TW432852B - Information access control system and method - Google Patents

Abstract

An information access control system and method which prevents un-authorized access from accessing the information. The apparatus includes a set top box which receives the information from a broadcast stream or recorded medium, or other source and a backend module. The set top box is paired with a conditional access module such that they have a shared secret key which is used to send communications to each other. A pirate attempting un-authorized access does not have the shared secret key and thus can not receive the communications. The apparatus and method further require that the set top box and the conditional access module follow one of a plurality of protocols in communicating with each other. A pirate attempting un-authorized access will not able to follow the protocols.

Description

Duty printing of employee cooperation of the Central Standards Bureau of the Ministry of Economic Affairs 432852, A7 ______ B7 V. Description of the invention (1) The invention relates to an information access system and method for preventing unauthorized access to information. An apparatus and method for using regenerable components to authorize access to information. The present invention is particularly related to a method and device for controlling interaction between a back-end module and a device to generate and process information. BACKGROUND OF THE INVENTION Preventing unauthorized access to information is an important issue in many applications. The present invention is generally about and providing an answer to this question. In some commercial applications, information, such as containing valuable audio or visual information, is intended to reduce the profit of the information provider by unauthorized access to that information, which is generally provided to various paying listeners and / or Audience. Although the following description sometimes uses sound / visual content as an example of the information to be provided, the present invention is not limited to this, but can be equally applied to any kind of information or content data from any source (such as sound and / or visual materials) , Or other kinds of information or executable building. An unauthorized accessor is an information stealer, which poses a serious threat to the information provider by inducing others to steal information. In particular, thieves generally sell stolen information at a lower price than legitimate information providers. Because the thieves use the basic structure of legitimate providers to access information, there is no need to invest resources to generate and disseminate information. This problem is exacerbated when stealers can copy and mass-produce low-cost components, which results in many users being able to access information without the authorization of a legitimate information provider. As a result, information providers have to use more expensive and complex designs to prevent unauthorized access to information content to prevent theft. -I--install ------ order ------ ^ f Jing first read the notes on the back ^ then fill out this page) 4 3 28 5 2 «! A7 _ ^ __ B7 V. Description of the invention ( 2) A method for controlling access to information requires the use of an IRD (Integrated Receiving Device) with a smart card as a security module. This method was performed by Fiat and Schamir of the Weizmann Academy of Sciences in Reh〇v〇t, Israel. The article titled "As the Light Proofs Itself: Identification and Signing Issues and Their Detailed Explanations" is proposed in the article, which uses a credit center to encode personal information and access-related secrets in a smart card. The smart card provides its identity to the authenticator (IRD), which in turn must know the secrets used to put information into the smart card. Although Fiat & Schamir's design is difficult to counterfeit the personal information of the card, when (and if so) the stealer has cracked the smart card used to prove the identity, it does not prevent the teaching of a large number of counterfeit cards. 3 (^ 3111 丨): U.S. Patent No. 4,748,688. Another method is disclosed in U.S. Patent No. 5,481,609 issued to Cohen et al., Which uses a smart card in the system to control access propagation transmission. Cohen uses a verifier function in the IRD To verify the authenticity of a smart card's secret learning action and blacklist action, to prevent previously detected illegal cards from being accessible again. However, as shown by those appearing in the blacklist action, Cohen's proposed system can work with anyone who is not present. The smart cards on the blacklist are talking, so they are vulnerable to a stolen card (or many stolen cards) that has not yet become blacklisted. In addition, the authentication process proposed by Cohen is triggered by a source of propagation. Ability to remove verification instructions from the propagation string, thus preventing the entire verification process. Another practical problem caused by using propagation sources to trigger the verification process is structural Therefore, it should be a regional decision (when and whether to challenge the smart card) into a system-level decision. Finally, the verification process in Cohen is not related to the change between the smart card and the validator. Therefore, the stealer can use a legal The card is verified, that is, it has the right to access the disseminated content, and it is connected to this paper standard It Financial Standards (CNS) Α Shu ^ (2) () > < 297 Please read · Back ©. Note item-Re% 装 Binding printed by the consumer consumption cooperative of the Central Economic and Technical Bureau of the Ministry of Economic Affairs -5- 4 328 5 2 · 1 5. Description of the invention (3 A7 B7 Employee consumption cooperation of the Central Economic and Technical Bureau of the Ministry of Economic Affairs printed by Du Duan Use a silk card to avoid being accessed by someone, that is, to avoid remembering that the access is always performed by a legitimate cardholder. This silk is used in this paper as an attack type called a pipe attack. Another security The method is disclosed in U.S. Patent No. 5,461,675, issued to Diehl et al., Which proposes correlating data between consecutive data packets so that it can detect when a packet has been removed. In particular, DieM proposes to notify when avoidance occurs Legal smart card. ' 'Stolen cards can ignore this type of information and thus be able to access the information in a stolen way. In another method proposed by US Patent No. 5,778,068 issued to Johnson et al., A processing device and a user device are judged ( It contains the storage device) whether it is authorized to interoperate. The method of JohnsOn in this example is to determine a user device (the device by referring to the provider device (the device generally corresponds to the back-end module in this example)) It generally corresponds to the video decoder), but 'this method cannot determine whether the provider device is valid, that is, whether the provider device is authorized to operate with the user device or the provider device. Therefore, the stealer can successfully reverse engineer and modify the provider device to break the security protocol in Johnson. More importantly, the stolen provider device will be generated in large numbers for distribution to the user. Another method is proposed in the U.S. patent granted to Peterson Jr., Peterson authorizes access via a smart card to transmit keyword information to the processor to allow the playback device to copy information from the recording medium. The system proposed by peters〇n uses public keywords held in the authorization center and secret keywords held by the card. However, there is no pairing operation between the card and the processor, so there is no secret key shared between the card and the processor. So if the thief becomes a success, please read and read it. © i 2 Binding Line 1- 0 " This paper size applies the Chinese National Standard (CNS) A4 specification (2 丨 OX297 mm)

