Data transmitting system and method, drive unit, access method, data recording medium, recording medium producing apparatus and method

US 7,739,495 B2
Filed: 05/04/2007
Issued: 06/15/2010
Est. Priority Date: 08/20/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A storage apparatus for storing information retrieved by an information processing apparatus, the storage apparatus comprising:

a first storage section that stores data for access by the information processing apparatus; and

a security module distinct from the first storage section, the security module comprising;

a second storage section that stores a first revoked unit list;

a mutual authentication section that executes a mutual authentication protocol with the information processing apparatus;

a receiving section that receives a second revoked unit list from the information processing apparatus; and

a judging section that judges whether the information processing apparatus is revoked or not based on the first revoked unit list;

wherein if the information processing apparatus is revoked, the first revoked unit list is maintained in the second storage section of the security module, and if the information processing apparatus is not revoked, the first revoked unit list is replaced with the second revoked unit list in the second storage section of the security module, andwherein the security module prevents the information processing apparatus from accessing the data stored by the first storage section when the mutual authentication protocol does not authenticate the information processing apparatus.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security module is provided in a data recording medium, data to be written to the data recording medium is encrypted with an content key different from one data to another, and the content key is safely stored in the security module. Also, the security module makes a mutual authentication using the public-key encryption technology with a drive unit to check that the counterpart is an authorized (licensed) unit, and then gives the content key to the counterpart, thereby preventing data from being leaked to any illegal (unlicensed) unit. Thus, it is possible to prevent copyrighted data such as movie, music, etc. from being copied illegally (against the wish of the copyrighter of the data).

Citations

63 Claims

1. A storage apparatus for storing information retrieved by an information processing apparatus, the storage apparatus comprising:
- a first storage section that stores data for access by the information processing apparatus; and
  
  a security module distinct from the first storage section, the security module comprising;
  
  a second storage section that stores a first revoked unit list;
  
  a mutual authentication section that executes a mutual authentication protocol with the information processing apparatus;
  
  a receiving section that receives a second revoked unit list from the information processing apparatus; and
  
  a judging section that judges whether the information processing apparatus is revoked or not based on the first revoked unit list;
  
  wherein if the information processing apparatus is revoked, the first revoked unit list is maintained in the second storage section of the security module, and if the information processing apparatus is not revoked, the first revoked unit list is replaced with the second revoked unit list in the second storage section of the security module, andwherein the security module prevents the information processing apparatus from accessing the data stored by the first storage section when the mutual authentication protocol does not authenticate the information processing apparatus.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The storage apparatus as set forth in claim 1, further comprising a receiving section that receives ID information from the information processing apparatus.
  - 3. The storage apparatus as set forth in claim 2, wherein the ID information includes a key for the information processing apparatus.
  - 4. The storage apparatus as set forth in claim 3, wherein a digital certification includes the key.
  - 5. The storage apparatus as set forth in claim 1, wherein the judging section judges whether the information processing apparatus is on the first revoked unit list.
  - 6. The storage apparatus as set forth in claim 1, further comprising:
    - a comparing section that compares the first revoked unit list with the second revoked unit list; and
      
      a second judging section that judges which revoked unit list is newer.
  - 7. The storage apparatus as set forth in claim 6, further comprising:
    - a transmitting section that transmits the first revoked unit list to the information processing apparatus.
  - 8. The storage apparatus as set forth in claim 6, wherein the second judging section compares the respective version information attached with each revoked unit list.
  - 9. The storage apparatus as set forth in claim 1, further comprising:
    - a second receiving section that receives a private key from the information processing apparatus;
      
      a third storage section that stores a public key; and
      
      a judging section that judges whether the private key and the public key correspond.
  - 10. The storage apparatus as set forth in claim 9, wherein if the information processing apparatus is revoked or the private key does not relate to the public key, the first revoked unit list is maintained, and if the information processing apparatus is not revoked and the private key relates to the public key, the first revoked unit list is replaced with the second revoked unit list.
  - 11. The storage apparatus as set forth in claim 10, wherein if the first revoked unit list is maintained and the information processing apparatus is not revoked, the first revoked unit list is transmitted to the information processing apparatus.
  - 12. The storage apparatus as set forth in claim 1, wherein the second storage section comprises:
    - a revoked unit list storage section that stores the first revoked unit list; and
      
      a content storage section that stores content.
  - 13. The storage apparatus as set forth in claim 12, wherein the revoked unit list storage section is more secure than the content storage section.
  - 14. The storage apparatus according to claim 1, wherein the first revoked unit list indicates at least one information processing apparatus whose private key has been revealed.
  - 15. The storage apparatus according to claim 1, wherein the storage apparatus and the information processing apparatus share a common private key.

