Abstract: A method and apparatus for encrypting data. The method includes assigning bits included in data units to a plurality of data blocks based on positions of the bits in the data units and encrypting the data blocks. The apparatus includes an assignment unit which assigns bits included in the data units to a plurality of data blocks based on positions of the bits in the data units; and an encryption unit which encrypts the data blocks.

Abstract: A method and apparatus for generating and updating a license for content and for providing content are provided. The method of generating a license includes generating license signature information for authenticating the license; generating use rule information for controlling the use of the content; generating authentication code information for authenticating a coupon for changing at least a portion of the use rule information; and generating key information required for decrypting the content.

Abstract: A method of revoking a public key of a content provider is provided. In a system in which a certificate authority certifies the public key of the content provider and the content provider transmits predetermined content to a user device using the certified public key, the method includes the user device determining whether the predetermined content is revoked by comparing a time when a signature of the public key is generated with a time when the public key is revoked. Accordingly, it is possible to allow the user device to identify content that must not be revoked according to the time when the public key is revoked and a revocation list which includes an exception list, thereby preventing rightly obtained content from being revoked.

Abstract: A method for transmitting content to a user device from a home server in a home network is provided. The method includes: receiving an allocated user public key and a user private key of a user to whom the home server belongs; generating an arbitrary session public key and a session private key, generating an encrypted session private key by encrypting the session private key using a device public key that is a public key of the user device, and transmitting the encrypted session private key to the user device; and transmitting the content encrypted using a predetermined content key and a content key encrypted using the session private key to the user device. According to the method, by binding the content to each user, instead of to each device, the content can be safely and conveniently shared.

Abstract: A method of receiving a session key in a home network and a method of reproducing content using the same. The method of receiving a session key from a home server in a home network, includes: (a) whenever one of members of the home network changes, receiving and storing the session key and a session version indicating a session key generation sequence; (b) receiving a license necessary for reproducing predetermined content; and (c) determining a session key necessary for reproducing the predetermined content based on an encoding session version (ESV), which is a session version extracted from the license, and the stored session version. A home server transmits a session key and a session version to a user device whenever a subscriber to a home network changes, and the user device determines a session key using the session version, thereby performing a variety of domain administration by freely transmitting content between user devices.

Abstract: An apparatus for receiving broadcast content is provided. The apparatus includes a receiving unit generating the broadcast content from a broadcast stream received from a content provider via a broadcast channel; a content encrypting unit encrypting the broadcast content using a content key; and a link generating unit generating a secure link to a user device by exchanging link messages with the user device, and transmitting the content key to the user device via one of the link messages even when the apparatus is not connected to a content provider. A first link message of the link messages includes one of a public key of the user device and a public key of the apparatus, and a second link message of the link messages includes one of a private key of the apparatus, a secret key of the apparatus, and a secret key of the user device.

Abstract: An apparatus and method for securely storing data. The apparatus for securely storing data in a predetermined device, includes: a key generator generating a protection key used to encrypt data based on a random number generated by inputting predetermined secret information in a predetermined random number generation function, and generation sequence information, which is information on a generation sequence of the random number, wherein the predetermined secret information is stored in a secure region, and the random number generation function can generate the protection key based on the generation sequence information and the secret information. As described above, the apparatus and method for storing data make it possible to securely store data even if the apparatus for storing data is replaced.

Abstract: Provided are an apparatus and method for storing data. The apparatus includes a directory key generator generating a directory key required for encrypting and decrypting the data by inputting a device-specific key to a key generating function, the device-specific key being unique information allocated to the device and stored in a secure region of the device. The data is stored in at least one directory, and the directory key is used in encrypting and decrypting the data in units of directories. Accordingly, it is possible to minimize consumption of resources required to encrypt and decrypt the data.

Abstract: A method of authenticating a device having its own device key allocated by an authentication server according to broadcast cryptography is disclosed. The method includes receiving a device identifier of the device and an encrypted device identifier generated by encrypting the device identifier with the device key; and examining whether or not the device identifier is identical to a decrypted device identifier generated by decrypting the encrypted device identifier with another device key corresponding to the device identifier. Therefore, it is possible to authenticate a device having its own device key allocated by an authentication server according to broadcast cryptography without using a separate public key structure.

Abstract: Disclosed are a method of multi-streaming encrypted contents stored in a storage medium to a second player during streaming the contents to a first player, and an apparatus using the same. The method includes: temporarily storing the encrypted contents streaming to the first player in a temporary storage medium; and streaming the stored contents to the second player in response to a multi-streaming command input by a user to the second player, wherein key generation information required to decrypt the encrypted contents is not stored in the temporary storage medium. It is possible to provide a multi-streaming with a copy protection through temporary storage, and also to reduce noise caused by rotation of the disc in the streaming apparatus.

