EP1797562A4 - Apparatus and method for securely storing data - Google Patents
Apparatus and method for securely storing dataInfo
- Publication number
- EP1797562A4 EP1797562A4 EP05809025A EP05809025A EP1797562A4 EP 1797562 A4 EP1797562 A4 EP 1797562A4 EP 05809025 A EP05809025 A EP 05809025A EP 05809025 A EP05809025 A EP 05809025A EP 1797562 A4 EP1797562 A4 EP 1797562A4
- Authority
- EP
- European Patent Office
- Prior art keywords
- data
- random number
- secret information
- protection key
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 230000015572 biosynthetic process Effects 0.000 claims description 11
- 238000013478 data encryption standard Methods 0.000 claims description 11
- 238000004590 computer program Methods 0.000 claims 1
- 230000006870 function Effects 0.000 description 42
- 238000010586 diagram Methods 0.000 description 24
- 239000000284 extract Substances 0.000 description 9
- 230000007547 defect Effects 0.000 description 7
- 238000013500 data storage Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/0021—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/00188—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving measures which result in a restriction to authorised devices recording or reproducing contents to/from a record carrier
- G11B20/00195—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving measures which result in a restriction to authorised devices recording or reproducing contents to/from a record carrier using a device identifier associated with the player or recorder, e.g. serial numbers of playback apparatuses or MAC addresses
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/0021—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
- G11B20/00217—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier the cryptographic key used for encryption and/or decryption of contents recorded on or reproduced from the record carrier being read from a specific source
- G11B20/00246—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier the cryptographic key used for encryption and/or decryption of contents recorded on or reproduced from the record carrier being read from a specific source wherein the key is obtained from a local device, e.g. device key initially stored by the player or by the recorder
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/0021—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
- G11B20/00485—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier characterised by a specific kind of data which is encrypted and recorded on and/or reproduced from the record carrier
- G11B20/00492—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier characterised by a specific kind of data which is encrypted and recorded on and/or reproduced from the record carrier wherein content or user data is encrypted
Abstract
An apparatus and method for securely storing data. The apparatus for securely storing data in a predetermined device, includes: a key generator generating a protection key used to encrypt data based on a random number generated by inputting predetermined secret information in a predetermined random number generation function, and generation sequence information, which is information on a generation sequence of the random number, wherein the predetermined secret information is stored in a secure region, and the random number generation function can generate the protection key based on the generation sequence information and the secret information. As described above, the apparatus and method for storing data make it possible to securely store data even if the apparatus for storing data is replaced.
Description
Description
APPARATUSANDMETHODFORSECURELYSTORINGDATA
Technical Field
[1] The present invention relates to an apparatus and method for storing data, and more particularly to an apparatus and method for storing data that make it possible to securely store data even if the apparatus for storing data is replaced, by using the data in an apparatus used as a replacement apparatus .
Background Art
[2] A household electronic device such as a DVD player includes a hard disk embedded therein and stores contents such as audio/video (AV) data in the hard disk. Due to several reasons including copyright protection, the contents are encrypted using a pre¬ determined encryption key and are stored in the hard disk. The encrypted contents are decrypted using a predetermined decryption key in order to reproduce the contents, and the decrypted contents are encrypted again using a predetermined encryption key and are stored in the hard disk. In order to secure one-time data protection, the contents are encrypted using a different encryption key whenever they are encrypted and stored in the hard disk.
[3] FIG. IA is a block diagram of the structure of a conventional data reproducing device such as a DVD player. Referring to FIG. IA, the data reproducing device 10 comprises an external source 20 that provides contents, an external device 30 that uses the contents, i.e., reproduces the contents, and a data storage unit 40 that stores the contents.
[4] The external source 20 refers to any device that provides the contents from outside of the data reproducing device 10, and for example, is a video tape, a CD, satellite receiving equipment, cable TV receiving equipment, and the like.
[5] The external device 30 refers to a device that uses the contents, and for example, is an MPEG decoder, etc.
[6] The data storage unit 40 encrypts the contents from the external source 20 in order to securely store the contents therein, decrypts the encrypted contents, and provides the external device 30 with the decrypted contents.
[7] FIG. IB is a block diagram of the internal structure of a conventional apparatus for storing data 100. The apparatus for storing data 100 comprises an encryptor 110, a key generator 120, a key storage unit 130, a decryptor 140, and a storage unit 150.
