Abstract: An information recording device uses a data storage device such as media having a built-in flash memory. When data is stored in the data storage device, different encryption keys are used for different sectors. Each encryption key is stored in the header of content. By using a single encryption key for a sector consisting of different blocks, the number of stored encryption keys is limited, and the amount of stored key data is reduced. In accordance with the type of encryption processing, for example, the single DES or the triple DES, one or at least two keys are selected for each sector in order to execute encryption or decryption processing on sector data.

Abstract: Identifiers for both media and contents which are difference categories are stored in a revocation list, and also version information is set. Further, the list is capable of being set up in a memory interface, and can be continuously used at the time of mounting media and at the time of reproducing contents. Upon reading out contents, the version of the revocation list which the device holds is verified, and in the event that the version of the revocation list held is older, reading out of contents is cancelled. Also, the configuration allows unauthorized contents and unauthorized media to be revoked by performing collation with a media identifier at the time of mounting media, and collation with a contents identifier at the time of using contents.

Abstract: A data processing apparatus a data processing method efficiently ascertain that data are valid, prevent encryption processing key data from leaking, eliminate illegal use of contents data, restrict contents utilization, apply a different plurality of data formats to contents and efficiently execute reproduction processing of compressed data. The verification process of partial data is executed by collating the integrity partial data as check values for a combination of partial data of a content, and the verification process of the entirety of the combination of partial data is executed by collating partial-integrity-check-value-verifying integrity check values that verify the combination of the partial integrity check values. Master keys to generate individual keys necessary for a process of such as data encryption are stored in the storage section and keys are generated as required. An illegal device list is stored in the header information of a content and referred to when data is used.

Abstract: A record reproducing player and save data processing methods capable of insuring security of save data are provided. Save data is stored in a recording device, encrypted with the use of a program's individual encryption key, e.g., a content key, or a save data encryption key created based the content key, and when reproducing the save data a decryption process is conducted on it with the use of the save data decryption key particular to the program. Furthermore, it is made possible to create save data encryption keys based on a variety of restriction information, such as performing the storing and reproducing of the save data by conducting encryption and decryption on the save data with the save data encryption keys and decryption keys created with the use of a record reproducing player's individual key or a user's password.

Abstract: A contents use right discrimination card corresponding to encrypted contents is sold to a user, who then transmits data recorded on the contents use right discrimination card to a contents use right management center. The contents use right management center then discriminates the contents and the card, based on data of the received contents use right discrimination card, to encrypt the contents key for decoding the contents with, for example, a session key, to transmit the encrypted contents key to the user. The contents use right discrimination card sold to the user can be set for enabling the resale, and can be transferred between different users so that the contents key can be transmitted plural times from the contents use right management center. This enables the contents to be utilized without executing on-line settlement processing.

Abstract: An information recording device includes a control unit and a memory interface unit. An ICV for each sector data of data to be stored in units of sectors is stored in the redundant part of each sector. An ECC and an ICV are stored in the redundant part of each sector, so that sector-unit ICV storage can be performed without reducing the storage capacity of the data part of the sector. processing that combines data parts by using the file system of a device can be performed similarly to conventional data combination processing that only combines data parts in which ones purely used as data are stored. The control unit does not have any load because only each sector which is regarded as valid (no interpolation) as a result of ICV checking is transmitted to the control unit, and the ICV checking is performed by the memory interface unit.

Abstract: A public key certificate issuing system is disclosed which comprises a certificate authority for issuing a public key certificate used by an entity, and a registration authority which, on receiving a public key certificate issuance request from any one of entities under jurisdiction thereof, transmits the received request to the certificate authority. The certificate authority, having a plurality of signature modules each executing a different signature algorithm, selects at least one of the plurality of signature modules in accordance with the public key certificate issuance request from the registration authority, and causes the selected signature module to attach a digital signature to message data constituting a public key certificate.

Abstract: The present invention provides a novel configuration which allows devices capable of processing different signature algorithms to mutually verify public key certificates. In this configuration, public key certificates storing plural signatures based on different signature algorithms such as RSA and ECC are issued and each device selects a signature which can be processed (namely, verified) by itself and verifies the selected signature.

Abstract: In a content delivery system, delivery of a content and charging for the fee of the content are performed and managed in a highly secure and effective fashion. If a content-purchasing request is transmitted from a user device to a shop server, a charging process is performed. If the charging process is successfully completed, the shop server transmits, to the user device, an encrypted content key in a form which can be decrypted by a key stored in the user device. A user device authentication server, which manages content delivery, converts an encrypted content key KpDAS(Kc) encrypted using a public key of the user device authentication server (DAS) into an encrypted content key KpDEV(Kc) encrypted using a public key KpDEV of the user device. Provided that the charging process has been successfully completed in response to the content-purchasing request, the shop server transmits the key-converted content key to the user device.

