Data authentication system
First Claim
1. A data processing apparatus for processing content data provided by a recording or communication medium, characterized in that said apparatus comprises:
- a cryptography process section for executing a cryptography process on said content data; and
a control section for executing control for said cryptography process section, and said cryptography process section;
is configured to generate partial integrity check values as integrity check values for a partial data set containing one or more partial data obtained by a content data-constituting section into a plurality of parts, and to collate the generated integrity check values to verify said partial data, and generates an intermediate integrity check value based on a partial integrity check value set data string containing at least one or more of said partial integrity check values, and uses the generated intermediate integrity check value to verify the entirety of the plurality of partial data sets corresponding to the plurality of partial integrity check values constituting said partial integrity check value set.
1 Assignment
0 Petitions
Accused Products
Abstract
A data processing apparatus a data processing method efficiently ascertain that data are valid, prevent encryption processing key data from leaking, eliminate illegal use of contents data, restrict contents utilization, apply a different plurality of data formats to contents and efficiently execute reproduction processing of compressed data. The verification process of partial data is executed by collating the integrity partial data as check values for a combination of partial data of a content, and the verification process of the entirety of the combination of partial data is executed by collating partial-integrity-check-value-verifying integrity check values that verify the combination of the partial integrity check values. Master keys to generate individual keys necessary for a process of such as data encryption are stored in the storage section and keys are generated as required. An illegal device list is stored in the header information of a content and referred to when data is used. Keys specific to a data processing apparatus and common keys are stored and the keys are selectively used according to the content use restriction. Plural content blocks are coupled, and at least a part of the content blocks is applied to an encryption process by an encryption key Kcon, then encryption key data that is the encryption key Kcon encrypted by an encryption key Kdis is stored in the header section. A content data is made of compression data and an expansion processing program or a combination of types of compression programs and the reproducing apparatus can determine an expansion program applicable to a compressed content.
-
Citations
178 Claims
-
1. A data processing apparatus for processing content data provided by a recording or communication medium, characterized in that said apparatus comprises:
-
a cryptography process section for executing a cryptography process on said content data; and
a control section for executing control for said cryptography process section, and said cryptography process section;
is configured to generate partial integrity check values as integrity check values for a partial data set containing one or more partial data obtained by a content data-constituting section into a plurality of parts, and to collate the generated integrity check values to verify said partial data, and generates an intermediate integrity check value based on a partial integrity check value set data string containing at least one or more of said partial integrity check values, and uses the generated intermediate integrity check value to verify the entirety of the plurality of partial data sets corresponding to the plurality of partial integrity check values constituting said partial integrity check value set. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 18, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 35, 37, 38, 39, 40, 41, 42, 43, 44, 45, 48, 49, 50, 51, 52)
-
-
17. A data processing apparatus for processing content data provided by a recording or communication medium, characterized in that said apparatus comprises:
-
a cryptography process section for executing a cryptography process on said content data; and
a control section for executing control for said cryptography process section, and said cryptography process section;
is configured to generate, if data to be verified are encrypted, integrity check values for the data to be verified by means of a signature data-applied cryptography process from data on arithmetic operation results obtained by executing an arithmetic operation process on decrypted data obtained by executing a decryption process on the encrypted data.
-
-
19. A data processing method for processing content data provided by a recording or communication medium, characterized in that said method:
-
generates partial integrity check values as integrity check values for a partial data set containing one or more partial data obtained by a content data constituting section into a plurality of parts, and collates the generated integrity check values to verify said partial data, and generates an intermediate integrity check value based on a partial integrity check value set data string containing at least one or more of said partial integrity check values, and uses the generated intermediate integrity check value to verify the entirety of the plurality of partial data sets corresponding to the plurality of partial integrity check values constituting said partial integrity check value set.
-
-
34. The data processing method for processing content data provided by a recording or communication medium, the method being characterized in that said method:
-
if data to be verified are encrypted, executes an arithmetic operation process on decrypted data obtained by decrypting the encrypted data, executes a signature key-applied cryptography process on data on arithmetic operation results obtained by said arithmetic operation, to generate integrity check values for said data to be verified.
