WO2002039655A1 - Dispositif de traitement d'informations, procede de traitement d'informations et support de programme - Google Patents
Dispositif de traitement d'informations, procede de traitement d'informations et support de programme Download PDFInfo
- Publication number
- WO2002039655A1 WO2002039655A1 PCT/JP2001/009841 JP0109841W WO0239655A1 WO 2002039655 A1 WO2002039655 A1 WO 2002039655A1 JP 0109841 W JP0109841 W JP 0109841W WO 0239655 A1 WO0239655 A1 WO 0239655A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- key
- entity
- node
- leaf
- ekb
- Prior art date
Links
- 230000010365 information processing Effects 0.000 title claims abstract description 60
- 238000003672 processing method Methods 0.000 title claims description 18
- 238000000034 method Methods 0.000 claims abstract description 91
- 230000004913 activation Effects 0.000 claims description 62
- 230000008569 process Effects 0.000 claims description 59
- 238000012795 verification Methods 0.000 claims description 31
- 238000003860 storage Methods 0.000 claims description 19
- 238000004590 computer program Methods 0.000 claims description 4
- 230000007717 exclusion Effects 0.000 claims description 4
- 238000010200 validation analysis Methods 0.000 claims description 4
- 238000009826 distribution Methods 0.000 abstract description 38
- 238000010276 construction Methods 0.000 abstract 1
- 230000000875 corresponding effect Effects 0.000 description 24
- 238000010586 diagram Methods 0.000 description 19
- 230000006870 function Effects 0.000 description 11
- 238000004891 communication Methods 0.000 description 5
- 238000013478 data encryption standard Methods 0.000 description 2
- 125000002066 L-histidyl group Chemical group [H]N1C([H])=NC(C([H])([H])[C@](C(=O)[*])([H])N([H])[H])=C1[H] 0.000 description 1
- 102220527891 NADH-cytochrome b5 reductase 2_K10Q_mutation Human genes 0.000 description 1
- 239000011230 binding agent Substances 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000002079 cooperative effect Effects 0.000 description 1
- 238000005520 cutting process Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 229940036310 program Drugs 0.000 description 1
- 230000011514 reflex Effects 0.000 description 1
- 235000002020 sage Nutrition 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000008685 targeting Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/80—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/00166—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving measures which result in a restriction to authorised contents recorded on or reproduced from a record carrier, e.g. music or software
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/00188—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving measures which result in a restriction to authorised devices recording or reproducing contents to/from a record carrier
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/0021—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/0021—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
- G11B20/00217—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier the cryptographic key used for encryption and/or decryption of contents recorded on or reproduced from the record carrier being read from a specific source
- G11B20/00253—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier the cryptographic key used for encryption and/or decryption of contents recorded on or reproduced from the record carrier being read from a specific source wherein the key is stored on the record carrier
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/0021—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
- G11B20/00485—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier characterised by a specific kind of data which is encrypted and recorded on and/or reproduced from the record carrier
- G11B20/00492—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier characterised by a specific kind of data which is encrypted and recorded on and/or reproduced from the record carrier wherein content or user data is encrypted
- G11B20/00536—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier characterised by a specific kind of data which is encrypted and recorded on and/or reproduced from the record carrier wherein content or user data is encrypted wherein encrypted content data is subjected to a further, iterated encryption, e.g. interwoven encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
- H04L9/0833—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
- H04L9/0836—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key using tree structure or hierarchical structure
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2135—Metering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
Definitions
- the present invention relates to an information processing apparatus, an information processing method, and a program storage medium, and more particularly to a system and a method for distributing a cryptographic processing key in a system involving cryptographic processing. More specifically, it is intended to use a tree-structured hierarchical key distribution method and to be able to efficiently execute revocation (exclusion) of a specific device.
- Content various software programs
- game programs such as game programs, audio data, image data, etc.
- Contents can be transferred to networks such as the Inuichi Net or DVD, Distribution via CDs and other distributable storage media is becoming popular.
- These distribution contents are played back by receiving data or installing a storage medium by a PC (Personal Computer) or a game device owned by the user, or a recording device in a recording / playback device attached to the PC or the like. For example, it is stored in a memory card, hard disk, etc., and is used by new playback from a storage medium.
- PC Personal Computer
- Information devices such as video game machines and PCs have an interface for receiving distribution contents from the network or accessing DVDs, CDs, etc., and control means necessary for reproducing the contents. It has RAM, ROM, etc. used as memory area for programs and data.
- Various contents such as music data, image data, and programs, can be transmitted from a game device used as a playback device, a user instruction from the information device itself such as a PC, or a user's instruction via a connected input device. It is called from the storage medium according to the instruction, and is played back through the information device itself or the connected display, speaker, etc. You.
- One method of realizing usage restrictions for users is to encrypt distributed content.
- distributed various contents such as encrypted audio data, image data, game programs, etc. via the Internet, etc .; together with ⁇ , distributed ciphers only to those who are confirmed to be authorized users
- Means for decrypting encrypted content that is, a configuration in which a decryption key is provided. :.
- the encrypted data can be returned to a usable decrypted data (plaintext) by a decryption process according to a predetermined procedure.
- Data encryption and decryption methods using an encryption key for such information encryption processing and a decryption key for decryption processing are well known in the art.
- the encryption key and the decryption key used for the above-described encryption processing and decryption can be obtained by applying a one-way function such as a required number based on a certain password or the like.
- a one-way function is a function that makes it very difficult to find its input from its output. For example, a one-way function is applied with a password determined by the user as an input, and an encryption key and a decryption key are generated based on the output. On the contrary, it is practically impossible to obtain a password which is the original data from the encryption key and the decryption key obtained in this way.
- a method in which processing using an encryption key used for encryption and processing for a decryption key used for decryption are set to different algorithms is a so-called public key encryption method.
- the public key encryption method can be used by unspecified users. It is a method that uses a public key, and encrypts an encrypted document for a specific individual using a public breach key issued by that specific individual. . Documents encrypted with the public key can be decrypted only with the private key corresponding to the public key used for the encryption process. The private key is only the individual who issued the public dragon key. The document encrypted with the key can only be decrypted by the individual with the private key.
- a typical public key encryption scheme is RSA (Rivest-Shamir-Adleman) encryption.
- the content is encrypted and provided to the user on the network or in a recording medium such as a DVD or a CD, and the content key for decrypting the encrypted content is provided only to the legitimate user.
- a recording medium such as a DVD or a CD
- Many configurations have been adopted.
- the content key for preventing unauthorized copying of the content key itself is encrypted and provided to the authorized user, and the encrypted content key is decrypted using the decryption key possessed only by the authorized user.
- a configuration has been proposed that allows the use of
- the determination of whether or not the user is a legitimate user is generally made, for example, between a content provider that is the sender of the content and the user device, or between the user devices that transmit and receive the content, before authentication of the content or the content key. This is performed by executing a process.
- the secret key of an unauthorized user device may be revealed, and the secret key may be stored in the device and the content may be received by impersonating a legitimate device. is there.
- the key management center distributes a revocation list called an unauthorized person list (black list) in which IDs of unauthorized devices are restored to authorized devices, and the key management center uses the revocation list. A check is performed to determine whether the communication partner ID is included in the list.
- the revocation list lists the IDs of unauthorized devices, adds the signature of the key issuing center to prevent tampering, and is called a CRL (Certificate Revocation List). Updated sequentially and distributed to legitimate devices.
- the present invention has been proposed in view of the processing load associated with the increase in the data of the relocation list as described above, and the problem of storage space in storing the list in the device.
- An information processing apparatus includes: a leaf key associated with each leaf of a hierarchical tree structure in which a unique key is associated with each of a node and a leaf; each leaf key corresponding to its own leaf of the hierarchical tree structure; This is an information processing device that stores a key set consisting of nodes on the path to the upper layer, and performs verification processing to determine whether the entity corresponding to the node or leaf is a revoked entity as an entity to be excluded.
- the validity key procurement (EKB) including the encryption key which encrypted the update node key of the hierarchical tree structure by the lower node key or the leaf key can be decrypted by the storage key set of the entity to be verified. It is provided with a configuration to execute by judgment. Judgment of the decryptability is performed by tracking the key arrangement identification tag in the activation key block (EKB) based on the identifier of the entity to be verified.
- the identifier of the entity to be verified is position information of a corresponding node or leaf in the hierarchical tree structure of the entity.
- the key arrangement identification tag in the activation key block (EKB) identifies the presence or absence of an encryption key data in a lower layer of each encryption key data in the activation key block (EKB). It is configured as a tag.
- the tracking process is executed as a process of tracking a tag based on the position information of the entity to be verified, which is included in the identifier of the entity to be verified, in the hierarchical tree structure. .