[8] The key generator 120 generates a protection key 122 using random number generation. The protection key 122 is a key used to protect all the data stored in the data storage device 40, i.e. a key used to encrypt and decrypt the data. The protection key is different whenever it is generated due to the use of random number generation.
[9] The encryptor 110 encrypts contents 102 from the external source 20 using the protection key 122, thereby generating encrypted contents 112 and storing them in the storage unit 150.
[10] The protection key 122 generated by the key generator 120 is stored in the key storage unit 130. The key storage unit 130 is embodied as a secure region like, for example, a flash memory, etc.
[11] When the external device 30 uses the contents 102, the decryptor 140 extracts encrypted contents 152 from the storage unit 150, extracts the protection key 122 from the key storage unit 130, and decrypts the encrypted contents 152 using the protection key 122, thereby generating decrypted contents 142 and providing the external device 30 with the decrypted contents 142.
[12] Contents used in the external device 30 are encrypted in the encryptor 110 and stored in the storage unit 150. A protection key 124 used to encrypt the contents again is generated by the key generator 120. The protection key 124 is different from the protection key 122 used to firstly store the contents.
[13] FIG. 2 is a flow chart describing a method of storing data using the apparatus for storing data shown in FIG. IB.
[14] In Operation 210, the key generator 120 generates the first protection key 122 using random number generation.
[15] In Operation 220, the encryptor 110 encrypts the contents 102 using the first protection key 122, thereby generating the encrypted contents 112 and storing them in the storage unit 150.
[16] In Operation 230, the first protection key 122 generated by the key generator 120 is stored in the key storage unit 130.
[17] In Operation 240, the external device 30 uses the contents, for example, a DVD player reproduces the contents. In Operations 250 to 270, the decryptor 140 extracts the encrypted contents 152 from the storage unit 150, extracts the first protection key 122 from the key storage unit 130, and decrypts the encrypted contents 152 using the first protection key 122, thereby generating the decrypted contents 142 and providing the external device 30 with the decrypted contents 142, which are reproduced by the external device 30.
[18] The reproduced contents are again encrypted in the encryptor 110 and are stored in the storage unit 150. That is, Operations 210 to 230 are repeated. The second protection key 124 used to encrypt the contents is generated by the key generator 120. The second protection key 124 is different from the first protection key 122 used to firstly store the contents. A different protection key is used to store the contents in order to secure one-time protection of the contents.
Disclosure of Invention
Technical Problem
[19] However, the foregoing apparatus and method for storing data have a problem when the apparatus 100 for storing data is installed in a new device due to after-sales service for the data reproducer 10. Suppose that first device DA includes first storage unit SA, and the first storage unit SA stores encrypted contents E (Kl, Cl) using a first protection key Kl. The first device DA is replaced with the second device DB due to trouble of the first device DA. The first storage unit SA remains unchanged in order to maintain the encrypted contents E (Kl, Cl). That is, the first storage unit SA is installed in the second device DB.
[20] In this case, the first protection key Kl is neither included in the second device DB nor known to an after-sales service center. Since the first protection key Kl is generated using random number generation, a problem occurs in which the second device DB cannot use, i.e., reproduce, the encrypted contents E (Kl, Cl) any more.
[21] The problem frequently occurs when a storage medium is upgraded and replaced as well as the device has a defect.
Technical Solution
[22] The present invention provides an apparatus and method for storing data capable of obtaining data stored in the apparatus for storing data, even if a device including the apparatus for storing data is replaced, through after-sales service, etc.
Advantageous Effects
[23] According to the present invention, an apparatus and method for storing data make it possible to obtain data stored in the apparatus for storing data by separately storing information on a random number generation sequence and secret information on random number generation although a device including the apparatus for storing data is replaced through after-sales service, etc.
[24] Also, according to the present invention, An apparatus and method for storing data make it possible to accomplish device binding to allow contents to be used in a single device by allocating intrinsic secret information to each device.
