Data processing apparatus and authentication method applied to the apparatus
First Claim
Patent Images
1. A data processing apparatus having an interface for an external bus which is capable of connecting an external device having an authentication function for exchanging data to be copy-protected, the apparatus being assigned with node identification data, comprising:
- an internal bus coupled to the interface for the external bus, wherein the interface transfers encrypted data to be copy-protected from the external bus to the internal bus;
a plurality of function modules which are coupled to said internal bus and transmit or receive data to be copy-protected via said internal bus, each of said function modules holding authentication data required for proving authenticity of that function module with respect to the function module or the external device with which the function module wants to exchange the data to be copy-protected, the authentication data comprising device identification data specifying the each of said function modules, wherein at least one of the plurality of function modules includes at least one of an encryption means and a decryption means for encrypting or decrypting data to be copy-protected; and
authentication means for performing authentication in which two out of said plurality of function modules or one function module and the external device authenticate each other to confirm if they are authentic devices that can deal with the data to be copy-protected, by exchanging the authentication data and node identification data corresponding to the devices therebetween, wherein the device identification data is used as a sub-address for specifying one of the function modules in said data processing apparatus as a device which authenticates the external device and which is authenticated by the external device.
1 Assignment
0 Petitions
Accused Products
Abstract
A CPU module, satellite or digital TV tuner, MPEG2 decoder, and DVD-RAM drives have authenticators for making device authentication, key exchange, and the like. These authenticators hold authentication data (authentication formats) of the corresponding function modules. By exchanging the authentication formats between devices which are to authenticate each other, authentication can be done in units of function modules.
-
Citations
17 Claims
-
1. A data processing apparatus having an interface for an external bus which is capable of connecting an external device having an authentication function for exchanging data to be copy-protected, the apparatus being assigned with node identification data, comprising:
-
an internal bus coupled to the interface for the external bus, wherein the interface transfers encrypted data to be copy-protected from the external bus to the internal bus;
a plurality of function modules which are coupled to said internal bus and transmit or receive data to be copy-protected via said internal bus, each of said function modules holding authentication data required for proving authenticity of that function module with respect to the function module or the external device with which the function module wants to exchange the data to be copy-protected, the authentication data comprising device identification data specifying the each of said function modules, wherein at least one of the plurality of function modules includes at least one of an encryption means and a decryption means for encrypting or decrypting data to be copy-protected; and
authentication means for performing authentication in which two out of said plurality of function modules or one function module and the external device authenticate each other to confirm if they are authentic devices that can deal with the data to be copy-protected, by exchanging the authentication data and node identification data corresponding to the devices therebetween, wherein the device identification data is used as a sub-address for specifying one of the function modules in said data processing apparatus as a device which authenticates the external device and which is authenticated by the external device. - View Dependent Claims (2, 3, 4, 5, 6)
the authentication data held in each of said function modules contains data indicating an authentication level which defines the type of data that the function module can deal with. -
3. The apparatus according to claim 1, wherein the function module that deals with data to be copy-protected includes at least one of a CPU module, a decoder for decoding encoded data obtained by digital compression coding, and a storage device.
-
4. The apparatus according to claim 1, wherein said authentication means uses each other'"'"'s device identification data as addresses for specifying devices that are to authenticate each other, so as to exchange the authentication data corresponding to the devices with a destination function module or the external device.
-
5. The apparatus according to claim 4, wherein a communication between said data processing apparatus and the external device uses a protocol which uses the node identification data assigned to said data processing apparatus and the external device as destination addresses.
-
6. The apparatus according to claim 1, wherein said data processing apparatus is a personal computer having as the function module at least one of a CPU module, a decoder for decoding encoded data obtained by digital compression coding, and a storage device, and
said personal computer comprises an IEEE1394 serial bus as an interface with the external bus.
