公开(公告)号：US07155607B2

公开(公告)日：2006-12-26

申请号：US10369644

申请日：2003-02-21

申请人： Kaoru Yokota ,  Makoto Tatebayashi ,  Motoji Ohmori

发明人： Kaoru Yokota ,  Makoto Tatebayashi ,  Motoji Ohmori

IPC分类号： H04L9/00 ,  H04K1/00

CPC分类号： H04L9/3271 ,  H04L9/0662 ,  H04L2209/04 ,  H04L2209/20 ,  H04L2209/60 ,  H04L2209/84

摘要： An object of the present invention is to provide a technology to improve security against spoofing in a method of authentication using a challenge and response system.In the method of authentication of the present invention, the piece of challenge data is transmitted from the sever 10 to the terminal 20 (S104), and then the piece of response data, which is the decrypted challenge data (S105), is transmitted from the terminal to the server (S107). Further, whether the piece of response data is the piece of challenge data decrypted or not is judged based on encryption performed in the server 10 (S109). When the result of judgment is affirmative, the parameter used both for encryption and decryption is renewed to a parameter to be used in the next authentication (S111, S112).

摘要翻译： 本发明的目的是提供一种在使用挑战和响应系统的认证方法中提高防止欺骗的安全性的技术。 在本发明的认证方法中，从服务器10向终端20发送询问数据（S104），然后作为解密的询问数据的响应数据（S105）为 从终端发送到服务器（S107）。 此外，基于在服务器10中执行的加密来判断该片响应数据是否是解密的询问数据片段（S109）。 当判断结果为肯定时，将用于加密和解密的参数更新为要在下一次认证中使用的参数（S 111，S 112）。

公开(公告)号：US6009174A

公开(公告)日：1999-12-28

申请号：US957910

申请日：1997-10-27

申请人： Makoto Tatebayashi ,  Motoji Ohmori ,  Takehisa Kato ,  Naoki Endoh ,  Koichi Hirayama

发明人： Makoto Tatebayashi ,  Motoji Ohmori ,  Takehisa Kato ,  Naoki Endoh ,  Koichi Hirayama

IPC分类号： H04L9/08 ,  H04N7/167 ,  H04N21/6334 ,  H04L9/00 ,  H04L9/12 ,  H04L9/14

CPC分类号： H04N21/63345 ,  H04L9/0838 ,  H04L9/0891 ,  H04N7/1675

摘要： A transmission apparatus 100 includes a secret key storage unit 103 that stores three secret keys K1, K2 and K3, a secret key selection unit 104 that selects one secret key Ks from the secret keys, a message generation unit 106 for generating a message M used as a carrier for indicating a secret key, an encryption module 105 for generating a cryptogram Ca by encrypting the generated message M using the secret key Ks, an encryption module 107 for generating a cryptogram Cm by encrypting the message M using the message M itself as the secret key, and two transmission units 111 and 112 for transmitting the cryptograms Ca and Cm to the reception apparatus 200 to indicate the selected secret key Ks. The reception apparatus 200 includes a decryption module, such as 221, for generating decrypted data Mi by decrypting the cryptogram Ca using a secret key Ki out of the three secret keys, and a decryption module, such as 222, for generating decrypted data Mii by decrypting the cryptogram Cm using the decrypted data Mi, and authorizes that the secret key Ki has been selected when the decrypted data Mi matches the decrypted data Mii.

公开(公告)号：US08275998B2

公开(公告)日：2012-09-25

申请号：US12953676

申请日：2010-11-24

申请人： Toshihisa Nakano ,  Hideshi Ishihara ,  Makoto Tatebayashi

发明人： Toshihisa Nakano ,  Hideshi Ishihara ,  Makoto Tatebayashi

IPC分类号： H04L29/06 ,  H04L9/32 ,  G06F21/00 ,  G06F11/30 ,  G06F12/14

CPC分类号： H04L9/083 ,  H04L9/3247 ,  H04L2209/60

摘要： A key distribution system distributes key data for using content to a second encryption device that has been legitimately outsourced processing by a first encryption device. The first encryption device acquires permission information indicating that the first encryption device has permission to use the content, generates certification information by making an irreversible alteration the to permission information, and transmits the permission information and the certification information to the second encryption device. The second encryption device receives the permission information and the certification information, sends them to a key distribution device, and acquires the key data from the key distribution device. The key distribution device receives the permission information and the certification information, judges whether or not the certification information was generated by the by the first encryption device, and if judging in the affirmative, transmits the key data to the second encryption device.

