Data transmitting apparatus, data receiving apparatus, data transmission system and data transmission method

US 20030226011A1
Filed: 05/28/2003
Published: 12/04/2003
Est. Priority Date: 05/29/2002
Status: Active Grant

First Claim

Patent Images

1. A data transmitting apparatus for transmitting data to a data receiving apparatus via a communication interface using an asynchronous communication method, the data transmitting apparatus comprising:

a connection establishment unit operable to establish a logical transmission path between the data transmitting apparatus and the data receiving apparatus by exchanging information with the data receiving apparatus;

a device authentication unit operable to perform a device authentication for the data receiving apparatus (i) before the logical transmission path is established, (ii) in process of establishing the logical transmission path, or (iii) after the logical transmission path is established;

an encryption key sharing unit operable to generate an encryption key based on a result of the device authentication performed by the device authentication unit and allow shared use of the generated encryption key between the data transmitting apparatus and the data receiving apparatus, and a data transmission unit operable to encrypt the data using the shared encryption key and transmit the encrypted data to the data receiving apparatus.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A Controller 20 sends to a Consumer 40 a command for reserving a plug/port in order to send/receive data using an Asynchronous transmission (Step 211) and receives information on a port connecting from the Consumer 40 (Step 212). The Controller 20 further sends to a Producer 30 a command for reserving a port/plug for sending content or the like (Step 213) and receives from the Producer 30 information on a Producer plug/port used for transmission (Step 214). After this, the Controller 20 notifies the Consumer 40 of the information on the port of the Producer 30 (Step 215) and receives a response from the Consumer 40 (Step 216). Next, the Consumer 40 issues a device authentication request command to the Producer 30 (Step 219) and they perform mutual device authentication and exchange of keys (Step 217).

89 Citations

View as Search Results

46 Claims

1. A data transmitting apparatus for transmitting data to a data receiving apparatus via a communication interface using an asynchronous communication method, the data transmitting apparatus comprising:
- a connection establishment unit operable to establish a logical transmission path between the data transmitting apparatus and the data receiving apparatus by exchanging information with the data receiving apparatus;
  
  a device authentication unit operable to perform a device authentication for the data receiving apparatus (i) before the logical transmission path is established, (ii) in process of establishing the logical transmission path, or (iii) after the logical transmission path is established;
  
  an encryption key sharing unit operable to generate an encryption key based on a result of the device authentication performed by the device authentication unit and allow shared use of the generated encryption key between the data transmitting apparatus and the data receiving apparatus, and a data transmission unit operable to encrypt the data using the shared encryption key and transmit the encrypted data to the data receiving apparatus.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 2. The data transmitting apparatus according to claim 1, wherein the device authentication unit includes at least one of a first device authentication unit operable to judge whether or not the data receiving apparatus is an unauthorized apparatus, a second device authentication unit operable to judge whether or not said data receiving apparatus is not an unauthorized and is a valid apparatus, and a third device authentication unit operable to judge whether or not the data receiving apparatus is a valid apparatus, and the encryption key information sharing unit allows shared use of the encryption key in one of the cases:
    - (i) when the first device authentication unit judges that the data receiving apparatus is not an unauthorized apparatus, (ii) when the second device authentication unit judges that the data receiving apparatus is not an unauthorized apparatus and is a valid apparatus, and (iii) when the third device authentication unit judges that the data receiving apparatus is a valid apparatus.
  - 3. The data transmitting apparatus according to claim 1, wherein the device authentication unit performs the device authentication when detecting that the data transmitting apparatus and the data receiving apparatus are electrically connected.
  - 4. The data transmitting apparatus according to claim 1, wherein the device authentication unit includes:
    - a time keeping unit operable to measure an elapsed time since the logical transmission path is established;
      
      an authentication request reception unit operable to receive a device authentication request from the data receiving apparatus;
      
      a request determination unit operable to determine whether the authentication request reception unit has received the device authentication request until a specified time has been measured by the time keeping unit;
      
