US20080279383A1 - Method and apparatus of enciphering and deciphering data using multiple keys - Google Patents

Method and apparatus of enciphering and deciphering data using multiple keys Download PDF

Info

Publication number
US20080279383A1
US20080279383A1 US12/175,920 US17592008A US2008279383A1 US 20080279383 A1 US20080279383 A1 US 20080279383A1 US 17592008 A US17592008 A US 17592008A US 2008279383 A1 US2008279383 A1 US 2008279383A1
Authority
US
United States
Prior art keywords
key
deciphering
data
enciphering
unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US12/175,920
Inventor
Takehisa Kato
Naoki Endoh
Hiroaki Unno
Tadashi Kojima
Koichi Hirayama
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Toshiba Corp
Original Assignee
Toshiba Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Toshiba Corp filed Critical Toshiba Corp
Priority to US12/175,920 priority Critical patent/US20080279383A1/en
Assigned to KABUSHIKI KAISHA TOSHIBA reassignment KABUSHIKI KAISHA TOSHIBA ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: ENDOH, NAOKI, HIRAYAMA, KOICHI, KATO, TAKEHISA, KOJIMA, TADASHI, UNNO, HIROAKI
Publication of US20080279383A1 publication Critical patent/US20080279383A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B23/00Record carriers not specific to the method of recording or reproducing; Accessories, e.g. containers, specially adapted for co-operation with the recording or reproducing apparatus ; Intermediate mediums; Apparatus or processes specially adapted for their manufacture
    • G11B23/28Indicating or preventing prior or unauthorised use, e.g. cassettes with sealing or locking means, write-protect devices for discs
    • G11B23/283Security features, e.g. digital codes
    • G11B23/284Security features, e.g. digital codes on the record carrier
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/0021Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/0021Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
    • G11B20/00217Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier the cryptographic key used for encryption and/or decryption of contents recorded on or reproduced from the record carrier being read from a specific source
    • G11B20/00253Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier the cryptographic key used for encryption and/or decryption of contents recorded on or reproduced from the record carrier being read from a specific source wherein the key is stored on the record carrier
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/0021Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
    • G11B20/00485Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier characterised by a specific kind of data which is encrypted and recorded on and/or reproduced from the record carrier
    • G11B20/00557Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier characterised by a specific kind of data which is encrypted and recorded on and/or reproduced from the record carrier wherein further management data is encrypted, e.g. sector headers, TOC or the lead-in or lead-out areas
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B23/00Record carriers not specific to the method of recording or reproducing; Accessories, e.g. containers, specially adapted for co-operation with the recording or reproducing apparatus ; Intermediate mediums; Apparatus or processes specially adapted for their manufacture
    • G11B23/28Indicating or preventing prior or unauthorised use, e.g. cassettes with sealing or locking means, write-protect devices for discs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N5/00Details of television systems
    • H04N5/76Television signal recording
    • H04N5/91Television signal processing therefor
    • H04N5/913Television signal processing therefor for scrambling ; for copy protection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N5/00Details of television systems
    • H04N5/76Television signal recording
    • H04N5/91Television signal processing therefor
    • H04N5/913Television signal processing therefor for scrambling ; for copy protection
    • H04N2005/91357Television signal processing therefor for scrambling ; for copy protection by modifying the video signal
    • H04N2005/91364Television signal processing therefor for scrambling ; for copy protection by modifying the video signal the video signal being scrambled

