Abstract: An enabling key block (EKB) used in an encrypted key distributing tree structure is generated by forming a simplified 2-branch or multi-branch type tree with a terminal node or leaf which is capable of decrypting on the basis of a key corresponding to a node or a leaf of the simplified tree. Further, the EKB includes a tag for indicating a position of an encrypted key in the tree. The tag not only discriminates position but also stores data for judging the presence of encrypted key data within the EKB. As such, a considerable reduction in data quantity is realized, and the decrypting process in a device is also simplified.

Abstract: A data processing apparatus includes an encrypting apparatus for encrypting data in units of an encryption block having a predetermined data length. A processing apparatus is also provided for performing predetermined processing on data in units of a processing block having a data length of a whole multiple of the predetermined length of the encryption block. A controller is also provided for writing the encrypted data in a storage medium so that the data positioned in the same encryption block is also positioned in the same processing block. The controller also reads the data from the storage means in units of the processing block when the data is to be read out.

Abstract: An information processing device includes: a local memory unit for storing data including an encrypted content; a memory for storing data including key information used to reproduce the encrypted content; and a data processing unit performing a process of writing data to the local memory unit and the memory, and a process of reproducing the encrypted content, wherein the data processing unit performs a process of writing encrypted content downloaded from a server or encrypted content copied from a medium to the local memory unit, and performs a process of decoding the encrypted content or a validity authenticating process using the data stored in the local memory unit and the data stored in the memory when reproducing the encrypted content written to the local memory unit.

Abstract: An information processing device includes: a local memory unit storing data including encrypted content; a memory storing data including key information to be used in a process of reproducing the encrypted content; and a data processing unit selectively reproducing encrypted content stored in a disk or the local memory unit, wherein the data processing unit reads a medium ID from the disk when the content to be reproduced is stored in the disk and reads a medium ID from the memory when the content to be reproduced is stored in the local memory unit.

Abstract: A configuration is provided which improves scrambling processing of content and eliminates unauthorized use of content. Scramble rules which differ for each content are used for content scrambling processing. For example, in the event of using shuffling processing, various shuffle states are specified as scramble rules. In the event of using Exclusive-OR processing, a value applicable to EXOR is specified as the scramble rule. Also, in the event of using rotation processing, a shift amount is specified as the scramble rule. In the event of using 32 shuffle elements in shuffling processing, 32! different shuffle states, that is to say, 32! different scramble rules can be specified. Also, the values for EXOR or the rotation shift amount can be set as various values, and many scramble rules can be set.

Abstract: An enabling key block (EKB) used in an encrypted key distributing tree structure is generated by forming a simplified 2-branch or multi-branch type tree with a terminal node or leaf which is capable of decrypting on the basis of a key corresponding to a node or a leaf of the Simplified tree. Further, the EKB includes a tag for indicating a position of an encrypted key in the tree. The tag not only discriminates position but also stores data for judging the presence of encrypted key data within the EKB. As such, a considerable reduction in data quantity is realized, and the decrypting process in a device is also simplified.

Abstract: To provide a configuration in which a unit classification number corresponding to a content playback path is set based on various units. A unit classification number defining a playback path of content including encrypted data having different variations generated by encrypting a segment portion which forms the content by using a plurality of segment keys and encrypted content generated by encrypting a non-segment portion by a unit key is set based on various units, such as a content management unit and an index. In a CPS unit key file storing key generating information concerning CPS units as content management units, settings of unit classification numbers are indicated. Based on the CPS unit key file, a unit classification number to which content to be played back belongs can be obtained.

Abstract: A data placement configuration which ensures seamless playback of contents having segment portions including multiple different variations of encrypted data is provided. With regard to contents having segment portions configured of multiple different variations of encrypted data to which individual segment keys have been applied, and non-segment portions serving as encrypted data to which a unit key has been applied, the placement of segment data and non-segment portion configuration data is determined such that the maximum jump distance executed at the time of playback processing is equal to or less than a maximum jump distance set beforehand. Data placement has been determined based on seek time, ECC block processing time, sequence key usage time which is key switchover time, and so forth.

Abstract: A content key, an authentication key, and a program data etc. are transmitted with an enabling key block (EKB) in an encrypted key constitution of a tree structure. The EKB has a constitution in which a device as a leaf of the tree holds a leaf key and a limited node key, and a specific enabling key block (EKB) is generated and distributed to a group specified by a specific node to limit devices that can be renewed. As the devices that do not belong to the group cannot perform decryption, the security for distributing keys etc. can be secured. Thus, distribution of various kinds of keys or data is executed in an encryption key constitution of a tree structure to realize an information processing system and method enabling to distribute data efficiently and safely.

Abstract: A virtual machine can be implemented by anyone because the interface and other information necessary for implementation are publicly available. Hence, if virtual machine is implemented maliciously, a program operating thereon can be made to operate maliciously instead of operating legitimately. By comparing secret information held in memory and specific to the virtual machine with verification information which a program holds itself, the program verifies that the virtual machine on which it is running has been legitimately implemented and excludes illegitimate virtual machines.

Abstract: An information processing system and method are disclosed in which information processing is performed in a highly efficient manner using an enabling key block (EKB) on the basis of a tree structure including category subtrees. A key tree is formed so as to include a plurality of subtrees serving as category trees categorized in accordance with categories and managed by category entities. An EKB includes data produced by selecting a path in a tree and encrypting a higher-level key in the selected path using a lower-level key in the selected path. The resultant EKB is provided to a device. Distribution of EKB's is managed on the basis of an EKB type definition list representing the correspondence between an EKB type identifier and one or more identification data identifying one or more category trees that can process an EKB of an EKB type specified by the EKB type identifier.

