Information reproducing apparatus and secure module

US 7,913,094 B2
Filed: 11/27/2002
Issued: 03/22/2011
Est. Priority Date: 12/27/2001
Status: Active Grant

First Claim

Patent Images

1. An information reproducing apparatus for reproducing information which is transmitted through a transmission medium or stored in a recording medium, comprising:

a secure module, which is a tamper resistant module structure not allowing access to first information from outside, and stores the first information;

an insecure memory which allows unauthorized access and tampering of data from outside; and

a controller configured for;

loading a different decryption unit in the insecure memory every time the decryption unit is loaded, so that the decryption unit decrypts the encryption in a different manner every time the decryption unit is loaded, andexecuting the decryption unit in the insecure memory for decrypting an encryption applied to encrypted content information by using a predetermined key,wherein;

a key supply unit which is implemented in the secure module, supplies the first information as the predetermined key to the decryption unit in the insecure memory for decrypting the encrypted content information;

an authentication unit which is implemented in the secure module, supplies second information to the decryption unit in the insecure memory at predetermined time intervals, refers to third information returned from the decryption unit in the insecure memory in response to the second information, and checks authenticity of the decryption unit in the insecure memory based on the third information, where the second information is predetermined; and

a key-supply stop unit which is implemented in the secure module, stops supply of the predetermined key by the key supply unit when the authentication unit does not authenticate the decryption unit in the insecure memory.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an information reproducing apparatus having an open architecture, a secure module stores first information, and has a structure which does not allow access to the first information from outside, and a memory has a structure which can be accessed from outside. A decryption unit loaded in the memory decrypts an encryption applied to the first information by using a predetermined key. A key supply unit implemented in the secure module supplies the predetermined key to the decryption unit. An authentication unit implemented in the secure module supplies second information to the decryption unit, refers to third information returned in response to the second information, and checks for authenticity of the decryption unit. A key-supply stop unit implemented in the secure module stops supply of the predetermined key by the key supply unit when the authentication unit does not authenticate the decryption unit.

23 Citations

View as Search Results

32 Claims

1. An information reproducing apparatus for reproducing information which is transmitted through a transmission medium or stored in a recording medium, comprising:
- a secure module, which is a tamper resistant module structure not allowing access to first information from outside, and stores the first information;
  
  an insecure memory which allows unauthorized access and tampering of data from outside; and
  
  a controller configured for;
  
  loading a different decryption unit in the insecure memory every time the decryption unit is loaded, so that the decryption unit decrypts the encryption in a different manner every time the decryption unit is loaded, andexecuting the decryption unit in the insecure memory for decrypting an encryption applied to encrypted content information by using a predetermined key,wherein;
  
  a key supply unit which is implemented in the secure module, supplies the first information as the predetermined key to the decryption unit in the insecure memory for decrypting the encrypted content information;
  
  an authentication unit which is implemented in the secure module, supplies second information to the decryption unit in the insecure memory at predetermined time intervals, refers to third information returned from the decryption unit in the insecure memory in response to the second information, and checks authenticity of the decryption unit in the insecure memory based on the third information, where the second information is predetermined; and
  
