Data processing system, data processing method, data processing apparatus, license system, and program providing medium

US 7,653,939 B2
Filed: 07/23/2001
Issued: 01/26/2010
Est. Priority Date: 07/24/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A data processing system, comprising:

a data processing apparatus for receiving data from or delivering data to a storage device, the storage device being external to said data processing apparatus and including a memory, the data received from the external storage device being reproduced from the memory of the external storage device and the data delivered to the external storage device being recorded in the memory of the external storage device, the receiving or delivering ordinarily being carried out on condition that mutual authentication between said data processing apparatus and the external storage device is successful; and

a memory stick loaded in the data processing apparatus and operable to execute mutual authentication;

the data processing apparatus including;

a mutual authentication unit disposed within the data processing apparatus and operable to execute mutual authentication so that when the external storage device does not include any structure operable to execute the mutual authentication or is not operable to enable such mutual authentication or the memory of the external storage device is devoid of ciphering function, the mutual authentication is alternatively carried out between said mutual authentication unit disposed within the data processing apparatus and said memory stick loaded in the data processing apparatus instead of being carried out between said data processing apparatus and the external storage device,the data processing apparatus being operable to receive the data from the external storage device or to deliver the data to the external storage device when the mutual authentication between said mutual authentication unit and said memory stick is successful.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication key is presented to a data processing device by an enable key block (EKB). Even in a case where a memory device does not have an executing function for a mutual authentication processing, an establishment of the mutual authentication processing with a virtual memory device constructed in the data processing device is made as a condition for a data reproduction processing from the memory device or a data recording processing to the memory device. In an unfair data processing device, it is so constructed to present the authentication key by non-decodable enabling key block (EKB), so that only a fair data processing device is able to be authenticated with the virtual memory device and to utilize the contents data.

19 Citations

24 Claims

1. A data processing system, comprising:
- a data processing apparatus for receiving data from or delivering data to a storage device, the storage device being external to said data processing apparatus and including a memory, the data received from the external storage device being reproduced from the memory of the external storage device and the data delivered to the external storage device being recorded in the memory of the external storage device, the receiving or delivering ordinarily being carried out on condition that mutual authentication between said data processing apparatus and the external storage device is successful; and
  
  a memory stick loaded in the data processing apparatus and operable to execute mutual authentication;
  
  the data processing apparatus including;
  
  a mutual authentication unit disposed within the data processing apparatus and operable to execute mutual authentication so that when the external storage device does not include any structure operable to execute the mutual authentication or is not operable to enable such mutual authentication or the memory of the external storage device is devoid of ciphering function, the mutual authentication is alternatively carried out between said mutual authentication unit disposed within the data processing apparatus and said memory stick loaded in the data processing apparatus instead of being carried out between said data processing apparatus and the external storage device,the data processing apparatus being operable to receive the data from the external storage device or to deliver the data to the external storage device when the mutual authentication between said mutual authentication unit and said memory stick is successful.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The data processing system according to claim 1, wherein said mutual authentication unit is operable to first execute the mutual authentication with the external storage device by initially checking whether the external storage device includes the structure operable to execute the mutual authentication.
  - 3. The data processing system according to claim 1, whereina further key is provided for authenticating distribution of an enabling key block, the further key having been previously enciphered by the enabling key block, the enabling key block containing enciphering data for enciphering renewal keys which are located on various paths of a hierarchical key tree structure, the hierarchical tree structure having a plurality of keys associated with various roots of the tree structure, nodes of the tree structure, and leaves of the tree structure, whereby a given one of the plurality of paths of the key structure extends from a specific one of the roots to a particular one of the leaves of said key tree structure, the leaves of the tree structure being respectively associated with a plurality of data processing apparatuses, the enciphering data including upper-rank keys in said tree hierarchy which are enciphered by lower-rank keys;
    - andsaid mutual authentication unit and said memory stick execute the mutual authentication by applying said enabling key block distribution authenticating key and another authenticating key previously stored in said memory stick.
  - 4. The data processing system according to claim 3, whereinsaid mutual authentication unit decodes said enabling key block only when said data processing apparatus is properly licensed and is unable to decode the enabling key block when said data processing apparatus is devoid of a proper license;
    - andsaid data processing apparatus devoid of the proper license being prevented from illegally implementing the mutual authentication between said mutual authentication unit and said memory stick by revoking said improper data processing apparatus.
  - 5. The data processing system according to claim 3, further comprising means for subjecting said enabling key block distribution authenticating key to a version controlling process by executing a process for renewing individual versions.
  - 6. The data processing system according to claim 1, whereina key tree structure is provided comprising a plurality of keys associated with various roots of the tree structure, nodes of the tree structure, and leaves of the tree structure, and having a plurality of paths whereby a given one of the paths extends from a specific one of the roots to a particular one of the leaves of the key tree structure, a plurality of data processing apparatuses being respectively associated with the leaves of the tree, and said data processing apparatus further comprises:
    - means for enciphering leaf-keys associated with the leaves using a storage key that is proper to an individual one of said data processing apparatuses and then storing the enciphered leaf-key in a memory means within a corresponding data processing apparatus.
  - 7. The data processing system according to claim 1, whereina key tree structure is provided comprising a plurality of keys respectively associated with various roots of the tree structure, nodes of the tree structure, and leaves of the tree structure, and having a plurality of paths that extend from the roots to the leaves of said key tree structure, a plurality of data processing apparatuses respectively corresponding to the leaves of the tree and to leaf-keys that further correspond with the leaves, anda device key block is stored in a memory within the processing apparatus, the key block being an assemblage of ciphered keys comprising mutually different individually enciphered node keys of plural steps extending from the leaves of the tree structure up to upper-rank keys of the key tree structure.