      a receiving apparatus mode notification unit operable to send a device authentication non-acceptance notice to the data receiving apparatus when the request determination unit determines that the authentication request reception unit has not received the device authentication request until the specified time has been measured by the time keeping unit.
  - 5. The data transmitting apparatus according to claim 1, wherein the device authentication unit performs the device authentication each time the logical transmission path is established by the connection establishment unit, and the encryption key sharing unit generates the encryption key and allows the shared use of the generated encryption key.
  - 6. The data transmitting apparatus according to claim 1 further comprising:
    - a transmission mode notification unit operable to notify the data receiving apparatus of a transmission mode which is one of (i) an encryption mode to encrypt and transmit data and (ii) a normal mode to transmit data without performing encryption, wherein the device authentication unit performs a device authentication for the data receiving apparatus when the transmission mode notification unit notifies the data receiving apparatus of the encryption mode, and the data transmission unit encrypts and transmits the data when the transmission mode notification unit has notified the data receiving apparatus of the encryption mode, and transmits the data without performing encryption when the transmission mode notification unit has notified the data receiving apparatus of the normal mode.
  - 7. The data transmitting apparatus according to claim 6, wherein the device authentication unit includes at least one of a first device authentication unit operable to judge whether or not the data receiving apparatus is an unauthorized apparatus, a second device authentication unit operable to judge whether or not said data receiving apparatus is not an unauthorized apparatus and is a valid apparatus, and the third device authentication unit operable to judge whether or not the data receiving apparatus is a valid apparatus, and the encryption key information sharing unit allows shared use of an encryption key in one of the cases:
    - (i) when the first device authentication unit judges that the data receiving apparatus is not an unauthorized apparatus, (ii) when the second device authentication unit judges that the data receiving apparatus is not an unauthorized apparatus and is a valid apparatus, and (iii) when the third device authentication unit judges that the data receiving apparatus is a valid apparatus.
  - 8. The data transmitting apparatus according to claim 6 further comprising:
    - a receiving apparatus mode notification unit operable to send a device authentication non-acceptance notice to the data receiving apparatus when the data reception unit does not respond normally to the notice sent by the transmission mode notification unit.
  - 9. The data transmitting apparatus according to claim 8, wherein the data transmission unit does not transmit data when the receiving apparatus mode notification unit sends the device authentication non-acceptance notice.
  - 10. The data transmitting apparatus according to claim 8, wherein the data transmission unit transmits only the data which need not be encrypted when the receiving apparatus mode notification unit sends the device authentication non-acceptance notice.
  - 11. The data transmitting apparatus according to claim 8 further comprising:
    - a transmission path releasing unit operable to release the transmission path when the receiving apparatus mode notification unit sends the device authentication non-acceptance notice.
  - 12. The data transmitting apparatus according to claim 1, wherein the data to be transmitted consists of a set of frames, each of which is a logical transmitting unit, and the data transmission unit updates the encryption key, encrypts the frame using the updated encryption key and transmits the encrypted frame to the data receiving apparatus for each frame.
  - 13. The data transmitting apparatus according to claim 12, wherein the frame is the data to be transmitted from the data transmitting apparatus to the data receiving apparatus corresponding to a single send request issued from the data receiving apparatus to the data transmitting apparatus.
  - 14. The data transmitting apparatus according to claim 12, wherein the data transmission unit further updates the encryption key using a predetermined amount of unit when the frame is bigger than the predetermined amount.
  - 15. The data transmitting apparatus according to claim 12 further comprising:
    - a frame division unit operable to divide the frame into packets, each of which is a physical transmitting unit; and
      