-
-
36. A data verifying value imparting method for a data verifying process, characterized in that said method:
-
imparts partial integrity check values as integrity check values for a partial data set containing one or more partial data obtained by a content data constituting section into a plurality of parts, and imparts to data to verified, an intermediate integrity check value used to verify a partial integrity check value set data string containing at least one or more of said partial integrity check values.
-
-
46. A program providing medium for providing a computer program for causing a data verifying process to be executed on a computer system to verify that data are valid, the program providing medium being characterized in that said computer program comprises steps of:
-
executing a collation process using partial integrity check values generated as integrity check values for a partial data set containing one or more partial data obtained by dividing data a plurality of parts, and using an intermediate integrity check value based on a partial integrity check value set obtained by combining a plurality of said partial integrity check values together, to verify the entirety of a plurality of partial data sets corresponding to the plurality of partial integrity check values constituting said partial integrity check value set.
-
-
47. A data processing apparatus comprising:
-
an encryption processing section that executes encryption processing of at least one of data encryption, data decryption, data verification, authentication processing and signature processing; and
a storage section that stores master keys to generate keys used for said encryption processing, characterized in that said encryption processing section is configured to generate individual keys necessary to execute said encryption processing based on said master keys, an encryption processing target apparatus or data identification data.
-
-
53. A data processing system configured by a plurality of data processing apparatuses, characterized in that each of said plurality of data processing apparatuses having a common master key to generate a key used for encryption processing of at least one of data encryption, data decryption data verification, authentication processing and signature processing, and
each of said plurality of data processing apparatuses generating a common individual key necessary to execute said encryption processing based on said master key and identification data of the apparatus or data subject to encryption processing.
-
58. A data processing method that executes encryption processing of at least one of data encryption, data decryption, data verification, authentication processing and signature processing, comprising:
-
a key generating step of generating individual keys necessary to execute encryption processing based on master keys to generate the key used for said encryption processing and identification data of the apparatus or data subject to encryption processing; and
an encryption processing step of executing encryption processing based on the key generated in said key generating step.
-
-
64. A data processing method in a data processing system comprising:
-
a contents data providing apparatus that supplies contents data; and
a contents data utilization apparatus that utilizes the contents data, characterized in that said contents data providing apparatus generates a contents data distribution key based on a distribution key generation master key for generating a contents data distribution key used for encryption processing on contents data and a contents identifier, which is the identifier of the provided contents data and executes encryption processing on said contents data, and said contents data utilization apparatus generates a contents data distribution key based on said distribution key generation master key and a contents identifier, which is the identifier of the provided contents data and executes decryption processing on said contents data. - View Dependent Claims (65)
-
-
66. A data processing method in a data processing system configured by a plurality of data processing apparatuses comprising:
-
a step of storing, by data processing apparatus A, which is one of said plurality of data processing apparatuses, in a storage medium contents data encrypted using a contents key generated based on a contents key generation master key to generate a contents key used for encryption processing of contents data and the apparatus identifier of said data processing apparatus A;
a step of generating the same contents key as said contents key by different data processing apparatus B based on the same said contents key generation master key as that of said data processing apparatus A and the apparatus identifier of said data processing apparatus A; and
a step of decrypting the contents data stored in said storage medium using the contents key generated by said data processing apparatus B. - View Dependent Claims (70, 71, 72, 73)
-
-
67. A data processing method in a data processing system comprising:
-
a host device; and
a slave device subject to authentication processing by said host device, characterized in that said slave device generates an authentication key based on an authentication key generation master key to generate an authentication key used for authentication processing between the host device and slave device and a slave device identifier, which is the identifier of said slave device and stores the authentication key generated in memory in said slave device, and said host device generates an authentication key based on said authentication key generation master key and slave device identifier, which is the identifier of said slave device and executes authentication processing.
-
-
68. A program providing medium that supplies a computer program to execute encryption processing of at least one of data encryption, data decryption, data verification, authentication processing and signature processing on a computer system, said computer program comprising:
-
a key generating step of generating individual keys necessary to execute said encryption processing based on said master keys to generate the keys used for said encryption processing and identification data of the apparatus or data subject to encryption processing; and
an encryption processing step of executing encryption processing based on the keys generated in said key generating step.