Abstract: A system and method are realized which enables valid use of content by preventing unauthorized use of content which is caused by rewriting rights data. A structure is employed in which rights data including use-restriction information on content and DRM data including an encrypted content key are recorded in a digital data recording medium (media), and in which an integrity check value (ICV) for the DRM data can be stored in a recordable/playable area (protected area) by using only a dedicated IC. EKB distribution is used to execute the tree-structure key distribution to distribute keys for generating ICV-generation verifying keys. In this structure, unauthorized use of content by rewriting of the rights data is prevented.

Abstract: An information receiving apparatus receives identification information and encrypted identification information and makes a comparison between them to allow prevention of illegal utilization of contents data. Also, a data storage apparatus can record contents data encrypted by a content key and the content key so that the contents data can be reproduced on other apparatuses to improve versatility. Moreover, a management apparatus can manage the contents data in the data storage apparatus to allow other apparatuses to utilize it. And also, an information regulating apparatus can verify a signature on available data to prevent illegal utilization of the contents data. Furthermore, the data storage apparatus can store the content key, its handling policies, the contents data encrypted by the content key and its license conditions information so as to safely provide the contents data. In addition, an information recording apparatus can select favorite contents data and store it on the data storage apparatus.

Abstract: An information receiving apparatus receives identification information and encrypted identification information and makes a comparison between them to allow prevention of illegal utilization of contents data. Also, a data storage apparatus can record contents data encrypted by a content key and the content key so that the contents data can be reproduced on other apparatuses to improve versatility. Moreover, a management apparatus can manage the contents data in the data storage apparatus to allow other apparatuses to utilize it. And also, an information regulating apparatus can verify a signature on available data to prevent illegal utilization of the contents data. Furthermore, the data storage apparatus can store the content key, its handling policies, the contents data encrypted by the content key and its license conditions information so as to safely provide the contents data. In addition, an information recording apparatus can select favorite contents data and store it on the data storage apparatus.

Abstract: An information processing device, information processing method and a recording medium are provided. Storage included in the information processing device is operable to store a node key and a leaf key, the leaf key being unique to the information processing device and the node key being unique to each node of a hierarchical network of nodes having a hierarchical tree structure. A decryption processor performs decryption processing to detect whether an encrypted decryption key for decrypting encrypted data is stored in at least one of on the information processing device or on a recording medium. When the encrypted decryption key is detected, the decryption processor is operable to calculate the decryption key by decrypting the encrypted decryption key. However, when the encrypted decryption key is not detected, the decryption processor is operable to calculate the decryption key by decrypting a key block using one of the one or more node keys stored in the storage and the leaf key stored in the storage.

Abstract: An information processing system and method are disclosed in which information processing is performed using an enabling key block (EKB) in association with a tree structure including category subtrees. A key tree is produced, which include subtrees that are grouped in accordance with categories and are managed by category entities. The EKB includes data produced by selecting a path in the key tree and encrypting a higher-level key in the selected path using a lower-level key in the selected path. The EKB is then provided to a device. A requester, which requests production of the EKB, may produce a root key or may request a key distribution center (KDC) to produce a root key. If the (KDC) produces the EKB, it may also request a category entity to produce a sub-EKB.

Abstract: A virtual machine can be implemented by anyone because the interface and other information necessary for implementation are publicly available. Therefore, it is possible that by implementing the virtual machine illegitimately, programs run thereon on will be made to operate illegitimately instead of legitimately. A program compares secret information held by the virtual machine with verification information held by the program itself. The program thereby verifies whether the virtual machine that runs the program is implemented legitimately, and is able to reject an illegitimate virtual machine.

Abstract: A method and apparatus for processing information, method and apparatus for manufacturing an information recording medium, an information recording medium, and a computer program are provided. An information processing apparatus for playing back a content recorded on an information recording medium and includes a data transform processor performing a substitution process on content member data recorded on the information recording medium. The data transform processor substitutes transform data as substitute data for the content member data in accordance with a fix-up table holding recording position information of the transform data.

Abstract: An information recording medium manufacturing method includes the steps of: determining an encryption mode of each sector, which serves as an encrypt processing unit; generating encrypted data having different variations by using a plurality of cryptographic keys for a segment portion; generating encrypted data by using a single cryptographic key for a non-segment portion; and recording the encrypted data. In determining the encryption mode, a cryptographic key for each sector is specified on the basis of an auxiliary file including determination information indicating whether each sector is data of a segment portion or data of a non-segment portion and identification information for identifying a segment and a variation associated with the sector if the sector is found to be the data of a segment portion. In generating the encrypted data for the segment portion or for the non-segment portion, the encrypted data is generated by using the specified cryptographic key.

Abstract: A configuration for achieving efficient content verification processing based on hash values is provided. Hash values of hash units set as segmented data of a content stored on an information storage medium are recorded in a content hash table and are stored on the information storage medium together with the content. An information processing apparatus for executing content playback executes hash-value comparison processing based on one or more randomly selected hash values. Regardless of the data amount of content, the configuration can perform hash-value determination and comparison processing based on hash units having a small amount of data, so that user equipment for executing content playback can perform efficient content verification.