  a key-supply stop unit which is implemented in the secure module, stops supply of the predetermined key by the key supply unit when the authentication unit does not authenticate the decryption unit in the insecure memory.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The information reproducing apparatus according to claim 1, wherein the authentication unit changes an initial value of the second information every time the information reproducing apparatus is started up.
  - 3. The information reproducing apparatus according to claim 1, wherein the authentication unit has a plurality of protocols checking for authenticity of the decryption unit, and changes a currently used protocol from one to another of the plurality of protocols at predetermined time intervals.
  - 4. The information reproducing apparatus according to claim 1, wherein the key supply unit stops the supply of the predetermined key when the third information is not returned from the decryption unit in a predetermined time.
  - 5. The information reproducing apparatus according to claim 1, wherein the key supply unit stops the supply of the predetermined key when more than one identical response is successively returned from the decryption unit.
  - 6. The information reproducing apparatus according to claim 1, wherein the decryption unit, the key supply unit, the authentication unit, and the key-supply stop unit are, in advance, encrypted and stored in a recording medium, and encryptions applied to the decryption unit, the key supply unit, the authentication unit, and the key-supply stop unit are decrypted and loaded in the insecure memory or the secure module as necessary.
  - 7. The information reproducing apparatus according to claim 1, wherein the decryption unit is loaded in a different region of the insecure memory on every loading operation.
  - 8. The information reproducing apparatus according to claim 1, wherein the decryption unit is loaded in the insecure memory so that the decryption unit uses a different region of the insecure memory on every loading operation.
  - 9. The information reproducing apparatus according to claim 1, wherein the decryption unit is loaded in the insecure memory so that the decryption unit uses a different register on every loading operation.
  - 10. The information reproducing apparatus according to claim 1, further comprising:
    - an output unit which outputs the encrypted content information after the encrypted content information is decrypted by the decryption unit; and
      
      an encryption unit which reencrypts the encrypted content information after the encrypted content information is decrypted by the decryption unit before the encrypted content information is output by the output unit.
  - 11. The information reproducing apparatus according to claim 10, wherein the encryption unit selects one of a plurality of protocols for reencrypting the encrypted content information after the encrypted content information is decrypted by the decryption unit.
  - 12. The information reproducing apparatus according to claim 11, wherein the encryption unit is realized by loading a program stored in the secure module, in the insecure memory.
  - 13. The information reproducing apparatus according to claim 1, wherein a plurality of unit loaded in the insecure memory set an interruption prohibit flag in order to prohibit interruption by another program when the plurality of unit operate.
  - 14. The information reproducing apparatus according to claim 1, wherein every time a program stored in the secure module is loaded in the insecure memory, the program is encrypted in a different manner and supplied to the insecure memory.
  - 15. The information reproducing apparatus according to claim 1, wherein the secure module is constituted by a detachable device.

16. A secure module storing first information and capable of being detachably mounted on an information reproducing apparatus and executing processing related to security when the information reproducing apparatus reproduces information which is transmitted through a transmission medium or stored in a recording medium, where the information reproducing apparatus includes an insecure memory which allows unauthorized access and tampering of data from outside, and a controller loading, in the insecure memory, as a decryption unit for decrypting an encryption applied to encrypted content information by using a predetermined key, the secure module, which is a tamper resistant module structure, comprising:
- a key supply unit which is implemented in the secure module, and supplies the first information as the predetermined key to a different decryption unit that is loaded in the insecure memory every time the decryption unit is loaded, so that the decryption unit decrypts the encryption in a different manner every time the decryption unit is loaded;
  
  an authentication unit which is implemented in the secure module, supplies second information to the decryption unit in the insecure memory at predetermined time intervals, refers to third information returned from the decryption unit in the insecure memory in response to the second information, and checks for authenticity of the decryption unit in the insecure memory based on the third information, where the second information is predetermined; and
  
  a key-supply stop unit which is implemented in the secure module, and stops supply of the predetermined key by the key supply unit when the authentication unit does not authenticate the decryption unit in the insecure memory.

17. An information reproducing method for reproducing information, using an information reproducing apparatus, which is transmitted through a transmission medium or stored in a recording medium, comprising:
- storing first information in a secure module having a tamper resistant module structure which does not allow access to the first information from outside;
  
  loading a different decryption software into an insecure memory every time the decryption software is loaded, so that the decryption software decrypts an encryption in a different manner every time the decryption software is loaded;
  
  decrypting by the decryption software in the insecure memory an encryption applied to encrypted content information by using a predetermined key;
  
  supplying, by the secure module, the first information as the predetermined key to the decryption software in the insecure memory;
  