8. A method for transferring data between a data processing apparatus and a storage device, the storage device being external to the data processing apparatus and including a memory, the data transferred to the external storage device being recorded in the memory of the external storage device and the data transferred from the external storage device being reproduced from the memory of the external storage device, the receiving or delivering ordinarily being carried out on condition that mutual authentication between the data processing apparatus and the external storage device is successful, said method comprising:
- providing a mutual authentication unit within the data processing apparatus, the mutual authentication unit being operable to execute mutual authentication;
  
  loading a memory stick in the data processing apparatus, the memory stick being operable to execute mutual authentication;
  
  executing mutual authentication between the mutual authentication unit provided within the data processing apparatus and the memory stick loaded in the data processing apparatus when the external storage device does not include any function that executes the mutual authentication or does not include any function that enables such mutual authentication or the memory of the external storage device is devoid of ciphering function, the mutual authentication thereby being carried out between the mutual authentication unit provided within the data processing apparatus and the memory stick loaded in the data processing apparatus instead of being carried out between the data processing apparatus and the external storage device; and
  
  transferring the data from the external storage device to the data processing apparatus or from the data processing apparatus to the external storage device on condition that the mutual authentication between the mutual authentication unit and the memory stick is successful.
- View Dependent Claims (9, 10)
- - 9. The method according to claim 8, further comprising:
    - identifying, prior to said executing step, whether the external storage device is capable of executing said mutual authentication; and
      
      alternatively executing a mutual authentication between the data processing apparatus and the external storage device when execution of said mutual authentication between them is possible.
  - 10. The method according to claim 8, whereinthe data processing apparatus includes an enabling key block distribution authenticating key previously enciphered by an enabling key block, the enabling key block including data for enciphering renewal keys that are located on a path of a key tree structure having a plurality of keys respectively associated with various roots of the tree structure, nodes of the tree structure, and leaves of the tree structure, the paths extending from the roots to the leaves of said key tree structure, a plurality of data processing apparatuses being respectively associated with the leaves, the enciphering key also including data for enciphering upper-rank keys via lower-rank keys, andsaid mutual authentication process between the mutual authentication unit and the memory stick is executed by applying the enabling key block distribution authenticating key and the other authenticating key previously stored in the memory stick.

