Information security device

US 7,958,353 B2
Filed: 04/24/2006
Issued: 06/07/2011
Est. Priority Date: 04/25/2005
Status: Active Grant

First Claim

Patent Images

1. An information security apparatus that securely and reliably processes information, comprising:

a reconfigurable logic circuit;

a configuration unit operable, when a circuit configuration information set that defines an execution circuit that executes prescribed processing is input thereto, to acquire the input circuit configuration information set, and reconfigure the reconfigurable logic circuit in accordance with the acquired circuit configuration information set to configure the execution circuit;

a key storage unit that is tamper-resistant and securely stores therein a unique secret key that is unique to the information security apparatus;

an acquisition unit operable to acquire a key-circuit configuration information set that defines a key generation circuit that generates, using the unique secret key, a device key that is unique to the information security apparatus;

an output unit operable to output, as the circuit configuration information, the key-circuit configuration information set that has been acquired legitimately, to the configuration unit;

a control unit operable to control the key generation circuit configured by the configuration unit to generate the device key; and

a decryption unit operable to (i) acquire an encrypted content and content key information, the content key information allowing the decryption unit to generate a content key for decrypting the encrypted content, when used together with a valid device key; and

(ii) generate a content key by using the device key generated by the key generation circuit and the content key information, and decrypt the encrypted content by using the generated content key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides an apparatus for securely acquire a circuit configuration information set corresponding to a new cryptosystem without increasing the number of reconfigurable circuits. A content playback apparatus 100 includes an FPGA 122 that is reconfigurable. The content playback apparatus 100 stores a decryption circuit program that shows the structure of a decryption circuit that executes decryption in accordance with a prescribed cryptosystem. The FPGA is reconfigured in accordance with the program to configure the decryption circuit. The playback apparatus 100 acquires, from outside, an encrypted file that has been generated by encrypting a file including a decryption circuit program corresponding to the new cryptosystem in accordance with the prescribed cryptosystem, and decrypts the encrypted file by the decryption circuit.

67 Citations

View as Search Results

22 Claims

1. An information security apparatus that securely and reliably processes information, comprising:
- a reconfigurable logic circuit;
  
  a configuration unit operable, when a circuit configuration information set that defines an execution circuit that executes prescribed processing is input thereto, to acquire the input circuit configuration information set, and reconfigure the reconfigurable logic circuit in accordance with the acquired circuit configuration information set to configure the execution circuit;
  
  a key storage unit that is tamper-resistant and securely stores therein a unique secret key that is unique to the information security apparatus;
  
  an acquisition unit operable to acquire a key-circuit configuration information set that defines a key generation circuit that generates, using the unique secret key, a device key that is unique to the information security apparatus;
  
  an output unit operable to output, as the circuit configuration information, the key-circuit configuration information set that has been acquired legitimately, to the configuration unit;
  
  a control unit operable to control the key generation circuit configured by the configuration unit to generate the device key; and
  
  a decryption unit operable to (i) acquire an encrypted content and content key information, the content key information allowing the decryption unit to generate a content key for decrypting the encrypted content, when used together with a valid device key; and
  