摘要翻译： 密钥分配系统将用于使用内容的密钥数据分配给已被第一加密设备合法外包处理的第二加密设备。 第一加密装置获取表示第一加密装置具有允许使用内容的许可信息，通过对许可信息进行不可逆变更来生成认证信息，并将许可信息和认证信息发送到第二加密装置。 第二加密装置接收许可信息和认证信息，将其发送到密钥分发装置，并从密钥分发装置获取密钥数据。 密钥分配装置接收许可信息和认证信息，判断认证信息是否由第一加密装置生成，并且如果肯定地判断，则将密钥数据发送到第二加密装置。

公开(公告)号：US20120117663A1

公开(公告)日：2012-05-10

申请号：US13353689

申请日：2012-01-19

申请人： Teruto Hirota ,  Makoto Tatebayashi ,  Taihei Yugawa ,  Masataka Minami ,  Masayuki Kozuka

发明人： Teruto Hirota ,  Makoto Tatebayashi ,  Taihei Yugawa ,  Masataka Minami ,  Masayuki Kozuka

IPC分类号： G06F12/14

CPC分类号： G06F21/10 ,  G06F21/445 ,  G06F21/6218 ,  G06F21/78 ,  G06F21/79 ,  G06F2221/2105 ,  G06Q20/3674 ,  G11C16/22 ,  H04L9/3273 ,  H04L2209/603

摘要： A semiconductor memory card comprising a control IC 302, a flash memory 303, and a ROM 304. The ROM 304 holds information such as a medium ID 341 unique to the semiconductor memory card. The flash memory 303 includes an authentication memory 332 and a non-authentication memory 331. The authentication memory 332 can be accessed only by external devices which have been affirmatively authenticated. The non-authentication memory 331 can be accessed by external devices whether the external devices have been affirmatively authenticated or not. The control IC 302 includes control units 325 and 326, an authentication unit 321 and the like. The control units 325 and 326 control accesses to the authentication memory 332 and the non-authentication memory 331, respectively. The authentication unit 321 executes a mutual authentication with an external device.

摘要翻译： 包括控制IC302，闪速存储器303和ROM304的半导体存储卡.ROM 304保存诸如半导体存储卡唯一的介质ID 341之类的信息。 闪速存储器303包括认证存储器332和非验证存储器331.认证存储器332可以仅被已被肯定认证的外部设备访问。 外部设备可以访问非认证存储器331，无论外部设备是否被肯定认证。 控制IC302包括控制单元325和326，认证单元321等。 控制单元325和326分别控制对认证存储器332和非验证存储器331的访问。 认证单元321执行与外部设备的相互认证。

公开(公告)号：US07577251B2

公开(公告)日：2009-08-18

申请号：US11512372

申请日：2006-08-30

申请人： Hirotsugu Kawada ,  Noboru Katta ,  Susumu Ibaraki ,  Makoto Tatebayashi ,  Shunji Harada

发明人： Hirotsugu Kawada ,  Noboru Katta ,  Susumu Ibaraki ,  Makoto Tatebayashi ,  Shunji Harada

IPC分类号： H04N7/167

CPC分类号： H04N7/1675 ,  G11B20/00086 ,  G11B20/00181 ,  G11B20/00195 ,  G11B20/0021 ,  G11B20/00231 ,  G11B20/00673 ,  G11B20/0084 ,  G11B20/00884 ,  H04N5/85 ,  H04N5/913 ,  H04N9/8042 ,  H04N21/2541 ,  H04N21/4181 ,  H04N21/42646 ,  H04N21/4325 ,  H04N21/4334 ,  H04N21/4367 ,  H04N21/4405 ,  H04N21/4408 ,  H04N21/4623 ,  H04N21/835 ,  H04N21/8358 ,  H04N2005/91335 ,  H04N2005/91364

摘要： A data player for reading contents encrypted by a decoding key from a digital medium, and playing the encrypted contents by using the decoding key which is stored in a key storage unit, comprises: a key obtaining unit for performing mutual authentication with the key storage unit to obtain the decoding key stored in the key storage unit; a key holding unit for holding the decoding key; a playback state obtaining unit for monitoring the playback state of the digital medium; and a contents decoding unit for decoding the encrypted contents by using the decoding key. The decoding key is obtained by the key obtaining unit and stored in the key holding unit, and the encrypted contents read from the digital medium is decoded with the decoding key by the contents decoding unit to play the contents. The decoding key stored in the key holding unit is discarded according to the playback state of the digital medium which is obtained by the playback state obtaining unit.

