key (EKc) using the content identifier (CID) and the authoring key enabling key (CEK), the content key (Kc) being for encrypting the content data (Content), and the second content key (Ekc) being obtained by encrypting the content key using a root key (Kroot);

the authoring device including;

decrypting means for decrypting the content key (Kc) and the second content key (EKc) from the authoring key (CED) using the content identifier (CID) and the authoring key enabling key (CEK); and

encrypting means for encrypting the content data (Content) using the decrypted content key (Kc) to generate encrypted content data (E (Kc, Content)).

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authoring system which authors content data to be distributed through an information terminal by encryption for copyright protection includes an authoring device and an authoring key generator. The authoring key generator generates a content identifier (CID) uniquely allocated to each of the content data (Content), an authoring key enabling key (CEK) uniquely allocated to the authoring device, and an authoring key (CED) obtained by encrypting a content key (Kc) for encrypting the content data and a second content key (EKc) using the CID and the CEK. The second content key (Ekc) is formed by encrypting the content key (Kc) using a root key (Kroot). The authoring device has a unit which decrypts the content key (Kc) and the second content key (Ekc) using the CID and the CEK, and a unit which encrypts the content data using the decrypted content key (Kc) to generate authored encrypted content data (E (Kc, Content)). For proper external authentication, a device which supplies the content data from an information terminal to a storage medium includes a unit which holds a first external authentication key securely; a unit which generates random numbers; a unit which encrypts the random numbers using the first external authentication key to generate first encrypted data; a unit which sends the random numbers to the information terminal; a unit which receives, from the information terminal, second encrypted data obtained by encrypting the random numbers using a second external authentication key equal to the first one; and a unit which compares the first and second encrypted data.

40 Citations

View as Search Results

50 Claims

1. An authoring system for authoring content data (Content), comprising:
- an authoring device; and
  
  an authoring key generator which generates;
  
  a content identifier (CID) uniquely allocated to each of the content data (Content);
  
  an authoring key enabling key (CEK) uniquely allocated to the authoring device for authoring the content data (Content); and
  
  an authoring key (CED) obtained by encrypting a content key (Kc) and a second content key (EKc) using the content identifier (CID) and the authoring key enabling key (CEK), the content key (Kc) being for encrypting the content data (Content), and the second content key (Ekc) being obtained by encrypting the content key using a root key (Kroot);
  
  the authoring device including;
  
  decrypting means for decrypting the content key (Kc) and the second content key (EKc) from the authoring key (CED) using the content identifier (CID) and the authoring key enabling key (CEK); and
  
  encrypting means for encrypting the content data (Content) using the decrypted content key (Kc) to generate encrypted content data (E (Kc, Content)).
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The authoring system as claimed in claim 1, further comprising packaging means for bundling the encrypted content data (E (Kc, Content)), the content identifier (CID), and the second content key (EKc) as a package.
  - 3. The authoring system as claimed in claim 1, wherein the content key (Kc) is obtained from the second content key (EKc) and the root key (Kroot), the content key (Kc) enabling decryption of the encrypted content data (E (Kc, Content)) and reproduction of the content data (Content) in a reproducing device holding the root key (Kroot) securely.
  - 4. The authoring system as claimed in claim 3, wherein the root key (Kroot) is incorporated in a content enabling key (EKB) encrypted by a device key (Kdevice) associated with the reproducing device, and the authoring key (CED) further includes the encrypted content enabling key (EKB).
  - 5. The authoring system as claimed in claim 1, wherein the authoring key (CED) further includes encrypted checksum data.
  - 6. The authoring system as claimed in claim 1, further comprising nullifying means for, upon updating of the authoring key (CED), nullifying the authoring key (CED) which has not been updated.
  - 7. The authoring system as claimed in claim 1, wherein the content data (Content) consists of main content data and additional data for the main content data.

