Abstract: A semiconductor memory card comprising a control IC 302, a flash memory 303, and a ROM 304. The ROM 304 holds information such as a medium ID 341 unique to the semiconductor memory card. The flash memory 303 includes an authentication memory 332 and a non-authentication memory 331. The authentication memory 332 can be accessed only by external devices which have been affirmatively authenticated. The non-authentication memory 331 can be accessed by external devices whether the external devices have been affirmatively authenticated or not. The control IC 302 includes control units 325 and 326, an authentication unit 321 and the like. The control units 325 and 326 control accesses to the authentication memory 332 and the non-authentication memory 331, respectively. The authentication unit 321 executes a mutual authentication with an external device.

Abstract: A positional information storage system stores and verifies positional information of a mobile terminal apparatus. The positional information storage system stores (i) the positional information, (ii) time information, and (iii) signature data that is generated by placing a digital signature on a combination of the time information and the positional information of the mobile terminal apparatus only if a user of the mobile terminal apparatus is successfully authenticated. The positional information storage system also verifies whether the signature data is authentic. With this construction, it is possible to authenticate a person carrying the mobile terminal apparatus, and to verify whether data to be stored in the memory has been tampered with.

Abstract: A data converter (1) capable of reducing a size of the total implementation in a device is a processing apparatus that performs secret converting processing predetermined to input data with 64 bits, the data converter including a finite field polynomial cubing unit (10), data integrating units (11a) to (11d), (12) and (13), a first converter (14), a second converter (15), a data splitting unit (16), and a data integrating unit (17). The finite field polynomial cubing unit (10) performs cubing, on the 32 bits data, in the polynomial residue class ring with a value in the finite field GF (28) as a coefficient and respectively outputs data with 32 bits.

Abstract: A cryptographic apparatus reads, from a portable storage medium, content data and cryptographic information specifying a certain part of the content data on which cryptographic processing is to be performed, specifies the certain part in the read content data based on the read cryptographic information, and performs one of encryption and decryption on the certain part. When, for example, the content data is formed from alternating headers and variable-length data sections, the cryptographic information is a program formed from an instruction sequence. The instruction sequence has the cryptographic apparatus detect a header in the content data, read the length of the variable-length data, and perform cryptographic processing on a part of the content data between a start point and an end point, the start point being a position relative to the header position, and the end point being a value resulting from adding the length to the start point.

Abstract: At least one set of revocation information for identifying electronic appliances that should be revoked for content protection and master revocation information for identifying electronic appliances that have special permission to update the revocation information are recorded in advance into a special storage region on a storage medium. When the storage medium is loaded into an electronic appliance indicated by the master revocation information, the revocation information can be updated. However, when the storage medium is loaded into an electronic appliance indicated by the revocation information, the electronic appliance is revoked and so the protection of contents is improved.

Abstract: The subkey data generating unit 101 has two different subkey key generation processes. When encrypting a (T*n)th plaintex block (where T denotes a predetermined cycle and n is a positive integer), sixteen sets of subkey data are generated. In all other cases, two sets of subkey data are generated. The encrypting unit 100 encrypts the plaintex using the generated sixteen or two sets of subkey data.

Abstract: The media inherent key storing unit 220 prestores an inherent key Ki, the conversion unit 230 generates an encrypted inherent key Ji from the inherent key read from the media inherent key storing unit 220, the random number generating unit 331 generates a random number R1, the encryption unit 252 generates an encrypted random number S1, the decryption unit 333 generates a random number R?1 from the encrypted random number R1, and the mutual authentication control unit 334 compares the random number R?1 with the random number R1 and, if the random number R?1 matches the random number R1, judges that the memory card 200 is an authorized device. If the memory card 200 and the memory card writer have successfully authenticated each other, the memory card writer encrypts a content using a decrypted inherent key. If the memory card 200 and the memory card reader have successfully authenticated each other, the memory card reader decrypts an encrypted content using the decrypted inherent key.

