Contents management method, content management apparatus, and recording medium
First Claim
1. A content management method for a content management apparatus for managing an allowable number of recording media, each of the recording media including a first memory area storing at least an encrypted content and a second memory area storing key information item necessary for decrypting the encrypted content, an initial value of the allowable number being a predetermined upper limit, the method including a check out method and a check in method, the check out method comprising:
- performing first bilateral authentication between the content management apparatus and a recording medium, when the allowable number is more than zero, to obtain a first shared information item that is generated as a result of success in the first bilateral authentication and that is identical to that of the recording medium configured to store the first shared information item generated in the recording medium in the second memory area as the key information item;
encrypting a decryption key for decrypting the encrypted content, using the first shared information item, to obtain an encrypted key;
transferring the encrypted content and the encrypted key to the recording medium configured to store the encrypted content and the encrypted key in the first memory area; and
decreasing the allowable number by one when the encrypted content and the encrypted key are transferred to the recording medium, whereinthe check in method comprises;
performing second bilateral authentication between the content management apparatus and the recording medium whose first memory area stores the encrypted content and the encrypted key and whose second memory area stores the key information item, to obtain a second shared information item that is identical to that of the recording medium and that is generated as a result of success in the second bilateral authentication;
generating a random data item when the second bilateral authentication ends in success;
encrypting the random data item using the second shared information item;
transferring the encrypted random data item to the recording medium configured to overwrite into the second memory area with the random data item and erase the key information item from the second memory area;
performing third bilateral authentication between the content management apparatus and the second recording medium to obtain a third shared information item that is identical to that of the recording medium and that is generated as a result of success in the third bilateral authentication;
receiving an encrypted data item that is transferred from the recording medium configured to generate the encrypted data item by encrypting a data item stored in the second memory area using the third shared information item;
decrypting the encrypted data item using the third shared information item;
determining that the key information item in the second memory area is erased when the decrypted data item is identical to the random data item; and
increasing the allowable number by one when the key information item in the second memory area is determined to be erased.
2 Assignments
0 Petitions
Accused Products
Abstract
An apparatus generates first shared information that is shared by the apparatus and a recording medium by performing a first bilateral authentication. The apparatus encrypts overwrite data that is used to erase key information item recorded in the recording medium using the first shared information. Encrypted overwrite data is transferred to the recording medium. Second shared information is generated and shared by the apparatus and the recording medium by performing a second bilateral authentication between them. The apparatus receives data that is encrypted using the second shared information and that has been used by the recording medium for erasing key information. Encrypted data is decrypted using second shared information item and key information recorded in the recording medium is erased when the decrypted data is identical to overwrite data.
-
Citations
3 Claims
-
1. A content management method for a content management apparatus for managing an allowable number of recording media, each of the recording media including a first memory area storing at least an encrypted content and a second memory area storing key information item necessary for decrypting the encrypted content, an initial value of the allowable number being a predetermined upper limit, the method including a check out method and a check in method, the check out method comprising:
-
performing first bilateral authentication between the content management apparatus and a recording medium, when the allowable number is more than zero, to obtain a first shared information item that is generated as a result of success in the first bilateral authentication and that is identical to that of the recording medium configured to store the first shared information item generated in the recording medium in the second memory area as the key information item; encrypting a decryption key for decrypting the encrypted content, using the first shared information item, to obtain an encrypted key; transferring the encrypted content and the encrypted key to the recording medium configured to store the encrypted content and the encrypted key in the first memory area; and decreasing the allowable number by one when the encrypted content and the encrypted key are transferred to the recording medium, wherein the check in method comprises; performing second bilateral authentication between the content management apparatus and the recording medium whose first memory area stores the encrypted content and the encrypted key and whose second memory area stores the key information item, to obtain a second shared information item that is identical to that of the recording medium and that is generated as a result of success in the second bilateral authentication; generating a random data item when the second bilateral authentication ends in success; encrypting the random data item using the second shared information item; transferring the encrypted random data item to the recording medium configured to overwrite into the second memory area with the random data item and erase the key information item from the second memory area; performing third bilateral authentication between the content management apparatus and the second recording medium to obtain a third shared information item that is identical to that of the recording medium and that is generated as a result of success in the third bilateral authentication; receiving an encrypted data item that is transferred from the recording medium configured to generate the encrypted data item by encrypting a data item stored in the second memory area using the third shared information item; decrypting the encrypted data item using the third shared information item; determining that the key information item in the second memory area is erased when the decrypted data item is identical to the random data item; and increasing the allowable number by one when the key information item in the second memory area is determined to be erased.