- the identifier of the entity to be verified includes the position information of the corresponding node or leaf in the hierarchy of the entity.
- the key arrangement identification tag in the parentheses is configured as a tag to identify the presence or absence of the encryption key data in the lower layer of each encryption key data in the activation key block (EKB).
- This information processing device determines whether or not the corresponding node position or leaf position of the verification target entity can be reached by tracking the tag based on the identifier of the verification target entity. In, the determination of decryptability is performed by determining whether or not it belongs to the lower level of the node key that has not been updated.
- the identifier of the verification target entity is the identifier stored in the public key certificate of the entity, and the information processing apparatus stores the identifier of the verification target entity in the entity. It has a configuration to obtain from the public prize key certificate of.
- the information processing apparatus obtains an identifier of the entity from a public key certificate of the entity in decrypting an encrypted content provided from an entity corresponding to a node or a leaf configuring a hierarchical tree structure, A tracking process is performed using the tag of the activation key block (EKB) based on the acquired identifier to determine whether the entity is a revoked entity, and the content acquired from the activation key block (EKB). Executes decryption processing of the encrypted content based on the encryption key Kc0n.
- the present invention relates to a leaf key that is associated with each leaf of a hierarchical tree structure in which a unique key is associated with each of a node and a leaf, each leaf key corresponding to its own leaf of a hierarchical tree structure,
- This is an information processing method in an information processing device that stores a key set consisting of node keys on a path leading to a node or leaf.
- the verification process to determine whether the entity is a repo as an entity to be excluded is a validation process that includes the encryption key data obtained by encrypting the updated node key in a hierarchical structure with the lower node key or leaf key.
- (EKB) is determined by determining whether or not decryption is possible using the storage key set of the entity to be verified, and the determination of decryptability is performed based on the identifier of the entity to be verified, based on the validation key procedure ( EKB) for tracking key placement identification tags
- the identifier of the entity to be verified is the position of the corresponding node or leaf in the hierarchical structure of the entity.
- the key placement identification tag in the activation key block (EKB) contains information and identifies the presence or absence of encryption key data in the lower layer of each encryption key data in the activation key block (EKB). It is configured as a tag, and the tracking process is executed as a process of tracking the tag based on the position information of the entity included in the identifier of the verification target entity in the hierarchical tree structure.
- the identifier of the entity to be verified is
- This information processing method determines whether or not it is possible to reach the corresponding node position or leaf position of the verification target entity by tag tracking processing based on the identifier of the verification target entity. Then, the decryptability is determined by determining whether the node key belongs to a lower level of the node key that has not been updated.
- the identifier of the entity to be verified is an identifier stored in a public key certificate of the entity. Obtain from public key certificate.
- the information processing method provides a method for decrypting an encrypted content provided from an entity corresponding to a node or a leaf constituting a hierarchical tree structure.
- Obtain the identifier of the entity from the public key certificate of the entity and execute a tracking process using a tag of an activation key block (EKB) based on the obtained identifier to determine whether the entity is a repoke entity
- decryption processing of the encrypted content based on the content encryption key Kc0n obtained from the activation key block (EKB) is executed.
- a leaf key is associated with each leaf of the hierarchical tree structure in which a unique key is associated with each of the node and the leaf, and each leaf key corresponds to its own leaf of the hierarchical tree structure.
- a program that allows a computer system to execute information processing on an information processing device that stores a key set consisting of a node key on a path to an upper layer.
- a program storage medium that provides a program. The computer program stored in the storage medium includes a verification processing step of determining whether an entity corresponding to a node or a leaf is a revoked entity as an entity to be excluded.
- An update key with a hierarchical tree structure is encrypted using a lower node key or leaf key.
- the validity key includes a step of executing one block (EKB) by determining whether or not the block can be decrypted by the storage key set of the entity to be verified. Includes steps performed by tracking key placement identification tags in an activation key block (EKB) based on the identifier of the key.
- the program storage medium according to the present invention is, for example, a medium for providing a computer program in a computer-readable format to a general-purpose computer system capable of executing various program codes.
- Such a program storage medium defines a structural or functional cooperative relationship between a computer program and a storage medium for realizing a function of a predetermined convenience program on a convenience system. It was done. In other words, by installing the convenience program on the computer system via the storage medium, a cooperative action is exerted on the computer system.
- FIG. 1 is a block diagram showing a content distribution system to which an information processing device according to the present invention is applied.
- FIG. 2 is a block diagram showing a recording / reproducing device to which the information processing device according to the present invention is applied.
- FIG. 3 is a diagram illustrating a structure of a key for explaining an encryption process of various keys and data executed in the information processing apparatus according to the present invention.
- FIGS. 4A and 4B are diagrams showing examples of an activation key block (EKB) used for distribution of various keys and data to the information processing apparatus according to the present invention.
- EKB activation key block
- FIG. 5 is a diagram showing an example of content key activation keep-up (EKB) distribution and an example of decryption processing to the information processing apparatus according to the present invention.
- EKB content key activation keep-up
- FIG. 6 is a diagram showing a format example of an enabling key block (EKB) in the information processing apparatus according to the present invention.
- EKB enabling key block
- FIGS. 7A, 7B, and 7C are diagrams illustrating the configuration of the tag of the activation key block (EKB).
- FIG. 8A and FIG. 8B are diagrams showing an example of a data configuration for distributing the activation key program (EKB), the content key, and the content together.
- EKB activation key program
- FIG. 9 is a diagram showing an example of processing in the device when the activation key block (EKB), the content key, and the content are distributed together.
- EKB activation key block
- FIG. 10 is a diagram for explaining the correspondence between the enabling key block (EKB) and the case where the content is stored in the recording medium.
- EKB enabling key block
- FIG. 11 is a diagram showing a revocation entity verification sequence involved in an authentication process using a public key cryptosystem.
- FIG. 12 is a diagram showing a configuration example of a public key certificate.
- FIGS. 13A and 13B are diagrams showing steps of an EKB tracking process for determining a revoked entity.
- FIGS. 14A and 14B are diagrams showing steps of an EKB tracking process for determining a revoked entity.
- FIG. 15 is a process diagram showing an EKB tracking process for determining a revoked entity.
- FIG. 16 is a diagram for explaining content distribution processing using EKB and a public key certificate.
- FIG. 17 is a diagram illustrating an example of category classification in a hierarchical tree structure.
- BEST MODE FOR CARRYING OUT THE INVENTION A content distribution system to which processing in an information processing apparatus according to the present invention can be applied is configured as shown in FIG.
- the content distribution side 10 encrypts and transmits the content or the content to various content reproduction devices of the content reception side 20.
- the device on the receiving side 20 obtains the content or content key by decrypting the received encrypted content or encrypted content key, and plays back image data and audio data, or executes various programs. And so on.
- Data exchange between the content distribution side 10 and the content reception side 20 is executed via a network such as the Internet or via a circulating storage medium such as DVD or CD.
- Means of data distribution on the content distribution side 10 include the Internet 11, satellite broadcasting 12, telephone line 13, media 14 such as DVDs and CDs, etc.
- the device of the content reception side 20 Is a personal computer (PC) 21, a portable device (PD) 22, a mobile phone, a portable device such as a PDA (Personal Digital Assistants) 23, a recording / reproducing device 24 such as a DVD or a CD player, and a reproducing device for a game terminal.
- Each of the devices on the content receiving side 20 acquires the content provided from the content distribution side 10 from a communication means such as a network or from the medium 30.
- the recording / reproducing apparatus 100 includes an input / output IZF (Interface) 120, an MPEG (Moving Picture Experts Group) codec 130, an input / output I / F (Interface) 140 including an A / D, D / A converter 141.
- the IZF 120 receives digital signals that constitute various contents such as images, audio, and programs supplied from the outside and outputs them to the bus 110, and outputs them to the bus 110. Digital signal is received and output to the outside. MP EG Corde brute 130, the MP EG encoded data supplied via the bus 1 10., And MP EG decoding, and outputs the output I / F 140. With input and output ⁇ /, ⁇ 1 The digital signal supplied from 140 is output to the bus 110 by MPEG encoding.
- the input / output I / F 140 has an AZD and DZ A converter 141 built-in.
- the I / F I / F 140 receives analog signals as externally supplied content and converts them to A / D (Analog Digital) by the AZD / D / A converter 141 to convert them into digital signals. Output to the codec 130.
- the digital signal from the MPEG codec 130 is D / A (Digital Analog) converted by the AZD, D, A converter 141 to convert the digital signal into an analog signal. Output to the section.