Description of Drawings
[25] FIG. IA is a block diagram of the structure of a conventional data reproducer such as a DVD player;
[26] FIG. IB is a block diagram of the internal structure of a conventional apparatus for storing data;
[27] FIG. 2 is a flow chart describing a method of storing data using the apparatus for storing data shown in FIG. IB;
[28] FIG. 3 is a schematic diagram of an apparatus for storing data according to an
exemplary embodiment of the present invention;
[29] FIG. 4A is a schematic diagram of the general operation of the random number generation function used to encrypt data;
[30] FIG. 4B is schematic diagram of a random number generation function;
[31] FIG. 4C is a schematic diagram of another random number generation function;
[32] FIG. 5A is a schematic diagram of the general operation of the random number generation function used to decrypt data;
[33] FIGS. 5B and 5C are schematic diagrams of the operation of a random number generation function used to decrypt data in view of the random number generation function shown in FIGS. 4B through 4C;
[34] FIG. 6 is a flow chart describing a method of storing data according to an exemplary embodiment of the present invention;
[35] FIG. 7 is a schematic diagram of a method of performing device binding by allocating intrinsic secret information to each device;
[36] FIG. 8 is a flow chart describing a method of extracting data stored in storage before a device is replaced due to a defect in the device;
[37] FIG. 9 is a block diagram of operation relationship between a first device 900 and second device 902;
[38] FIG. 10 is a flow chart describing another method of extracting data stored in storage before a device is replaced due to a defect in the device; and
[39] FIG. 11 is a block diagram of operation relationship between a first device 1100 and second device 1102.
Best Mode
[40] According to an aspect of the present invention, there is provided an apparatus for securely storing data in a predetermined device, including:
[41] a key generator generating a protection key used to encrypt the data based on a random number generated by inputting predetermined secret information to a pre¬ determined random number generation function, and generation sequence information, which is information on a generation sequence of the random number,
[42] wherein the predetermined secret information is stored in a secure region, and the random number generation function can generate the protection key based on the generation sequence information and the secret information.
[43] According to another aspect of the present invention, there is provided a method of securely storing data in a predetermined device, including:
[44] key generating a protection key used to encrypt data based on a random number generated by inputting predetermined secret information in a predetermined random number generation function, and generation sequence information, which is in¬ formation on a generation sequence of the random number,
[45] wherein the predetermined secret information is stored in a secure region, and the random number generation function can generate the protection key based on the generation sequence information and the secret information.
Mode for Invention
[46] The present invention will now be described more fully with reference to the ac¬ companying drawings.
[47] Hereinafter, the term 'device' means an apparatus for storing data according to an embodiment of the present invention, and refers to devices of any form that use data. For example, the device may be a reproducer such as a DVD player, a game machine that performs game data, a PDA, another mobile device, etc. The apparatus for storing data stores encrypted AV data, game data, etc., decrypts the data when necessary to provide the device with decrypted AV data, game data, etc., and again encrypts the data to securely store encrypted AV data, game data, etc.
[48] FIG. 3 is a schematic diagram of an apparatus for storing data according to an exemplary embodiment of the present invention. Referring to FIG. 3, the apparatus 300 for storing data comprises a key generator 310, an encryptor 320, a storage unit 330, secret information storage unit 340, and a decryptor 350.
[49] Storing of data 302 input from an external source, and extracting of data 352 from the apparatus 300 for storing data, so that an external device can use the data 352, will now be separately described.
[50] When the data 302 is input from an external source, the key generator 310 generates a protection key 312 by inputting secret information 342 into a random number generation function f() that uses a predetermined pseudo-random number generation algorithm. The protection key 312 used to encrypt and decrypt the data 302 is a random number generated by the random number generation function f().
[51] The secret information 342 may be predetermined information used to generate a pseudo-random number like, for example, a seed, and is stored in a secure region of the apparatus 300 for storing data, i.e., the secret information storage unit 340.
[52] The secret information 342 is information uniquely allocated to a device. Different secret information 342 causes a different random number to be generated, even though the random number generation function f() is the same. Therefore, each apparatus for storing data has a different protection key 312, and an object of device binding can be accomplished.
[53] The key generator 310 stores generation sequence information 314 which represents a random number generation sequence, using the random number generation function in the storage unit 330.
[54] The encryptor 320 encrypts the data 302 using the protection key 312, thereby generating the encrypted data 322 and storing it in the storage unit 330.
[55] When the external device uses the data 352, the key generator 310 generates a protection key 316 by extracting the generation sequence information 332 from the storage unit 330, extracting the secret information 342 from the secret information storage unit 340, and inputting the generation sequence information 332 and the secret information 342.
[56] The decryptor 350 extracts encrypted data 334 from the storage unit 330, and decrypts the encrypted data 334 using the protection key 316, thereby generating the decrypted data 352.