8. An authoring key generator for generating an authoring key for authoring content data (Content), comprising:
- means for generating a content identifier (CID) uniquely allocated to each of the content data (Content);
  
  means for generating an authoring key enabling key (CEK) uniquely allocated to an authoring device for authoring the content data (Content); and
  
  means for generating an authoring key (CED) by encrypting a content key (Kc) and a second content key (EKc) using the content identifier (CID) and the authoring key enabling key (CEK), the content key (Kc) being for encrypting the content data (Content), and the second content key (EKc) being obtained by encrypting the content key using a root key (Kroot).
- View Dependent Claims (9, 10, 11, 12)
- - 9. The authoring key generator as claimed in claim 8, wherein the content key (Kc) is obtained from the second content key (EKc) and the root key (Kroot), the content key (Kc) enabling decryption of encrypted content data (E (Kc, Content)) and reproduction of the content data (Content) in a reproducing device holding the root key (Kroot) securely.
  - 10. The authoring key generator as claimed in claim 9, wherein the root key (Kroot) is incorporated in a content enabling key (EKB) encrypted by a device key (Kdevice) associated with the reproducing device, and the authoring key (CED) further includes the encrypted content enabling key (EKB).
  - 11. The authoring key generator as claimed in claim 8, wherein the authoring key (CED) further includes encrypted checksum data.
  - 12. The authoring key generator as claimed in claim 8, further comprising nullifying means for, upon updating of the authoring key (CED), nullifying the authoring key (CED) which has not been updated.

13. An authoring device for authoring content data (Content), comprising:
- content storing means for storing the content data (Content);
  
  key data storing means for storing key data, the key data including;
  
  a content identifier (CID) uniquely allocated to each of the content data (Content);
  
  an authoring key enabling key (CEK) uniquely allocated to the authoring device; and
  
  an authoring key (CED) obtained by encrypting a content key (Kc) and a second content key (EKc) using the content identifier (CID) and the authoring key enabling key (CEK), the content key (Kc) being for encrypting the content data (Content), and the second content key (Ekc) being obtained by encrypting the content key using a root key (Kroot);
  
  decrypting means for decrypting the content key (Kc) and the second content key (EKc) from the authoring key (CED) using the content identifier (CID) and the authoring key enabling key (CEK); and
  
  encrypting means for encrypting the content data (Content) using the decrypted content key (Kc) to generate encrypted content data (E (Kc, Content)).
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
- - 14. The authoring device as claimed in claim 13, further comprising packaging means for bundling the encrypted content data (E (Kc, Content)), the content identifier (CID) and the second content key (EKC) as a package.
  - 15. The authoring device as claimed in claim 14, wherein the packaging means adds fringe data for the content data (Content) to the package.
  - 16. The authoring device as claimed in claim 13, wherein the authoring key (CED) is encrypted by an authorized authoring key generator which is separate from the authoring device.
  - 17. The authoring device as claimed in claim 13, wherein the content key (Kc) is obtained from the second content key (EKc) and the root key (Kroot), the content key (Kc) enabling decryption of the encrypted content data (E (Kc, Content)) and reproduction of the content data (Content) in a reproducing device holding the root key (Kroot) securely.
  - 18. The authoring device as claimed in claim 17, wherein the root key (Kroot) is incorporated in a content enabling key (EKB) encrypted by a device key (Kdevice) associated with the reproducing device, and the authoring key (CED) further includes the encrypted content enabling key (EKB).
  - 19. The authoring device as claimed in claim 13, wherein the authoring key (CED) further includes encrypted checksum data.
  - 20. The authoring device as claimed in claim 13, further comprising nullifying means for, upon updating of the authoring key (CED), nullifying the authoring key (CED) which has not been updated.
  - 21. The authoring device as claimed in claim 13, wherein the content data (Content) consists of main content data and additional data for the main content data.

22. A method for authoring content data (Content), comprising:
- generating a content identifier (CID) uniquely allocated to each of the content data (Content);
  
  generating an authoring key enabling key (CEK) uniquely allocated to an authoring device for authoring the content data (Content);
  
  generating an authoring key (CED) by encrypting a content key (Kc) and a second content key (EKc) using the content identifier (CID) and the authoring key enabling key (CEK), the content key (Kc) being for encrypting the content data (Content), and the second content key (EKc) being obtained by encrypting the content key using a root key (Kroot);
  
  decrypting the content key (Kc) and the second content key (EKc) from the authoring key (CED) using the content identifier (CID) and the authoring key enabling key (CEK); and
  