Abstract: There are disclosed an extended key generator, encryption/decryption unit, and storage medium, in which as each of key transform functions, a transform process is done by an S box (substitution table) on the basis of a first key obtained from the inputted key, and an adder computes a corresponding one of extended keys on the basis of a value obtained by shifting the transformed result of the S box to the left, and a second key obtained from the inputted key.

Abstract: A data converter (1) capable of reducing a size of the total implementation in a device is a processing apparatus that performs secret converting processing predetermined to input data with 64 bits, the data converter including a finite field polynomial cubing unit (10), data integrating units (11a) to (11d), (12) and (13), a first converter (14), a second converter (15), a data splitting unit (16), and a data integrating unit (17). The finite field polynomial cubing unit (10) performs cubing, on the 32 bits data, in the polynomial residue class ring with a value in the finite field GF (28) as a coefficient and respectively outputs data with 32 bits.

Abstract: An encryption apparatus 100a is comprised of the following: a CRL storage unit 111 that stores a CRL; a device key ring storage unit 112 that stores a device key KD_A specific to each copyright protection module 210a used by a decryption apparatus 200a; a content key storage unit 113 that stores a content key Kc that is a secret key for encrypting a content; a hashing function processing unit 114 that calculates a hash value of the CRL stored in the CRL storage unit 111 according to a hashing function; an Ex-OR unit 115 that obtains an exclusive OR value between the hash value and the device key KD_A; and an Enc unit 116 that encrypts the content key Kc using an output value from the Ex-OR unit, and stores the hash value, the encrypted content key and the encrypted content in a DVD2a.

Abstract: A data protection system obtains data having a first content on which a first encryption has been performed and a second content on which a second encryption has been performed, the second encryption more difficult to break than the first encryption. A first content decryption unit decrypts the first content, using a first encryption method corresponding to the first encryption of the first content. A second content decryption unit decrypts the second content using a second decryption method that corresponds to the second encryption. The decrypting contents can be executed by a software, and the second content decryption unit can include one of tamperproof hardware and an apparatus that executes tamperproof software.

Abstract: The media inherent key storing unit 220 prestores an inherent key Ki, the conversion unit 230 generates an encrypted inherent key Ji from the inherent key read from the media inherent key storing unit 220, the random number generating unit 331 generates a random number R1, the encryption unit 252 generates an encrypted random number S1, the decryption unit 333 generates a random number R?1 from the encrypted random number R1, and the mutual authentication control unit 334 compares the random number R?1 with the random number R1 and, if the random number R?1 matches the random number R1, judges that the memory card 200 is an authorized device. If the memory card 200 and the memory card writer have successfully authenticated each other, the memory card writer encrypts a content using a decrypted inherent key. If the memory card 200 and the memory card reader have successfully authenticated each other, the memory card reader decrypts an encrypted content using the decrypted inherent key.

Abstract: At least one set of revocation information for identifying electronic appliances that should be revoked for content protection and master revocation information for identifying electronic appliances that have special permission to update the revocation information are recorded in advance into a special storage region on a storage medium. When the storage medium is loaded into an electronic appliance indicated by the master revocation information, the revocation information can be updated. However, when the storage medium is loaded into an electronic appliance indicated by the revocation information, the electronic appliance is revoked and so the protection of contents is improved.

Abstract: To provide a broadcasting system in which a content user can select CMs that he or she wants. A sub-content index-information presenting unit presents sub-content index information. A user selects in advance sub-contents that he or she wants to view, by referring to the sub-content index information, and views only the selected sub-contents.

