WO2010116618A1 - 鍵実装システム - Google Patents
鍵実装システム Download PDFInfo
- Publication number
- WO2010116618A1 WO2010116618A1 PCT/JP2010/001846 JP2010001846W WO2010116618A1 WO 2010116618 A1 WO2010116618 A1 WO 2010116618A1 JP 2010001846 W JP2010001846 W JP 2010001846W WO 2010116618 A1 WO2010116618 A1 WO 2010116618A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- key
- lsi
- encryption
- data
- unit
- Prior art date
Links
- 238000012545 processing Methods 0.000 claims description 50
- 238000012795 verification Methods 0.000 claims description 41
- 238000003860 storage Methods 0.000 claims description 18
- 230000000694 effects Effects 0.000 abstract description 9
- 238000000034 method Methods 0.000 description 47
- 238000004519 manufacturing process Methods 0.000 description 33
- 230000008569 process Effects 0.000 description 31
- 230000008520 organization Effects 0.000 description 30
- 238000010586 diagram Methods 0.000 description 29
- 238000004422 calculation algorithm Methods 0.000 description 24
- 238000007726 management method Methods 0.000 description 11
- 238000011161 development Methods 0.000 description 7
- 238000013478 data encryption standard Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 238000012986 modification Methods 0.000 description 5
- 238000007796 conventional method Methods 0.000 description 4
- 230000008859 change Effects 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 230000006378 damage Effects 0.000 description 2
- 238000013523 data management Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000007689 inspection Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- VIEYMVWPECAOCY-UHFFFAOYSA-N 7-amino-4-(chloromethyl)chromen-2-one Chemical compound ClCC1=CC(=O)OC2=CC(N)=CC=C21 VIEYMVWPECAOCY-UHFFFAOYSA-N 0.000 description 1
- 230000004913 activation Effects 0.000 description 1
- 230000002730 additional effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/109—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by using specially-adapted hardware at the client
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/556—Detecting local intrusion or implementing counter-measures involving covert channels, i.e. data leakage between processes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
- H04L9/0897—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
- H04L2209/605—Copy protection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/101—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measures for digital rights management
Definitions
- the present invention relates to a device for performing authentication processing or encryption processing for copyright protection of digital AV content and a system for mounting a key on a media card.
- Digital AV (Audio Video) content recorded on an SD (Secure Digital) card or DVD (Digital Versatile Disk) media is recorded on the media in an encrypted state for copyright protection.
- a key for decrypting the encrypted content is installed in a device that records or reproduces the content.
- there is a copyright protection system that realizes stronger security on the media card itself that records the content by performing encryption processing and authentication processing.
- the distributed content is sent to the device in an encrypted state, and is recorded as an encrypted content on an HDD (Hard Disk Drive) in the device.
- keys for encrypting and decrypting the content to be protected and authenticating the counterpart device and the media card are mounted.
- the above-described key mounted on a device for copyright protection will be referred to as a “device key”.
- a host and a media card that perform encryption processing and authentication processing are collectively referred to as “devices”.
- the device key is issued by a key issuing organization managed by a license organization for copyright protection technology.
- the device key has a different value for each device, and the same device key must not be mounted on a plurality of devices. Furthermore, it is necessary to mount the device key so that the device key is not easily analyzed and exposed by the user.
- a standard for securely mounting a device key on a device is defined by a secure implementation rule called a robustness rule, and a manufacturer of the device is obliged to comply with this rule by contract.
- Patent Literature 1 As a conventional technique for mounting a device key on a device.
- an LSI common key called an internal key is mounted inside the LSI.
- the device manufacturer encrypts the device key to be mounted on the device using the internal key and records the device key in an EEPROM (Electrically Erasable Programmable Read Only Memory) attached to the LSI.
- EEPROM Electrically Erasable Programmable Read Only Memory
- the LSI in the device reads the encrypted device key from the EEPROM, decrypts it using the internal key, and obtains a plaintext device key. Then, decryption processing of the encrypted content is performed using the obtained device key.
- the device key is recorded in the EEPROM in an encrypted state. Therefore, even if an unauthorized user analyzes the data in the EEPROM, only an encrypted device key can be obtained. Also, the internal key for decrypting the encrypted device key is enclosed in the LSI, and it is very difficult to analyze it compared to the analysis of the EEPROM. Therefore, it can be said that the device key is mounted on the device at a security level equivalent to that mounted in the LSI.
- JP 2002-185447 A JP 2003-134101 A JP 2003-101527 A JP 2005-294952 A
- AACS Advanced Access Content System
- BD Blu-ray Disk
- Patent Documents 2 to 4 In addition to the conventional technique, there are conventional techniques such as Patent Documents 2 to 4, but these also have the following problems.
- Patent Document 2 basically discloses the same configuration as that of Patent Document 1, and has the above problems (1), (2), and (3).
- the present invention solves the above-mentioned problems (1), (2), (3), and (4), prevents various information leaks and frauds, and realizes scalability and low cost.
- the purpose is to provide a mounting system.
- a key mounting system including an LSI and a storage unit, wherein the LSI receives first encryption key data and decrypts the first encryption key data using a first encryption key.
- a first decryption unit that generates first decryption key data
- a second encryption key generation unit that generates a second encryption key based on a second ID, and the second encryption key.
- a second encryption unit that encrypts the first decryption key data to generate second encryption key data; and decrypts the second encryption key data using the second encryption key.
- a second decryption unit that generates second decryption key data, and when the key is mounted, the second encryption unit stores the second encryption key data in the storage unit, In use, the second decryption unit reads out the second encryption key data from the storage unit.
- the key is sent in an encrypted state to the device manufacturer, it is possible to eliminate the risk of key leakage and unauthorized use by the device manufacturer.
- the first encryption key and the second encryption key can be associated with the LSI, the first encryption key or the second encryption key data set in a certain LSI can be copied and other Therefore, it is possible to prevent an illegal use by illegal use by setting to the LSI.
- the LSI includes a first encryption key generation unit that generates the first encryption key based on a first ID.
- the internal key used for encrypting the key sent to the device manufacturer can be changed by changing the first ID, the internal key can be easily used properly.
- the first encryption key generation unit generates the first encryption key based on a first LSI key and the first ID
- the second encryption key generation unit The second encryption key is generated based on the LSI key and the second ID.
- the first LSI key and the second LSI key are mounted as secret data common to the LSI, for example as a mask, and the first ID and the second ID are mounted as individual LSI data, for example, as a fuse.
- the internal key for each LSI it is possible to easily and safely implement the internal key for each LSI.
- the first ID is different in units of a predetermined number of LSIs, and the second ID is different in each LSI.
- the device manufacturer mounts the key in the device, it is not necessary to manage the first encryption key data and the LSI in a one-to-one correspondence. Therefore, the encryption key management cost in the device manufacturer is eliminated. Is reduced.
- the second ID is different for each LSI, even if the second encryption key data set in one device after shipment is copied and set in another device, the correct key is not decrypted. The risk of creating a clone device by copying the device key is eliminated.
- the LSI holds ID data including first partial data, second partial data, and third partial data, and the first ID includes the first and third IDs. It consists of partial data, and the second ID consists of the second and third partial data.
- the number of bits of the ID mounted on the LSI can be reduced, and the circuit scale of the LSI can be reduced.
- the first ID is held in the storage unit, and the second ID is held in the LSI.
- the first decryption key data includes verification data
- the LSI verifies the verification data to verify the validity of the first decryption key data. It shall have.
- the second decryption key data includes verification data
- the LSI verifies the verification data to verify the validity of the second decryption key data. It shall have.
- the key mounting system includes a content decryption processing unit that performs authentication processing related to access to encrypted content or decryption processing of encrypted content using the second encrypted key data.
- a content decryption processing unit that performs authentication processing related to access to encrypted content or decryption processing of encrypted content using the second encrypted key data.
- an LSI used in the key mounting system a first encryption key generation unit that generates a first encryption key from a first ID and an LSI key, and a second encryption key from the second ID and the LSI key
- a second encryption key generation unit for generating the first encryption key data, and decrypting the first encryption key data using the first encryption key to obtain the first decryption key data
- 2 encryption key data is stored in an external storage unit, and when the key is used, the second decryption unit stores the external storage unit. We shall read the second encrypted key data from.
- the plaintext key can only be obtained inside the LSI, and the device manufacturer handles the key only in an encrypted state, thus eliminating the risk of key leakage and unauthorized use by the device manufacturer during device manufacture. be able to.
- the second encryption key data set in a certain LSI is copied and set in another LSI, the correct key is not decrypted, so that the risk of manufacturing a clone device due to the key copy can be eliminated.
- the first encryption key and the second encryption key can be associated with the LSI, the first encryption key or the second encryption key data set in a certain LSI can be copied and other Therefore, it is possible to prevent an illegal use by setting to an LSI of this type and using it illegally.
