Abstract: In an encrypted communication system that includes a first and a second device, the first device encrypts a key using a public key of the second device to generate 1st encrypted data, which is then transmitted to the second device, receives 2nd encrypted data from the second device, which is then decrypted using a secret key of the first device to obtain a 2nd key, and generates, based on the 1st and 2nd keys, a 1st encryption key for use in communication with the second device. The second device encrypts a 3rd key using a public key of the first device to generate the 2nd encrypted data, which is then transmitted to the first device, receives the 1st encrypted data, which is then decrypted using a secret key of the second device to obtain a 4th key, and generates, based on the 3rd and 4th keys, a 2nd encryption key for use in communication with the first device. The first and second devices perform encrypted communication using the 1st and 2nd encryption keys.

Abstract: An encryption device encrypts a message, and includes a function value output unit that calculates a function value of the message using a one-way converting function. The encryption device also includes a numerical array output unit having an initial array decision unit that generates an initial decision array V1 having n1 elements of 1, n2 elements of ?1, and (n?n1?n2) elements of 0. Further, the numerical array output unit includes an array element replacement unit that changes the array element of the initial array V1 generated by the initial array decision unit according to an input integer X, and outputs the array V. The encryption device also includes a text generation unit that generates encrypted text, based on the message, according to a polynomial which corresponds to the array V.

Abstract: A content reproduction apparatus (1) which reproduces digital contents, including a device key storage unit (110) which holds a device key (110a) specific to the content reproduction apparatus (1) in a manner which does not allow access from outside the content reproduction apparatus (1), a device ID storage unit (19) which holds device key index information (19a) which is in a one-to-one association with a device key (110a), an instruction code receiving unit (14a) which receives an instruction code to output index information, a device key index information obtainment processing unit (10a) which outputs, to outside, the device key index information (19a) stored in the device ID storage unit (19) based on the instruction, and the device key index information output processing unit (11a).

Abstract: A method for use in a distribution system having a key management center, a distribution station and a reception terminal. The method updates a pair of distribution keys unique to the reception terminal, where the distribution public key is used to encrypt distribution data, and the distribution secret key is used to decrypt encrypted data. In the key updating method, the reception terminal acquires an update secret key prior to data distribution, and the key management center acquires an update public key making a pair with the update secret key, generates a new pair of distribution keys, encrypts a new distribution secret key by using the update public key, transmits an encrypted secret key to the reception terminal and updates to the new distribution public key. The reception terminal receives the encrypted secret key and restores the new distribution secret key by decrypting it using the update secret key and updates to the new distribution secret key.

Abstract: To ensure that one device acquires and updates a list used for judging whether the other device in communication is valid or invalid, in a device authentication system. When a list H stored in a personal computer 200 is old, the personal computer 200 acquires a latest version of the list H and a latest version of a list D from outside, updates the list H stored therein to the latest version, and updates the list D stored therein to the latest version.

Abstract: An apparatus generates first shared information that is shared by the apparatus and a recording medium by performing a first bilateral authentication. The apparatus encrypts overwrite data that is used to erase key information item recorded in the recording medium using the first shared information. Encrypted overwrite data is transferred to the recording medium. Second shared information is generated and shared by the apparatus and the recording medium by performing a second bilateral authentication between them. The apparatus receives data that is encrypted using the second shared information and that has been used by the recording medium for erasing key information. Encrypted data is decrypted using second shared information item and key information recorded in the recording medium is erased when the decrypted data is identical to overwrite data.

Abstract: A data player for reading contents encrypted by a decoding key from a digital medium, and playing the encrypted contents by using the decoding key which is stored in a key storage unit, comprises: a key obtaining unit for performing mutual authentication with the key storage unit to obtain the decoding key stored in the key storage unit; a key holding unit for holding the decoding key; a playback state obtaining unit for monitoring the playback state of the digital medium; and a contents decoding unit for decoding the encrypted contents by using the decoding key. The decoding key is obtained by the key obtaining unit and stored in the key holding unit, and the encrypted contents read from the digital medium is decoded with the decoding key by the contents decoding unit to play the contents. The decoding key stored in the key holding unit is discarded according to the playback state of the digital medium which is obtained by the playback state obtaining unit.