Abstract: A data processing device includes a memory interface (I/F) unit and a control unit. When accessing a data storage device such as a memory card having a built-in flash memory, the data processing device sets a block permission table (BPT) as an access permission table in the memory I/F unit, whereby only when the BPT permits a process to be executed does the memory I/F unit access the storage device, and the memory I/F unit does not execute a process when it is out of an allowable range. Regardless of a process type performed by the control unit and a command type, the memory I/F unit always accesses the storage device in accordance with the BPT set in the memory I/F unit. This effectively prevents the rewriting of data in rewrite-prevented recording media.

Abstract: Provided is a structure enabling dispersion of a load that is incurred by a public key certificate issuer authority or a registration authority. The structure has an issuer authority that issues a public key certificate and registration authorities each of which receives and examines a request for issuance of a public key certificate made by an end entity, wherein the registration authorities are hierarchically structured. Each of registration authorities of a hierarchical level manages registration authorities that rank immediately below or end entities. The registration authority receives a request for issuance of a public key certificate and examines it. This means that a load each registration authority must incur for processing is dispersed. One hierarchical structure of registration authorities is formed under any of various standards which stipulates a security policy, scalability, geographical classification, functional classification, or an organization.

Abstract: Between a data recording/playback device and a data storage device, CBC-mode encryption processing is executed which encrypts a plurality of encryption keys of content which correspond to sectors. The encrypted data is stored in a header corresponding to the content. The CBC-mode encryption processing is executed by using a storage key unique to media in which the content is stored. For using the content, only by decrypting the key data in media in which mutual authentication is established, the content can be used, so that highly-secure key storage is implemented.

Abstract: In a public key certificate using system, a template which serves as person identification data of a person requesting a public key certificate is obtained from a person identification certificate of the person, a person authentication is executed by comparing sampling information of the person against the template, and a public key certificate for the person is issued by a certificate authority on condition that the person authentication is established, thus reducing the load on the certificate authority for person authentication. The public key certificate issued to the user is deleted upon completion of a processing session involving use of the public key certificate, restricting the use of the public key certificate to the particular processing session.

Abstract: A person authentication system, a person authentication method, an information processing apparatus, and a program providing medium according to the present invention are provided to authenticate a person who uses an information apparatus in data communication.

Abstract: Disclosed are an information processing apparatus and an information processing method which execute person authentication and allows various services such as receiving of contents to be received, provided that the authentication is successfully passed. In the information processing apparatus for executing, by a connection to an external server providing various services such as contents transmission, a process such as receiving of contents, person authentication is executed by comparing a template acquired from a person identification certificate storing a template which is person identification data of a user using the information processing apparatus with sampling information input by the user, and a connection to the external server is executed provided that the authentication is successfully passed.

Abstract: A person identification certificate link system forms a link between a person identification certificate which stores a template serving as person identification data and which is generated by a person identification certificate authority and a public key certificate which stores a public key, thereby specifying one certificate based on the other certificate. With this arrangement, a cryptographic key to the template stored in the person identification certificate can be specified. It is also possible to quickly obtain a combination of the person identification certificate and the public key certificate which are both utilized in transaction with a service provider, thereby improving the processing efficiency.

Abstract: A content distribution is performed by a secure container including a content encrypted by a content key and container information set for a content transaction. The container information includes a person identification certificate identifiers list. Usage control status information including the list is generated and stored in a device during a secondary distribution among user devices after a primary distribution of the content. In the distribution among the user devices, identifying an identification certificate in reference to the list and performing a person authentication based on the identification certificate allows each of the user devices to use the transmitted content, when the authentication is affirmative.

Abstract: A person authentication system includes a person identification authority. In the system, a service provider, a user device, or the like performs person authentication by acquiring a template from a person identification certificate created by the person identification authority, which is a third-party agency. The person identification authority identifies a person who requests issue of the person identification certificate, creates and registers the person identification certificate. Furthermore, the person identification authority deletes and changes the person identification certificate and performs registration, addition, deletion, invalidation process, and re-validation process of the template stored in the person identification certificate.

Abstract: Disclosed are a person authentication system, a person authentication method, and an information processing apparatus which allow person authentication to be performed in an easy fashion in various devices by comparing a template serving as person identification data with sampling information input by a user. A service provider (SP) or user device (UD) executes person authentication by acquiring a template from a person identification certificate (IDC) generated by a third-party agency serving as a person identification certificate authority (IDA). The IDA acquires a template serving as identification data after verifying a person requesting an IDC to be issued, and generates the IDC storing template information. The IDA distributes the IDC having a digital signature of the IDA added thereto to the SP and the UD.

Abstract: An entity which executes person authentication such as a service provider (SP) and a user device (UC) receives a request for person authentication from an entity which requests person authentication. The entity which requests person authentication can vary in form. The entity which executes person authentication decrypts the template by using a person identification certificate that can be owned by the entity which executes person authentication or provided from the outside, compares the template with sampling information input by a user and notifies the entity which requests person authentication of the result of comparison. The data for person identification is provided as encrypted information that can be decrypted only by the entity which executes person authentication, thereby performing safe authentication in various locations or devices, while preventing the template information from leaking out.