- FIG. 1 is a block diagram showing a configuration of a key mounting system according to the first embodiment of the present invention.
- FIG. 2 is a block diagram showing a data flow configuration in the key implementation system according to the first embodiment of the present invention.
- FIG. 3 is a block diagram showing the configuration of the key mounting system according to the second embodiment of the present invention.
- FIG. 4 is a block diagram showing a data flow configuration in the key implementation system according to the second exemplary embodiment of the present invention.
- FIG. 5 is a block diagram showing the configuration of the key mounting system according to the third embodiment of the present invention.
- FIG. 6 is a block diagram showing the configuration of the key mounting system according to the fourth embodiment of the present invention.
- FIG. 7 is a block diagram showing the configuration of the key mounting system according to the fifth embodiment of the present invention.
- FIG. 8 is a block diagram showing a data flow configuration in the key implementation system according to the fifth embodiment of the present invention.
- FIG. 9 is a block diagram showing the configuration of the key mounting system according to the sixth embodiment of the present invention.
- FIG. 10 is a block diagram showing the configuration of the key mounting system according to the seventh embodiment of the present invention.
- FIG. 11 is a block diagram showing a configuration of a key mounting system according to a modification of the sixth embodiment of the present invention.
- FIG. 12 is a block diagram showing the configuration of the key mounting system according to the eighth embodiment of the present invention.
- FIG. 13 is a block diagram illustrating a configuration of a key mounting system according to a modification.
- FIG. 14 is a block diagram showing the configuration of ID1 and ID2.
- FIG. 15 is a block diagram showing the configuration of the LSI key A and the LSI key B.
- FIG. 16 is a block diagram illustrating a configuration of the encryption key generation unit.
- FIG. 17 is a block diagram illustrating a configuration of the encryption key generation unit.
- FIG. 18 is a block diagram illustrating a configuration of the encryption key generation unit.
- FIG. 1 is a configuration diagram showing the configuration of the key mounting system according to the first embodiment of the present invention.
- the key mounting system includes a set 1, a key writing device 12, a medium 13, and a device key supply device 14.
- the set 1 includes an LSI 10 and a nonvolatile memory 11.
- the LSI manufacturer supplies LSI 10 to set manufacturers.
- the LSI 10 includes two types of IDs (ID1 and ID2), two types of LSI keys (LSI key A and LSI key B), and two types of encryption key generation processing (first encryption key generation unit 100, first key). 2 encryption key generation unit 105), three types of encryption processing (first decryption unit 101, second encryption unit 103, second decryption unit 104), and content decryption processing using a device key (content decryption)
- the processing unit 107) is mounted at the time of LSI development / manufacturing.
- the set maker receiving the supply of the LSI 10 uses the key writing device 12 to set a device key in the set 1 as follows.
- the key writing device 12 reads ID1 (108) from the LSI 10. Then, the read ID1 (108) is sent to the device key supply device 14, and a request for device key data is issued.
- the device key supply apparatus 14 includes a database (device key DB 140) in which ID1 and the first encrypted device key are set.
- the device key supply apparatus 14 receives the ID1 input from the key writing apparatus 12, searches the device key DB 140 for the first encrypted device key corresponding to the ID1, and sends it to the key writing apparatus 12.
- the sent first encrypted device key is deleted from the device key DB 140 or attached with a sent flag so that the same key data is not retransmitted.
- first encryption device keys corresponding to ID1 when there are a plurality of first encryption device keys corresponding to ID1, one of them is selected and sent.
- the key writing device 12 inputs the acquired first encryption device key as the first encryption device key 120 to the LSI 10.
- the device key DB 140 may be stored inside the key writing device 12, and the device key supply device 14 may be eliminated.
- the LSI 10 In response to the input, the LSI 10 generates a second encrypted device key based on the first encrypted device key by the following procedure.
- First encryption key generation unit 100 generates a first encryption key from ID1 (108) and LSI key A (109).
- the first decryption unit 101 decrypts the first encrypted device key using the first encryption key to obtain a plaintext device key.
- the second encryption key generation unit 105 generates a second encryption key from the ID2 (10a) and the LSI key B (10b).
- the second encryption unit 103 re-encrypts the plaintext device key using the second encryption key to obtain the second encryption device key.
- the LSI 10 writes the obtained second encryption device key as the second encryption device key 110 in the nonvolatile memory 11. Set 1 is shipped in this state.
- the processing procedure for performing content decryption using the device key in which the set 1 after shipment is implemented is as follows. The following processing is performed in a state where the medium 13 on which the content is recorded is loaded in the set 1.
- the LSI 10 reads the second encryption device key 110 from the nonvolatile memory 11.
- the second encryption key generation unit 105 generates a second encryption key from the ID2 (10a) and the LSI key B (10b).
- the second decryption unit 104 decrypts the second encrypted device key 110 using the second encryption key to obtain a plaintext device key.
- the key writing device 12 may write the first encryption device key 120 in the nonvolatile memory 11 without performing steps (1) to (3) at the time of manufacturing the set. Then, when the end user uses the set 1 for the first time, the second encryption device key 110 is generated by performing the processes (1) to (3) only once. The encryption device key can be overwritten.
- FIG. 2 is a configuration diagram showing a data flow in the key implementation system according to the first embodiment of the present invention.
- the data flow is largely related to the key issuing organization 15 that generates and issues encrypted device key data, the LSI manufacturer 16 that manufactures the LSI, the encryption device key data issued from the key issuing organization 15, and the LSI manufacturer. 16 includes a set maker 17 that manufactures equipment using an LSI purchased from 16.
- the processing flow in the LSI manufacturer 16 is as follows. First, the LSI key generation unit 160 generates two types of LSI keys (LSI key A and LSI key B) to be embedded in the LSI. Then, the LSI key A is sent to the key issuing organization 15 together with the LSI manufacturer ID, and the LSI keys A and B are sent to the LSI development unit 161, respectively.
- the LSI manufacturer ID is an identification number negotiated between the key issuing organization 15 and each LSI manufacturer 16 in order to identify each LSI manufacturer.
- the LSI manufacturer ID and the LSI key A sent from the LSI manufacturer 16 to the key issuing organization 15 are registered in the LSI key DB 151 as a pair of (LSI manufacturer ID, LIS key A).
- the LSI development unit 161 performs design development of the LSI 10 of FIG. 1 and creates design data.
- the LSI keys A and B are mounted as ROM data.
- the ID generation unit 163 generates two types of IDs (ID 1 and ID 2) and sends them to the LSI manufacturing unit 162.
- ID1 is a different value for each predetermined number of LSIs
- ID2 is a different value for each LSI.
- the LSI manufacturing unit 162 manufactures the LSI designed by the LSI development unit 161. At this time, ID1 and ID2 generated by the ID generation unit 163 are written as fuses in each LSI. In addition, about ID1, when changing ID1 whenever a mask set is changed, you may mount as ROM data in the LSI development part 161 instead of a fuse. The manufactured LSI is sent to the set manufacturer 17 together with the information of the LSI manufacturer ID and ID1 set in the LSI.
- the processing flow in the set maker 17 is as follows. First, among those sent from the LSI manufacturer 16, the LSI manufacturer ID and ID1 are received by the device key purchasing unit 170, and when the device key ordering unit 170 places an order for the device key, the device key ordering information ( And the number of purchased keys) to the key issuing organization 15. The key issuing institution 15 performs the following processing with the key encryption tool 150 to generate a predetermined number of first encryption device keys.
- the LSI key DB 151 is searched by using the LSI manufacturer ID sent from the set manufacturer 17 as a search key, and the corresponding LSI key A is acquired.
- the first encryption key generation unit 1500 generates a first encryption key from the LSI key A and ID 1 sent from the set maker 17.
- the encryption key generation algorithm of the first encryption key generation unit 1500 is the same as the encryption key generation algorithm of the first encryption key generation unit 100 of the LSI 10 of FIG.
- the device keys corresponding to the ordered number are obtained from the device key DB 152, and each first encryption unit 1501 encrypts the device keys using the first encryption key. Generate.
- the first encrypted device key generated as described above is sent to the set maker 17 together with ID 1 used for encryption, and is received by the device key purchasing unit 170. Then, the device key purchasing unit 170 sends the received first encrypted device key to the key writing unit 172.
- the key writing unit 172 registers the set of the received ID1 and the first encrypted device key in the device key DB 140 in the device key supply apparatus 14 of FIG.
- the LSI sent from the LSI manufacturer 16 is sent to the set assembly unit 171.
- the set assembling unit 171 assembles a set such as the set 1 in FIG. 1 from the LSI and sends it to the key writing unit 172.