Abstract: A data player for reading contents encrypted by a decoding key from a digital medium, and playing the encrypted contents by using the decoding key which is stored in a key storage unit, comprises: a key obtaining unit for performing mutual authentication with the key storage unit to obtain the decoding key stored in the key storage unit; a key holding unit for holding the decoding key; a playback state obtaining unit for monitoring the playback state of the digital medium; and a contents decoding unit for decoding the encrypted contents by using the decoding key. The decoding key is obtained by the key obtaining unit and stored in the key holding unit, and the encrypted contents read from the digital medium is decoded with the decoding key by the contents decoding unit to play the contents. The decoding key stored in the key holding unit is discarded according to the playback state of the digital medium which is obtained by the playback state obtaining unit.

Abstract: An object of the present invention is to provide a technology to improve security against spoofing in a method of authentication using a challenge and response system. In the method of authentication of the present invention, the piece of challenge data is transmitted from the sever 10 to the terminal 20 (S104), and then the piece of response data, which is the decrypted challenge data (S105), is transmitted from the terminal to the server (S107). Further, whether the piece of response data is the piece of challenge data decrypted or not is judged based on encryption performed in the server 10 (S109). When the result of judgment is affirmative, the parameter used both for encryption and decryption is renewed to a parameter to be used in the next authentication (S111, S112).

Abstract: A transmission apparatus performs a one-way operation on plaintext to generate a first value and transmits the first value, generates first additional information, performs an invertible operation on the plaintext and first additional information to generate connected information, encrypts the connected information using an encryption algorithm to generate ciphertext, and transmits the ciphertext.

Abstract: A data player for reading contents encrypted by a decoding key from a digital medium, and playing the encrypted contents by using the decoding key which is stored in a key storage unit, comprises: a key obtaining unit for performing mutual authentication with the key storage unit to obtain the decoding key stored in the key storage unit; a key holding unit for holding the decoding key; a playback state obtaining unit for monitoring the playback state of the digital medium; and a contents decoding unit for decoding the encrypted contents by using the decoding key. The decoding key is obtained by the key obtaining unit and stored in the key holding unit, and the encrypted contents read from the digital medium is decoded with the decoding key by the contents decoding unit to play the contents. The decoding key stored in the key holding unit is discarded according to the playback state of the digital medium which is obtained by the playback state obtaining unit.

Abstract: A data player for reading contents encrypted by a decoding key from a digital medium, and playing the encrypted contents by using the decoding key which is stored in a key storage unit, comprises: a key obtaining unit for performing mutual authentication with the key storage unit to obtain the decoding key stored in the key storage unit; a key holding unit for holding the decoding key; a playback state obtaining unit for monitoring the playback state of the digital medium; and a contents decoding unit for decoding the encrypted contents by using the decoding key. The decoding key is obtained by the key obtaining unit and stored in the key holding unit, and the encrypted contents read from the digital medium is decoded with the decoding key by the contents decoding unit to play the contents. The decoding key stored in the key holding unit is discarded according to the playback state of the digital medium which is obtained by the playback state obtaining unit.

Abstract: A revocation list is registered a public ROM area. The revocation list designates at least one electronic device in which use of the storage medium by the designated electronic device is to be revoked. A controller receives from the electronic device which attempts to access, identification information indicative of the electronic device, and checks whether identification information corresponding to the received identification information is contained in the revocation list, thereby determining whether or not use of the storage medium by the electronic device which attempts to access should be revoked.

Abstract: A parameter generation apparatus for generating parameters causing no decryption error for an NTRU cryptosystem so that an encrypted communication can be carried out between an encryption apparatus and a decryption apparatus in a secure and reliable manner, is comprised of: a provisional parameter generation unit operable to generate a set of provisional parameters that do not cause any decryption errors, based on error condition information that is provided in advance, said error condition information indicating a condition for causing no decryption error; and an output parameter generation unit operable to generate an output parameter that does not cause any decryption errors, using said set of provisional parameters, based on a lattice constant that is calculated from said set of provisional parameters.

