Information transmission system and method, drive device and access method, information recording medium, device and method for producing recording medium
First Claim
1. A data transmitting system comprising a portable optical disc medium and a drive unit which accesses the portable optical disc medium,the portable optical disc medium including:
- a security module comprising a nonvolatile memory which executes a mutual authentication protocol with the drive unit; and
an optical disc distinct from the security module; and
the drive unit including;
a controller which executes the mutual authentication protocol when accessing the portable optical disc medium; and
an interface unit which accesses the optical disc of the portable optical disc medium.
1 Assignment
0 Petitions
Accused Products
Abstract
A security module is provided in a data recording medium, data to be written to the data recording medium is encrypted with an content key different from one data to another, and the content key is safely stored in the security module. Also, the security module makes a mutual authentication using the public-key encryption technology with a drive unit to check that the counterpart is an authorized (licensed) unit, and then gives the content key to the counterpart, thereby preventing data from being leaked to any illegal (unlicensed) unit. Thus, it is possible to prevent copyrighted data such as movie, music, etc. from being copied illegally (against the wish of the copyrighter of the data).
39 Citations
101 Claims
-
1. A data transmitting system comprising a portable optical disc medium and a drive unit which accesses the portable optical disc medium,
the portable optical disc medium including: -
a security module comprising a nonvolatile memory which executes a mutual authentication protocol with the drive unit; and an optical disc distinct from the security module; and the drive unit including; a controller which executes the mutual authentication protocol when accessing the portable optical disc medium; and an interface unit which accesses the optical disc of the portable optical disc medium. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 61, 70, 72)
-
2. The system as set forth in claim 1, wherein the mutual authentication protocol uses public-key encryption technology.
-
3. The system as set forth in claim 1, wherein the drive unit further includes means for driving the optical disc.
-
4. The system as set forth in claim 1, wherein the interface unit accesses the optical disc directly.
-
5. The system as set forth in claim 1, wherein the interface unit accesses the optical disc via the security module.
-
6. The system as set forth in claim 1, wherein identification data of the portable optical disc medium is stored in the security module.
-
7. The system as set forth in claim 1, wherein the security module stores a revocation list of illegal drive units.
-
8. The system as set forth in claim 1, wherein the optical disc stores a revocation list of illegal drive units.
-
9. The system as set forth in claim 1, wherein the drive unit stores a revocation list of illegal recording media.
-
10. The system as set forth in claim 1, wherein the drive unit does not store a revocation list of illegal recording media.
-
11. The system as set forth in claim 1, wherein the mutual authentication protocol executes independently of whether the drive unit or the portable optical disc medium contains an illegal unit revocation list.
-
12. The system as set forth in claim 1, wherein the controller of the drive unit judges whether or not the security module has an illegal unit revocation list stored therein, and executes the mutual authentication protocol based on the judgment.
-
13. The system as set forth in claim 1, wherein:
-
the portable optical disc medium stores therein a first version of an illegal unit revocation list and a first list version number; the drive unit stores therein a second version of the illegal unit revocation list and a second list version number; and the portable optical disc medium and the drive unit exchange the first and second version numbers when executing the mutual authentication protocol, and whichever has a newer version of the illegal unit revocation list sends the newer version of the illegal unit revocation list to the other.
-
-
14. The system as set forth in claim 13, wherein:
-
the portable optical disc medium has the first list version number and the first version of the illegal unit revocation list stored in the optical disc; the drive unit comprises a storage unit and stores the second list version number and the second version of the illegal unit revocation list stored in the storage unit; the security module of the portable optical disc medium and controller of the drive unit exchange the first version number and the second version number when executing the mutual authentication protocol; and the portable optical disc medium and drive unit exchange the list with the newer version number.
-
-
15. The system as set forth in claim 13, wherein:
-
the drive unit further stores identification data; and the security module receives the identification data from the drive unit and checks whether or not the identification data of the drive unit is registered in the illegal unit revocation list, when executing the mutual authentication protocol, and will not go through subsequent processes after execution of the mutual authentication protocol if the drive unit is revoked.