- the encryption processing means 150 is composed of, for example, a one-chip LSI (Large Scale Integrated Curcuit), and performs encryption, decryption processing, or authentication processing of digital signals as content supplied via the bus 110. And outputs the encrypted data, decrypted data, and the like on the bus 110.
- the encryption processing means 150 is not limited to one-chip LSI, but may be realized by a configuration combining various software or hardware. The configuration as the processing means by the software configuration will be described later.
- the ROM 160 stores the program data processed by the recording / reproducing device.
- the CPU 170 executes the programs stored in the ROM 160 and the memory 180 to control the MPEG codec 130, the encryption processing means 150, and the like.
- the memory 180 is, for example, a non-volatile memory, a program executed by the CPU 170, a program required for the operation of the CPU 170, and a key used for encryption processing executed by the device. Remember the set. The key set will be described later.
- the drive 190 reads (reproduces) digital data from the recording medium 195 by driving a recording medium 195 capable of recording and reproducing digital data, and outputs the digital data on the bus 110. At the same time, the digital data supplied via the bus 110 is supplied to the recording medium 19 5. for recording. ...
- the recording medium 195 is a medium capable of storing digital data such as an optical disk such as a DVD or a CD, a magneto-optical disk, a magnetic disk, a magnetic tape, or a semiconductor memory such as a RAM. In this example, it is assumed that the configuration is such that the drive 19.0 can be attached and detached. However, the recording medium 195 may be built in the recording / reproducing apparatus' 1.0. '''
- the encryption processing means 150 shown in FIG. 2 may be configured as one one-chip LSI, or may be configured to be realized by a combination of software and hardware.
- Fig. 1 shows the configuration of the possession of cryptographic processing keys and the configuration of data distribution in each device when distributing encrypted data from the content distribution side 10 to the content reception side 20 devices. This will be described using 3.
- Naming devices 0 to 15 shown at the bottom of FIG. 3 are individual devices of the content receiving side 20.
- each leaf of the hierarchical tree structure shown in Fig. 3 corresponds to a device.
- each of the depice 0 to 15 is a key (node key) and a key (node key) assigned to a node from its leaf to the root in the hierarchical tree structure shown in FIG.
- a key set consisting of leaf keys for each leaf is stored in the memory.
- K 0 00 0 to K 1 1 1 1 shown at the bottom of FIG. 3 are leaf keys assigned to each of the devices 0 to 15, and from the top KR (root key), the second from the bottom Keys described in the section (node): KR ⁇ ⁇ 1 1 1 is the node key.
- device 0 is a leaf key ⁇ Node key: Own K000, K00, K0, KR.
- Device 5 owns K0 101, K01 Os K01, K0, KR.
- Device 15 possesses K 1 1 1 1 1, Kill, Kll, Kl, KR.
- the tree in Fig. 3 shows only 16 devices from 0 to 15 and the tree structure is also shown as a four-stage balanced and symmetrical configuration, but more devices are configured in the tree. Therefore, it is possible to have a different number of stages in each part of the series. .
- Each information processing device (device) included in the tree structure of FIG. 3 includes various recording media, for example, DV D, CD, MD, flash memory, etc., which are embedded in a device or configured to be detachable from a device.
- the various types of information processing equipment used are included.
- various application services can coexist.
- a hierarchical tree structure that is a content or key distribution configuration shown in Fig. 3 is applied. '.
- these various information processing devices (devices) and applications coexist, for example, the portion enclosed by the dotted line in FIG. 3, that is, devices 0, 1, 2, and 3 are one group using the same recording medium.
- the node key and leaf key may be managed by a single key management center, or may be managed for each group by message data distribution means such as a provider or a payment institution that sends and receives various data to and from each group. It may be configured.
- message data distribution means such as a provider or a payment institution that sends and receives various data to and from each group. It may be configured.
- These keypads and leaf keys should be updated in the event of, for example, a key leak. A new process is executed, and this update process is performed by the key management center, provider, and clearing house.
- the three devices 0, 1, 2, and 3 included in one group have common keys K 0 0, K 0, and KR as node keys.
- this node key sharing configuration for example, it becomes possible to provide a common content key only to devices 0, 1, 2, and 3.
- the common node key ⁇ 0 0 itself is set as the content key, only the devices 0, 1, 2, and 3 can set the common content without sending a new key. It is.
- a value Enc ( ⁇ 0 0, K con) obtained by encrypting the new content key K c 0 ⁇ with the node key ⁇ 0 0 is stored via a network or in a recording medium, and the device 0, 1, 2 and 3 ', only devices 0,' 1, 2 and 3 use the shared node key ⁇ ⁇ ⁇ ⁇ 0 held by each device to decrypt the encryption Enc (K 0.0, K con).
- Content: K con can be obtained.
- Enc (Ka, Kb) indicates that the data is obtained by encrypting Kb with Ka.
- the key owned by device 3 ⁇ ⁇ ., ⁇ 11, ⁇ 0 0 '1, ⁇ 0 0, KR 0, KR were analyzed and revealed by an attacker (Haiichi Ichi) If this is discovered, then device 3 must be disconnected from the system to protect the data sent and received by the system (group of devices 0, 1, 2, 3). To do so, the node keys: K 0 0 1, ⁇ 0 0, ⁇ 0, and KR are replaced with new keys ⁇ (t) 0 0 1, K (t) 0 0, K (t) 0, ⁇ ( t) It is necessary to update to R and inform the devices 0, 1, and 2 of the update key.
- K (t) a a a indicates that the generation of the key K a a a is an update key of t.
- the update key distribution process will be described.
- the key is updated by, for example, storing a table composed of a block of code called an enabling key block (EKB) shown in FIG. 4A in a network or a recording medium, for example, in a device. Performed by feeding 0, 1, and 2.
- the activation keep key (E KB) is composed of an encryption key for distributing a newly updated key to devices corresponding to each leaf that makes up the tree structure as shown in Fig. 3. You.
- An enabling key block (EKB) is sometimes called a key renewal block (KRB).
- the activation key block (EKB) shown in Fig. 4A is configured as a block of data that has a data configuration that allows only devices that require node key updates to be updated.
- the example in FIG. 4A is a block diagram formed for the purpose of distributing an updated node key of generation t to devices 0, 1, and 2 in the tree structure shown in FIG.
- device 0, device ..1 require K (t) 00, K (t) 0, and K (t) R in the update method, and device 2 , Update node. Requires K (t) 001, K (t) 00, K (t) 0, K (t) R as keys o ... ''
- EKB contains multiple encryption keys.
- the encryption key at the bottom is Enc (K0010, K (t) 001). This is the updated node key K encrypted with the leaf key K 001 0 of device 2.
- the second encryption key Enc (K. (..t) 0 0 1, K (t) 00) from the bottom in Fig. 4.A can be decrypted and updated.
- the node key K (t) 00 can be obtained.
- the encryption key Enc (K (t) 0 0, K (t) 0) in the second stage from the top in FIG. 4A is sequentially decrypted, and the updated node key K (t) 0, 1 from the top in FIG.
- the encryption key Enc (K (t) 0, K (t) R) at the second stage is decrypted to obtain K (t) R.
- the node key K 000 is not included in the object to be updated, and K (7) 00, K (t) 0, and K (t) R are required as update node keys. is there.
- the devices 0 and 1 decrypt the encryption key Enc (K 000, K (t) 00) in the third stage from the top in FIG. 4A to obtain K (t) 00. Decrypts the second-stage encryption key Enc (K (t) 00, K (t) 0) from
- the first-stage encryption key Enc ( ⁇ (t) 0, K (t) R) from the top is decrypted to obtain K (t) R.
- devices 0, 1, and 2 can obtain the updated key K (t) R.
- the index in FIG. 4A indicates the absolute address of the node key and the relief key used as the decryption key.
- the node keys at the upper level of the tree structure shown in FIG. 3: K (t) 0, K (t) R need not be updated, and only the node key K 00 needs to be updated.
- the modified key procedure (EKB) the updated node K (t) 00 can be distributed to the devices 0, 1, and 2.
- the EKB shown in FIG. 4B can be used, for example, when distributing a new content key shared by a specific group.
- a recording medium with devices 0., .1., 2, and 3 in the group indicated by the dotted line in FIG. 3 is used, and a new common content key K (t) c 0 n is required.
- K (t) c 0 n is required.
- K (7) con is updated using K (t) 00, which updates the common node key K00 of devices 0, 1, 2, and 3.
- c (K (t), ⁇ ⁇ (t) co ii) will be distributed along with EKB shown in Fig. 4B. : With this distribution, it will be possible to distribute the device as a device that is not decrypted by devices of other groups such as device: device 4.
- devices 0, 1, and 2 can obtain the content key K (t) con at seven points by decrypting the above ciphertext using K (t) 00 obtained by processing the EKB. .