- the key writing unit 172 that has received the assembled set 1 writes the first encrypted device key into the set 1 according to the procedure described above. And it ships as a completed set.
- the process of decrypting the encrypted content by the end user using the completed set is as described above.
- the second encrypted device key 110 encrypted based on ID2 is recorded in the shipped non-volatile memory 11 of set 1. Since ID2 differs for each LSI, even if the encryption key data in the nonvolatile memory 11 is copied to another device, the correct device key is not decrypted in the copy destination device. Therefore, in this embodiment, there is no risk of manufacturing a clone device by copying the device key.
- a device key is encrypted using an encryption key generated from an LSI key and an ID, and this plays the role of an internal key.
- the encryption key can be changed by changing the ID.
- the ID is mounted as a fuse, the value of the fuse mounted on the LSI can be changed, so that the encryption key can be switched without redesigning the LSI such as changing the mask set as in the prior art. It is. Therefore, in the present embodiment, it is possible to obtain extensibility superior to that of the prior art with respect to proper use of internal keys.
- the first encrypted device key 120 is set in the LSI 10 when the device is manufactured. This is because the ID1 (108) and the LSI key are set. It is encrypted with the first encryption key generated from A (109).
- the LSI key A is a value common to the LSIs, and ID1 is a different value for each predetermined number. Therefore, a certain first encryption device key can be set in a plurality of LSIs set with the same ID1, and the encryption device key and the LSI are associated with each other in a one-to-one manner as in the prior art. Such strictness is not necessary, and data management at the time of device manufacture becomes simple.
- ID1 is operated as a different value for each lot of equipment, the set manufacturer does not need to manage the correspondence between the encryption device key and the LSI within the same lot. Further, if ID1 is operated as a different value for each set maker that provides LSI, management of the correspondence relationship becomes unnecessary regardless of the lot. Accordingly, it is possible to reduce or eliminate the problem of encryption device key management when a key is mounted on a device as in the prior art.
- the following effects can be obtained by changing ID1 (108) for each predetermined number.
- ID1 (108) for each predetermined number.
- a set maker that has received the first encryption device key 120 performs an illegal act of setting the same first encryption device key 120 to a plurality of sets.
- the unauthorized device key setting as described above is possible only in a predetermined number of LSIs on which the same ID1 is mounted, and even if it is set in other LSIs, the first decryption unit The decryption at 101 cannot be performed correctly, and the correct second encryption device key is not written into the nonvolatile memory 11. Therefore, the above fraud is limited to a predetermined number of LSIs, and the fraud can be suppressed to a certain extent.
- the plaintext device key is not analyzed from the set after shipment. This is because the device key set in the set after shipment is encrypted with the encryption key generated from the LSI key B.
- ID2 used for encryption when a device key is incorporated into a product is not disclosed to anyone other than the LSI manufacturer, and the confidentiality of ID2 can be increased.
- FIG. 3 is a block diagram showing the configuration of the key mounting system according to the second embodiment of the present invention.
- each component of the key writing device 22, the set 2, the medium 23, and the device key supplying device 24 and their operations are the same as those of the key writing device 12, the set 1, and the medium in the first embodiment shown in FIG. 13.
- the first embodiment only differences from the first embodiment will be described.
- the first verification unit 202 decrypts the decryption performed by the first decryption unit 201 It is checked whether or not the value of a predetermined field (for example, upper 4 bytes) of the data matches the predefined verification data (for example, FFFFFFFF in hexadecimal). If they match, the decrypted data is input to the second encryption 203. If they do not match, the subsequent encryption device key setting process is stopped and an error is output.
- a predetermined field for example, upper 4 bytes
- the second verification unit 206 decrypts the decryption device key by the second decryption unit 204 Verification data in which the value of a predetermined field of the decrypted decrypted data (the same field as the field used by the first verification unit 202) is defined in advance (the same as the verification data used by the first verification unit 202 for verification) ). If they match, the data obtained by removing the verification data from the decrypted data is input to the content decryption processing unit 207 as a device key.
- FIG. 4 is a configuration diagram showing a data flow in the key implementation system according to the second embodiment of the present invention. 4, the components of the key issuing organization 25, LSI manufacturer 26, and set manufacturer 27 and their operations are the same as those of the key issuing organization 15, LSI manufacturer 16, and set manufacturer 17 in the first embodiment shown in FIG. basically the same. Here, only differences from the first embodiment will be described.
- the first encryption unit 2501 creates data obtained by concatenating the verification data 253 with the device key read from the device key DB 252. For example, FFFFFFFF (4 bytes) in hexadecimal is used as the verification data 253 and is linked to the upper part of the device key data. Then, the obtained data is encrypted using the first encryption key generated by the first encryption key generation unit 2500 to generate a first encryption device key.
- the size of the verification data and the specific data may be anything as long as they are determined in advance.
- the verification data is not limited to a fixed pattern, and may be calculated based on a predetermined arithmetic expression from device key data, such as a CRC (Cyclic Redundancy Check) code.
- CRC Cyclic Redundancy Check
- ⁇ Effect> it is possible to confirm whether or not the correct device key has been decrypted by decrypting the device key by using the device key plus verification data as the encrypted device key. It is. As a result, even if an incorrect first encryption device key is to be set in the LSI at the time of manufacturing the set, the first verification unit 202 outputs an error, thereby preventing an erroneous setting of key data. It is possible. It is also possible to confirm whether or not the correct device key has been decrypted when decrypting the encrypted content using the device key in which the set after manufacture is mounted.
- the second verification unit 206 detects an error, so that the wrong key can be prevented from being used in advance. Is possible. It goes without saying that the effects described in the first embodiment can be obtained in the present embodiment.
- FIG. 5 is a block diagram showing the configuration of the key mounting system according to the third embodiment of the present invention. Since the configuration of the LSI 30 is different from the key mounting system in the first embodiment shown in FIG. 1, only the difference will be described.
- the circuit is shared on the assumption that the same algorithm is used as the decoding algorithm of the first decoding unit 101 and the second decoding unit 104 in the first embodiment. It is assumed that the process is performed by the encryption / decryption unit 301. In general, it is known that the circuit scale can be reduced by sharing the core processing between the encryption processing and the decryption processing, rather than mounting them as completely independent circuits. Based on this, the processing circuit of the second decoding unit 104 is also mounted in the encryption / decryption unit 301.
- the circuit is shared on the assumption that the same algorithm is used as the encryption key generation algorithm of the first encryption key generation unit 100 and the second encryption key generation unit 105 in the first embodiment.
- the encryption key generation unit 302 performs this process.
- the first control unit 300 controls input / output data to the encryption / decryption unit 301.
- the second control unit 303 controls input data to the encryption key generation unit 302.
- the operation is the same as that of the first embodiment, except that the internal configuration of the LSI 30 is different as described above.
- FIG. 6 is a block diagram showing the configuration of the key mounting system according to the fourth embodiment of the present invention. Since the basic configuration and processing contents are the same as those of the key mounting system according to the first embodiment shown in FIG. 1, only differences from the first embodiment will be described here.
- ID1 is mounted inside the LSI when the LSI is manufactured.
- the key when the key is written to the set by the set maker, the data is written in the nonvolatile memory 41 outside the LSI.
- the process when writing a key to a set is as follows. First, the nonvolatile memory writing device 44 reads the ID1 and the first encrypted device key set from the internal device key DB 440 (unlike the first embodiment, reads the ID1 from the LSI at the time of the request, and the device It is not sent to the key supply device). At this time, the set of the read ID1 and the first encrypted device key is deleted from the device key DB 440 or a used flag is added so that the same key is not used repeatedly.
- the nonvolatile memory writing device 44 directly writes the read ID1 and the first encryption device key as the ID1 (411) and the first encryption device key (412) in the nonvolatile memory 41.
- the LSI 40 reads the first encryption device key 411 from the nonvolatile memory 41, executes the re-encryption steps (1) to (4) of the first embodiment, and obtains the second encryption device key. Generated and written in the nonvolatile memory 41 as the second encryption device key 410.
- ID1 (411) written in the nonvolatile memory 41 is used as ID1 instead of a value mounted in the LSI 40.
- the second encryption device key 410 is written to overwrite the first encryption device key 412.
- the process in which the set 4 after shipment decrypts the encrypted content 430 recorded on the medium 43 is the same as in the first embodiment.
- an ID (411) written in the nonvolatile memory 41 is used instead of a value mounted in the LSI 40.
- the data flow in the key mounting system according to the fourth embodiment of the present invention is the same as that in the first embodiment shown in FIG.
- a re-encryption process by the LSI 40 (processes (1) to (4) in the first embodiment). It is not necessary to perform this in the key writing process, and may be performed when the LSI 40 is activated in a later process such as a set inspection process or when the end user first activates the set 4 after shipment. As a result, the activation of the LSI during the key writing process is eliminated, and the time for the key writing process can be shortened.