      a packet header addition unit operable to add, to the packet, a packet header containing information on the packet.
  - 16. The data transmitting apparatus according to claim 15, wherein the data transmission unit encrypts the frame in blocks, each of which is a certain amount of data and adds padding data to the predetermined packet composing the frame and has the packet header of the packet contain information on effective data size so that the frame may become integer multiple of the block when the frame is not integer multiple of the block.
  - 17. The data transmitting apparatus according to claim 16, wherein the data size of the packet header is integer multiple of the block.
  - 18. The data transmitting apparatus according to claim 15, wherein the packet header addition unit adds, to the packet, a packet header containing an encryption mode identifier showing a type of encryption being performed for the packet, the frame consists of a plurality of files, and the data transmitting apparatus further comprises a packet adjustment unit operable to add padding data to the last packet so that the data size of the last packet is adjusted to be the same as the data size of other packets in each of the files other than the file containing the last packet of the frame when the encryption mode identifiers of the plurality of files differ.
  - 19. The data transmitting apparatus according to claim 15, wherein the packet header addition unit adds, to the packet, the packet header containing the encryption mode identifier showing the type of encryption being performed for the packet, the frame consists of a plurality of files, and the data transmission unit transmits a file of which an encryption mode identifier differs with the use of another frame when the encryption mode identifiers of the plurality of files differ.
  - 20. The data transmitting apparatus according to claim 1, wherein the data to be transmitted consists of frames, each of which is a logical transmitting unit, the data transmitting apparatus further comprises:
    - a frame division unit operable to divide the frame into packets, each of which is a physical transmitting unit and a packet header addition unit operable to add, to the packet, a packet header containing a content type identifier showing a handling method in the data receiving apparatus which has received the packet, and the data transmission unit encrypts a packet to which the packet header is added and transmits the encrypted packet.
  - 21. The transmitting apparatus according to claim 20, wherein the frame consists of a plurality of files, and the data transmitting apparatus further comprises a packet adjustment unit operable to add padding data to the last packet so that the data size of the last packet is adjusted to be the same as the data size of other packets in each of the files other than the file containing the last packet of the frame when the content type identifiers of the plurality of files differ.
  - 22. The data transmitting apparatus according to claim 21, wherein the data to be transmitted consists of a plurality of frames, the data transmission unit updates the encryption key, encrypts the frame using the updated encryption key and transmits the encrypted frame to the data receiving apparatus, for each frame.
  - 23. The data transmitting apparatus according to claim 20, wherein the frame consists of a plurality of files, and the data transmission unit sends the file of which a content type identifier differs using another frame when the content type identifiers of the plurality of files differ.
  - 24. The data transmitting apparatus according to claim 23, wherein the data to be transmitted consists of a plurality of frames, and the data transmission unit updates the encryption key, encrypts the frame using the updated encryption key and transmits the encrypted frame to the data receiving apparatus, for each frame.
  - 25. The data transmitting apparatus according to claim 1, wherein the communication interface is an IEEE1394 interface, and the asynchronous communication method is an Asynchronous communication method complying with the IEEE1394.

26. A data transmitting apparatus for transmitting data to a data receiving apparatus via a communication interface, the data transmitting apparatus comprising:
- a device authentication unit operable to perform a device authentication for the data receiving apparatus in order to establish two or more than two logical transmission paths allowing simultaneous and independent data transmissions between the data transmitting apparatus and the data receiving apparatus;
  
  a first data transmission unit operable to transmit the data to the data receiving apparatus via a first logical transmission path established by the device authentication performed by the device authentication unit; and
  
  a second data transmission unit operable to transmit the data to the data receiving apparatus via a second logical transmission path established by the device authentication performed by the device authentication unit, and wherein the device authentication unit performs a device authentication only for the first logical transmission path, generates an encryption key based on a result of the device authentication and allows shared use of the generated encryption key between the data transmitting apparatus and the data receiving apparatus, and both of the first and the second data transmission units encrypt data using the encryption key made sharable by the device authentication unit and transmit the encrypted data to the data receiving apparatus.
- View Dependent Claims (27)
- - 27. The data transmitting apparatus according to claim 26, wherein the first logical transmission path is a transmission path established by an asynchronous communication method, and the second logical transmission path is a transmission path established by an isochronous communication method.

