Data processing apparatus, data processing system, and data processing method therefor
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-009/32
H04L-009/00
G06F-012/14
G06F-011/30
출원번호
UP-0741668
(2000-12-19)
등록번호
US-7757101
(2010-08-02)
우선권정보
JP-P11-361225(1999-12-20)
발명자
/ 주소
Nonaka, Akira
Ezaki, Tadashi
출원인 / 주소
Sony Corporation
대리인 / 주소
Finnegan, Henderson, Farabow, Garrett and Dunner, L.L.P.
인용정보
피인용 횟수 :
45인용 특허 :
14
초록▼
A SAM receives a secure container in which content data encrypted with content key data, the encrypted content key data, and UCP data designating a handling policy of the content data are stored, and determines at least one of the purchase mode and the usage mode of the content data based on the UCP
A SAM receives a secure container in which content data encrypted with content key data, the encrypted content key data, and UCP data designating a handling policy of the content data are stored, and determines at least one of the purchase mode and the usage mode of the content data based on the UCP data. The SAM serves as a slave for a host CPU, and is also provided with a common memory shared with the host CPU.
대표청구항▼
What is claimed is: 1. A data processing apparatus for performing rights processing of content data encrypted with content key data based on usage control policy data, and for decrypting the encrypted content key data, the data processing apparatus comprising within a tamper-resistant circuit modul
What is claimed is: 1. A data processing apparatus for performing rights processing of content data encrypted with content key data based on usage control policy data, and for decrypting the encrypted content key data, the data processing apparatus comprising within a tamper-resistant circuit module: an input circuit for receiving a secure container from a content provider, wherein the secure container contains a content file, a key file, and a signature data of the content provider, and for receiving license key data from an electronic distribution center, wherein the content file contains the encrypted content data, and wherein the key file contains the encrypted content key, the usage control policy data, and signature data of the electronic distribution center; a first bus; an arithmetic processing circuit connected to the first bus, for performing the rights processing of the content data based on the usage control policy data; a storage circuit connected to the first bus; a second bus; a first interface circuit interposed between the first bus and the second bus; an encryption processing circuit connected to the second bus, for decrypting the content key data using the license key data; a hash-value generating circuit that generates hash values of the content data, the content key data, and the usage control policy data; a public key encryption circuit that creates signature data of the data processing apparatus using the hash values and verifies the integrity of the signature data of the content provider and the signature data of the electronic distribution center; a common key encryption circuit; an external bus interface circuit connected to the second bus; and a usage monitor; wherein the arithmetic processing circuit determines at least one of a purchase mode and a usage mode of the content data based on a handling policy indicated by the usage control policy data, and creates log data which includes a unique identifier of the content data, discount information, and tracing information and indicates result of the determined mode; and the arithmetic processing circuit creates usage control status data in accordance with the determined purchase mode, and controls the use of the content data based on the usage control status data; the usage control status data comprising a content identification for the content data, the purchase mode, an identification for the tamper-resistant circuit module, and a user identification for a user who has purchased the content data; wherein the log data is transmitted to the electronic distribution center; wherein the usage monitor monitors the usage control policy data and the usage control status data to make sure that the content data is purchased and used as restricted by the usage control policy data and the usage control status data; and wherein the purchase mode is determined from one or more purchase mode options, and each purchase mode option has a different level of restriction imposed on a playback operation. 2. A data processing apparatus according to claim 1, further comprising a second interface circuit within the tamper-resistant circuit module, wherein the first bus comprises a third bus connected to the arithmetic processing circuit and the storage circuit, and a fourth bus connected to the first interface circuit, and the second interface circuit is interposed between the third bus and the fourth bus. 3. A data processing apparatus according to claim 2, further comprising within the tamper-resistant circuit module: a fifth bus; a third interface circuit connected to the fifth bus, for performing communication with a data processing circuit having an authentication function which is loaded on one of a recording medium and an integrated circuit card; and a fourth interface circuit interposed between the fourth bus and the fifth bus. 4. A data processing apparatus according to claim 1, wherein: the storage circuit stores private key data of the data processing apparatus and public key data of a second data processing apparatus; the public-key encryption circuit verifies the integrity of the usage control policy data, by using the public key data, and when recording the content data, the content key data, and the usage control policy data on a recording medium or when sending the content data, the content key data, and the usage control policy data to the second data processing apparatus, the public-key encryption circuit creates the signature data of the data processing apparatus, which verifies the integrity of the content data, the content key data, and the usage control policy data, by using the private key data; and the common-key encryption circuit decrypts the content key data, and when sending the content data, the content key data, and the usage control policy data to the second data processing apparatus online, the common-key encryption circuit encrypts and decrypts the content data, the content key data, and the usage control policy data by using session key data obtained by performing mutual authentication with the second data processing apparatus. 