-
-
69. A data processing apparatus that processes contents data supplied from a storage medium or communication medium, comprising:
-
a storage section that stores data processing apparatus identifiers;
a list verification section that extracts an illegal device list included in the contents data and executes collation between entries of said list and said data processing apparatus identifiers stored in said storage section; and
a control section that stops executing processing of at least either one of reproduction of said contents data or processing of storage in a recording device when the result of the collation processing in said collation processing section shows that said illegal device list includes information that matches said data processing identifiers.
-
-
74. A data processing method that processes contents data supplied from a storage medium or communication medium, comprising:
-
a list extracting step of extracting an illegal device list included in the content data;
a collation processing step of executing collation between entries included in the list extracted in said list extracting step and said data processing apparatus identifiers stored in a storage section in the data processing apparatus; and
a step of stopping execution of processing of at least either one of reproduction of said contents data or processing of storage in a recording device when the result of the collation processing in said collation processing step shows that said illegal device list includes information that matches said data processing identifiers. - View Dependent Claims (75, 76, 77, 78, 80, 81)
-
-
79. A contents data generation method that generates contents data supplied from a storage medium or communication medium to a plurality of recorders/reproducers, characterized in that an illegal device list whose component data comprises identifiers of recorders/reproducers, which will be excluded from the use of said contents data is stored as the header information of the contents data.
-
82. A program supply medium that supplies a computer program that allows a computer system to execute processing of contents data supplied from a storage medium or communication medium, said computer program comprising:
-
a list extracting step of extracting an illegal device list included in the contents data;
a collation processing step of executing collation between entries included in the list extracted in said list extracting step and said data processing apparatus identifiers stored in a storage section in the data processing apparatus; and
a step of stopping execution of processing of either one of reproduction of said contents data or processing of storage in a recording device when the result of the collation processing in said collation processing step shows that said illegal device list includes information that matches said data processing identifiers.
-
-
83. A data processing apparatus that processes contents data supplied via a recording medium or communication medium, comprising:
-
an encryption processing section that executes encryption processing on said contents data;
a control section that executes control over said encryption processing section;
a system common key used for encryption processing in said encryption processing section, which is common to other data processing apparatuses using said contents data; and
at least one of an apparatus-specific key, which is specific to the data processing apparatus used for encryption processing in said encryption processing section or an apparatus-specific identifier to generate said apparatus-specific key, characterized in that said encryption processing section is configured to perform encryption processing by applying either one of said system common key or said apparatus-specific key according to the utilization mode of said contents data. - View Dependent Claims (84, 85, 86, 87, 88, 89, 90, 91)
-
-
92. A data processing method that processes contents data supplied via a recording medium or communication medium, characterized by selecting either one of an encryption processing system common key common to other data processing apparatuses using said contents data or an apparatus-specific key, which is specific to the data processing apparatus according to the utilization mode of said contents data;
- and
executing encryption processing by applying the selected encryption processing key to said contents data. - View Dependent Claims (93, 94, 95, 96, 97, 98, 99, 100)
- and
-
101. A program supply medium that supplies a computer program allowing a computer system to execute data processing that processes contents data supplied via a recording medium or communication medium, said computer program comprising the steps of:
-
selecting either encryption processing key, an encryption processing system common key common to other data processing apparatuses using said contents data or an apparatus-specific key, which is specific to the data processing apparatus according to the utilization mode of said contents data; and
executing encryption processing applying the selected encryption processing key to said contents data.
-
-
102. A data processing apparatus that processes contents data supplied via a recording medium or communication medium, comprising:
-
an encryption processing section that executes encryption processing on said contents data; and
a control section that executes control over said encryption processing section, characterized in that said encryption processing section is configured to generate a contents check value in units of contents block data to be verified included in the data, execute collation on the contents check value generated and thereby execute verification processing on the validity of each contents block data in said data. - View Dependent Claims (103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 129, 130, 131, 132, 133, 134, 135, 141, 142, 143, 144, 145, 146, 154, 155, 156, 157, 159, 160, 161, 162, 164, 165, 166, 167, 169, 170, 171, 172, 174, 175, 177)
-
-
115. A data processing method that processes contents data supplied via a recording medium or communication medium, characterized by generating a contents check value in units of contents block data to be verified included in the data, executing collation on the contents check value generated and thereby executing verification processing on the validity in units of contents block data in said data.
