Information processing apparatus and method

US 20080141032A1
Filed: 12/19/2007
Published: 06/12/2008
Est. Priority Date: 07/06/2000
Status: Active Grant

First Claim

Patent Images

1. An information processing apparatus for carrying out secure transmission of content to another apparatus over a network, said information processing apparatus comprising:

an encryption unit operable to encrypt the content;

an authentication unit operable to receive authentication information from the another apparatus when the another apparatus requests permission to receive the encrypted content, and to determine whether the authentication information is valid;

a first obtaining unit operable to obtain identification information of the another apparatus from the authentication information when the authentication information is valid and to determine whether the identification information of the another apparatus is already stored in a storage unit;

a transmitting unit operable to transmit a key used for content decryption to the another apparatus when the authentication information is valid;

a first counting unit operable to increment by one a count of a total number of apparatuses having permission to receive the encrypted content when the identification information of the another apparatus is not already stored in said storage unit and the count of the total number of apparatuses having permission to receive the encrypted content is less than the maximum value;

said storage unit being operable to store the identification information of the another apparatus when the identification information of the another apparatus is not already stored in said storage unit; and

an information updating unit operable to delete the identification information stored in said storage unit and to reset the count of the total number of apparatuses having permission to receive the encrypted content when the key used for content decryption is changed.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In order to limit use of content, when a source receives a request for transmitting content from a sink, the source performs an authentication process. When the authentication is successful, the source transmits to the sink key information necessary for decrypting the encryption applied to the content. The sink can receive the content by receiving the key information and by decrypting the encryption applied to the content by using the key information.

20 Citations

12 Claims

1. An information processing apparatus for carrying out secure transmission of content to another apparatus over a network, said information processing apparatus comprising:
- an encryption unit operable to encrypt the content;
  
  an authentication unit operable to receive authentication information from the another apparatus when the another apparatus requests permission to receive the encrypted content, and to determine whether the authentication information is valid;
  
  a first obtaining unit operable to obtain identification information of the another apparatus from the authentication information when the authentication information is valid and to determine whether the identification information of the another apparatus is already stored in a storage unit;
  
  a transmitting unit operable to transmit a key used for content decryption to the another apparatus when the authentication information is valid;
  
  a first counting unit operable to increment by one a count of a total number of apparatuses having permission to receive the encrypted content when the identification information of the another apparatus is not already stored in said storage unit and the count of the total number of apparatuses having permission to receive the encrypted content is less than the maximum value;
  
  said storage unit being operable to store the identification information of the another apparatus when the identification information of the another apparatus is not already stored in said storage unit; and
  
  an information updating unit operable to delete the identification information stored in said storage unit and to reset the count of the total number of apparatuses having permission to receive the encrypted content when the key used for content decryption is changed.
- View Dependent Claims (2, 3)
- - 2. An information processing apparatus according to claim 1, wherein the another apparatus is operable to transmit the encrypted content to a plurality of further apparatuses over the network, and said information processing apparatus further comprises:
    - a second obtaining unit operable to obtain a first value and a second value from the another apparatus when the authentication information is valid, the first value being a number of apparatuses in the plurality of further apparatuses that are newly requesting permission to receive the encrypted content, and the second value being a total number of apparatuses in the plurality of further apparatuses; and
      
      a second counting unit operable to increment the count of the total number of apparatuses having permission to receive the encrypted content by the first value when (i) the sum of the first value and the count of the total number of apparatuses having permission to receive the encrypted content is at most equal to the maximum value and (ii) the identification information of the another apparatus is already stored in said storage unit,said second counting unit being operable to increment the count of the total number of apparatuses having permission to receive the encrypted content to receive the encrypted content by the second value when (i) the sum of the second value and the count of the total number of apparatuses having permission to receive the encrypted content is at most equal to the maximum value and (ii) the identification information of the another apparatus is not already stored in said storage unit.
  - 3. An information processing apparatus according to claim 1, wherein the authentication information includes first authentication information and second authentication information, and said authentication unit includes:
    - a first authentication subunit operable to receive the first authentication information from the another apparatus when the another apparatus requests permission to receive the encrypted content, and to determine whether the first authentication information is valid; and
      
      a second authentication subunit operable to transmit a request for the second authentication information to the another apparatus when the first authentication information is valid, to receive the second authentication information from the another apparatus, and to determine whether the second authentication information is valid;
      
      said transmitting unit being operable to transmit the decryption key to the another apparatus when the second authentication information is valid and the count of the total number of apparatuses having permission to receive the encrypted content is less than the maximum value.