11. A license system, comprising:
- a data processing apparatus for providing license control of the transfer of data between the data processing apparatus and a storage device, the storage device being external to the data processing apparatus and including a memory, the data transferred to the external storage device being recorded in the memory of the external storage device and the data transferred from the external storage device being reproduced from the memory of the external storage device;
  
  means for providing an enabling key block distribution authenticating key, the enabling key block distribution authenticating key being previously enciphered by an enabling key block containing data for enciphering renewal keys located on paths of a key tree structure, the key structure having a plurality of keys associated with various roots of the key tree structure, nodes of the key tree structure, and leaves of the tree structure, whereby a given one of the plurality of paths extends from a specific one of the roots to a particular one of the leaves of the key tree structure, a plurality of data processing apparatuses being associated with the leaves, the enabling key block also comprising data for enciphering upper-rank keys via lower-rank keys;
  
  a mutual authentication unit disposed within the data processing apparatus and operable to execute mutual authentication;
  
  a memory stick loaded in the data processing apparatus and operable to carry out mutual authentication;
  
  the data processing apparatus including means for receiving data from or delivering data to the external storage device on condition that mutual authentication is successfully effectuated between said mutual authentication unit and the external storage device, and when the external storage device does not include any means for carrying out for enabling the mutual authentication or does not include any means for enabling such mutual authentication or the memory of the external storage device is devoid of ciphering function, for receiving data from or delivering data to the external storage device on condition that mutual authentication is successfully effectuated between said mutual authentication unit and said memory stick, the mutual authentication thereby being carried out between the mutual authentication unit disposed within the data processing apparatus and the memory stick loaded in the data processing apparatus instead of being carried out between said data processing apparatus and the external storage device; and
  
  means for enabling the data processing apparatus to decode the enabling key block that provides the enabling key block distribution authenticating key among the plurality of data processing apparatuses when the data processing apparatus is properly licensed, and for preventing the data processing apparatus from illegally decoding the enabling key block when the data processing apparatus is devoid of the proper license, thereby preventing the data processing apparatus devoid of the proper license from illegally effectuating authentication with said memory stick and illegally utilizing contents data.

12. A computer-readable recording medium with a computer program stored thereon for executing a method of transferring data between a data processing apparatus and a storage device, the storage device being external to the data processing apparatus and including a memory, the data transferred to the external storage device being recorded in the memory of the external storage device and the data transferred from the external storage device being reproduced form the memory of the external storage device, the receiving or delivering ordinarily being carried out on condition that mutual authentication between the data processing apparatus and the external storage device is successful, said method comprising:
- executing mutual authentication between a mutual authentication unit disposed within the data processing apparatus and a memory stick loaded in the data processing apparatus when the external storage device does not include any function that executes mutual authentication or does not include any function that enables such mutual authentication or the memory of the external storage device is devoid of a ciphering function, the mutual authentication thereby being carried out between the mutual authentication unit disposed within the data processing apparatus and the memory stick loaded in the data processing apparatus instead of being carried out between the data processing apparatus and the external storage device; and
  
  transferring the data from the external storage device to the data processing apparatus or from the data processing device to the external storage device on condition that the mutual authentication between the mutual authentication unit and the memory stick is successful.

13. A data processing system, comprising:
- a data processing apparatus for delivering data to or receiving data from a storage device, the storage device being external to said data processing apparatus and including a memory, the data received from the external storage device being reproduced from the memory of the external storage device and the data delivered to the external storage device being recorded in the memory of the external storage device, the receiving or delivering ordinarily being carried out on condition that mutual authentication between the data processing apparatus and the external storage device is successful, said data processing apparatus comprising;
  
  a controller disposed within the data processing apparatus and operable to carry out mutual authentication; and
  
  a memory stick loaded in the data processing apparatus and operable to carry out mutual authentication;
  