-
-
16. The system as set forth in claim 15, wherein the illegal unit revocation list includes identification data of revoked units.
-
17. The system as set forth in claim 15, wherein the illegal unit revocation list identifies units that have not been revoked.
-
18. The system as set forth in claim 15, wherein the illegal unit revocation list includes:
-
a revocation list identifying revoked units; and a registration list identifying units that have not been revoked, wherein units identified by the revocation list and units not identified by the registration list are considered revoked.
-
-
19. The system as set forth in claim 15, wherein the illegal unit revocation list includes:
-
a revocation list indicating revoked units; and a registration list indicating units that have not been revoked, wherein one or more of the revocation and registration lists is used to determine whether a unit is considered revoked.
-
-
20. The system as set forth in claim 13, wherein:
-
the portable optical disc medium stores identification data; and the controller of the drive unit receives the identification data from the security module and checks whether or not the identification data of the portable optical disc medium is registered in the illegal unit revocation list, when executing the mutual authentication protocol, and will not go through subsequent processes after execution of the mutual authentication protocol if the portable optical disc medium is revoked.
-
-
21. The system as set forth in claim 20, wherein the illegal unit revocation list includes identification data of revoked units.
-
22. The system as set forth in claim 20, wherein the illegal unit revocation list identifies units that have not been revoked.
-
23. The system as set forth in claim 20, wherein the illegal unit revocation list includes:
-
a revocation list identifying revoked units; and a registration list identifying units that have not been revoked, wherein units identified by the revocation list and units not identified by the registration list are considered revoked.
-
-
24. The system as set forth in claim 20, wherein the illegal unit revocation list includes:
-
a revocation list indicating revoked units; and a registration list indicating units that have not been revoked, wherein one or more of the revocation and registration lists is used to determine whether a unit is considered revoked.
-
-
25. The system as set forth in claim 13, wherein the illegal unit revocation list includes identification data of revoked units.
-
26. The system as set forth in claim 13, wherein the illegal unit revocation list identifies units that have not been revoked.
-
27. The system as set forth in claim 13, wherein the illegal unit revocation list includes:
-
a revocation list identifying revoked units; and a registration list identifying units that have not been revoked, wherein units identified by the revocation list and units not identified by the registration list are considered revoked.
-
-
28. The system as set forth in claim 13, wherein the illegal unit revocation list includes:
-
a revocation list indicating revoked units; and a registration list indicating units that have not been revoked, wherein one or more of the revocation and registration lists is used to determine whether a unit is considered revoked.
-
-
29. The system as set forth in claim 1, wherein the drive unit checks a second version of an illegal unit revocation list to authenticate the security module and the security module checks a first version of the illegal unit revocation list to authenticate the drive unit.
-
30. The system as set forth in claim 1, wherein when executing the mutual authentication protocol, the drive unit and the security module execute a key sharing protocol using public-key encryption technology, encrypt a content key with a shared key, and transfer the encrypted content key.
-
31. The system as set forth in claim 1, wherein when executing the mutual authentication protocol, the drive unit and the security module execute a key sharing protocol using public-key encryption technology, encrypt data with a shared key, and transfer the encrypted data.
-
32. The system as set forth in claim 1, wherein:
-
the drive unit is to write data to the optical disc of the portable optical disc medium via the interface unit; the drive unit and the security module execute a key sharing protocol using public-key encryption technology; the drive unit encrypts a content key with a shared key and sends the encrypted content key to the security module; and
the security module decrypts the encrypted content key, re-encrypts the decrypted content key with a save key stored therein and sends the re-encrypted content key to the drive unit; andthe drive unit writes to the optical disc of the portable optical disc medium the data encrypted with the content key and the content key encrypted by the save key.
-
-
33. The system as set forth in claim 1, wherein:
-
the drive unit is to read data from the optical disc via the interface unit; the drive unit and security module execute a key sharing protocol using public-key encryption technology; the drive unit reads the encrypted content key from the optical disc and sends the content key to the security module; the security module decrypts the encrypted content key received from the drive unit with a save key stored therein, re-encrypts the decrypted content key with the shared key and sends the re-encrypted content key to the drive unit; and the drive unit decrypts the encrypted content key received from the security module with the shared key, reads the content key-encrypted data from the optical disc and decrypts the data.