  encrypting the content data (Content) using the decrypted content key (Kc) to generate encrypted content data (E (Kc, Content)).
- View Dependent Claims (23, 24, 25, 26)
- - 23. The authoring method as claimed in claim 22, further comprising bundling the encrypted content data (E (Kc, Content)), the content identifier (CID), and the second content key (EKc) as a package.
  - 24. The authoring method as claimed in claim 22, wherein the root key (Kroot) is incorporated in a content enabling key (EKB) encrypted by a device key (Kdevice) associated with a reproducing device capable of generating the content data (Content), and the authoring key (CED) includes the encrypted content enabling key (EKB).
  - 25. The authoring method as claimed in claim 22, wherein the authoring key (CED) includes encrypted checksum data.
  - 26. The authoring method as claimed in claim 22, further comprising nullifying the authoring key (CED) if the authoring key (CED) is not updated during a step of updating the authoring key (CED).

27. A data supply device for supplying content data stored in an information terminal to a given storage medium, the device comprising:
- key holding means for holding a first external authentication key securely;
  
  random number generating means for generating random numbers;
  
  encrypting means for encrypting the random numbers using the first external authentication key to generate first encrypted data;
  
  sending means for sending the random numbers to the information terminal;
  
  receiving means for receiving second encrypted data, the second encrypted data being obtained by encrypting the random numbers using a second external authentication key equal to the first external authentication key; and
  
  comparing means for comparing the first encrypted data with the second encrypted data.
- View Dependent Claims (28, 29, 30, 31)
- - 28. The data supply device as claimed in claim 27, wherein the comparing means enables the content data to be supplied to the given storage medium when the first encrypted data coincides with the second encrypted data.
  - 29. The data supply device as claimed in claim 27, wherein the second external authentication key is previously stored in the information terminal and the second encrypted data is formed in the information terminal.
  - 30. The data supply device as claimed in claim 27, wherein the information terminal acquires the second external authentication key from a key control unit and the second encrypted data is formed in the information terminal.
  - 31. The data supply device as claimed in claim 27, wherein the random numbers are sent through the information terminal to a key control unit, and the second encrypted data is obtained by encrypting the random numbers within the key control unit using the second external authentication key.

32. An information terminal for storing content data to be distributed, comprising:
- first encrypting means for controlling encryption of random numbers generated within a data supply device using a first external authentication key securely held within the data supply device to generate first encrypted data;
  
  second encrypting means for receiving the random numbers from the data supply device and for acquiring second encrypted data by encrypting the random numbers using a second external authentication key equal to the first external authentication key; and
  
  licensing means for permitting the data supply device to supply the content data to a given storage medium only when the first encrypted data coincides with the second encrypted data.
- View Dependent Claims (33, 34, 35)
- - 33. The information terminal as claimed in claim 32, wherein the second encrypting means stores the second external authentication key in advance and generates the second encrypted data within the information terminal.
  - 34. The information terminal as claimed in claim 32, wherein the second encrypting means obtains the second external authentication key from a key control unit and generates the second encrypted data within the information terminal.
  - 35. The information terminal as claimed in claim 32, wherein the second encrypting means sends the random numbers to a key control unit and acquires the second encrypted data from the key control unit.

36. A data supply device, comprising:
- recording means for recording content data recorded in an information terminal to a given storage medium;
  
  data record control means for controlling operation of the recording means;
  
  first authentication means for determining whether the content data has been generated by a legal authoring system; and
  
  second authentication means for performing a mutual check between the recording means and the data record control means, wherein the data record control means controls the recording means to record the content data to the given storage medium only when the content data has been generated by a legal authoring system and the mutual check is successful.
- View Dependent Claims (37, 38, 39, 40)
- - 37. The data supply device as claimed in claim 36, wherein the first authentication means determines whether the content data has been generating by a legal authoring system by referring to a MAC written in the content data by the legal authoring system.
  - 38. The data supply device as claimed in claim 36, wherein the second authentication means transfers a content enabling key (EKB), obtained by encrypting a root key (Kroot) using a device key (Kdevice) of the legal authoring system, to the data record control means and the recording means;
    - the data record control means decrypts the root key (Kroot) using a device key (Kdevice) of the data record control means to obtain a first decrypted root key; and
      