Definitions

  • the present invention relates to an enciphering method, deciphering method, recording and reproducing device, deciphering device, deciphering unit device, recording medium, recording-medium manufacturing method, and key control method which are for preventing the digitally recorded data from being copied from a recording medium.
  • Compact disks and laser disks have been available as recording mediums that record digitized data (e.g., documents, sound, images, or programs).
  • digitized data e.g., documents, sound, images, or programs.
  • Floppy disks and hard disks have been used as recording mediums for computer programs and data.
  • a DVD digital video disk
  • a large-capacity recording medium has been developed.
  • the aforementioned various digital recording mediums record the digital data (including the compressed or encoded data, which can be decoded later) as it is, the recorded data can be copied easily to another recording medium without impairing the quality of sound or the quality of image, which enables a large number of reproductions to be made, contributing to literary piracy.
  • the data when the data is copied from a digital recording medium, the data can be copied with the sound quality and picture quality of the master remaining unchanged, or without the deterioration of sound quality or picture quality. This has caused the problem of permitting the wrongful conduct of making unauthorized copies of the original and selling them without paying a royalty.
  • an enciphering method comprising the steps of: enciphering data with a first key; and enciphering the first key with each of a plurality of predetermined second keys.
  • a recording medium having information items recorded thereon, the information items comprising: first information obtained by enciphering data with a first key; and second information obtained by enciphering the first key with each of a plurality of predetermined second keys.
  • a recording medium manufacturing method comprising the steps of: obtaining first information by enciphering data with a first key; obtaining second information obtained by enciphering the first key with each of a plurality of predetermined second keys; and recording the first and second information on the same recording medium.
  • a deciphering method comprising the steps of: inputting first information obtained by enciphering data with a first key and second information obtained by enciphering the first key with each of a plurality of predetermined second keys; deciphering the first key using at least one of the second keys to obtain the first key; determining by a specific method whether or not the obtained first key is correct; and deciphering the data using the first key after the determination to obtain the data.
  • a deciphering device comprising: input means for inputting first information obtained by enciphering data with a first key and second information obtained by enciphering the first key with each of a plurality of predetermined second keys; storage means for storing at least one of the second keys; and deciphering means for deciphering the first key from the second information inputted from the input means using at least one of the second keys in the storage means, determining by a specific method whether or not the obtained first key is correct, and deciphering the data from the first information using the first key after the determination to obtain the data.
  • a recording and reproducing device comprising: reading means for reading first information and second information from a recording medium on which the first information obtained by enciphering data with a first key and the second information obtained by enciphering the first key with each of a plurality of predetermined second keys have been stored; storage means for storing at least one of the second keys; and deciphering means for deciphering the first key from the second information read by the reading means using at least one of the second keys in the storage means, determining by a specific method whether or not the obtained first key is correct, and deciphering the data from the first information using the first key after the determination to obtain the data.
  • a key control method comprising the steps of: causing a first caretaker to take custody of a plurality of predetermined second keys; causing a second caretaker to take custody of first information obtained by enciphering data with a first key and second information obtained by enciphering the first key with each of the predetermined second keys; and causing a third caretaker to take custody of at least one of the second keys.
  • a deciphering device comprising: reading means for reading first information, second information, and third information from a recording medium on which the first information obtained by enciphering data with a first key, the second information obtained by enciphering the first key with each of a plurality of predetermined second keys, and the third information used for key determination have been stored; storage means for storing at least one of the second keys; first deciphering means for deciphering one of the enciphered first keys selected in the order determined from the second information using one second key selected in the order determined from the second keys stored in the storage means, determining on the basis of the deciphering result and the third information whether or not the first key obtained by the deciphering is correct, and repeating the selection and the determination until the first key determined to be correct has been obtained; and second deciphering means for deciphering the data from the first information using the first key the first deciphering means has determined to be correct.
  • a deciphering device comprising: a first unit built in a driving unit of a recording medium or connected to the driving unit of the recording medium without the CPU bus of a computer, including: means for transferring first information obtained by enciphering the data read from the recording medium with a first key, second information obtained by enciphering the first key with each of a plurality of predetermined second keys, and third information used for key determination in such a manner that at least the second information and third information are transferred safely without being externally acquired; and a second unit connected to the first unit via the CPU bus of the computer including: means for receiving the first information, second information, and third information from the first unit via the CPU bus of the computer in such a manner that at least the second information and third information are received safely without being externally acquired; storage means for storing at least one of the second keys; first deciphering means for deciphering one of the enciphered first keys selected in the order determined from the second information using one second key selected in the
  • a deciphering device comprising: reading means for reading first information, second information, third information, and fourth information from a recording medium on which the first information obtained by enciphering a third key with a first key, the second information obtained by enciphering the first key with each of a plurality of predetermined second keys, the third information used for key determination, and the fourth information obtained by enciphering data with the third key have been stored; storage means for storing at least one of the second keys; first deciphering means for deciphering one of the enciphered first keys selected in the order determined from the second information using one second key selected in the order determined from the second keys stored in the storage means, determining on the basis of the deciphering result and the third information whether or not the first key obtained by the deciphering is correct, and repeating the selection and the determination until the first key determined to be correct has been obtained; second deciphering means for deciphering the third key from the first information using the first key
  • a deciphering method comprising the steps of: reading first information, second information, and third information from a recording medium on which the first information obtained by enciphering data with a first key, the second information obtained by enciphering the first key with each of a plurality of predetermined second keys, and the third information used for key determination have been stored; deciphering one of the enciphered first keys selected in the order determined from the second information using one second key selected in the order determined from the second keys, determining on the basis of the deciphering result and the third information whether or not the first key obtained by the deciphering is correct, and repeating the selection and the determination until the first key determined to be correct has been obtained; and deciphering the data from the first information using the first key determined to be correct.
  • a deciphering method comprising the steps of: transferring first information obtained by enciphering the data read from a recording medium with a first key, second information obtained by enciphering the first key with each of a plurality of predetermined second keys, and third information used for key determination from a first unit built in a driving unit of the recording medium or connected to the driving unit of the recording medium without the CPU bus of a computer to a second unit via the CPU bus of the computer in such a manner that at least the second information and third information are transferred safely without being externally acquired; and in the second unit, deciphering one of the enciphered first keys selected in the order determined from the second information using one second key selected in the order determined from the second keys stored in the storage means, determining on the basis of the deciphering result and the third information whether or not the first key obtained by the deciphering is correct, repeating the selection and the determination until the first key determined to be correct has been obtained, and deciphering the
  • a deciphering method comprising the steps of: reading first information, second information, third information, and fourth information from a recording medium on which the first information obtained by enciphering at least a third key with a first key, the second information obtained by enciphering the first key with each of a plurality of predetermined second keys, the third information used for key determination, and the fourth information obtained by enciphering data with the third key have been stored; deciphering one of the enciphered first keys selected in the order determined from the second information using one second key selected in the order determined from the second keys, determining on the basis of the deciphering result and the third information whether or not the first key obtained by the deciphering is correct, and repeating the selection and the determination until the first key determined to be correct has been obtained; deciphering the third key from the first information using the first key determined to be correct; and deciphering the data from the fourth information using the third key obtained.
  • a deciphering unit device that receives information via the CPU bus of a computer from a bus transfer unit built in a driving unit of a recording medium or connected to the driving unit of the recording medium without the CPU bus of the computer and deciphers data on the basis of the information
  • the deciphering unit device comprising: means for receiving first information obtained by enciphering the data read from the recording medium with a first key, second information obtained by enciphering the first key with each of a plurality of predetermined second keys, and third information used for key determination from the bus transfer unit via the CPU bus of the computer in such a manner that at least the second information and third information are received safely without being externally acquired; storage means for storing at least one of the second keys; first deciphering means for deciphering one of the enciphered first keys selected in the order determined from the second information using one second key selected in the order determined from the second keys stored in the storage means, determining on the basis of the deciphering result
  • the data may include at least one of key information, documents, sound, images, and programs.
  • the correct party having at least one of the second keys can get the first key and therefore can get the plain data of the data enciphered using the first key.
  • the wrongful conduct of making unauthorized copies and selling the thus copied mediums can be prevented, thereby protecting copyrights.
  • the present invention even if the data flowing over the signal line connecting the enciphering unit to the deciphering unit is stored, the stored data cannot be reproduced or used, because the data is the enciphered data.
  • the information necessary for enciphering the data is created on the basis of, for example, random numbers, and cannot be reproduced later, the stored data cannot be reproduced or used, even if the second key (master key) in the deciphering unit has been broken. As a result, the wrongful conduct of making unauthorized copies and selling the thus copied mediums can be prevented, thereby protecting copyrights.
  • the enciphering unit and deciphering unit can be designed separately from the essential portion of the reproducing section of the digital recording and reproducing apparatus, even if the cipher is broken, the enciphering unit and deciphering unit have only to be replaced to overcome this problem.
  • FIG. 1 is a block diagram of a system according to a first embodiment of the present invention
  • FIG. 2 is a flowchart for the operation of the first embodiment
  • FIG. 3 illustrates an example of a format in which the enciphered key and the enciphered data are stored on a recording medium
  • FIG. 4 is a diagram to help explain a case where the data is stored from the CPU BUS;
  • FIG. 5 is a block diagram of a system according to a second embodiment of the present invention.
  • FIGS. 6A and 6B show examples of the internal structure of the key judging section
  • FIG. 7 is a flowchart for the operation of the second embodiment
  • FIG. 8 is a flowchart for the operation of the second embodiment
  • FIG. 9 is a block diagram of a system according to a third embodiment of the present invention.
  • FIG. 10 is a flowchart for the operation of the third embodiment
  • FIG. 11 is a diagram to help explain the key control method.
  • FIG. 12 is a diagram to help explain the enciphering operation.
  • the operation of enciphering a certain data item a using key K is expressed as E K (a) and the operation of deciphering a certain data item a using key K is expressed as D K (a).
  • the operation of enciphering and deciphering a certain data item a using key K is expressed as D K (E K (a)), for example.
  • the deciphered data item is first deciphered and then the deciphered data item is enciphered to restore the original data item. This is based on the fact that the deciphering of the data has the same function as the enciphering of the data. Specifically, to return the enciphered data to the original data, the key used for deciphering must be known. Once the key is known, enciphering the deciphered data produces the original data that was first deciphered. If the cipher key is x and the data item is y, the operation will be expressed as:
  • FIG. 1 is a block diagram of a system according to a first embodiment of the present invention.
  • FIG. 2 is a flowchart for the operation of the first embodiment.
  • the system related to the first embodiment is connected to the CPU BUS of the CPU (not shown) used for reproduction in a computer, such as a personal computer.
  • the system is designed to allow the enciphered data (E SK (Data) explained later) to flow over the CPU BUS.
  • FIG. 1 shows only the sections related to the CPU used for reproduction.
  • the system of the first embodiment comprises a DVD driving unit (not shown) that reads the data from a DVD 101 , an enciphering unit 107 that is connected to the DVD driving unit without the CPU BUS or is built in the DVD driving unit, and a deciphering unit 114 .
  • the enciphering unit 107 and deciphering unit 114 are connected to the CPU BUS 110 .
  • the deciphering unit 114 outputs the data via, for example, an I/O port, not via the CPU BUS. That is, in the embodiment, the input and output of the data is carried out without the CPU BUS, whereas the CPU BUS is used for the data transfer between the enciphering unit 107 and the deciphering unit 114 .
  • the enciphering unit 107 includes a demodulation/error correction circuit 117 , a demodulation/error correction circuit 118 , and an enciphering circuit 104 . Although in FIG. 1 , the enciphering unit 107 has two enciphering circuits 104 , it is assumed that it actually has one enciphering circuit. The enciphering unit 107 is assumed to be composed of a single independent IC chip.
  • the demodulation/error correction circuit 117 and demodulation/error correction circuit 118 may be provided in the unit (the DVD driving unit) in the preceding stage, not in the enciphering unit 107 .
  • the deciphering unit 114 includes a deciphering circuit 112 and a session key creation circuit 111 that creates a second session key S K ′.
  • the deciphering unit 114 is assumed to include an MPEG decoder circuit 115 and a converter circuit 116 that converts the digital enciphered image data into analog data.
  • the deciphering unit 114 has four deciphering circuits 112 , it is assumed that it actually has one deciphering circuit.
  • the deciphering unit 114 is assumed to be composed of a single independent IC chip.
  • a control section (not shown) is assumed to control the entire system.
  • the control section is realized by, for example, executing a program on the CPU in the computer. Concrete examples of control by the control section include an instruction to read the data from a DVD, the specification of data transfer destination, and an instruction to output the data from the deciphering unit 114 .
  • the control section may be triggered, for example, by the user via a user interface, or by a process in an application program.
  • a first session key is represented by S K , a second session key S K ′, the master key M K , and image data (i.e., the data to be enciphered) Data.
  • numeral 102 indicates E MK (S K ) created by enciphering the first session key S K using the master key M K , 103 E SK (Data) created by enciphering the image data Data using the first session key S K , 105 the master key M K , 106 a second session key S K ′, 108 D MK (S K ′) created by deciphering the second session key S K ′ using the master key M K , 109 E SK ′ (E MK (S K )) created by enciphering the first session key E MK (S K ) enciphered with the master key M K using the second session key S K ′, and 113 the first session key S K ′.
  • E MK (S K ) created by enciphering the first session key S K using the master key M K is recorded in the key recording area (lead-in area) in the innermost circumference portion and the E SK (Data) created by enciphering the image data Data using the first session key S K is recorded in the data recording area (data area).
  • the first session key E MK (S K ) enciphered using the master key M K is read from the DVD 101 , on which the DVD driving unit (not shown) has recorded the first session key, and then is loaded into the enciphering unit 107 .
  • the demodulation/error correction circuit 117 performs demodulation and data error correction.
  • the session key creation circuit 111 creates a second session key S K ′ using random numbers, such as time data from a clock (not shown). Then, the deciphering circuit 112 deciphers the created second session key S K ′ using the master key M K to create D MK (S K ′) and sends it to the enciphering unit 107 via the CPU BUS 110 .
  • timing of generating random numbers e.g., the timing of inputting time information
  • the timing with which the signal indicating that the DVD 101 has been loaded into the DVD driving unit is asserted may be used.
  • the session creation circuit 111 may be composed of a random-number generator that is as long as the key. When a key is created using random numbers all of whose bits may take 0s or 1s, it is necessary to perform a check process to prevent all of the bits from taking 0s or 1s.
  • step S 3 using the master key M K , the enciphering circuit 104 of the enciphering unit 107 enciphers D MK (S K ′) received via the CPU BUS 110 .
  • a second session key S K ′ created at the session key creation circuit 111 of the deciphering unit 114 can be obtained.
  • the second session key S K ′ created at the session key creation circuit 111 is designed to prevent its contents from being known even if it is stolen on the CPU BUS 110 .
  • the enciphering unit 107 enciphers the enciphered first session key E MK (S K ) recorded on the DVD 101 to create E SK ′(E MK (S K )), and sends this to deciphering unit 114 .
  • step S 5 the deciphering circuit 112 of the deciphering unit 114 deciphers E SK ′(E MK (S K )) received via the CPU BUS 110 using the second session key S K ′ and produces:
  • E MK (S K ) obtained at the deciphering circuit 112 is deciphered using the master key M K to produce:
  • step S 6 the image data E SK (Data) enciphered using the first session key S K recorded on the DVD 101 by the DVD driving unit (not shown) is read out and loaded into the enciphering unit 107 .
  • the demodulation/error correction circuit 118 performs demodulation and corrects errors in the data.
  • E SK (Data) is sent to the enciphering unit 107 via the CPU BUS 110 .
  • step S 7 the deciphering circuit 112 of the deciphering unit 114 deciphers E SK (Data) received via the CPU BUS 110 using the first session key S K and produces:
  • step S 6 and step S 7 are repeated until for example, the process of the data to be deciphered (i.e., E SK (Data)) has been completed or the stop of the process has been requested.
  • E SK Data
  • the image data is decoded at an MPEG decoder circuit 115 .
  • the decoded signal has been converted by a D/A converter circuit 116 into an analog signal
  • the analog signal is sent to an imaging device (not shown), such as a television, which reproduces the image.
  • Step 1 may be executed before or after step S 2 and step S 3 .
  • Step S 6 and step S 7 may be executed by the method of carrying out the steps in units of E SK (Data), the method of reading a specific number of E SK (Data) at step S 6 , storing the read-out data in a buffer temporarily, and then deciphering E SK (Data) in the buffer at step S 7 , or the method of carrying out step S 6 and step S 7 in a pipeline processing manner.
  • the deciphering circuit 112 may transfer the image data E SK (Data) to the MPEG decoder circuit 115 in units of one Data item or a specific number of Data items.
  • the deciphered data is prevented from flowing over the CPU BUS of the computer and the second session key S K ′ used to encipher the first session key necessary for deciphering the enciphered data flowing over the CPU BUS is created on the basis of information that changes each time the data is reproduced, such as time information. Therefore, even when the data flowing over the CPU BUS 110 is stored from signal lines 210 into a digital storage medium 211 as shown in FIG. 4 , the data cannot be reproduced of used.
  • the circuits used for enciphering and deciphering can be designed separately from the essential portion of the reproducing section of the digital recording and reproducing apparatus, such as a DVD, even if the cipher is broken, the deciphering unit 114 (or the enciphering unit 107 and deciphering unit 114 ) has only to be replaced to overcome this problem.
  • the enciphering unit 107 has one enciphering circuit, it may have two enciphering circuits.
  • the deciphering unit 114 has one deciphering circuit, it may have two, three, or four deciphering circuits. In these cases, it is desirable that the enciphering circuits should be paired with the corresponding deciphering circuits and each pair be used independently or in a shared manner.
  • an enciphering method different from that in another enciphering circuit and deciphering circuit may be used in the enciphering circuit and its corresponding deciphering circuit in the independent set.
  • FIG. 5 is a block diagram of the system according to the second embodiment of the present invention. An example of the operation of the second embodiment is shown in the flowchart of FIGS. 7 and 8 .
  • the system related to the second embodiment is connected to the CPU BUS of the CPU (not shown) used for reproduction in a computer, such as a personal computer.
  • the system is designed to allow the enciphered data (E SK (Data)) to flow over the CPU BUS.
  • FIG. 5 shows only the sections related to the CPU used for reproduction.
  • the system of the second embodiment comprises a DVD driving unit (not shown) that reads the data from a DVD 101 , an enciphering unit 107 that is connected to the DVD driving unit without the CPU BUS or is built in the DVD driving unit, and a deciphering unit 114 a.
  • the enciphering unit 107 and deciphering unit 114 a are connected to the CPU BUS 110 .
  • the deciphering unit 114 a outputs the data via, for example, an I/O port, not via the CPU BUS. That is, in the second embodiment, the input and output of the data is carried out without the CPU BUS, whereas the CPU BUS is used for the data transfer between the enciphering unit 107 and the deciphering unit 114 a.
  • the enciphering unit 107 includes a demodulation/error correction circuit 117 , a demodulation/error correction circuit 118 , and an enciphering circuit 104 . Although in FIG. 5 , the enciphering unit 107 has two enciphering circuits 104 , it is assumed that it actually has one enciphering circuit. The enciphering unit 107 is assumed to be composed of a single independent IC chip.
  • the demodulation/error correction circuit 117 and demodulation/error correction circuit 118 may be provided in the unit (the DVD driving unit) in the preceding stage, not in the enciphering unit 107 .
  • the deciphering unit 114 a includes a deciphering circuit 112 and a session key creation circuit 111 that creates a second session key S K ′, and a key judging circuit 120 .
  • FIGS. 6A and 6B show examples of the structure of the key judging circuit 120 .
  • the key judging circuit 120 includes a deciphering circuit 112 , a comparison circuit 121 , and a gate circuit 122 .
  • the deciphering unit 114 a incorporates an MPEG decoder circuit 115 and a conversion circuit 116 that converts the deciphered digital image data into analog image data.
  • the deciphering unit 114 a has a total of five deciphering circuits 112 , including the two deciphering circuits 112 in the key judging circuit 120 , it is assumed that it actually has one deciphering circuit.
  • the deciphering unit 114 a is composed of a single independent IC chip.
  • a control section (not shown) is assumed to control the entire system.
  • the control section is realized by, for example, executing a program on the CPU in the computer. Concrete examples of control by the control section include an instruction to read the data from a DVD, the specification of data transfer destination, and an instruction to output the data from the deciphering unit 114 a .
  • the control section may be triggered, for example, by the user via a user interface, or by a process in an application program.
  • a first session key is represented by S K , a second session key S K ′, the n-th master key M Kt (t s in the range of 1 to n), and image data (i.e., the data to be enciphered) Data.
  • numeral 102 - 1 indicates E MKi (S K ) created by enciphering the first session key S K using the master key M Ki , 102 - 2 E SK (S K ) created by enciphering the first session key S K using the first session key S K itself, 103 E SK (Data) created by enciphering the image data Data using the first session key S K , 105 the master key M Ki , 106 a second session key S K ′, 108 D MKj (S K ′) created by deciphering the second session key S K ′ using the master key M Kj , 109 - 1 E SK ′(E MKi (S K )) created by enciphering the first session key E MKi (S K ) enciphered with the master key M Ki using the second session key S K ′, 109 - 2 E SK ′(E SK (S K )) created by enciphering the first session key
