Data authentication system

US 7,373,506 B2
Filed: 01/19/2001
Issued: 05/13/2008
Est. Priority Date: 01/21/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A data processing apparatus for processing content data provided by a recording or communication medium, said apparatus comprising:

a cryptography process section for executing a cryptography process on said content data; and

a control section for executing control for said cryptography process section, wherein said cryptography process section is configured to;

split a first portion of header data of the content data having data on usage policy into a plurality of first messages, said header data including a first stored check value therein,generate a first integrity check value or values from a first key stored in said cryptography process section to verify integrity of the header data by using said plurality of first messages,collate said first integrity check value or values to verify said first portion of the header data including the usage policy by comparing said first integrity check value or values to said first stored check value,split a second portion of the header data of the content data having a content key into a plurality of second messages, said header data including a second stored check value therein,generate a second integrity check value or values from a second key stored in said cryptography process section to verify integrity of the header data by using said plurality of second messages, wherein said second integrity check value or values is generated by applying the second key to a block information table key, the content key and a block information table,collate said second integrity check value or values to verify said second portion of the header data including said block information table by comparing said second integrity check value or values to said second stored check value,generate an intermediate integrity check value based on said first integrity check value or values and said second integrity check value or values, anduse said intermediate integrity check value to verify said content data corresponding to said first and second integrity check values.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data processing system, apparatus and method are provided to verify and validate data. Cryptographic processes employ keys to encrypt the data, check the data and prevent tampering with the data. The data may include header information such as compressed contents or an expansion processing program used to process the data.

181 Citations

32 Claims

1. A data processing apparatus for processing content data provided by a recording or communication medium, said apparatus comprising:
- a cryptography process section for executing a cryptography process on said content data; and
  
  a control section for executing control for said cryptography process section, wherein said cryptography process section is configured to;
  
  split a first portion of header data of the content data having data on usage policy into a plurality of first messages, said header data including a first stored check value therein,generate a first integrity check value or values from a first key stored in said cryptography process section to verify integrity of the header data by using said plurality of first messages,collate said first integrity check value or values to verify said first portion of the header data including the usage policy by comparing said first integrity check value or values to said first stored check value,split a second portion of the header data of the content data having a content key into a plurality of second messages, said header data including a second stored check value therein,generate a second integrity check value or values from a second key stored in said cryptography process section to verify integrity of the header data by using said plurality of second messages, wherein said second integrity check value or values is generated by applying the second key to a block information table key, the content key and a block information table,collate said second integrity check value or values to verify said second portion of the header data including said block information table by comparing said second integrity check value or values to said second stored check value,generate an intermediate integrity check value based on said first integrity check value or values and said second integrity check value or values, anduse said intermediate integrity check value to verify said content data corresponding to said first and second integrity check values.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The data processing apparatus according to claim 1, wherein:
    - said cryptography process is a DES cryptography process, andsaid cryptography process section is configured to execute said DES cryptography process.
  - 3. The data processing apparatus according to claim 1, wherein:
    - said first integrity check value or values and said second integrity check value or values are message authentication codes generated in a DES-CBC mode using said message and said information to be checked;
      
      said intermediate integrity check value is a message authentication code generated in said DES-CBC mode using said first integrity check value or values and said second integrity check value or values to be checked, andsaid cryptography process section is configured to execute said cryptography process in said DES-CBS mode.
  - 4. The data processing apparatus according to claim 3, wherein Triple DES is applied in part of a message string to be processed in said DES-CBC mode.
  - 5. The data processing apparatus according to claim 1, further comprising:
    - a signature key wherein;
      
      said cryptography process section is configured to apply a value generated from said intermediate integrity check value by means of said signature key as a collation value for data verification.
  - 6. The data processing apparatus according to claim 5, wherein:
    - said signature key includes a plurality of different signature keys; and
      
      said cryptography process section is configured to apply one of said plurality of different signature keys, which is selected depending on a localization of said content data, to said cryptography process for said intermediate integrity check value to obtain said collation value for data verification.
  - 7. The data processing apparatus according to claim 6, further comprising:
    - a common signature key common to all entities of a system for executing a data verifying process; and
      
