Abstract: A controller is provided with a controller key and a first controller identification information unique to the controller. The controller generates a controller unique key unique to a respective controller based on the controller key and the first controller identification information, and a second controller identification information based on the first controller identification information. A decryptor decrypts the encrypted medium device key using the controller unique key to obtain a medium device key. An authentication/key exchange process unit performs authentication/key exchange process with the host device through an interface unit using the medium device key, the medium device key certificate and the second controller identification information to establish a secure channel.

Abstract: According to one embodiment, a method for authenticating a device, wherein the device holds secret identification information, encrypted secret identification information, and key management information, and an authenticator holds an identification key, the method includes reading, by the authenticator, the encrypted secret identification information and the key management information from the device, and obtaining, by the authenticator, a family key by using the key management information, the family key being capable of being decrypted with the identification key. The method further includes obtaining, by the authenticator, the secret identification information by decrypting the encrypted secret identification information with the family key.

Abstract: A device includes a first memory area being used to store a first key and unique secret identification information, the first memory area being restricted from being read and written from outside; a second memory area being used to store encrypted secret identification information generated by encrypting the secret identification information, the second memory area being allowed to be read-only from outside; a third memory area being readable and writable from outside; a first data generator configured to generate a second key by using the first key; a second data generator configured to generate a session key by using the second key; and a one-way function processor configured to generate an authentication information by processing the secret identification information with the session key in one-way function operation, wherein the encrypted secret identification information and the authentication information are output to outside.

Abstract: According to one embodiment, a device includes a storage and an authenticator. The storage includes a first area, a second area and a third area. The first area stores NKey and SecretID, the second area stores index information. E-SecretID is generated by SecretID. The third area stores FKB including information generated by FKey. The authenticator authenticates the external device. HKey is generated by an AES encryption calculating using NKey and HC. A SKey is generated by an AES encryption process using HKey and RN. A one-way conversion calculating is performed. E-SecretID, FKB and Oneway-ID are output to the external device. The index information is read from the second area.

Abstract: According to one embodiment, a manufacturing method of a device to be authenticated, wherein the device includes a first memory area which is prohibited from data-reading and data-writing after shipping from a memory vendor; a second memory area which is allowed to data-read from outside after shipping from the memory vendor; and a third memory area which is allowed to data-read and data-write from outside after sipping from the memory vendor.

Abstract: The data storage portion stores an encrypted medium device key Enc (Kcu, Kmd_i) generated by encrypting a medium device key (Kmd_i), a medium device key certificate (Certmedia), and encrypted content data generated by encrypting content data, the controller stores a controller key (Kc) and first controller identification information (IDcu), the information recording device being configured to execute, after being connected to an external host device, an one-way function calculation based on the controller key (Kc) and the first controller identification information (IDcu) to generate a controller unique key (Kcu) used when decrypting the encrypted medium device key Enc (Kcu, Kmd_i), and second controller identification information (IDcntr) used when decrypting the encrypted content data.

Abstract: The host device being configured to receive, from a key issuer who issued the medium device key (Kmd_i) and the medium device key certificate, a host device key (Khd_i) and a host device certificate (Certhost), the host device being configured to execute authentication with the information recording device using the host device key (Khd_i) and the host device certificate (Certhost), the host device being configured to receive second controller identification information (IDcntr) from the information recording device, the second controller identification information being generated by executing a one-way function calculation based on the controller key (Kc) and the first controller identification information (IDcu), and the host device being configured to decrypt the encrypted content data stored in the information recording device, in response to reception of the second controller identification information (IDcntr) from the information recording device.

Abstract: A data storage unit may store an encrypted medium device key Enc (Kcu, Kmd_i), and a medium device key certificate (Certmedia). A controller further includes: an information recording unit configured to store a controller key (Kc) and first controller identification information (IDcu). A key generation unit executes a one-way function calculation based on the controller key and the first controller identification information to generate a controller unique key (Kcu). An identification information generating unit executes a one-way function calculation based on on the controller key and the first controller identification information to generate second controller identification information (IDcntr). A key encryption unit encrypts the medium device key (Kmd_i) by the controller unique key (Kcu) to generate encrypted medium device key Enc (Kcu, Kmd_i).

Abstract: According to one embodiment, a device includes a second data generator configured to generate a session key (SKey) by encrypting a random number (RN) with the second key (HKey) in AES operation; a one-way function processor configured to generate an authentication information (Oneway-ID) by processing the secret identification information (SecretID) with the session key (SKey) in one-way function operation; and a data output interface configured to output the encrypted secret identification information (E-SecretID) and the authentication information (Oneway-ID) to outside of the device.

Abstract: According to one embodiment, a authentication method comprising: generating a second key by the first key, the first key being stored in a memory and being prohibited from being read from outside; generating a session key by the second key; generating first authentication information, the secret identification information stored in a memory and being prohibited from being read from outside; transmitting encrypted secret identification information to an external device and receiving second authentication information from the external device, the encrypted secret identification information stored in a memory and readable, the second authentication information generated based on the encrypted secret identification information; and determining whether the first authentication information and the second authentication information match.