  (ii) generate a content key by using the device key generated by the key generation circuit and the content key information, and decrypt the encrypted content by using the generated content key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 20, 22)
- - 2. The information security apparatus of claim 1, whereinthe acquisition unit acquires the key-circuit configuration information set that corresponds to a current information processing method that is used by the information security apparatus to process the information, andthe key generation circuit configured in accordance with the key-circuit configuration information set generates the device key that is appropriate to the current information processing method.
  - 3. The information security apparatus of claim 2, whereinthe acquisition unit acquires the key-circuit configuration information set from an external apparatus connected thereto via a network.
  - 4. The information security apparatus of claim 3, whereinthe acquisition unit includesa notification subunit operable to notify the external apparatus of the current information processing method, anda receiving subunit operable to receive, from the external apparatus, the key-circuit configuration information set that corresponds to the current information processing method.
  - 5. The information security apparatus of claim 3, whereinthe external apparatus generates encrypted key-circuit configuration information set by encrypting the key-circuit configuration information set, and transmits the generated encrypted key-circuit configuration information set, andthe acquisition unit includesa receiving subunit operable to receive, from the external apparatus, the encrypted key-circuit configuration information set, anda generation subunit operable to generate the key-circuit configuration information set by decrypting the encrypted key-circuit configuration information set.
  - 6. The information security apparatus of claim 2, whereinthe acquisition unit further acquires signature information generated by applying a digital signature to the key-circuit configuration information set,the information security apparatus further comprisesa verification unit operable to verify legitimacy of the key-circuit configuration information set, using the signature information and the key-circuit configuration information set, andif the legitimacy has been successfully verified, the output unit judges that the key-circuit configuration information set has been legitimately acquired, and outputs the key-circuit configuration information set.
  - 7. The information security apparatus of claim 6, further comprisinga verification information storage unit that stores verification-circuit configuration information set that shows a structure of the verification unit, whereinthe output unit further reads the verification-circuit configuration information set from the verification information storage unit, and outputs the read verification-circuit configuration information set to the configuration unit as the circuit configuration information set.
  - 8. The information security apparatus of claim 2, whereinthe current information processing method is a cryptosystem for encrypting or decrypting the information.
  - 9. The information security apparatus of claim 2, whereinthe current information processing method is a signature method that includes a procedure for generating or verifying a signature showing legitimacy of the information.
  - 10. The information security apparatus of claim 2, whereinthe current information processing method is an apparatus authentication method for authenticating an external apparatus that transmits and receives the information.
  - 11. The information security apparatus of claim 2, whereinthe current information processing method is a message code authentication method that includes a procedure for generating or verifying a message authentication code that is generated using a one-way function to check whether the information has been tampered with.
  - 12. The information security apparatus of claim 2, whereinthe current information processing method is a key sharing method for sharing a same key among apparatuses that transmit and receive the information.
  - 13. The information security apparatus of claim 1, whereinthe key-circuit configuration information set corresponds to a prescribed information processing method, and the key generation circuit configured in accordance with the key circuit configuration information set generates the device key that is appropriate to the prescribed information processing method,the information security apparatus further comprisesa combination check unit operable to check whether a current information processing method and the prescribed information processing method is the same, the current information processing method being used by the information security apparatus to process the information, andif the combination check unit judges that the current information processing method and the prescribed information processing method is the same, the output unit judges that the key-circuit configuration information set has been legitimately acquired, and outputs the key-circuit configuration information set.
  - 14. The information security apparatus of claim 1, whereinthe reconfigurable logic circuit is structured with a Field Programmable Gate Array.
  - 15. The information security apparatus of claim 1, whereinthe reconfigurable logic circuit is structured with a dynamic reconfigurable LSI.
  - 20. The information security apparatus of claim 1, whereinthe acquisition unit acquires a first key-circuit configuration information set when a first cryptosystem has been applied to the encrypted content, and a second key-circuit configuration information set when a second cryptosystem has been applied to the encrypted content,the first key-circuit configuration information defining a key generation circuit that generates, by using the unique secret key, a first device key that is unique to the information security apparatus, andthe second key-circuit configuration information defining a key generation circuit that generates, by using the unique secret key, a second device key that is unique to the information security apparatus.
  - 22. The information security apparatus of claim 1, whereinthe acquisition unit acquires a decryption circuit configuration information set that defines a decryption circuit that decrypts an encrypted content,the output unit outputs, as the circuit configuration information, the decryption circuit configuration information set to the configuration unit, andthe control unit controls the decryption circuit configured by the configuration unit to decrypt the encrypted content.

16. A key distribution system that includes a server apparatus and an information security apparatus that securely and reliably processes information,the information security apparatus comprising:
- a reconfigurable logic circuit;
  
  a configuration unit operable, when a circuit configuration information set that defines an execution circuit that executes prescribed processing is input thereto, to acquire the input circuit configuration information set, and reconfigure the reconfigurable logic circuit in accordance with the acquired circuit configuration information set to configure the execution circuit;
  
  a key storage unit that is tamper-resistant and securely stores therein a unique secret key that is unique to the information security apparatus;
  
  an acquisition unit operable to acquire a key-circuit configuration information set that defines a key generation circuit that generates, using the unique secret key, a device key that is unique to the information security apparatus;
  
  an output unit operable to output, as the circuit configuration information, the key-circuit configuration information set that has been acquired legitimately, to the configuration unit;
  
  a control unit operable to control the key generation circuit configured by the configuration unit to generate the device key; and
  
  a decryption unit operable to (i) acquire an encrypted content and content key information, the content key information allowing the decryption unit to generate a content key for decrypting the encrypted content when used together with a valid device key; and
  
  (ii) generate a content key by using the generated device key and the content key information, and decrypt the encrypted content by using the generated content key, andthe server apparatus comprising;
  
  a storage unit that stores the key-circuit configuration information set; and
  
  an output unit operable to output the key-circuit configuration information set to the information security apparatus.
- View Dependent Claims (21)
- - 21. The key distribution system of claim 16 further including, in addition to the information security apparatus as a first information security apparatus, another information security apparatus as a second information security apparatus that is different from the information security apparatus,the second information security apparatus comprising:
    - a reconfigurable logic circuit;
      
      a configuration unit operable, when a circuit configuration information set that defines an execution circuit that executes prescribed processing is input thereto, to acquire the input circuit configuration information set, and reconfigure the reconfigurable logic circuit in accordance with the acquired circuit configuration information set to configure the execution circuit;
      
      a key storage unit that is tamper-resistant and securely stores therein a unique secret key that is unique to the second information security apparatus;
      
      an acquisition unit operable to acquire a second key-circuit configuration information set that defines a key generation circuit that generates, using the unique secret key, a device key that is unique to the second information security apparatus;
      
      an output unit operable to output, as the circuit configuration information, the second key-circuit configuration information set that has been acquired legitimately, to the configuration unit;
      
      a control unit operable to control the key generation circuit configured by the configuration unit to generate the device key; and
      
      a decryption unit operable to (i) acquire an encrypted content and content key information that is the same as the content key information acquired by the information security apparatus; and
      
