Client apparatus and content processing method in client apparatus, and content provision system

US 20050076232A1
Filed: 07/30/2004
Published: 04/07/2005
Est. Priority Date: 08/01/2003
Status: Abandoned Application

First Claim

Patent Images

1. A client apparatus that is connectable to a network for receiving content data and key information from a server connected to the network, the client apparatus comprising:

an interface unit operable to capture encrypted content data sent from the server via the network, and key information in which a content key used for generating the encrypted content data is encrypted and stored;

a content data using unit operable to receive the encrypted content data captured by the interface unit, to decrypt the encrypted content data, and to use the content data;

an authority managing unit operable to extract the content key from the key information captured by the interface unit; and

a common bus operable to connect the interface unit, the content data using unit, and the authority managing unit and to transmit at least the encrypted content data and the key information, wherein the authority managing unit encrypts the content key using a distribution key to obtain a second encrypted content key and distributes the second encrypted content key to the content data using unit, and the content data using unit decrypts the second encrypted content key using the distribution key to obtain a decrypted content key, decrypts the encrypted content data using the decrypted content key, and uses the content data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A client apparatus can protect a content key, which is required for decrypting encrypted content, from a malicious third party. In the client apparatus, an authority managing unit and a content using unit share a session key (distribution key) provided in common to all apparatuses before shipment. Therefore, when the authority managing unit sends a content key to the content using unit, the authority managing unit encrypts the content key with the session key that the authority managing unit itself has. Then, the authority managing unit sends the encrypted content key to the content using unit via a common bus. The content using unit, having received the encrypted content key, decrypts the encrypted content key with the session key, which the content using unit itself also has, to obtain the content key.

Citations

16 Claims

1. A client apparatus that is connectable to a network for receiving content data and key information from a server connected to the network, the client apparatus comprising:
- an interface unit operable to capture encrypted content data sent from the server via the network, and key information in which a content key used for generating the encrypted content data is encrypted and stored;
  
  a content data using unit operable to receive the encrypted content data captured by the interface unit, to decrypt the encrypted content data, and to use the content data;
  
  an authority managing unit operable to extract the content key from the key information captured by the interface unit; and
  
  a common bus operable to connect the interface unit, the content data using unit, and the authority managing unit and to transmit at least the encrypted content data and the key information, wherein the authority managing unit encrypts the content key using a distribution key to obtain a second encrypted content key and distributes the second encrypted content key to the content data using unit, and the content data using unit decrypts the second encrypted content key using the distribution key to obtain a decrypted content key, decrypts the encrypted content data using the decrypted content key, and uses the content data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A client apparatus according to claim 1, wherein the distribution key is stored in the authority managing unit and in the content data using unit in advance, the authority managing unit encrypts the content key using the distribution key stored in the authority managing unit, and the content using unit decrypts the second encrypted content key using the distribution key stored in the content using unit.
  - 3. A client apparatus according to claim 2, wherein the second encrypted content key is distributed to the content key using unit by the common bus.
  - 4. A client apparatus according to claim 1, wherein the authority managing unit comprises a tamper resistant semiconductor element.
  - 5. A client apparatus according to claim 1, wherein a common key is stored in the authority managing unit and in the content using unit in advance, the content data using unit generates the distribution key, encrypts the distribution key using the common key stored in the content data unit, and passes the encrypted distribution key to the authority managing unit through the common bus, and the authority managing unit decrypts the encrypted distribution key using the common key stored in the authority managing unit.
  - 6. A client apparatus according to claim 5, wherein the distribution key is generated using a random number.
  - 7. A client apparatus according to claim 5, wherein the authority managing unit encrypts the content key using the decrypted distribution key to obtain the second encrypted content key, and the second encrypted content key is distributed to the content using unit through the common bus.
  - 8. A client apparatus according to claim 1, further comprising a dedicated bus that directly connects the authority managing unit and the content using unit, wherein the second encrypted content key is distributed from the authority managing unit to the content using unit through the dedicated bus.