摘要翻译： 一种数据播放器，用于从数字介质读取通过解码密钥加密的内容，并且通过使用存储在密钥存储单元中的解码密钥播放加密内容，包括：密钥获取单元，用于执行与密钥存储单元的相互认证 以获得存储在密钥存储单元中的解码密钥; 用于保持解码密钥的键保持单元; 播放状态获取单元，用于监视数字媒体的播放状态; 以及内容解码单元，用于通过使用解码密钥对加密的内容进行解码。 解码密钥由密钥获取单元获得并存储在密钥保存单元中，并且由内容解码单元用解码密钥对从数字介质读取的加密内容进行解码以播放内容。 存储在键保持单元中的解码密钥根据由重放状态获取单元获得的数字媒体的重放状态而被丢弃。

公开(公告)号：US07404076B2

公开(公告)日：2008-07-22

申请号：US10471803

申请日：2002-06-13

申请人： Toshihisa Nakano ,  Motoji Omori ,  Makoto Tatebayashi

发明人： Toshihisa Nakano ,  Motoji Omori ,  Makoto Tatebayashi

IPC分类号： H04L9/00

CPC分类号： G06F21/606 ,  G06F21/10

摘要： A system structured from a management device, a content key distribution device and a plurality of terminals suppresses the data volume of a terminal revocation list (TRL). The management device generates and transmits a TRL formed from data that expresses terminal IDs of all terminals to be invalidated, by only a value and a position of a common bit string in the IDs, to the content key distribution device. Each terminal holds a terminal ID that includes a manufacturer, ID and a serial number, and requests the distribution of a content key by sending the terminal ID to the content key distribution device. The content key distribution device refers to the TRL, judges whether the terminal ID transmitted from the terminal is that of an invalidated terminal, and if negative, encrypts and transmits the content key to the terminal.

摘要翻译： 由管理装置，内容密钥分发装置和多个终端构成的系统抑制终端撤销列表（TRL）的数据量。 管理装置仅通过ID中的公共位串的值和位置来生成并发送由表示要无效的所有终端的终端ID的数据形成的TRL，并发送到内容密钥分配装置。 每个终端保持包括制造商，ID和序列号的终端ID，并且通过将内容密钥发送到内容密钥分配设备来请求分发内容密钥。 内容密钥分发装置是指TRL，判断从终端发送的终端ID是否为无效终端，如果是否定的，则加密并发送内容密钥到终端。

公开(公告)号：US07272229B2

公开(公告)日：2007-09-18

申请号：US10278082

申请日：2002-10-23

申请人： Toshihisa Nakano ,  Natsume Matsuzaki ,  Makoto Tatebayashi

发明人： Toshihisa Nakano ,  Natsume Matsuzaki ,  Makoto Tatebayashi

IPC分类号： H04L9/00

CPC分类号： G06F21/10 ,  G11B20/00086 ,  G11B20/00094 ,  G11B20/00137 ,  G11B20/00188 ,  G11B20/0021 ,  G11B20/00246 ,  G11B20/00253 ,  G11B20/00333 ,  H04L9/0822 ,  H04L9/0836 ,  H04L9/0891 ,  H04L2209/605

摘要： In a system composed of a recording apparatus that records digitized content such as a movie, or a reproduction apparatus that reproduces the digitized content, and a recording medium, a media key for use in recording or reproduction is encrypted by a plurality of device keys and recorded on the recording medium. Here, the recording apparatus or the reproduction apparatus specifies the encrypted media key that it is to decrypt, from amongst the plurality of encrypted media keys. A key management apparatus records node revocation patterns assigned to nodes in a tree structure to the recording medium in a particular order, as header information of key information, together with the encrypted media keys. The recording apparatus or the reproduction apparatus specifies the encrypted media key to be decrypted, by analyzing the node revocation patterns sequentially.

摘要翻译： 在记录诸如电影的数字化内容的记录装置或再现数字化内容的再现装置以及记录介质的系统中，用于记录或再现的媒体密钥由多个设备密钥加密， 记录在记录介质上。 这里，记录装置或再现装置从多个加密媒体密钥中指定要解密的加密媒体密钥。 密钥管理装置将分配给树结构中的节点的节点撤销模式以特定顺序记录到记录介质上，作为密钥信息的头信息以及加​​密的媒体密钥。 记录装置或再现装置通过依次分析节点撤销模式来指定要解密的加密媒体密钥。

公开(公告)号：US07206412B2

公开(公告)日：2007-04-17

申请号：US10119766

申请日：2002-04-11

申请人： Kaoru Yokota ,  Makoto Tatebayashi

发明人： Kaoru Yokota ,  Makoto Tatebayashi

IPC分类号： H04L9/00

CPC分类号： H04L9/0891 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/083 ,  H04L2209/60

摘要： A method for use in a distribution system having a key management center, a distribution station and a reception terminal. The method updates a pair of distribution keys unique to the reception terminal, where the distribution public key is used to encrypt distribution data, and the distribution secret key is used to decrypt encrypted data. In the key updating method, the reception terminal acquires an update secret key prior to data distribution, and the key management center acquires an update public key making a pair with the update secret key, generates a new pair of distribution keys, encrypts a new distribution secret key by using the update public key, transmits an encrypted secret key to the reception terminal and updates to the new distribution public key. The reception terminal receives the encrypted secret key and restores the new distribution secret key by decrypting it using the update secret key and updates to the new distribution secret key.