-
-
34. The system as set forth in claim 1, wherein:
-
the drive unit is to write data to the optical disc via the interface unit; the interface unit accesses the optical disc via the security module of the portable optical disc medium; the drive unit and the security module execute a key sharing protocol using public-key encryption technology; the drive unit sends to the security module a content key encrypted with a shared key, and data encrypted with the content key; and the security module decrypts the encrypted content key received from the drive unit with the shared key and records to the optical disc the content key re-encrypted with a save key stored in the security module and data encrypted with the content key received from the drive unit.
-
-
35. The system as set forth in claim 1, wherein:
-
the drive unit is to write data to the optical disc via the interface unit; the interface unit accesses the optical disc via the security module of the portable optical disc medium; the drive unit and security module execute a key sharing protocol using public-key encryption technology; the drive unit encrypts data with a shared key and sends the data thus encrypted to the security module; and the security module decrypts the encrypted data received from the drive unit with the shared key, encrypts the decrypted data and stores the encrypted data into the optical disc.
-
-
36. The system as set forth in claim 1, wherein:
-
the drive unit is to read data from the optical disc via the interface unit; the interface unit accesses the optical disc via the security module of the portable optical disc medium; the drive unit and security module execute a key sharing protocol using public-key encryption technology; the security module reads from the optical disc an encrypted content key and data encrypted with the content key, decrypts the encrypted content key with a save key stored therein and sends to the drive unit the content key re-encrypted with a shared key and data encrypted with the content key read from the optical disc; and the drive unit decrypts the encrypted content key received from the security module with the shared key and decrypts the encrypted data with the content key.
-
-
37. The system as set forth in claim 1, wherein:
-
the drive unit is to read data from the optical disc via the interface unit; the interface unit accesses the optical disc via the security module; the drive unit and security module execute a key sharing protocol using public-key encryption technology; the security module reads data encrypted and stored in the portable optical disc medium, decrypts the encrypted data with the content key, re-encrypts the decrypted data with a shared key and sends the re-encrypted data to the drive unit; and the drive unit decrypts, with the shared key, the encrypted data received from the security module.
-
-
61. The method as set forth in claim 34, wherein the drive unit checks the second version of the illegal unit revocation list to authenticate the security module and the security module checks the first version of the illegal unit revocation list to authenticate the drive unit.
-
70. The method as set forth in claim 34, wherein:
-
the drive unit is to write data to the optical disc via the interface unit; the interface unit accesses the optical disc via the security module of the optical disc medium; the drive unit and the security module execute a key sharing protocol using public-key encryption technology; the drive unit sends to the security module a content key encrypted with a shared key, and data encrypted with the content key; and
the security module decrypts the encrypted content key received from the drive unit with the shared key and records to the optical disc the content key re-encrypted with a save key stored in the security module and data encrypted with the content key received from the drive unit.
-
-
72. The method as set forth in claim 34, wherein:
-
the drive unit is to read data from the optical disc; the drive unit accesses the optical disc via the security module of the portable optical disc medium; the drive unit and security module execute a key sharing protocol using public-key encryption technology; the security module reads from the optical disc an encrypted content key and data encrypted with the content key, decrypts the encrypted content key with a save key stored therein and sends to the drive unit the content key re-encrypted with a shared key and data encrypted with the content key read from the optical disc; and the drive unit decrypts the encrypted content key received from the security module with the shared key and decrypts the encrypted data with the content key.
-
-
2. The system as set forth in claim 1, wherein the mutual authentication protocol uses public-key encryption technology.
-
-
38. A data transmitting method comprising:
-
executing a mutual authentication protocol between a drive unit and a portable optical disc medium, the portable optical disc medium including a security module comprising a nonvolatile memory and an optical disc distinct from the security module; and accessing, by the drive unit, the optical disc distinct from the security module, wherein the mutual authentication protocol is executed by communicating with the security module of the portable optical disc medium. - View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 62, 63, 64, 65, 66, 67, 68, 69, 71, 73)
-
39. The method as set forth in claim 38, wherein the mutual authentication protocol uses public-key encryption technology.