Abstract: According to one embodiment, a manufacturing method of a device to be authenticated, wherein the device includes a first memory area which is prohibited from data-reading and data-writing after shipping from a memory vendor; a second memory area which is allowed to data-read from outside after shipping from the memory vendor; and a third memory area which is allowed to data-read and data-write from outside after sipping from the memory vendor.

Abstract: the medium being manufactured by a medium manufacturer, the medium manufacturer being supplied with the controller from a controller manufacturer, the medium manufacturer being supplied with the first encrypted medium device key Enc(Kc, Kmd_i) and the medium device key certificate (Certmedia) from a key manager, and being operative to record the second encrypted medium device key ENc(Kcu, Kmd_i) and the medium device key certificate (Certmedia) in the memory, wherein the memory is configured to store medium devide key certificate ID (IDm_cert).

Abstract: A device includes a first memory area being used to store a first key and unique secret identification information, the first memory area being restricted from being read and written from outside; a second memory area being used to store encrypted secret identification information generated by encrypting the secret identification information, the second memory area being allowed to be read-only from outside; a third memory area being readable and writable from outside; a first data generator configured to generate a second key by using the first key; a second data generator configured to generate a session key by using the second key; and a one-way function processor configured to generate an authentication information by processing the secret identification information with the session key in one-way function operation, wherein the encrypted secret identification information and the authentication information are output to outside.

Abstract: According to one embodiment, an authentication method comprising: generating a second key by the first key, the first key being stored in a memory and being prohibited from being read from outside; generating a session key by the second key; generating first authentication information, the secret identification information stored in a memory and being prohibited from being read from outside; transmitting encrypted secret identification information to an external device and receiving second authentication information from the external device, the encrypted secret identification information stored in a memory and readable, the second authentication information generated based on the encrypted secret identification information; and determining whether the first authentication information and the second authentication information match.

Abstract: According to one embodiment, a memory being used to store a host identification key, a host constant (HC), and a first key, the first key being generated based on the host constant (HC); a first generator configured to decrypt a family key block read from an external device with the host identification key to generate a family key; a second generator configured to decrypt encrypted secret identification information read from the external device with the family key to generate a secret identification information; a third generator configured to generate a random number; a fourth generator configured to generate a session key by using the first key and the random number; a fifth generator configured to generate a first authentication information by processing the secret identification information with the session key in one-way function operation

Abstract: According to one embodiment, a authentication method comprising: generating a second key by the first key, the first key being stored in a memory and being prohibited from being read from outside; generating a session key by the second key; generating first authentication information, the secret identification information stored in a memory and being prohibited from being read from outside; transmitting encrypted secret identification information to an external device and receiving second authentication information from the external device, the encrypted secret identification information stored in a memory and readable, the second authentication information generated based on the encrypted secret identification information; and determining whether the first authentication information and the second authentication information match.

Abstract: A device includes a first memory area being used to store a first key and secret identification information unique to the device; a second memory area being used to store encrypted secret identification information generated by encrypting the secret identification information; a first data generator configured to generate a second key by encrypting a host constant with the first key in AES operation; a second data generator configured to generate a session key by encrypting a random number with the second key in AES operation; a one-way function processor configured to generate an authentication information by processing the secret identification information with the session key in one-way function operation; and a data output interface configured to output the encrypted secret identification information and the authentication information to outside of the device.

Abstract: According to one embodiment, a device includes a memory area being used to store a first key (NKey), unique secret identification information (SecretID), and encrypted secret identification information (E-SecretID), the encrypted secret identification information (E-SecretID) being generated by encrypting the secret identification information (SecretID), the first key (NKey) and the secret identification information (SecretID) being prohibited from being read from outside, the encrypted secret identification information (E-SecretID) being readable from outside; a data generator configured to generate a session key (SKey) by using a second key (HKey), the second key (HKey) being generated based on the first key (NKey); and a one-way function processor configured to generate an authentication information by processing the secret identification information (SecretID) with the session key (SKey) in one-way function operation.

Abstract: According to one embodiment, a device includes a cell array including an ordinary area, a hidden area, and an identification information record area in which identification information which defines a condition for accessing the hidden area is recorded. An authentication circuit performs authentication. A sensing circuit recognizes information recorded in the identification information storage area, determines the information recorded in the identification information record area when an access request selects the hidden area, validates an access to the hidden area when determined that the identification information is recorded, and invalidates an access to the hidden area when determined that the identification information is not recorded.

Abstract: According to one embodiment, a device includes a cell array including an ordinary area, a hidden area, and an identification information record area in which identification information which defines a condition for accessing the hidden area is recorded. An authentication circuit performs authentication. A sensing circuit recognizes information recorded in the identification information storage area, determines the information recorded in the identification information record area when an access request selects the hidden area, validates an access to the hidden area when determined that the identification information is recorded, and invalidates an access to the hidden area when determined that the identification information is not recorded.