Information security device
First Claim
1. An information security apparatus that securely and reliably processes information, comprising:
- a reconfigurable logic circuit;
a configuration unit operable, when a circuit configuration information set that defines an execution circuit that executes prescribed processing is input thereto, to acquire the input circuit configuration information set, and reconfigure the reconfigurable logic circuit in accordance with the acquired circuit configuration information set to configure the execution circuit;
a key storage unit that is tamper-resistant and securely stores therein a unique secret key that is unique to the information security apparatus;
an acquisition unit operable to acquire a key-circuit configuration information set that defines a key generation circuit that generates, using the unique secret key, a device key that is unique to the information security apparatus;
an output unit operable to output, as the circuit configuration information, the key-circuit configuration information set that has been acquired legitimately, to the configuration unit;
a control unit operable to control the key generation circuit configured by the configuration unit to generate the device key; and
a decryption unit operable to (i) acquire an encrypted content and content key information, the content key information allowing the decryption unit to generate a content key for decrypting the encrypted content, when used together with a valid device key; and
(ii) generate a content key by using the device key generated by the key generation circuit and the content key information, and decrypt the encrypted content by using the generated content key.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides an apparatus for securely acquire a circuit configuration information set corresponding to a new cryptosystem without increasing the number of reconfigurable circuits. A content playback apparatus 100 includes an FPGA 122 that is reconfigurable. The content playback apparatus 100 stores a decryption circuit program that shows the structure of a decryption circuit that executes decryption in accordance with a prescribed cryptosystem. The FPGA is reconfigured in accordance with the program to configure the decryption circuit. The playback apparatus 100 acquires, from outside, an encrypted file that has been generated by encrypting a file including a decryption circuit program corresponding to the new cryptosystem in accordance with the prescribed cryptosystem, and decrypts the encrypted file by the decryption circuit.
-
Citations
22 Claims
-
1. An information security apparatus that securely and reliably processes information, comprising:
-
a reconfigurable logic circuit; a configuration unit operable, when a circuit configuration information set that defines an execution circuit that executes prescribed processing is input thereto, to acquire the input circuit configuration information set, and reconfigure the reconfigurable logic circuit in accordance with the acquired circuit configuration information set to configure the execution circuit; a key storage unit that is tamper-resistant and securely stores therein a unique secret key that is unique to the information security apparatus; an acquisition unit operable to acquire a key-circuit configuration information set that defines a key generation circuit that generates, using the unique secret key, a device key that is unique to the information security apparatus; an output unit operable to output, as the circuit configuration information, the key-circuit configuration information set that has been acquired legitimately, to the configuration unit; a control unit operable to control the key generation circuit configured by the configuration unit to generate the device key; and a decryption unit operable to (i) acquire an encrypted content and content key information, the content key information allowing the decryption unit to generate a content key for decrypting the encrypted content, when used together with a valid device key; and
(ii) generate a content key by using the device key generated by the key generation circuit and the content key information, and decrypt the encrypted content by using the generated content key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 20, 22)
-
-
16. A key distribution system that includes a server apparatus and an information security apparatus that securely and reliably processes information,
the information security apparatus comprising: -
a reconfigurable logic circuit; a configuration unit operable, when a circuit configuration information set that defines an execution circuit that executes prescribed processing is input thereto, to acquire the input circuit configuration information set, and reconfigure the reconfigurable logic circuit in accordance with the acquired circuit configuration information set to configure the execution circuit; a key storage unit that is tamper-resistant and securely stores therein a unique secret key that is unique to the information security apparatus; an acquisition unit operable to acquire a key-circuit configuration information set that defines a key generation circuit that generates, using the unique secret key, a device key that is unique to the information security apparatus; an output unit operable to output, as the circuit configuration information, the key-circuit configuration information set that has been acquired legitimately, to the configuration unit; a control unit operable to control the key generation circuit configured by the configuration unit to generate the device key; and a decryption unit operable to (i) acquire an encrypted content and content key information, the content key information allowing the decryption unit to generate a content key for decrypting the encrypted content when used together with a valid device key; and
(ii) generate a content key by using the generated device key and the content key information, and decrypt the encrypted content by using the generated content key, andthe server apparatus comprising; a storage unit that stores the key-circuit configuration information set; and an output unit operable to output the key-circuit configuration information set to the information security apparatus. - View Dependent Claims (21)
-
-
17. A key acquisition method used in an information security apparatus that includes a reconfigurable logic circuit and a key storing unit operable to store a unique secret key that is unique to the information security apparatus into a key storage unit that is tamper-resistant, and securely and reliably processes information,
the key acquisition method comprising: -
an acquisition step of acquiring a key-circuit configuration information set that defines a key generation circuit that generates, using the unique secret key, a device key that is unique to the information security apparatus; a configuration step of reconfiguring the reconfigurable logic circuit in accordance with the acquired key-circuit configuration information set to configure the key generation circuit; a control step of controlling the key generation circuit configured in the configuration step to generate the device key by using the unique secret key; and a decryption step of (i) acquiring an encrypted content and content key information, the content key information allowing the decryption unit to generate a content key for decrypting the encrypted content when used together with a valid device key; and
(ii) generating a content key by using the generated device key and the content key information, and decrypting the encrypted content by using the generated content key.
-
-
18. A non-transitory computer-readable recording medium having recorded thereon a key acquisition program used in an information security apparatus that includes a reconfigurable logic circuit and securely and reliably processes information,
the key acquisition program comprising: -
a key storing step of storing a unique secret key that is unique to the information security apparatus into a key storage unit that is tamper-resistant; an acquisition step of acquiring a key-circuit configuration information set that defines a key generation circuit that generates, using the unique secret key, a the device key that is unique to the information security apparatus; a configuration step of reconfiguring the reconfigurable logic circuit in accordance with the acquired key-circuit configuration information set to configure the key generation circuit; a control step of controlling the key generation circuit configured in the configuration step to generate the device key by using the unique secret key; and a decryption step of (i) acquiring an encrypted content and content key information, the content key information allowing the decryption unit to generate a content key for decrypting the encrypted content when used together with a valid device key; and
(ii) generating a content key by using the generated device key and the content key information, and decrypting the encrypted content by using the generated content key.
-
-
19. An integrated circuit that is mounted on an information security apparatus that securely and reliably processes information with use of a device key, comprising:
-
a reconfigurable logic circuit; a configuration unit operable, when a circuit configuration information set that defines an execution circuit that executes prescribed processing is input thereto, to acquire the input circuit configuration information set, and reconfigure the reconfigurable logic circuit in accordance with the acquired circuit configuration information set to configure the execution circuit; a key storage unit that is tamper-resistant and securely stores therein a unique secret key that is unique to the information security apparatus; an acquisition unit operable to acquire a key-circuit configuration information set that defines a key generation circuit that generates, using the unique secret key, a device key that is unique to the information security apparatus; an output unit operable to output, as the circuit configuration information, the key-circuit configuration information set that has been acquired legitimately, to the configuration unit; a control unit operable to control the key generation circuit configured by the configuration unit to generate the device key; and a decryption unit operable to (i) acquire an encrypted content and content key information, the content key information allowing the decryption unit to generate a content key for decrypting the encrypted content, when used together with a valid device key; and
(ii) generate a content key by using the generated device key and the content key information, and decrypt the encrypted content by using the generated content key.
-
Specification