Abstract: An encryption scheme management method according to the present invention is an encryption scheme management method which manages encryption schemes utilized for distributing encrypted data, and includes request receiving which receives encryption scheme switching request from a client device, selecting an encryption scheme from the encryption schemes, generating circuit forming information for forming a decrypting circuit which decrypts the data encrypted by the selected encryption scheme, and sending the circuit forming information to the client device.

Abstract: A system includes of a main device and a recording medium device. The main device includes a reception unit that receives a digital work from an external distribution server, an internal storage area for storing the digital work, a playback unit that plays back the digital work, and a unique information storage area for storing information that is unique to the main device. The main device also includes an encryption unit that encrypts the digital work using the unique information, a decryption unit that decrypts, using the unique information, the encrypted digital work having been read from the recording medium device, a write unit that writes the encrypted digital work into the recording medium device which is portable, and a read unit that reads the encrypted digital work from the recording medium device.

Abstract: A highly-convenient content duplication management system for allowing users to duplicate a content as long as the duplication is in compliance with a given usage right. In the system, a request destination device stores a content and a permitted number of duplications of the content. In response to a duplication request, the request destination device judges whether or not the request source device is an in-group device that belongs to the same group as the request destination device. When judging that the request source device is an in-group device, the request destination device transmits the content together with a permitted number that is equal to or smaller than the currently stored permitted number. The request destination device then updates the currently stored permitted number by subtracting the permitted number transmitted.

Abstract: In an exponentiation device, a relatively large table is generated outside of a coprocessor so as to enable high-speed exponentiation to be performed using the small window method. The selection of data from the table and transfer of data to the coprocessor are conducted in parallel with a multiple-length arithmetic operation performed in the coprocessor. So as to avoid bottlenecks occurring in the data transfer between a CPU and the coprocessor, two data banks are provided in the coprocessor for storing the data to be used in the arithmetic operation. By providing two banks in the coprocessor, it is possible to use one for transferring data while data stored in the other is being used in the arithmetic operation. When the operation using the stored data has been completed, the banks are switched, and the arithmetic operation is then repeated using the newly transferred data while at the same time conducting data transfer in readiness for the following operation.

Abstract: A multi-word arithmetic device, capable of executing a variety of types of multi-word arithmetic required for elliptic curve cryptology, includes the following. A memory 40, formed from two dual-port memories 41 and 42, temporarily stores n-word integers on which calculation is performed, and a calculation result. An arithmetic unit 20 executes two or more types of calculation, including addition and multiplication, on each word, and outputs a one-word result. A memory input/output unit 30 supplies a maximum of three pieces of one-word data from the memory 40 to the arithmetic unit 20, while simultaneously storing a one-word calculation result from the arithmetic unit 20 in the memory 40. A control unit 10 controls the arithmetic unit 20 and the memory input/output unit 30 so as to have the arithmetic unit execute one of modular addition and Montgomery reduction on n words.

Abstract: An RSA decryption apparatus that is used in an IC card or the like counters a differential fault attack. The RSA decryption apparatus computes at high speed a public key used in data verification, without having to obtain the public key from an external source. The RSA decryption apparatus includes a remainder computation unit 412 that calculates dp=d mod (p?1), and an inverse computation unit 414 that finds an inverse of dp over a residue field with p?1 as a modulus. The RSA decryption apparatus verifies a decipher text with use of the inverse of dp as the public key. The reduced bit count in inverse computation compared to if the inverse of d is found as the public key increases computing speed.

Abstract: A server 10 and a client 20 hold common secret information in respective secret information holding units 13 and 23. A server CRC unit 14 in the server 10 generates a CRC code after adding the secret information to communication data, and transmits the communication data with the CRC code attached. A client CRC unit 24 of the client 20 generates a CRC code after adding the secret information to communication data, and checks whether or not an error has occurred in the communication data on the communication path. Since the client 20 holds the secret information, the client 20 determines that an error has not occurred, and obtains the communication data. On the other hand, a router 30, which does not hold the secret information, is unable to obtain the communication data. This prevents the communication data from being transferred to devices outside an authorized domain.

Abstract: Provided is an elliptic curve exponentiation apparatus that can counter the DFA when an elliptic curve exponentiation technique is used. A computation result verification unit 127 receives, as a computation result, an exponentiation-result-point (X, Y) from an elliptic curve computation unit 124. The computation result verification unit 127 computes X3+a×X+b, and computes Y2, and outputs the received exponentiation-result-point when judging that Y2=X3+a×X+b, and does not output the received exponentiation-result-point when not judging that Y2=X3+a×X+b.

Abstract: An apparatus authentication system that includes a server apparatus and a client apparatus which perform a mutual authentication when a content is transmitted from the server apparatus to the client apparatus for use. The client apparatus receives challenge data from the server apparatus, generates signature data based on the received challenge data and a first password, and transmits the generated signature data. The server apparatus generates and transmits the challenge data, holds a second password in advance, receives the signature data from the client apparatus, performs an authentication of the received signature data using the challenge data and the second password, and if the authentication results in success, transmits an encrypted content to the client apparatus.

Abstract: In a set-up phase, the base station formulates the secret key S and holds it in secret. The secret information Si which are obtained by dividing the secret key S are distributed in secret to respective terminals 1 to 5 by using cryptographic communication means. In a preparatory phase, the base station 0 broadcasts the preparatory information C1(=gk modp), the exclusive information C2(=y5k modp), the ciphertext C3(=M×K modp), and the particular terminal number 5 to all terminals. In a key sharing phase, the terminal 1 calculates a product of C1{circumflex over ( )}(&lgr;(1, &Lgr;) modq) modp and C2{circumflex over ( )}(&lgr;(5, &Lgr;) modq) modp by using the preparatory information C1 and the exclusive information C2 to obtain K and then calculates M, which are common data to the base station 0, by dividing the ciphertext C3 by K. The terminals 2 to 4 execute similar calculations. As a result, the terminals 1 to 4 can share mutually the common data M.