Abstract: Provided are a system and a method for transmitting and receiving contents at home. The content service method includes: reconstructing encrypted compressed contents back into compressed contents by decrypting the encrypted compressed contents according to a first scheme; encrypting the reconstructed compressed contents according to a second scheme; and transmitting the encrypted compressed contents via a predetermined link. Therefore, the encrypting and decrypting of contents are easily supported without an encoding process in a content server terminal at home.

Abstract: A streaming apparatus and method that streams AV data to other devices and converts the recording time stamp into a streaming time stamp format, thereby simplifying the streaming process.

Abstract: A method and apparatus for restricting the use of a disc are provided. In this method, first, lead-in data is read out from a loaded disc. Then, a user key is read out from a lead-in area of the disc. Thereafter, the user key undergoes authentication based on a user key received from a host. The authentication is performed by comparing a random number produced by a disc drive with a decrypted random number obtained by the disc drive decrypting a random number encrypted by the host. Accordingly, the use of the disc by an unauthorized third person is restricted, thus preventing a leakage of personal information and a protection of the copyrights of data.

Abstract: Provided are a method of recording/reproducing data under control of a domain management system. The method includes extracting, from the write command, domain management information regarding the predetermined domain and contents, and copy control information specifying an extent of copying the contents within the predetermined domain; recording the extracted domain management information on the storage medium; generating a domain-bound flag that is used to determine whether the recording apparatus which records the contents on a storage medium is present in the predetermined domain, based on the extracted copy control information; and recording the domain-bound flag and the contents on the storage medium. Accordingly, it is possible to record contents, recording of which is limited within a predetermined domain, on a storage medium outside a slave under control of a domain management system, while preventing the contents from being reproduced within other domains.

Abstract: A data recording medium, a recording apparatus thereof, and an apparatus for providing contents having a function of securing personal anonymity similar to a prepaid card. The prepaid card type data recording medium includes a control information area on which is recorded coupon ID information for identifying the data recording medium and representing the authority for recording contents. In addition, marginal capacity information for indicating the maximum downloadable capacity of contents may further be recorded on the control information area. The apparatus for providing contents includes an authentication unit for authenticating personal identification information, and a contents upload unit for uploading predetermined contents to the data recording medium when the authentication is successful in the authentication unit.

Abstract: An apparatus and method for updating copy control information. The apparatus and method can update copy control information of input data with user-defined copy control information. The apparatus includes a copy control information detection unit, which detects copy control information from input data; a copy control information input unit, which receives user-defined copy control information from a user; and a copy control information update unit, which updates the copy control information of the input data with the user-defined copy control information. The copy control information update unit may update the copy control information of the input data with the user-defined copy control information only when the user-defined copy control information imposes a stricter restriction on copying the input data than the copy control information of the input data does.

Abstract: A method of assigning user keys for broadcast encryption. According to the method, at least one unit tree in which grandparent nodes, parent nodes, and son nodes are hierarchically connected is created. User keys created to identify lower-level nodes connected to all nodes of the tree are assigned as first user keys of the nodes for all nodes of the tree, and node identification user keys of the son nodes except for the son node included in the unit tree among node identification user keys that identifies son nodes included in unit trees are assigned as second user keys of the son nodes.

Abstract: Provided is a method of copying data stored in a first storage medium to a second storage medium. The method includes recording the encrypted data stored in the first storage medium on the second storage medium; reproducing a first content key, which is used to encrypt the encrypted data, using a first drive into which the first storage medium is loaded; encrypting the first content key; sending the encrypted first content key to a second drive into which the second storage medium is loaded; and recording the encrypted first content key on the second storage medium. In this method, encrypted data stored in a first storage medium is sent to a second storage medium via a host without decrypting the encrypted data, thereby preventing the data from being hacked or being accessed by unauthorized users and increasing a speed of copying the encrypted data.

Abstract: A method and apparatus for recording data on and/or reproducing data from a storage medium are provided. The recording apparatus includes an authenticating unit which authenticates a host, which transmits a write command to the apparatus, to verify whether the host is authentic; at least one job module which generates output information by processing the user data, which is included in the write command, based on disc information stored in the storage medium and device information stored in the apparatus, in response to the write command; a module selecting unit which selects the job module based on module selection information and sends the write command to the selected job module, when the host is determined to be authentic, the module selection information being contained in the write command and specifying the job module; and a recording unit which records the output information on the storage medium.

Abstract: A method of decrypting encrypted data includes reading decryption control information representing decryptability of the encrypted data from an information storage, and changing the decryption control information into a decryptable condition by using a decryption coupon stored in a decryption device if the decryption control information indicates an undecryptable condition. Decryptability is additionally established in copy control information to increase data safety, enable various interactions with users, and facilitate access controls of the contents.