  supplying, by the secure module, second information to the decryption software in the insecure memory at predetermined time intervals, referring to third information returned from the decryption software in the insecure memory in response to the second information, and checking for authenticity of the decryption software in the insecure memory based on the third information, where the second information is predetermined; and
  
  stopping, by the secure module, supply of the predetermined key when the decryption software in the insecure memory is not authenticated.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 18. The information reproducing method according to claim 17, further comprising changing an initial value of the second information every time the information reproducing apparatus is started up.
  - 19. The information reproducing method according to claim 17, further comprising checking for authenticity of the decryption software using one of a plurality of protocols, and changing a currently used protocol to another of the plurality of protocols at predetermined time intervals.
  - 20. The information reproducing method according to claim 17, further comprising stopping the supply of the predetermined key when the third information is not returned in a predetermined time.
  - 21. The information reproducing method according to claim 17, further comprising stopping the supply of the predetermined key when more than one identical response is successively returned from the decryption software.
  - 22. The information reproducing method according to claim 17, further comprising encrypting and storing a decryption unit, a key supply unit, an authentication unit, and a key-supply stop unit, in advance, in a recording medium, and decrypting and loading encryptions applied to the decryption unit, the key supply unit, the authentication unit, and the key-supply stop unit in the insecure memory or the secure module, as necessary.
  - 23. The information reproducing method according to claim 17, further comprising loading a decryption unit in a different region of the insecure memory on every loading operation.
  - 24. The information reproducing method according to claim 17, wherein the decryption software uses a different region of the insecure memory on every loading operation.
  - 25. The information reproducing method according to claim 17, wherein the decryption software uses a different register on every loading operation.
  - 26. The information reproducing method according to claim 17, further comprising:
    - outputting the encrypted content information after the encrypted content information is decrypted; and
      
      reencrypting the encrypted content information after the encrypted content information is decrypted before the encrypted content information is output.
  - 27. The information reproducing method according to claim 26, further comprising selecting one of a plurality of protocols reencrypting the encrypted content information after the encrypted content information is decrypted.
  - 28. The information reproducing method according to claim 27, wherein the reencrypting is realized by loading a program stored in the secure module, in the insecure memory.
  - 29. The information reproducing method according to claim 17, further comprising setting an interruption prohibit flag in order to prohibit interruption by another program when the plurality of unit operate.
  - 30. The information reproducing method according to claim 17, wherein every time a program stored in the secure module is loaded in the memory, the program is encrypted in a different manner and supplied to the insecure memory.
  - 31. The information reproducing method according to claim 17, wherein the secure module is constituted by a detachable device.

32. A method, comprising:
- using a computer, which includes an insecure memory that allows unauthorized external access and tampering of data, and a secure module storing first information and having a tamper resistant module structure which does not allow access to the first information from outside, to execute;
  
  loading a different decryption software into the insecure memory every time the decryption software is loaded, so that the decryption software decrypts an encryption in a different manner every time the decryption unit is loaded;
  
  decrypting by the decryption software in the insecure memory encrypted content information, which is different from the first information, by using a predetermined key; and
  
  supplying by the secure module the first information as the predetermined key to the decryption software in the insecure memory and predetermined second information to the decryption software in the insecure memory at predetermined time intervals;
  
  referring by the secure module to third information returned from the decryption software in the insecure memory in response to the second information; and
  
  checking by the secure module authenticity of the decryption software in the insecure memory based on the third information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu Limited
Original Assignee
Fujitsu Limited
Inventors
Hasebe, Takayuki, Kohiyama, Kiyoshi
Primary Examiner(s)
Pyzocha; Michael
Assistant Examiner(s)
Gelagay; Shewaye

Application Number

US10/305,187
Publication Number

US 20030126457A1
Time in Patent Office

3,037 Days
Field of Search

713/193
US Class Current

713/193
CPC Class Codes

G06F 21/10 Protecting distributed prog...

G06F 21/33 using certificates

Information reproducing apparatus and secure module

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

23 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Information reproducing apparatus and secure module

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links