Abstract: The invention provides an enciphering apparatus and method, a deciphering apparatus and method and an information processing apparatus and method by which illegal copying can be prevented with certainty. Data enciphered by a 1394 interface of a DVD player is transmitted to a personal computer and a magneto-optical disk apparatus through a 1394 bus. In the magneto-optical disk apparatus with which a change to a function is open to a user, the received data is deciphered by a 1394 interface. In contrast, in the personal computer with which a change to a function is open to a user, the enciphered data is deciphered using a time variable key by a 1394 interface, and a result of the decipherment is further deciphered using a session key by an application section.

Abstract: A security module is provided in a data recording medium, data to be written to the data recording medium is encrypted with an content key different from one data to another, and the content key is safely stored in the security module. Also, the security module makes a mutual authentication using the public-key encryption technology with a drive unit to check that the counterpart is an authorized (licensed) unit, and then gives the content key to the counterpart, thereby preventing data from being leaked to any illegal (unlicensed) unit. Thus, it is possible to prevent copyrighted data such as movie, music, etc. from being copied illegally (against the wish of the copyrighter of the data).

Abstract: A data processing system, recording device, data processing method and program providing medium are provided to execute authentication processing and content storing processing between apparatuses. Program localization is employed to restrict access to program content. A plurality of key blocks store key data for authentication processing. Key block designation information is set in a recorder/reproducer, which is configured for executing authentication processing with the recording device by designating a key block. The recorder/reproducer can set a key block for each product, model or the like. In addition, data stored according to a selected key block cannot be utilized in a recorder/reproducer in which a different key block is set. Furthermore, an encryption processing controlling section of a recording device executes control in accordance with a pre-defined setting sequence.

Abstract: An information recording medium 1 is provided with: a user data recording part 3 which records user data; a random-pattern-information recording part 4 which records random pattern information from a random physical phenomenon; and an authentication data recording part 5 which records, as authentication data, medium identification information created on the basis of the random pattern information detected from the random-pattern-information recording part 4 and a digital signature for each manufacturer with respect to the medium identification information.

Abstract: Methods and apparatus for efficient revocation of receivers. In one implementation, a method of broadcast encryption includes: assigning a respective master key to each of a plurality of receivers, where each master key can be used to derive two or more of a plurality of sub keys; revoking one or more receivers, leaving one or more unrevoked receivers; for each master key of an unrevoked receiver, selecting the sub key that can be derived by that master key and derived by the most other master keys but not derived by a master key of any of the one or more revoked receivers; for each selected sub key, encrypting one ciphertext using that selected sub key; and sending the encrypted ciphertexts to the plurality of receivers.

Abstract: A security module is provided in a data recording medium, data to be written to the data recording medium is encrypted with an content key different from one data to another, and the content key is safely stored in the security module. Also, the security module makes a mutual authentication using the public-key encryption technology with a drive unit to check that the counterpart is an authorized (licensed) unit, and then gives the content key to the counterpart, thereby preventing data from being leaked to any illegal (unlicensed) unit. Thus, it is possible to prevent copyrighted data such as movie, music, etc. from being copied illegally (against the wish of the copyrighter of the data).

Abstract: An information processing system and method are disclosed in which information processing is performed in a highly efficient manner using an enabling key block (EKB) on the basis of a tree structure including category subtrees. A key tree is produced so as to include a plurality of subtrees that are grouped in accordance with categories and managed by category entities. An EKB is produced so as to include data produced by selecting a path in the key tree and encrypting an upper-level key in the selected path using a lower-level key in the selected path. The resultant EKB is provided to a device. If a change occurs in state of a category tree capable of processing an EKB identified in the EKB type definition list, a notification of the change in state is sent to an entity that uses the EKB thereby making it possible for an EKB requester to perform processing in accordance with a newest EKB.

Abstract: There is provided an information processing apparatus according to the invention including a bilinear map selection unit for selecting a bilinear map used for a predetermined operation, a group selection unit for selecting at least two types of groups G1 and G2 used in performing the operation, a determination parameter calculation unit for calculating a determination parameter including at least either one of a computation amount required for the predetermined operation and an information amount for the predetermined operation based on each of the selected at least two types of the groups, and a group decision unit for deciding a group used in performing the operation based on the determination parameter. The group decision unit exchanges contents of the groups G1 and G2 when the computation or information amount for the group G2 is more than that for the group G1.

Abstract: An enabling key block (EKB) used in an encrypted key distributing tree structure is generated by forming a simplified 2-branch or multi-branch type tree with a terminal node or leaf which is capable of decrypting on the basis of a key corresponding to a node or a leaf of the simplified tree. Further, the EKB includes a tag for indicating a position of an encrypted key in the tree. The tag not only discriminates position but also stores data for judging the presence of encrypted key data within the EKB. As such, a considerable reduction in data quantity is realized, and the decrypting process in a device is also simplified.

Abstract: A key providing apparatus for providing a key used for encryption or decryption of data to a predetermined terminal device is provided. The key providing apparatus includes an acquiring unit for acquiring a digraph formed by arranging at least one directional branch connecting the coordinate points on a coordinate axis having a plurality of coordinate points each corresponded with a subset representing a combination of a plurality of terminal devices, an extracting unit for extracting information of all the directional branches contained in the directional path connecting a starting point of the digraph and a predetermined coordinate point, and a key generation unit for generating a key corresponded to a subset to which a predetermined terminal deice belongs based on the digraph, where the information of the directional branch is provided to the predetermined terminal device.