  • One master key E MKi (S K ) (i is in the range of 1 to n) is recorded on the DVD 101 .
  • the deciphering unit 114 a has one master key M Kj (j is in the range of 1 to n) in it.
  • Method 3 This is an expansion of Method 2.
  • the m number of master keys have been selected from the n number of master keys beforehand.
  • the present invention is not limited to these values.
  • Method 4 This is the reverse of Method 3.
  • Method 3 to Method 5 have the same deciphering procedure.
  • E MKi (S K ) created by enciphering the first session key S K using the master key M Ki are recorded in the key recording area (lead-in area) in the innermost circumference portion and E SK (Data) created by enciphering the image data Data using the first session key S K is recorded in the data recording area (data area).
  • a predetermined master key is assumed to have been registered in the deciphering unit 107 .
  • the first session key E SK (S K ) enciphered using the first session key S K itself is read from the DVD 101 , on which the DVD driving unit (not shown) has recorded the first session key, and then is loaded into the enciphering unit 107 .
  • the demodulation/error correction circuit 117 performs demodulation and data error correction.
  • the first session key E MKi (S K ) (i in the range of 1 to n, where i is unknown here) enciphered using the master key M Ki is read from the DVD 101 , on which the DVD driving unit (not shown) has recorded the master key, and then is loaded into the enciphering unit 107 .
  • the demodulation/error correction circuit 117 performs demodulation and data error correction.
  • the session key creation circuit 111 of the deciphering unit 114 creates a second session key S K ′ using random numbers, such as time data from a clock (not shown). Then, the deciphering circuit 112 deciphers the created second session key S K ′ using the master key M Kj (j is in the range of 1 to n, where j is predetermined) to create D MKj (S K ′) and sends it to the enciphering unit 107 via the CPU BUS 110 .
  • timing of generating random numbers e.g., the timing of inputting time information
  • the timing with which the signal indicating that the DVD 101 has been loaded into the DVD driving unit is asserted may be used.
  • the session creation circuit 111 may be composed of a random-number generator that is as long as the key, for example. When a key is created using random numbers all of whose bits may take 0s or 1s, it is necessary to perform a check process to prevent all of the bits from taking 0s or 1s.
  • step S 14 using the master key M Kj (j has a predetermined value in the range of 1 to n), the enciphering circuit 104 of the enciphering unit 107 enciphers D MKj (S K ′) received via the CPU BUS 110 .
  • a second session key S K ′ created at the session key creation circuit 111 of the deciphering unit 114 a can be obtained.
  • the second session key S K ′ created at the session key creation circuit 111 is designed to prevent its contents from being known even if it is stolen on the CPU BUS 110 .
  • the enciphering unit 107 enciphers the enciphered first session key E SK (S K ) recorded on the DVD 101 to create E SK ′(E SK (S K )), and sends this to deciphering unit 114 a in via CPU BUS 110 .
  • the enciphering unit 107 enciphers the enciphered first session key E MKi (S K ) recorded on the DVD 101 to create E SK ′(E MKi (S K )), and sends this to deciphering unit 114 a.
  • step S 17 the deciphering circuit 112 of the deciphering unit 114 a deciphers E SK ′(E SK (S K )) received via the CPU BUS 110 using the second session key S K ′ and produces:
  • step S 18 the deciphering circuit 112 of the deciphering unit 114 a deciphers E SK ′(E MKi (S K )) received via the CPU BUS 110 using the second session key S K ′ and produces:
  • the first session key S K is found using the key judging circuit 120 as follows.
  • the second line in the above procedure indicates the operation of deciphering E MKi (S K ) using M Ki and substituting the result into DS 1 [i].
  • the third line in the procedure indicates the operation of deciphering E SK (S K ) using S Ki and substituting the result into DS 2 [i].
  • the fourth line in the procedure indicates the operation of judging whether nor not DS 1 [i] coincides with DS 2 [i].
  • the ninth line in the procedure indicates the operation executed when DS 1 [i] does not coincide with DS 2 [i].
  • the deciphering circuit 112 deciphers E SK (S K ) using S Kij , giving:
  • the comparison circuit 121 compares S K ′′ with S Kij . If they coincide with each other, the gate circuit 122 will be controlled so as to output the stored S Kij ( FIG. 6A ) or S K ′′ ( FIG. 6B ) as the first session key S K .
  • step S 20 the image data E SK (Data) enciphered using the first session key S K recorded on the DVD 101 by the DVD driving unit (not shown) is read out and loaded into the enciphering unit 107 .
  • the demodulation/error correction circuit 118 performs demodulation and corrects errors in the data.
  • E SK (Data) is sent to the enciphering unit 107 via the CPU BUS 110 .
  • step S 21 the deciphering circuit 112 of the deciphering unit 114 a deciphers E SK (Data) received via the CPU BUS 110 using the first session key S K and produces:
  • step S 20 and step S 21 are repeated until for example, the process of the data to be deciphered (i.e., E SK (Data)) has been completed or the stop of the process has been requested.
  • E SK Data
  • the image data is decoded at an MPEG decoder circuit 115 .
  • the decoded signal has been converted by a D/A converter circuit 116 into an analog signal
  • the analog signal is sent to an imaging device (not shown), such as a television, which reproduces the image.
  • step S 11 Any one of step S 11 , step S 12 , and steps S 13 and S 4 may be executed first.
  • step S 15 and step S 17 or step S 16 and S 18 may be executed first.
  • Step S 20 and step S 21 may be executed by the method of carrying out the steps in units of E SK (Data), the method of reading a specific number of E SK (Data) at step S 20 , storing the read-out data in a buffer temporarily, and then deciphering E SK (Data) in the buffer at step S 21 , or the method of carrying out step S 20 and step S 21 in a pipeline processing manner.
  • E SK Data
  • Step S 20 and step S 21 may be executed by the method of carrying out the steps in units of E SK (Data), the method of reading a specific number of E SK (Data) at step S 20 , storing the read-out data in a buffer temporarily, and then deciphering E SK (Data) in the buffer at step S 21 , or the method of carrying out step S 20 and step S 21 in a pipeline processing manner.
  • the deciphering circuit 112 may transfer the image data E SK (Data) to the MPEG decoder circuit 115 in units of one Data item or a specific number of Data items.
  • the information that directly indicates the master key used to encipher the first session key recorded on the recording medium is not necessary, which enables a suitable master key to be selected and used in a predetermined range in recording the data on a DVD.
  • the second embodiment has the advantage that it can allocate master keys in a specific unit, such as a DVD maker or a DVD distributor.
  • the circuits used for enciphering and deciphering can be designed separately from the essential portion of the reproducing section of the digital recording and reproducing apparatus, such as a DVD, even if the cipher is broken, the deciphering unit 114 a (or the enciphering unit 107 and deciphering unit 114 a ) has only to be replaced to overcome this problem.
  • the enciphering unit 107 has one enciphering circuit, it may have two enciphering circuits.
  • deciphering unit 114 a has one deciphering circuit, it may have two, three, four, or five deciphering circuits. In these cases, it is desirable that the enciphering circuits should be paired with the corresponding deciphering circuits and each pair be used independently.
  • an enciphering method different from that in another enciphering circuit and deciphering circuit may be used in the enciphering circuit and its corresponding deciphering circuit in the independent set.
  • the first session key E SK (S K ) enciphered using the first session key S K itself is read from the DVD 101 , on which the DVD driving unit (not shown) has recorded the first session key, and then is loaded into the enciphering unit 107 .
  • the demodulation/error correction circuit 117 performs demodulation and data error correction.
  • the demodulation/error correction circuit 117 performs demodulation and data error correction.
  • the session key creation circuit 111 of deciphering unit 114 a creates a second session key S K ′ using random numbers, such as time data from a clock (not shown). Then, the deciphering circuit 112 deciphers the created second session key S K ′ using the master key M Kj (j has a predetermined value in the range of 1 to n) to create D MKj (S K ′) and sends it to the enciphering unit 107 via the CPU BUS 110 .
  • timing of generating random numbers e.g., the timing of inputting time information
  • the timing with which the signal indicating that the DVD 101 has been loaded into the DVD driving unit is asserted may be used.
  • step S 14 using the master key M Kj (j has a predetermined value in the range of 1 to n), the enciphering circuit 104 of the enciphering unit 107 enciphers D MKj (S K ′) received via the CPU BUS 110 .
  • a second session key S K ′ created at the session key creation circuit 111 of the deciphering unit 114 a can be obtained.
  • the second session key S K ′ created at the session key creation circuit 111 is designed to prevent its contents from being known even if it is stolen on the CPU BUS 110 .
  • the enciphering unit 107 enciphers the enciphered first session key E SK (S K ) recorded on the DVD 101 to create E SK ′(E SK (S K )), and sends this to deciphering unit 114 a.
  • the enciphering unit 107 enciphers an n number of enciphered first session keys E MKi (S K ) recorded on the DVD 101 to create E SK ′(E MKi (S K )), and sends these to deciphering unit 114 a via the CPU BUS 110 .
  • step S 17 the deciphering circuit 112 of the deciphering unit 114 a deciphers E SK ′(E SK (S K )) received via the CPU BUS 110 using the second session key S K ′ and produces:
  • step S 18 the deciphering circuit 112 of the deciphering unit 114 a deciphers E SK ′(E MKi (S K )) received via the CPU BUS 110 using the second session key S K ′ and produces:
  • the first session key S K is found using the key judging circuit 120 as follows.
  • one S Kij (i is in the range of 1 to n) is the first session key S K .
  • the deciphering circuit 112 deciphers E SK (S K ) using S Kij , giving:
  • the comparison circuit 121 compares S K ′′ with S Kij . If they coincide with each other, the gate circuit 122 will be controlled so as to output the stored S Kij ( FIG. 6A ) or S K ′′ ( FIG. 6B ) as the first session key S K .
  • the image data Data is extracted from the image data E SK (Data) enciphered using the first session key S K .
  • the image data Data is decoded at the MPEG decoder circuit 115 .
  • the analog signal is sent to the imaging device (not shown), such as a television, which reproduces the image.
  • any one of step S 11 , step S 12 , and step S 13 and step S 14 may be executed first.
  • step S 15 and step S 17 or step S 16 and S 18 may be executed first.
  • steps S 12 , S 16 , S 18 , and S 19 may be executed in a batch processing manner using all the n number of (enciphered) master keys recorded on the DVD or using a specific number of master keys at a time. They may be executed one after another for each master key.
  • the second session key S K ′ may be created for each master key.
  • Step S 20 and step S 21 may be executed by the method of carrying out the steps in units of E SK (Data), the method of reading a specific number of E SK (Data) at step S 20 , storing the read-out data in a buffer temporarily, and then deciphering E SK (Data) in the buffer at step S 21 , or the method of carrying out step S 20 and step S 21 in a pipeline processing manner.
  • E SK Data
  • Step S 20 and step S 21 may be executed by the method of carrying out the steps in units of E SK (Data), the method of reading a specific number of E SK (Data) at step S 20 , storing the read-out data in a buffer temporarily, and then deciphering E SK (Data) in the buffer at step S 21 , or the method of carrying out step S 20 and step S 21 in a pipeline processing manner.
  • the deciphering unit 114 a may transfer the image data E SK (Data) to the MPEG decoder circuit 115 in units of one Data item or a specific number of Data items.
  • the master keys built in the deciphering unit can be allocated in a specific unit, such as to each unit manufacturer.
  • the circuits used for enciphering and deciphering can be designed separately from the essential portion of the reproducing section of the digital recording and reproducing apparatus, such as a DVD, as seen from FIG. 1 , even if the cipher is broken, the deciphering unit 114 b (or the enciphering unit 107 and deciphering unit 114 b ) has only to be replaced to overcome this problem.
  • the enciphering unit 107 has one enciphering circuit, it may have two enciphering circuits.
  • the deciphering unit 114 a has one deciphering circuit, it may have two, three, four, or five deciphering circuits. In these cases, it is desirable that the enciphering circuits should be paired with the corresponding deciphering circuits and each pair be used independently or be shared.
  • an enciphering method different from that in another enciphering circuit and deciphering circuit may be used in the enciphering circuit and its corresponding deciphering circuit in the independent set.
  • Method 3 is the same as Method 2 in basic configuration, operation, and effect, only the difference between them will be explained.
  • the deciphering unit 114 a While in Method 2, the deciphering unit 114 a includes one predetermined master key M Kj (j has a value in the range of 1 to n), in Method 3, the deciphering unit 114 a includes an m number of predetermined master keys M Kj (m ⁇ 2). The order in which the m number of master keys M Kj (j takes m values in the range of 1 to n) are used in the key judgment has been determined.
  • the unusable master key is not the master key first in order of use
  • the first session key S K can be obtained. In this case, too, the operation is the same as in Method 2.
  • E MKi (S K ) corresponding to the unusable master key has not been recorded on the DVD 101 . Even if the master key first in order of use is used, the first session key S K cannot be obtained in step S 19 . In such a case, when the deciphering unit 114 a carries out the same operation using the master key second in order of use as in Method 2, this produces the first session key S K , provided that this master key is not unusable.
  • the first session key S K can be obtained similarly, provided that one of the master keys (r+1)-th or later in order of use is not unusable.
  • the deciphering unit 114 a can be used until the predetermined m number of master keys (m ⁇ 2) in the deciphering unit 114 a have all been made unusable.
  • Method 5 is the same as that of Method 3.
  • Method 4 Because in Method 4, the information corresponding to all the master keys has not been stored on the DVD 101 , when the information corresponding to the master key selected in the deciphering unit has not been recorded on the DVD 101 , deciphering cannot be effected as in the case where the master key is unusable. In this case, the master key next in order of use is selected and deciphering is tried. Therefore, the operation of Method 4 is also the same as that of Method 3.
  • the second session key S K ′ has been used to encipher the information and transfer it safely over the CPU BUS 110 .
  • the second session key S K ′ is created in the deciphering unit 114 a and is transferred to the enciphering unit 107 through the procedure of using master keys. At that time, one predetermined master key is supposed to have been registered in the enciphering unit 107 .
  • a plurality of master keys may be registered in the enciphering unit 107 and the second session key S K ′ may be transferred from the deciphering unit 114 a to the enciphering unit 107 , using the procedure as described in Method 1 to Method 5 using key judgment.
  • Method 2 When one master key is registered in the enciphering unit 107 , the procedure of Method 2 can be used.
  • various suitable configurations may be used as the configuration that safely transfers the second session key S K ′ from the deciphering unit 114 a to the enciphering unit 107 over the CPU BUS 110 .
  • the third embodiment is, for example, a single DVD player.
  • FIG. 9 is a block diagram of a system according to the third embodiment of the present invention. An example of the operation of the third embodiment is shown in the flowchart of FIG. 10 .
  • the third embodiment is what is obtained by eliminating from the configuration of the second embodiment the portion related to the operation of exchanging an enciphered key between the enciphering unit and deciphering unit by use of the second session key.
  • the system of the third embodiment comprises a DVD driving unit (not shown) that reads the data from a DVD 101 and a deciphering unit 114 b.
  • the deciphering unit 114 b includes a deciphering circuit 112 , a key judging circuit 120 , a demodulation/error correction circuit 117 , and a demodulation/error correction circuit 118 .
  • the deciphering unit 114 b is assumed to include an MPEG decoder circuit 115 and a conversion circuit 116 that converts the digital deciphered data into analog data.
  • the key judging circuit 120 includes a deciphering circuit 112 , a comparison circuit 121 , and a gate circuit 122 .
  • the deciphering unit 114 b has a total of three deciphering circuits 112 , including the two deciphering circuits 112 in the key judging circuit 120 , it is assumed that it actually has one deciphering circuit.
  • Each of the demodulation/error correction circuit 117 and the demodulation/error correction circuit 118 may be provided in the unit in the preceding stage, not in the enciphering unit 107 .
  • the deciphering unit 114 b is composed of a single independent IC chip.
  • the deciphering unit 114 b In the deciphering unit 114 b , a master key, explained later, has been registered. It is assumed that the master key has been recorded in a secret area in the deciphering unit chip so that the user cannot externally take out the master key.
  • a first session key is represented by S K , a second session key S K ′, the i-th master key M Ki (i is in the range of 1 to n), and image data (i.e., the data to be enciphered) Data.
  • numeral 102 - 1 indicates E MKi (S K ) created by enciphering the first session key S K using the master key M Ki , 102 - 2 E SK (S K ) created by enciphering the first session key S K using the first session key S K itself, 103 E SK (Data) created by enciphering the image data Data using the first session key S K , 105 the master key M Ki , and 113 the first session key S K .
  • One master key E MKi (S K ) (i is in the range of 1 to n) is recorded on the DVD 101 .
  • the deciphering unit 114 b has one master key M Kj (j has a value in the range of 1 to n) in it.
  • the deciphering unit 114 b has an m (2 ⁇ m ⁇ n) number of master keys M Kj (j is in the range of 1 to n) in it.
  • Method 4 An m (2 ⁇ m ⁇ n) number of master keys E MKi (S K ) (i is in the range of 1 to n) are recorded on the DVD 101 .
  • E MKi (S K ) created by enciphering the first session key S K using the master key M Ki are recorded in the key recording area (lead-in area) in the innermost circumference portion and the E SK (Data) created by enciphering the image data Data using the first session key S K is recorded in the data recording area (data area).
  • the operation of the third embodiment is what is obtained by eliminating from the operation of the second embodiment the portion related to the operation of exchanging an enciphered key between the enciphering unit and deciphering unit by use of the second session key.
  • the first session key E SK (S K ) enciphered using the first session key S K itself is read from the DVD 101 , on which the DVD driving unit (not shown) has recorded the first session key, and then is loaded into the deciphering unit 114 b .
  • the demodulation/error correction circuit 117 performs demodulation and data error correction.
  • the first session key E MKi (S K ) enciphered using the master key M Ki is read from the DVD 101 , on which the DVD driving unit (not shown) has recorded the master key, and then is loaded into the deciphering unit 114 b .
  • the demodulation/error correction circuit 117 performs demodulation and data error correction.
  • the first session key S K is obtained using the key judging circuit 120 .
  • the operation of obtaining the first session key S K differs depending on Method 1, Method 2, or Method 3 to Method 5. Each case is the same as explained in the second embodiment, so explanation of them will not be given.
  • the image data Data is extracted from the enciphered image data E SK (Data) using the first session key S K at steps S 34 to S 36 .
  • the operation at step S 34 to S 36 are the same as that of steps S 20 to S 22 explained in the second embodiment (i.e., that of steps S 6 to S 8 explained in the first embodiment) except that there is no exchange of the image data Data between the units via the CPU BUS.
  • the image data Data is decoded at the MPEG decoder circuit 115 .
  • the analog signal is sent to the imaging device (not shown), such as a television, which reproduces the image.
  • step S 31 may be executed before step S 32 or vice versa.
  • step S 32 and step S 33 may be executed in a batch processing manner using all the n number of (enciphered) master keys (in the case of Methods 2, 3, and 5) or all the m number of (enciphered) master keys (in the case of Method 4) recorded on the DVD or using a specific number of master keys at a time. They may be executed one after another for each master key.
  • Step S 34 and step S 35 may be executed by the method of carrying out the steps in units of E SK (Data), the method of reading a specific number of E SK (Data) at step S 34 , storing the read-out data in a buffer temporarily, and then deciphering E SK (Data) in the buffer at step S 35 , or the method of carrying out step S 34 and step S 35 in a pipeline processing manner.
  • the deciphering unit 114 b may transfer the image data E SK (Data) to the MPEG decoder circuit 115 in units of one Data item or a specific number of Data items.
  • the wrongful conduct of making unauthorized copies and selling the thus copied mediums can be prevented, thereby protecting copyrights.
  • the master keys can be allocated in a specific unit, such as to a DVD player maker, a DVD maker, or a DVD distributor.
  • the circuits used for enciphering and deciphering can be designed separately from the essential portion of the reproducing section of the digital recording and reproducing apparatus, such as a DVD, as seen from FIG. 1 , even if the cipher is broken, the deciphering unit 114 b has only to be replaced to overcome this problem.
  • the deciphering unit 114 b may have two or three deciphering circuits. In these cases, it is desirable that the enciphering circuits should be paired with the corresponding deciphering circuits and each pair be used independently or be shared.
  • an enciphering method different from that in another enciphering circuit and deciphering circuit may be used in the enciphering circuit and its corresponding deciphering circuit in the independent set.
  • the present invention may be applied to reproducing devices of other types of information, such as sound, text, or programs.
  • the configuration may be designed to use key information S Kt as the data Data.
  • E SK (S Kt ) and E SKt (Data) may be recorded on a recording medium, such as a DVD, beforehand in place of E SK (Data), then S Kt is first obtained at the deciphering units 114 , 114 a , 114 b through the procedure in each of the embodiments, and E SKt (Data) is deciphered using the S Kt to produce the actual contents of the data.
  • the hierarchization of keys may be carried out over any number of levels of hierarchy.
  • the information to be deciphered has been compressed according to the MPEG2 standard
  • the present invention is not restricted to this.
  • the data may be compressed or enciphered according to another standard.
  • a decoder circuit corresponding to another standard has to be provided instead of the MPEG decoder circuit 115 .
  • the data may not be enciphered.
  • the MPEG decoder circuit 115 is eliminated.
  • decoder circuits may be provided and switched suitably.
  • a method can be considered which reads an identifier indicating the decoder to be used from a recording medium, such as a DVD, and selects a suitable decoder circuit according to the identifier.
  • the configurations of the key judging circuit 120 shown in FIGS. 6A and 6B in the second and third embodiments are illustrative and not restrictive. Other configurations of the key judging circuit may be considered.
  • the one enciphered or deciphered twice or more times such as E SK (E SK (S K )) or D SK (D SK (S K )) may be considered.
  • E MKi (E MKi (S K )) may be provided for each E MKi (S K ).
  • the key judgment information, key judging procedure, and the structure for key judgment can be eliminated by recording all the E MKi (S K ) on a recording medium, such as a DVD, in order of i and registering them in the deciphering unit in such a manner that i corresponds to M Ki .
  • M Ki for a certain i becomes unusable, it is desirable that information indicating invalidity should be stored on a recording medium, such as a DVD, in place of E MKi (S K ).
  • Data may be key information, as described earlier (explanation of the case where enciphering or deciphering is done using key information S Kt when Data is key information S Kt will be omitted).
  • FIG. 11 a computer used for processing is not shown.
  • FIG. 12 is a diagram to help explain a system for deciphering.
  • Enciphering circuits 301 , 312 , 303 in FIG. 12 may be on the same unit (e.g., a computer) or on different units (e.g., computers). In the latter case, information is exchanged between the units.
  • the enciphering circuits 301 , 312 , 303 may be constructed in hardware or in software.
  • a DVD player (a deciphering unit 114 b ) has an m (2 ⁇ m ⁇ n) number of master keys M Kj (j is in the range of 1 to n) in it.
  • the m number of master keys have been selected from the n number of master keys beforehand.
  • a method of recording E SK (S K ) on a DVD as key judgment information is used (the section indicated by numeral 302 in FIG. 12 uses E SK (S K ) as key judgment information).
  • the key control organization 200 sends the allocated master keys to the individual player makers by means of communication mediums or recording mediums. At that time, it is desirable that they should be exchanged safely by enciphered communication.
  • Each player maker controls the master keys allocated by the key control organization 200 . Using the allocated master keys, each player maker manufactures DVD players with the configuration as shown in the third embodiment and sells the resulting products.
  • the key control organization 200 does not give the plain data on the master keys to disk makers 221 to 223 .
  • each disk maker determines the first session key S K (e.g., for each disk) by itself, and gives the first session key S K to the key control organization 200 .
  • the operation of enciphering S K with S K itself to produce E SK (S K ) is carried out by the disk maker side or by the key control organization 200 side (using the enciphering circuit 321 of FIG. 12 ) in the case of enciphering with a master key. It is assumed that at least the enciphering of the contents is done at the disk maker side (using the enciphering circuit 303 of FIG. 12 ).
  • Disk maker a controls the received E MKi (S K ), key judgment information E SK (S K ), and E SK (Data) (or Data) for S K , for example.
  • the master keys can be controlled safely and effectively.
  • the risk of the master key being deciphered in an unauthorized manner can be dispersed and even after the deciphering of the master key, the system can function safely and effectively.
  • only the correct maker having at least one of a plurality of second keys can get the first key and therefore can get the plain data of the data enciphered using the first key.

