Abstract: A data processing system, recording device, data processing method and program providing medium are provided to execute authentication processing and content storing processing between apparatuses. Program localization is employed to restrict access to program content. A plurality of key blocks store key data for authentication processing. Key block designation information is set in a recorder/reproducer, which is configured for executing authentication processing with the recording device by designating a key block. The recorder/reproducer can set a key block for each product, model or the like. In addition, data stored according to a selected key block cannot be utilized in a recorder/reproducer in which a different key block is set. Furthermore, an encryption processing controlling section of a recording device executes control in accordance with a pre-defined setting sequence.

Abstract: To provide a memory access control system in which partitions, which are divided memory areas generated in a device, can be independently managed. In response to access to the divided memory areas, which are a plurality of partitions, various types of access control tickets are issued under the management of each device or partition manager, and processing based on rules indicated in each ticket is performed in a memory-loaded device. A memory has a partition, which serves as a memory area managed by the partition manager, and a device manager management area managed by the device manager. Accordingly, partition authentication and device authentication can be executed according to either a public-key designation method or a common-key designation method.

Abstract: A data processing system, recording device, data processing method and program providing medium are provided to execute authentication processing and content storing processing between apparatuses. Program localization is employed to restrict access to program content. A plurality of key blocks store key data for authentication processing. Key block designation information is set in a recorder/reproducer, which is configured for executing authentication processing with the recording device by designating a key block. The recorder/reproducer can set a key block for each product, model or the like. In addition, data stored according to a selected key block cannot be utilized in a recorder/reproducer in which a different key block is set. Furthermore, an encryption processing controlling section of a recording device executes control in accordance with a pre-defined setting sequence.

Abstract: Disclosed herein is a device authentication system capable of authenticating devices efficiently using the common key system. When a CE device requests service offerings from a service server, the service server in turn requests the CE device to be authenticated by a device authentication server. Given the request, the CE device causes the device authentication server to perform device authentication on that device and transmits the result of the device authentication to the service server. Upon receipt of the device authentication result from the CE device, the service server causes the device authentication server to check that the authentication has been performed correctly and then starts offering services to the CE device. The CE device and device authentication server share a pass phrase, and each of the two parties checks that the other party indeed retains the pass phrase for mutual authentication.

Abstract: A content use rights discrimination card corresponding to encrypted content is sold to a user. The user transmits data recorded on the content use rights discrimination card to a content use rights management center. The content use rights management center then verifies the content and the card, based on data in the received content use rights discrimination card, to encrypt a decoding key for decoding the content together with, for example, a session key, to transmit the encrypted content key to the user. The content use rights discrimination card, when sold to the user, can be set for enabling resale and transferred between different users so that the decoding key can be transmitted plural times from the content use rights management center. This procedure enables content to be utilized without executing any on-line settlement processing.

Abstract: An information recording device includes a control unit and a memory interface unit. An ICV for each sector data of data to be stored in units of sectors is stored in the redundant part of each sector. An ECC and an ICV are stored in the redundant part of each sector, so that sector-unit ICV storage can be performed without reducing the storage capacity of the data part of the sector. processing that combines data parts by using the file system of a device can be performed similarly to conventional data combination processing that only combines data parts in which ones purely used as data are stored. The control unit does not have any load because only each sector which is regarded as valid (no interpolation) as a result of ICV checking is transmitted to the control unit, and the ICV checking is performed by the memory interface unit.

Abstract: An information processing apparatus utilizing encrypted information corresponding to content of purchased right, includes a memory for storing the encrypted information, usage control policy indicating content of purchased right and price tag for specifying price content corresponding to the content of the purchased right. A first generating device generates a usage control status including the purchase history of the information on the basis of the usage control policy and the price tag stored in the memory. A setting device sets usage history based on usage of the information to the usage control status. A second generating device calculates an accounting price and generates accounting information including the accounting price based on the purchase history or the usage history, and/or puts a limit on purchasable usage conditions based on the purchase history or the usage history on the occasion the right is purchased again on different format from the control policy.

Abstract: There is provided a highly secure cryptographic processing apparatus and method where an analysis difficulty is increased. In a Feistel type common key block encrypting process in which an SPN type F function having a nonlinear conversion section and a linear conversion section is repeatedly executed a plurality of rounds. The linear conversion process of an F function corresponding to each of the plurality of rounds is performed as a linear conversion process which employs an MDS (Maximum Distance Separable) matrix, and a linear conversion process is carried out which employs a different MDS matrix at least at each of consecutive odd number rounds and consecutive even number rounds. This structure makes it possible to increase the minimum number (a robustness index against a differential attack in common key block encryption) of the active S box in the entire encrypting function.

Abstract: A data processing device includes a memory interface (I/F) unit and a control unit. When accessing a data storage device such as a memory card having a built-in flash memory, the data processing device sets a block permission table (BPT) as an access permission table in the memory I/F unit, whereby only when the BPT permits a process to be executed does the memory I/F unit access the storage device, and the memory I/F unit does not execute a process when it is out of an allowable range. Regardless of a process type performed by the control unit and a command type, the memory I/F unit always accesses the storage device in accordance with the BPT set in the memory I/F unit. This effectively prevents the rewriting of data in rewrite-prevented recording media.

Abstract: Content may be used in the reduced price corresponding to the content purchase history or usage history. The purchase history for the A setting ID to UCSA is set to the “Purchase history”. For example, the number of times of reproduction is set thereto. When the number of times of reproduction is higher than the predetermined number of times, the predetermined usage format setting the reduced price may be selected. To the “Usage history” , the usage history such as the number of times of actual use of the content A is stored. When the number of times of use is higher then the predetermine value, the predetermined format setting the reduced price may be selected.