      an apparatus-specific signature key specific to each apparatus that executes said data verifying process.
  - 8. The data processing apparatus according to claim 1, further comprising a recording device for storing data validated by said cryptography process section.
  - 9. The data processing apparatus according to claim 8, wherein:
    - said control section suspends storing of said data in said recording device if a process of collating said first integrity check value or values and said second integrity check value or values is not established in said cryptography process executed by said cryptography process section.
  - 10. The data processing apparatus according to claim 1, further comprising a reproduction process section for reproducing data validated by said cryptography process section.
  - 11. The data processing apparatus according to claim 10, wherein:
    - said control section suspends reproducing of said data in said reproduction process section if a process of collating said first integrity check value or values and said second integrity check value or values is not established in said cryptography process executed by said cryptography process section.
  - 12. The data processing apparatus according to claim 10, further comprising:
    - control means for collating only header section integrity check values in said data during said cryptography process executed by said cryptography process section to collate said first integrity check value or values and said second integrity check value or values; and
      
      transmitting to said reproduction process section said data for which collation of said header section integrity check values has been established.
  - 13. The data processing apparatus according to claim 1, wherein the plurality of messages provide multiple input data for a staged encryption.

14. A data processing method for processing content data provided by a recording or communication medium, said method comprising:
- splitting a first portion of header data of the content data having data on usage policy into a plurality of first messages, said header data including a first stored check value therein;
  
  generating first integrity check value or values from a first key to verify integrity of the header data by using said plurality of first messages;
  
  collating said first integrity check value or values to verify said first portion of the header data including the usage policy by comparing said first integrity check value or values to said first stored check value;
  
  if said first portion of the header data is verified, splitting a second portion of the header data of the content data having a content key into a plurality of second messages, said header data including a second stored check value therein;
  
  generating second integrity check value or values from a second key to verify integrity of the header data by using said plurality of second messages, wherein said second integrity check value or values is generated by applying the second key to a block information table key, the content key and a block information table;
  
  collating said second integrity check value or values to verify said second portion of the header data including said block information table by comparing said second integrity check value or values to said second stored check value;
  
  if said second portion of the header data is verified, generating an intermediate integrity check value based on said first integrity check value or values and said second integrity check value or values; and
  
  verifying said content data corresponding to said first and second integrity check values using said intermediate integrity check value.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 15. The data processing method according to claim 14, wherein said cryptography process is a DES cryptography process.
  - 16. The data processing method according to claim 14, wherein:
    - said first integrity check value or values and said second integrity check value or values include message authentication codes generated in a DES-CBC mode using said message and said information; and
      
      said intermediate integrity check value is a message authentication code generated in said DES-CBC mode using said first integrity check value or values and said second integrity check value or values.
  - 17. The data processing method according to claim 14, wherein a value generated from said intermediate integrity check value by means of a signature key-applied cryptography process is applied as a collation value for data verification.
  - 18. The data processing method according to claim 17, wherein different signature keys are applied to said cryptography process for said intermediate integrity check value depending on a localization of content data, said different signature keys being applied to obtain said collation value for data verification.
  - 19. The data processing method according to claim 18, further comprising:
    - selecting and using one ofa common signature key common to all entities of a system for executing a data verifying process; and
      
      an apparatus-specific signature key specific to each apparatus that executes said data verifying process,said selecting step being based on the localization of said content data.
  - 20. The data processing method according to claim 14, further comprising storing validated data after verifying said content data.
  - 21. The data processing method according to claim 20, further comprising suspending said storing of said validated data if collating of said first integrity check value or values and collating of said second integrity check value or values is not established.
  - 22. The data processing method according to claim 14, further comprising reproducing data after verifying said content data.
  - 23. The data processing method according to claim 22, further comprising:
    - suspending said reproducing of said data if collating of said first integrity check value or values and collating of said second integrity check value or values is not established.
  - 24. The data processing method according to claim 22, wherein:
    - said collating of said first integrity check value or values only collates header section integrity check values and transmits said data for which collation of said header section integrity check values has been established to a reproduction process section for reproduction.
  - 25. The data processing method according to claim 14, wherein the plurality of messages provide multiple input data for a staged encryption.