Abstract

On a recording medium, first information obtained by enciphering data with the first key and second information obtained by enciphering the first key with each of the predetermined second keys are recorded. A deciphering method is characterized by comprising the steps of inputting the first and second information, deciphering the first key using at least one of the second keys, determining by a specific method that the obtained first key is correct, and then deciphering the data using the first key to obtain the data.

Description

    BACKGROUND OF THE INVENTION
  • The present invention relates to an enciphering method, deciphering method, recording and reproducing device, deciphering device, deciphering unit device, recording medium, recording-medium manufacturing method, and key control method which are for preventing the digitally recorded data from being copied from a recording medium.
  • Compact disks and laser disks have been available as recording mediums that record digitized data (e.g., documents, sound, images, or programs). Floppy disks and hard disks have been used as recording mediums for computer programs and data. In addition to those recording mediums, a DVD (digital video disk), which is a large-capacity recording medium, has been developed.
  • Since the aforementioned various digital recording mediums record the digital data (including the compressed or encoded data, which can be decoded later) as it is, the recorded data can be copied easily to another recording medium without impairing the quality of sound or the quality of image, which enables a large number of reproductions to be made, contributing to literary piracy.
  • In summary, when the data is copied from a digital recording medium, the data can be copied with the sound quality and picture quality of the master remaining unchanged, or without the deterioration of sound quality or picture quality. This has caused the problem of permitting the wrongful conduct of making unauthorized copies of the original and selling them without paying a royalty.
  • BRIEF SUMMARY OF THE INVENTION
  • Accordingly, it is an object of the present invention to provide an enciphering method, deciphering method, recording and reproducing device, deciphering device, deciphering unit device, recording medium, recording-medium manufacturing method, and key control method which are for preventing an unauthorized copy of digital recording mediums.
  • According to one aspect of the present invention, there is provided an enciphering method comprising the steps of: enciphering data with a first key; and enciphering the first key with each of a plurality of predetermined second keys.
  • According to another aspect of the present invention, there is provided a recording medium having information items recorded thereon, the information items comprising: first information obtained by enciphering data with a first key; and second information obtained by enciphering the first key with each of a plurality of predetermined second keys.
  • According to another aspect of the present invention, there is provided a recording medium manufacturing method comprising the steps of: obtaining first information by enciphering data with a first key; obtaining second information obtained by enciphering the first key with each of a plurality of predetermined second keys; and recording the first and second information on the same recording medium.
  • According to another aspect of the present invention, there is provided a deciphering method comprising the steps of: inputting first information obtained by enciphering data with a first key and second information obtained by enciphering the first key with each of a plurality of predetermined second keys; deciphering the first key using at least one of the second keys to obtain the first key; determining by a specific method whether or not the obtained first key is correct; and deciphering the data using the first key after the determination to obtain the data.
  • According to another aspect of the present invention, there is provided a deciphering device comprising: input means for inputting first information obtained by enciphering data with a first key and second information obtained by enciphering the first key with each of a plurality of predetermined second keys; storage means for storing at least one of the second keys; and deciphering means for deciphering the first key from the second information inputted from the input means using at least one of the second keys in the storage means, determining by a specific method whether or not the obtained first key is correct, and deciphering the data from the first information using the first key after the determination to obtain the data.
  • According to another aspect of the present invention, there is provided a recording and reproducing device comprising: reading means for reading first information and second information from a recording medium on which the first information obtained by enciphering data with a first key and the second information obtained by enciphering the first key with each of a plurality of predetermined second keys have been stored; storage means for storing at least one of the second keys; and deciphering means for deciphering the first key from the second information read by the reading means using at least one of the second keys in the storage means, determining by a specific method whether or not the obtained first key is correct, and deciphering the data from the first information using the first key after the determination to obtain the data.
  • According to another aspect of the present invention, there is provided a key control method comprising the steps of: causing a first caretaker to take custody of a plurality of predetermined second keys; causing a second caretaker to take custody of first information obtained by enciphering data with a first key and second information obtained by enciphering the first key with each of the predetermined second keys; and causing a third caretaker to take custody of at least one of the second keys.
  • According to another aspect of the present invention, there is provided a deciphering device comprising: reading means for reading first information, second information, and third information from a recording medium on which the first information obtained by enciphering data with a first key, the second information obtained by enciphering the first key with each of a plurality of predetermined second keys, and the third information used for key determination have been stored; storage means for storing at least one of the second keys; first deciphering means for deciphering one of the enciphered first keys selected in the order determined from the second information using one second key selected in the order determined from the second keys stored in the storage means, determining on the basis of the deciphering result and the third information whether or not the first key obtained by the deciphering is correct, and repeating the selection and the determination until the first key determined to be correct has been obtained; and second deciphering means for deciphering the data from the first information using the first key the first deciphering means has determined to be correct.
  • According to another aspect of the present invention, there is provided a deciphering device comprising: a first unit built in a driving unit of a recording medium or connected to the driving unit of the recording medium without the CPU bus of a computer, including: means for transferring first information obtained by enciphering the data read from the recording medium with a first key, second information obtained by enciphering the first key with each of a plurality of predetermined second keys, and third information used for key determination in such a manner that at least the second information and third information are transferred safely without being externally acquired; and a second unit connected to the first unit via the CPU bus of the computer including: means for receiving the first information, second information, and third information from the first unit via the CPU bus of the computer in such a manner that at least the second information and third information are received safely without being externally acquired; storage means for storing at least one of the second keys; first deciphering means for deciphering one of the enciphered first keys selected in the order determined from the second information using one second key selected in the order determined from the second keys stored in the storage means, determining on the basis of the deciphering result and the third information whether or not the first key obtained by the deciphering is correct, and repeating the selection and the determination until the first key determined to be correct has been obtained; and second deciphering means for deciphering the data from the first information using the first key the first deciphering means has determined to be correct.
  • According to another aspect of the present invention, there is provided a deciphering device comprising: reading means for reading first information, second information, third information, and fourth information from a recording medium on which the first information obtained by enciphering a third key with a first key, the second information obtained by enciphering the first key with each of a plurality of predetermined second keys, the third information used for key determination, and the fourth information obtained by enciphering data with the third key have been stored; storage means for storing at least one of the second keys; first deciphering means for deciphering one of the enciphered first keys selected in the order determined from the second information using one second key selected in the order determined from the second keys stored in the storage means, determining on the basis of the deciphering result and the third information whether or not the first key obtained by the deciphering is correct, and repeating the selection and the determination until the first key determined to be correct has been obtained; second deciphering means for deciphering the third key from the first information using the first key the first deciphering means has determined to be correct; and third deciphering means for deciphering the data from the fourth information using the third key obtained by the second deciphering means.
  • According to another aspect of the present invention, there is provided a deciphering method comprising the steps of: reading first information, second information, and third information from a recording medium on which the first information obtained by enciphering data with a first key, the second information obtained by enciphering the first key with each of a plurality of predetermined second keys, and the third information used for key determination have been stored; deciphering one of the enciphered first keys selected in the order determined from the second information using one second key selected in the order determined from the second keys, determining on the basis of the deciphering result and the third information whether or not the first key obtained by the deciphering is correct, and repeating the selection and the determination until the first key determined to be correct has been obtained; and deciphering the data from the first information using the first key determined to be correct.
  • According to another aspect of the present invention, there is provided a deciphering method comprising the steps of: transferring first information obtained by enciphering the data read from a recording medium with a first key, second information obtained by enciphering the first key with each of a plurality of predetermined second keys, and third information used for key determination from a first unit built in a driving unit of the recording medium or connected to the driving unit of the recording medium without the CPU bus of a computer to a second unit via the CPU bus of the computer in such a manner that at least the second information and third information are transferred safely without being externally acquired; and in the second unit, deciphering one of the enciphered first keys selected in the order determined from the second information using one second key selected in the order determined from the second keys stored in the storage means, determining on the basis of the deciphering result and the third information whether or not the first key obtained by the deciphering is correct, repeating the selection and the determination until the first key determined to be correct has been obtained, and deciphering the data using the first key determined to be correct.
  • According to another aspect of the present invention, there is provided a deciphering method comprising the steps of: reading first information, second information, third information, and fourth information from a recording medium on which the first information obtained by enciphering at least a third key with a first key, the second information obtained by enciphering the first key with each of a plurality of predetermined second keys, the third information used for key determination, and the fourth information obtained by enciphering data with the third key have been stored; deciphering one of the enciphered first keys selected in the order determined from the second information using one second key selected in the order determined from the second keys, determining on the basis of the deciphering result and the third information whether or not the first key obtained by the deciphering is correct, and repeating the selection and the determination until the first key determined to be correct has been obtained; deciphering the third key from the first information using the first key determined to be correct; and deciphering the data from the fourth information using the third key obtained.
  • According to another aspect of the present invention, there is provided a deciphering unit device that receives information via the CPU bus of a computer from a bus transfer unit built in a driving unit of a recording medium or connected to the driving unit of the recording medium without the CPU bus of the computer and deciphers data on the basis of the information, the deciphering unit device comprising: means for receiving first information obtained by enciphering the data read from the recording medium with a first key, second information obtained by enciphering the first key with each of a plurality of predetermined second keys, and third information used for key determination from the bus transfer unit via the CPU bus of the computer in such a manner that at least the second information and third information are received safely without being externally acquired; storage means for storing at least one of the second keys; first deciphering means for deciphering one of the enciphered first keys selected in the order determined from the second information using one second key selected in the order determined from the second keys stored in the storage means, determining on the basis of the deciphering result and the third information whether or not the first key obtained by the deciphering is correct, and repeating the selection and the determination until the first key determined to be correct has been obtained; and second deciphering means for deciphering the data from the first information using the first key the first deciphering means has determined to be correct.
  • In each of the above categories, the data may include at least one of key information, documents, sound, images, and programs.
  • With the present invention, only the correct party having at least one of the second keys can get the first key and therefore can get the plain data of the data enciphered using the first key. As a result, the wrongful conduct of making unauthorized copies and selling the thus copied mediums can be prevented, thereby protecting copyrights.
  • Moreover, with the present invention, even if the data flowing over the signal line connecting the enciphering unit to the deciphering unit is stored, the stored data cannot be reproduced or used, because the data is the enciphered data. In addition, because the information necessary for enciphering the data is created on the basis of, for example, random numbers, and cannot be reproduced later, the stored data cannot be reproduced or used, even if the second key (master key) in the deciphering unit has been broken. As a result, the wrongful conduct of making unauthorized copies and selling the thus copied mediums can be prevented, thereby protecting copyrights.
  • Still furthermore, with the present invention, because the enciphering unit and deciphering unit can be designed separately from the essential portion of the reproducing section of the digital recording and reproducing apparatus, even if the cipher is broken, the enciphering unit and deciphering unit have only to be replaced to overcome this problem.
  • Additional objects and advantages of the present invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the present invention. The objects and advantages of the present invention may be realized and obtained by means of the instrumentalities and combinations particularly pointed out in the appended claims.
  • BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWING
  • The accompanying drawings, which are incorporated in and constitute a part of the specification, illustrate presently preferred embodiments of the present invention and, together with the general description given above and the detailed description of the preferred embodiments given below, serve to explain the principles of the present invention in which:
  • FIG. 1 is a block diagram of a system according to a first embodiment of the present invention;
  • FIG. 2 is a flowchart for the operation of the first embodiment;
  • FIG. 3 illustrates an example of a format in which the enciphered key and the enciphered data are stored on a recording medium;
  • FIG. 4 is a diagram to help explain a case where the data is stored from the CPU BUS;
  • FIG. 5 is a block diagram of a system according to a second embodiment of the present invention;
  • FIGS. 6A and 6B show examples of the internal structure of the key judging section;
  • FIG. 7 is a flowchart for the operation of the second embodiment;
  • FIG. 8 is a flowchart for the operation of the second embodiment;
  • FIG. 9 is a block diagram of a system according to a third embodiment of the present invention;
  • FIG. 10 is a flowchart for the operation of the third embodiment;
  • FIG. 11 is a diagram to help explain the key control method; and
  • FIG. 12 is a diagram to help explain the enciphering operation.
  • DETAILED DESCRIPTION OF THE INVENTION
  • Hereinafter, referring to the accompanying drawings, embodiments of the present invention will be explained.
  • In the embodiments, the operation of enciphering a certain data item a using key K is expressed as EK(a) and the operation of deciphering a certain data item a using key K is expressed as DK(a). By this way of expression, the operation of enciphering and deciphering a certain data item a using key K is expressed as DK(EK(a)), for example.
  • In the embodiments, there is a case where a certain data item is first deciphered and then the deciphered data item is enciphered to restore the original data item. This is based on the fact that the deciphering of the data has the same function as the enciphering of the data. Specifically, to return the enciphered data to the original data, the key used for deciphering must be known. Once the key is known, enciphering the deciphered data produces the original data that was first deciphered. If the cipher key is x and the data item is y, the operation will be expressed as:

  • E X(D X(y))=y
  • In the embodiments, explanation will be given using an example of a system that reads the image data compressed and enciphered according to the MPEG 2 data compression standard from a DVD and enciphers, decodes, and reproduce the read-out data.
  • FIRST EMBODIMENT
  • Hereinafter, a first embodiment of the present invention will be explained.
  • FIG. 1 is a block diagram of a system according to a first embodiment of the present invention. FIG. 2 is a flowchart for the operation of the first embodiment.
  • The system related to the first embodiment is connected to the CPU BUS of the CPU (not shown) used for reproduction in a computer, such as a personal computer. The system is designed to allow the enciphered data (ESK(Data) explained later) to flow over the CPU BUS. FIG. 1 shows only the sections related to the CPU used for reproduction.
  • As shown in FIG. 1, the system of the first embodiment comprises a DVD driving unit (not shown) that reads the data from a DVD 101, an enciphering unit 107 that is connected to the DVD driving unit without the CPU BUS or is built in the DVD driving unit, and a deciphering unit 114.
  • The enciphering unit 107 and deciphering unit 114 are connected to the CPU BUS 110. The deciphering unit 114 outputs the data via, for example, an I/O port, not via the CPU BUS. That is, in the embodiment, the input and output of the data is carried out without the CPU BUS, whereas the CPU BUS is used for the data transfer between the enciphering unit 107 and the deciphering unit 114.
  • The enciphering unit 107 includes a demodulation/error correction circuit 117, a demodulation/error correction circuit 118, and an enciphering circuit 104. Although in FIG. 1, the enciphering unit 107 has two enciphering circuits 104, it is assumed that it actually has one enciphering circuit. The enciphering unit 107 is assumed to be composed of a single independent IC chip. The demodulation/error correction circuit 117 and demodulation/error correction circuit 118 may be provided in the unit (the DVD driving unit) in the preceding stage, not in the enciphering unit 107.
  • The deciphering unit 114 includes a deciphering circuit 112 and a session key creation circuit 111 that creates a second session key SK′. In the embodiment, the deciphering unit 114 is assumed to include an MPEG decoder circuit 115 and a converter circuit 116 that converts the digital enciphered image data into analog data. Although in FIG. 1, the deciphering unit 114 has four deciphering circuits 112, it is assumed that it actually has one deciphering circuit. The deciphering unit 114 is assumed to be composed of a single independent IC chip.
  • In each of the enciphering unit 107 and deciphering unit 114, a master key, explained later, has been registered. It is assumed that the master key has been recorded in a secret area in each of the enciphering unit chip and the deciphering unit chip so that the user cannot externally take out the master key.
  • A control section (not shown) is assumed to control the entire system. The control section is realized by, for example, executing a program on the CPU in the computer. Concrete examples of control by the control section include an instruction to read the data from a DVD, the specification of data transfer destination, and an instruction to output the data from the deciphering unit 114. The control section may be triggered, for example, by the user via a user interface, or by a process in an application program.
  • In the first embodiment, a first session key is represented by SK, a second session key SK′, the master key MK, and image data (i.e., the data to be enciphered) Data.
  • In FIG. 1, numeral 102 indicates EMK(SK) created by enciphering the first session key SK using the master key MK, 103 ESK(Data) created by enciphering the image data Data using the first session key SK, 105 the master key MK, 106 a second session key SK′, 108 DMK(SK′) created by deciphering the second session key SK′ using the master key MK, 109 ESK′ (EMK(SK)) created by enciphering the first session key EMK(SK) enciphered with the master key MK using the second session key SK′, and 113 the first session key SK′.
  • As shown in FIG. 3, it is assumed that on the DVD 101, EMK(SK) created by enciphering the first session key SK using the master key MK is recorded in the key recording area (lead-in area) in the innermost circumference portion and the ESK(Data) created by enciphering the image data Data using the first session key SK is recorded in the data recording area (data area).
  • Hereinafter, the operation of the first embodiment will be explained by reference to the flowchart of FIG. 2.
  • At step S1, the first session key EMK(SK) enciphered using the master key MK is read from the DVD 101, on which the DVD driving unit (not shown) has recorded the first session key, and then is loaded into the enciphering unit 107. At that time, the demodulation/error correction circuit 117 performs demodulation and data error correction.
  • At step S2, in the deciphering unit 114, the session key creation circuit 111 creates a second session key SK′ using random numbers, such as time data from a clock (not shown). Then, the deciphering circuit 112 deciphers the created second session key SK′ using the master key MK to create DMK(SK′) and sends it to the enciphering unit 107 via the CPU BUS 110.
  • As the timing of generating random numbers (e.g., the timing of inputting time information), for example, the timing with which the signal indicating that the DVD 101 has been loaded into the DVD driving unit is asserted may be used.
  • The session creation circuit 111 may be composed of a random-number generator that is as long as the key. When a key is created using random numbers all of whose bits may take 0s or 1s, it is necessary to perform a check process to prevent all of the bits from taking 0s or 1s.
  • At step S3, using the master key MK, the enciphering circuit 104 of the enciphering unit 107 enciphers DMK(SK′) received via the CPU BUS 110.
  • Namely, from EMK(DMK(SK′))=SK
  • a second session key SK′ created at the session key creation circuit 111 of the deciphering unit 114 can be obtained.
  • The second session key SK′ created at the session key creation circuit 111 is designed to prevent its contents from being known even if it is stolen on the CPU BUS 110.
  • Then, at step S4, using the second session key SK′, the enciphering unit 107 enciphers the enciphered first session key EMK(SK) recorded on the DVD 101 to create ESK′(EMK(SK)), and sends this to deciphering unit 114.
  • Then, at step S5, the deciphering circuit 112 of the deciphering unit 114 deciphers ESK′(EMK(SK)) received via the CPU BUS 110 using the second session key SK′ and produces:

  • D SK′(E SK′(E MK(S K)))=E MK(S K)
  • Furthermore, EMK(SK) obtained at the deciphering circuit 112 is deciphered using the master key MK to produce:

  • D MK(E MK(S K))=S K
  • Thus, this gives the first session key SK.
  • After the first session key SK has been obtained as described above, at step S6, the image data ESK(Data) enciphered using the first session key SK recorded on the DVD 101 by the DVD driving unit (not shown) is read out and loaded into the enciphering unit 107. At that time, the demodulation/error correction circuit 118 performs demodulation and corrects errors in the data. Then, ESK(Data) is sent to the enciphering unit 107 via the CPU BUS 110.
  • At step S7, the deciphering circuit 112 of the deciphering unit 114 deciphers ESK(Data) received via the CPU BUS 110 using the first session key SK and produces:

  • D SK(E SK(Data)=Data
  • Then, the enciphered image data is deciphered to produce Data.
  • Then, step S6 and step S7 are repeated until for example, the process of the data to be deciphered (i.e., ESK(Data)) has been completed or the stop of the process has been requested.
  • When the image data Data thus obtained has been compressed according to, for example, the MPEG2 data compression standard, the image data is decoded at an MPEG decoder circuit 115. After the decoded signal has been converted by a D/A converter circuit 116 into an analog signal, the analog signal is sent to an imaging device (not shown), such as a television, which reproduces the image.
  • Step 1 may be executed before or after step S2 and step S3.
  • Step S6 and step S7 may be executed by the method of carrying out the steps in units of ESK(Data), the method of reading a specific number of ESK(Data) at step S6, storing the read-out data in a buffer temporarily, and then deciphering ESK(Data) in the buffer at step S7, or the method of carrying out step S6 and step S7 in a pipeline processing manner.
  • Moreover, the deciphering circuit 112 may transfer the image data ESK(Data) to the MPEG decoder circuit 115 in units of one Data item or a specific number of Data items.
  • As described above, with the first embodiment, when the data is reproduced from a medium on which the digitized data has been enciphered and recorded (when the enciphered data is deciphered), the deciphered data is prevented from flowing over the CPU BUS of the computer and the second session key SK′ used to encipher the first session key necessary for deciphering the enciphered data flowing over the CPU BUS is created on the basis of information that changes each time the data is reproduced, such as time information. Therefore, even when the data flowing over the CPU BUS 110 is stored from signal lines 210 into a digital storage medium 211 as shown in FIG. 4, the data cannot be reproduced of used.
  • As a result, the wrongful conduct of making unauthorized copies and selling the thus copied mediums can be prevented, thereby protecting copyrights.
  • Furthermore, with the embodiment, as seen from FIG. 1, because the circuits used for enciphering and deciphering can be designed separately from the essential portion of the reproducing section of the digital recording and reproducing apparatus, such as a DVD, even if the cipher is broken, the deciphering unit 114 (or the enciphering unit 107 and deciphering unit 114) has only to be replaced to overcome this problem.
  • While in the first embodiment, the enciphering unit 107 has one enciphering circuit, it may have two enciphering circuits. Moreover, although in the embodiment, the deciphering unit 114 has one deciphering circuit, it may have two, three, or four deciphering circuits. In these cases, it is desirable that the enciphering circuits should be paired with the corresponding deciphering circuits and each pair be used independently or in a shared manner.
  • When a set of an enciphering circuit and the corresponding deciphering circuit is used independently, an enciphering method different from that in another enciphering circuit and deciphering circuit may be used in the enciphering circuit and its corresponding deciphering circuit in the independent set.
  • SECOND EMBODIMENT
  • Hereinafter, a second embodiment of the present invention will be explained.
  • What will be explained in the second embodiment is an example suitable for a case where a plurality of predetermined master keys are prepared and one or more of them are allocated to deciphering unit makers (or DVD makers and distributors)
  • FIG. 5 is a block diagram of the system according to the second embodiment of the present invention. An example of the operation of the second embodiment is shown in the flowchart of FIGS. 7 and 8.
  • The system related to the second embodiment is connected to the CPU BUS of the CPU (not shown) used for reproduction in a computer, such as a personal computer. The system is designed to allow the enciphered data (ESK(Data)) to flow over the CPU BUS. FIG. 5 shows only the sections related to the CPU used for reproduction.
  • As shown in FIG. 5, the system of the second embodiment comprises a DVD driving unit (not shown) that reads the data from a DVD 101, an enciphering unit 107 that is connected to the DVD driving unit without the CPU BUS or is built in the DVD driving unit, and a deciphering unit 114 a.
  • The enciphering unit 107 and deciphering unit 114 a are connected to the CPU BUS 110. The deciphering unit 114 a outputs the data via, for example, an I/O port, not via the CPU BUS. That is, in the second embodiment, the input and output of the data is carried out without the CPU BUS, whereas the CPU BUS is used for the data transfer between the enciphering unit 107 and the deciphering unit 114 a.
  • The enciphering unit 107 includes a demodulation/error correction circuit 117, a demodulation/error correction circuit 118, and an enciphering circuit 104. Although in FIG. 5, the enciphering unit 107 has two enciphering circuits 104, it is assumed that it actually has one enciphering circuit. The enciphering unit 107 is assumed to be composed of a single independent IC chip. The demodulation/error correction circuit 117 and demodulation/error correction circuit 118 may be provided in the unit (the DVD driving unit) in the preceding stage, not in the enciphering unit 107.
  • The deciphering unit 114 a includes a deciphering circuit 112 and a session key creation circuit 111 that creates a second session key SK′, and a key judging circuit 120.
  • FIGS. 6A and 6B show examples of the structure of the key judging circuit 120. The key judging circuit 120 includes a deciphering circuit 112, a comparison circuit 121, and a gate circuit 122. In the second embodiment, it is assumed that the deciphering unit 114 a incorporates an MPEG decoder circuit 115 and a conversion circuit 116 that converts the deciphered digital image data into analog image data.
  • Although in FIG. 5 and FIGS. 6A and 6B, the deciphering unit 114 a has a total of five deciphering circuits 112, including the two deciphering circuits 112 in the key judging circuit 120, it is assumed that it actually has one deciphering circuit.
  • The deciphering unit 114 a is composed of a single independent IC chip.
  • In each of the enciphering unit 107 and deciphering unit 114 a, master keys, explained later, have been registered. It is assumed that the master keys have been recorded in a secret area in each of the enciphering unit chip and the deciphering unit chip so that the user cannot externally take out the master keys.
  • A control section (not shown) is assumed to control the entire system. The control section is realized by, for example, executing a program on the CPU in the computer. Concrete examples of control by the control section include an instruction to read the data from a DVD, the specification of data transfer destination, and an instruction to output the data from the deciphering unit 114 a. The control section may be triggered, for example, by the user via a user interface, or by a process in an application program.
  • In the second embodiment, there are an n number of types of master keys. A first session key is represented by SK, a second session key SK′, the n-th master key MKt (t s in the range of 1 to n), and image data (i.e., the data to be enciphered) Data.
  • In FIG. 5, numeral 102-1 indicates EMKi(SK) created by enciphering the first session key SK using the master key MKi, 102-2 ESK(SK) created by enciphering the first session key SK using the first session key SK itself, 103 ESK(Data) created by enciphering the image data Data using the first session key SK, 105 the master key MKi, 106 a second session key SK′, 108 DMKj(SK′) created by deciphering the second session key SK′ using the master key MKj, 109-1 ESK′(EMKi(SK)) created by enciphering the first session key EMKi(SK) enciphered with the master key MKi using the second session key SK′, 109-2 ESK′(ESK(SK)) created by enciphering the first session key ESK(SK) enciphered with the first session key SK itself using the second session key SK′ and 113 the first session key SK.
  • Several methods can be considered as to how to set the number of types of EMKi(SK) created by enciphering the first session key SK recorded on the DVD 101 using the master key MKi and how to set the number of types of master key MKj the deciphering unit 114 a has in it. For example, they are as follows.
  • (Method 1) One master key EMKi(SK) (i is in the range of 1 to n) is recorded on the DVD 101. The deciphering unit 114 a has an n number of master keys MKj (j=1 to n) in it.
  • (Method 2) An n number of master keys EMKi(SK) (i=1 to n) are recorded on the DVD 101. The deciphering unit 114 a has one master key MKj (j is in the range of 1 to n) in it.
  • (Method 3) This is an expansion of Method 2. An n number of master keys EMKi(SK) (i=1 to n) are recorded on the DVD 101. The deciphering unit 114 a has an m (2<m<n) number of master keys MKj (j=1 to n) in it. The m number of master keys have been selected from the n number of master keys beforehand.
  • As a concrete example, n=100 or n=400 and m=2, 3, 4, or 10. The present invention is not limited to these values.
  • (Method 4) This is the reverse of Method 3. An m (2<m<n) number of master keys EMKi(SK) (i=1 to n) are recorded on the DVD 101. The m number of master keys have been selected from an n number of master keys MKj (i=1 to n) beforehand. The deciphering unit 114 a has an n number of master keys MKj (j=1 to n) in it.
  • (Method 5) An n number of master keys EMKi(SK) (i=1 to n) are recorded on the DVD 101. The deciphering unit 114 a has an n number of master key MKj (j=1 to n) in it.
  • Method 3 to Method 5 have the same deciphering procedure.
  • As shown in FIG. 3, it is assumed that on the DVD 101, one (in the case of Method 1) or more (in the case of Method 2 to Method 5) EMKi(SK) created by enciphering the first session key SK using the master key MKi are recorded in the key recording area (lead-in area) in the innermost circumference portion and ESK(Data) created by enciphering the image data Data using the first session key SK is recorded in the data recording area (data area).
  • It is assumed that an n number of master keys MKj (in the case of Method 1, Method 4, or Method 5), one master key MKj (in the case of Method 2), or an m number of master keys MKj (in the case of Method 3) have been registered in the deciphering unit 114 a.
  • A predetermined master key is assumed to have been registered in the deciphering unit 107.
  • Hereinafter, Method 1, Method 2, and Method 3 to Method 5 will be explained in that order.
  • First, the operation of the second embodiment in the case of Method 1 will be explained by reference to the flowcharts of FIGS. 7 and 8.
  • At step S11, the first session key ESK(SK) enciphered using the first session key SK itself is read from the DVD 101, on which the DVD driving unit (not shown) has recorded the first session key, and then is loaded into the enciphering unit 107. At that time, the demodulation/error correction circuit 117 performs demodulation and data error correction.
  • At step S12, the first session key EMKi(SK) (i in the range of 1 to n, where i is unknown here) enciphered using the master key MKi is read from the DVD 101, on which the DVD driving unit (not shown) has recorded the master key, and then is loaded into the enciphering unit 107. At that time, the demodulation/error correction circuit 117 performs demodulation and data error correction.
  • At step S13, the session key creation circuit 111 of the deciphering unit 114 creates a second session key SK′ using random numbers, such as time data from a clock (not shown). Then, the deciphering circuit 112 deciphers the created second session key SK′ using the master key MKj (j is in the range of 1 to n, where j is predetermined) to create DMKj(SK′) and sends it to the enciphering unit 107 via the CPU BUS 110.
  • As the timing of generating random numbers (e.g., the timing of inputting time information), for example, the timing with which the signal indicating that the DVD 101 has been loaded into the DVD driving unit is asserted may be used.
  • The session creation circuit 111 may be composed of a random-number generator that is as long as the key, for example. When a key is created using random numbers all of whose bits may take 0s or 1s, it is necessary to perform a check process to prevent all of the bits from taking 0s or 1s.
  • At step S14, using the master key MKj (j has a predetermined value in the range of 1 to n), the enciphering circuit 104 of the enciphering unit 107 enciphers DMKj(SK′) received via the CPU BUS 110.
  • Namely, from EMKj(DMKj(SK′)) SK
  • a second session key SK′ created at the session key creation circuit 111 of the deciphering unit 114 a can be obtained.
  • The second session key SK′ created at the session key creation circuit 111 is designed to prevent its contents from being known even if it is stolen on the CPU BUS 110.
  • Then, at step S15, using the thus obtained second session key SK′, the enciphering unit 107 enciphers the enciphered first session key ESK(SK) recorded on the DVD 101 to create ESK′(ESK(SK)), and sends this to deciphering unit 114 a in via CPU BUS 110.
  • Similarly, at step S16, using the thus obtained second session key SK′, the enciphering unit 107 enciphers the enciphered first session key EMKi(SK) recorded on the DVD 101 to create ESK′(EMKi(SK)), and sends this to deciphering unit 114 a.
  • Then, at step S17, the deciphering circuit 112 of the deciphering unit 114 a deciphers ESK′(ESK(SK)) received via the CPU BUS 110 using the second session key SK′ and produces:

  • D SK′(E SK′(E SK(S K)))=E SK(S K)
  • Similarly, at step S18, the deciphering circuit 112 of the deciphering unit 114 a deciphers ESK′(EMKi(SK)) received via the CPU BUS 110 using the second session key SK′ and produces:

  • D SK′(E SK′(E MKi(S K)))=E MKi(S K)
  • Because the master key MKi used in creating EMKi(SK) is unknown, the first session key SK is found using the key judging circuit 120 as follows.
  • First, the principle of the key judging process will be explained.
  • When EMKi(SK) is deciphered using all of the master keys MKj (j=1 to n), this gives:

  • S Kij =D MKj(E MKi(S K))(j=1 to n)
  • Of these, one SKij (j=1 to n) is the first session key SK.
  • Using the ESK(SK), it is determined which one of the created SKij (j=1 to n) is the first session key SK.
  • Then, when ESK(SK) is deciphered using all of the candidates SKij (j=1 to n) of the first session key, this gives:

  • S K″(i,j)=D SKij(E SK(S K))
  • Here, when the same master key MKj as the master key MKi used in creating EMKi(SK) is used in the deciphering unit, or when i=j, this gives SK″(i, j)=SKij=SK
  • Therefore, when a check is made to see if SK″(i, j)=SKij (j=1 to n) holds for each SKij (j=1 to n), this gives SKij that meets SK″(i, j)=SKij (i=1 to n) as the first session key SK. The one corresponding to j giving the SKij is the master key used in the present session.
  • The operation is expressed in C language notation as follows:
  • for (i=1; i<n+1; i++) {
    DS1[i]=DMK[i](EMKi(SK));
    DS2[i]=DSK[i](ESK(SK));
    if(DS1[i]==DS2[i])
    {
    SK1=DS2[i];
    break;
    }
    else EXIT_MISMATCH;
    }
  • The second line in the above procedure indicates the operation of deciphering EMKi(SK) using MKi and substituting the result into DS1[i].
  • The third line in the procedure indicates the operation of deciphering ESK(SK) using SKi and substituting the result into DS2[i].
  • The fourth line in the procedure indicates the operation of judging whether nor not DS1[i] coincides with DS2[i].
  • The ninth line in the procedure indicates the operation executed when DS1[i] does not coincide with DS2[i].
  • For example, in FIGS. 6A and 6B, the deciphering circuit 112 in the key judging circuit 120 deciphers EMKi(SK) for j=1 using master key MKj, giving:

  • S Kij =D MKj(E MKi(S K))
  • Then, the deciphering circuit 112 deciphers ESK(SK) using SKij, giving:

  • S K ″=D SKij(E SK(S K))
  • Next, the comparison circuit 121 compares SK″ with SKij. If they coincide with each other, the gate circuit 122 will be controlled so as to output the stored SKij (FIG. 6A) or SK″ (FIG. 6B) as the first session key SK.
  • If they do not coincide, j is incremented by one and the same operation will be carried out until the first session key SK has been obtained.
  • After the first session key SK has been obtained as described above, at step S20, the image data ESK(Data) enciphered using the first session key SK recorded on the DVD 101 by the DVD driving unit (not shown) is read out and loaded into the enciphering unit 107. At that time, the demodulation/error correction circuit 118 performs demodulation and corrects errors in the data. Then, ESK(Data) is sent to the enciphering unit 107 via the CPU BUS 110.
  • At step S21, the deciphering circuit 112 of the deciphering unit 114 a deciphers ESK(Data) received via the CPU BUS 110 using the first session key SK and produces:

  • D SK(E SK(Data)=Data
  • Then, the enciphered image data is deciphered to produce Data.
  • Then, step S20 and step S21 are repeated until for example, the process of the data to be deciphered (i.e., ESK(Data)) has been completed or the stop of the process has been requested.
  • When the image data Data thus obtained has been compressed according to, for example, the MPEG2 data compression standard, the image data is decoded at an MPEG decoder circuit 115. After the decoded signal has been converted by a D/A converter circuit 116 into an analog signal, the analog signal is sent to an imaging device (not shown), such as a television, which reproduces the image.
  • Any one of step S11, step S12, and steps S13 and S4 may be executed first.
  • Moreover, either step S15 and step S17 or step S16 and S18 may be executed first.
  • Step S20 and step S21 may be executed by the method of carrying out the steps in units of ESK(Data), the method of reading a specific number of ESK(Data) at step S20, storing the read-out data in a buffer temporarily, and then deciphering ESK(Data) in the buffer at step S21, or the method of carrying out step S20 and step S21 in a pipeline processing manner.
  • Moreover, the deciphering circuit 112 may transfer the image data ESK(Data) to the MPEG decoder circuit 115 in units of one Data item or a specific number of Data items.
  • As described above, with the second embodiment, even when the data flowing over the CPU BUS 110 is stored, the data cannot be reproduced of used, as in the first embodiment.
  • As a result, the wrongful conduct of making unauthorized copies and selling the thus copied mediums can be prevented, thereby protecting copyrights.
  • Furthermore, with the second embodiment, the information that directly indicates the master key used to encipher the first session key recorded on the recording medium is not necessary, which enables a suitable master key to be selected and used in a predetermined range in recording the data on a DVD. In addition, the second embodiment has the advantage that it can allocate master keys in a specific unit, such as a DVD maker or a DVD distributor.
  • With the second embodiment, because the circuits used for enciphering and deciphering can be designed separately from the essential portion of the reproducing section of the digital recording and reproducing apparatus, such as a DVD, even if the cipher is broken, the deciphering unit 114 a (or the enciphering unit 107 and deciphering unit 114 a) has only to be replaced to overcome this problem.
  • While in the second embodiment, the enciphering unit 107 has one enciphering circuit, it may have two enciphering circuits. Moreover, although in the embodiment, deciphering unit 114 a has one deciphering circuit, it may have two, three, four, or five deciphering circuits. In these cases, it is desirable that the enciphering circuits should be paired with the corresponding deciphering circuits and each pair be used independently.
  • When a set of an enciphering circuit and its corresponding deciphering circuit is used independently, an enciphering method different from that in another enciphering circuit and deciphering circuit may be used in the enciphering circuit and its corresponding deciphering circuit in the independent set.
  • Next, the operation of the second embodiment in the case of Method 2 where an n number of EMKi(SK) (i=1 to n) have been recorded on the DVD 101 and the deciphering unit 114 a includes one MKj (j has a value in the range of 1 to n) will be explained by reference to the flowcharts of FIGS. 7 and 8.
  • At step S11, the first session key ESK(SK) enciphered using the first session key SK itself is read from the DVD 101, on which the DVD driving unit (not shown) has recorded the first session key, and then is loaded into the enciphering unit 107. At that time, the demodulation/error correction circuit 117 performs demodulation and data error correction.
  • At step S12, the first session key EMKi(SK) (i=1 to n) enciphered using the master key MKi is read from the DVD 101, on which the DVD driving unit (not shown) has recorded the master key, and then is loaded into the enciphering unit 107. At that time, the demodulation/error correction circuit 117 performs demodulation and data error correction.
  • At step S13, the session key creation circuit 111 of deciphering unit 114 a creates a second session key SK′ using random numbers, such as time data from a clock (not shown). Then, the deciphering circuit 112 deciphers the created second session key SK′ using the master key MKj (j has a predetermined value in the range of 1 to n) to create DMKj(SK′) and sends it to the enciphering unit 107 via the CPU BUS 110.
  • As the timing of generating random numbers (e.g., the timing of inputting time information), for example, the timing with which the signal indicating that the DVD 101 has been loaded into the DVD driving unit is asserted may be used.
  • At step S14, using the master key MKj (j has a predetermined value in the range of 1 to n), the enciphering circuit 104 of the enciphering unit 107 enciphers DMKj(SK′) received via the CPU BUS 110.
  • Namely, from EMKj(DMKj(SK′))=SK
  • a second session key SK′ created at the session key creation circuit 111 of the deciphering unit 114 a can be obtained.
  • The second session key SK′ created at the session key creation circuit 111 is designed to prevent its contents from being known even if it is stolen on the CPU BUS 110.
  • Then, at step S15, using the thus obtained second session key SK′, the enciphering unit 107 enciphers the enciphered first session key ESK(SK) recorded on the DVD 101 to create ESK′(ESK(SK)), and sends this to deciphering unit 114 a.
  • Similarly, at step S16, using the thus obtained second session key SK′, the enciphering unit 107 enciphers an n number of enciphered first session keys EMKi(SK) recorded on the DVD 101 to create ESK′(EMKi(SK)), and sends these to deciphering unit 114 a via the CPU BUS 110.
  • Then, at step S17, the deciphering circuit 112 of the deciphering unit 114 a deciphers ESK′(ESK(SK)) received via the CPU BUS 110 using the second session key SK′ and produces:

  • D SK′(E SK′(E SK(S K)))=E SK(S K)
  • Similarly, at step S18, the deciphering circuit 112 of the deciphering unit 114 a deciphers ESK′(EMKi(SK)) received via the CPU BUS 110 using the second session key SK′ and produces:

  • D SK′(E SK′(E MKi(S K)))=E MKi(S K)
  • Because the master key MKi used in creating each of the n number of EMKi(SK) (i=1 to n) recorded on the DVD 101 is unknown, it cannot be known whether the master key MKi corresponds to the master key MKj in the deciphering unit 114 a. At step S19, the first session key SK is found using the key judging circuit 120 as follows.
  • First, the principle of the key judging process will be explained.
  • When all of EMKi(SK) (i=1 to n) are deciphered using the master key MKj, this gives:

  • S Kij =D MKj(E MKi(S K))(i=1 to n)
  • Of these, one SKij (i is in the range of 1 to n) is the first session key SK.
  • Using the ESK(SK), it is determined which one of the created SKij (i=1 to n) is the first session key SK.
  • Then, when ESK(SK) is deciphered using all of the candidates SKij (i=1 to n) of the first session key, this gives:

  • S K″(i,j)=D SKij(E SK(S K))
  • Here, when the same master key MKj as the master key MKi used in creating EMKi(SK) is used in the deciphering unit, or when i=j, this gives SK″(i, j)=SKij=SK.
  • Therefore, when a check is made to see if SK″(i, j)=SKij (j=1 to n) holds for each SKij (i=1 to n), this gives SKij that meets SK″(i, j)=SKij (i=1 to n) as the first session key SK. The one corresponding to i giving the SKij is the master key used in the present session.
  • For example, in FIGS. 6A and 6B, the deciphering circuit 112 in the key judging circuit 120 deciphers EMKi(SK) for i=1 using master key MKj, giving:

  • S Kij =D MKj(E MKi(S K))
  • Then, the deciphering circuit 112 deciphers ESK(SK) using SKij, giving:

  • S K ″=D SKij(E SK(S K))
  • Next, the comparison circuit 121 compares SK″ with SKij. If they coincide with each other, the gate circuit 122 will be controlled so as to output the stored SKij (FIG. 6A) or SK″ (FIG. 6B) as the first session key SK.
  • If they do not coincide, i is incremented by one and the same operation will be carried. This will be continued until the first session key SK has been obtained.
  • After the first session key SK has been obtained as described above, at steps S20 to S22, the image data Data is extracted from the image data ESK(Data) enciphered using the first session key SK.
  • As described earlier, the image data Data is decoded at the MPEG decoder circuit 115. After the decoded signal has been converted by the D/A converter circuit 116 into an analog signal, the analog signal is sent to the imaging device (not shown), such as a television, which reproduces the image.
  • In Method 2, too, any one of step S11, step S12, and step S13 and step S14 may be executed first.
  • Moreover, either step S15 and step S17 or step S16 and S18 may be executed first.
  • Furthermore, steps S12, S16, S18, and S19 may be executed in a batch processing manner using all the n number of (enciphered) master keys recorded on the DVD or using a specific number of master keys at a time. They may be executed one after another for each master key.
  • When they are executed sequentially every third master key, the second session key SK′ may be created for each master key.
  • Step S20 and step S21 may be executed by the method of carrying out the steps in units of ESK(Data), the method of reading a specific number of ESK(Data) at step S20, storing the read-out data in a buffer temporarily, and then deciphering ESK(Data) in the buffer at step S21, or the method of carrying out step S20 and step S21 in a pipeline processing manner.
  • Moreover, the deciphering unit 114 a may transfer the image data ESK(Data) to the MPEG decoder circuit 115 in units of one Data item or a specific number of Data items.
  • As described above, with the second embodiment, even when the data flowing over the CPU BUS 110 is stored, the data cannot be reproduced or used, as in the first embodiment.
  • As a result, the wrongful conduct of making unauthorized copies and selling the thus copied mediums can be prevented, thereby protecting copyrights.
  • Furthermore, with the second embodiment, because the first session keys enciphered using more than one master key and the first session key enciphered with the first session key itself are stored on the recording medium, the master keys built in the deciphering unit can be allocated in a specific unit, such as to each unit manufacturer.
  • With the second embodiment, because the circuits used for enciphering and deciphering can be designed separately from the essential portion of the reproducing section of the digital recording and reproducing apparatus, such as a DVD, as seen from FIG. 1, even if the cipher is broken, the deciphering unit 114 b (or the enciphering unit 107 and deciphering unit 114 b) has only to be replaced to overcome this problem.
  • While in the second embodiment, the enciphering unit 107 has one enciphering circuit, it may have two enciphering circuits. Moreover, although in the embodiment, the deciphering unit 114 a has one deciphering circuit, it may have two, three, four, or five deciphering circuits. In these cases, it is desirable that the enciphering circuits should be paired with the corresponding deciphering circuits and each pair be used independently or be shared.
  • When a set of an enciphering circuit and its corresponding deciphering circuit is used independently, an enciphering method different from that in another enciphering circuit and deciphering circuit may be used in the enciphering circuit and its corresponding deciphering circuit in the independent set.
  • Next, explanation will be given about Method 3 where an n number of EMKi(SK) (i=1 to n) have been recorded on the DVD 101 and the deciphering unit 114 a includes an m number of MKj (j takes m values in the range of 1 to n (m<n)).
  • Since Method 3 is the same as Method 2 in basic configuration, operation, and effect, only the difference between them will be explained.
  • While in Method 2, the deciphering unit 114 a includes one predetermined master key MKj (j has a value in the range of 1 to n), in Method 3, the deciphering unit 114 a includes an m number of predetermined master keys MKj (m≧2). The order in which the m number of master keys MKj (j takes m values in the range of 1 to n) are used in the key judgment has been determined.
  • Because an n number of EMKi (SK) (i=1 to n) have been recorded on the DVD 101, using the master key first in order of use in the deciphering unit 114 b produces the first session key SK. Therefore, in this case, the operation is the same as in Method 2.
  • With Method 3, if one of the master keys is broken, the master key is made unusable. From this time on, EMKi(SK) corresponding to the unusable master key is not allowed to be recorded on the DVD 101. This case will be explained below.
  • When the unusable master key is not the master key first in order of use, the first session key SK can be obtained. In this case, too, the operation is the same as in Method 2.
  • When the master key first in order of use is made unusable, EMKi(SK) corresponding to the unusable master key has not been recorded on the DVD 101. Even if the master key first in order of use is used, the first session key SK cannot be obtained in step S19. In such a case, when the deciphering unit 114 a carries out the same operation using the master key second in order of use as in Method 2, this produces the first session key SK, provided that this master key is not unusable.
  • Even when the master key r-th in order of use is made unusable, the first session key SK can be obtained similarly, provided that one of the master keys (r+1)-th or later in order of use is not unusable.
  • In this way, the deciphering unit 114 a can be used until the predetermined m number of master keys (m≧2) in the deciphering unit 114 a have all been made unusable.
  • The operation of Method 5 is the same as that of Method 3.
  • Because in Method 4, the information corresponding to all the master keys has not been stored on the DVD 101, when the information corresponding to the master key selected in the deciphering unit has not been recorded on the DVD 101, deciphering cannot be effected as in the case where the master key is unusable. In this case, the master key next in order of use is selected and deciphering is tried. Therefore, the operation of Method 4 is also the same as that of Method 3.
  • In the embodiment, to encipher the information and transfer it safely over the CPU BUS 110, the second session key SK′ has been used. The second session key SK′ is created in the deciphering unit 114 a and is transferred to the enciphering unit 107 through the procedure of using master keys. At that time, one predetermined master key is supposed to have been registered in the enciphering unit 107.
  • Instead, a plurality of master keys may be registered in the enciphering unit 107 and the second session key SK′ may be transferred from the deciphering unit 114 a to the enciphering unit 107, using the procedure as described in Method 1 to Method 5 using key judgment.
  • For example, when the same master key as that registered in the deciphering unit 114 a is also registered in the enciphering unit 107, the operation is the same as that of Method 5.
  • When part of the master keys registered in the deciphering unit 114 a are registered in the enciphering unit 107, the operation is the same as that of Method 3.
  • When one master key is registered in the enciphering unit 107, the procedure of Method 2 can be used.
  • In these cases, however, in the procedure of each of Method 1 to Method 5, enciphering is replaced with deciphering. Specifically, DMKi(SK) and DSK(SK) are transferred from the deciphering unit 114 a to the enciphering unit 107.
  • In addition to the configuration using the master key, various suitable configurations may be used as the configuration that safely transfers the second session key SK′ from the deciphering unit 114 a to the enciphering unit 107 over the CPU BUS 110. For example, the techniques disclosed in Nikkei Electronics, No. 676, Nov. 18, 1996, pp. 13-14. In this case, it is not necessary to register a master key in the enciphering unit 107.
  • THIRD EMBODIMENT
  • Hereinafter, a third embodiment of the present invention will be explained.
  • The third embodiment is, for example, a single DVD player.
  • FIG. 9 is a block diagram of a system according to the third embodiment of the present invention. An example of the operation of the third embodiment is shown in the flowchart of FIG. 10.
  • The third embodiment is what is obtained by eliminating from the configuration of the second embodiment the portion related to the operation of exchanging an enciphered key between the enciphering unit and deciphering unit by use of the second session key.
  • As shown in FIG. 9, the system of the third embodiment comprises a DVD driving unit (not shown) that reads the data from a DVD 101 and a deciphering unit 114 b.
  • The deciphering unit 114 b includes a deciphering circuit 112, a key judging circuit 120, a demodulation/error correction circuit 117, and a demodulation/error correction circuit 118. In the third embodiment, the deciphering unit 114 b is assumed to include an MPEG decoder circuit 115 and a conversion circuit 116 that converts the digital deciphered data into analog data.
  • As shown in FIGS. 6A and 6B, the key judging circuit 120 includes a deciphering circuit 112, a comparison circuit 121, and a gate circuit 122.
  • Although in FIG. 9 and FIGS. 6A and 6B, the deciphering unit 114 b has a total of three deciphering circuits 112, including the two deciphering circuits 112 in the key judging circuit 120, it is assumed that it actually has one deciphering circuit. Each of the demodulation/error correction circuit 117 and the demodulation/error correction circuit 118 may be provided in the unit in the preceding stage, not in the enciphering unit 107.
  • The deciphering unit 114 b is composed of a single independent IC chip.
  • In the deciphering unit 114 b, a master key, explained later, has been registered. It is assumed that the master key has been recorded in a secret area in the deciphering unit chip so that the user cannot externally take out the master key.
  • In the third embodiment, there are an n number of master keys. A first session key is represented by SK, a second session key SK′, the i-th master key MKi (i is in the range of 1 to n), and image data (i.e., the data to be enciphered) Data.
  • In FIG. 9, numeral 102-1 indicates EMKi(SK) created by enciphering the first session key SK using the master key MKi, 102-2 ESK(SK) created by enciphering the first session key SK using the first session key SK itself, 103 ESK(Data) created by enciphering the image data Data using the first session key SK, 105 the master key MKi, and 113 the first session key SK.
  • As in the second embodiment, several methods can be considered as to how to set the number of types of EMKi(SK) created by enciphering the first session key SK recorded on the DVD 101 using the master key MKi and how to set the number of types of master key MKi the deciphering unit 114 b has in it. For example, they are as follows.
  • (Method 1) One master key EMKi(SK) (i is in the range of 1 to n) is recorded on the DVD 101. The deciphering unit 114 b has an n number of master keys MKj (i=1 to n) in it.
  • (Method 2) An n number of master keys EMKi(SK) (i=1 to n) are recorded on the DVD 101. The deciphering unit 114 b has one master key MKj (j has a value in the range of 1 to n) in it.
  • (Method 3) An n number of master keys EMKi(SK) (i=1 to n) are recorded on the DVD 101. The deciphering unit 114 b has an m (2<m<n) number of master keys MKj (j is in the range of 1 to n) in it.
  • (Method 4) An m (2<m<n) number of master keys EMKi(SK) (i is in the range of 1 to n) are recorded on the DVD 101. The deciphering unit 114 b has an n number of master keys MKj (j=1 to n) in it.
  • (Method 5) An n number of master keys EMKi(SK) (i=1 to n) are recorded on the DVD 101. The deciphering unit 114 b has an n number of master key MKj (j=1 to n) in it.
  • As shown in FIG. 3, it is assumed that on the DVD 101, one (in the case of Method 1) or more (in the case of Method 2 to Method 5) EMKi(SK) created by enciphering the first session key SK using the master key MKi are recorded in the key recording area (lead-in area) in the innermost circumference portion and the ESK(Data) created by enciphering the image data Data using the first session key SK is recorded in the data recording area (data area).
  • Next, the operation of the third embodiment will be explained by reference to the flowchart of FIG. 10. The operation of the third embodiment is what is obtained by eliminating from the operation of the second embodiment the portion related to the operation of exchanging an enciphered key between the enciphering unit and deciphering unit by use of the second session key.
  • At step S31, the first session key ESK(SK) enciphered using the first session key SK itself is read from the DVD 101, on which the DVD driving unit (not shown) has recorded the first session key, and then is loaded into the deciphering unit 114 b. At that time, the demodulation/error correction circuit 117 performs demodulation and data error correction.
  • At step S32, the first session key EMKi(SK) enciphered using the master key MKi is read from the DVD 101, on which the DVD driving unit (not shown) has recorded the master key, and then is loaded into the deciphering unit 114 b. At that time, the demodulation/error correction circuit 117 performs demodulation and data error correction.
  • At step S33, the first session key SK is obtained using the key judging circuit 120.
  • The operation of obtaining the first session key SK differs depending on Method 1, Method 2, or Method 3 to Method 5. Each case is the same as explained in the second embodiment, so explanation of them will not be given.
  • After the first session key SK has been obtained, the image data Data is extracted from the enciphered image data ESK(Data) using the first session key SK at steps S34 to S36. The operation at step S34 to S36 are the same as that of steps S20 to S22 explained in the second embodiment (i.e., that of steps S6 to S8 explained in the first embodiment) except that there is no exchange of the image data Data between the units via the CPU BUS.
  • As described earlier, the image data Data is decoded at the MPEG decoder circuit 115. After the decoded signal has been converted by the D/A converter circuit 116 into an analog signal, the analog signal is sent to the imaging device (not shown), such as a television, which reproduces the image.
  • In Method 3, too, step S31 may be executed before step S32 or vice versa.
  • Furthermore, in method 2 and in method 3 to method 5, step S32 and step S33 may be executed in a batch processing manner using all the n number of (enciphered) master keys (in the case of Methods 2, 3, and 5) or all the m number of (enciphered) master keys (in the case of Method 4) recorded on the DVD or using a specific number of master keys at a time. They may be executed one after another for each master key.
  • Step S34 and step S35 may be executed by the method of carrying out the steps in units of ESK(Data), the method of reading a specific number of ESK(Data) at step S34, storing the read-out data in a buffer temporarily, and then deciphering ESK(Data) in the buffer at step S35, or the method of carrying out step S34 and step S35 in a pipeline processing manner.
  • Moreover, the deciphering unit 114 b may transfer the image data ESK(Data) to the MPEG decoder circuit 115 in units of one Data item or a specific number of Data items.
  • With the third embodiment, the wrongful conduct of making unauthorized copies and selling the thus copied mediums can be prevented, thereby protecting copyrights.
  • Furthermore, with the third embodiment, it is possible to select and use a suitable master key in a predetermined range in recording the data on a DVD. The master keys can be allocated in a specific unit, such as to a DVD player maker, a DVD maker, or a DVD distributor.
  • Still furthermore, with the third embodiment, because the circuits used for enciphering and deciphering can be designed separately from the essential portion of the reproducing section of the digital recording and reproducing apparatus, such as a DVD, as seen from FIG. 1, even if the cipher is broken, the deciphering unit 114 b has only to be replaced to overcome this problem.
  • While in the third embodiment, the deciphering unit 114 b has one deciphering circuit, it may have two or three deciphering circuits. In these cases, it is desirable that the enciphering circuits should be paired with the corresponding deciphering circuits and each pair be used independently or be shared.
  • When a set of an enciphering circuit and its corresponding deciphering circuit is used independently, an enciphering method different from that in another enciphering circuit and deciphering circuit may be used in the enciphering circuit and its corresponding deciphering circuit in the independent set.
  • Until now, the first embodiment, the second embodiment (specifically, the three types of configuration), and the third embodiment (specifically, the three types of configuration) have been explained. The present invention is not limited to these embodiments, but may be practiced or embodied in still other ways without departing from the spirit or essential character thereof.
  • Although the embodiments have been explained using a DVD as information recording medium, the present invention may be applied to other recording mediums, such as CD-ROMs.
  • While in the embodiments, the image data has been used as the information to be deciphered, the present invention may be applied to reproducing devices of other types of information, such as sound, text, or programs.
  • While in the embodiments, the data Data is image data, the configuration may be designed to use key information SKt as the data Data. Specifically, ESK(SKt) and ESKt(Data) may be recorded on a recording medium, such as a DVD, beforehand in place of ESK(Data), then SKt is first obtained at the deciphering units 114, 114 a, 114 b through the procedure in each of the embodiments, and ESKt(Data) is deciphered using the SKt to produce the actual contents of the data. The hierarchization of keys may be carried out over any number of levels of hierarchy.
  • While in the embodiments, the information to be deciphered has been compressed according to the MPEG2 standard, the present invention is not restricted to this. The data may be compressed or enciphered according to another standard. In this case, a decoder circuit corresponding to another standard has to be provided instead of the MPEG decoder circuit 115. The data may not be enciphered. In this case, the MPEG decoder circuit 115 is eliminated.
  • To output any data items compressed by various methods (or data items requiring no deciphering), several types of decoder circuits may be provided and switched suitably. In this case, a method can be considered which reads an identifier indicating the decoder to be used from a recording medium, such as a DVD, and selects a suitable decoder circuit according to the identifier.
  • The configurations of the key judging circuit 120 shown in FIGS. 6A and 6B in the second and third embodiments are illustrative and not restrictive. Other configurations of the key judging circuit may be considered.
  • Various types of the configuration that uses ESK(SK) as key judgment information may be considered. For instance, DSK(SK) is used as information used for key judgment. The key judging circuit 120 deciphers EMKi(SK) read from a recording medium, such as a DVD, using master key MKj to produce SKij=DMKj(EMKi(SK)), deciphers the SKij using the SKij itself to produce SK′″=DSKij(SKij), and compares the SK″ with DSK(SK) read from a recording medium, such as a DVD. When they coincide with each other, the key judging circuit judges that the first session key SK=SKij is correct and outputs it.
  • As other examples of key judgment information, the one enciphered or deciphered twice or more times, such as ESK(ESK(SK)) or DSK(DSK(SK)) may be considered. In addition, EMKi(EMKi(SK)) may be provided for each EMKi(SK).
  • In the embodiments, on the basis of the key judgment information, a judgment is made through the procedure shown in each of Method 1 to Method 5 as to whether the key obtained by deciphering is the correct first session key. However, the key judgment information, key judging procedure, and the structure for key judgment can be eliminated by recording all the EMKi(SK) on a recording medium, such as a DVD, in order of i and registering them in the deciphering unit in such a manner that i corresponds to MKi. When MKi for a certain i becomes unusable, it is desirable that information indicating invalidity should be stored on a recording medium, such as a DVD, in place of EMKi(SK).
  • A key control method followed by disk makers (assumed to be makers that produce DVDs for writings, including movies and music), player makers (assumed to be makers that produce DVD players), and a key control organization that controls master keys will be described taking a DVD-ROM as example, by reference to FIG. 11. Here, in addition to the contents, Data may be key information, as described earlier (explanation of the case where enciphering or deciphering is done using key information SKt when Data is key information SKt will be omitted). In FIG. 11, a computer used for processing is not shown.
  • FIG. 12 is a diagram to help explain a system for deciphering. Enciphering circuits 301, 312, 303 in FIG. 12 may be on the same unit (e.g., a computer) or on different units (e.g., computers). In the latter case, information is exchanged between the units. The enciphering circuits 301, 312, 303 may be constructed in hardware or in software.
  • Explanation will be given about a case where an n number of master keys EMKi(SK) (i=1 to n) are recorded on a DVD. A DVD player (a deciphering unit 114 b) has an m (2<m<n) number of master keys MKj (j is in the range of 1 to n) in it. The m number of master keys have been selected from the n number of master keys beforehand. The master keys MKj are assumed to be allocated exclusively to the DVD player maker. It is assumed that n=100 and m=10.
  • A method of recording ESK(SK) on a DVD as key judgment information is used (the section indicated by numeral 302 in FIG. 12 uses ESK(SK) as key judgment information).
  • A key control organization 200 keeps master keys MKi(i=1 to 100). It is desirable that the number of master keys should be set at a larger value than necessary in preparation for the entry of a new player maker or in case a master key is broken.
  • The key control organization 200 exclusively allocates the master keys MKi (i=1 to 10.0) to the individual player makers 201 to 203. For example, as shown in FIG. 11, it allocates master keys MKi (i=10 to 19) to player maker A, master keys MKi (i=20 to 29) to player maker B, and master keys MKi (i=30 to 39) to player maker C. The key control organization 200 sends the allocated master keys to the individual player makers by means of communication mediums or recording mediums. At that time, it is desirable that they should be exchanged safely by enciphered communication.
  • Each player maker controls the master keys allocated by the key control organization 200. Using the allocated master keys, each player maker manufactures DVD players with the configuration as shown in the third embodiment and sells the resulting products.
  • It is assumed that the key control organization 200 does not give the plain data on the master keys to disk makers 221 to 223.
  • First, each disk maker (e.g., maker a) determines the first session key SK (e.g., for each disk) by itself, and gives the first session key SK to the key control organization 200. The key control organization 200 enciphers the received first session key SK using all the master keys MKi (i=1 to 100) to produce EMKi(SK) (i=1 to 100) (using the enciphering unit 301 of FIG. 12). Then, the key control organization 200 gives EMKi(SK) (i=1 to 100) to disk maker a.
  • It is desirable that the exchange of the allocated master keys between the key control organization 200 and the disk maker should be made by means of communication mediums or recording mediums through enciphered communication.
  • Disk maker a records EMKi(SK) (i=1 to 100), ESK(SK), and ESK(Data) on a DVD 231. The operation of enciphering SK with SK itself to produce ESK(SK) is carried out by the disk maker side or by the key control organization 200 side (using the enciphering circuit 321 of FIG. 12) in the case of enciphering with a master key. It is assumed that at least the enciphering of the contents is done at the disk maker side (using the enciphering circuit 303 of FIG. 12).
  • Disk maker a controls the received EMKi(SK), key judgment information ESK(SK), and ESK(Data) (or Data) for SK, for example.
  • The same is true for the other disk makers.
  • In case it is found that the master key has been broken, from that time on, DVDs are manufactured without using the broken master key. For example, if the master key for i=19 has been broken, ninety-nine EMKi(SK) corresponding to i=1 to 18 and 20 to 100 are recorded on a DVD.
  • In case it is found that the master key has been broken, it is desirable that the player maker to which the broken master key has been allocated should manufacture and sell DVD players excluding the broken master key. For example, if the master key for i=19 has been broken, player maker A manufactures DVD players using the master keys for i=10 to 18 and sells the resulting products.
  • The already sold DVD player having the master key for i=19 may be used without any modification. It may be modified so as not to have the master key for i=19.
  • Consequently, the master keys can be controlled safely and effectively. In addition, the risk of the master key being deciphered in an unauthorized manner can be dispersed and even after the deciphering of the master key, the system can function safely and effectively.
  • As describe in detail, with the present invention, only the correct maker having at least one of a plurality of second keys can get the first key and therefore can get the plain data of the data enciphered using the first key.
  • As a result, the wrongful conduct of making unauthorized copies and selling the thus copied mediums can be prevented, thereby protecting copyrights.
  • Additional advantages and modifications will readily occur to those skilled in the art. Therefore, the present invention in its broader aspects is not limited to the specific details, representative devices, and illustrated examples shown and described herein. Accordingly, various modifications may be made without departing from the spirit or scope of the general inventive concept as defined by the appended claims and their equivalents.