- FIG. 5 shows an example of a process for obtaining a content key K (t) c 0 n at time t, where a new common content key K (t) con is encrypted using K (t) 00 —
- the device 0 uses the EKB at the time t stored in the recording medium and the node key K 000 stored in advance by the same EKB processing as described above using the node key K 000.
- One K (seven) 00 is generated.
- the updated content key K (t) con is decrypted by using the decrypted update node key K (7) 00, and is encrypted and stored by the leaf key K0000 of the user only for later use. I do.
- FIG. 6 shows an example of a format of the activation key block (EKB).
- Version 601 is an identifier indicating the version of the activation key block (EKB).
- the version has the function of identifying the latest EKB and the function of indicating the correspondence between contents.
- Depth indicates the number of levels in the hierarchical tree for the device to which the activation key block (EKB) is distributed.
- the data pointer 603 is a pointer indicating the position of the data portion in the activation key block (EKB)
- the evening pointer 604 is the position of the tag portion
- the signature pointer 605 is a pointer indicating the position of the signature. .
- the data storage unit 606 stores, for example, data obtained by encrypting a node key to be updated. For example, each encryption key related to the updated node key as shown in FIG. 5 is stored.
- Evening section 607 is a tag indicating the positional relationship between the encrypted node key ⁇ "and the leaf key : stored in the de: overnight section.
- the rules for assigning this tag will be described with reference to FIG. Fig. 7 shows an example of sending the activation key block '(E KB) described earlier with reference to Fig. 4 A as an overnight data. The data at this time is as shown in the table of Fig. 7B.
- the address of the top node included in the encryption key is defined as a top node address.In this case, since the root key update key K (t) R is included, the top node is used.
- the node address is KR.
- the top-level data Enc (K (t) 0, K (t) R) is located at the position shown in the hierarchical tree shown in Fig. 7A.
- the flag is set for all data.
- the data string and the tag string shown in FIG. 7C are configured.
- the tag is a key layout identification tag that is set to indicate where the data Enc (Kxxx, Kyyy) is located in the tree structure. Since the key data Enc (Kxxx, Kyyy)... Stored in the data section is simply a series of encrypted keys, the encryption key stored as data This makes it possible to determine the position on the touch panel. Without using the tags mentioned above Then, using the node index corresponding to the encrypted data as in the configuration described in FIG.
- the key position can be determined with a small amount of data by using the tag described above as an index data indicating the key position.
- a signature is a digital signature executed by the EKB issuing authority that issued the activation key block (EKB), such as a key management center, content provider, or clearing house.
- the device that has received the EKB verifies the signature by verifying that it is a valid activation key block (EKB) issued by the issuer of the valid activation key block (EKB).
- FIG. 8A shows this configuration.
- Enc (Kcon, content) 801 is a decryption of the content (Content) with contention key (Kcon)
- Enc (Kro, seven, Kcon) 802 is data obtained by encrypting the content (Kcon) with the root key (Kr0Ot)
- Enc (EKB, Kroot) 803 is the key block for enabling the root key Kroot ( Indicates that the data is encrypted by EKB).
- the root key K r 00 t may be the node key (K 000, K 00).
- FIG. 8B shows a configuration example in which a plurality of contents are recorded on a medium and each uses the same Enc (EKB, Kroot) 805.
- the same Enc (EKB , Kroot) can be added to each data without a link indicating the link destination linked to Enc (EKB, Kroot).
- FIG. 9 shows a processing example in the case where the content key Kc0n is encrypted using the updated node key K (7) 00 obtained by updating the node key K00 shown in FIG.
- device 3 is revoked (excluded) due to, for example, key leakage in a group surrounded by a dotted line frame in FIG.
- the activation key block (E.KB) shown in Fig. 9 and the content key (K con) are updated with the node key K (t) 00, and the content (content) is updated with the content key (K con on).
- the decoding procedure in device 0 is shown on the right side of FIG.
- Device 0 first obtains K (t) 00 from the received activation key pro- gram by performing decryption processing using its own reef key K 000.
- the content key K con is obtained by decryption using K (t) 0.0, and the content is decrypted using the content key K con.
- device 0 can use the content.
- the devices 4, 5, 6, ... of the other groups shown in Fig. 3 receive K (t) 00 using their own leaf key and node key, even if they receive this similar data (EK B). Can not do it. Similarly, even for revoked device 3, K (t) 00 cannot be obtained with its own leaf key and node key, and only devices with valid rights decrypt and use the content. Becomes possible.
- the amount of data can be reduced, and an encrypted content that can be safely decrypted only by the authorized user can be distributed. You can trust.
- the activation key block (EKB), content key, encrypted content, etc. can be safely distributed via the network.
- the encrypted content can be stored in a recording medium such as a DVD or a CD and provided to the user.
- the decryption of the encrypted content stored on the recording medium uses the content key obtained by decrypting the activation key procedure (EKB) stored on the same recording medium. If this is the case, it is possible to distribute encrypted content that can be used only with leaf keys and node keys that are held only by the rightful owner in advance, that is, content distribution with limited available user devices can be realized with a simple configuration. Become. .,.
- FIG. 10 shows an example of a configuration in which an activation key block ' ⁇ ' ( ⁇ ) is stored in a recording medium together with encrypted content.
- the contents C1 to 'C4 are stored on the recording medium, and furthermore, data in which an activation keep port (EKB) corresponding to each storage content is stored is stored.
- EKB activation keep port
- E KB—1 is used to generate a content key K c 0 n 1 that encrypts content C 1, for example, EK.
- B—2 generates a content key K c 0 n 2 that encrypts content C 2 Used to do.
- the activation key block (EKB-M) of version M is stored in the recording medium, and the contents C 3 and C 4 are associated with the activation key block (EK B_M).
- EKB-M the activation key block
- EKB-2 the content keys of the contents C 3 and C 4 can be obtained. Since EKB-1 and EKB-2 are not stored on the disk, EKB-1 required to decrypt the respective content keys by new provision means such as network distribution or distribution by recording medium , EKB-2 is required.
- A is its own private key [Apri-Key], public key [Apub-Key], signed by a certificate authority.
- B has a public proof key certificate [Ac ert], has a public key of a certification authority that is the signing entity of the public key certificate, and a public key of the EKB issuing authority that is the signing entity of the EKB.
- a public key certificate is a certificate issued by a certificate authority (CA: Ger-ticat e Authority or IA: Issuer Authority) in public key cryptography, and a user authenticates his / her own ID, public key, etc.
- CA Cert e Authority
- IA Issuer Authority
- the CA adds the ID of the CA and information such as the expiration date, and adds a signature from the CA to create a certificate.
- the public key certificate 51 shown in Fig. 12 consists of the certificate version number, the serial number of the certificate assigned by the certificate authority to the certificate subscriber, the algorithm and parameters used for the digital signature, and the authentication.
- the digital signature.5.3 is the certificate version number, the serial number of the certificate assigned to the certificate subscriber by the certificate authority, the algorithm and parameters used for the electronic signature, the name of the certificate authority, the expiration date of the certificate
- a hash function is applied to the name of the relying party and the entire public key of the relying party to generate a hash value, and the hash value is generated using the private key of the certificate authority. .
- the relying party ID of the public key certificate includes the above-mentioned node of the key distribution tree and the leaf ID as an identification value indicating the position of the leaf.
- B generates B's public key certificate B cert and random number Rb, and sends them to A.
- A verifies B's public key certificate (B. Cert) with the public key of the certificate authority. Inspection If the certificate is NG, the public key certificate is determined to be invalid. At this point, the authentication process is stopped, and the authentication fails. If the verification of B's public key certificate (B. Cert) is OK, then the E KB held on the device with B's leaf ID in B's public key certificate (B. Cert) is deleted. You.
- the evening stored in the EKB indicates the presence / absence of key data of the left and right nodes of its own node by '0, 1'. That is, it is set as 0 when there is data, and as 1 when there is no data.
- the tracking process of the EKB based on the leaf ID that is, the method of extracting the EKB, is performed using the tag based on such condition setting.
- the tracking of the EKB based on the leaf ID will be described with reference to FIG.
- a device having a leaf key K 1001 as shown in FIG. 13A is referred to as a revoked device [1001].
- the EKB has an encryption key and tag configuration as shown in FIG. 13B.
- the EKB shown in FIG. 13B is an EKB obtained by updating KR, ⁇ 1, ⁇ 10, and ⁇ 100 in order to revoke one device [1001] in FIG. 13A. .,., ⁇
- the device [100 0] with the non-revoked leaf key K 1 000 decrypts Enc (K 1000, K (t) 100) with its own leaf key, obtains K (t) 100, and , The updated root key can be obtained. Only the revoked device [100 1] cannot obtain the update node key K (t) 100 at the top of its own leaf by EKB processing, and eventually obtains the update route key K (seven) R Can not do.