Abstract: The conventional method of limiting the number of receiving apparatus has a problem that if the limited number of appliances is reduced to limit distribution to unspecified appliances outside a home, distribution to appliances in the home is limited unnecessarily. If the limited number of appliances is increased, distribution to appliances outside the home cannot be sufficiently limited. The invention provides at least one receiving apparatus, (e.g., digital television sets and PCs,) connected to a network and capable of receiving and using predetermined data, and a transmitting apparatus, (e.g., an AV server) for transmitting the data to the receiving apparatus via the network. Use of the data on the network is managed based on the transmission time required for transmission of predetermined information between the transmitting apparatus and the receiving apparatus.

Abstract: A content distribution system in which content transmission/reception is suppressed when there is a high risk of contents being stolen by a third party during communication. A content server acquires a communication distance indicating how far the content server is from a terminal in data communication. The content server conducts content transmission/reception when the communication distance is less than or equal to a predetermined value, and suppresses content transmission/reception when the communication distance exceeds the predetermined value.

Abstract: Disclosed is a group admission system having a client and a server that belongs to a closed group within which contents are available. The client determines whether it is permissible to request to join the group to be a member device thereof based on the number of groups that the client is in and the maximum number of groups that the client is permitted to be in. If permissible, the client transmits a registration request to the server with information unique to the client. The server determines whether to permit the client to join the group by registering with the server based on the number of member devices registered with the server and the maximum number of member devices registerable with the server. If it is permitted, the server registers the unique information, and transmits group identification information to the client. The client receives and stores the group identification information.

Abstract: A content protection system prevents illegal key acquisition, without checking uniqueness of device keys. The content protection system includes a key data generation apparatus and a user terminal. The key data generation apparatus converts first key data, which is for using content, based on a predetermined conversion rule, thereby generating second key data, encrypts the second key data using a device key held by valid terminals, and outputs the encrypted key data. The user terminal obtains the encrypted key data, decrypts the encrypted key data using a device key held by the user terminal, thereby generating second key data, converts the second key data based on a re-conversion rule corresponding to the conversion rule, thereby generating the first key data, and uses the content with use of the generated first key data.

Abstract: An information distribution system is composed of: an information distribution device that transmits advertisement information issued by an information provider; a communication terminal that receives the advertisement information and sends the received advertisement information to a memory card; the memory card that is portable and mountable on the communication terminal. The memory card is provided to the user at a cost borne by the information provider at least partly, and includes a storage unit having an area for storing advertisement information, a judging unit for judging whether the received advertisement in formation is issued by the information provider, and a writing unit for writing the received advertisement information if judged to be issued by the information provider. The information distribution system enables a memory card provider to provide a memory card to a user at no or lower cost than would otherwise be fully payable by the user.

Abstract: A multi-precision exponentiation method and apparatus for use in an encryption/decryption system is disclosed. The encryption/decryption operation uses a computer architecture that includes a central processing unit and a co-processor. The exponent may be represented by a binary data string. The method includes generating an initial look-up table that is indexed by a set of predetermined values. Each predetermined value represents the base raised to a respectively different exponential power. The co-processor calculates the base value raised to the exponent according to a predetermined exponential algorithm. The calculation includes retrieving a sequence of the predetermined values from the look-up table, each of the predetermined values corresponding to one of a plurality of sub-strings of the exponent data string.

Abstract: The present invention provides a password recovery system that re-supplies a password to only the legitimate user of the password. The password recovery system includes a memory card with CPU and a mobile phone. When a password needs to be recovered, a phone call is made, to the mobile phone, from a telephone connected to a phone line whose phone number is registered in advance into the memory card with CPU. The mobile phone then obtains the telephone number of the phone line via a caller's telephone number notifying service. It is judged whether the obtained telephone number and the registered phone number are the same, and when they are the same, the password stored in the memory card with CPU will be re-supplied so that the user can recover it.

Abstract: In a server, an echo-request transmitting unit 204 transmits echo-request data to a target device, and an echo-reply receiving unit 205 receives echo-reply data from the target device. A time measuring unit 206 measures, as the target time, the time required between transmission of the echo-request data and reception of the echo-reply data, and compares the target time with the reference time. In this way, the server judges whether the target device connected to its network belongs to a predetermined group.

Abstract: A content-duplication management system formed from a playback apparatus that requests and plays contents, and a content-duplication management apparatus that manages duplication and deletion of contents. The playback apparatus notifies group information of the playback apparatus to the content-duplication management apparatus, acquires information from the content-duplication management apparatus showing whether requests are permitted, and duplicates/deletes contents.

Abstract: A group formation/management system that rigidly sets the range of a group, and allows contents to be used freely among member devices in the group, the system including one or more registered member devices operable to hold common secret information unique to the group, a new member device operable to transmit a request for registration in the group and to receive and hold common secret information, and a group management device operable to receive the registration request from the new member device and, when the number of registered member devices is less than the maximum number of registerable member devices, to output the common secret information to the new member device. Furthermore, because member devices are authenticated using the common secret information when contents are to be used, and contents only delivered if the authentication is successful, it is possible to prevent member devices that do not hold the common secret information (i.e. unregistered member devices) from using contents.