Claims (4)

1-22. (canceled)
23. A key control method, comprising:
keeping a plurality of second keys;
obtaining first information composed of enciphered data by enciphering data with a first key;
obtaining second information composed of a p number of enciphered first keys, where p is an integer greater than or equal to two, obtained by enciphering the first key with a p number of second keys of the kept plurality of second keys, respectively;
recording the first and second information on a first recording medium in manufacturing of the first recording medium; and
in a case where part of the plurality of second keys has been broken, using remaining second keys except for the broken part of the plurality of second keys in manufacturing of a second recording medium other than the first recording medium.
24. The key control method according to claim 23, wherein using the remaining second keys comprises:
obtaining third information composed of a q number of enciphered first keys, where q is an integer smaller than p, obtained by enciphering the first key with a q number of remaining second keys except for the broken part of the plurality of second keys, respectively;
recording the first and third information on the second recording medium in manufacturing of the second recording medium.
25. The key control method according to claim 23, further comprising:
in a case where part of the plurality of second keys has been broken, using the remaining second keys except for the broken part of the plurality of second keys in manufacturing of a player.
US12/175,920 1996-06-28 2008-07-18 Method and apparatus of enciphering and deciphering data using multiple keys Abandoned US20080279383A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US12/175,920 US20080279383A1 (en) 1996-06-28 2008-07-18 Method and apparatus of enciphering and deciphering data using multiple keys

Applications Claiming Priority (7)

Application Number Priority Date Filing Date Title
JP17039996 1996-06-28
JP8-170399 1996-06-28
JP9-136709 1997-05-27
JP09136709A JP3093678B2 (en) 1996-06-28 1997-05-27 Encryption method, decryption method, recording / reproducing device, decryption device, decryption unit device and recording medium manufacturing method
US08/883,337 US6347145B2 (en) 1996-06-28 1997-06-26 Method and apparatus of enciphering and deciphering data using keys enciphered and deciphered with other keys
US10/035,311 US7433474B2 (en) 1996-06-28 2002-01-04 Method and apparatus of enciphering and deciphering data using keys enciphered and deciphered with other keys
US12/175,920 US20080279383A1 (en) 1996-06-28 2008-07-18 Method and apparatus of enciphering and deciphering data using multiple keys

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US10/035,311 Continuation US7433474B2 (en) 1996-06-28 2002-01-04 Method and apparatus of enciphering and deciphering data using keys enciphered and deciphered with other keys

Publications (1)

Publication Number Publication Date
US20080279383A1 true US20080279383A1 (en) 2008-11-13

Family

ID=26470215

Family Applications (3)

Application Number Title Priority Date Filing Date
US08/883,337 Expired - Lifetime US6347145B2 (en) 1996-06-28 1997-06-26 Method and apparatus of enciphering and deciphering data using keys enciphered and deciphered with other keys
US10/035,311 Expired - Fee Related US7433474B2 (en) 1996-06-28 2002-01-04 Method and apparatus of enciphering and deciphering data using keys enciphered and deciphered with other keys
US12/175,920 Abandoned US20080279383A1 (en) 1996-06-28 2008-07-18 Method and apparatus of enciphering and deciphering data using multiple keys

Family Applications Before (2)

Application Number Title Priority Date Filing Date
US08/883,337 Expired - Lifetime US6347145B2 (en) 1996-06-28 1997-06-26 Method and apparatus of enciphering and deciphering data using keys enciphered and deciphered with other keys
US10/035,311 Expired - Fee Related US7433474B2 (en) 1996-06-28 2002-01-04 Method and apparatus of enciphering and deciphering data using keys enciphered and deciphered with other keys

Country Status (7)

Country Link
US (3) US6347145B2 (en)
EP (1) EP0817185B1 (en)
JP (1) JP3093678B2 (en)
KR (1) KR100270252B1 (en)
CN (2) CN100446106C (en)
DE (1) DE69732880T2 (en)
TW (1) TW340920B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8610454B2 (en) 2010-01-12 2013-12-17 Stc.Unm System and methods for generating unclonable security keys in integrated circuits