- FIG. 7 is a configuration diagram showing the configuration of the key mounting system according to the fifth embodiment of the present invention. Since the basic configuration and processing contents are the same as those of the key implementation system in the fourth embodiment shown in FIG. 6, only the differences from the fourth embodiment will be described here.
- the first encryption key generation unit 400 generates the first encryption key from the LSI key A and ID1.
- the LSI 50 does not have the first encryption key generation unit, and the first decryption unit 501 decrypts the first encryption device key 511 using the LSI key A as a direct encryption key.
- the ID of the present embodiment is ID data corresponding to ID2 in the fourth embodiment. The rest is the same as the fourth embodiment.
- FIG. 8 is a configuration diagram showing a data flow in the key implementation system according to the fifth embodiment of the present invention. Since the basic configuration and processing contents are the same as those in the first embodiment shown in FIG. 2, only the differences from the first embodiment will be described here.
- the first encryption key generation unit 1500 is deleted from FIG. 2 in the first embodiment. Furthermore, FIG. 8 in the present embodiment shows a case where ID1 is completely deleted from data exchanged between the blocks and ID2 is further set as the ID. As a result, the following processing is different from the first embodiment.
- the LSI key DB 551 receives the input of the LSI manufacturer ID, searches for the corresponding LSI key A, and inputs it to the first encryption unit 5501.
- the first encryption unit 5501 encrypts the device key acquired from the device key DB 552 using the LSI key A, and generates a first encrypted device key.
- Other processes are the same as those in the first embodiment.
- this embodiment also has the advantage that the management of the association between the key and ID1 in the set maker is unnecessary, and the management cost is reduced. Further, after the nonvolatile memory writing device 52 writes the first encryption device key 511 to the nonvolatile memory 51, the re-encryption process by the LSI 50 (processes (1) to (4) in the first embodiment). As in the fourth embodiment, since it may be performed after the key writing process or when the end user starts the set 5, the time of the key writing process can be shortened. Furthermore, since it is not necessary to record ID1 as in the fourth embodiment, there is an effect that the storage capacity of the external memory can be reduced correspondingly.
- FIG. 9 is a block diagram showing the configuration of the key mounting system according to the sixth embodiment of the present invention.
- This embodiment is the same as the fifth embodiment in which the same key data is used as the LSI key A and the LSI key B, and the LSI key is used as the LSI key.
- the processing flow is the same as that in the fifth embodiment in which the LSI key A or the LISI key B is replaced with the LSI key in the processing using the LSI key A and the LSI key B.
- FIG. 10 is a configuration diagram showing the configuration of the key mounting system according to the seventh embodiment of the present invention.
- This embodiment is the same as the sixth embodiment in which a first encryption key generation unit 6512, ID1 (6513), and a master key 6514 are newly added.
- the first encryption key generation unit 6512 performs encryption key generation processing from the master key 6514 and ID1 (6513), and generates an LSI key 6509. Since the processing using the generated LSI key 6509 is the same as that of the sixth embodiment, description thereof is omitted.
- the LSI key 6509 can be changed by changing ID1 (6514) which is the value of the fuse. Therefore, it is possible to change the LSI key without changing the mask set.
- ID1 6514
- the circuit area can be saved accordingly.
- FIG. 12 is a block diagram showing the configuration of the key mounting system according to the eighth embodiment of the present invention.
- ID3 is introduced in addition to ID1 and ID2.
- ID3 is different ID data for each predetermined number of LSIs, and is set inside the LSI when the LSI is manufactured. Then, the first encryption key generation unit changes so as to generate the first encryption key based on the LSI key A and ID1 and ID3.
- the procedure for setting a device key in the set 7 including the LSI 70 and the nonvolatile memory 71 is as follows. In the device key DB 740 in the device key supply apparatus 74, data having [ID3, ID1, first encrypted device key] as a set is registered as a list.
- the device key supply apparatus 74 reads ID3 (708) from the LSI 70, and searches the device key DB 740 using the value as a search key. Then, a corresponding set of [ID3, ID1, first encryption device key] is taken out, and only ID1 and the first encryption device key are sent to the nonvolatile memory writing device 71. The set taken out at this time is deleted from the database or flagged to indicate that it has been used, so that the same set is not used repeatedly. Further, when a plurality of corresponding sets are searched, one of them is appropriately selected. The nonvolatile memory writing device 72 that has received the sent ID1 and the first encryption device key writes them into the nonvolatile memory 71 as ID1 (711) and the first encryption device key 710. The subsequent processing is the same as that in the fourth embodiment. However, when the first encryption key generation unit 700 generates the first encryption key, generation processing is performed based on ID3 (708) in addition to the LSI key A (709) and ID1 (711).
- the combination of the same ID1 and the first encryption device key can be set to a plurality of sets. became.
- the first encryption device key is linked to ID3 set in the LSI, the above-described fraud is not possible or limited (LSI with the same ID3 set) It is possible to make it only possible.
- the encryption method used for device key encryption and decryption is not limited to a specific algorithm. Any algorithm such as AES (Advanced Encryption Standard) cipher or DES (Data Encryption Standard) cipher may be used.
- AES Advanced Encryption Standard
- DES Data Encryption Standard
- the data size and the number of data of each data are not limited to a specific size and number.
- the algorithm used for generating the encryption key is not limited to a specific algorithm.
- a hash algorithm such as SHA1 (Secure Hash Algorithm 1) or MD5 (Message Digest 5) may be used, or a hash algorithm using a block cipher algorithm such as AES cipher or DES cipher may be used.
- a MAC (Message Authentication Code) calculation algorithm using CMAC or block cipher may be used.
- FIG. 16 is an example of an algorithm used for key generation.
- the LSI key in the figure is an LSI key A or LSI key B, and the ID is ID1 or ID2.
- the encryption unit 900 is an arbitrary encryption algorithm such as AES encryption or DES encryption. At this time, the encryption key is generated as follows.
- Step 1 The encryption unit 900 encrypts the ID using the LSI key.
- Step 2 The exclusive OR unit 901 performs an exclusive OR operation for each bit of the encryption result of Step 1 and the ID, and uses the result as an encryption key.
- the encryption process used in the encryption unit 900 is not limited to the encryption process, and a decryption algorithm such as AES encryption or DES encryption may be used.
- FIG. 17 shows a configuration example when the ID size is less than the data size of the encryption algorithm used for the encryption unit 910.
- the data combining unit 912 inputs to the encryption unit 910 a predetermined parameter combined with the ID so as to be the same as the data size of the encryption algorithm.
- FIG. 18 shows a configuration example when the size of the LSI key is less than the key size of the encryption algorithm used for the encryption unit 920.
- the data combining unit 922 inputs, to the encryption unit 920, a predetermined parameter combined with the LSI key so as to have the same key size as the encryption algorithm.
- the parameter setting value is uniquely determined by the LSI manufacturer, and is the same for all LSIs manufactured by the LSI manufacturer, and is different for each predetermined number of units, lots, and mask sets.
- parameters common to all LSI manufacturers may be used.
- LSI key A and LSI key B Two types are set in the LSI, but these may be shared and set to the same value. Thereby, the area of the key data mounted on the LSI can be reduced. However, in this case, if the LSI key A is exposed, the LSI key B is also known. While avoiding this, in order to reduce the number of bits mounted on the LSI key A and LSI key B, only some of the bits may be shared. For example, as shown in FIG. 15, a 192-bit LSI key (86) is mounted on the LSI, the upper 128 bits are used as the LSI key A (860), and the lower 128 bits are used as the LSI key B (861). Also good.
- LSI key A and LSI key B may be used separately by mounting a plurality of keys on the LSI.
- an LSI key A identifier or an LSI key B identifier is introduced, and in the encryption key generation process, in addition to ID1 or ID2, an LSI key A identifier, an LSI key B An identifier is input to the first encryption key generation unit and the second encryption key generation unit, and one of a plurality of LSI keys A or LSI keys B is selected based on the identifier, and encryption using ID1 or ID2 is performed.
- a key generation process may be performed. In this way, LSI keys can be used properly for each set maker, and security independence (even if one set maker's key is exposed, it does not affect the confidentiality of other set maker's keys) is more reliable. To be kept.
- FIG. 11 shows a configuration example when the above-described mechanism is applied to the sixth embodiment.
- An LSI key list storage unit 6609, an LSI key selection unit 6612, and an LSI key identifier 6613 are added from FIG. 9 showing the configuration example of the sixth embodiment.
- the LSI key list storage unit 6609 stores a predetermined number of LSI keys as a list, and each LSI key is given an identifier of a predetermined bit.