9. A content processing method in a client apparatus that is connectable to a network for receiving content data and key information from a server connected to the network, the content processing method comprising:
- a receiving step of receiving encrypted content data sent from the server via the network, and key information in which a content key used for generating the encrypted content data is encrypted and stored;
  
  an authority managing step of;
  
  extracting the content key from the key information; and
  
  encrypting the content key using a distribution key to obtain a second encrypted content key; and
  
  a content data using step of;
  
  receiving the second encrypted content key from the authority managing step;
  
  decrypting the second encrypted content key using the distribution key to obtain a decrypted content key;
  
  decrypting the encrypted content data using the decrypted content key; and
  
  using the content data.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. A content processing method according to claim 9, wherein the authority managing step further includes:
    - storing the distribution key in advance; and
      
      encrypting the content key using the distribution key stored in advance; and
      
      the content data using step further includes;
      
      storing the distribution key in advance; and
      
      decrypting the second encrypted content key using the distribution key stored in advance.
  - 11. A content processing method according to claim 10, wherein the second encrypted content key is distributed from the authority managing step to the content data using step through a common bus.
  - 12. A content processing method according to claim 9, wherein:
    - the content data using step further includes;
      
      storing a common key in advance;
      
      generating the distribution key; and
      
      encrypting the distribution key using the common key stored in advance; and
      
      the authority managing step further includes;
      
      storing the common key in advance;
      
      receiving the encrypted distribution key from the content data using step; and
      
      decrypting the encrypted distribution key using the common key stored in advance.
  - 13. A content processing method according to claim 12, wherein the distribution key is generated using a random number.
  - 14. A content processing method according to claim 12, wherein the authority managing step further includes:
    - encrypting the content key using the decrypted distribution key to obtain the second encrypted content key; and
      
      sending the second encrypted content key to the content data using step.
  - 15. A content processing method according to claim 9, wherein the step of sending the second encrypted content key from the authority managing step to the content data using step is conducted through a dedicated bus.

16. A content provision system, comprising:
- a client apparatus; and
  
  a server connected to the client apparatus via a network for providing content to the client apparatus, the client apparatus including;
  
  an interface unit operable to capture encrypted content data sent from the server via the network, and key information in which a content key used for generating the encrypted content data is encrypted and stored;
  
  a content data using unit operable to receive the encrypted content data captured by the interface unit, to decrypt the encrypted content data, and to use the content data;
  
  an authority managing unit operable to extract the content key from the key information captured by the interface unit; and
  
  a common bus operable to connect the interface unit, the content data using unit, and the authority managing unit, and to transmit at least the encrypted content data and the key information, wherein the authority managing unit encrypts the content key using a distribution key to obtain a second encrypted content key and distributes the second encrypted content key to the content data using unit, and the content data using unit decrypts the second encrypted content key using the distribution key to obtain a decrypted content key, decrypts the encrypted content data using the decrypted content key, and uses the content data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sony Corporation (Sony Group Corp.)
Original Assignee
Sony Corporation (Sony Group Corp.)
Inventors
Kawaguchi, Takayoshi

Application Number

US10/909,130
Publication Number

US 20050076232A1
Time in Patent Office

Days
Field of Search
US Class Current

726/29
CPC Class Codes

G06F 21/109   by using specially-adapted ...

G06F 2221/2107   File encryption

H04L 2209/60   Digital content management,...

H04L 2463/062   applying encryption of the ...

H04L 2463/101   applying security measures ...

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 63/12   Applying verification of th...

H04L 9/0822   using key encryption key

H04L 9/083   involving central third par...

H04L 9/0836   using tree structure or hie...

H04L 9/0891   Revocation or update of sec...

Client apparatus and content processing method in client apparatus, and content provision system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Client apparatus and content processing method in client apparatus, and content provision system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links