-
-
2. A content management apparatus for managing an allowable number of recording media, each of the recording media including a first memory area storing at least an encrypted content and a second memory area storing a key information item necessary for decrypting the encrypted content, an initial value of the allowable number being a predetermined upper limit, the content management apparatus comprising:
-
means for executing a check out process and means for executing a check in process, wherein the means for executing a check out process comprises; means for performing first bilateral authentication between the content management apparatus and a recording medium, when the allowable number is more than zero, to obtain a first shared information item that is generated as a result of success in the first bilateral authentication and that is identical to that of the recording medium configured to store the first shared information item generated in the recording medium in the second memory area as the key information item; means for encrypting a decryption key for decrypting the encrypted content, using the first shared information item, to obtain an encrypted key; means for transferring the encrypted content and the encrypted key to the recording medium configured to store the encrypted content and the encrypted key in the first memory area; and means for decreasing the allowable number by one when the encrypted content and the encrypted key are transferred to the recording medium, wherein the means for executing a check out process comprises; means for performing second bilateral authentication between the content management apparatus and the recording medium whose first memory area stores the encrypted content and the encrypted key and whose second memory area stores the key information item, to obtain a second shared information item that is identical to that of the recording medium and that is generated as a result of success in the second bilateral authentication; means for generating a random data item when the second bilateral authentication ends in success; means for encrypting the random data item using the second shared information item; means for transferring the encrypted random data item to the recording medium configured to overwrite into the second memory area with the random data item and erase the key information item from the second memory area; means for performing third bilateral authentication between the content management apparatus and the second recording medium to obtain a third shared information item that is identical to that of the recording medium and that is generated as a result of success in the third bilateral authentication; means for receiving an encrypted data item that is transferred from the recording medium configured to generate the encrypted data item by encrypting a data item stored in the second memory area using the third shared information item; means for decrypting the encrypted data item using the third shared information item; means for determining that the key information item in the second memory area is erased when the decrypted data item is identical to the random data item; and means for increasing the allowable number by one when the key information item in the second memory area is determined to be erased.
-
-
3. A recording medium including an arithmetic processing function, a first memory area and a second memory area, the recording medium executing a check out process and a check in process with a content management apparatus that manages an allowable number of recording media, each of the recording media including the arithmetic processing function, the first memory area storing at least an encrypted content and the second memory area storing a key information item necessary for decrypting the encrypted content an initial value of the allowable number being a predetermined upper limit, the allowable number being decreased by one when at least the encrypted content and the key information item are stored in the recording medium in the check out process and being increased by one when the key information item in the second memory area of the recording medium is determined to be erased in the check in process the recording medium comprising:
-
means for executing the check out process and means for executing the check in process, wherein the means for executing the check out process comprises; means for performing first bilateral authentication between the recording medium and the content management apparatus, when the allowable number is more than zero, to obtain a first shared information item that is identical to that of the content management apparatus and that is generated as a result of success in the first bilateral authentication; means for storing the first shared information item in the second memory area as the keV information item; means for receiving the encrypted content and a decryption key encrypted using the first shared information item generated in the content management apparatus; means for storing the encrypted content and the the decryption key encrypted in the first memory area, wherein the means for executing the check in process comprises; means for performing second bilateral authentication between the content management apparatus and the recording medium whose first memory area stores the encrypted content and the decryption key encrypted and whose second memory area stores the key information item to obtain a second shared information item that is identical to that of the content management apparatus and that is generated as a result of success in the second bilateral authentication;
means for receiving a random data item that is encrypted using the second shared information item generated in the content management apparatus when the second bilateral authentication ends in success;means for erasing the key information item in the second memory area by overwriting into the second memory area with the random data item; means for performing third bilateral authentication between the recording medium and the content management apparatus to obtain a third shared information item that is identical to that of the content management apparatus and that is generated as a result of success in the third bilateral authentication; means for encrypting a data item stored in the second memory area, using the third shared information item, to obtain an encrypted data item; and means for transferring the encrypted data item to the content management apparatus, configured to determine that the key information item in the second memory area is erased when the data item obtained by decrypting using the third shared information item generated in the content management apparatus is identical to the random data item.
-
Specification