- the LSI key selection unit 6612 acquires the LSI key specified by the LSI key identifier 6613 from the LSI key list storage unit 6609 and sets it as the LSI key 6609. Subsequent processing such as decryption processing using the acquired LSI key is the same as that of the sixth embodiment.
- the location where the second encryption device key is stored in the set may not be a nonvolatile memory outside the LSI.
- the nonvolatile memory may be inside the LSI or may be stored in a memory outside the set. Alternatively, it may be stored in a server on the network, and the set may be read by connecting to the server via the network when necessary.
- ID2 does not necessarily have to be different for each LSI. For example, even in an operation in which ID2 is changed every predetermined number, it is practically difficult to find a set having the same ID2 after shipment. It can be said that it retains sex.
- the unit for switching ID1 is not limited to the method described in the embodiment. It may be changed for each predetermined number, or may be changed by dividing by the production time. Alternatively, it may be changed for each LSI product number or for each production lot. It may be changed for each set maker providing the LSI, or the above may be combined (for example, changed for each set maker, and changed for each lot even for the same set maker). ID1 may be implemented as ROM data and changed only when the mask set changes.
- the generation method of ID1 and ID2 is not limited to a specific method.
- An initial value may be determined, and the ID may be determined while adding 1, or may be determined randomly using a random number generator or the like.
- the inside of the ID data may be divided into several fields and structured such that the first field is set manufacturer identification information, the next field is a lot number, and the like.
- the LSI manufacturer generates a signature generation key and signature verification key for digital signature.
- the signature verification key is sent to the key issuing organization.
- ID1 the digital signature generated using the digital signature generation key is added to ID1 and sent.
- the set maker requests the key issuing organization to issue the first encryption device key, it sends ID1 with the digital signature added thereto.
- the key encryption tool of the key issuing organization verifies the received digital signature of ID1 using the signature verification key, and issues the first encryption device key only when it is confirmed to be correct. This prevents the set maker from issuing the first encryption key for the fictitious ID1.
- the LSI manufacturer sends ID1 to the set maker and at the same time sends ID1 to the key issuing organization.
- the key issuing organization holds the received ID1 as a list for each LSI manufacturer ID.
- the pair of [LSI manufacturer ID, ID1] exists in the list received from the LSI manufacturer above. Check whether or not. Only when it exists, the first encryption device key is issued. This can prevent the set maker from issuing the first encryption key for the fictitious ID1.
- the key encryption tool of the key issuing organization may delete the ID1 from the list after the first encryption device key issuance is completed. As a result, it is possible to prevent the LSI manufacturer from making an unnecessary reissue request for ID1 that has already received the first encryption key in the past.
- a list of invalid [LSI manufacturer ID, ID1] pairs is registered in the key encryption tool of the key issuing institution, and when a first encryption device key issue request is received from the set manufacturer, It may be checked whether the set of [LSI manufacturer ID, ID1] exists in the list received from the LSI manufacturer. If it exists in the list, it is output that it is invalid and the first encryption key issuance process is stopped. As a result, even if an LSI manufacturer issues ID1 to an unauthorized set maker, it stops production of the unauthorized set by stopping issuing the first encryption device key to the set maker. Can do.
- the key issuing organization authenticates the set maker that issues the first encryption device key issuance as follows, and confirms that the issuance request is certainly sent from the set maker. You may authenticate. First, the set maker generates a signature generation key and a signature verification key according to a digital signature method algorithm using public key cryptography. The signature verification key is sent to the key issuing organization. The key issuing organization confirms the identity of the set maker, and registers the signature verification key in the signature verification key database together with the set maker identification information. When the set maker issues a request for issuing the first encryption device key, a digital signature is generated and added to the request information such as the LSI maker ID and ID1 and the number of keys to be issued. And send it to the key issuer.
- the key issuing organization searches the signature verification key database, acquires the signature verification key of the set maker, and verifies the digital signature of the received request information. Then, only when the validity of the signature is confirmed, the first encryption device key is issued based on the received request content. If the validity of the signature cannot be confirmed, the issuance of the first encryption device key is rejected.
- the mounting form of ID1 and ID2 on the LSI is a fuse, but is not limited to this.
- it may be mounted as ROM data or written in a nonvolatile memory inside the LSI.
- it may be written in an external memory of the LSI.
- it is possible to prevent illegal forgery of ID data by mounting in the LSI a mechanism for confirming that the ID data written in the external memory has not been tampered with.
- an LSI manufacturer creates a MAC (Message Authentication Code) of ID data using a secret key inside the LSI, and writes it in an external memory together with the ID data.
- the MAC data is used to confirm that the ID has not been tampered with.
- the first encryption key and the second encryption key are generated from the LSI key and the ID.
- the encryption key is generated based on the secret information and the ID inside the LSI. Anything can be generated. For example, if the encryption key generation method itself is secret, the encryption key may be generated for the ID based on the generation method.
- the LSI manufacturer may notify the key issuing organization of the number of LSIs shipped to each set manufacturer. Then, the key issuing organization counts the number of device keys issued to each set maker. If there is a set maker that compares the number of purchased LSIs and the number of issued device keys and the numbers of the two are extremely different, the key issuing organization may copy the same device key and implement it in multiple sets. Can be estimated. Thereby, it is possible to suppress the device key copy fraud by the set maker.
- the target for mounting the device key is not limited to this embodiment. Any device that needs to have a key for performing some kind of encryption processing or authentication processing at the time of manufacture is the subject of the present invention. Examples are DVD players / recorders, HDD recorders, BD players / recorders, SD audio players / recorders, SD video players / recorders, SD memory cards, memory sticks, digital TVs, and the like.
- the embodiment has been described as a process for manufacturing a host that reproduces content recorded on a medium, but any device that implements a key may be used.
- FIG. 13 shows an example in which the first embodiment is applied to manufacture of a media card that authenticates with a host.
- the figure shows a case where the card controller LSI 80 authenticates with the host 83 using a device key.
- ID1 and ID2 implementation bits some bits may be shared.
- a 96-bit ID (85) is mounted on the LSI, and the upper 64 bits are used as ID1 (850) and the lower 64 bits are used as ID2 (851) inside the LSI. Also good.
- ID1 for each predetermined number of LSIs
- the upper 32 bits that are not shared with ID2 are changed, and when changing ID2 for each LSI, it is shared with ID1. It is sufficient to change the lower 32 bits that are not present.
- the operation method of the LSI key A and the LSI key B may be as follows.
- A) A different value may be set for each LSI manufacturer, and the same value may be set for all LSIs manufactured by the manufacturer.
- B) A different value is set for each LSI manufacturer, and the LSI manufactured by the manufacturer is set to a different value for each predetermined number, for each predetermined lot number, for each mask set change, or for each set maker that supplies the LSI. You may do it.
- C The same value may be set for all LSIs of all LSI manufacturers.
- the key implementation system prevents the risk of unauthorized key leakage by a set maker and the risk of creating a clone device by copying a key by an end user, while reducing variations in encryption keys without adding a key to be set in the LSI. Since it has the feature that encryption key management at the time of manufacturing a set is simple, it is useful for realizing a key mounting system on a device or a media card having a copyright protection function for content. .