28. A data receiving apparatus for receiving data from a data transmitting apparatus via a communication interface using an asynchronous communication method, the data receiving apparatus comprising:
- a connection establishment unit operable to establish a logical transmission path between the data transmitting apparatus and the data receiving apparatus by exchanging information with the data transmitting apparatus;
  
  a device authentication unit operable to perform a device authentication so that the data transmitting apparatus may authenticate the data receiving apparatus (i) before the logical transmission path is established, (ii) in process of establishing the logical transmission path, or (iii) after the logical transmission path is established;
  
  an encryption key sharing unit operable to generate an encryption key based on a result of the device authentication performed by the device authentication unit and allow shared use of the generated encryption key between the data transmitting apparatus the data receiving apparatus; and
  
  a data reception unit operable to receive the data to be transmitted from the data transmitting apparatus and decrypt the received data using the encryption key made sharable by the encryption key sharing unit.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 29. The data receiving apparatus according to claim 28, wherein the device authentication unit includes:
    - a time keeping unit operable to measure an elapsed time from the time when the logical transmission path is established;
      
      a transmission mode notice reception unit operable to receive a notice of a transmission mode which is one of (i) an encryption mode to encrypt and transmit data and (ii) a normal mode to transmit data without performing encryption; and
      
      a notice determination unit operable to determine whether the transmission mode notice reception unit receives the notice of the encryption mode until the time keeping unit has measured a specified time, and wherein the data reception unit decrypts the data transmitted from the data transmitting apparatus using the encryption key when the notice determination unit determines that the transmission mode notice reception unit has received the notice of the encryption mode and treats the data transmitted from the data transmitting apparatus as unencrypted data and does not decrypt the data when the notice determination unit determines that the transmission mode notice reception unit has not received the notice of the encryption mode and the transmission mode notice reception unit has received the notice of the normal mode.
  - 30. The data receiving apparatus according to claim 28, wherein the device authentication unit performs the device authentication when detecting that the data receiving apparatus and the data transmitting apparatus are connected electrically.
  - 31. The data receiving apparatus according to claim 28, wherein the data reception unit treats the data to be transmitted from the data transmitting apparatus as unencrypted data and does not decrypt the data when the device authentication performed by the data transmitting apparatus for the data receiving apparatus is refused in the device authentication performed by the device authentication unit.
  - 32. The data receiving apparatus according to claim 28, wherein the data to be transmitted from the data transmitting apparatus consists of a set of frames, each of which is a logical transmitting unit, and the data reception unit updates the encryption key and decrypts the frame using the updated encryption key for each frame composing the received data.
  - 33. The data receiving apparatus according to claim 32, wherein the data reception unit further updates the encryption key using a unit of a predetermined amount when the frame is larger than the predetermined amount.
  - 34. The data receiving apparatus according to claim 32, wherein the data reception unit further updates the encryption key based on encryption key update information contained in a predetermined header, which is not encrypted, in the frame when the frame is larger than a predetermined amount.
  - 35. The data receiving apparatus according to claim 32, wherein the frame consists of a set of packets, each of which is a physical transmitting unit, the packet consists of a packet body in which the data to be transmitted from the data transmitting apparatus to the data receiving apparatus is contained being encrypted and a packet header containing non-encryption information on the packet, and the data reception unit decrypts the frame after deleting the packet header from the frame composing the received data.
  - 36. The data receiving apparatus according to claim 35, wherein an effective data length showing an effective length of the data contained in the packet body is contained in the packet header, and the data reception unit extracts the effective data length from the packet header composing the received data, calculates an encrypted data length showing the size of the encrypted data contained in the packet body using the extracted effective data length and decrypts the encrypted data equivalent to the calculated encrypted data length.
  - 37. The data receiving apparatus according to claim 28, wherein the data to be transmitted from the data transmitting apparatus consists of a set of packets, each of which is a physical transmitting unit, the packet consists of a packet body in which the data to be transmitted from the data transmitting apparatus to the data receiving apparatus is contained being encrypted and a packet header containing a content type identifier which shows a handling method in the data receiving apparatus that has received the packet, the data reception unit further extracts the content type identifier from the packet header of the received data, and the data receiving apparatus further comprises a data processing unit operable to process the data received by the data reception unit using a processing method corresponding to the content type identifier extracted by the data reception unit.
  - 38. The data receiving apparatus according to claim 37, wherein the data processing unit adds, to the data, an encryption mode identifier showing a type of encryption and print out the data based on it when the content type identifier shows a predetermined value.
  - 39. The data receiving apparatus according to claim 28, wherein the communication interface is an IEEE1394 interface, and the asynchronous communication method is an Asynchronous communication method complying with the IEEE1394.