4. A method for carrying out secure transmission of content from an information processing apparatus to another apparatus over a network, said method comprising:
- encrypting the content;
  
  receiving authentication information from the another apparatus when the another apparatus requests permission to receive the encrypted content;
  
  determining whether the authentication information is valid;
  
  obtaining identification information of the another apparatus from the authentication information when the authentication information is valid;
  
  determining whether the identification information of the another apparatus is already stored;
  
  transmitting a key used for content decryption to the another apparatus when the authentication information is valid;
  
  incrementing by one a count of a total number of apparatuses having permission to receive the encrypted content when the identification information of the another apparatus is not already stored and the count of the total number of apparatuses having permission to receive the encrypted content is less than the maximum value;
  
  storing the identification information of the another apparatus when the identification information of the another apparatus is not already stored; and
  
  deleting the stored identification information and resetting the count of the total number of apparatuses having permission to receive the encrypted content when the key used for content decryption is changed.
- View Dependent Claims (5)
- - 5. A method according to claim 4, wherein the another apparatus is operable to transmit the encrypted content to a plurality of further apparatuses over the network, and said method further comprises:
    - obtaining a first value and a second value from the another apparatus when the authentication information is valid, the first value being a number of apparatuses in the plurality of further apparatuses that are newly requesting permission to receive the encrypted content, and the second value being a total number of apparatuses in the plurality of further apparatuses;
      
      incrementing the count of the total number of apparatuses having permission to receive the encrypted content by the first value when (i) the sum of the first value and the count of the total number of apparatuses having permission to receive the encrypted content is at most equal to the maximum value and (ii) the identification information of the another apparatus is already stored in said storage unit; and
      
      incrementing the count of the total number of apparatuses having permission to receive the encrypted content by the second value when (i) the sum of the second value and the count of the total number of apparatuses having permission to receive the encrypted content is at most equal to the maximum value and (ii) the identification information of the another apparatus is not already stored in said storage unit.

6. A computer-readable medium having recorded thereon computer program instructions for executing a method for carrying out secure transmission of content from an information processing apparatus to another apparatus over a network, said method comprising:
- encrypting the content;
  
  receiving authentication information from the another apparatus when the another apparatus requests permission to receive the encrypted content;
  
  determining whether the authentication information is valid;
  
  obtaining identification information of the another apparatus from the authentication information when the authentication information is valid;
  
  determining whether the identification information of the another apparatus is already stored;
  
  transmitting a key used for content decryption to the another apparatus when the authentication information is valid;
  
  incrementing by one a count of a total number of apparatuses having permission to receive the encrypted content when the identification information of the another apparatus is not already stored and the count of the total number of apparatuses having permission to receive the encrypted content is less than the maximum value;
  
  storing the identification information of the another apparatus when the identification information of the another apparatus is not already stored; and
  
  deleting the stored identification information and resetting the count of the total number of apparatuses having permission to receive the encrypted content when the key used for content decryption is changed.
- View Dependent Claims (7)
- - 7. A computer-readable medium according to claim 6, wherein the another apparatus is operable to transmit the encrypted content to a plurality of further apparatuses over the network, and said method further comprises:
    - obtaining a first value and a second value from the another apparatus when the authentication information is valid, the first value being a number of apparatuses in the plurality of further apparatuses that are newly requesting permission to receive the encrypted content, and the second value being a total number of apparatuses in the plurality of further apparatuses;
      
      incrementing the count of the total number of apparatuses having permission to receive the encrypted content by the first value when (i) the sum of the first value and the count of the total number of apparatuses having permission to receive the encrypted content is at most equal to the maximum value and (ii) the identification information of the another apparatus is already stored in said storage unit; and
      
      incrementing the count of the total number of apparatuses having permission to receive the encrypted content by the second value when (i) the sum of the second value and the count of the total number of apparatuses having permission to receive the encrypted content is at most equal to the maximum value and (ii) the identification information of the another apparatus is not already stored in said storage unit.

8. An information processing apparatus for carrying out secure receiving of content from a first apparatus over a first network connection and for carrying out secure transmission of the content to a second apparatus over a second network connection, said information processing apparatus comprising:
- a first transmitting unit operable to transmit to the first apparatus a request for permission to receive the content;
  
  a first authentication unit operable to perform a first authentication procedure with the first apparatus;
  
  a receiver operable to receive a first key used for content decryption from the first apparatus when the first authentication procedure is successful;
  
  a decryption unit operable to use the first key to generate a decryption key used to decrypt encrypted content received from the first apparatus;
  
  a reencryption unit operable to reencrypt the decrypted content;
  
  a second authentication unit operable to receive authentication information from the second apparatus when a request for permission to receive the content is made from the second apparatus and to determine whether the authentication information is valid;
  
  a first obtaining unit operable to obtain identification information of the second apparatus from the authentication information when the authentication information is valid and to determine whether the identification information of the second apparatus is already stored in a storage unit;
  
  a second transmitting unit operable to transmit a second key used for content decryption to the second apparatus when the authentication information is valid;
  
  a first counting unit operable to increment by one a count of a number of apparatuses having permission to receive the reencrypted content when the identification information of the second apparatus is not already stored in said storage unit and the count of the total number of apparatuses having permission to receive the reencrypted content is less than the maximum value;
  