Abstract: An information processing apparatus and method are provided. The information processing apparatus and method provides an attribute of a component which executes a process of reading data from an information recording medium is confirmed so that severe authentication corresponding to contents can be achieved. In authentication of a component which attempts to perform a process of data read from an information recording medium, it is confirmed whether or not an attribute of the component has a data process permission component attribute set in advance. For example, it is confirmed through the attribute confirmation whether the component is a hardware component or a software component, and only when the component is a hardware component, a process of the contents is permitted.

Abstract: There is provided an information processing unit enabling reduction of the number of keys to be held by a terminal unit and the amount of calculations necessary for decryption of encrypted data. The information processing unit configures an entire binary tree made up of n-number of leaf nodes, a root node and a plurality of intermediate nodes different from the root node and the leaf nodes and divides the entire tree into a plurality of base subtrees including n1/y number of leaf nodes to form a y-level (y is a divisor of log(n)) hierarchical structure, such that root nodes of the base subtrees at a lower level coincide with leaf nodes of the base subtree at an upper level. Further, it assigns subsets of the terminal units to nodes of the respective base subtrees and generates directed graphs where directed edges connecting coordinate points on a coordinate axis are set.

Abstract: A key generation device according to the present invention hierarchically constructs a Y-ary tree structure where n reception devices are assigned to leaves, and forms subgroups where individual intermediate nodes existing between the leaves and a root of the Y-ary tree structure are defined as parent nodes. By providing new parameters to the individual intermediate parameters, the subgroups can be formed flexibly. In a case where no excluded customer exists or the number of excluded customers is small, the size of a header to be delivered and the calculation amount of an operation that a customer needs to perform can be reduced.

Abstract: It relates to an information processing unit, a terminal unit, an information processing method, a key generation method and a program that enable reduction of the number of keys to be held by users and aims at providing an information processing unit capable of generating a directed-graph representing an encryption key generation logic to derive a set-key for encrypting a content or a content-key. The technique relates to a scheme that divides a set of user terminals into some subsets, allocates a set-key and an intermediate-key to each subset, and upon input of an intermediate-key correlated with a subset, outputs the set-key corresponding to the subset and the intermediate-key of the subset associated by the directed-edge. Further, it relates to a technique of replacing the directed-edge in the directed-graph with a shorter directed-edge. The effect of reducing the number of intermediate-keys held by each user is expected from the technique.

Abstract: A block key to encrypt block data is generated using an ATS (arrival time stamp) appended to each of TS (transport stream) packets included in a transport stream correspondingly to the arrival time of the TS packet. The ATS is a random data depending upon an arrival time, and so a block-unique key can be generated, which enhances the protection against data cryptanalysis. A block key is generated from a combination of an ATS with a key unique to a device, recording medium or the like such as a master key, disc-unique key, title-unique key or the like. Since an ATS is used to generate a block key, any area for storage of an encryption key for each block may not be provided in a recording medium.

Abstract: A data processing system, recording device, data processing method and program providing medium are provided to execute authentication processing and content storing processing between apparatuses. Program localization is employed to restrict access to program content. A plurality of key blocks store key data for authentication processing. Key block designation information is set in a recorder/reproducer, which is configured for executing authentication processing with the recording device by designating a key block. The recorder/reproducer can set a key block for each product, model or the like. In addition, data stored according to a selected key block cannot be utilized in a recorder/reproducer in which a different key block is set. Furthermore, an encryption processing controlling section of a recording device executes control in accordance with a pre-defined setting sequence.

Abstract: A user sends data for requesting a service provider to provide predetermined service and signature data created based upon the data to the service provider, the service provider calculates a fee based upon this data and requests a bank to collect the fee from the user. The bank informs the user of the fee requested from the service provider. When the user protests against the amount of the fee, the service provider discloses the data and signature data received from the user to the bank and when the bank judges based upon this signature data that this data is valid, it calculates a proper fee based upon this data and collects it from the user. As described above, it is enabled to collect a proper fee for service.

Abstract: A terminal device improved with a digraph generation method in a key distribution method of various types of broadcast encryption systems is provided. The terminal device includes an acquiring unit for acquiring information related to a set, which is selected from a plurality of sets representing a combination of a plurality of terminal devices, and which represents some or all of the plurality of terminal devices; an extracting unit for extracting the set contained in the information and to which it belongs; and a digraph generation unit for generating a directional branch for generating a key corresponding to the extracted set in a predetermined digraph formed by a plurality of directional branches.

Abstract: A recording or reproduction apparatus is provided which utilizes copyright information in operations to record content data onto a recording medium or reproduce content data from the recording medium. Copyright information for the contents includes information identifying an input source of the content data. The information identifying an input source is stored in the recording medium along with the content data. When the contents are reproduced from the recording medium, the input source information is acquired and used as a basis for determining whether the contents can be reproduced and output. Thus, it is possible to impose an output restriction on an operation to reproduce the contents in accordance with the input source.

Abstract: A data processing system, recording device, data processing method and program providing medium are provided to execute authentication processing and content storing processing between apparatuses. Program localization is employed to restrict access to program content. A plurality of key blocks store key data for authentication processing. Key block designation information is set in a recorder/reproducer, which is configured for executing authentication processing with the recording device by designating a key block. The recorder/reproducer can set a key block for each product, model or the like. In addition, data stored according to a selected key block cannot be utilized in a recorder/reproducer in which a different key block is set. Furthermore, an encryption processing controlling section of a recording device executes control in accordance with a pre-defined setting sequence.