Abstract: This invention relates to provide a communication network system, a gateway, and a data communication method, in which the gateway has an advanced functionality. A person who issues an access request can retrieve a desired access destination easily by the following configuration: functions of routing information providing and authentication processing are added to a gateway that performs protocol conversion between two different communication networks; when an access request is issued from a public communication network such as Internet to a terminal in a local (private) communication network connected to the gateway, a request terminal is authenticated to enable prevention of unauthorized data writing and reading; and an access request user who succeeded in the authentication is provided with an active terminal list comprising accessible terminal information, or with a user condition table.

Abstract: This invention relates to provide a communication network system, a gateway, and a data communication method, in which the gateway has an advanced functionality. A person who issues an access request can retrieve a desired access destination easily by the following configuration: functions of routing information providing and authentication processing are added to a gateway that performs protocol conversion between two different communication networks; when an access request is issued from a public communication network such as Internet to a terminal in a local (private) communication network connected to the gateway, a request terminal is authenticated to enable prevention of unauthorized data writing and reading; and an access request user who succeeded in the authentication is provided with an active terminal list comprising accessible terminal information, or with a user condition table.

Abstract: The present invention is directed to a streaming system for encrypting encrypted data such as music and image, etc. to perform stream distribution thereof. Client terminals (30) used in this system structure leaves of the hierarchical tree structure, and hold a key set consisting of a route key, node keys and the own leaf key on a path of this tree structure, whereby SDP file is transmitted from a stream server (20). In the SDP file, there is stored encrypted information consisting of EKB including data encrypted by selection key that only specific client terminal holds and encrypted contents key data in which contents key has been encrypted. Only specific client terminal having selection key in key set (selected client terminal) decodes contents key from selection key to decode encrypted contents data caused to undergo stream distribution into contents data to perform real time reproduction thereof.

Abstract: The present invention relates to an information processing apparatus and method and to a program for reliably preventing unauthorized use of content even in the case of a low-throughput content storage device. A CPU selects content to be stored on a content storage device. In step S202, the CPU verifies a first digital signature added to the content. A storage unit stores a usage right. In step S203, the CPU searches the storage unit for the usage right. In step S207, the CPU verifies a second digital signature added to the usage right. The CPU generates alteration detecting data on the basis of information included in the usage right. In step S208, when the content and the usage right are unaltered, the CPU outputs the usage right, the alteration detecting data, and the content to the content storage device. The present invention is applicable to clients in a DRM system.

Abstract: A management apparatus includes a registering unit configured to issue a first key corresponding to a first service in response to a request for registration with the first service from a first information processing apparatus; a storage unit configured to store an apparatus ID of the first information processing apparatus, the first key, and a second key corresponding to a second service while associating the apparatus ID, the first key, and the second key with each other; and a composite license issuing unit configured to issue a composite license including a first license and a second license, the first license including first encrypted data, which is a content key that is used to decrypt the encrypted content and that is encrypted with the first key, and the second license including second encrypted data, which is the content key that is encrypted with the second key.

Abstract: A management apparatus supplying a license for use of content to an information processing apparatus includes a group management unit that registers at least one information processing apparatus in each group and delivers a group key specific to each group to the information processing apparatus; a storage unit that stores an ID of the information processing apparatus associated with a group ID of the group and the group key; a license issuing unit that issues a license including use conditions of the content and a content key with which encrypted content is decrypted, at least either of the use conditions of the content and the content key being encrypted with the group key; and a right information issuing unit that issues right information used for permitting the use of the content in a specified usage mode on the basis of the license to the permitted information processing apparatus.

Abstract: In a communication system and an information controller terminal equipment of a user, that is to say, a receiver of information is specified in a server side. And in a network system, a terminal equipment and a network server a position of a user is specified in a server side. The information of a terminal equipment used by the user among the pieces of terminal equipment 32, 33, 34, 35, 36, 37, 53, 54 and 70 connected to a network 10 is registered in prescribed registering means 20 and a transmission path from the terminal equipment 70 of a transmitter to the terminal equipment 53 of a receiver is determined on the basis of the registered information of the terminal equipment, so that the user can assuredly transmit the information to the terminal equipment of the receiver in the transmission path suitable for the information without any consciousness of the user.

Abstract: This invention relates to provide a communication network system, a gateway, and a data communication method, in which the gateway has an advanced functionality. A person who issues an access request can retrieve a desired access destination easily by the following configuration: functions of routing information providing and authentication processing are added to a gateway that performs protocol conversion between two different communication networks; when an access request is issued from a public communication network such as Internet to a terminal in a local (private) communication network connected to the gateway, a request terminal is authenticated to enable prevention of unauthorized data writing and reading; and an access request user who succeeded in the authentication is provided with an active terminal list comprising accessible terminal information, or with a user condition table.

Abstract: There are disclosed methods and systems (and related data structures) for processing metadata in files, including media files, so that an alteration or falsification of the metadata can be detected. According to certain embodiments, the metadata includes hash values and digital signatures that were generated by a content server. These hash values and digital signatures can be used by a client device to authenticate the metadata.

Abstract: Methods and systems of distributing digital content governed by a digital license are provided. In one aspect, the license has identification data for licensed content and is transmitted to a client device. A first item of content is transmitted to the client after receipt by the client of the license. The first item of content has first content identification data, and at least a portion of the first item of content is in encrypted form. A second item of content is transmitted to the client after receipt by the client of the license. The second item of content has second content identification data that is different from the first content identification data. At least a portion of the second item of content is in encrypted form. The encrypted portion of the first item of content is decrypted if the first content identification data corresponds to the identification data for licensed content.