[57] The decrypted data 352 is transferred to the external device (not shown). Then, the decrypted data 352 is again encrypted by the encryptor 320 and is stored in the storage unit 330. For example, when the data 302 is AV data, the external device is an AV player that reproduces a video. Also, when the data 302 is information necessary for generating a contents key used to encrypt the contents, an external device may be a device that generates the contents key.
[58] FIGS. 4A through 4C are schematic diagrams of the operation of a random number generation function used to encrypt data according to an exemplary embodiment of the present invention.
[59] FIG. 4A is a schematic diagram of the general operation of the random number generation function used to encrypt data. Referring to FIG. 4A, a random number generation function f() generates random numbers using secret information, and separately outputs a random number generation sequence. The random number generation function f() is a predetermined function in which predetermined random numbers are sequentially generated from predetermined secret information. The generation sequence information and random numbers are linked to each other and are stored in the storage unit 330.
[60] FIG. 4B is schematic diagram of a random number generation function. Referring to FIG. 4B, the random number generation function f() is given as Equation 1,
[61] (1)
/0 = function w hich satisfies f(n) = Xk, Xk+1 = aXk(mod M), wherein X0 = C
[62] where X is a k random number, k is generation sequence information, M is a pre¬ determined decimal number, a is a constant, and X is an initial value.
[63] Referring to Equation 1, when the initial value X is obtained, random numbers X ,
X 2 , ..., X k , ..., X n are sequentially generated. The generated random numbers X 1 , X2 ,.., are not stored in the apparatus 300 for storing data. Instead, the k and Xk are stored in the storage unit 330.
[64] FIG. 4C is a schematic diagram of another random number generation function.
Referring to FIG. 4C, the random number generation function f() is given as Equation
2. [65]
JO = function w hich satisfies Xx+1 = DES(K dei, Xx) wherein X0 = C
(2)
[66] The random number generation function is a Data Encryption Standard (DES) encryption algorithm, encrypts a 128-bit input value X using DES key K_des, and k generates a 128-bit output value X . The DES encryption algorithm is well known to k+l a person having skill in the pertinent art.
[67] Like in Equation 1, when the initial value X is obtained, random numbers X , X ,
..., X k , ..., X n are sequentially generated. The generated random numbers X 1 , X2 ,.., are not stored in the apparatus 300 for storing data. Instead, k and Xk are stored in the storage unit 330.
[68] FIGS. 5A through 5C are schematic diagrams of the operation of a random number generation function used to decrypt data in view of the random number generation function shown in FIGS. 4 A through 4C.
[69] FIG. 5A is a schematic diagram of the general operation of the random number generation function used to decrypt data. Referring to FIG. 5A, the random number g eneration function f() generates random numbers using secret information and generation sequence information. W hen data is decrypted, the secret information is stored in a secure region of the apparatus 300 for storing data like, for example, a flash memory, and is extracted. When data is decrypted, the generation sequence in¬ formation is stored in an insecure region of the apparatus 300 for storing data like, for example, a hard disk.
[70] FIGS. 5B and 5C are schematic diagrams of the operation of a random number generation function used to decrypt data in view of the random number generation function shown in FIGS. 4B through 4C.
[71] Referring to FIG. 5B, the key generator 310 generates a k random number using the initial value X and Equation 1. Referring to FIG. 5C, the key generator 310 generates the k random number using the initial value X and Equation 2.
[72] Referring to FIGS. 4B and 5B, the secret information may be a coefficient instead of the initial value X . Referring to FIGS. 4C and 5C, the secret information may be the DES key J K - des instead of the initial value X o . In this case, the initial value X o may J be opened.
[73] FIG. 6 is a flow chart describing a method of storing data according to an embodiment of the present invention.
[74] In Operation 610, the key generator 310 generates a protection key used to encrypt data to be securely stored in a device and generation sequence information, which is information on a random number generation sequence, using a random number generation function that generates random numbers based on predetermined secret in¬ formation stored in a secure region of a predetermined device. The random number generation function can generate the protection key based on the generation sequence information and secret information.
[75] In Operation 620, the encryptor 320 encrypts data using the protection key, thereby generating encrypted data.
[76] In Operation 630, the encryptor 320 and key generator 310 store the encrypted data and generation sequence information in an insecure region of the device, i.e., the storage unit 330.
