摘要:
A system structured from a management device, a content key distribution device and a plurality of terminals suppresses the data volume of a terminal revocation list (TRL). The management device generates and transmits a TRL formed from data that expresses terminal IDs of all terminals to be invalidated, by only a value and a position of a common bit string in the IDs, to the content key distribution device. Each terminal holds a terminal ID that includes a manufacturer ID and a serial number, and requests the distribution of a content key by sending the terminal ID to the content key distribution device. The content key distribution device refers to the TRL, judges whether the terminal ID transmitted from the terminal is that of an invalidated terminal, and if negative, encrypts and transmits the content key to the terminal.
摘要:
A data protection system is provided that reduces, to a degree, the amount of encrypted data that is distributed to a plurality of terminals. In the data protection system a terminal whose decryption keys are exposed by a dishonest party is made to be unable to decrypt the data correctly, while other terminals are able to decrypt the data correctly.The data protection system includes a plurality of terminals, and an encryption device that encrypts distribution data distributed to each terminal. Each terminal is corresponded with one node on a lowest level of a 4-ary tree structure or the like having a plurality of hierarchies. The data protection system, for each node in the tree structure, excluding those on the lowest level, determines a plurality of combination patterns that include combinations of two or more of all four nodes that are reached one level below the node, decides an individual decryption key for each determined combination pattern, and decides an individual decryption key for each node on the lowest level. Further, the data protection system has each terminal store all decryption keys decided for the nodes on the path from the node on the lowest level that corresponds to the terminal through to the node on the highest level. The data protection system prescribes nodes that are reached from the node on the lowest level that corresponds to the terminal through to the node on the highest level that correspond to a terminal that has been dishonestly analyzed as invalid nodes. For invalid nodes, other than invalid nodes on the lowest level, the data protection system designates an encryption key that corresponds to the decryption key decided in correspondence with the combination pattern that combines all nodes, excluding invalid nodes, of the four nodes that are reached one level below the node, and has the encryption device encrypt distribution data that uses each of the designated encryption keys.
摘要:
A key distribution system distributes key data for using content to a second encryption device that has been legitimately outsourced processing by a first encryption device. The first encryption device acquires permission information indicating that the first encryption device has permission to use the content, generates certification information by making an irreversible alteration the to permission information, and transmits the permission information and the certification information to the second encryption device. The second encryption device receives the permission information and the certification information, sends them to a key distribution device, and acquires the key data from the key distribution device. The key distribution device receives the permission information and the certification information, judges whether or not the certification information was generated by the by the first encryption device, and if judging in the affirmative, transmits the key data to the second encryption device.
摘要:
A content protection system prevents illegal key acquisition, without checking uniqueness of device keys. The content protection system includes a key data generation apparatus and a user terminal. The key data generation apparatus converts first key data, which is for using content, based on a predetermined conversion rule, thereby generating second key data, encrypts the second key data using a device key held by valid terminals, and outputs the encrypted key data. The user terminal obtains the encrypted key data, decrypts the encrypted key data using a device key held by the user terminal, thereby generating second key data, converts the second key data based on a re-conversion rule corresponding to the conversion rule, thereby generating the first key data, and uses the content with use of the generated first key data.
摘要:
A playback device reads a BD-J application from a BD-ROM and runs the BD-J application. The BD-J application causes, by using a socket connection API, the digital copy module of the playback device to execute copying of a protected content for portable terminals to a removable recording medium and setting of a resume playback point on the copied content. The resume playback point is specified by the BD-J application according to playback time information read from the PSR set.
摘要:
To provide a content playback device capable of protecting content according to DRM, when decrypting encrypted content recorded on a recording medium and playing the decrypted content. If key generation information is “00”, a key control unit 104 concatenates a decrypted media key and content information in this order, and applies a one-way function to the concatenation result to generate a content key. If the key generation information is “10”, the key control unit 104 sets a rights key as the content key. If the key generation information is “01”, the key control unit 104 concatenates the decrypted media key and the rights key in this order, and applies a one-way function to the concatenation result to generate the content key.
摘要:
When a plurality of types of copyright information are detected on a disk or the like, a content playback device and method can appropriately control playback of content in accordance with the copyright information. As the content playback device, a digital watermark detection device attempts to detect watermark information in blocks that make up the content, and a result storage subunit (401) stores result information constituted from detected watermark information and frequency information indicating how often the watermarks appear. Each time watermark information is detected in one of the blocks, a comparison subunit (402) compares the detected watermark information to the watermark information in the result information, and judges whether updating the result information is necessary with reference to a predetermined condition. An update subunit (403) performs an update, and a control unit (307) performs a playback restriction of the content with use of the result information.
摘要:
An encryption scheme management method according to the present invention is an encryption scheme management method which manages encryption schemes utilized for distributing encrypted data, and includes request receiving which receives encryption scheme switching request from a client device, selecting an encryption scheme from the encryption schemes, generating circuit forming information for forming a decrypting circuit which decrypts the data encrypted by the selected encryption scheme, and sending the circuit forming information to the client device.