Method and apparatus for encrypting data to be secured and inputting/outputting the same
First Claim
Patent Images
1. A storage device comprising:
- an ordinary data storage unit which stores encrypted contents data;
a secret data storage unit which stores license data containing a contents key for decrypting the encrypted contents data;
a cryptographic processing unit which receives, from a host device, and executes a command corresponding to each of a plurality of sequenced subprocesses produced by dividing each of a series of cryptographic input and output processes for encrypting data to be secured and inputting and outputting the data between the storage device and the host device;
a controller which inputs and outputs the license data via the cryptographic processing unit and inputs and outputs the encrypted contents data bypassing the cryptographic processing unit; and
a bus for receiving the command from the host device, the bus being deallocated for another command when the command is issued, whereinthe cryptographic processing unit receives commands corresponding to a plurality of subprocesses respectively belonging to two or more different cryptographic input and output processes via the bus, refers to identifying information attached to the command, identifies to which cryptographic input and output process the command belongs, manages the sequence of commands executed in each cryptographic input and output process, and rejects the execution of an incorrectly sequenced command when the cryptographic processing unit receives the incorrectly sequenced command.
4 Assignments
0 Petitions
Accused Products
Abstract
A technology is provided to improve tamper resistance in encrypting data to be secured and inputting/outputting the data between a recording device and a host device. When the recording device issues an input/output command to a storage device to input/output data to be secured, the recording device attaches an ID to the command to identify to which cryptographic input/output processing the command belongs. Upon reception of a sequence command, the storage device receives the command if its ID has been allocated and the command is verified to have been issued in the correct sequence. The sequence ID is used to identify a process system while appropriately managing the steps of executing commands.
30 Citations
15 Claims
-
1. A storage device comprising:
-
an ordinary data storage unit which stores encrypted contents data; a secret data storage unit which stores license data containing a contents key for decrypting the encrypted contents data; a cryptographic processing unit which receives, from a host device, and executes a command corresponding to each of a plurality of sequenced subprocesses produced by dividing each of a series of cryptographic input and output processes for encrypting data to be secured and inputting and outputting the data between the storage device and the host device; a controller which inputs and outputs the license data via the cryptographic processing unit and inputs and outputs the encrypted contents data bypassing the cryptographic processing unit; and a bus for receiving the command from the host device, the bus being deallocated for another command when the command is issued, wherein the cryptographic processing unit receives commands corresponding to a plurality of subprocesses respectively belonging to two or more different cryptographic input and output processes via the bus, refers to identifying information attached to the command, identifies to which cryptographic input and output process the command belongs, manages the sequence of commands executed in each cryptographic input and output process, and rejects the execution of an incorrectly sequenced command when the cryptographic processing unit receives the incorrectly sequenced command. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A storage device comprising:
-
an ordinary data storage unit which stores encrypted contents data; a secret data storage unit which stores license data containing a contents key for decrypting the encrypted contents data; a cryptographic processing unit for receiving, from a host device, and executing a command corresponding to each of the plurality of sequenced subprocesses produced by dividing each of a series of cryptographic input and output processes for encrypting data to be secured and inputting and outputting the data between the storage device and the host device; a controller which inputs and outputs the license data via the cryptographic processing unit and inputs and outputs the encrypted contents data bypassing the cryptographic processing unit; and a bus for receiving the command from the host device, the bus being deallocated for another command when the command is issued, wherein the cryptographic processing unit receives commands corresponding to a plurality of subprocesses respectively belonging to two or more different cryptographic input and output processes via the bus, refers to identifying information attached to the command, identifies to which cryptographic input and output process the received command belongs to, and rejects the execution of the command when having detected that the command is an incorrectly sequenced command in the cryptographic input and output process to which the command belongs. - View Dependent Claims (7)
-
-
8. A host device which exchanges encrypted contents data and license data containing a contents key for decrypting the encrypted contents data, with a storage device that is capable of simultaneously performing a plurality of series of cryptographic input and output processes for encrypting data to be secured and inputting and outputting the data, the host device comprising:
-
a controller which divides the cryptographic input and output process into a plurality of sequenced subprocesses and issues commands sequentially to the storage device thereby allowing the storage device to execute a subprocess to be executed on the storage-device side; and a cryptographic processing unit which carries out encryption or decryption that is required of the cryptographic input and output process, wherein the controller inputs and outputs the license data via the cryptographic processing unit and inputs and outputs the encrypted contents data bypassing the cryptographic processing unit, and when the controller issues a command, the controller attaches identifying information to the command to identify to which one of the plurality of cryptographic input and output processes the command belongs and to manage the sequence of commands executed in each cryptographic input and output process, and the controller that issues the command via the bus electrically connecting the host device and the storage device deallocates the bus for another command. - View Dependent Claims (9)
-
-
10. A data input and output method for exchanging encrypted contents data and license data containing a contents key for decrypting the encrypted contents data between a storage device and a host device, wherein, when performing a cryptographic input and output process between the host device and the storage device, which is capable of simultaneously performing a plurality of series of cryptographic input and output processes for encrypting data to be secured and inputting and outputting the data, the license data is input and output through the cryptographic input and output process, and the encrypted data is input and output bypassing the cryptographic input and output process, the method comprising:
-
dividing the cryptographic input and output process into a plurality of procedures and allowing the host device to execute a procedure to be executed on the host-device side out of the procedures; allowing the host device to issue a command to the storage device via a bus for electrically connecting the host device and the storage device in order to make the storage device execute a procedure to be executed on the storage-device side; allowing the host device to deallocate the bus for another command; allowing the storage device to receive the command; and allowing the storage device to execute the command, wherein identifying information is attached to the command to identify to which one of the plurality of cryptographic input and output processes, being performed simultaneously by the storage device, the command belongs, and the allowing the storage device to receive the command includes; determining whether the received command is a correctly sequenced command in the cryptographic input and output process; accepting the command successfully when the received command has been determined to be a correctly sequenced command; and rejecting the execution of the received command when the received command has been determined to be an incorrectly sequenced command. - View Dependent Claims (11, 12, 13, 14, 15)
-
Specification