40. A data transmission system comprising a data transmitting apparatus and a data receiving apparatus that are connected via a communication interface, wherein the data transmitting apparatus includes:
- a first connection establishment unit operable to establish a logical transmission path between the data transmitting apparatus and the data receiving apparatus by exchanging information with the data receiving apparatus;
  
  a first device authentication unit operable to perform a device authentication to the data receiving apparatus (i) before the logical transmission path is established, (ii) in process of establishing the logical transmission path, or (iii) after the logical transmission path is established;
  
  a first encryption key sharing unit operable to generate an encryption key based on a result of the device authentication performed by the first device authentication unit and allow shared use of the generated encryption key between the data transmitting apparatus and the data receiving apparatus; and
  
  a data transmission unit operable to encrypt data using the shared encryption key and transmit the encrypted data to the data receiving apparatus using an asynchronous communication method, and the data receiving apparatus includes;
  
  a second connection establishment unit operable to establish a logical transmission path between the data transmitting apparatus and the data receiving apparatus by exchanging information with the data transmitting apparatus;
  
  a second device authentication unit operable to perform a device authentication so that the data transmitting apparatus may authenticate the data receiving apparatus (i) before the logical transmission path is established, (ii) in process of establishing the logical transmission path, or (iii) after the logical transmission path is established;
  
  a second encryption key sharing unit operable to generate an encryption key based on a result of the device authentication performed by the second device authentication unit and allow share use of the generated encryption key between the data transmitting apparatus and the data receiving apparatus; and
  
  a data reception unit operable to receive data transmitted from the data transmitting apparatus using the asynchronous communication method and decrypt the received data using the encryption key made sharable by the second encryption key sharing unit.

41. A data transmission method for transmitting data to a data receiving apparatus via a communication interface using an asynchronous communication method, the data transmission method comprising:
- a connection establishment step for establishing a logical transmission path between the data receiving apparatus and the data transmitting apparatus by exchanging information with the data receiving apparatus;
  
  a device authentication step for performing a device authentication for the data receiving apparatus (i) before the logical transmission path is established, (ii) in process of establishing the logical transmission path, or (iii) after the logical transmission path is established;
  
  an encryption key sharing step for generating an encryption key based on a result of the device authentication performed in the device authentication step and allowing share use of the generated encryption key between the data transmitting apparatus and the data receiving apparatus; and
  
  a data transmitting step for encrypting the data using the shared encryption key and transmitting the encrypted data to the data receiving apparatus.

42. A data transmission method for transmitting data to a data receiving apparatus via a communication interface, the data transmission method comprising:
- a device authentication step for performing a device authentication for the data receiving apparatus in order to establish two logical transmission paths allowing simultaneous and independent data transmissions between the data receiving apparatus and the data transmitting apparatus;
  
  a first data transmitting step for transmitting the data to the data receiving apparatus via a first logical transmission path established by the device authentication in the device authentication step; and
  
  a second data transmitting step for transmitting the data to the data receiving apparatus via a second logical transmission path established by the device authentication in the device authentication step, and wherein in the device authentication step, a device authentication is performed only for the first logical transmission path, an encryption key is generated based on a result of the device authentication, and the generated encryption key is shared between the data transmitting apparatus and the data receiving apparatus, and in both of the first and the second data transmitting steps, the data is encrypted using the encryption key shared in the device authentication step and sent to the data receiving apparatus.