-
-
7. A data processing apparatus having an interface for an external bus which is capable of connecting an external device having an authentication function for exchanging data to be copy-protected, the apparatus being assigned with node identification data, comprising:
-
an internal bus coupled to the interface for the external bus, wherein the interface transfers encrypted data to be copy-protected from the external bus to the internal bus;
a plurality of function modules which are coupled to said internal bus and transmit or receive data to be copy-protected via said internal bus, wherein at least one of the plurality of function modules includes at least one of an encryption means and a decryption means for encrypting or decrypting data to be copy-protected; and
authentication means for performing authentication with a destination function module or the external device that exchanges the data to be copy-protected in units of function modules, said authentication means exchanging device identification data held in each of said function modules and the node identification data as an address for specifying the function module as a device which authenticates the external device and which is authenticated by the external device, when said authentication means executes authentication between the function module and external device, wherein the device identification data is used as a sub-address for specifying one of the function modules in said data processing apparatus as a device which authenticates the external device and which is authenticated by the external device. - View Dependent Claims (8)
-
-
9. An authentication method applied to a data processing apparatus which comprises an internal bus, a plurality of function modules which are coupled to said internal bus and transmit or receive data to be copy-protected via said internal bus, and an interface for an external bus which is capable of connecting an external device having an authentication function for exchanging data to be copy-protected, and wherein the interface transfers encrypted data to be copy-protected from the external bus to the internal bus;
-
making each of said function modules hold authentication data required for proving authenticity of that function module with respect to the function module or the external device with which the function module wants to exchange the data to be copy-protected, wherein at least one of said function modules includes at least one of an encryption means and a decryption means for encrypting or decrypting data to be copy-protected; and
executing authentication in which two out of said plurality of function modules or one function module and the external device authenticate each other to confirm if they are authentic devices that can deal with the data to be copy-protected, by exchanging the authentication data corresponding to the devices therebetween, the authentication data comprising node identification data assigned to the data processing apparatus and the external device and device identification data assigned to the function modules, wherein the device identification data is used as a sub-address for specifying one of the function modules in said data processing apparatus as a device which authenticates the external device and which is authenticated by the external device. - View Dependent Claims (10, 11, 12, 13, 14)
the authentication data held in each of said function modules contains data indicating an authentication level which defines the type of data that the function module can deal with. -
11. The method according to claim 9, wherein the function module that deals with data to be copy-protected includes at least one of a CPU module, a decoder for decoding encoded data obtained by digital compression coding, and a storage device.
-
12. The method according to claim 9, wherein the authentication uses each other'"'"'s device identification data as addresses for specifying devices that are to authenticate each other, so as to exchange the authentication data corresponding to the devices with a destination function module or the external device.
-
13. The method according to claim 12, wherein a communication between said data processing apparatus and the external device uses a protocol which uses the node identification data assigned to said data processing apparatus and the external device as destination addresses.
-
14. The method according to claim 9, wherein said data processing apparatus is a personal computer having as the function module at least one of a CPU module, a decoder for decoding encoded data obtained by digital compression coding, a and a storage device, and
said personal computer comprises an IEEE1394 serial bus as an interface with the external bus.
-
-
15. An authentication method applied to a data processing apparatus which comprises an internal bus, a plurality of function modules which are coupled to said internal bus and transmit or receive data to be copy-protected via said internal bus, and an interface for an external bus which is capable of connecting an external device having an authentication function for exchanging data to be copy-protected, and wherein the interface transfers encrypted data to be copy-protected from the external bus to the internal bus without decrypting data to be copy-protected, comprising the steps of:
-
making each of said function modules hold device identification data for specifying the function module, wherein at least on of said function modules includes at least one of an encryption means and a decryption means for encrypting or decrypting data to be copy-protected; and
executing authentication between a specific one of said function modules and the external device to confirm if they are authentic devices that can deal with the data to be copy-protected, using the device identification data held in each of said function modules and node identification data assigned to the data processing apparatus and the external device as an address for specifying the function module as a device which authenticates the external device and which is authenticated by the external device, wherein the device identification data is used as a sub-address for specifying one of the function modules in said data processing apparatus as a device which authenticates the external device and which is authenticated by the external device. - View Dependent Claims (16)
-
-
17. A data processing apparatus having an interface for an external bus which is capable of connecting an external device having an authentication function for exchanging data to be copy-protected, comprising:
-
an internal bus coupled to the interface for the external bus, wherein the interface transfers encrypted data to be copy-protected from the external bus to the internal bus;
a plurality of function modules which are coupled to said internal bus and transmit or receive data to be copy-protected via said internal bus, wherein at least one of the plurality of function modules includes at least one of an encryption means and a decryption means for encrypting or decrypting data to be copy-protected; and
authentication means, provided in units of function modules and implemented as a device driver for the respective function modules, for performing authentication with a destination function module or the external device that exchanges the data to be copy-protected in units of function modules, said authentication means exchanging device identification data held in each of said function modules and node identification data assigned to the data processing apparatus and the external device as an address for specifying the function module as a device which authenticates the external device and which is authenticated by the external device, when said authentication means executes authentication between the function module and external device, wherein the device identification data is used as a sub-address for specifying one of the function modules in said data processing apparatus as a device which authenticates the external device and which is authenticated by the external device.
-
Specification