432852JS A7 B7 V. Description of the invention U) The function of cracking the encryption mechanism can generate and widely distribute stolen cards and harm the information providers. In US Patent No. 5,448,045 to Clark, another method is proposed that uses a smart card to generate a secure boot application on a computer, and by using the smart card, the executable file to be executed by the computer can be verified. Smart cards and computers share secrets that are managed and placed by management, so smart cards and computers can perform—authorize operations. However, once the attacker breaks the password, the stolen smart card itself can pass the authorization. In addition, because the computer does not know the challenge of the card, the verification is renewable. Therefore, invalid cards can continue to be used. Finally, in U.S. Patent No. 5,802 ^ 176 issued to Audebert, another method was proposed in which a reusable card was used to control access to a special function on a computer. This is a transaction system in which the card is coordinated with the computer and the keywords are changed each time it is accessed. However, this method is limited to special functions to be accessed on the computer, and is not applicable to a system that deals with many different unpredictable functions / programs. For example, in information dissemination systems, that is, a system in which different programs (movies , Songs, articles, executable files, etc.) are all different functions. Therefore, there is a need for a method and system for rejecting stolen cards (PCR) to protect valuable information, a powerful method and system to meet the needs of a particular information provider, and to overcome the above disadvantages. Summary and purpose of the invention The purpose of the present invention is to prevent unauthorized access to information distributed by information providers. Another object of the present invention is to prevent stealers from enabling many people to provide Chinese papers with information from the information provided on this paper standard {CNS) A4 Specifications (210X29? Mm) Sang ---. »{Please read the notes on the back ^ before filling out this page} -Order. Printed by the Consumers' Cooperatives of the Bureau of Standards of the Ministry of Economic Affairs 4 328 5 2 A7 B7 V. Description of the Invention (5) The printers of the Consumer Cooperatives of the Central Standards Bureau of the Ministry of Economic Affairs get unauthorized access to information. Another object of the present invention is to allow information providers to flexibly choose multiple thefts according to the individual needs of the information providers. Anyone of the methods of card rejection is still another object of the present invention is to provide information only through an authorized receiving device and an authorized security device such as a conditional access module (CAM). Another object of the present invention is to provide information only through an authorized non- Reproducible devices and reproducible devices provide information. Another object of the present invention is to make non-reproducible devices reject a stolen regenerative device so that security information cannot be accessed. The purpose is to provide a method and device for requesting a receiving device and a security device such as CAM for users to access information via a shared secret. The object of the present invention is to provide a method and device for requesting a security device such as conditions The access module is paired with a receiving device and provides information only through the paired receiving and security device. In the concept of the present invention, an object is to prevent the information receiving device from effectively communicating with an unpaired CAM. In the present invention, In another concept, another object is to provide a method and device, in which a security device can verify the authenticity of a medium being accessed by a receiving device. In another concept of the present invention, an object is to provide a method and device to effectively To prevent thieves from interfering with the communication between the receiving device and the security device, the method is required to perform communication according to a specific protocol. -8-This paper size is suitable for financial affairs (CNS) Α4 secret (21GX297 mm, please first listen to S * Back of the item · Refill booklet A7 B7 V. Description of the invention (6) In another concept of the present invention, an object is to provide a method Method and device, which requires a receiving device and a security device to negotiate a shared secret and communicate with each other.