16. An information processing apparatus for retrieving information from a storage apparatus, comprising:
- a storage section that stores a second revoked unit list;
  
  a mutual authentication section that executes a mutual authentication protocol with a security module on the storage apparatus;
  
  a receiving section that receives a first revoked unit list from the storage apparatus; and
  
  a judging section that judges whether the storage apparatus is revoked or not based on the second revoked unit list;
  
  wherein if the storage apparatus is revoked, the second revoked unit list is maintained, and if the storage apparatus is not revoked, the second revoked unit list is replaced with the first revoked unit list,wherein the storage apparatus comprises a first storage section that stores data for access by the information process and a security module distinct from the first storage section, and the security module comprises a second storage section that stores the first revoked unit list, andwherein the information processing apparatus does not replace the second revoked unit list with the first revoked unit list when the mutual authentication protocol does not authenticate the storage apparatus.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 17. The information processing apparatus as set forth in claim 16, further comprising a receiving section that receives ID information from the storage apparatus.
  - 18. The information processing apparatus as set forth in claim 17, wherein the ID information includes a key for the storage apparatus.
  - 19. The information processing apparatus as set forth in claim 18, wherein a digital certification includes the key.
  - 20. The information processing apparatus as set forth in claim 17, wherein the judging section judges whether the storage apparatus is on the second revoked unit list.
  - 21. The information processing apparatus as set forth in claim 17, further comprising:
    - a comparing section that compares the first revoked unit list with the second revoked unit list; and
      
      a second judging section that judges which revoked unit list is newer.
  - 22. The information processing apparatus as set forth in claim 21, further comprising a transmitting section that transmits the second revoked unit list to the storage apparatus.
  - 23. The information processing apparatus as set forth in claim 21, wherein the second judging section compares the respective version information attached with each revoked unit list.
  - 24. The information processing apparatus as set forth in claim 16, further comprising:
    - a second receiving section that receives a private key from the storage apparatus;
      
      a second storage section that stores a public key; and
      
      a judging section that judges whether the private key and the public key correspond.
  - 25. The information processing apparatus as set forth in claim 24, wherein if the storage apparatus is revoked or the private key does not relate to the public key, the second revoked unit list is maintained, and if the storage apparatus is not revoked and the private key relates to the public key, the second revoked unit list is replaced with the first revoked unit list.
  - 26. The information processing apparatus as set forth in claim 25 wherein if the second revoked unit list is maintained and the storage apparatus is not revoked, the second revoked unit list is transmitted to the storage apparatus.
  - 27. The information processing apparatus as set forth in claim 16, wherein the storage section comprises:
    - a revoked unit list storage section that stores the second revoked unit list; and
      
      a content storage section that stores content.
  - 28. The information processing apparatus as set forth in claim 27, wherein the revoked unit list storage section is more secure than the content storage section.
  - 29. The information processing apparatus as set forth in claim 16, further comprising a playing back section that plays back information retrieved from the storage apparatus.
  - 30. The information processing apparatus according to claim 16, wherein the second revoked unit list indicates at least one storage apparatus whose private key has been revealed.
  - 31. The storage apparatus according to claim 16, wherein the storage apparatus and the information processing apparatus share a common private key.

32. A system comprising an information processing apparatus and a storage apparatus, the information processing apparatus comprising:
- a storage section that stores a second revoked unit list;
  
  a mutual authentication section that executes a mutual authentication protocol with a security module on the storage apparatus;
  
  a receiving section that receives a first revoked unit list from the storage apparatus; and
  
  a judging section that judges whether the storage apparatus is revoked or not based on the second revoked unit list;
  
  wherein if the storage apparatus is revoked, the second revoked unit list is maintained in the information processing apparatus, and if the storage apparatus is not revoked, the second revoked unit list is replaced with the first revoked unit list in the information processing apparatus, andwherein the information processing apparatus does not replace the second revoked unit list with the first revoked unit list when the mutual authentication protocol does not authenticate the storage apparatus; and
  
  the storage apparatus comprising;
  
  a first storage section that stores data for access by the information processing apparatus; and
  
  the security module, the security module being distinct from the first storage section and comprising;
  
  a second storage section that stores the first revoked unit list;
  
  a mutual authentication section that executes the mutual authentication protocol with the information processing apparatus;
  
  a receiving section that receives the second revoked unit list from the information processing apparatus; and
  
  a judging section that judges whether the information processing apparatus is revoked or not based on the first revoked unit list;
  
  wherein if the information processing apparatus is revoked, the first revoked unit list is maintained in the second storage section of the security module, and if the information processing apparatus is not revoked, the first revoked unit list is replaced with the second revoked unit list in the second storage section of the security module, andwherein the security module prevents the information processing apparatus from accessing the data stored by the first storage section when the mutual authentication protocol does not authenticate the information processing apparatus.
- View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47)
- - 33. The system as set forth in claim 32, the information processing apparatus further comprising a receiving section that receives ID information from the storage apparatus.
  - 34. The system as set forth in claim 33, wherein the ID information is a key for the storage apparatus.
  - 35. The system as set forth in claim 34, wherein a digital certification includes the key.
  - 36. The system as set forth in claim 32, wherein the judging section that judges whether the storage apparatus is revoked judges whether the storage apparatus is on the second revoked unit list.
  - 37. The system as set forth in claim 32, the information processing apparatus further comprising:
    - a comparing section that compares the first revoked unit list with the second revoked unit list; and
      