Abstract: A data player for reading contents encrypted by a decoding key from a digital medium, and playing the encrypted contents by using the decoding key which is stored in a key storage unit, comprises: a key obtaining unit for performing mutual authentication with the key storage unit to obtain the decoding key stored in the key storage unit; a key holding unit for holding the decoding key; a playback state obtaining unit for monitoring the playback state of the digital medium; and a contents decoding unit for decoding the encrypted contents by using the decoding key. The decoding key is obtained by the key obtaining unit and stored in the key holding unit, and the encrypted contents read from the digital medium is decoded with the decoding key by the contents decoding unit to play the contents. The decoding key stored in the key holding unit is discarded according to the playback state of the digital medium which is obtained by the playback state obtaining unit.

Abstract: An apparatus generates first shared information that is shared by the apparatus and a recording medium by performing a first bilateral authentication. The apparatus encrypts overwrite data that is used to erase key information item recorded in the recording medium using the first shared information. Encrypted overwrite data is transferred to the recording medium. Second shared information is generated and shared by the apparatus and the recording medium by performing a second bilateral authentication between them. The apparatus receives data that is encrypted using the second shared information and that has been used by the recording medium for erasing key information. Encrypted data is decrypted using second shared information item and key information recorded in the recording medium is erased when the decrypted data is identical to overwrite data.

Abstract: An encroption transmission apparatus and an encryption reception apparatus avoid attack that takes advantage of re-transmission request. A server apparatus encrypts a content key five times, thereby generating five encrypted content keys, calculates a hash value of the content key, and transmits the five encrypted content keys and the hash value. An image playback apparatus receives the five encrypted content keys and the has value, decrypts the five encrypted content keys thereby generating five content keys, calculates hash values each corresponding to the generated content keys, and compares the calculated hash values with the received hash value respectively. If at least one of the five calculated hash values matches the received hash value, the corresponding content key is considered correct. Conversely, if none of the five calculated hash values matches the received hash value, it is considered a decryption error.

Abstract: An input/output (IO) system reduces the processing load involved in judging whether a device is valid or revoked. The system is constituted from an input/output (IO) device and an information usage device. The IO device outputs an identifier (ID) list to the information usage device, the ID list including one or more identifiers (IDs), arranged according to a predetermined rule, that each correspond to a different valid or revoked device. The information usage device uses the received ID list to specify a target range that includes a target ID stored by the information usage device, and outputs range information indicating the specified target range to the IO device, which uses the received range information in judging whether the information usage device is valid or revoked.

Abstract: In a mutual authentication method for use between a recording apparatus which records copied contents on a recording medium having an arithmetic processing function, and the recording medium, the method includes a step of storing in the recording medium at least first information which depends on the recording medium, and second information which is to be shared by the recording apparatus in executing mutual authentication with the recording apparatus and depends on the recording medium, and a step of generating by the recording apparatus authentication information used in mutual authentication with the recording medium on the basis of the first information obtained from the recording medium, and executing mutual authentication between the recording apparatus and the recording medium using the generated authentication information and the second information.

Abstract: A semiconductor memory card comprising a control IC 302, a flash memory 303, and a ROM 304. The ROM 304 holds information such as a medium ID 341 unique to the semiconductor memory card. The flash memory 303 includes an authentication memory 332 and a non-authentication memory 331. The authentication memory 332 can be accessed only by external devices which have been affirmatively authenticated. The non-authentication memory 331 can be accessed by external devices whether the external devices have been affirmatively authenticated or not. The control IC 302 includes control units 325 and 326, an authentication unit 321 and the like. The control units 325 and 326 control accesses to the authentication memory 332 and the non-authentication memory 331, respectively. The authentication unit 321 executes a mutual authentication with an external device.