  wherein the delivering of data to or the receiving of data from the external storage device is conditioned upon successful mutual authentication between said controller and said memory stick when the external storage device does not support such mutual authentication or does not enable such mutual authentication or the memory of the external storage device is devoid of ciphering function, the mutual authentication thereby being carried out between said controller disposed within the data processing apparatus and said memory stick loaded in the data processing apparatus instead of being carried out between said data processing apparatus and the external storage device.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The data processing system of claim 13, wherein prior to performing the mutual authentication between said controller and said memory stick, said controller determines whether the external storage device includes the mutual authentication function, and if so, the delivering of data to or the receiving of data from the external storage device is alternatively conditioned upon successful mutual authentication between the controller and the external storage device.
  - 15. The data processing system of claim 13, wherein the mutual authentication between said controller and said memory stick is carried out by applying an authenticating key stored in said memory stick and an enabling key block distribution authenticating key, wherein the enabling key block distribution authenticating key is previously enciphered by an enabling key block comprising enciphering data for enciphering renewal keys, the renewal keys being located along paths of a hierarchical key tree structure in which a plurality of keys are associated with various roots of the key structure, nodes of the key structure, and leaves of the key tree structure, whereby a given one of the plurality of paths extends from a specific one of the roots to a particular one of the leaves of the key tree structure, said data processing apparatus being associated with one of the leaves of the key tree structure, and the enciphering data further including upper-rank keys to be enciphered by lower-rank keys.
  - 16. The data processing system according to claim 15, wherein said data processing apparatus is properly licensed if said data processing apparatus is enabled to decode the enabling key block, and said data processing apparatus is devoid of proper licensing if said data processing apparatus is unable to decode the enabling key block.
  - 17. The data processing system according to claim 15, wherein the enciphered enabling key block distribution authenticating key is subject to a version control process or to a process for renewing individual versions.
  - 18. The data processing system according to claim 13, further comprising a memory for storing an enciphered leaf key, the enciphered leaf key being produced by enciphering a leaf key with a storage key that is associated with the data processing apparatus, the leaf key being part of a hierarchical key tree structure having a plurality of keys respectively associated with various roots of the tree structure, nodes of the tree structure, and leaves of the key tree structure, whereby a given one of the plurality of paths extends from a specific one of the roots to a particular one of the leaves of the key tree structure, and wherein the leaf key is associated with the data processing apparatus.
  - 19. The data processing system according to claim 13, further comprising a memory for storing a device key block comprising a plurality of ciphered keys that include mutually different individually enciphered node keys of a hierarchical key tree structure having a plurality of keys respectively associated with various roots of the key structure, nodes of the key structure, and leaves of the key tree structure, and having a plurality of paths whereby a given one of the paths extends from a given one of the roots to a particular one of the leaves of the key tree structure, and wherein one of the leaves is associated with the data processing apparatus.

20. In a data processing system, a method of delivering data from a data processing apparatus to a storage device or receiving data at the data processing apparatus from the storage device, the storage device including a memory and being external to the device for delivering or receiving, the data delivered to the external storage device being recorded in the memory of the external storage device and the data received from the external storage device being reproduced from the memory of the external storage device, the receiving or delivering ordinarily being carried out on condition that mutual authentication between the data processing apparatus and the external storage device is successful, the method comprising:
- (a) providing a mutual authentication unit within the data processing apparatus, the mutual authentication unit being operable to execute mutual authentication;
  
  (b) loading a memory stick in the data processing apparatus, the memory stick being operable to execute mutual authentication;
  
  (c) executing mutual authentication between the mutual authentication unit provided within the data processing apparatus and the memory stick loaded in the data processing apparatus when the external storage device does not include any function that executes mutual authentication or does not include any function that enables such mutual or the memory of the external storage device is devoid of ciphering function, the mutual authentication thereby being carried out between the mutual authentication unit provided within the data processing apparatus and the memory stick loaded in the data processing apparatus instead of being carried out between said device for delivering and receiving data and the external storage device, and(d) if the mutual authentication between the mutual authentication unit and the memory stick is successful, executing the delivering of the data to or the receiving of the data from the external storage device.
- View Dependent Claims (21, 22)
- - 21. The method of claim 20, further comprising:
    - prior to step (c), identifying whether the external storage device includes the mutual authentication function;
      
      if the external storage device includes the mutual authentication function, alternatively executing the mutual authentication function with the external storage device; and
      
      if the mutual authentication with external storage device is successful, executing the delivering of the data to or the receiving of the data from the external storage device in place of step (d).
  - 22. The method of claim 20, wherein the mutual authentication with the memory stick is carried out by applying an authenticating key stored in the memory stick together with an enabling key block distribution authenticating key, the enabling key block distribution authenticating key being previously enciphered by an enabling key block that includes enciphering data for enciphering renewal keys located along paths of a hierarchical key tree structure having a plurality of keys respectively associated with various roots of the tree structure, nodes of the tree structure, and leaves of the key tree structure, whereby a given one of the plurality of paths extends from a specific one of the roots to a particular one of the leaves of the key tree structure, the device being associated with one of the leaves of the key tree structure, and the enciphering data including upper-rank keys that are to be enciphered by lower rank keys.