      a second judging section that judges which revoked unit list is newer.
  - 38. The system as set forth in claim 37, the information processing apparatus further comprising a transmitting section that transmits the second revoked unit list to the storage apparatus.
  - 39. The system as set forth in claim 37, wherein the second judging section compares the respective version information attached with each revoked unit list.
  - 40. The system as set forth in claim 32, the information processing apparatus further comprising:
    - a second receiving section that receives a private key from the storage apparatus;
      
      a second storage section that stores a public key; and
      
      a judging section that judges whether the private key and the public key correspond.
  - 41. The system as set forth in claim 40, wherein if the storage apparatus is revoked or the private key does not relate to the public key, the second revoked unit list is maintained, and if the storage apparatus is not revoked and the private key relates to the public key, the second revoked unit list is replaced with the first revoked unit list.
  - 42. The system as set forth in claim 41, wherein if the second revoked unit list is maintained and the storage apparatus is not revoked, the second revoked unit list is transmitted to the storage apparatus.
  - 43. The system as set forth in claim 32, wherein the storage section that stores the second revoked unit list comprises:
    - a revoked unit list storage section that stores the second revoked unit list; and
      
      a content storage section that stores content.
  - 44. The system as set forth in claim 43, wherein the revoked unit list storage section is more secure than the content storage section.
  - 45. The system set forth in claim 32, the information processing apparatus further comprising a playing back section that plays back information retrieved from the storage apparatus.
  - 46. The system according to claim 32, wherein the second revoked unit list indicates at least one storage apparatus whose private key has been revealed.
  - 47. The system according to claim 32, wherein the storage apparatus and the information processing apparatus share a common private key.

48. A method for retrieving information from a storage apparatus, comprising:
- storing a second revoked unit list;
  
  executing a mutual authentication protocol with a security module on the storage apparatus;
  
  receiving a first revoked unit list from the storage apparatus; and
  
  judging whether the storage apparatus is revoked or not based on the second revoked unit list;
  
  wherein if the storage apparatus is revoked, the second revoked unit list is maintained, and if the storage apparatus is not revoked, the second revoked unit list is replaced with the first revoked unit list,wherein the storage apparatus comprises a first storage section that stores data for access by the information process and a security module distinct from the first storage section, and the security module comprises a second storage section that stores the first revoked unit list, andwherein the second revoked unit list is not replaced with the first revoked unit list when the mutual authentication protocol does not authenticate the storage apparatus.
- View Dependent Claims (49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63)
- - 49. The method as set forth in claim 48, further comprising receiving ID information from the storage apparatus.
  - 50. The method as set forth in claim 49, wherein the ID information includes a key for the storage apparatus.
  - 51. The method as set forth in claim 50, wherein a digital certification includes the key.
  - 52. The method as set forth in claim 48, wherein judging whether the storage apparatus is revoked includes judging whether the storage apparatus is on the second revoked unit list.
  - 53. The method as set forth in claim 48, further comprising:
    - comparing the first revoked unit list with the second revoked unit list; and
      
      judging which revoked unit list is newer.
  - 54. The method as set forth in claim 53, further comprising transmitting the second revoked unit list to the storage apparatus.
  - 55. The method as set forth in claim 53, further comprising comparing the respective version information attached with each revoked unit list.
  - 56. The method as set forth in claim 48, further comprising:
    - receiving a private key from the storage apparatus;
      
      storing a public key; and
      
      judging whether the private key and the public key correspond.
  - 57. The method as set forth in claim 56, wherein if the storage apparatus is revoked or the private key does not relate to the public key, the second revoked unit list is maintained, and if the storage apparatus is not revoked and the private key relates to the public key, the second revoked unit list is replaced with the first revoked unit list.
  - 58. The method as set forth in claim 57, wherein if the second revoked unit list is maintained and the storage apparatus is not revoked, the second revoked unit list is transmitted to the storage apparatus.
  - 59. The method as set forth in claim 48, further comprising storing content.
  - 60. The method as set forth in claim 59, wherein the revoked unit list is stored more securely than the content.
  - 61. The method set forth in claim 48, further comprising playing back information retrieved from the storage apparatus.
  - 62. The method according to claim 48, wherein second revoked unit list indicates at least one storage apparatus whose private key has been revealed.
  - 63. The method according to claim 48, wherein the storage apparatus and the information processing apparatus share a common private key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sony Corporation (Sony Group Corp.)
Original Assignee
Sony Corporation (Sony Group Corp.)
Inventors
Asano, Tomoyuki, Osawa, Yoshitomo
Primary Examiner(s)
CHEN, SHIN HON

Application Number

US11/797,600
Publication Number

US 20080072040A1
Time in Patent Office

1,138 Days
Field of Search

713/158, 713/171
US Class Current

713/158
CPC Class Codes

G06F 21/445   by mutual authentication, e...

G11B 20/00086   Circuits for prevention of ...

G11B 20/0021   involving encryption or dec...

G11B 20/00876   wherein physical copy prote...

Data transmitting system and method, drive unit, access method, data recording medium, recording medium producing apparatus and method

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

63 Claims

Specification

Solutions

Use Cases

Quick Links

Data transmitting system and method, drive unit, access method, data recording medium, recording medium producing apparatus and method

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

63 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links