-
40. The method as set forth in claim 38, wherein the drive unit accesses the optical disc via the security module.
-
41. The method as set forth in claim 38, wherein identification data of the portable optical disc medium is stored in the security module.
-
42. The method as set forth in claim 38, wherein the security module stores a revocation list of illegal drive units.
-
43. The method as set forth in claim 38, wherein the optical disc stores a revocation list of illegal drive units.
-
44. The method as set forth in claim 38, wherein the drive unit stores a revocation list of illegal recording media.
-
45. The method as set forth in claim 38, wherein the drive unit does not store a revocation list of illegal recording media.
-
46. The method as set forth in claim 38, wherein a mutual authentication protocol executes independently of whether the drive unit or the portable optical disc medium contains an illegal unit revocation list.
-
47. The method as set forth in claim 38, wherein the drive unit judges whether or not the security module has an illegal unit revocation list stored therein, and executes the mutual authentication protocol based on the judgment.
-
48. The method as set forth in claim 38, wherein:
-
the portable optical disc data recording medium stores therein a first version of an illegal unit revocation list and a first list version number; the drive unit stores therein a second version of the illegal unit revocation list and a second list version number; and the optical disc medium and the drive unit exchange the first and second version numbers when executing the mutual authentication protocol, and whichever has a newer version of the illegal unit revocation list sends the newer version of the illegal unit revocation list to the other.
-
-
49. The method as set forth in claim 48, wherein the drive unit accesses the optical disc directly.
-
50. The method as set forth in claim 38 wherein:
-
the drive unit further stores identification data; and the security module receives the identification data from the drive unit and checks whether or not the identification data of the drive unit is registered in the illegal unit revocation list, when executing the mutual authentication protocol, and will not go through subsequent processes after execution of the mutual authentication protocol if the drive unit is revoked.
-
-
51. The method as set forth in claim 50, wherein the illegal unit revocation list includes identification data of revoked units.
-
52. The method as set forth in claim 50, wherein the illegal unit revocation list identifies units that have not been revoked.
-
53. The method as set forth in claim 50, wherein the illegal unit revocation list includes:
-
a revocation list identifying revoked units; and a registration list identifying units that have not been revoked, wherein units identified by the revocation list and units not identified by the registration list are considered revoked.
-
-
54. The method as set forth in claim 50, wherein the illegal unit revocation list includes:
-
a revocation list indicating revoked units; and a registration list indicating units that have not been revoked, wherein one or more of the revocation and registration lists is used to determine whether a unit is considered revoked.
-
-
55. The method as set forth in claim 48, wherein:
the portable optical disc medium stores identification data; and
the drive unit receives the identification data from the security module and checks whether or not the identification data of the portable optical disc medium is registered in the illegal unit revocation list, when executing the mutual authentication protocol, and will not go through subsequent processes after execution of the mutual authentication protocol if the portable optical disc medium is revoked.
-
56. The method as set forth in claim 55, wherein the illegal unit revocation list includes identification data of revoked units.
-
57. The method as set forth in claim 55, wherein the illegal unit revocation list identifies units that have not been revoked.
-
58. The method as set forth in claim 55, wherein the illegal unit revocation list includes:
-
a revocation list identifying revoked units; and a registration list identifying units that have not been revoked, wherein units identified by the revocation list and units not identified by the registration list are considered revoked.
-
-
59. The method as set forth in claim 55, wherein the illegal unit revocation list includes:
-
a revocation list indicating revoked units; and a registration list indicating units that have not been revoked, wherein one or more of the revocation and registration lists is used to determine whether a unit is considered revoked.
-
-
60. The method as set forth in claim 38, wherein:
-
the portable optical disc medium has the first list version number and the first version of the illegal unit revocation list stored in the optical disc; the drive unit comprises a storage unit and stores the second list version number and the second version of the illegal unit revocation list stored in the storage unit; the security module of the portable optical disc medium and controller of the drive unit exchange the first version number and the second version number when executing the mutual authentication protocol; and the portable optical disc medium and drive unit exchange the list with the newer version number.