[77] In Operation 640, the key generator 310 generates the protection key by inputting the generation sequence information and secret information in the random number generation function when the device uses data. The protection key generated in Operation 610 is the same as the protection key generated in Operation 640 owing to a characteristic of the random number generation function.
[78] In Operation 650, the decryptor 350 reads the encrypted data from the storage unit
330 and decrypts it using the protection key generated in Operation 640, thereby generating decrypted data.
[79] According to the foregoing apparatus and method for storing data, although the storage unit 330 or the device is replaced, the protection key generated before the storage unit 330 or the device is replaced is the same as the protection key generated after the storage unit 330 or the device is replaced. The device DA includes the storage unit SA, and the storage unit SA includes encrypted data E (K , data) using protection
A key K A . If a part other than the storage unit SA is replaced, i.e., the storage unit SA is installed in a new device DB, the device DB can decrypt the encrypted data E (K ,
A data) stored in the storage unit SA, because a new key generator of the device DB can generate the protection key KA from generation sequence information included in the storage unit SA and secret information corresponding to the storage unit SA. The secret information corresponding to the storage unit SA is recorded in the device DB by an after-sales service center.
[80] According to the foregoing apparatus and method for storing data, device binding can be accomplished since secret information is intrinsic to each device. Device binding means when a device A is authorized to use data, a device B cannot use the data, even if a storage medium having the data is installed in device B. Generally, a data provider, i.e., a contents provider requires device binding to a device provider, i.e., a reproducer manufacturer.
[81] FIG. 7 is a schematic diagram of a method of performing device binding by allocating intrinsic secret information to each device. Both first and second devices generate random numbers using the random number generation function satisfying X =aX (mod M) shown in FIGS. 4B and 5B. Both devices use the same random number generation function. However, since the initial value X of the first device is different from the initial value X of the second device, random numbers generated by the first device, X , X , X , ... , X and random numbers generated by the second device, X X ,
0 1 2 n b J O1, I1
X , ... , X are different from each other.
2' n1
[82] For example, the device DA encrypts data using protection key X , stores encrypted data in the storage unit SA, and the storage unit SA is installed in the device DB. Since the device DB includes its secret information sec_B (i.e., initial value X ) and excludes secret information sec_A (i.e., the initial value X ) of the device DA, the device DB cannot generate the protection key X even if both devices use the same random number generation function.
[83] FIG. 8 is a flow chart describing a method of extracting data stored in storage before a device is replaced due to a defect. FIG. 9 is a block diagram of operation re¬ lationship between a first device 900 and second device 902. The method shown in FIG. 8 will now be described with reference to FIG. 9.
[84] In Operation 810, a key generator 930 of the first device 900 generates a first protection key K using first secret information 954 from secret information storage unit 950 of the first device 900. At this time, generation sequence information 934 of the first protection key K is also generated and stored in storage unit 940 of the first device 900.
[85] In Operation 820, an encryptor 920 of the first device 900 encrypts data C using the first protection key K , generates encrypted data E (K , C ), and stores the encrypted data E ( K , C ) in the storage unit 940 of the first device 900. The first device 900 also includes a decryptor 960.
[86] In Operation 830, due to a defect of the first device 900, the first device 900 is replaced with the second device 902 while the data E ( K 5 C ) remains unchanged. That is, the storage unit 940 of the first device 900 is installed in the second device 902.
[87] In Operation 840, the after-sales service center records secret information cor¬ responding to the storage unit 940 of the first device 900, i.e., the first secret in¬ formation 954 in secret information storage unit 952 of the second device 902. The after-sales service center has tables corresponding to the respective first and second devices and secret information, and confirms a serial number of the storage unit 940 of the first device 900 using the tables in order to determine what the first secret in¬ formation 954 is.
[88] In Operation 850, the after-sales service center installs the first storage unit 940 in the second device 902. Therefore, the second device 902 includes the storage unit 940 of the first device 900 in which the encrypted data E( K , C ) and generation sequence information 934 are recorded, and secret information storage unit 952 of the second device 902 in which the first secret information 954 is recorded.
[89] In Operation 860, a key generator 932 of the second device 902 extracts the first secret information 954 from the secret information storage unit 952 of the second device 902, extracts the generation sequence information 934 from the storage unit 940 of the first device 900, and generates the first protection key K using the first secret information 954, the generation sequence information 934 and a random number generation function. The first device 900 and second device 902 have the same random number generation function.