5. A data processing apparatus according to claim 1, further comprising a random-number generating circuit within the tamper-resistant circuit module, the random-number generating circuit being connected to the second bus, for generating a random number for performing mutual authentication with a second data processing apparatus when sending the content data, the content key data, and the usage control policy data to the second data processing apparatus online. 6. A data processing apparatus according to claim 1, wherein the external bus interface circuit is connected to an external storage circuit for storing at least one of the content data, the content key data, and the usage control policy data. 7. A data processing apparatus according to claim 6, further comprising a storage-circuit control circuit for controlling access to the storage circuit and access to the external storage circuit via the external bus interface circuit in accordance with a command from the arithmetic processing circuit. 8. A data processing apparatus according to claim 6, further comprising a storage management circuit for managing an address space of the storage circuit and an address space of the external storage circuit. 9. A data processing apparatus according to claim 1, wherein the external bus interface circuit is connected to a host arithmetic processing apparatus on which the data processing apparatus is loaded. 10. A data processing apparatus according to claim 1, wherein, when the license key data has an effective period, the storage circuit stores the license key data, the data processing apparatus further comprises a real time clock for generating real time, the arithmetic processing circuit reads the effective license key data from the storage circuit based on the real time indicated by the real time clock, and the common-key encryption circuit decrypts the content key data by using the read license key data. 11. A data processing apparatus according to claim 1, wherein the storage circuit writes and erases data in units of blocks, and the data processing apparatus comprises within the tamper-resistant circuit module, a write-lock control circuit for controlling the writing and erasing of the data into and from the storage circuit in units of blocks under the control of the arithmetic processing circuit. 12. A data processing apparatus for performing rights processing of content data encrypted with content key data based on usage control policy data, and for decrypting the encrypted content key data, the data processing apparatus comprising within a tamper-resistant circuit module: an input circuit for receiving a secure container from a content provider, wherein the secure container contains a content file, a key file, and a signature data of the content provider, and for receiving license key data from an electronic distribution center, wherein the content file contains the encrypted content data, and wherein the key file contains the encrypted content key, the usage control policy data, and signature data of the electronic distribution center; a first bus; an arithmetic processing circuit connected to the first bus, for performing the rights processing of the content data based on the usage control policy data; a storage circuit connected to the first bus; a second bus; an interface circuit interposed between the first bus and the second bus; an encryption processing circuit connected to the second bus, for decrypting the content key data using the license key data; a hash-value generating circuit that generates hash values of the content data, the content key data, and the usage control policy data; a public key encryption circuit that creates signature data of the data processing apparatus using the hash values and verifies the integrity of the signature data of the content provider and the signature data of the electronic distribution center; a common key encryption circuit; an external bus interface circuit connected to the second bus; and a usage monitor; wherein, upon receiving an interrupt from an external circuit via the external bus interface circuit, the arithmetic processing circuit becomes a slave for the external circuit so as to perform processing designated by the interrupt, and reports a result of the processing to the external circuit; wherein the arithmetic processing circuit determines at least one of a purchase mode and a usage mode of the content data based on a handling policy indicated by the usage control policy data, and creates log data which includes a unique identifier of the content data, discount information, and tracing information and indicates a result of the determined mode; and the arithmetic processing circuit creates usage control status data in accordance with the determined purchase mode, and controls the use of the content data based on the usage control status data; the usage control status data comprising a content identification for the content data, the purchase mode, an identification for the tamper-resistant circuit module, and a user identification for a user who has purchased the content data; wherein the log data is transmitted to the electronic distribution center; wherein the usage monitor monitors the usage control policy data and the usage control status data to make sure that the content data is purchased and used as restricted by the usage control policy data and the usage control status data; and wherein the purchase mode is determined from one or more purchase mode options, and each purchase mode option has a different level of restriction imposed on a playback operation. 13. A data processing apparatus according to claim 12, wherein the arithmetic processing circuit reports the result of the processing by outputting an interrupt to the external circuit. 