-
-
62. The method as set forth in claim 38, wherein the illegal unit revocation list includes identification data of revoked units.
-
63. The method as set forth in claim 38, wherein the illegal unit revocation list identifies units that have not been revoked.
-
64. The method as set forth in claim 38, wherein the illegal unit revocation list includes:
-
a revocation list identifying revoked units; and a registration list identifying units that have not been revoked, wherein units identified by the revocation list and units not identified by the registration list are considered revoked.
-
-
65. The method as set forth in claim 38, wherein the illegal unit revocation list includes:
-
a revocation list indicating revoked units; and a registration list indicating units that have not been revoked, wherein one or more of the revocation and registration lists is used to determine whether a unit is considered revoked.
-
-
66. The method as set forth in claim 38, wherein when executing the mutual authentication protocol, the drive unit and the security module execute a key sharing protocol using public-key encryption technology, encrypt a content key with a shared key, and transfer the encrypted content key.
-
67. The method as set forth in claim 38, wherein when executing the mutual authentication protocol, the drive unit and the security module execute a key sharing protocol using public-key encryption technology, encrypt data with a shared key, and transfer the encrypted data.
-
68. The method as set forth in claim 38, wherein:
-
the drive unit is to write data to the optical disc of the portable optical disc medium via the interface unit; the drive unit and the security module execute a key sharing protocol using public-key encryption technology; the drive unit encrypts a content key with a shared key and sends the encrypted content key to the security module; and the security module decrypts the encrypted content key, re-encrypts the decrypted content key with a save key stored therein and sends the re-encrypted content key to the drive unit; and the drive unit writes to the optical disc of the portable optical disc medium the data encrypted with the content key and the content key encrypted by the save key.
-
-
69. The method as set forth in claim 38, wherein:
-
the drive unit is to read data from the optical disc via the interface unit; the drive unit and security module execute a key sharing protocol using public-key encryption technology; the drive unit reads the encrypted content key from the optical disc and sends the content key to the security module; the security module decrypts the encrypted content key received from the drive unit with a save key stored therein, re-encrypts the decrypted content key with the shared key and sends the re-encrypted content key to the drive unit; and the drive unit decrypts the encrypted content key received from the security module with the shared key, reads the content key-encrypted data from the optical disc and decrypts the data.
-
-
71. The method as set forth in claim 38, wherein:
-
the drive unit is to write data to the optical disc via the interface unit; the drive unit accesses the optical disc via the security module of the portable optical disc medium; the drive unit and security module execute a key sharing protocol using public-key encryption technology; the drive unit encrypts data with a shared key and sends the data thus encrypted to the security module; and the security module decrypts the encrypted data received from the drive unit with the shared key, encrypts the decrypted data and stores the encrypted data into the optical disc.
-
-
73. The method as set forth in claim 38, wherein:
-
the drive unit is to read data from the optical disc; the drive unit accesses the optical disc via the security module; the drive unit and security module execute a key sharing protocol using public-key encryption technology; the security module reads data encrypted and stored in the portable optical disc medium, decrypts the encrypted data with the content key, re-encrypts the decrypted data with a shared key and sends the re-encrypted data to the drive unit; and the drive unit decrypts, with the shared key, the encrypted data received from the security module.
-
-
39. The method as set forth in claim 38, wherein the mutual authentication protocol uses public-key encryption technology.
-
-
74. A drive unit comprising:
-
a controller which executes a mutual authentication protocol when accessing a portable optical disc medium, the portable optical disc medium including a security module comprising a nonvolatile memory and an optical disc distinct from the security module; and an interface unit which accesses the optical disc of the portable optical disc medium, wherein the mutual authentication protocol is executed by communicating with the security module of the portable optical disc medium. - View Dependent Claims (75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101)
-
75. The drive unit as set forth in claim 74, wherein the mutual authentication protocol uses public-key encryption technology.