      (ii) generate a content key by using the generated device key that is unique to the second information security apparatus and the content key information, and decrypt the encrypted content by using the generated content key, whereinthe storage unit of the server apparatus further stores therein the second key-circuit configuration information set, andthe output unit of the server apparatus outputs the second key-circuit configuration information set to the second information security apparatus.

17. A key acquisition method used in an information security apparatus that includes a reconfigurable logic circuit and a key storing unit operable to store a unique secret key that is unique to the information security apparatus into a key storage unit that is tamper-resistant, and securely and reliably processes information,the key acquisition method comprising:
- an acquisition step of acquiring a key-circuit configuration information set that defines a key generation circuit that generates, using the unique secret key, a device key that is unique to the information security apparatus;
  
  a configuration step of reconfiguring the reconfigurable logic circuit in accordance with the acquired key-circuit configuration information set to configure the key generation circuit;
  
  a control step of controlling the key generation circuit configured in the configuration step to generate the device key by using the unique secret key; and
  
  a decryption step of (i) acquiring an encrypted content and content key information, the content key information allowing the decryption unit to generate a content key for decrypting the encrypted content when used together with a valid device key; and
  
  (ii) generating a content key by using the generated device key and the content key information, and decrypting the encrypted content by using the generated content key.

18. A non-transitory computer-readable recording medium having recorded thereon a key acquisition program used in an information security apparatus that includes a reconfigurable logic circuit and securely and reliably processes information,the key acquisition program comprising:
- a key storing step of storing a unique secret key that is unique to the information security apparatus into a key storage unit that is tamper-resistant;
  
  an acquisition step of acquiring a key-circuit configuration information set that defines a key generation circuit that generates, using the unique secret key, a the device key that is unique to the information security apparatus;
  
  a configuration step of reconfiguring the reconfigurable logic circuit in accordance with the acquired key-circuit configuration information set to configure the key generation circuit;
  
  a control step of controlling the key generation circuit configured in the configuration step to generate the device key by using the unique secret key; and
  
  a decryption step of (i) acquiring an encrypted content and content key information, the content key information allowing the decryption unit to generate a content key for decrypting the encrypted content when used together with a valid device key; and
  
  (ii) generating a content key by using the generated device key and the content key information, and decrypting the encrypted content by using the generated content key.

19. An integrated circuit that is mounted on an information security apparatus that securely and reliably processes information with use of a device key, comprising:
- a reconfigurable logic circuit;
  
  a configuration unit operable, when a circuit configuration information set that defines an execution circuit that executes prescribed processing is input thereto, to acquire the input circuit configuration information set, and reconfigure the reconfigurable logic circuit in accordance with the acquired circuit configuration information set to configure the execution circuit;
  
  a key storage unit that is tamper-resistant and securely stores therein a unique secret key that is unique to the information security apparatus;
  
  an acquisition unit operable to acquire a key-circuit configuration information set that defines a key generation circuit that generates, using the unique secret key, a device key that is unique to the information security apparatus;
  
  an output unit operable to output, as the circuit configuration information, the key-circuit configuration information set that has been acquired legitimately, to the configuration unit;
  
  a control unit operable to control the key generation circuit configured by the configuration unit to generate the device key; and
  
  a decryption unit operable to (i) acquire an encrypted content and content key information, the content key information allowing the decryption unit to generate a content key for decrypting the encrypted content, when used together with a valid device key; and
  
  (ii) generate a content key by using the generated device key and the content key information, and decrypt the encrypted content by using the generated content key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Panasonic Corporation (Panasonic Holdings Corporation)
Original Assignee
Panasonic Corporation (Panasonic Holdings Corporation)
Inventors
Nakano, Toshihisa, Matsuzaki, Natsume, Marui, Shinichi
Primary Examiner(s)
Moazzami; Nasser
Assistant Examiner(s)
YALEW, FIKREMARIAM A

Application Number

US11/912,473
Publication Number

US 20090132821A1
Time in Patent Office

1,870 Days
Field of Search

None
US Class Current

713/170
CPC Class Codes

H04L 2209/12   Details relating to cryptog...

H04L 2209/60   Digital content management,...

H04L 9/0877   using additional device, e....

H04L 9/3247   involving digital signatures

Information security device

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

67 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Information security device

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

67 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links