摘要翻译： 一种在具有密钥管理中心，分发站和接收终端的分发系统中使用的方法。 该方法更新了分配公钥用于加密分发数据的接收终端唯一的一对分发密钥，并且分发密钥用于解密加密的数据。 在密钥更新方法中，接收终端在数据分发之前获取更新秘密密钥，密钥管理中心获取与更新秘密密钥进行配对的更新公钥，生成新的一对分发密钥，加密新的分发 通过使用更新公钥进行秘密密钥，将加密的秘密密钥发送到接收终端，并更新到新的分发公钥。 接收终端接收加密的秘密密钥，并通过使用更新秘密密钥对其进行解密来恢复新的分配密钥，并更新新的分配密钥。

公开(公告)号：US07065648B1

公开(公告)日：2006-06-20

申请号：US09593864

申请日：2000-06-15

申请人： Tooru Kamibayashi ,  Hisashi Yamada ,  Hiroshi Iwasaki ,  Masafumi Tamura ,  Yasuhiro Ishibashi ,  Taku Kato ,  Makoto Tatebayashi ,  Shunji Harada

发明人： Tooru Kamibayashi ,  Hisashi Yamada ,  Hiroshi Iwasaki ,  Masafumi Tamura ,  Yasuhiro Ishibashi ,  Taku Kato ,  Makoto Tatebayashi ,  Shunji Harada

IPC分类号： H04L9/00

CPC分类号： G11B20/0021 ,  G06Q20/367 ,  G06Q20/3674 ,  G06Q20/3829 ,  G11B20/00086 ,  G11B20/00094 ,  G11B20/00115 ,  G11B20/00188 ,  G11B20/00195 ,  G11B20/00224 ,  G11B20/00253 ,  G11B20/00478 ,  G11B20/00514 ,  G11B20/00557 ,  G11B2220/60

摘要： In a mutual authentication method for use between a recording apparatus which records copied contents on a recording medium having an arithmetic processing function, and the recording medium, the method includes a step of storing in the recording medium at least first information which depends on the recording medium, and second information which is to be shared by the recording apparatus in executing mutual authentication with the recording apparatus and depends on the recording medium, and a step of generating by the recording apparatus authentication information used in mutual authentication with the recording medium on the basis of the first information obtained from the recording medium, and executing mutual authentication between the recording apparatus and the recording medium using the generated authentication information and the second information.

摘要翻译： 在用于在具有运算处理功能的记录介质上记录复制的内容的记录装置和记录介质之间的相互认证方法中，该方法包括以下步骤：至少在第一信息中存储取决于记录的信息 中间和第二信息由记录装置在与记录装置进行相互认证的同时依赖于记录介质而被共享，以及由记录装置产生与记录介质相互认证中使用的认证信息的步骤 从记录介质获得的第一信息的基础，以及使用生成的认证信息和第二信息执行记录装置和记录介质之间的相互认证。

公开(公告)号：US06971022B1

公开(公告)日：2005-11-29

申请号：US09593677

申请日：2000-06-14

申请人： Noboru Katta ,  Susumu Ibaraki ,  Shinji Inoue ,  Makoto Tatebayashi

发明人： Noboru Katta ,  Susumu Ibaraki ,  Shinji Inoue ,  Makoto Tatebayashi

IPC分类号： G06F11/30 ,  G06F12/14 ,  G06F21/00 ,  H04K1/04 ,  H04L9/00 ,  H04L9/32

CPC分类号： G06F21/602

摘要： A cryptographic apparatus reads, from a portable storage medium, content data and cryptographic information specifying a certain part of the content data on which cryptographic processing is to be performed, specifies the certain part in the read content data based on the read cryptographic information, and performs one of encryption and decryption on the certain part. When, for example, the content data is formed from alternating headers and variable-length data sections, the cryptographic information is a program formed from an instruction sequence. The instruction sequence has the cryptographic apparatus detect a header in the content data, read the length of the variable-length data, and perform cryptographic processing on a part of the content data between a start point and an end point, the start point being a position relative to the header position, and the end point being a value resulting from adding the length to the start point.

摘要翻译： 密码装置从便携式存储介质读取指定要进行加密处理的内容数据的特定部分的内容数据和密码信息，基于读取的密码信息指定读取的内容数据中的某一部分，以及 在某一部分执行加密和解密。 当例如内容数据由交替的头部和可变长度数据部分形成时，密码信息是由指令序列形成的程序。 指令序列具有密码装置检测内容数据中的标题，读取可变长度数据的长度，并对起始点和结束点之间的内容数据的一部分执行加密处理，起始点为 相对于头部位置的位置，并且终点是通过将长度添加到起始点而得到的值。