-
128. A contents data verification value assignment method for contents data verification processing, characterized by generating a contents check value in units of contents block data to be verified included in the data, assigning the contents check value generated to contents data containing the contents block data to be verified.
-
136. A program supply medium that supplies a computer program to execute data processing on contents data supplied via a recording medium or communication medium, said computer program comprising:
-
a step of generating a contents check value in units of contents block data to be verified included in the data; and
a step of executing collation processing on the contents check value generated and thereby executing verification processing on the validity in units of contents block data in said data.
-
-
137. A data processing apparatus for executing processing for generating storing data with respect to a recording device of content data, which has a plurality of content blocks in which at least a part of the blocks are encrypted and a header section storing information on the contents blocks, characterized in that:
-
in the case in which content data to be an object of storage in said recording device is structured by data stored in said header section, which is an encryption key data Kdis[Kcon] that is an encryption key Kcon of said content block applied encryption processing by an encryption key Kdis, said data processing apparatus has a structure for executing processing for taking out said encryption key data Kdis[Kcon] from said header section and executing decryption processing to generate decryption data Kcon, generating a new encryption key data Kstr[Kcon] that is applied encryption processing by an encryption key Kstr and storing the new encryption key data Kstr[Kcon] in the header section of said content data, and applying a different encryption key Kstr to the generated decryption data Kcon to execute decryption processing.
-
-
138. A data processing apparatus for executing processing for generating storing data with respect to a recording device of content data, which has a plurality of content blocks in which at least a part of the blocks are encrypted and a header section storing information on the contents blocks, characterized in that:
-
in the case in which said content block included in content data to be an object of storage with respect to said recording device is composed of contents encrypted by an encryption key Kblc and encryption key data Kcon[Kblc] that is encrypted by the encryption key Kcon, and has a structure in which encryption key data Kdis[Kcon] that is the encryption key Kcon applied encryption processing by an encryption key Kdis is stored in said header section, said data processing apparatus has a structure for executing processing for taking out said encryption key data Kdis[Kcon] from said header section and executing decryption processing to generate decryption data Kcon, generating a new encryption key data Kstr[Kcon] that is applied encryption processing by an encryption key Kstr and storing the encryption key data Kstr[Kcon] in the header section of said content data, and applying a different encryption key Kstr to the generated decryption data Kcon to execute decryption processing.
-
-
139. A data processing apparatus for executing processing for generating storing data with respect to a recording device of content data, which has a plurality of content blocks in which at least a part of the blocks are encrypted and a header section storing information on the contents blocks, characterized in that:
-
in the case in which said content block included in content data to be an object of storage with respect to said recording device is composed of contents encrypted by an encryption key Kblc and encryption key data Kdis[Kblc] that is encrypted by the encryption key Kdis, said data processing apparatus has a structure for executing processing for taking out said encryption key data Kdis[Kblc] from said content block section and executing decryption processing of the encryption key Kblc to generate decryption data Kblc, generating an encryption key data Kstr[Kblc] that is applied encryption processing by an encryption key Kstr and storing the encryption key data Kstr[Kblc] in a contents block section, and applying a different encryption key Kstr to the generated decryption data Kblc to execute decryption processing.
-
-
140. A content data generating method for generating content data, comprising:
-
coupling a plurality of content blocks composed of data including at least any one of voice information, image information and program data;
applying encryption processing to at least a part of content blocks included in said plurality of content blocks by an encryption key Kcon;
generating encryption key data Kdis[Kcon] that is said encryption key Kcon applied encryption processing by an encryption key Kdis and storing the encryption key Kdis in a header section of said content data; and
generating content data including said plurality of content blocks and the header section.
-
-
147. A content data generating method for generating content data comprising:
-
coupling a plurality of content blocks including at least any one of voice information, image information and program data;
composing at least a part of the plurality of content blocks by an encryption data section that is data including at least any one of voice information, image information and program data by an encryption key Kblc, and a set of encryption key data Kcon[Kblc] that is the encryption key Kblc of the encryption data section applied encryption processing by an encryption key Kcon;
generating encryption key data Kdis[Kcon] that is the encryption key Kcon applied encryption processing by an encryption key Kdis and storing the generated the encryption key data Kdis[Kcon] in a header section of said content data; and
generating content data including a plurality of content blocks and a header section.
-
-
148. A content data generating method for generating content data comprising:
-
coupling a plurality of content blocks including at least any one of voice information, image information and program data;
composing at least a part of the plurality of content blocks by an encryption data section that is data including at least any one of voice information, image information and program data by an encryption key Kblc, and a set of encryption key data Kdis[Kblc] that is the encryption key Kblc of the encryption data section applied encryption processing by an encryption key Kdis; and
generating content data including a plurality of content blocks and a header section.
-
-
149. A data processing method for executing processing for storing in a recording device of content data having a plurality of content blocks in which at least a part of blocks are encrypted, and a header section in which information on the content blocks is stored, comprising:
-
in the case in which content data to be an object of storage in said recording device is structured by data stored in said header section, which is an encryption key data Kdis[Kcon] that is an encryption key Kcon of said content block applied encryption processing by an encryption key Kdis, taking out said encryption key data Kdis[Kcon] from said header section and executing decryption processing to generate decryption data Kcon;
generating a new encryption key data Kstr[Kcon] that is applied encryption processing by an encryption key Kstr by applying a different encryption key Kstr to the generated decryption data Kcon to execute encryption processing; and
storing said generated encryption key data Kstr[Kcon] in a header section of said content data, and storing the header section in said recording device together with said plurality of content blocks.
-
-
150. A data processing method for executing processing for storing in a recording device of content data having a plurality of content blocks in which at least a part of blocks are encrypted, and a header section in which information on the content blocks is stored, comprising:
-
in the case in which said content block included in content data to be an object of storage with respect to said recording device is composed of contents encrypted by an encryption key Kblc and encryption key data Kcon[Kblc] that is encrypted by the encryption key Kcon, and has a structure in which encryption key data Kdis[Kcon] that is the encryption key Kcon applied encryption processing by an encryption key Kdis is stored in said header section, taking out said encryption key data Kdis[Kcon] from said header section and executing decryption processing to generate decryption data Kcon;
generating a new encryption key data Kstr[Kcon] that is applied encryption processing by an encryption key Kstr by applying a different encryption key Kstr to the generated decryption data Kcon to execute encryption processing; and
storing said generated encryption key data Kstr[Kcon] in a header section of said content data, and storing the header section in said recording device together with said plurality of content blocks.
-
-
151. A data processing method for executing processing for storing in a recording device of content data having a plurality of content blocks in which at least a part of blocks are encrypted, and a header section in which information on the content blocks is stored, comprising:
-
in the case in which said content block included in content data to be an object of storage with respect to said recording device is composed of contents encrypted by an encryption key Kblc and encryption key data Kdis[Kblc] that is encrypted by the encryption key Kdis, taking out said encryption key data Kdis[Kblc] from said content block section and executing decryption processing of the encryption key Kblc to generate decryption data Kblc;
generating an encryption key data Kstr[Kblc] that is applied encryption processing by an encryption key Kstr by applying a different encryption key Kstr to the generated decryption data Kblc to execute encryption processing; and
storing said generated encryption key data Kstr[Kblc] in a content block section, and storing the content block section in said recording device together with said plurality of content blocks.
-
-
152. A program providing medium for providing a computer program causing generation processing of storing data with respect to a recording device of content data, which has a plurality of content blocks in which at least a part of the blocks are encrypted and a header section storing information on the contents blocks, to be executed on a computer system, characterized in that:
said computer program comprises;
in the case in which content data to be an object of storage in said recording device is structured by data stored in said header section, which is an encryption key data Kdis[Kcon] that is an encryption key Kcon of said content block applied encryption processing by an encryption key Kdis, a step of taking out said encryption key data Kdis[Kcon] from said header section and executing decryption processing to generate decryption data Kcon;
generating a new encryption key data Kstr[Kcon] that is applied encryption processing by an encryption key Kstr by applying a different encryption key Kstr to the generated decryption data Kcon to execute encryption processing; and
storing said generated encryption key data Kstr[Kcon] in a header section of said content data.
-
153. A data processing apparatus for performing reproduction processing of content data provided by a storage medium or a communication medium, characterized by comprising:
-
a content data analyzing section for executing content data analysis of content data including compressed contents and an expansion processing program of said compressed contents, and executing extraction processing of the compressed contents and the expansion processing program from said content data; and
an expansion processing section for executing expansion processing of the content data included in said content data using an expansion processing program included in the content data obtained as a result of the analysis of said content data analyzing section.
-
-
158. A data processing apparatus for performing reproduction processing of content data provided by a storage medium or a communication medium, characterized by comprising:
-
a content data analyzing section for receiving content data including either compressed contents or expansion processing program, distinguishing whether the content data has the compressed contents or the expansion processing program from header information included in the received content data and, at the same time, if the content data has the compressed contents, obtaining a type of a compressing processing program applied to the compressed contents from the header information of the content data, and if the content data has the expansion processing program, obtaining a type of the expansion processing program from the header information of the content data;
an expansion processing section for executing expansion processing of the compressed contents, characterized in that said expansion processing section has a configuration for selecting an expansion processing program applicable to the type of the compression processing program of the compressed contents analyzed by said content data analyzing section based on the type of the expansion processing program analyzed by said content data analyzing section, and executing expansion processing by the selected expansion processing program.
-
-
163. A data processing method for performing reproduction processing of content data provided by a storage medium or a communication medium, characterized by comprising:
-
a content data analyzing step of executing content data analysis of content data including compressed contents and an expansion processing program of said compressed contents, and executing extraction processing of the compressed contents and the expansion processing program from said content data; and
an expansion processing step of executing expansion processing of the compressed content included in said content data using an expansion processing program included in the content data obtained as a result of the analysis of said content data analyzing step.
-
-
168. A data processing method for performing reproduction processing of content data provided by a storage medium or a communication medium, characterized by comprising:
-
a content data analyzing step of receiving content data including either compressed contents or expansion processing program, distinguishing whether the content data has the compressed contents or the expansion processing program from header information included in the received content data and, at the same time, if the content data has the compressed contents, obtaining a type of a compressing processing program applied to the compressed contents from the header information of the content data, and if the content data has the expansion processing program, obtaining a type of the expansion processing program from the header information of the content data;
a selecting step of selecting an expansion processing program applicable to the type of the compression processing program of the compressed contents analyzed in said content data analyzing step based on the type of the expansion processing program analyzed in said content data analyzing step; and
an expansion processing step of executing expansion processing by the expansion processing program selected in said selecting step.
-
-
173. A content data generating method for performing generation processing of content data provided by a storage medium or a communication medium, characterized by generating content data in which compressed contents and an expansion processing program of the compressed contents are combined.
-
176. A content data generating method for performing generation processing of content data provided by a storage medium or a communication medium, characterized in that content data is generated in which a type of content data for identifying whether the content data has compressed contents or an expansion processing program is added as header information;
-
if the content data has compressed contents, a type of a compression processing program applied to the compressed contents is added as header information; and
if the content data has an expansion processing program, a type of an expansion processing program is added as header information.
-
-
178. A program providing medium for providing a computer program that causes a computer system to execute reproduction processing of content data provided by a storage medium or a communication medium, characterized by comprising:
-
a content data analyzing step of executing content data analysis of content data including compressed contents and an expansion processing program of said compressed contents, and executing extraction processing of the compressed contents and the expansion processing program from said content data; and
an expansion processing step of executing expansion processing of the content data included in said content data using an expansion processing program included in the content data obtained as a result of the analysis of said content data analyzing section.
-
Specification