23. A license system, comprising:
- a data processing apparatus for providing license control of the transfer of data between the data processing apparatus and a storage device, the storage device being external to the data processing apparatus and including a memory, the data transferred to the external storage device being recorded in the memory of the external storage device and the data transferred from the external storage device being reproduced from the memory of the external storage device;
  
  means for providing an enabling key block distribution authenticating key enciphered by an enabling key block, the enabling key block including enciphering data for enciphering renewal keys that are located along paths of a hierarchical key tree structure having a plurality of keys respectively associated with roots of the key structure, nodes of the key structure, and leaves of the key tree structure, whereby a given one of the plurality of paths extends from a specific one of the roots to a particular one of the leaves of the key tree structure, at least one of the leaves of the key tree structure being associated with the data processing apparatus, and said enciphering data including upper-rank keys that are to be enciphered by lower-rank keys;
  
  a mutual authentication unit provided within the data processing apparatus and operable to execute mutual authentication;
  
  a memory stick loaded in the data processing apparatus and operable to carry out mutual authentication;
  
  the data processing apparatus including;
  
  means for enabling the execution of mutual authentication between the mutual authentication unit provided within the data processing apparatus and the memory stick loaded in the data processing apparatus when the external storage device does not include any capability of executing the mutual authentication or does not include any capability of enabling such mutual authentication or the memory of the external storage device is devoid of ciphering function, the mutual authentication thereby being carried out between the mutual authentication unit provided within the data processing apparatus and the memory stick loaded in the data processing apparatus instead of being carried out between the data processing apparatus and the external storage device, andmeans for enabling the transfer of data from the external storage device to the data processing apparatus or from the data processing apparatus to the external storage device on condition that the mutual authentication between the mutual authentication unit and the memory stick is executed successfully;
  
  the data processing apparatus being properly licensed if enabled to decode the enabling key block and being devoid of proper licensing if unable to decode the enabling key block.

24. A computer-readable recording medium storing computer-executable software code for enabling a data processing apparatus to carry out a method of delivering data to or the receiving of data from a storage device, the storage device being external to the data processing apparatus and including a memory, the data delivered to the external storage device being recorded in the memory of the external storage device and the data received from the external storage device being reproduced from the memory of the external storage device, the receiving or delivering ordinarily being carried out on condition that mutual authentication between the data processing apparatus and the external storage device is successful, said method comprising:
- executing mutual authentication between a mutual authentication unit disposed within the data processing apparatus and a memory stick loaded in the data processing apparatus when the external storage device does not include any capability of executing the mutual authentication or does not include any capability of enabling such mutual authentication or the memory of the external storage device is devoid of ciphering function, the mutual authentication thereby being carried out between the mutual authentication unit disposed within the data processing apparatus and the memory stick loaded in the data processing apparatus instead of being carried out between the data processing apparatus and the external storage device; and
  
  delivering the data to or receiving the data from the external storage device if the mutual authentication between the mutual authentication unit and the memory stick is successful.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sony Corporation (Sony Group Corp.)
Original Assignee
Sony Corporation (Sony Group Corp.)
Inventors
Okaue, Takumi
Primary Examiner(s)
Moise; Emmanuel L
Assistant Examiner(s)
Popham; Jeffrey D

Application Number

US09/911,042
Publication Number

US 20020108036A1
Time in Patent Office

3,109 Days
Field of Search

713/167, 700/94, 703 23- 25, 726/9, 726 26- 29, 726/20
US Class Current

726/20
CPC Class Codes

G06F 21/107   License processing; Key pro...

G06F 21/1076   Revocation

G06F 21/445   by mutual authentication, e...

G11B 20/00086   Circuits for prevention of ...

G11B 20/00166   involving measures which re...

G11B 20/0021   involving encryption or dec...

G11B 20/1217   on discs

Data processing system, data processing method, data processing apparatus, license system, and program providing medium

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

19 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Data processing system, data processing method, data processing apparatus, license system, and program providing medium

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links