[90] In Operation 870, a decryptor 962 of the second device 902 extracts the encrypted data E( K , C ) from the storage unit 940 of the first device 900, decrypts the encrypted data E( K , C ) using the first protection key K generated in Operation 860, and generates decrypted data C . The second device 902 also includes an encryptor 922.
[91] FIG. 10 is a flow chart describing another method of extracting data stored in storage before a device is replaced due to a defect. FIG. 11 is a block diagram of an operation relationship between a first device 1100 and a second device 1102. The method shown in FIG. 10 will now be described with reference to FIG. 11.
[92] In Operation 1010, a key generator 1130 of the first device 1100 generates a first protection key K using first secret information 1154 from a secret information storage unit 1150 of the first device 1100. At this time, generation sequence information 1134 of the first protection key K is also generated and is stored in storage unit 1140 of the first device 1100.
[93] In Operation 1020, an encryptor 1120 of the first device 1100 encrypts data C using the first protection key K , generates encrypted data E ( K 5 C ), and stores the encrypted data E ( K , C ) in the storage unit 1140 of the first device 1100. The first device 1100 also includes a decryptor 1160.
[94] In Operation 1030, due to a defect of the first device 1100, the first device 1100 is replaced with the second device 1102 while the data E ( K 5 C ) remains unchanged. That is, the storage unit 1140 of the first device 1100 is installed in the second device 1102.
[95] In Operation 1040, the after-sales service center generates the first protection key
K using first secret information 1154 corresponding to the storage unit 1140 of the first device 1100 and the generation sequence information 1134 of the first protection key K . The generation sequence information 1134 of the first protection key K can be extracted from the storage unit 1140 of the first device 1100. The after-sales service
center has tables each corresponding to the first and second devices and secret in¬ formation, and confirms a serial number of the storage unit 1140 of the first device 1100 using the tables in order to determine what the first secret information 1154 is.
[96] In Operation 1050, the after-sales service center decrypts the encrypted data E( K ,
C ) using the first protection key K to generate decrypted data C . The encrypted data E( K , C ) can be extracted from the storage unit 1140 of the first device 1100.
[97] In Operation 1060, the after-sales service center generates a second protection key
K using second secret information 1156 corresponding to a serial number of the second device 1102. At this time, generation sequence information 1146 of the second protection key K is also generated and is stored in storage unit 1140 of the first device 1100.
[98] In Operation 1070, the after-sales service center encrypts data Cl decrypted in
Operation 1050 using the second protection key K , generates encrypted data E ( K 5 C ), and stores the encrypted data E ( K , C ) in the storage unit 1140 of the first device 1100.
[99] In Operation 1080, the after-sales service center installs the first storage unit 1140 in the first device 1100 in the second device 1102, and records the second secret in¬ formation 1156 of Operation 1060 in the secret information storage unit 1152 of the second device 1102.
[100] In Operation 1090, a key generator 1132 of the second device 1102 generates the second protection key K using the generation sequence information 1148 of the second protection key K and secret information 1158. The first device 900 and second device 902 have the same random number generation function.
[101] In Operation 1095, a decryptor 1162 of the second device 1102 extracts the encrypted data E( K , C ) from the storage unit 1140 of the first device 1100 and decrypts the encrypted data E( K , C ) using the second protection key K generated in Operation 109 to generate decrypted data C . The second device 1102 also includes an encryptor 1122.
[102] It is possible for an exemplary embodiment of the present invention to be realized on a computer-readable recording medium as a computer-readable code. Computer- readable recording mediums include every kind of recording device that stores computer system-readable data. ROMs, RAMs, CD-ROMs, magnetic tapes, floppy discs, optical data storage unit, etc. are used as a computer-readable recording medium. Computer-readable recording mediums can also be realized in the form of a carrier wave (e.g., transmission through Internet).
[103] While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing
from the spirit and scope of the invention as defined by the appended claims. The exemplary embodiments should be considered in a descriptive sense only and not for purposes of limitation. Therefore, the scope of the present invention is defined not by the detailed description of the invention but by the appended claims, and all differences within the scope of the present invention will be construed as being included in the present invention
Claims
Claims
[1] 1. An apparatus for securely storing data in a predetermined device, comprising: a key generator generating a protection key used to encrypt the data, said protection key based on: a random number generated by inputting predetermined secret information to a predetermined random number generation function, and generation sequence information, which is information on a generation sequence of the random number, wherein the predetermined secret information is stored in a secure region, and the random number generation function generates the protection key based on the generation sequence information and the secret information.
[2] 2. The apparatus of claim 1, further comprising: an encryptor encrypting the data using the protection key to generate encrypted data; a storage unit storing the encrypted data and the generation sequence in¬ formation; and a secret information storage unit securely storing the secret information with an external access blocked.
[3] 3. The apparatus of claim 1, wherein the key generator generates the protection key by inputting the generation sequence information and the secret information in the random number generation function when the device uses the data.
[4] 4. The apparatus of claim 1, further comprising: a decryptor reading encrypted data from the storage unit and decrypting the encrypted data using the protection key to generate decrypted data when the device uses the data.
[5] 5. The apparatus of claim 1, wherein the random number generation function generates a different random number when different secret information is input to the random number generation function, even if the generation sequence in¬ formation is the same.
[6] 6. The apparatus of claim 5, wherein the secret information is unique information allocated to each device so that device binding can be accomplished.
[7] 7. The apparatus of claim 1, wherein the key generator generates the random number using a DES algorithm, and the secret information is a Data Encryption Standard (DES) key.
[8] 8. The apparatus of claim 4, wherein the data is audio/video (AV) contents, and the decryptor reads the encrypted data from the storage unit when the device commands reproduction of the AV contents, and decrypts the encrypted data
using the protection key to generate decrypted data .
[9] 9. A method of securely storing data in a predetermined device, comprising: generating a protection key used to encrypt data, said protection key based on: a random number generated by inputting predetermined secret information in a predetermined random number generation function, and generation sequence information, which is information on a generation sequence of the random number, and storing the predetermined secret information in a secure region, wherein the random number generation function generates the protection key based on the generation sequence information and the secret information.
[10] 10 The method of claim 9, further comprising: encrypting the data using the protection key to generate encrypted data; storing the encrypted data and the generation sequence information in an insecure region of the device; and generating a decryption key generating the protection key by inputting the generation sequence information and the secret information to the random number generation function when the device uses the data.
[11] 11. The method of claim 9, further comprising: decrypting reading encrypted data from the storage unit and decrypting the encrypted data using the protection key to generate decrypted data when the device uses the data.
[12] 12. The method of claim 9, wherein the random number generation function generates a different random number when different secret information is input to the random number generation function, even if the generation sequence in¬ formation is the same.
[13] 13. The method of claim 12, wherein the secret information is intrinsic in¬ formation allocated to each device so that device binding can be accomplished.
[14] 14. The method of claim 9, wherein the key generating generates the random number using a DES algorithm, and the secret information is a DES key.
[15] 15. The method of claim 9, wherein the data is audio/video (AV) contents, and the decrypting reads the encrypted data from the storage unit when the device commands to reproduce the AV contents, and decrypts the encrypted data using the protection key to generate decrypted data .
[16] 16. A computer readable medium having embodied thereon a computer program for executing the method of claim 9.
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US61612004P | 2004-10-06 | 2004-10-06 | |
KR1020040083240A KR100694061B1 (en) | 2004-10-06 | 2004-10-18 | Apparatus and Method for storing data securly |
PCT/KR2005/003111 WO2006038776A1 (en) | 2004-10-06 | 2005-09-20 | Apparatus and method for securely storing data |
Publications (2)
Publication Number | Publication Date |
---|---|
EP1797562A1 EP1797562A1 (en) | 2007-06-20 |
EP1797562A4 true EP1797562A4 (en) | 2009-03-25 |
Family
ID=36142827
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP05809025A Withdrawn EP1797562A4 (en) | 2004-10-06 | 2005-09-20 | Apparatus and method for securely storing data |
Country Status (2)
Country | Link |
---|---|
EP (1) | EP1797562A4 (en) |
WO (1) | WO2006038776A1 (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2330574A1 (en) * | 2009-12-04 | 2011-06-08 | Scheidt & Bachmann GmbH | Check out system |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2004046899A2 (en) * | 2002-11-15 | 2004-06-03 | Koninklijke Philips Electronics N.V. | Archive system and method for copy controlled storage devices |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP3786014B2 (en) * | 1995-10-09 | 2006-06-14 | 松下電器産業株式会社 | Encryption recording apparatus and encryption recording method |
JP4101975B2 (en) * | 1998-12-02 | 2008-06-18 | オリンパス株式会社 | Data recording / reproducing apparatus using portable storage medium |
JP2000286832A (en) * | 1999-03-31 | 2000-10-13 | Ricoh Co Ltd | Information recording system, information recording method and computer-readable recording medium storing program to allow computer to execute the method |
JP4288450B2 (en) * | 2001-02-28 | 2009-07-01 | ソニー株式会社 | Information recording apparatus, information reproducing apparatus, information recording / reproducing apparatus, and information recording management apparatus |
-
2005
- 2005-09-20 EP EP05809025A patent/EP1797562A4/en not_active Withdrawn
- 2005-09-20 WO PCT/KR2005/003111 patent/WO2006038776A1/en active Application Filing
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2004046899A2 (en) * | 2002-11-15 | 2004-06-03 | Koninklijke Philips Electronics N.V. | Archive system and method for copy controlled storage devices |
Non-Patent Citations (2)
Title |
---|
"Windows Data Protection", INTERNET CITATION, XP002285213, Retrieved from the Internet <URL:http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnse cure/html/windataprotection-dpapi.asp> [retrieved on 20040621] * |
MENEZES A J ET AL: "Handbook of Appied Cryptography , CHAPTER 5 - PSEUDORANDOM BITS AND SEQUENCES", HANDBOOK OF APPLIED CRYPTOGRAPHY; [CRC PRESS SERIES ON DISCRETE MATHEMATICES AND ITS APPLICATIONS], BOCA RATON, FL, CRC PRESS.; US, 1 January 1997 (1997-01-01), pages 169 - 190, XP002403364, ISBN: 978-0-8493-8523-0 * |
Also Published As
Publication number | Publication date |
---|---|
EP1797562A1 (en) | 2007-06-20 |
WO2006038776A1 (en) | 2006-04-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7346169B2 (en) | Information processing device and method | |
US7225339B2 (en) | Information recording/playback apparatus and method | |
US6868404B1 (en) | Digital data recording device, digital data memory device, and digital data utilizing device for converting management information which contains restrictive information using a different key in each management information send/receive session | |
EP2423918B1 (en) | Information processing device, information processing method, and program | |
WO2001099332A1 (en) | Information recording/reproducing apparatus and method | |
KR20080103225A (en) | Method for encryption transmitting and decrypting contents and apparatus thereof | |
US20050076225A1 (en) | Method and apparatus for verifying the intergrity of system data | |
US7874004B2 (en) | Method of copying and reproducing data from storage medium | |
US20060075262A1 (en) | Apparatus and method for securely storing data | |
US8782440B2 (en) | Extending the number of applications for accessing protected content in a media using media key blocks | |
EP1412943B1 (en) | Apparatus and method for reproducing user data | |
JP2001216727A (en) | Information recording medium, recorder, recording method, reproducing device, reproducing method, recording and reproducing method and transmitting method | |
JP4505693B2 (en) | Information processing apparatus, information processing method, and recording medium | |
WO2005052806A1 (en) | Method of copying and decrypting encrypted digital data and apparatus therefor | |
WO2001030019A1 (en) | Information processor and information processing method, and recorded medium | |
CN101171791B (en) | Method and apparatus for efficiently encrypting/decrypting digital content according to broadcast encryption scheme | |
JP4111933B2 (en) | Method and apparatus for playing content | |
EP1653653B1 (en) | Copyright protection system | |
US20060072763A1 (en) | Apparatus and method for storing data | |
JP2001118329A (en) | Device and method for information processing, program recording medium and data recording medium | |
JP2002244552A (en) | Information reproducing device, information reproducing method, and information recording medium and program storage medium | |
WO2006038776A1 (en) | Apparatus and method for securely storing data | |
JP3988358B2 (en) | Information recording apparatus, information reproducing apparatus, information recording method, information reproducing method, information recording medium, and program providing medium | |
JP2002236622A (en) | Device for regenerating information device for recording information, method of regenerating information, method of recording information, recording medium for information, and medium for recording program | |
JPH11352881A (en) | Encryption apparatus and method, data decryption apparatus and method as well as data memory system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20070327 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): DE FR GB |
|
DAX | Request for extension of the european patent (deleted) | ||
RBV | Designated contracting states (corrected) |
Designated state(s): DE FR GB |
|
A4 | Supplementary search report drawn up and despatched |
Effective date: 20090224 |
|
17Q | First examination report despatched |
Effective date: 20090415 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20110401 |