26. A data verifying value imparting method for a data verifying process, said method comprising:
- splitting a first portion of header data of data having data on usage policy into a plurality of first messages, said header data including a first stored check value therein;
  
  imparting first integrity check value or values by using said plurality of first messages and a stored first key;
  
  comparing said first integrity check value or values to said first stored check value to verify a usage policy of said header data;
  
  if said usage policy is verified, splitting a second portion of the header data of the data having a content key into a plurality of second messages, said header data including a second stored check value therein;
  
  imparting second integrity check value or values by using said plurality of second messages, wherein said second integrity check value or values is generated by applying a second key to a block information table key, the content key and a block information table;
  
  comparing said second integrity check value or values to said second stored check value to verify said block information table of said header data; and
  
  if said block information table is verified, imparting an intermediate integrity check value to data to be verified, said intermediate integrity check value being used to verify content data corresponding to said first integrity check value or values and said second integrity check value or values.
- View Dependent Claims (27, 28, 29, 30, 31)
- - 27. The data verifying value imparting method according to claim 26 wherein said cryptography process is a DES cryptography process.
  - 28. The data verifying value imparting method according to claim 26, wherein:
    - said first integrity check value or values and said second integrity check value or values are message authentication codes generated in a DES-CBC mode using said message and said information; and
      
      said intermediate integrity check value is said message authentication code generated in said DES-CBC mode using said first integrity check value or values and said second integrity check value or values.
  - 29. The data verifying value imparting method according to claim 26 wherein a value generated from said intermediate integrity check value by means of a signature key-applied cryptography process is applied as a collation value for data verification.
  - 30. The data verifying value imparting method according to claim 29, wherein different signature keys are applied to said cryptography process for said intermediate integrity check value to obtain said collation value, said different signature keys being applied depending on a localization of content data.
  - 31. The data verifying value imparting method according to claim 30, further comprising:
    - selecting either a common signature key or an apparatus-specific signature key as one of said different signature keys depending upon the localization of said content data, said common signature key being common to all entities of a system for executing said data verifying process, and said apparatus-specific signature key being specific to each apparatus that executes said data verifying process.

32. A recording medium recorded with a computer program for executing a data verifying process having certain actions, said actions comprising:
- splitting a first portion of header data of data having data on usage policy into a plurality of first messages, said header data including a first stored check value therein;
  
  executing a collation process using a first integrity check value or values generated by using said plurality of first messages and a stored first key, including comparing said first integrity check value or values to said first stored check value to verify a usage policy of said header data;
  
  if said usage policy is verified, splitting a second portion of the header data of the data having a data key into a plurality of second messages, said header data including a second stored check value therein;
  
  executing a collation process using a second integrity check value or values generated by using the plurality of second messages, including comparing said second integrity check value or values to said second stored check value to verify a block information table of said header data, wherein said second integrity check value or values is generated by applying a second key to a block information table key, the content key and said block information table; and
  
  if said block information table is verified, using an intermediate integrity check value to verify said content data corresponding to said first and second integrity check values, said intermediate integrity check value being based on an integrity check value set obtained by combining at least some of said first and second integrity check values together.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sony Corporation (Sony Group Corp.)
Original Assignee
Sony Corporation (Sony Group Corp.)
Inventors
Asano, Tomoyuki, Ishibashi, Yoshihito, Akishita, Toru, Shirai, Taizo
Primary Examiner(s)
Revak; Christopher
Assistant Examiner(s)
Chai; Longbit

Application Number

US09/937,120
Publication Number

US 20020169971A1
Time in Patent Office

2,671 Days
Field of Search

713/187, 713/193, 380/200, 380/201, 726/26
US Class Current

713/168
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/64   Protecting data integrity, ...

G11B 20/00086   Circuits for prevention of ...

G11B 20/00123   the record carrier being id...

G11B 20/00173   wherein the origin of the c...

G11B 20/0021   involving encryption or dec...

G11B 20/00224   wherein the key is obtained...

G11B 20/00246   wherein the key is obtained...

G11B 20/00492   wherein content or user dat...

G11B 20/00507   wherein consecutive physica...

G11B 20/00536   wherein encrypted content d...

G11B 20/00557   wherein further management ...

G11B 20/00739   wherein the usage restricti...

G11B 20/00753   wherein the usage restricti...

G11B 20/00775   wherein said copy control i...

G11B 2020/00057   MPEG-1 or MPEG-2 audio laye...

H04L 2209/60   Digital content management,...

H04L 9/0625   with splitting of the data ...

H04L 9/0637   Modes of operation, e.g. ci...

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/0897 : involving additional device...

H04L 9/14 : using a plurality of keys o...

H04L 9/3242 : involving keyed hash functi...

H04L 9/3247 : involving digital signatures

H04L 9/3273 : for mutual authentication n...

View All

Data authentication system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

181 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Data authentication system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

181 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links