Abstract
Description
従来技術では、デバイス鍵の内部鍵による暗号化処理を、機器メーカーにおいて行っている。即ち、鍵発行機関は、機器メーカーに、平文のデバイス鍵を提供する必要があるが、これは、不正な機器メーカーによるデバイス鍵の不正漏洩や不正使用の懸念がある。
従来技術では、デバイス鍵は、LSI共通の内部鍵で暗号化して、EEPROMに記録する。従って、ある機器のEEPROMに記録された暗号化デバイス鍵データを、そのまま、別の機器のEEPROMにコピーしたとしても、コピー先の機器のLSIは、そのコピーされた暗号化デバイス鍵を平文のデバイス鍵に正しく復号化できる。即ち、ある機器のデバイス鍵を別の機器でも使用できることになり、クローン機器の作成が可能になってしまう。例えば、BD(Blu-ray Disk)の著作権保護技術であるAACS(Advanced Access Content System)のロバストネス・ルールでは、上記のような暗号化デバイス鍵データのコピーによるクローン機器の作成を不可能とするようなデバイス鍵実装が要求されており、従来技術では、その要求を満たしていないことになる。
従来技術では、LSI内に内部鍵を複数設定して、例えば、LSIを供給する機器メーカーごとに使い分けるような構成が開示されている。機器メーカーが比較的少数の場合(数社~十数社)には、本従来技術の方法でも対応が可能であるが、実装コストの観点から実装可能な内部鍵の個数にも限界があり、機器メーカーが多数の場合には、対応が困難となる。ましてや、(2)の課題を解決するために、LSI1個ごとに内部鍵を使い分けることは、現実的には不可能である。また、開発時の想定以上の機器メーカーにLSIを提供する必要が生じたとき、本従来例では、後から内部鍵を追加することができないため、LSIの再設計が必要になってしまう。
特許文献2乃至3では、LSI内部に設定された定数(Const)あるいはヒューズ値(IDfuse)に基づいて生成した暗号化データを、LSI外部の記憶部に記録する構成が開示されている。この方法の場合、上記定数あるいはヒューズ値をLSI1個ごとに異なるようにすれば、暗号化データ生成ツールで生成した上記暗号化データは、特定の1個のLSIでのみ正しく復号化が可能となる。しかし、万一、対応関係の取れていないLSIに暗号化データを設定してしまうと、LSIは正しくデバイス鍵を復号化できず、正しいコンテンツ暗号化・復号化処理が行えない。このため、機器製造時には、LSIと暗号化データひとつひとつとの対応関係を厳密に管理して、正しく対応関係の取れたLSIの外付けメモリに暗号化データを書き込む必要がある。機器製造時にこのようなデータ管理を行うのは、負担であり製造コストの増大につながる。
図1は、本発明の第1の実施の形態に係る鍵実装システムの構成を示す構成図である。
まず、本実施の形態が、先に述べた課題を解決していることを以下に説明する。
セットメーカー17には、デバイス鍵は暗号化された状態でしか送付されず、復号化されたデバイス鍵は、LSI10の内部にしか現れない。従って、セットメーカー17は、平文のデバイス鍵を知ることはないので、本実施の形態においては、機器メーカーによるデバイス鍵の不正漏洩、不正使用リスクはない。
出荷されるセット1の不揮発メモリ11には、ID2に基づいて暗号化された第2暗号化デバイス鍵110が記録されている。ID2は、LSI1個ごとに異なるので、たとえ、不揮発メモリ11の暗号化鍵データが別の機器にコピーされたとしても、コピー先の機器では、正しいデバイス鍵が復号化されない。従って、本実施の形態においては、デバイス鍵コピーによるクローン機器製造リスクはない。
本実施の形態においては、LSI鍵とIDから生成する暗号鍵を用いてデバイス鍵を暗号化するので、これが内部鍵の役割を果たしている。暗号鍵は、IDを変えることにより変更することができる。更に、IDをヒューズとして実装すれば、LSIに実装するヒューズの値を変えることができるので、従来技術のように、マスクセットの変更といったLSIの再設計をせずに、暗号鍵の切り替えが可能である。従って、本実施の形態においては、内部鍵使い分けに関しては、従来技術よりも、優れた拡張性が得られる。
本実施の形態においては、機器製造時には、第1暗号化デバイス鍵120をLSI10に設定するが、これは、ID1(108)とLSI鍵A(109)から生成される第1暗号鍵で暗号化されている。ここで、LSI鍵Aは、LSI共通の値であり、ID1は、所定個数ごとに異なる値である。従って、ある第1暗号化デバイス鍵は、同じID1が設定された複数のLSIに設定することが可能であり、従来技術のように暗号化デバイス鍵とLSIとを1対1で対応付けて管理するような厳密さは不要になるので、機器製造時のデータ管理は簡便になる。例えば、ID1を、機器のロットごとに異なる値として運用すれば、セットメーカーは、同じロット内であれば、暗号化デバイス鍵とLSIとの対応関係を管理する必要がなくなる。更に、ID1を、LSIを提供するセットメーカーごとに異なる値として運用すれば、ロットにかかわらず、対応関係の管理は必要なくなる。従って、従来技術のような機器への鍵実装時の暗号化デバイス鍵管理の課題は軽減あるいは、なくすことができる。
図3は、本発明の第2の実施の形態に係る鍵実装システムの構成を示す構成図である。図3において、鍵書き込み装置22、セット2、メディア23、デバイス鍵供給装置24の各構成要素及びそれらの動作は、図1に示す第1の実施の形態における鍵書き込み装置12、セット1、メディア13、デバイス鍵供給装置14と基本的には同じである。ここでは、第1の実施の形態との差異部分のみを説明する。
セットへの暗号化デバイス鍵設定の処理において、第1検証部202は、第1復号化部201にて復号化された復号化データの所定フィールド(例えば、上位4バイト)の値が、予め定義されている検証データ(例えば、16進数でFFFFFFFF)と一致するかどうかをチェックする。そして、一致すれば、復号化データを第2暗号化203に入力し、一致しなければ、以降の暗号化デバイス鍵設置の処理を中止し、エラーを出力する。
暗号化コンテンツ復号化時の、暗号化デバイス鍵復号化処理において、第2検証部206は、第2復号化部204にて復号化された復号化データの所定フィールド(第1検証部202が検証に用いたフィールドと同じ箇所)の値が予め定義されている検証データ(第1検証部202が検証に用いた検証データと同じ)と一致するかどうかをチェックする。そして、一致すれば、復号化データから検証データの部分を取り除いたデータをデバイス鍵として、コンテンツ復号化処理部207に入力する。
第1暗号化部2501は、デバイス鍵DB252から読み出したデバイス鍵に対して、検証データ253をデータ連結したデータを作成する。例えば、検証データ253として16進数でFFFFFFFF(4バイト)を用いて、デバイス鍵データの上位に連結する。そして、得られたデータを、第1暗号鍵生成部2500にて生成された第1暗号鍵を用いて暗号化して、第1暗号化デバイス鍵を生成する。
本実施の形態では、デバイス鍵に検証データを付加したものを暗号化デバイス鍵とすることにより、デバイス鍵の復号化処理の際に、正しいデバイス鍵が復号化されたかどうかを確認することが可能である。これにより、セット製造時に、万一、間違った第1暗号化デバイス鍵がLSIに設定されようとした場合でも、第1検証部202がエラーを出力するので、鍵データの誤設定を未然に防ぐことが可能である。また、製造後のセットが実装されたデバイス鍵を用いて暗号化コンテンツの復号化処理を行う際に、正しいデバイス鍵が復号化されたかどうかを確認することも可能である。これにより、データ破壊や改ざんあるいは読み取りエラーにより間違った第2暗号化デバイス鍵がLSIに入力されたとしても、第2検証部206がエラーを検出するので、誤った鍵の使用を未然に防ぐことが可能である。また、本実施の形態では、第1の実施の形態で述べた効果が得られることは言うまでもない。
図5は、本発明の第3の実施の形態に係る鍵実装システムの構成を示す構成図である。図1に示す第1の実施の形態における鍵実装システムとは、LSI30の構成が異なるので、その差異についてのみ説明する。
図6は、本発明の第4の実施の形態に係る鍵実装システムの構成を示す構成図である。基本的な構成及び処理内容は、図1に示す第1の実施の形態における鍵実装システムと同じであるから、ここでは、第1の実施の形態との差異部分についてのみ説明する。
図7は、本発明の第5の実施の形態に係る鍵実装システムの構成を示す構成図である。基本的な構成及び処理内容は、図6に示す第4の実施の形態における鍵実装システムと同じであるから、ここでは第4の実施の形態との差異部分についてのみ説明する。
図9は、本発明の第6の実施の形態に係る鍵実装システムの構成を示す構成図である。本実施の形態は、第5の実施の形態において、LSI鍵AとLSI鍵Bとして同じ鍵データを用いて、それをLSI鍵としたものと等しい。また、その処理フローは、第5の実施の形態において、LSI鍵A、LSI鍵Bを用いる処理において、LSI鍵AもしくはLISI鍵BをLSI鍵に置き換えたものと等しい。
図10は、本発明の第7の実施の形態に係る鍵実装システムの構成を示す構成図である。本実施の形態は、第6の実施の形態において、第1暗号鍵生成部6512、ID1(6513)、マスタ鍵6514を新たに追加した構成に等しい。第1暗号鍵生成部6512は、マスタ鍵6514とID1(6513)とから暗号鍵生成処理を行い、LSI鍵6509を生成する。生成したLSI鍵6509を用いた処理などは、第6の実施の形態と同じであるから説明は省略する。
図12は、本発明の第8の実施の形態に係る鍵実装システムの構成を示す構成図である。
なお、本発明は、上記の実施の形態に限定されないのはもちろんである。以下のような変形例も本発明に含まれる。
10 LSI
10a ID2
10b LSI鍵B
11 不揮発メモリ(記憶部)
12 鍵書き込み装置
13 メディア
100 第1暗号鍵生成部
101 第1復号化部
103 第2暗号化部
104 第2復号化部
105 第2暗号鍵生成部
107 コンテンツ復号化処理部
108 ID1
109 LSI鍵A
110 第2暗号化デバイス鍵
120 第1暗号化デバイス鍵
130 暗号化コンテンツ
201 第1検証部
206 第2検証部
Claims (10)
- LSIと記憶部とを備えた鍵実装システムであって、
前記LSIは、
第1の暗号化鍵データを受け、第1の暗号鍵を用いて前記第1の暗号化鍵データを復号化して第1の復号化鍵データを生成する第1復号化部と、
第2のIDに基づいて第2の暗号鍵を生成する第2暗号鍵生成部と、
前記第2の暗号鍵を用いて前記第1の復号化鍵データを暗号化して第2の暗号化鍵データを生成する第2暗号化部と、
前記第2の暗号化鍵を用いて前記第2の暗号化鍵データを復号化して第2の復号化鍵データを生成する第2復号化部とを有するものであり、
鍵実装時には前記第2暗号化部が前記第2の暗号化鍵データを前記記憶部に格納し、鍵使用時には前記第2復号化部が前記記憶部から前記第2の暗号化鍵データを読み出す
ことを特徴とする鍵実装システム。 - 請求項1の鍵実装システムにおいて、
前記LSIは、第1のIDに基づいて前記第1の暗号鍵を生成する第1暗号鍵生成部を有する
ことを特徴とする鍵実装システム。 - 請求項2の鍵実装システムにおいて、
前記第1暗号鍵生成部は、第1のLSI鍵および前記第1のIDに基づいて前記第1の暗号鍵を生成するものであり、
前記第2暗号鍵生成部は、第2のLSI鍵および前記第2のIDに基づいて前記第2の暗号鍵を生成するものである
ことを特徴とする鍵実装システム。 - 請求項2の鍵実装システムにおいて、
前記第1のIDは、前記LSIの所定個数単位で異なり、
前記第2のIDは、前記LSIの個々で異なる
ことを特徴とする鍵実装システム。 - 請求項2の鍵実装システムにおいて、
前記LSIは、第1の部分データ、第2の部分データ、および第3の部分データからなるIDデータを保持するものであり、
前記第1のIDは、前記第1および第3の部分データからなり、
前記第2のIDは、前記第2および第3の部分データからなる
ことを特徴とする鍵実装システム。 - 請求項2の鍵実装システムにおいて、