- Unauthorized devices that have not been revoked have the data shown in Figure 13B and the EKB with the tag distributed from the EKB issuing authority and stored in the device.
- the content provider receiving ID [1001] verifies that the device corresponding to the leaf of 001 is set as a valid leaf device in EKB. This verification is executed as a process of determining whether or not the leaf [100 1] can obtain the updated root key K (t) R. For example, if a leaf belongs to the lower level of a non-updated device (such as K 0 or K 11 in FIG. 13A), it is clear that it has not been revoked, and it is determined that the device is a valid device. If it is possible and the leaf belongs to the lower level of the update node key, whether or not the entity has been revoked depends on whether or not the encrypted data from which the update node key can be obtained is stored in the EKB. It can be determined.
- a non-updated device such as K 0 or K 11 in FIG. 13A
- the EKB tracing process is a process for determining whether or not a key distribution can be performed from a higher-level root key. For example, let [1001], which is the ID of leaf [1001] in FIG. 13A, be the four bits [1], [0], [0], [1], and sequentially read the least significant bit from the most significant bit. ⁇ . If the bit is 1, it goes to the right; if it is 0, it goes to the left.
- the highest-order bit of ID [100 1] is 1, and it goes to the right.
- the first evening in the EKB is 0: ⁇ 0, 0 ⁇ , and it is determined that both branches have a departure, so go to the right and reach K1.
- the second bit of ID [1001] is 0 and goes to the left.
- the evening that indicates the presence or absence of data below K1 is 2: ⁇ 0, 0 ⁇ shown in FIG. 13A and FIG. 13B, and it is determined that both branches have data. I can reach you.
- the third bit of ID [1001] is 0, and proceeds to the left.
- the tag indicating the presence / absence of data below K10 is 3: ⁇ 0, 0 ⁇ shown in FIGS. 13A and 13B. It is determined that both branches have data. I can reach you.
- the 'ID is 3: ⁇ 0, 0 ⁇ shown in FIGS. 13A and 13B. It is determined that both branches have data. I can reach you
- the least significant bit of [1001] is 1. It goes to the right.
- the tag indicating the presence or absence of data below K10Q is 5: ⁇ 0, 1 ⁇ shown in Fig. 13A and Fig. 13B, and has no data on the right side. Therefore, it is determined that the device cannot be located at node [1 001], and the device of ID [1.001] is determined to be a device that cannot acquire the updated root key by the EKB, that is, a revoked device. .
- the device ID having the leaf key K 1000 in FIG. 13A is [1000], and when the same EKB tracing process based on the tag in the EKB as described above, that is, the process for cutting the tree is performed, the node [1000] is deleted. Since the device can be secured, the device is determined to be a valid device that has not been revoked and can obtain the updated root key by EKB.
- a node leaf that has not been updated such as ⁇ ⁇ ,, ⁇ 11, cannot be placed on a leaf below, but the leaf itself cannot be reached. It is possible.
- the lower reflex of the node that has not been updated is a legitimate device because it can perform the processing of ⁇ using the node key that has not been updated and can obtain the updated route. Whether or not the node key has not been updated can be determined by the tag corresponding to the node. Evenings corresponding to the node keys ⁇ 0, ⁇ 1 1, ⁇ 101 that are not updated are 1: ⁇ 1, 1 ⁇ , 4: ⁇ 1, 1 ⁇ , 6 ⁇ 1, 1 ⁇ , and these are further lower. Indicates that the node or leaf exists but does not have the encryption key data in the EKB, and it is determined that these lower-level leaf devices are valid non-revoked valid devices. Is done.
- Fig. 13 The example shown in Fig. 13 is a revocation mode for only one device. However, as shown in Fig. 14, all leaf devices under a certain node are revoked at once. It is also possible to work. In this case, the EKB data (encryption key) and tag are as shown in Fig. 14B.
- the most significant bit of ID [1000] is 1 and goes to the right.
- the first tag in the EKB is 0: ⁇ , 0 ⁇ , and it is determined that both branches have a short delay, so go to the right side and enter K1. Then go to the node below K1.
- the second bit of ID [1 000] is 0, and it proceeds to the left.
- the tag indicating the presence or absence of data under K1 is 2: ⁇ 1, 0 ⁇ shown in Fig. 13 and Fig. 13, and there is no data on the left side. Therefore, they cannot enter the node [1 00.0].
- the evening corresponding to the terminal node K1 is ⁇ 1, 0 ⁇ , and the lower node does not have it. It is not ⁇ 1: 1 ⁇ .
- the tag ⁇ 1,0 ⁇ is stored in the encryption key data ⁇ EKB to obtain an updated Kl (t) that can be decrypted only at the lower node or leaf to the right of K1. It indicates that -In this way, if the final point to reach based on the leaf ID is a node, and the corresponding tag of the final node has a value other than ⁇ 1, 1 ⁇ , a lower encryption key Indicates that the data is in the EKB. In this case, since the leaf device having the ID cannot obtain the root key updated by the processing of the EKB, the device is determined to be a revoked device.
- A executes the above-described tree process based on the EKB tag based on the leaf ID of B extracted from the public key certificate received from B, and determines the leaf position indicated by the ID by EKB processing. Judgment whether the update root key can be obtained is possible and EKB processing is possible If the position is a functioning device, it is determined that the device is a legitimate device that has not been revoked. If the leaf position cannot be processed by the EKB, it is determined that the device is revoked and invalid, and the processing is stopped because authentication is not established.
- the random number R b received from B is signed with the secret key of A to generate S ig— A (R b). Then, a random number Ra is generated. A sends these Sig_A (R b), 'R a, stored in its own device. EKB and public key certificate A. C ert to B. ⁇
- A's public key certificate (A. Cert.) With the public key of the certificate authority, and if verification is K, verifies the received EKB using the public key of the EKB distributor.
- EKB is signed with the private key of the EKB distributor to prevent tampering, and B performs verification processing using the public key of EKB.
- Verification OK If it is, obtain the leaf ID of A in A's public key certificate (A.Cer.t) and use the leaf ID in the same way as described above with reference to FIGS. 13 and 14. And enter E KB .. -If not, A is determined to be a revoked device, authentication is not established, and subsequent processing is stopped.
- A is not limited to a device, but may be a content provider, a service provider, a port, or a binder.
- the key of an intermediate node that is not the lowest leaf in the tree configuration shown in FIGS. May be a node having. For example, if the node corresponds to the node key position of K10 shown in Figs. 13 and 14, the ID of the content provider or service provider is [10], and based on the ID [10]. The process of scanning the EKB using the evening of the EKB is executed to determine whether or not revocation has been performed.
- the process is performed by inputting E KB, the data S ig— A (R b) received from A is converted to the public key A. Pub-K in A's public key certificate (A. Certificate). Verify with ey. If the verification is OK, sign Ra with B.pri-.Key (B's private key), generate Sig_B (R a), and send the generated Sig_B (R a) to A. I do.
- A having received Sig_B (Ra), verifies Sig-B (Ra) using B's public key obtained from B's public key certificate (B.Cert). If the verification is OK, it is determined that the authentication has been established.
- Fig. 15 shows the processing flow for repoke device judgment processing using EKB. Is shown. Each step of the flow will be described.
- an ID is obtained from the public key certificate of the communication partner (authentication partner).
- step S102 based on the tag of the EKB using the acquired ID, a tracking process targeting a leaf or a lead indicated by the ID is executed.
- the tracking process is executed according to the procedure described with reference to FIGS. As a result of the tracking processing, whether the leaf or node indicated by I.D. could be reached or not, even if the leaf or node indicated by I. can be processed by EKB. That is, it is determined whether or not it is possible to acquire the updated route key (S103). :
- step S104 If it is determined that the ID is located at a position where EKB processing is possible, the process proceeds to step S104, and it is determined that the device corresponding to the ID is a valid device that has not been revoked. On the other hand, if it is determined that the ID is at a position where EKB processing cannot be performed, the process proceeds to step S105, and it is determined that the device corresponding to the ID is a revoked unauthorized device. ⁇
- the content provider A sends the device [00 XX] a public key certificate [A. Certificate] of A, and data obtained by signing the content key with its own private key [S ig —A (K c on) ']. , Activation Keep [EKB], Update the content key. Encrypted data [Enc (K (t) roo7, K con)], and further encrypt the content with the content key. [Sends Enc (K con, Content).
