Data processing apparatus, data processing system, and data processing method therefor
First Claim
Patent Images
1. A data processing apparatus for performing rights processing of content data encrypted with content key data based on usage control policy data, and for decrypting the encrypted content key data, the data processing apparatus comprising within a tamper-resistant circuit module:
- an input circuit for receiving a secure container from a content provider, wherein the secure container contains a content file, a key file, and a signature data of the content provider, and for receiving license key data from an electronic distribution center, wherein the content file contains the encrypted content data, and wherein the key file contains the encrypted content key, the usage control policy data, and signature data of the electronic distribution center;
a first bus;
an arithmetic processing circuit connected to the first bus, for performing the rights processing of the content data based on the usage control policy data;
a storage circuit connected to the first bus;
a second bus;
a first interface circuit interposed between the first bus and the second bus;
an encryption processing circuit connected to the second bus, for decrypting the content key data using the license key data;
a hash-value generating circuit that generates hash values of the content data, the content key data, and the usage control policy data;
a public key encryption circuit that creates signature data of the data processing apparatus using the hash values and verifies the integrity of the signature data of the content provider and the signature data of the electronic distribution center;
a common key encryption circuit;
an external bus interface circuit connected to the second bus; and
a usage monitor;
wherein the arithmetic processing circuit determines at least one of a purchase mode and a usage mode of the content data based on a handling policy indicated by the usage control policy data, and creates log data which includes a unique identifier of the content data, discount information, and tracing information and indicates result of the determined mode; and
the arithmetic processing circuit creates usage control status data in accordance with the determined purchase mode, and controls the use of the content data based on the usage control status data;
the usage control status data comprising a content identification for the content data, the purchase mode, an identification for the tamper-resistant circuit module, and a user identification for a user who has purchased the content data;
wherein the log data is transmitted to the electronic distribution center;
wherein the usage monitor monitors the usage control policy data and the usage control status data to make sure that the content data is purchased and used as restricted by the usage control policy data and the usage control status data; and
wherein the purchase mode is determined from one or more purchase mode options, and each purchase mode option has a different level of restriction imposed on a playback operation.
1 Assignment
0 Petitions
Accused Products
Abstract
A SAM receives a secure container in which content data encrypted with content key data, the encrypted content key data, and UCP data designating a handling policy of the content data are stored, and determines at least one of the purchase mode and the usage mode of the content data based on the UCP data. The SAM serves as a slave for a host CPU, and is also provided with a common memory shared with the host CPU.
115 Citations
18 Claims
-
1. A data processing apparatus for performing rights processing of content data encrypted with content key data based on usage control policy data, and for decrypting the encrypted content key data, the data processing apparatus comprising within a tamper-resistant circuit module:
-
an input circuit for receiving a secure container from a content provider, wherein the secure container contains a content file, a key file, and a signature data of the content provider, and for receiving license key data from an electronic distribution center, wherein the content file contains the encrypted content data, and wherein the key file contains the encrypted content key, the usage control policy data, and signature data of the electronic distribution center; a first bus; an arithmetic processing circuit connected to the first bus, for performing the rights processing of the content data based on the usage control policy data; a storage circuit connected to the first bus; a second bus; a first interface circuit interposed between the first bus and the second bus; an encryption processing circuit connected to the second bus, for decrypting the content key data using the license key data; a hash-value generating circuit that generates hash values of the content data, the content key data, and the usage control policy data; a public key encryption circuit that creates signature data of the data processing apparatus using the hash values and verifies the integrity of the signature data of the content provider and the signature data of the electronic distribution center; a common key encryption circuit; an external bus interface circuit connected to the second bus; and a usage monitor; wherein the arithmetic processing circuit determines at least one of a purchase mode and a usage mode of the content data based on a handling policy indicated by the usage control policy data, and creates log data which includes a unique identifier of the content data, discount information, and tracing information and indicates result of the determined mode; and