Abstract: Usage rights information indicating a license which is usage rights corresponding to contents is stored in a license storage device, and at the time of using the contents, the rights information is output from the license storage device to a contents using device and further transmitted to a contents distribution server, and legitimacy verification of the rights information is executed at the contents distribution server, such that contents corresponding to the rights information are transmitted to the contents using device. Thus, a device and method is realized whereby distribution of contents over a network and use thereof is enabled without detracting from safety and user convenience.

Abstract: A data processing system, recording device, data processing method and program providing medium are provided to execute authentication processing and content storing processing between apparatuses. Program localization is employed to restrict access to program content. A plurality of key blocks store key data for authentication processing. Key block designation information is set in a recorder/reproducer, which is configured for executing authentication processing with the recording device by designating a key block. The recorder/reproducer can set a key block for each product, model or the like. In addition, data stored according to a selected key block cannot be utilized in a recorder/reproducer in which a different key block is set. Furthermore, an encryption processing controlling section of a recording device executes control in accordance with a pre-defined setting sequence.

Abstract: To provide a data access management system that enables access control management for data files stored in a memory of a device. The system manages data access processing performed by an access unit for a memory-loaded device, and issues a service permission ticket (SPT), which serves as an access control ticket in which an access mode to be accepted for the access unit, such as a reader/writer, is set. The memory-loaded device receives the service permission ticket (SPT) from the access unit, and performs processing according to the access mode indicated in the service permission ticket (SPT). The service permission tickets (SPTs) in which access modes to be accepted for the access units are set are individually issued according to the access units. Accordingly, various modes of access according to the access units can be executed.

Abstract: To provide a memory access control system in which partitions, which are divided memory areas generated in a device, can be independently managed. In response to access to the divided memory areas, which are a plurality of partitions, various types of access control tickets are issued under the management of each device or partition manager, and processing based on rules indicated in each ticket is performed in a memory-loaded device. A memory has a partition, which serves as a memory area managed by the partition manager, and a device manager management area managed by the device manager. Accordingly, partition authentication and device authentication can be executed according to either a public-key designation method or a common-key designation method.

Abstract: A ticket issuer server for receiving purchase requests for contents transmits a ticket, storing a charges receiving entity identifier as contents charges information and data of distribution charges with regard to the charges receiving entity, to a user device, under the condition that billing processing for the contents purchase request of the user device has ended, and executes cashing processing based on receipt of the ticket from the user device. Also, contents purchase log data is collected according to updating processing of a public key certificate of the user device which purchases contents, and further, between entities executing data communication, attributes information is obtained from a public key certificate or attributes certificate of the entity which is the other party of communication, and attributes confirmation based on the obtained attributes information is performed, so processing in guise of another entity can be prevented.

Abstract: A data processing system, recording device, data processing method and program providing medium execute authentication processing and content storing processing between two apparatuses that execute data transfer taking into consideration utilization restraint of contents. A plurality of key blocks are formed which stores key data for authentication processing in a recording device, and key data of the plurality of key blocks is made data that is different for each block. Key block designation information is set in a recorder/reproducer, which is configured for executing authentication processing with the recording device by designating a key block. The recorder/reproducer can set a key block for each product, model or the like, and can easily set utilization restraint of contents in the reproducer.

Abstract: An information recording device uses a data storage device such as media having a built-in flash memory. When data is stored in the data storage device, different encryption keys are used for different sectors. Each encryption key is stored in the header of content. By using a single encryption key for a sector consisting of different blocks, the number of stored encryption keys is limited, and the amount of stored key data is reduced. In accordance with the type of encryption processing, for example, the single DES or the triple DES, one or at least two keys are selected for each sector in order to execute encryption or decryption processing on sector data.

Abstract: Identifiers for both media and contents which are difference categories are stored in a revocation list, and also version information is set. Further, the list is capable of being set up in a memory interface, and can be continuously used at the time of mounting media and at the time of reproducing contents. Upon reading out contents, the version of the revocation list which the device holds is verified, and in the event that the version of the revocation list held is older, reading out of contents is cancelled. Also, the configuration allows unauthorized contents and unauthorized media to be revoked by performing collation with a media identifier at the time of mounting media, and collation with a contents identifier at the time of using contents.

Abstract: A data processing apparatus a data processing method efficiently ascertain that data are valid, prevent encryption processing key data from leaking, eliminate illegal use of contents data, restrict contents utilization, apply a different plurality of data formats to contents and efficiently execute reproduction processing of compressed data. The verification process of partial data is executed by collating the integrity partial data as check values for a combination of partial data of a content, and the verification process of the entirety of the combination of partial data is executed by collating partial-integrity-check-value-verifying integrity check values that verify the combination of the partial integrity check values. Master keys to generate individual keys necessary for a process of such as data encryption are stored in the storage section and keys are generated as required. An illegal device list is stored in the header information of a content and referred to when data is used.

Abstract: A record reproducing player and save data processing methods capable of insuring security of save data are provided. Save data is stored in a recording device, encrypted with the use of a program's individual encryption key, e.g., a content key, or a save data encryption key created based the content key, and when reproducing the save data a decryption process is conducted on it with the use of the save data decryption key particular to the program. Furthermore, it is made possible to create save data encryption keys based on a variety of restriction information, such as performing the storing and reproducing of the save data by conducting encryption and decryption on the save data with the save data encryption keys and decryption keys created with the use of a record reproducing player's individual key or a user's password.