-
76. The drive unit as set forth in claim 74, further comprising a drive means for driving the optical disc of the portable optical disc medium.
-
77. The drive unit as set forth in claim 74, wherein the interface unit accesses the optical disc directly.
-
78. The drive unit as set forth in claim 74, wherein the interface unit accesses the optical disc via the security module.
-
79. The drive unit as set forth in claim 74, wherein the drive unit stores a revocation list of illegal recording media.
-
80. The drive unit as set forth in claim 74, wherein the drive unit does not store a revocation list of illegal recording media.
-
81. The drive unit as set forth in claim 74, wherein the mutual authentication protocol executes independently of whether the drive unit or the portable optical disc medium contains an illegal unit revocation list.
-
82. The drive unit as set forth in claim 74, wherein:
-
the drive unit stores a second version of an illegal unit revocation list and a second list version number; and the drive unit transmits, when executing the mutual authentication protocol, the second list version number to the portable optical disc medium while receiving, from the optical disc medium, a first list version number corresponding to a first version of the illegal unit revocation list stored by the portable optical disc medium; and the portable optical disc medium and the drive unit exchange the list with the newer version number.
-
-
83. The drive unit as set forth in claim 82, wherein the portable optical disc medium stores identification, and when executing the mutual authentication protocol, the controller receives, from the security module, the identification data from the portable optical disc medium, checks whether or not the identification data of the portable optical disc medium is registered in the illegal unit revocation list, and will not go through subsequent processes after execution of the mutual authentication protocol if the portable optical disc medium is revoked.
-
84. The drive unit as set forth in claim 83, wherein the illegal unit revocation list includes identification data of revoked units.
-
85. The drive unit as set forth in claim 83, wherein the illegal unit revocation list includes identification data of revoked units.
-
86. The drive unit as set forth in claim 83, wherein the illegal unit revocation list includes:
-
a revocation list identifying revoked units; and a registration list identifying units that have not been revoked, wherein units identified by the revocation list and units not identified by the registration list are considered revoked.
-
-
87. The drive unit as set forth in claim 83, wherein the illegal unit revocation list includes:
-
a revocation list indicating revoked units; and a registration list indicating units that have not been revoked, wherein one or more of the revocation and registration lists is used to determine whether a unit is considered revoked.
-
-
88. The drive unit as set forth in claim 82, wherein the illegal unit revocation list includes identification data of revoked units.
-
89. The drive unit as set forth in claim 82, wherein the illegal unit revocation list identifies units that have not been revoked.
-
90. The drive unit as set forth in claim 82, wherein the illegal unit revocation list includes:
-
a revocation list identifying revoked units; and a registration list identifying units that have not been revoked, wherein units identified by the revocation list and units not identified by the registration list are considered revoked.
-
-
91. The drive unit as set forth in claim 74, wherein:
the drive unit stores the second list version number and the second version of the illegal unit revocation list; and
the controller transmits, when executing the mutual authentication protocol, the second list version number to the security module while receiving, from the security module, a first list version number stored in the portable optical disc medium; and
updates the second version of the illegal unit revocation list with the first version if the first version is newer than the second version.
-
92. The drive unit as set forth in claim 74, wherein the drive unit stores a second version of an illegal unit revocation list to authenticate the security module and the security module stores a first version of the illegal unit revocation list to authenticate the drive unit.
-
93. The drive unit as set forth in claim 74, wherein the illegal unit revocation list includes:
-
a revocation list indicating revoked units; and a registration list indicating units that have not been revoked, wherein one or more of the revocation and registration lists is used to determine whether a unit is considered revoked.
-
-
94. The drive unit as set forth in claim 74, wherein when executing the mutual authentication protocol, the drive unit and the security module execute a key sharing protocol using public-key encryption technology, encrypt a content key with a shared key and transfer the encrypted content key.
-
95. The drive unit as set forth in claim 74, wherein when executing the mutual authentication protocol the drive unit and the security module executea key sharing protocol using public-key encryption technology, encrypt data with a shared key, and transfer the encrypted data.