Abstract: A semiconductor memory card comprising a control IC 302, a flash memory 303, and a ROM 304. The ROM 304 holds information such as a medium ID 341 unique to the semiconductor memory card. The flash memory 303 includes an authentication memory 332 and a non-authentication memory 331. The authentication memory 332 can be accessed only by external devices which have been affirmatively authenticated. The non-authentication memory 331 can be accessed by external devices whether the external devices have been affirmatively authenticated or not. The control IC 302 includes control units 325 and 326, an authentication unit 321 and the like. The control units 325 and 326 control accesses to the authentication memory 332 and the non-authentication memory 331, respectively. The authentication unit 321 executes a mutual authentication with an external device.

Abstract: The invention provides a recording apparatus and a reproduction apparatus that are able to prevent illegitimate use of contents. A recording medium stores therein a medium inherent number in the unrewritable area. The recording apparatus writes media key data and an encrypted content onto the recording medium. The media key data includes encrypted media keys generated by (i) for each of unrevoked reproduction apparatuses, encrypting a media key using a device key of the unrevoked reproduction apparatus respectively, and (ii) for each of revoked reproduction apparatuses, encrypting detection information using a device key of the revoked reproduction apparatus respectively. The reproduction apparatus decrypts the encrypted media key using a device key to generate a decryption media key, judges whether the decryption media key is the detection information or not, and prohibits the encrypted content recorded on the recording medium from being decrypted when having judged in the affirmative.

Abstract: Provided is a content distribution system that prevents different keys to be derived between an encryption apparatus and a decryption apparatus. A random-number generating unit 112, in an encryption apparatus 110, generates a random number s. A first function unit 113 generates a functional value G(s) of the random number s, and generates a random-number value u and a shared key K from the functional value G(s). An encryption unit 114 generates a first cipher text c1 of the random number s, using a public-key polynomial h and the random-number value u. A decryption unit 123, in a decryption apparatus 120, decrypts the first cipher text c1 using a secret-key polynomial f, to generate a decryption random number s′ A second function unit 126 generates a functional value G(s′) of the decryption random number s′, and generates a random-number value u′ and a shared key K′from the functional value G(s′ ).

Abstract: A semiconductor memory card comprising a control IC 302, a flash memory 303, and a ROM 304. The ROM 304 holds information such as a medium ID 341 unique to the semiconductor memory card. The flash memory 303 includes an authentication memory 332 and a non-authentication memory 331. The authentication memory 332 can be accessed only by external devices which have been affirmatively authenticated. The non-authentication memory 331 can be accessed by external devices whether the external devices have been affirmatively authenticated or not. The control IC 302 includes control units 325 and 326, an authentication unit 321 and the like. The control units 325 and 326 control accesses to the authentication memory 332 and the non-authentication memory 331, respectively. The authentication unit 321 executes a mutual authentication with an external device.

Abstract: Provided is a content distribution system that prevents different keys to be derived between an encryption apparatus and a decryption apparatus. A random-number generating unit 112d, in an encryption apparatus 110d, generates a random number s, and a first function unit 113d generates a functional value G(s) of the random number s, and generates a verification value a and a shared key K from the functional value G(s). An encryption unit 114d generates a first cipher text c1 of the verification value a using a public-key polynomial h, and a second function unit 115d generates a functional value H(a,c1) of the verification value a and the first cipher text c1, and a random-number mask unit 116d generates a second cipher text c2=s xor H(a,c1). A decryption unit 123d, in a decryption apparatus 120d, decrypts the first cipher text c1 using a secret-key polynomial f, to generate a decryption verification value a′.

Abstract: A content protection system prevents illegal key acquisition, without checking uniqueness of device keys. The content protection system includes a key data generation apparatus and a user terminal. The key data generation apparatus converts first key data, which is for using content, based on a predetermined conversion rule, thereby generating second key data, encrypts the second key data using a device key held by valid terminals, and outputs the encrypted key data. The user terminal obtains the encrypted key data, decrypts the encrypted key data using a device key held by the user terminal, thereby generating second key data, converts the second key data based on a re-conversion rule corresponding to the conversion rule, thereby generating the first key data, and uses the content with use of the generated first key data.