- the device [00XX] that receives these data first verifies the received public key certificate [A.Cert] of A with the public key of the certificate authority. If the verification is OK, A's public key and A's ID are obtained from A's public key certificate [A.Cert].
- the content [Sig—A (Kcon)] which is obtained by signing the content with A's private key, is verified using A's public key extracted from A's public key certificate [A. Certificate]. If the verification is OK, then the public key certificate [A.
- the EKB tracking process described above is executed based on the extracted A ID, and it is determined whether EKB processing is possible at the leaf or node position indicated by A ID.
- the device [00 XX] uses its own leaf key and node key from the received activation key block.
- the updated root key K (t) foot is obtained by the decryption process.
- the content key K c 0 ⁇ is further obtained by decryption with the updated root key ⁇ ⁇ (7) r 0 07. Further, the content is decrypted using the acquired content key Kc0 ⁇ . Through these processes, the device [00XX] can use the content.
- the public key certificate of the content distributor is obtained, the public key certificate is verified, the public key of the content distributor is obtained, and the ID of the content distributor is obtained. Since processing and decryption of the content are performed, the content distributor can be specified based on the ID, and the distributor can be prevented from distributing unclear content.
- Provider A executes the signature on the content key and publishes provider A on the device.
- signature verification processing using a key is performed.
- the signature may be performed using the private key of the device itself, and then recorded on the recording medium. If the content key is signed as an encryption key for the stored content on the recording medium in this way, it is essential to execute the content key signature verification using the device's public key during content playback. This makes it possible to eliminate the storage and reproduction of unauthorized content.
- the configuration in which the encryption key is configured as the hierarchical tree structure of Fig. 3 such as the root key, node key, and leaf key, and the content key and the like are encrypted together with the activation key block (EKB) and distributed has been described. Performs an efficient key update process by classifying the defined hierarchical tree structure for each device category The configuration to be performed will be described below.
- Figure 17 shows an example of the classification of the hierarchical tree structure category.
- “Routing” K r 0 0 t 2 3 0 1 is set, and at the following intermediate level, the Nokia 1 2 3 0 2 is set.
- a leaf key 2303 is set.
- Each device has an individual leaf key and a series of node key root keys that go from the leaf key to the root key.
- a node having the M-th stage from the top is set as a category node 2-304.
- each of the M-th nodes is a device setting node of a specific category.
- a node and a leaf below the M + 1-th stage are referred to as a node and a leaf relating to a device included in the power level, with one node of the M-th stage as a vertex. ' ⁇ ⁇ ⁇ .
- a category [Memory Stage (trademark)] is set to one node 2305 in the M-th stage in FIG. 17, and the nodes and leaves following this node are various types using the memory stage.
- a stage several stages lower than the M stage can be set as a subcategory node 2306.
- the node below the category [Memory Stick] sword 235 is a sub-category node included in the category of the device using the memory stick.
- the node 2303 of the telephone with the music playback function included in the category of the playback-only device is set below the node 2306 of the playback-only device, which is a subcategory node, and further below that, [PHS] node 2308 and [mobile phone] node 2309 included in the category of phones with music playback function can be set.
- categories and subcategories are not only device types, but also arbitrary units such as nodes managed by a certain manufacturer, content provider, payment institution, etc., that is, processing units, jurisdiction units, or provided service units. (Collectively, hereafter referred to as entities).
- one category node is a game device sold by a game device manufacturer. If it is set as a key, it will be possible to store and sell the lower node key and leaf key below the top node in the game device XYZ sold by the manufacturer, and then distribute the encrypted contents or various keys
- an activation keep mark (EKB) composed of the node key and leaf key below the top node key is generated and distributed, and the data can be used only for devices below the top node. Can be distributed.
- the category stage or the subcategory stage is set.
- the key can be 'updated' without affecting devices belonging to other categories of nodes that do not belong to the vertex node. .
- the revoke judgment by the EKB tracking processing is particularly effective. This is because, if a list in which all the IDs of all the revoked devices are recorded is distributed to each device, a problem occurs in the storage area of the list and the load on the ID matching process becomes heavy. .
- the EKB tracking process based on the ID described above is a tracking process based on the tag in the EKB, and the processing load is extremely light, and it is possible to immediately determine whether or not revocation has been performed.
- the EKB is signed by the EKB issuing organization, can be tampered with, can be verified by validating the signature by validating the EKB, and a reliable revocation judgment can be made. Is achieved.
- the information processing apparatus and method according to the present invention store an ID capable of identifying the position of the hierarchical key distribution tree in the public key certificate, and store the ID based on I... D obtained from the public key certificate. Since the tracking process is performed using the tag of the activation key blog (EKB), the reliability of the IDC is guaranteed in the public key certificate, and it is possible to reliably determine the revoked entity (device).
Description
Claims
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU14270/02A AU778592B2 (en) | 2000-11-09 | 2001-11-09 | Information processing device, information processing method and program storage medium |
EP01982750A EP1235381A4 (en) | 2000-11-09 | 2001-11-09 | DEVICE AND METHOD FOR INFORMATION PROCESSING AND PROGRAM RECORDER CARRIER |
CA002396481A CA2396481A1 (en) | 2000-11-09 | 2001-11-09 | Information processing device, information processing method and program storage medium |
US10/169,653 US7224804B2 (en) | 2000-11-09 | 2001-11-09 | Information processing device, information processing method, and program storage medium |
HK03106924.5A HK1056454A1 (en) | 2000-11-09 | 2003-09-25 | Information processing device and information processing method |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2000-341431 | 2000-11-09 | ||
JP2000341431A JP4622087B2 (ja) | 2000-11-09 | 2000-11-09 | 情報処理装置、および情報処理方法、並びにプログラム記憶媒体 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2002039655A1 true WO2002039655A1 (fr) | 2002-05-16 |
Family
ID=18816174
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2001/009841 WO2002039655A1 (fr) | 2000-11-09 | 2001-11-09 | Dispositif de traitement d'informations, procede de traitement d'informations et support de programme |
Country Status (9)
Country | Link |
---|---|
US (1) | US7224804B2 (ja) |
EP (1) | EP1235381A4 (ja) |
JP (1) | JP4622087B2 (ja) |
KR (1) | KR100846262B1 (ja) |
CN (1) | CN100413246C (ja) |
AU (1) | AU778592B2 (ja) |
CA (1) | CA2396481A1 (ja) |
HK (1) | HK1056454A1 (ja) |
WO (1) | WO2002039655A1 (ja) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8208899B2 (en) * | 2006-09-14 | 2012-06-26 | Sony Corporation | Wireless communication system, wireless communication device, authentication method of wireless communication device, and program |
Families Citing this family (71)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6996718B1 (en) * | 2000-04-21 | 2006-02-07 | At&T Corp. | System and method for providing access to multiple user accounts via a common password |
DE10135888A1 (de) * | 2001-07-24 | 2003-03-13 | Scm Microsystems Gmbh | Verfahren zur lokalen Aufzeichnung digitaler Daten für das digitale Fernsehen |
US7340603B2 (en) * | 2002-01-30 | 2008-03-04 | Sony Corporation | Efficient revocation of receivers |
GB2385955A (en) * | 2002-02-28 | 2003-09-03 | Ibm | Key certification using certificate chains |
US7349538B2 (en) * | 2002-03-21 | 2008-03-25 | Ntt Docomo Inc. | Hierarchical identity-based encryption and signature schemes |
WO2003090429A1 (en) * | 2002-04-15 | 2003-10-30 | Docomo Communications Laboratories Usa, Inc. | Signature schemes using bilinear mappings |
CN1663174A (zh) * | 2002-06-17 | 2005-08-31 | 皇家飞利浦电子股份有限公司 | 用于在设备之间进行验证的方法 |
US7174021B2 (en) * | 2002-06-28 | 2007-02-06 | Microsoft Corporation | Systems and methods for providing secure server key operations |
US7657748B2 (en) * | 2002-08-28 | 2010-02-02 | Ntt Docomo, Inc. | Certificate-based encryption and public key infrastructure |
TW200414737A (en) * | 2002-09-27 | 2004-08-01 | Matsushita Electric Ind Co Ltd | Contents transmission system |
CN101541000B (zh) * | 2002-10-11 | 2012-04-18 | 松下电器产业株式会社 | 用户识别信息保护方法、系统及移动终端和家乡域服务器 |
GB2394805A (en) | 2002-10-31 | 2004-05-05 | Hewlett Packard Co | Determining when to revoke a key in an ancestral hierarchy key distribution system |
GB2394803A (en) * | 2002-10-31 | 2004-05-05 | Hewlett Packard Co | Management of security key distribution using an ancestral hierarchy |
KR100453685B1 (ko) * | 2002-11-05 | 2004-10-20 | 한국전자통신연구원 | 루트키 검증과 시알엘 선행 검증을 포함하는 변형된인증경로 검증장치및 방법 |
US7296158B2 (en) * | 2002-11-08 | 2007-11-13 | Palo Alto Research Center Incorporated | Methods, apparatus, and program products for inferring service usage |
CN100524253C (zh) * | 2002-12-06 | 2009-08-05 | 索尼株式会社 | 记录和再现装置、数据处理装置及记录、再现和处理系统 |
US7305711B2 (en) * | 2002-12-10 | 2007-12-04 | Intel Corporation | Public key media key block |
JP2004295373A (ja) * | 2003-03-26 | 2004-10-21 | Sony Corp | 情報記録媒体、情報処理装置、情報記録媒体製造装置、および方法、並びにコンピュータ・プログラム |
GB2404486A (en) * | 2003-07-31 | 2005-02-02 | Sony Uk Ltd | Access control for digital storage medium content |
WO2005013550A1 (ja) * | 2003-08-05 | 2005-02-10 | Matsushita Electric Industrial Co., Ltd. | 著作権保護システム |
US8015301B2 (en) * | 2003-09-30 | 2011-09-06 | Novell, Inc. | Policy and attribute based access to a resource |
US7467415B2 (en) * | 2003-09-30 | 2008-12-16 | Novell, Inc. | Distributed dynamic security for document collaboration |
US7299493B1 (en) * | 2003-09-30 | 2007-11-20 | Novell, Inc. | Techniques for dynamically establishing and managing authentication and trust relationships |
US8719576B2 (en) * | 2003-12-22 | 2014-05-06 | Guardtime IP Holdings, Ltd | Document verification with distributed calendar infrastructure |
CN1973480A (zh) * | 2004-04-21 | 2007-05-30 | 松下电器产业株式会社 | 内容提供系统、信息处理设备以及存储卡 |
JP4081048B2 (ja) * | 2004-06-18 | 2008-04-23 | 株式会社東芝 | コンテンツ保護方法、装置及びプログラム |
WO2006035813A1 (ja) * | 2004-09-30 | 2006-04-06 | Sharp Kabushiki Kaisha | 符号化装置、符号化方法、復号装置、復号方法、プログラムおよび該プログラムを記録した機械読取り可能な記録媒体 |
US20060078790A1 (en) * | 2004-10-05 | 2006-04-13 | Polyplus Battery Company | Solid electrolytes based on lithium hafnium phosphate for active metal anode protection |
JP4592398B2 (ja) * | 2004-11-22 | 2010-12-01 | 株式会社東芝 | 情報記録再生方法及び装置、情報記録媒体 |
JP4244919B2 (ja) * | 2004-12-14 | 2009-03-25 | ソニー株式会社 | 情報処理装置および方法、プログラム、並びに情報処理システム |
US20080049934A1 (en) * | 2004-12-14 | 2008-02-28 | Senichi Onoda | Management Server Device, Content Repoduction Device, and Recording Medium |
WO2006083141A1 (en) * | 2005-02-07 | 2006-08-10 | Samsung Electronics Co., Ltd. | Key management method using hierarchical node topology, and method of registering and deregistering user using the same |
KR100636228B1 (ko) | 2005-02-07 | 2006-10-19 | 삼성전자주식회사 | 계층적인 노드 토폴로지를 이용한 키 관리 방법 및 이를이용한 사용자 등록 및 등록해제 방법 |
US7813510B2 (en) * | 2005-02-28 | 2010-10-12 | Motorola, Inc | Key management for group communications |
KR100717005B1 (ko) * | 2005-04-06 | 2007-05-10 | 삼성전자주식회사 | 폐기 키를 결정하는 방법 및 장치와 이것을 이용하여복호화하는 방법 및 장치 |
JP4760101B2 (ja) * | 2005-04-07 | 2011-08-31 | ソニー株式会社 | コンテンツ提供システム,コンテンツ再生装置,プログラム,およびコンテンツ再生方法 |
KR100970391B1 (ko) * | 2005-04-19 | 2010-07-15 | 삼성전자주식회사 | 브로드 캐스트 암호화 시스템에서의 태그 형성방법 |
KR100765750B1 (ko) * | 2005-05-09 | 2007-10-15 | 삼성전자주식회사 | 브로드캐스트 암호화 방식에 따라 효율적으로암호화/복호화하는 방법 및 장치 |
CN100418090C (zh) * | 2005-08-31 | 2008-09-10 | 国际商业机器公司 | 一种存储数据的方法 |
US8483616B1 (en) | 2005-11-01 | 2013-07-09 | At&T Intellectual Property Ii, L.P. | Non-interference technique for spatially aware mobile ad hoc networking |
KR100803596B1 (ko) | 2005-11-25 | 2008-02-19 | 삼성전자주식회사 | 폐기 메커니즘 상에서 외부 디바이스 또는 서비스를이용하는 복호화 방법 및 장치, 이를 위한 복호화 지원방법 및 장치 |
US8355410B2 (en) | 2007-08-17 | 2013-01-15 | At&T Intellectual Property I, L.P. | Location-based mobile gaming application and method for implementing the same using a scalable tiered geocast protocol |
JP4630826B2 (ja) | 2006-01-27 | 2011-02-09 | 株式会社東芝 | 復号鍵生成方法、コンテンツ提供側システム、ユーザ側システム、追跡システム、コンテンツ提供方法、暗号化コンテンツ復号方法、プログラム、暗号化装置及び復号装置 |
KR101213160B1 (ko) | 2006-11-16 | 2012-12-17 | 삼성전자주식회사 | 그룹 키 업데이트 방법 및 이를 이용한 그룹 키 업데이트장치 |
US8601555B2 (en) * | 2006-12-04 | 2013-12-03 | Samsung Electronics Co., Ltd. | System and method of providing domain management for content protection and security |
US20080133414A1 (en) * | 2006-12-04 | 2008-06-05 | Samsung Electronics Co., Ltd. | System and method for providing extended domain management when a primary device is unavailable |
JP4995651B2 (ja) | 2007-06-25 | 2012-08-08 | パナソニック株式会社 | 木構造を持つ鍵管理ソフトウエアにおける、鍵使用の高速化手段、及び装置 |
US9729316B2 (en) * | 2008-02-27 | 2017-08-08 | International Business Machines Corporation | Unified broadcast encryption system |
US8104091B2 (en) * | 2008-03-07 | 2012-01-24 | Samsung Electronics Co., Ltd. | System and method for wireless communication network having proximity control based on authorization token |
US20090313171A1 (en) * | 2008-06-17 | 2009-12-17 | Microsoft Corporation | Electronic transaction verification |
US9544922B2 (en) | 2008-09-16 | 2017-01-10 | At&T Intellectual Property I, L.P. | Quality of service scheme for collision-based wireless networks |
KR101252549B1 (ko) * | 2008-11-21 | 2013-04-08 | 한국전자통신연구원 | 보안 도메인 환경에서의 암/복호화 프로그램 및 대칭키의 안전 배포 방법 및 이를 위한 데이터 분할 및 주입 장치 |
US8578157B2 (en) * | 2009-05-29 | 2013-11-05 | Adobe Systems Incorporated | System and method for digital rights management with authorized device groups |
EP2446388B8 (en) * | 2009-06-26 | 2019-01-09 | Gemalto Sa | Data verification method |
US9118428B2 (en) | 2009-11-04 | 2015-08-25 | At&T Intellectual Property I, L.P. | Geographic advertising using a scalable wireless geocast protocol |
US8484451B2 (en) * | 2010-03-11 | 2013-07-09 | St-Ericsson Sa | Method and apparatus for software boot revocation |
US10016684B2 (en) * | 2010-10-28 | 2018-07-10 | At&T Intellectual Property I, L.P. | Secure geographic based gaming |
US9319842B2 (en) | 2011-06-27 | 2016-04-19 | At&T Intellectual Property I, L.P. | Mobile device configured point and shoot type weapon |
US9161158B2 (en) | 2011-06-27 | 2015-10-13 | At&T Intellectual Property I, L.P. | Information acquisition using a scalable wireless geocast protocol |
US9495870B2 (en) | 2011-10-20 | 2016-11-15 | At&T Intellectual Property I, L.P. | Vehicular communications using a scalable ad hoc geographic routing protocol |
US8744419B2 (en) | 2011-12-15 | 2014-06-03 | At&T Intellectual Property, I, L.P. | Media distribution via a scalable ad hoc geographic protocol |
KR101301609B1 (ko) * | 2012-05-31 | 2013-08-29 | 서울대학교산학협력단 | 비밀키 생성 장치 및 방법, 그리고 그 방법을 컴퓨터에서 실행시키기 위한 프로그램을 기록한 기록매체 |
US9071451B2 (en) | 2012-07-31 | 2015-06-30 | At&T Intellectual Property I, L.P. | Geocast-based situation awareness |
US9210589B2 (en) | 2012-10-09 | 2015-12-08 | At&T Intellectual Property I, L.P. | Geocast protocol for wireless sensor network |
US9660745B2 (en) | 2012-12-12 | 2017-05-23 | At&T Intellectual Property I, L.P. | Geocast-based file transfer |
US10592106B2 (en) | 2013-03-20 | 2020-03-17 | Amazon Technologies, Inc. | Replication target service |
US9425967B2 (en) | 2013-03-20 | 2016-08-23 | Industrial Technology Research Institute | Method for certificate generation and revocation with privacy preservation |
KR102306676B1 (ko) | 2014-06-27 | 2021-09-28 | 삼성전자주식회사 | 스토리지 디바이스용 호스트 키 생성 방법 및 시스템 |
US10333696B2 (en) | 2015-01-12 | 2019-06-25 | X-Prime, Inc. | Systems and methods for implementing an efficient, scalable homomorphic transformation of encrypted data with minimal data expansion and improved processing efficiency |
US10467384B2 (en) * | 2016-05-18 | 2019-11-05 | International Business Machines Corporation | Subset-difference broadcast encryption with blacklisting |
US11005828B1 (en) * | 2018-11-19 | 2021-05-11 | Bae Systems Information And Electronic Systems Integration Inc. | Securing data at rest |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH11187013A (ja) * | 1997-12-24 | 1999-07-09 | Ibm Japan Ltd | 暗号鍵配信システム |
JPH11205305A (ja) * | 1998-01-12 | 1999-07-30 | Sony Corp | 情報処理装置および方法、情報処理システム、並びに提供媒体 |
US5949877A (en) * | 1997-01-30 | 1999-09-07 | Intel Corporation | Content protection for transmission systems |
US6049878A (en) * | 1998-01-20 | 2000-04-11 | Sun Microsystems, Inc. | Efficient, secure multicasting with global knowledge |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
AU708319B2 (en) * | 1995-10-19 | 1999-07-29 | Casio Computer Co., Ltd. | Scrambled information transmitting and receiving |
US5903651A (en) * | 1996-05-14 | 1999-05-11 | Valicert, Inc. | Apparatus and method for demonstrating and confirming the status of a digital certificates and other data |
JPH1040255A (ja) * | 1996-07-29 | 1998-02-13 | Nec Software Ltd | ハッシュ表管理装置 |
US6397329B1 (en) * | 1997-11-21 | 2002-05-28 | Telcordia Technologies, Inc. | Method for efficiently revoking digital identities |
US6118873A (en) * | 1998-04-24 | 2000-09-12 | International Business Machines Corporation | System for encrypting broadcast programs in the presence of compromised receiver devices |
-
2000
- 2000-11-09 JP JP2000341431A patent/JP4622087B2/ja not_active Expired - Fee Related
-
2001
- 2001-11-09 WO PCT/JP2001/009841 patent/WO2002039655A1/ja active IP Right Grant
- 2001-11-09 EP EP01982750A patent/EP1235381A4/en not_active Withdrawn
- 2001-11-09 US US10/169,653 patent/US7224804B2/en not_active Expired - Fee Related
- 2001-11-09 AU AU14270/02A patent/AU778592B2/en not_active Ceased
- 2001-11-09 KR KR1020027008811A patent/KR100846262B1/ko not_active IP Right Cessation
- 2001-11-09 CA CA002396481A patent/CA2396481A1/en not_active Abandoned
- 2001-11-09 CN CNB018060757A patent/CN100413246C/zh not_active Expired - Fee Related
-
2003
- 2003-09-25 HK HK03106924.5A patent/HK1056454A1/xx not_active IP Right Cessation
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5949877A (en) * | 1997-01-30 | 1999-09-07 | Intel Corporation | Content protection for transmission systems |
JPH11187013A (ja) * | 1997-12-24 | 1999-07-09 | Ibm Japan Ltd | 暗号鍵配信システム |
JPH11205305A (ja) * | 1998-01-12 | 1999-07-30 | Sony Corp | 情報処理装置および方法、情報処理システム、並びに提供媒体 |
US6049878A (en) * | 1998-01-20 | 2000-04-11 | Sun Microsystems, Inc. | Efficient, secure multicasting with global knowledge |
Non-Patent Citations (3)
Title |
---|
"5C Digital transmission content protection white paper revision 1.0", 14 July 1998 (1998-07-14), pages 12, XP002907865, Retrieved from the Internet <URL:http://www.dtcp.com> * |
"Secure group communications using key graphs, 3.4 leaving a tree key graph", PROCEEDINGS OF ACM SIGCOMM'98, 2 September 1998 (1998-09-02), pages 68 - 79, XP000914425, Retrieved from the Internet <URL:http://www.acm.org/sigcomm/sigcomm98/tp/technical.html> * |
"The VersaKey framework: Versatile group key management", IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, vol. 17, no. 9, September 1999 (1999-09-01), pages 1614 - 1631, XP002941560 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8208899B2 (en) * | 2006-09-14 | 2012-06-26 | Sony Corporation | Wireless communication system, wireless communication device, authentication method of wireless communication device, and program |
Also Published As
Publication number | Publication date |
---|---|
CA2396481A1 (en) | 2002-05-16 |
KR20020081246A (ko) | 2002-10-26 |
JP2002152187A (ja) | 2002-05-24 |
HK1056454A1 (en) | 2004-02-13 |
CN100413246C (zh) | 2008-08-20 |
JP4622087B2 (ja) | 2011-02-02 |
EP1235381A1 (en) | 2002-08-28 |
EP1235381A4 (en) | 2005-08-10 |
AU1427002A (en) | 2002-05-21 |
KR100846262B1 (ko) | 2008-07-16 |
CN1411642A (zh) | 2003-04-16 |
US20030105956A1 (en) | 2003-06-05 |
AU778592B2 (en) | 2004-12-09 |
US7224804B2 (en) | 2007-05-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2002039655A1 (fr) | Dispositif de traitement d'informations, procede de traitement d'informations et support de programme | |
KR100746880B1 (ko) | 정보 처리 시스템, 정보 처리 방법 및 정보 기록 매체와프로그램 제공 매체 | |
KR100840823B1 (ko) | 암호 키 블록을 이용한 정보 처리 시스템 및 방법 | |
JP4078802B2 (ja) | 情報処理システム、情報処理方法、情報処理装置、および情報記録媒体、並びにプログラム記録媒体 | |
JP4581246B2 (ja) | 情報処理システム、および情報処理方法、並びにプログラム記録媒体 | |
JP4710132B2 (ja) | 情報処理システム、および情報処理方法、並びにプログラム記録媒体 | |
US7325139B2 (en) | Information processing device, method, and program | |
JP4023083B2 (ja) | 情報処理システム、情報処理方法、および情報記録媒体、並びにプログラム提供媒体 | |
WO2002080448A1 (fr) | Appareil de traitement de l'information | |
JP2001358707A (ja) | 暗号鍵ブロックを用いた情報処理システムおよび情報処理方法、並びにプログラム提供媒体 | |
WO2003088059A1 (fr) | Dispositif de traitement d'informations, procede, support d'enregistrement et programme | |
WO2002080447A1 (en) | Information processing apparatus | |
JP4120135B2 (ja) | 暗号鍵ブロックを用いた情報処理システムおよび情報処理方法、並びにプログラム提供媒体 | |
JP4806847B2 (ja) | 情報処理システム、情報処理方法、および情報記録媒体、並びにプログラム記録媒体 | |
WO2004100154A1 (ja) | データ処理方法、そのプログラム、その装置および記録媒体 | |
JP3988385B2 (ja) | 情報処理システム、情報処理方法、および情報記録媒体、並びにプログラム記録媒体 | |
JP2010288291A (ja) | 情報処理システム、および情報処理方法、並びにプログラム記録媒体 | |
WO2002080067A2 (fr) | Processeur d'informations |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AU CA CN KR US |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2001982750 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 14270/02 Country of ref document: AU |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2396481 Country of ref document: CA |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1020027008811 Country of ref document: KR |
|
WWP | Wipo information: published in national office |
Ref document number: 2001982750 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 018060757 Country of ref document: CN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 10169653 Country of ref document: US |
|
WWP | Wipo information: published in national office |
Ref document number: 1020027008811 Country of ref document: KR |
|
WWG | Wipo information: grant in national office |
Ref document number: 14270/02 Country of ref document: AU |