前記第1のIDは、前記記憶部に保持されており、
前記第2のIDは、前記LSIに保持されている
ことを特徴とする鍵実装システム。 - 請求項1の鍵実装システムにおいて、
前記第1の復号化鍵データは、検証データを含むものであり、
前記LSIは、前記検証データを確認して前記第1の復号化鍵データの正当性を検証する第1検証部を有する
ことを特徴とする鍵実装システム。 - 請求項1の鍵実装システムにおいて、
前記第2の復号化鍵データは、検証データを含むものであり、
前記LSIは、前記検証データを確認して前記第2の復号化鍵データの正当性を検証する第1検証部を有する
ことを特徴とする鍵実装システム。 - 請求項1の鍵実装システムにおいて、
前記第2の暗号化鍵データを用いて、暗号化コンテンツへのアクセスに係る認証処理または暗号化コンテンツの復号処理を行うコンテンツ復号化処理部を備えている
ことを特徴とする鍵実装システム。 - 第1のIDおよびLSI鍵から第1の暗号鍵を生成する第1暗号鍵生成部と、
第2のIDおよびLSI鍵から第2の暗号鍵を生成する第2暗号鍵生成部と、
第1の暗号化鍵データを受け、前記第1の暗号鍵を用いて前記第1の暗号化鍵データを復号化して第1の復号化鍵データを生成する第1復号化部と、
前記第2の暗号鍵を用いて前記第1の復号化鍵データを暗号化して第2の暗号化鍵データを生成する第2暗号化部と、
前記第2の暗号化鍵を用いて前記第2の暗号化鍵データを復号化して第2の復号化鍵データを生成する第2復号化部とを備え、
鍵実装時には前記第2暗号化部が前記第2の暗号化鍵データを外部の記憶部に格納し、鍵使用時には前記第2復号化部が前記外部の記憶部から前記第2の暗号化鍵データを読み出す
ことを特徴とするLSI。
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2011508205A JP5335072B2 (ja) | 2009-04-06 | 2010-03-15 | 鍵実装システム |
CN201080014271.2A CN102365839B (zh) | 2009-04-06 | 2010-03-15 | 密钥安装系统 |
US13/253,591 US8787582B2 (en) | 2009-04-06 | 2011-10-05 | Key implementation system |
US14/269,603 US9172535B2 (en) | 2009-04-06 | 2014-05-05 | Key implementation system |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2009092172 | 2009-04-06 | ||
JP2009-092172 | 2009-04-06 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/253,591 Continuation US8787582B2 (en) | 2009-04-06 | 2011-10-05 | Key implementation system |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2010116618A1 true WO2010116618A1 (ja) | 2010-10-14 |
Family
ID=42935918
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2010/001846 WO2010116618A1 (ja) | 2009-04-06 | 2010-03-15 | 鍵実装システム |
Country Status (4)
Country | Link |
---|---|
US (2) | US8787582B2 (ja) |
JP (2) | JP5335072B2 (ja) |
CN (1) | CN102365839B (ja) |
WO (1) | WO2010116618A1 (ja) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120137137A1 (en) * | 2010-11-30 | 2012-05-31 | Brickell Ernest F | Method and apparatus for key provisioning of hardware devices |
CN104798338A (zh) * | 2012-12-27 | 2015-07-22 | 英特尔公司 | 用于在集成电路制造期间保护密钥制备的熔丝认证 |
JP2016036121A (ja) * | 2014-08-04 | 2016-03-17 | 株式会社東芝 | システム鍵設定システム、鍵配布鍵設定サーバ及び鍵配布鍵設定方法 |
JP2017506850A (ja) * | 2014-02-20 | 2017-03-09 | ザイリンクス インコーポレイテッドXilinx Incorporated | 公開鍵およびセッション鍵による認証 |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7162035B1 (en) | 2000-05-24 | 2007-01-09 | Tracer Detection Technology Corp. | Authentication method and system |
US8171567B1 (en) | 2002-09-04 | 2012-05-01 | Tracer Detection Technology Corp. | Authentication method and system |
US7995196B1 (en) | 2008-04-23 | 2011-08-09 | Tracer Detection Technology Corp. | Authentication method and system |
US10110380B2 (en) * | 2011-03-28 | 2018-10-23 | Nxp B.V. | Secure dynamic on chip key programming |
JP5981761B2 (ja) * | 2012-05-01 | 2016-08-31 | キヤノン株式会社 | 通信装置、制御方法、プログラム |
JP5906146B2 (ja) * | 2012-06-29 | 2016-04-20 | 株式会社沖データ | 画像データ処理装置及びプログラム |
US9674162B1 (en) * | 2015-03-13 | 2017-06-06 | Amazon Technologies, Inc. | Updating encrypted cryptographic key pair |
US9479340B1 (en) | 2015-03-30 | 2016-10-25 | Amazon Technologies, Inc. | Controlling use of encryption keys |
US11343071B2 (en) | 2016-02-05 | 2022-05-24 | Micro Focus Llc | Extended ciphertexts |
CN107070881B (zh) * | 2017-02-20 | 2020-11-27 | 北京古盘创世科技发展有限公司 | 密钥管理方法、系统及用户终端 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2005303370A (ja) * | 2004-04-06 | 2005-10-27 | Sony Corp | 半導体チップ、起動プログラム、半導体チッププログラム、記憶媒体、端末装置、及び情報処理方法 |
JP2006229881A (ja) * | 2005-02-21 | 2006-08-31 | Toshiba Corp | 鍵管理システムおよび鍵管理方法 |
JP2007011871A (ja) * | 2005-07-01 | 2007-01-18 | Matsushita Electric Ind Co Ltd | 機密情報実装システム及びlsi |
JP2007149267A (ja) * | 2005-11-29 | 2007-06-14 | Fujitsu Ltd | 半導体装置 |
WO2009028137A1 (ja) * | 2007-08-28 | 2009-03-05 | Panasonic Corporation | 鍵端末装置、暗号処理用lsi、固有鍵生成方法及びコンテンツシステム |
Family Cites Families (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5202921A (en) | 1991-04-01 | 1993-04-13 | International Business Machines Corporation | Method and apparatus for authenticating users of a communication system to each other |
US5671284A (en) | 1996-04-16 | 1997-09-23 | Vlsi Technology, Inc. | Data encryptor having a scalable clock |
JP2000269958A (ja) | 1999-03-15 | 2000-09-29 | Pasuteru:Kk | 個別共通鍵公開鍵併用による認証処理と暗号処理と他者侵入防止機能搭載lsi及びそのlsi製造機 |
JP2001223687A (ja) | 2000-02-08 | 2001-08-17 | Toshiba Corp | 秘匿データ処理装置と方法及びそのic装置 |
JP3888823B2 (ja) * | 2000-02-14 | 2007-03-07 | 松下電器産業株式会社 | 半導体集積回路 |
JP4457474B2 (ja) * | 2000-04-04 | 2010-04-28 | ソニー株式会社 | 情報記録装置、情報再生装置、情報記録方法、情報再生方法、および情報記録媒体、並びにプログラム提供媒体 |
JP2002185447A (ja) * | 2000-12-18 | 2002-06-28 | Toshiba Corp | 秘匿データ処理装置及びその電子部品 |
JP4181812B2 (ja) * | 2001-07-25 | 2008-11-19 | 松下電器産業株式会社 | 暗号処理用の素子とその暗号処理に用いる情報とを有する復号装置の製造方法、復号装置が有する情報と素子とを供給する供給システム、および前記製造方法において製造される復号装置。 |
TWI222609B (en) | 2001-07-25 | 2004-10-21 | Matsushita Electric Ind Co Ltd | A method of producing a decrypting apparatus having a cryptographic device and cryptographic information, a system for providing such device and information, and the decrypting apparatus produced by the production method |
JP2003050745A (ja) * | 2001-08-07 | 2003-02-21 | Sony Corp | 情報処理装置、および情報処理方法、並びにコンピュータ・プログラム |
JP3773431B2 (ja) * | 2001-09-20 | 2006-05-10 | 松下電器産業株式会社 | 鍵実装システムおよびこれを実現するためのlsi、並びに鍵実装方法 |
JP2004054834A (ja) * | 2002-07-24 | 2004-02-19 | Matsushita Electric Ind Co Ltd | プログラム開発方法、プログラム開発支援装置およびプログラム実装方法 |