Abstract: Protection of digital content using a specific application of block cipher cryptography is described. The digital content is encrypted using an encryption key and a calculated initialization vector. The digital content includes a plurality of strides of data and each stride includes a string of data to be encrypted and a block of data to be encrypted. The calculated initialization vector to be used to encrypt the block of data is derived from the string of data in the stride to be encrypted. Furthermore, the initialization vector is calculated by performing an exclusive disjunction function on a seed value and the string of data for each stride.

Abstract: Protection of digital content using a specific application of block cipher cryptography is described. The digital content is encrypted using an encryption key and a calculated initialization vector. The digital content includes a plurality of strides of data and each stride includes a string of data to be encrypted and a block of data to be encrypted. The calculated initialization vector to be used to encrypt the block of data is derived from the string of data in the stride to be encrypted. Furthermore, the initialization vector is calculated by performing an exclusive disjunction function on a seed value and the string of data for each stride.

Abstract: This invention relates to provide a communication network system, a gateway, and a data communication method, in which the gateway has an advanced functionality. A person who issues an access request can retrieve a desired access destination easily by the following configuration: functions of routing information providing and authentication processing are added to a gateway that performs protocol conversion between two different communication networks; when an access request is issued from a public communication network such as Internet to a terminal in a local (private) communication network connected to the gateway, a request terminal is authenticated to enable prevention of unauthorized data writing and reading; and an access request user who succeeded in the authentication is provided with an active terminal list comprising accessible terminal information, or with a user condition table.

Abstract: A terminal control apparatus 1 for causing various terminal devices to perform appropriate operations. The terminal control apparatus comprises a communication section 11, a control section 12, and a data-storing section 13. The communication section 11 accomplishes communication with a terminal device 2. The control section 12 controls the terminal device 2. The terminal device 3 comprises a communication section 21, a control section 22, and a terminal section 23. The communication section 21 achieves communication with the terminal control apparatus 1. The control section 22 transmits terminal information to the terminal control apparatus 1. The terminal information represents the type and capacity of the terminal device 2. The terminal control apparatus 1 performs terminal control functions in accordance with the terminal information. The control section 22 controls the terminal section 23 in accordance with the terminal control functions the apparatus 1 has performed.

Abstract: A streaming system includes an authoring unit (2), a stream server (3) and a client terminal (5). The authoring unit generates a file composed of encrypted contents data and the ancillary information at least containing the packetizing control information for generating an RTP packet, a non-encrypted codec dependent header made up of the information pertinent to encoded contents data, and the encryption information for decrypting the encrypted contents data form packet to packet. The streaming server packetizes the encrypted contents data along with at least the codec dependent header and distributes the resulting data as a stream. The client terminal refers to the codec dependent header of the received packet, re-assembles the packet, and decrypts the encrypted contents data of the re-assembled packet to generate contents data.

Abstract: The present invention relates to an information processing apparatus and method and to a program for reliably preventing unauthorized use of content even in the case of a low-throughput content storage device. A CPU selects content to be stored on a content storage device. In step S202, the CPU verifies a first digital signature added to the content. A storage unit stores a usage right. In step S203, the CPU searches the storage unit for the usage right. In step S207, the CPU verifies a second digital signature added to the usage right. The CPU generates alteration detecting data on the basis of information included in the usage right. In step S208, when the content and the usage right are unaltered, the CPU outputs the usage right, the alteration detecting data, and the content to the content storage device. The present invention is applicable to clients in a DRM system.

Abstract: Protection of digital content using a specific application of block cipher cryptography is described. The digital content is encrypted using an encryption key and a calculated initialization vector. The digital content includes a plurality of strides of data and each stride includes a string of data to be encrypted and a block of data to be encrypted. The calculated initialization vector to be used to encrypt the block of data is derived from the string of data in the stride to be encrypted. Furthermore, the initialization vector is calculated by performing an exclusive disjunction function on a seed value and the string of data for each stride.

Abstract: The present invention is directed to a streaming system for encrypting compression-encoded image data to distribute it via network of a predetermined transport protocol, and a streaming server used in this system transmits, to a client terminal, on the RTP packet basis, stream data encrypted so that encryption is performed every encryption block size from the leading portion of each GOP without encrypting the last data having less than encryption block size. In this instance, portions of prior and/or posterior stream data are stored into an extended area of RTP header so that size of stream data transmitted every RTP packet is integral multiple of encryption block size. Further, size information of added prior additional data and/or posterior additional data are also stored into the extended area. This streaming server suppresses increase in size by encryption to have ability to support both real time production and down-load reproduction without replacement of encryption.

Abstract: The present invention is directed to a streaming system for encrypting encrypted data such as music and image, etc. to perform stream distribution thereof. Client terminals (30) used in this system structure leaves of the hierarchical tree structure, and hold a key set consisting of a route key, node keys and the own leaf key on a path of this tree structure, whereby SDP file is transmitted from a stream server (20). In the SDP file, there is stored encrypted information consisting of EKB including data encrypted by selection key that only specific client terminal holds and encrypted contents key data in which contents key has been encrypted. Only specific client terminal having selection key in key set (selected client terminal) decodes contents key from selection key to decode encrypted contents data caused to undergo stream distribution into contents data to perform real time reproduction thereof.

Abstract: A technique is disclosed which makes it possible to easily control access to personal information of a user. A management server stores personal information such as a name, telephone number, address, and electronic mail address of each user. For example, if a user of a computer transmits a request command to the management server to transmit personal information of a user of a portable telephone device, the management server determines, in accordance with access restriction information, whether or not providing of the personal information of the user of the portable telephone is restricted. If the providing of the personal information requested by the user of the computer is restricted, the management server inquires of the user of the portable telephone device, who is the owner of the personal information, whether to give permission to provide the personal information. If permission is given, the management server provides the personal information to the user of the computer.