14. A data processing apparatus according to claim 13, wherein the storage circuit stores an interrupt program describing the processing designated by the interrupt, and the arithmetic processing circuit performs the processing by executing the interrupt program read from the storage circuit. 15. A data processing apparatus according to claim 14, wherein the storage circuit stores a plurality of the interrupt programs, and a plurality of sub-routines to be read when executing the interrupt program, and the arithmetic processing circuit appropriately reads and executes the sub-routines from the storage circuit when executing the interrupt program read from the storage circuit. 16. A data processing apparatus according to claim 12, wherein the external bus interface comprises a common memory for the arithmetic processing circuit and the external circuit, and the arithmetic processing circuit writes the result of the processing into the common memory, and the external circuit obtains the result of the processing by polling. 17. A data processing apparatus according to claim 16, wherein the external bus interface comprises: a first status register indicating an execution status of the processing requested from the external circuit in the arithmetic processing circuit, and including a flag set by the arithmetic processing circuit and read by the external circuit; a second status register indicating whether the external circuit has requested the arithmetic processing circuit to perform processing, and including a flag set by the external circuit and read by the arithmetic processing circuit; and the common memory for storing a result of the processing. 18. A data processing method of performing rights processing for content data encrypted with content key data based on usage control policy data, and of decrypting the encrypted content key data, the data processing method comprising the steps of: receiving a secure container from a content provider, wherein the secure container contains a content file, a key file, and a signature data of the content provider; receiving license key data from an electronic distribution center, wherein the content file contains the encrypted content data, and wherein the key file contains the encrypted content key, the usage control policy data, and signature data of the electronic distribution center; determining at least one of a purchase mode and a usage mode of the content data based on a handling policy indicated by the usage control policy data; creating log data which includes a unique identifier of the content data, discount information, and tracing information and indicates a result of the determined purchase mode; transmitting the log data to the electronic distribution center; creating usage control status data in accordance with the determined purchase mode; the usage control status data comprising a content identification for the content data, the purchase mode, an identification for a tamper-resistant circuit module, and a user identification for a user who has purchased the content data; monitoring the usage control policy data and the usage control status data to make sure that the content data is purchased and used as restricted by the usage control policy data and the usage control status data; controlling the use of the content data based on the usage control status data; recording the content data, for which the purchase mode is determined, on a recording medium; generating hash values of the content data, the content key data, and the usage control policy data; performing authentication; creating a signature data of a data processing apparatus using the hash values; verifying the integrity of the signature data of the content provider and the signature data of the electronic distribution center; sharing session key data obtained by the authentication; and encrypting the content key data and the usage control status data by using the session key data; wherein the purchase mode is determined from one or more purchase mode options, and each purchase mode option has a different level of restriction imposed on a playback operation.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (14)
Hampson Bradford E. (Framingham MA), Digital computer system for executing encrypted programs.
Castor Patrick F. (Naperville IL) Tsau Yung-Chun (Oak Brook IL) Kristiansen Inge B. (Pasadena CA) Nelson John W. (Chicago IL), Distributed data processing system and method utilizing peripheral device polling and layered communication software.
Venkatesan, Ramarathnam; Yacobi, Yacov, License-based cryptographic technique, particularly suited for use in a digital rights management system, for controlling access and use of bore resistant software objects in a client computer.
Schneier Bruce ; Walker Jay ; Jorasch James, Remote-auditing of computer generated outcomes and authenticated biling and access control system using cryptographic an.
Chorley Bernard J. (Hampton GB2) Parkin Graeme I. P. (London GB2) Wichmann Brian A. (Woking GB2) Elsom Simon M. (Feltham GB2), Software protection device.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Apsangi, Shrikant; Guduru, Srinivas; Schnitzer, Jason Kazimir; Markley, Jeffrey P.; Carlucci, John B.; Bevilacqua, John G., Apparatus and methods for provisioning in a download-enabled system.
Zhu, Yinglin; Nakamura, Mitsuhiro; Nakatsugawa, Yasumasa; Higashikawa, Toshimitsu, Communication device, communication method, information processing device, information processing method, program, and communication system.
Katayama, Shigeki; Sekiguchi, Katsuhiko; Fukushima, Kazuto; Matsumoto, Tsutomu, Protective-control measuring system and device and data transmission method.
Helms, William; Hayashi, Michael T.; Leddy, Kevin J.; Christman, David A., Technique for securely communicating and storing programming material in a trusted domain.
Helms, William; Hayashi, Michael T.; Leddy, Kevin J.; Christman, David A., Technique for securely communicating and storing programming material in a trusted domain.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.