JP2004208088A (ja) * | 2002-12-26 | 2004-07-22 | Matsushita Electric Ind Co Ltd | デバイス鍵復号化装置、デバイス鍵暗号化装置、デバイス鍵暗号復号化装置、デバイス鍵復号化方法、デバイス鍵暗号化方法、デバイス鍵暗号復号化方法、及びそのプログラム |
JP2005294952A (ja) | 2004-03-31 | 2005-10-20 | Matsushita Electric Ind Co Ltd | 機密情報実装システム、lsi、記憶装置及び機密情報実装方法 |
WO2006011527A1 (ja) * | 2004-07-30 | 2006-02-02 | Matsushita Electric Industrial Co., Ltd. | 記録装置、コンテンツ鍵処理装置、記録媒体、及び記録方法 |
EP1873961A1 (en) * | 2005-04-07 | 2008-01-02 | Matsushita Electric Industrial Co., Ltd. | Circuit building device |
SG162784A1 (en) * | 2005-06-14 | 2010-07-29 | Certicom Corp | System and method for remote device registration |
JP2007006380A (ja) * | 2005-06-27 | 2007-01-11 | Toshiba Corp | デジタル放送番組データを受信可能な情報処理装置及び同装置におけるコンテンツ保護方法 |
WO2007058292A1 (ja) * | 2005-11-18 | 2007-05-24 | Matsushita Electric Industrial Co., Ltd. | 記録再生装置、通信装置、プログラム、システムlsi |
US7565539B2 (en) * | 2006-07-03 | 2009-07-21 | Viasat Inc. | Method and apparatus for secure communications |
JP2008301391A (ja) * | 2007-06-04 | 2008-12-11 | Murata Mach Ltd | 放送用暗号システムと暗号通信方法、復号器及び復号プログラム |
US20130336477A1 (en) * | 2012-06-15 | 2013-12-19 | Kabushiki Kaisha Toshiba | Medium |
-
2010
- 2010-03-15 WO PCT/JP2010/001846 patent/WO2010116618A1/ja active Application Filing
- 2010-03-15 CN CN201080014271.2A patent/CN102365839B/zh active Active
- 2010-03-15 JP JP2011508205A patent/JP5335072B2/ja active Active
-
2011
- 2011-10-05 US US13/253,591 patent/US8787582B2/en active Active
-
2013
- 2013-07-30 JP JP2013157570A patent/JP5793709B2/ja active Active
-
2014
- 2014-05-05 US US14/269,603 patent/US9172535B2/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2005303370A (ja) * | 2004-04-06 | 2005-10-27 | Sony Corp | 半導体チップ、起動プログラム、半導体チッププログラム、記憶媒体、端末装置、及び情報処理方法 |
JP2006229881A (ja) * | 2005-02-21 | 2006-08-31 | Toshiba Corp | 鍵管理システムおよび鍵管理方法 |
JP2007011871A (ja) * | 2005-07-01 | 2007-01-18 | Matsushita Electric Ind Co Ltd | 機密情報実装システム及びlsi |
JP2007149267A (ja) * | 2005-11-29 | 2007-06-14 | Fujitsu Ltd | 半導体装置 |
WO2009028137A1 (ja) * | 2007-08-28 | 2009-03-05 | Panasonic Corporation | 鍵端末装置、暗号処理用lsi、固有鍵生成方法及びコンテンツシステム |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120137137A1 (en) * | 2010-11-30 | 2012-05-31 | Brickell Ernest F | Method and apparatus for key provisioning of hardware devices |
JP2013545388A (ja) * | 2010-11-30 | 2013-12-19 | インテル・コーポレーション | ハードウェアデバイスの鍵プロビジョン方法および装置 |
US9043604B2 (en) | 2010-11-30 | 2015-05-26 | Intel Corporation | Method and apparatus for key provisioning of hardware devices |
CN104798338A (zh) * | 2012-12-27 | 2015-07-22 | 英特尔公司 | 用于在集成电路制造期间保护密钥制备的熔丝认证 |
CN104798338B (zh) * | 2012-12-27 | 2018-01-19 | 英特尔公司 | 用于在集成电路制造期间保护密钥制备的熔丝认证 |
JP2017506850A (ja) * | 2014-02-20 | 2017-03-09 | ザイリンクス インコーポレイテッドXilinx Incorporated | 公開鍵およびセッション鍵による認証 |
JP2016036121A (ja) * | 2014-08-04 | 2016-03-17 | 株式会社東芝 | システム鍵設定システム、鍵配布鍵設定サーバ及び鍵配布鍵設定方法 |
Also Published As
Publication number | Publication date |
---|---|
US20120027214A1 (en) | 2012-02-02 |
CN102365839B (zh) | 2014-07-16 |
JP5793709B2 (ja) | 2015-10-14 |
US8787582B2 (en) | 2014-07-22 |
CN102365839A (zh) | 2012-02-29 |
JPWO2010116618A1 (ja) | 2012-10-18 |
US9172535B2 (en) | 2015-10-27 |
US20140369496A1 (en) | 2014-12-18 |
JP2013255261A (ja) | 2013-12-19 |
JP5335072B2 (ja) | 2013-11-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5793709B2 (ja) | 鍵実装システム | |
US9183357B2 (en) | Recording/reproducing system, recording medium device, and recording/reproducing device | |
US9081726B2 (en) | Controller to be incorporated in storage medium device, storage medium device, system for manufacturing storage medium device, and method for manufacturing storage medium device | |
TWI491236B (zh) | Information processing device, controller, key issuer, invalidation list validity determination method and key issue method | |
WO2011152065A1 (ja) | コントローラ、制御方法、コンピュータプログラム、プログラム記録媒体、記録装置及び記録装置の製造方法 | |
US8370647B2 (en) | Information processing apparatus, information processing method, and program | |
US20110222691A1 (en) | Recording system, playback system, key distribution server, recording device, recording medium device, playback device, recording method, and playback method | |
US20020184259A1 (en) | Data reproducing/recording apparatus/ method and list updating method | |
JP6026630B2 (ja) | メモリシステム | |
US20100313034A1 (en) | Information processing apparatus, data recording system, information processing method, and program | |
JP2008005408A (ja) | 記録データ処理装置 | |
US20140013453A1 (en) | Duplication judgment device and duplication management system | |
JP5552917B2 (ja) | 情報処理装置、および情報処理方法、並びにプログラム | |
JP2008527892A (ja) | セキュアホストインタフェース | |
JP2010092202A (ja) | Usbインタフェースを用いた記憶装置 | |
JP2010097502A (ja) | 暗号化・復号システム、暗号化装置、復号装置、および暗号化・復号方法 | |
WO2007128418A1 (en) | Apparatus for writing data to a medium | |
JP2009122923A (ja) | 著作権保護システム、再生装置、及び再生方法 | |
JP2009093767A (ja) | 情報処理装置、ディスク、および情報処理方法、並びにコンピュータ・プログラム | |
JP2006314002A (ja) | 集積回路、情報装置、および秘密情報の管理方法 | |
JP2009110596A (ja) | ディスク、および情報処理方法、並びにコンピュータ・プログラム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 201080014271.2 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 10761326 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2011508205 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 10761326 Country of ref document: EP Kind code of ref document: A1 |