Families Citing this family (77)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3093678B2 (en) 1996-06-28 2000-10-03 株式会社東芝 Encryption method, decryption method, recording / reproducing device, decryption device, decryption unit device and recording medium manufacturing method
JP3775175B2 (en) * 1996-06-28 2006-05-17 株式会社東芝 Key processing method and disk manufacturer side processing apparatus
FR2751817B1 (en) * 1996-07-29 1998-09-11 Thomson Multimedia Sa CONDITIONAL ACCESS SYSTEM USING MULTIPLE ENCRYPTION KEY MESSAGES
EP0840477B1 (en) 1996-10-31 2012-07-18 Panasonic Corporation Secret key transfer method which is highly secure and can restrict the damage caused when the secret key is leaked or decoded
EP0989557A4 (en) * 1998-01-26 2009-12-23 Panasonic Corp Method and system for data recording / reproducing, apparatus for recording/reproducing, and media for recording program
CN100373842C (en) * 1998-04-01 2008-03-05 松下电器产业株式会社 Data transmitting/receiving method, data transmistter, dtaa receiver, data transmitting/receiving system, AV content transmitting method
JP3097655B2 (en) 1998-05-11 2000-10-10 日本電気株式会社 Data transmission method
US6744713B1 (en) * 1998-06-15 2004-06-01 Samsung Electronics Co., Ltd. Recording medium for storing write protection information and write protection method thereof
KR100601598B1 (en) * 1998-06-15 2006-07-14 삼성전자주식회사 Recording medium storing write protection information and write protecting method
JP2000021085A (en) * 1998-06-30 2000-01-21 Pioneer Electron Corp Ciphering device and record medium
JP3565715B2 (en) 1998-07-02 2004-09-15 松下電器産業株式会社 Broadcast system and broadcast transceiver
JP3975308B2 (en) 1998-07-15 2007-09-12 ソニー株式会社 Information signal reproducing system, information signal reading device, information signal processing device, information signal reproducing method, information signal reading method, and information signal processing method
JP4206529B2 (en) 1998-09-17 2009-01-14 ソニー株式会社 Content management method and content storage system
CN1477630A (en) * 1998-09-21 2004-02-25 日本胜利株式会社 Information recording method and device, playback device and information protecting method
AU760436B2 (en) * 1998-10-16 2003-05-15 Matsushita Electric Industrial Co., Ltd. Production protection system dealing with contents that are digital production
CN1109423C (en) * 1999-02-10 2003-05-21 河北工业大学 Permutation code encryption and decryptment method and its encryption and decryptment equipment
WO2001015162A2 (en) * 1999-08-13 2001-03-01 Microsoft Corporation Methods and systems of protecting digital content
US7065216B1 (en) * 1999-08-13 2006-06-20 Microsoft Corporation Methods and systems of protecting digital content
US6886098B1 (en) * 1999-08-13 2005-04-26 Microsoft Corporation Systems and methods for compression of key sets having multiple keys
US7181629B1 (en) 1999-08-27 2007-02-20 Fujitsu Limited Data distribution system as well as data supply device terminal device and recording device for the same
US7203312B1 (en) 1999-08-30 2007-04-10 Fujitsu Limited Data reproduction apparatus and data reproduction module
EP1089273A3 (en) * 1999-09-30 2002-08-28 Matsushita Electric Industrial Co., Ltd. Information recording medium for recording a scrambled part of content information, and method and apparatus for reproducing information recorded therein
JP4595182B2 (en) * 2000-09-07 2010-12-08 ソニー株式会社 Information recording apparatus, information reproducing apparatus, information recording method, information reproducing method, information recording medium, and program providing medium
KR20020022388A (en) * 2000-09-20 2002-03-27 박주선 Charged Service System of Demand Media and method for servicing the same
US7409061B2 (en) * 2000-11-29 2008-08-05 Noatak Software Llc Method and system for secure distribution of subscription-based game software
JP4078802B2 (en) 2000-12-26 2008-04-23 ソニー株式会社 Information processing system, information processing method, information processing apparatus, information recording medium, and program recording medium
KR100923805B1 (en) 2001-03-29 2009-10-27 파나소닉 주식회사 Data protection system that protects data by encrypting the data
WO2002095748A2 (en) 2001-05-22 2002-11-28 Koninklijke Philips Electronics N.V. Record carrier with hidden channel
US7372964B2 (en) 2001-10-10 2008-05-13 Kabushiki Kaisha Toshiba Method and apparatus for recording information including secret information and method and apparatus for reproduction thereof
JP3688628B2 (en) 2001-11-09 2005-08-31 株式会社東芝 Signal processing method and apparatus, signal reproduction method and apparatus, and recording medium
US7340603B2 (en) * 2002-01-30 2008-03-04 Sony Corporation Efficient revocation of receivers
US7395438B2 (en) 2002-04-16 2008-07-01 Microsoft Corporation Digital rights management (DRM) encryption and data-protection for content on device without interactive authentication
US7096187B1 (en) * 2002-07-23 2006-08-22 Harris Scott C Compressed audio information
JP3878542B2 (en) * 2002-11-29 2007-02-07 株式会社東芝 Recording device
US7587051B2 (en) * 2003-01-13 2009-09-08 Denis Bisson System and method for securing information, including a system and method for setting up a correspondent pairing
JP3788438B2 (en) 2003-03-24 2006-06-21 ソニー株式会社 Information recording medium, information processing apparatus, information processing method, and computer program
JP2005039480A (en) * 2003-07-18 2005-02-10 Toshiba Corp Contents recording method, recording medium and contents recorder
US20050086471A1 (en) * 2003-10-20 2005-04-21 Spencer Andrew M. Removable information storage device that includes a master encryption key and encryption keys
US8472792B2 (en) 2003-12-08 2013-06-25 Divx, Llc Multimedia distribution system
US7519274B2 (en) 2003-12-08 2009-04-14 Divx, Inc. File format for multiple track digital data
JP4081048B2 (en) * 2004-06-18 2008-04-23 株式会社東芝 Content protection method, apparatus and program
US8238554B2 (en) * 2004-07-22 2012-08-07 Sanyo Electric Co., Ltd. Method for transmission/reception of contents usage right information in encrypted form, and device thereof
DE102004052101B4 (en) * 2004-10-26 2009-01-15 Comvenient Gmbh & Co. Kg Method and device for decoding broadband data
US7536016B2 (en) * 2004-12-17 2009-05-19 Microsoft Corporation Encrypted content data structure package and generation thereof
KR100621631B1 (en) 2005-01-11 2006-09-13 삼성전자주식회사 Solid state disk controller apparatus
JP2007019638A (en) * 2005-07-05 2007-01-25 Toshiba Corp Key managing device and method thereof
WO2007013611A1 (en) * 2005-07-29 2007-02-01 Matsushita Electric Industrial Co., Ltd. Recording device and recording medium
US20070143216A1 (en) * 2005-12-16 2007-06-21 Benaloh Josh D Data Signal with a Database and a Compressed Key
US7515710B2 (en) 2006-03-14 2009-04-07 Divx, Inc. Federated digital rights management scheme including trusted systems
JP4489044B2 (en) * 2006-03-27 2010-06-23 株式会社リコー INFORMATION RECORDING DEVICE, INFORMATION RECORDING METHOD, AND COMPUTER-READABLE RECORDING MEDIUM CONTAINING PROGRAM FOR CAUSING COMPUTER TO EXECUTE THE METHOD
EP3901779B1 (en) 2007-01-05 2022-10-26 DivX, LLC Video distribution system including progressive playback
US7965844B2 (en) * 2007-03-20 2011-06-21 International Business Machines Corporation System and method for processing user data in an encryption pipeline
WO2009065137A1 (en) 2007-11-16 2009-05-22 Divx, Inc. Hierarchical and reduced index structures for multimedia files
US9069990B2 (en) * 2007-11-28 2015-06-30 Nvidia Corporation Secure information storage system and method
US8312269B2 (en) * 2007-11-28 2012-11-13 Hitachi Global Storage Technologies Netherlands, B.V. Challenge and response access control providing data security in data storage devices
US9240883B2 (en) 2008-09-04 2016-01-19 Intel Corporation Multi-key cryptography for encrypting file system acceleration
EP2507995A4 (en) 2009-12-04 2014-07-09 Sonic Ip Inc Elementary bitstream cryptographic material transport systems and methods
US9247312B2 (en) 2011-01-05 2016-01-26 Sonic Ip, Inc. Systems and methods for encoding source media in matroska container files for adaptive bitrate streaming using hypertext transfer protocol
WO2012122217A2 (en) * 2011-03-07 2012-09-13 Adtran, Inc. Method and apparatus for network access control
US9467708B2 (en) 2011-08-30 2016-10-11 Sonic Ip, Inc. Selection of resolutions for seamless resolution switching of multimedia content
US8806188B2 (en) 2011-08-31 2014-08-12 Sonic Ip, Inc. Systems and methods for performing adaptive bitrate streaming using automatically generated top level index files
US8909922B2 (en) 2011-09-01 2014-12-09 Sonic Ip, Inc. Systems and methods for playing back alternative streams of protected content protected using common cryptographic information
CN202563514U (en) * 2012-02-23 2012-11-28 江苏华丽网络工程有限公司 Mobile electronic equipment with multimedia authentication encryption protection function
US8699715B1 (en) * 2012-03-27 2014-04-15 Emc Corporation On-demand proactive epoch control for cryptographic devices
US9191457B2 (en) 2012-12-31 2015-11-17 Sonic Ip, Inc. Systems, methods, and media for controlling delivery of content
JP2017518712A (en) 2014-03-14 2017-07-06 ロウェム インコーポレイテッド Secret data management method and apparatus, and security authentication method and system
US10193879B1 (en) * 2014-05-07 2019-01-29 Cisco Technology, Inc. Method and system for software application deployment
CN103973696B (en) * 2014-05-16 2017-09-19 天地融科技股份有限公司 A kind of data processing method of voice call
CN103987036B (en) * 2014-05-16 2017-07-25 天地融科技股份有限公司 A kind of data handling system of voice call
CN103986579B (en) * 2014-05-16 2017-07-21 天地融科技股份有限公司 A kind of data handling system of voice call
CN103997732B (en) * 2014-05-16 2017-09-19 天地融科技股份有限公司 A kind of data handling system of voice call
CN103974243B (en) * 2014-05-16 2017-11-10 天地融科技股份有限公司 A kind of data handling system of voice call
CN103974242B (en) * 2014-05-16 2017-11-10 天地融科技股份有限公司 A kind of data processing method of voice call
US9705501B2 (en) * 2014-10-01 2017-07-11 Maxim Integrated Products, Inc. Systems and methods for enhancing confidentiality via logic gate encryption
TR201906026T4 (en) 2014-12-24 2019-05-21 Koninklijke Philips Nv Cryptographic system and method.
ES2874748T3 (en) 2015-01-06 2021-11-05 Divx Llc Systems and methods for encoding and sharing content between devices
CN106599698B (en) * 2015-10-19 2019-09-20 腾讯科技(深圳)有限公司 A kind of method and apparatus for encrypting picture, decrypting picture

Citations (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4683968A (en) * 1985-09-03 1987-08-04 Burroughs Corporation System for preventing software piracy employing multi-encrypted keys and single decryption circuit modules
US4991208A (en) * 1990-03-29 1991-02-05 Gte Laboratories Incorporated Video control system having session encryption key
US5010571A (en) * 1986-09-10 1991-04-23 Titan Linkabit Corporation Metering retrieval of encrypted data stored in customer data retrieval terminal
US5241597A (en) * 1991-02-01 1993-08-31 Motorola, Inc. Method for recovering from encryption key variable loss
US5247575A (en) * 1988-08-16 1993-09-21 Sprague Peter J Information distribution system
US5301247A (en) * 1992-07-23 1994-04-05 Crest Industries, Inc. Method for ensuring secure communications
US5319705A (en) * 1992-10-21 1994-06-07 International Business Machines Corporation Method and system for multimedia access control enablement
US5351293A (en) * 1993-02-01 1994-09-27 Wave Systems Corp. System method and apparatus for authenticating an encrypted signal
US5392351A (en) * 1992-03-16 1995-02-21 Fujitsu Limited Electronic data protection system
US5416840A (en) * 1993-07-06 1995-05-16 Phoenix Technologies, Ltd. Software catalog encoding method and system
US5475758A (en) * 1993-01-22 1995-12-12 Fujitsu Limited User authenticating system and method in wide area distributed environment
US5513260A (en) * 1994-06-29 1996-04-30 Macrovision Corporation Method and apparatus for copy protection for various recording media
US5563947A (en) * 1993-07-26 1996-10-08 Elonex Ip Holdings Ltd. Cd-prom
US5615264A (en) * 1995-06-08 1997-03-25 Wave Systems Corp. Encrypted data package record for use in remote transaction metered data system
US5623546A (en) * 1995-06-23 1997-04-22 Motorola, Inc. Encryption method and system for portable data
US5719938A (en) * 1994-08-01 1998-02-17 Lucent Technologies Inc. Methods for providing secure access to shared information
US5778071A (en) * 1994-07-12 1998-07-07 Information Resource Engineering, Inc. Pocket encrypting and authenticating communications device
US5887063A (en) * 1995-07-28 1999-03-23 Hewlett-Packard Company Communication system for portable appliances
US5910987A (en) * 1995-02-13 1999-06-08 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US6085323A (en) * 1996-04-15 2000-07-04 Kabushiki Kaisha Toshiba Information processing system having function of securely protecting confidential information
US6347145B2 (en) * 1996-06-28 2002-02-12 Kabushiki Kaisha Toshiba Method and apparatus of enciphering and deciphering data using keys enciphered and deciphered with other keys
US6823070B1 (en) * 2000-03-28 2004-11-23 Freescale Semiconductor, Inc. Method for key escrow in a communication system and apparatus therefor

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS61177479A (en) 1985-02-01 1986-08-09 沖電気工業株式会社 Coding key managing system
JPS61264371A (en) 1985-05-20 1986-11-22 森 亮一 Data protection system
JP2832449B2 (en) 1989-03-29 1998-12-09 アイシン精機株式会社 Secret communication control device
US5237610A (en) * 1990-02-01 1993-08-17 Scientific-Atlanta, Inc. Independent external security module for a digitally upgradeable television signal decoder
JP2901767B2 (en) * 1991-02-08 1999-06-07 株式会社東芝 Cryptographic communication system and portable electronic device
JPH0721688A (en) * 1993-06-30 1995-01-24 Victor Co Of Japan Ltd Optical recording medium and reproducing device therefor
US5411710A (en) 1993-06-30 1995-05-02 E. I. Dupont De Nemours And Company Apparatus for processing materials
US5677953A (en) * 1993-09-14 1997-10-14 Spyrus, Inc. System and method for access control for portable data storage media
US5450489A (en) * 1993-10-29 1995-09-12 Time Warner Entertainment Co., L.P. System and method for authenticating software carriers
JPH07176134A (en) 1993-10-29 1995-07-14 Sony Corp Information recording and reproducing method, information processing method and information processing system
JP3325111B2 (en) * 1994-03-10 2002-09-17 株式会社インテック CD-ROM recording method, recording / reproducing method and CD-ROM disk

Patent Citations (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4683968A (en) * 1985-09-03 1987-08-04 Burroughs Corporation System for preventing software piracy employing multi-encrypted keys and single decryption circuit modules
US5010571A (en) * 1986-09-10 1991-04-23 Titan Linkabit Corporation Metering retrieval of encrypted data stored in customer data retrieval terminal
US5247575A (en) * 1988-08-16 1993-09-21 Sprague Peter J Information distribution system
US4991208A (en) * 1990-03-29 1991-02-05 Gte Laboratories Incorporated Video control system having session encryption key
US5241597A (en) * 1991-02-01 1993-08-31 Motorola, Inc. Method for recovering from encryption key variable loss
US5392351A (en) * 1992-03-16 1995-02-21 Fujitsu Limited Electronic data protection system
US5301247A (en) * 1992-07-23 1994-04-05 Crest Industries, Inc. Method for ensuring secure communications
US5319705A (en) * 1992-10-21 1994-06-07 International Business Machines Corporation Method and system for multimedia access control enablement
US5475758A (en) * 1993-01-22 1995-12-12 Fujitsu Limited User authenticating system and method in wide area distributed environment
US5351293A (en) * 1993-02-01 1994-09-27 Wave Systems Corp. System method and apparatus for authenticating an encrypted signal
US5416840A (en) * 1993-07-06 1995-05-16 Phoenix Technologies, Ltd. Software catalog encoding method and system
US5563947A (en) * 1993-07-26 1996-10-08 Elonex Ip Holdings Ltd. Cd-prom
US5513260A (en) * 1994-06-29 1996-04-30 Macrovision Corporation Method and apparatus for copy protection for various recording media
US5778071A (en) * 1994-07-12 1998-07-07 Information Resource Engineering, Inc. Pocket encrypting and authenticating communications device
US5719938A (en) * 1994-08-01 1998-02-17 Lucent Technologies Inc. Methods for providing secure access to shared information
US5910987A (en) * 1995-02-13 1999-06-08 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US5615264A (en) * 1995-06-08 1997-03-25 Wave Systems Corp. Encrypted data package record for use in remote transaction metered data system
US5623546A (en) * 1995-06-23 1997-04-22 Motorola, Inc. Encryption method and system for portable data
US5887063A (en) * 1995-07-28 1999-03-23 Hewlett-Packard Company Communication system for portable appliances
US6085323A (en) * 1996-04-15 2000-07-04 Kabushiki Kaisha Toshiba Information processing system having function of securely protecting confidential information
US6347145B2 (en) * 1996-06-28 2002-02-12 Kabushiki Kaisha Toshiba Method and apparatus of enciphering and deciphering data using keys enciphered and deciphered with other keys
US7433474B2 (en) * 1996-06-28 2008-10-07 Kabushiki Kaisha Toshiba Method and apparatus of enciphering and deciphering data using keys enciphered and deciphered with other keys
US6823070B1 (en) * 2000-03-28 2004-11-23 Freescale Semiconductor, Inc. Method for key escrow in a communication system and apparatus therefor

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8610454B2 (en) 2010-01-12 2013-12-17 Stc.Unm System and methods for generating unclonable security keys in integrated circuits

Also Published As

Publication number Publication date
EP0817185A3 (en) 1999-11-10
CN100446106C (en) 2008-12-24
CN1183685A (en) 1998-06-03
EP0817185B1 (en) 2005-03-30
DE69732880D1 (en) 2005-05-04
TW340920B (en) 1998-09-21
US20010019615A1 (en) 2001-09-06
EP0817185A2 (en) 1998-01-07
KR100270252B1 (en) 2000-10-16
US6347145B2 (en) 2002-02-12
US7433474B2 (en) 2008-10-07
CN1617248A (en) 2005-05-18
JPH10106148A (en) 1998-04-24
US20020080972A1 (en) 2002-06-27
JP3093678B2 (en) 2000-10-03
CN1293719C (en) 2007-01-03
DE69732880T2 (en) 2006-04-06

Similar Documents

Publication Publication Date Title
US7433474B2 (en) Method and apparatus of enciphering and deciphering data using keys enciphered and deciphered with other keys
US6347846B1 (en) Method and an apparatus to control copying from a data providing device to a data receiving device
US6343281B1 (en) Device and method for preventing fraudulent copies of data containing encrypted copy-management information and recording medium
US6609116B1 (en) System and method for securely updating copy-protected media
US6438692B2 (en) Copy protection apparatus and information recording medium used in this copy protection apparatus
CN100481765C (en) Access control for digital content
JP4790218B2 (en) Method and apparatus for supplying data set stored in database
TW530297B (en) Information recording medium for recording a scrambled part of content information, and method and apparatus for reproducing information recorded therein
US20020044657A1 (en) Information recording device, information playback device, information recording method, information playback method, and information recording medium and program providing medium used therewith
JP2002237811A (en) Content protection feature for digital recorder
US7874004B2 (en) Method of copying and reproducing data from storage medium
EP0720166B1 (en) Data reproducing device
EP1047062B1 (en) Contents information recording method, contents information processing unit, contents information deciphering method, contents information deciphering unit and media thereof
JPH10208388A (en) Optical disc cipher key generating method, cipher key recording method, cipher key recording device, information reproducing method, information reproduction permitting method, and information reproducing device
JP4482970B2 (en) DVD recorder, DVD recorder recording / reproducing method, and program recording medium
JP2006174491A (en) Key processing method, key processing system, and key management organization side processing unit
JP4505693B2 (en) Information processing apparatus, information processing method, and recording medium
JP2000048483A (en) Information processing method and information processor
KR100279523B1 (en) Copy protection device and information recording medium used in such a copy protection device
JP2000305850A (en) Electronic data protection system, application approver side device and user side device
JP2001307426A (en) Data managing method
KR100556731B1 (en) Encryption recording/playing apparatus and method for disk
KR20070013154A (en) Recording apparatus, recording mothod, reproducing apparauts and reproducing method for preventing illegal copy of optical disc
JP2002093045A (en) Information recording and reproducing device and recording medium
JPH10149619A (en) Cryptographic key generating method, optical disk reproducing method, optical disk reproducing device and optical disk reproducing permission method

Legal Events

Date Code Title Description
AS Assignment

Owner name: KABUSHIKI KAISHA TOSHIBA, JAPAN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:KATO, TAKEHISA;ENDOH, NAOKI;UNNO, HIROAKI;AND OTHERS;REEL/FRAME:021259/0240

Effective date: 19970725

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION