Method and apparatus for encrypting data to be secured and inputting/outputting the same

US 7,721,346 B2
Filed: 03/26/2004
Issued: 05/18/2010
Est. Priority Date: 03/28/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A storage device comprising:

an ordinary data storage unit which stores encrypted contents data;

a secret data storage unit which stores license data containing a contents key for decrypting the encrypted contents data;

a cryptographic processing unit which receives, from a host device, and executes a command corresponding to each of a plurality of sequenced subprocesses produced by dividing each of a series of cryptographic input and output processes for encrypting data to be secured and inputting and outputting the data between the storage device and the host device;

a controller which inputs and outputs the license data via the cryptographic processing unit and inputs and outputs the encrypted contents data bypassing the cryptographic processing unit; and

a bus for receiving the command from the host device, the bus being deallocated for another command when the command is issued, whereinthe cryptographic processing unit receives commands corresponding to a plurality of subprocesses respectively belonging to two or more different cryptographic input and output processes via the bus, refers to identifying information attached to the command, identifies to which cryptographic input and output process the command belongs, manages the sequence of commands executed in each cryptographic input and output process, and rejects the execution of an incorrectly sequenced command when the cryptographic processing unit receives the incorrectly sequenced command.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technology is provided to improve tamper resistance in encrypting data to be secured and inputting/outputting the data between a recording device and a host device. When the recording device issues an input/output command to a storage device to input/output data to be secured, the recording device attaches an ID to the command to identify to which cryptographic input/output processing the command belongs. Upon reception of a sequence command, the storage device receives the command if its ID has been allocated and the command is verified to have been issued in the correct sequence. The sequence ID is used to identify a process system while appropriately managing the steps of executing commands.

30 Citations

View as Search Results

15 Claims

1. A storage device comprising:
- an ordinary data storage unit which stores encrypted contents data;
  
  a secret data storage unit which stores license data containing a contents key for decrypting the encrypted contents data;
  
  a cryptographic processing unit which receives, from a host device, and executes a command corresponding to each of a plurality of sequenced subprocesses produced by dividing each of a series of cryptographic input and output processes for encrypting data to be secured and inputting and outputting the data between the storage device and the host device;
  
  a controller which inputs and outputs the license data via the cryptographic processing unit and inputs and outputs the encrypted contents data bypassing the cryptographic processing unit; and
  
  a bus for receiving the command from the host device, the bus being deallocated for another command when the command is issued, whereinthe cryptographic processing unit receives commands corresponding to a plurality of subprocesses respectively belonging to two or more different cryptographic input and output processes via the bus, refers to identifying information attached to the command, identifies to which cryptographic input and output process the command belongs, manages the sequence of commands executed in each cryptographic input and output process, and rejects the execution of an incorrectly sequenced command when the cryptographic processing unit receives the incorrectly sequenced command.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The storage device according to claim 1, whereinwhen the cryptographic processing unit receives the incorrectly sequenced command, the cryptographic processing unit interrupts the cryptographic input and output process to which the command belongs.
  - 3. The storage device according to claim 1, wherein the number of the cryptographic input and output processes which can be performed simultaneously by the storage device is predetermined in accordance with a performance of the storage device.
  - 4. The storage device according to claim 1, wherein in response to a request from the host device, the storage device provides to the host device the maximum number of cryptographic input and output processes which can be performed simultaneously by the storage device.
  - 5. The storage device according to claim 1, wherein the storage medium comprises a normal data storing unit and a confidential data storing unit, the normal data storing unit storing normal data to be exchanged bypassing the cryptographic processing unit, the confidential data storing unit storing the secret data to be exchanged via the cryptographic processing unit.

6. A storage device comprising:
- an ordinary data storage unit which stores encrypted contents data;
  
  a secret data storage unit which stores license data containing a contents key for decrypting the encrypted contents data;
  
  a cryptographic processing unit for receiving, from a host device, and executing a command corresponding to each of the plurality of sequenced subprocesses produced by dividing each of a series of cryptographic input and output processes for encrypting data to be secured and inputting and outputting the data between the storage device and the host device;
  
  a controller which inputs and outputs the license data via the cryptographic processing unit and inputs and outputs the encrypted contents data bypassing the cryptographic processing unit; and
  
  a bus for receiving the command from the host device, the bus being deallocated for another command when the command is issued,wherein the cryptographic processing unit receives commands corresponding to a plurality of subprocesses respectively belonging to two or more different cryptographic input and output processes via the bus, refers to identifying information attached to the command, identifies to which cryptographic input and output process the received command belongs to, and rejects the execution of the command when having detected that the command is an incorrectly sequenced command in the cryptographic input and output process to which the command belongs.
- View Dependent Claims (7)
- - 7. The storage device according to claim 6, wherein in response to a request from the host device, the storage device provides to the host device the maximum number of cryptographic input and output processes which can be performed simultaneously by the storage device.

8. A host device which exchanges encrypted contents data and license data containing a contents key for decrypting the encrypted contents data, with a storage device that is capable of simultaneously performing a plurality of series of cryptographic input and output processes for encrypting data to be secured and inputting and outputting the data, the host device comprising:
- a controller which divides the cryptographic input and output process into a plurality of sequenced subprocesses and issues commands sequentially to the storage device thereby allowing the storage device to execute a subprocess to be executed on the storage-device side; and
  
  a cryptographic processing unit which carries out encryption or decryption that is required of the cryptographic input and output process, whereinthe controller inputs and outputs the license data via the cryptographic processing unit and inputs and outputs the encrypted contents data bypassing the cryptographic processing unit, andwhen the controller issues a command, the controller attaches identifying information to the command to identify to which one of the plurality of cryptographic input and output processes the command belongs and to manage the sequence of commands executed in each cryptographic input and output process, andthe controller that issues the command via the bus electrically connecting the host device and the storage device deallocates the bus for another command.
- View Dependent Claims (9)
- - 9. The host device according to claim 8, wherein the controller issues a command to allocate a process system for performing the cryptographic input and output process prior to initiation of the cryptographic input and output process.

10. A data input and output method for exchanging encrypted contents data and license data containing a contents key for decrypting the encrypted contents data between a storage device and a host device, wherein, when performing a cryptographic input and output process between the host device and the storage device, which is capable of simultaneously performing a plurality of series of cryptographic input and output processes for encrypting data to be secured and inputting and outputting the data, the license data is input and output through the cryptographic input and output process, and the encrypted data is input and output bypassing the cryptographic input and output process, the method comprising:
- dividing the cryptographic input and output process into a plurality of procedures and allowing the host device to execute a procedure to be executed on the host-device side out of the procedures;
  
  allowing the host device to issue a command to the storage device via a bus for electrically connecting the host device and the storage device in order to make the storage device execute a procedure to be executed on the storage-device side;
  
  allowing the host device to deallocate the bus for another command;
  
  allowing the storage device to receive the command; and
  
  allowing the storage device to execute the command, whereinidentifying information is attached to the command to identify to which one of the plurality of cryptographic input and output processes, being performed simultaneously by the storage device, the command belongs, andthe allowing the storage device to receive the command includes;
  
  determining whether the received command is a correctly sequenced command in the cryptographic input and output process;
  
  accepting the command successfully when the received command has been determined to be a correctly sequenced command; and
  
  rejecting the execution of the received command when the received command has been determined to be an incorrectly sequenced command.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The data input and output method according to claim 10, further comprising predetermining an upper-limit number of the cryptographic input and output processes that can be performed simultaneously by the storage device in accordance with performance of the storage device.
  - 12. The data input/output method according to claim 10, further comprising:
    - allowing the storage device to predetermine an upper-limit number of the cryptographic input and output processes that the storage device can perform simultaneously in accordance with its own performance, andinforming the host device of the upper limit.
  - 13. The data input and output method according to claim 11, further comprising, prior to performing the cryptographic input and output processes, selecting and allocating identifying information for identifying the cryptographic input and output process to be performed from among the prepared number of pieces of identifying information determined in the determining step.
  - 14. The data input and output method according to claim 12, further comprising, prior to performing the cryptographic input and output processes, selecting and allocating identifying information for identifying the cryptographic input and output process to be performed from among the prepared number of pieces of identifying information determined in the determining step.
  - 15. The data input and output method according to claim 10, whereinwhen the received command has been determined to be an incorrectly sequenced command, the execution of the cryptographic input and output process to which the command belongs is interrupted.

Specification

Resources

Litigation Campaign Assessment

Application Number

US10/809,815
Publication Number

US 20040250092A1
Time in Patent Office

2,244 Days
Field of Search

713189-190, 713/160, 713/193, 726/30, 705/59
US Class Current

726/30
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/602   Providing cryptographic fac...

G11B 20/00086   Circuits for prevention of ...

G11B 20/00173   wherein the origin of the c...

G11B 20/0021   involving encryption or dec...

G11B 20/00521   wherein each session of a m...

G11B 20/00855   involving a step of exchang...

Method and apparatus for encrypting data to be secured and inputting/outputting the same

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

30 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for encrypting data to be secured and inputting/outputting the same

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links