      the recording means decrypts the root key (Kroot) using a device key (Kdevice) of the recording means to obtain a second decrypted root key;
      
      wherein the mutual check is successful when the first decrypted root key coincides with the second decrypted root key.
  - 39. The data supply device as claimed in claim 36, further comprising reproduction control means for controlling reproduction of the content data in the given storage medium.
  - 40. The data supply device as claimed in claim 39, wherein the recording means records plural content data to the given storage medium, and the reproduction control means permits reproduction of the plural content data only after the plural content data has been recorded to the given storage medium.

41. A method for supplying content data stored in an information terminal to a given storage medium, the method comprising:
- generating random numbers;
  
  encrypting the random numbers using a securely held first external authentication key to generate first encrypted data;
  
  sending the random numbers to the information terminal;
  
  encrypting the random numbers using a second external authentication key equal to the first external authentication key;
  
  receiving the second encrypted data from the information terminal; and
  
  comparing the first encrypted data with the second encrypted data.
- View Dependent Claims (42, 43, 44, 45)
- - 42. The content data supply method as claimed in claim 41, further comprising:
    - supplying the content data to the storage medium when the first encrypted data coincides with the second encrypted data.
  - 43. The content data supply method as claimed in claim 41, further comprising:
    - storing the second external authentication key in the information terminal prior to the step of encrypting the random numbers within the information terminal.
  - 44. The content data supply method as claimed in claim 41, further comprising:
    - supplying the second external authentication key from a key control unit to the information terminal prior to the step of encrypting the random numbers within the information terminal.
  - 45. The content data supply method as claimed in claim 41, further comprising:
    - sending the random numbers through the information terminal to a key control unit; and
      
      encrypting the random numbers within the key control unit using the second external authentication key.

46. An information supply method used in a data supply device having recording means for recording content data from an information terminal to a given storage medium and data record control means for controlling operation of the recording means, the method comprising:
- determining whether the content data has been generated by a legal authoring system;
  
  performing a mutual check between the recording means and the data record control means; and
  
  recording the content data to the given storage medium only when the content data has been generated by a legal authoring system and the mutual check is successful.
- View Dependent Claims (47, 48, 49, 50)
- - 47. The information supply method as claimed in claim 46, wherein the step of determining whether the content data has been generated by a legal authoring system includes referring to a MAC written in the content data by the legal authoring system.
  - 48. The information supply method as claimed in claim 46, wherein the second authentication step includes transferring a content enabling key (EKB), obtained by encrypting a root key (Kroot) using a device key (Kdevice) of the legal authoring system, to the data record control means and the recording means;
    - decrypting the root key (Kroot) using a device key (Kdevice) of the data record control means to obtain a first decrypted root key; and
      
      decrypting the root key (Kroot) using a device key (Kdevice) of the recording means to obtain a second decrypted root key; and
      
      wherein the mutual check is successful when the first decrypted root key coincides with the second decrypted root key.
  - 49. The information supply method as claimed in claim 46, further comprising:
    - reproducing the content data in the given storage medium.
  - 50. The information supply method as claimed in claim 49, wherein the recording step includes recording plural content data to the given storage medium, and the reproducting step reproduces the plural content data only after the plural content data has been recorded to the given storage

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sony Corporation (Sony Group Corp.)
Original Assignee
Sony Corporation (Sony Group Corp.)
Inventors
Yamanaka, Yasuhiro, Yoshino, Kenji, Hisamatsu, Fumiaki, Ueno, Shinichi, Yoshitomi, Kazunori

Granted Patent

US 7,328,458 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/247
CPC Class Codes

H04L 2463/101   applying security measures ...

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/104   Grouping of entities

H04L 9/40   Network security protocols

Authoring system, authoring key generator, authoring device, authoring method, and data supply device, information terminal and information distribution method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

40 Citations

50 Claims

Specification

Solutions

Use Cases

Quick Links

Authoring system, authoring key generator, authoring device, authoring method, and data supply device, information terminal and information distribution method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

50 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links