-
96. The drive unit as set forth in claim 74, wherein:
-
the drive unit is to write data to the optical disc of the portable optical disc medium via the interface unit; the drive unit and the security module execute a key sharing protocol using public-key encryption technology; the drive unit encrypts a content key with a shared key and sends the encrypted content key to the security module; the security module decrypts the encrypted content key, re-encrypts the decrypted content key with a save key stored therein and sends the re-encrypted content key to the drive unit; and the drive unit writes to the optical disc of the portable optical disc medium the data encrypted with the content key and the content key encrypted by the save key.
-
-
97. The drive unit as set forth in claim 74, wherein:
-
the drive unit is to read data from the optical disc via the interface unit; the drive unit and security module execute a key sharing protocol using public-key encryption technology; the drive unit reads the encrypted content key from the optical disc and sends the content key to the security module; the security module decrypts the encrypted content key received from the drive unit with a save key stored therein, re-encrypts the decrypted content key with the shared key and sends the re-encrypted content key to the drive unit; and the drive unit decrypts the encrypted content key received from the security module with the shared key, reads the content key-encrypted data from the optical disc and decrypts the data.
-
-
98. The drive unit as set forth in claim 74, wherein:
-
the drive unit is to write data to the optical disc via the interface unit; the interface unit accesses the optical disc via the security module of the portable optical disc medium; the drive unit and the security module execute a key sharing protocol using public-key encryption technology; the drive unit sends to the security module a content key encrypted with a shared key, and data encrypted with the content key; and
the security module decrypts the encrypted content key received from the drive unit with the shared key and records to the optical disc the content key re-encrypted with a save key stored in the security module and data encrypted with the content key received from the drive unit.
-
-
99. The drive unit as set forth in claim 74, wherein
the drive unit is to write data to the optical disc via the interface unit; -
the interface unit accesses the optical disc via the security module of the portable optical disc medium; the drive unit and security module execute a key sharing protocol using public-key encryption technology; the drive unit encrypts data with a shared key and sends the data thus encrypted to the security module; and the security module decrypts the encrypted data received from the drive unit with the shared key, encrypts the decrypted data and stores the encrypted data into the optical disc.
-
-
100. The drive unit as set forth in claim 74, wherein:
-
the drive unit is to read data from the optical disc via the interface unit; the interface unit accesses the optical disc via the security module of the portable optical disc medium; the drive unit and security module execute a key sharing protocol using public-key encryption technology; the security module reads from the optical disc an encrypted content key and data encrypted with the content key, decrypts the encrypted content key with a save key stored therein and sends to the drive unit the content key re-encrypted with a shared key and data encrypted with the content key read from the optical disc; and the drive unit decrypts the encrypted content key received from the security module with the shared key and decrypts the encrypted data with the content key.
-
-
101. The drive unit as set forth in claim 74, wherein:
-
the drive unit is to read data from the optical disc via the interface unit; the interface unit accesses the optical disc via the security module; the drive unit and security module execute a key sharing protocol using public-key encryption technology; the security module reads data encrypted and stored in the portable optical disc medium, decrypts the encrypted data with the content key, re-encrypts the decrypted data with a shared key and sends the re-encrypted data to the drive unit; and the drive unit decrypts, with the shared key, the encrypted data received from the security module.
-
-
75. The drive unit as set forth in claim 74, wherein the mutual authentication protocol uses public-key encryption technology.
-
Specification
- Resources
-
Current AssigneeSony Corporation (Sony Group Corp.)
-
Original AssigneeSony Corporation (Sony Group Corp.)
-
InventorsAsano, Tomoyuki, Osawa, Yoshitomo
-
Primary Examiner(s)CHEN, SHIN HON
-
Application NumberUS09/807,824Time in Patent Office3,413 DaysField of Search713/158, 713/165, 713/169, 713/170, 713/171, 713/173, 713/182, 713/194, 713200-201, 713/175, 713/168, 709223-229US Class Current713/169CPC Class CodesG06F 21/445 by mutual authentication, e...G11B 20/00086 Circuits for prevention of ...G11B 20/0021 involving encryption or dec...G11B 20/00876 wherein physical copy prote...