43. A data reception method for receiving data from a data transmitting apparatus via a communication interface using an asynchronous communication method, the data reception method comprising:
- a connection establishing step for establishing a logical transmission path between the data transmitting apparatus and a data receiving apparatus by exchanging information with the data transmitting apparatus;
  
  a device authentication step for performing a device authentication so that the data transmitting apparatus may authenticate the data receiving apparatus (i) before the logical transmission path is established, (ii) in process of establishing the logical transmission path, or (iii) after the logical transmission path is established;
  
  an encryption key sharing step for generating an encryption key based on a result of the device authentication in the device authentication step and allowing shared use of the generated encryption key between the data transmitting apparatus and the data receiving apparatus; and
  
  a data receiving step for receiving the data to be transmitted from the data transmitting apparatus and decrypting the received data using the encryption key made sharable in the encryption key sharing step.

44. A program for a data transmitting apparatus for transmitting data to a data receiving apparatus via a communication interface using an asynchronous communication method, the program comprising:
- a connection establishing step for establishing a logical transmission path between the data receiving apparatus and the data transmitting apparatus by exchanging information with the data receiving apparatus;
  
  a device authentication step for performing a device authentication for the data receiving apparatus (i) before the logical transmission path is established, (ii) in process of establishing the logical transmission path, or (iii) after the logical transmission path is established;
  
  an encryption key sharing step for generating an encryption key based on a result of the device authentication in the device authentication step and allowing shared use of the generated encryption key between the data transmitting apparatus and the data receiving apparatus; and
  
  a data transmitting step for encrypting the data using the shared encryption key and transmitting the encrypted data to the data receiving apparatus.

45. A program for a data transmitting apparatus for transmitting data to a data receiving apparatus via a communication interface, the program comprising:
- a device authentication step for performing a device authentication for the data receiving apparatus in order to establish two logical transmission paths allowing simultaneous and independent data transmissions between the data transmitting apparatus and the data receiving apparatus;
  
  a first data transmitting step for transmitting the data to the data receiving apparatus via a first logical transmission path established by the device authentication in the device authentication step;
  
  a second data transmitting step for transmitting the data to the data receiving apparatus via a second logical transmission path established by the device authentication in the device authentication step, and in the device authentication step, a device authentication is performed only for the first logical transmission path, an encryption key is generated based on a result of the device authentication, and the generated encryption key is shared between the data transmitting apparatus and the data receiving apparatus, and in the first and the second data transmitting steps, the data is encrypted using the encryption key made sharable in the device authentication step and transmitted to the data receiving apparatus.

46. A program for a data receiving apparatus receiving data from a data transmitting apparatus via a communication interface using an asynchronous communication method, the program comprising:
- a connection establishing step for establishing a logical transmission path between the data transmitting apparatus and the data receiving apparatus by exchanging information with the data transmitting apparatus;
  
  a device authentication step for performing a device authentication so that the data transmitting apparatus may authenticate the data receiving apparatus (i) before the logical transmission path is established, (ii) in process of establishing the logical transmission path, or (iii) after the logical transmission path is established;
  
  an encryption key sharing step for generating an encryption key based on a result of the device authentication in the device authentication step and allowing shared use of the generated encryption key between the data transmitting apparatus and the data receiving apparatus; and
  
  a data receiving step for receiving the data to be transmitted from the data transmitting apparatus and decrypting the received data using the encryption key made sharable in the encryption key sharing step.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Matsushita Electric Industrial Company Limited (Panasonic Holdings Corporation)
Original Assignee
Matsushita Electric Industrial Company Limited (Panasonic Holdings Corporation)
Inventors
Kuwano, Hideyuki, Iitsuka, Hiroyuki

Granted Patent

US 7,380,118 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

G06F 21/10   Protecting distributed prog...

H04L 12/40104   Security; Encryption; Conte...

H04L 2209/60   Digital content management,...

H04L 2463/061   applying further key deriva...

H04L 2463/101   applying security measures ...

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 69/16   Implementation or adaptatio...

H04L 69/168   specially adapted for link ...

H04L 9/0844   with user authentication or...

H04L 9/0891   Revocation or update of sec...

Data transmitting apparatus, data receiving apparatus, data transmission system and data transmission method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

89 Citations

46 Claims

Specification

Use Cases

Quick Links

Others

Data transmitting apparatus, data receiving apparatus, data transmission system and data transmission method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

89 Citations

46 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others