  said storage unit being operable to store the identification information of said second apparatus when the identification information of the second apparatus is not already stored in said storage unit; and
  
  an information updating unit operable to delete the identification information stored in said storage unit and to reset the count of the number of apparatuses having permission to receive the reencrypted content when the second key used for content decryption is changed.
- View Dependent Claims (9, 10)
- - 9. An information processing apparatus according to claim 8, wherein the authentication information includes first authentication information and second authentication information, and said second authentication unit includes:
    - a first authentication subunit operable to receive the first authentication information from the second apparatus when the second apparatus requests permission to receive the content, and to determine whether the first authentication information is valid; and
      
      a second authentication subunit operable to transmit a request for the second authentication information to the second apparatus when the first authentication information is valid, to receive the second authentication information from the second apparatus, and to determine whether the second authentication information is valid;
      
      said second transmitting unit being operable to transmit the second decryption key to the second apparatus when the second authentication information is valid and the count of the total number of apparatuses having permission to receive the reencrypted content is less than the maximum value.
  - 10. An information processing apparatus according to claim 8, further comprising:
    - a third transmitting unit operable to transmit, to the first apparatus, the count of the number of apparatuses having permission to receive the content.

11. A method for carrying out secure receiving of content from a first apparatus over a first network connection and for carrying out secure transmission of the content to a second apparatus over a second network connection, said method comprising:
- transmitting to the first apparatus a request for permission to receive the content;
  
  performing a first authentication procedure with the first apparatus;
  
  receiving a first key used for content decryption from the first apparatus when the first authentication procedure is successful;
  
  generating a decryption key from the first key used for content decryption;
  
  decrypting, using the generated decryption key, encrypted content received from the first apparatus;
  
  reencrypting the decrypted content;
  
  receiving authentication information from the second apparatus when a request for permission to receive the content is made from the second apparatus;
  
  determining whether the authentication information is valid;
  
  obtaining identification information of the second apparatus from the authentication information when the authentication information is valid;
  
  determining whether the identification information of the second apparatus is already stored;
  
  transmitting a second key used for content decryption to the second apparatus when the authentication information is valid;
  
  incrementing by one a count of a number of apparatuses having permission to receive the reencrypted content when the identification information of the second apparatus is not already stored in said storage unit and the count of the total number of apparatuses having permission to receive the reencrypted content is less than the maximum value;
  
  storing the identification information of the second apparatus when the identification information of the second apparatus is not already stored; and
  
  deleting the identification information stored in said storage unit and resetting the count of the number of apparatuses having permission to receive the reencrypted content when the second key used for content decryption is changed.

12. A computer-readable medium having recorded thereon computer program instructions for executing a method for carrying out secure receiving of content from a first apparatus over a first network connection and for carrying out secure transmission of the content to a second apparatus over a second network connection, said method comprising:
- transmitting to the first apparatus a request for permission to receive the content;
  
  performing a first authentication procedure with the first apparatus;
  
  receiving a first key used for content decryption from the first apparatus when the first authentication procedure is successful;
  
  generating a decryption key from the first key used for content decryption;
  
  decrypting, using the generated decryption key, encrypted content received from the first apparatus;
  
  reencrypting the decrypted content;
  
  receiving authentication information from the second apparatus when a request for permission to receive the content is made from the second apparatus;
  
  determining whether the authentication information is valid;
  
  obtaining identification information of the second apparatus from the authentication information when the authentication information is valid;
  
  determining whether the identification information of the second apparatus is already stored;
  
  transmitting a second key used for content decryption to the second apparatus when the authentication information is valid and a count of a total number of apparatuses having permission to receive the reencrypted content is less than a maximum value;
  
  incrementing by one a count of a number of apparatuses having permission to receive the reencrypted content when the identification information of the second apparatus is not already stored in said storage unit and the count of the total number of apparatuses having permission to receive the reencrypted content is less than the maximum value;
  
  storing the identification information of the second apparatus when the identification information of the second apparatus is not already stored; and
  
  deleting the identification information stored in said storage unit and resetting the count of the number of apparatuses having permission to receive the reencrypted content when the second key used for content decryption is changed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sony Corporation (Sony Group Corp.)
Original Assignee
Sony Corporation (Sony Group Corp.)
Inventors
Nakano, Takehiko

Granted Patent

US 7,779,260 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/171
CPC Class Codes

H04H 20/76   Wired systems

H04H 60/23   using cryptography, e.g. en...

H04H 60/80   characterised by transmissi...

H04L 2209/60   Digital content management,...

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

H04L 9/32   including means for verifyi...

H04L 9/3252   using DSA or related signat...

H04L 9/3263   involving certificates, e.g...

H04L 9/3271   using challenge-response

Information processing apparatus and method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

20 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Information processing apparatus and method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links