the arithmetic processing circuit creates usage control status data in accordance with the determined purchase mode, and controls the use of the content data based on the usage control status data;the usage control status data comprising a content identification for the content data, the purchase mode, an identification for the tamper-resistant circuit module, and a user identification for a user who has purchased the content data; wherein the log data is transmitted to the electronic distribution center; wherein the usage monitor monitors the usage control policy data and the usage control status data to make sure that the content data is purchased and used as restricted by the usage control policy data and the usage control status data; and wherein the purchase mode is determined from one or more purchase mode options, and each purchase mode option has a different level of restriction imposed on a playback operation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A data processing apparatus for performing rights processing of content data encrypted with content key data based on usage control policy data, and for decrypting the encrypted content key data, the data processing apparatus comprising within a tamper-resistant circuit module:
-
an input circuit for receiving a secure container from a content provider, wherein the secure container contains a content file, a key file, and a signature data of the content provider, and for receiving license key data from an electronic distribution center, wherein the content file contains the encrypted content data, and wherein the key file contains the encrypted content key, the usage control policy data, and signature data of the electronic distribution center; a first bus; an arithmetic processing circuit connected to the first bus, for performing the rights processing of the content data based on the usage control policy data; a storage circuit connected to the first bus; a second bus; an interface circuit interposed between the first bus and the second bus; an encryption processing circuit connected to the second bus, for decrypting the content key data using the license key data; a hash-value generating circuit that generates hash values of the content data, the content key data, and the usage control policy data; a public key encryption circuit that creates signature data of the data processing apparatus using the hash values and verifies the integrity of the signature data of the content provider and the signature data of the electronic distribution center; a common key encryption circuit; an external bus interface circuit connected to the second bus; and a usage monitor; wherein, upon receiving an interrupt from an external circuit via the external bus interface circuit, the arithmetic processing circuit becomes a slave for the external circuit so as to perform processing designated by the interrupt, and reports a result of the processing to the external circuit; wherein the arithmetic processing circuit determines at least one of a purchase mode and a usage mode of the content data based on a handling policy indicated by the usage control policy data, and creates log data which includes a unique identifier of the content data, discount information, and tracing information and indicates a result of the determined mode; and
the arithmetic processing circuit creates usage control status data in accordance with the determined purchase mode, and controls the use of the content data based on the usage control status data;the usage control status data comprising a content identification for the content data, the purchase mode, an identification for the tamper-resistant circuit module, and a user identification for a user who has purchased the content data; wherein the log data is transmitted to the electronic distribution center; wherein the usage monitor monitors the usage control policy data and the usage control status data to make sure that the content data is purchased and used as restricted by the usage control policy data and the usage control status data; and wherein the purchase mode is determined from one or more purchase mode options, and each purchase mode option has a different level of restriction imposed on a playback operation. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A data processing method of performing rights processing for content data encrypted with content key data based on usage control policy data, and of decrypting the encrypted content key data, the data processing method comprising the steps of:
-
receiving a secure container from a content provider, wherein the secure container contains a content file, a key file, and a signature data of the content provider; receiving license key data from an electronic distribution center, wherein the content file contains the encrypted content data, and wherein the key file contains the encrypted content key, the usage control policy data, and signature data of the electronic distribution center; determining at least one of a purchase mode and a usage mode of the content data based on a handling policy indicated by the usage control policy data; creating log data which includes a unique identifier of the content data, discount information, and tracing information and indicates a result of the determined purchase mode; transmitting the log data to the electronic distribution center; creating usage control status data in accordance with the determined purchase mode;
the usage control status data comprising a content identification for the content data, the purchase mode, an identification for a tamper-resistant circuit module, and a user identification for a user who has purchased the content data;monitoring the usage control policy data and the usage control status data to make sure that the content data is purchased and used as restricted by the usage control policy data and the usage control status data; controlling the use of the content data based on the usage control status data; recording the content data, for which the purchase mode is determined, on a recording medium; generating hash values of the content data, the content key data, and the usage control policy data; performing authentication; creating a signature data of a data processing apparatus using the hash values; verifying the integrity of the signature data of the content provider and the signature data of the electronic distribution center; sharing session key data obtained by the authentication; and encrypting the content key data and the usage control status data by using the session key data; wherein the purchase mode is determined from one or more purchase mode options, and each purchase mode option has a different level of restriction imposed on a playback operation.
-
Specification