-In order to achieve the above and other departments and in accordance with the purpose of the present invention (as implemented and broadly described herein), a method for implementing the present Invented device prevents unauthorized access to information, including-Reproducible devices to authorize non-reproducible devices to process information. Non-reproducible devices are paired with regenerable devices through a shared secret to enable non-reproducible devices and regenerable devices to communicate with each other. The reproducible device uses a shared secret and communicates with the non-reproducible device according to a preset protocol Xenon. Preferably, the information is encrypted rather than the regenerative device is included-the output is output to the regenerable device, and the regenerative device includes a decryption The logic decrypts the information and an output outputs the decrypted information to the non-reproducing device. Usually the information will contain a specific program (ie data or extensible) a so it is better to have at least one non-reproducible device and regenerable device contains-access window logic 'to generate an access time window for the preset period of the specific program , And the time window restricts access to specific programs. It is also preferable that the 'non-regenerative device includes a control logic to generate an inquiry message' and a proof logic to use the shared secret to prove the information contained in the inquiry message and the information contained in the response message to generate a non-regeneration Device certification message. The reproducible device preferably contains a proof logic, using a shared secret to prove the information contained in the inquiry message, and responding to the information in the message 'to generate a reproducible device certification message. The regenerative device preferably also includes a control logic operable to generate a response message and provide the non-reproducible device with the response message. The control logic of the non-recycling device is better to be more operable-9- This paper size is applicable to the Chinese National Standard (CNS) A4it grid (210X297 mm) -----_--- Μ — ^ — (Please read ^ · back first Please note that you need to fill in this page, and then fill out this page.) Printed by the Central Bureau of Standards of the Ministry of Economic Affairs, consumer cooperation, printed 1328 52. V. Description of the invention The proof message matches the non-reproducible device certification message 'and if the reproducible device certification message matches the non-reproducible device certification message, it is provided to the regenerable device in a specific program. Preferably, after the response message is provided to the non-reproducible device, the regenerable device That is to log in to access the information. Preferably, a recovery generator used to generate a random loop is combined with a non-regenerative device. Usually, the information is encrypted, and the non-regenerative device preferably includes a super decryption logic to supervise the super. Encrypted information 'and one-decryption logic to decrypt the information. Preferably, the' non-reproducible device contains a media certification logic to prove a medium, on which the information to be accessed is carried, and the reproducible device also Contains a media attestation logic to prove the media. In another concept, the invention includes a method for preventing unauthorized access to information in a system that includes a non-regenerative device with control logic and reproducible control logic. The method includes the following steps: pairing a non-regenerative device with a regenerable device; selectively certifying information exchanged between the non-regenerative device and the regenerable device based on information selected from the non-regenerative device and the regenerable device, And transmitting—certifying information; verifying the certification information in another non-recyclable device and regenerable device; and then authorizing access to the information. Preferably, the pairing step further includes: generating the ID of the non-recycling device; • 10 paper sizes Applicable to China National Standard (CNS) A4 specification (210X297mm) Please read% · Back, Note _ Notice 'Matters-No matter how expensive the binding is, Quan 43 28 52. A7 B7 V. Description of Invention (8) Central Ministry of Economic Affairs Standard Bureau employee consumer cooperatives print and generate IDs for renewable devices; generated based on IDs of non-renewable devices and IDs of renewable devices At least one certificate; and transmitting the at least one certificate to at least one non-reproducible device and a regenerable device. The non-reproducible device preferably includes a source device, such as a combination with a video decoder. The non-reproduced device also includes a sink device, usually The device consumes information. The system also includes a back-end system, and the pairing step preferably further includes: generating the ID of the non-regenerating device; _ judging the secret of the non-regenerating device in the back-end system based on the ID of the non-regenerating device Information; and transmitting secret information to the regenerable device. Preferably, each non-reproducible device and regenerable device includes a proof logic, and the step of selectively proving the message further includes: transmitting an inquiry message from the non-regenerable device to the regenerable device. ; Use a shared secret to prove the information contained in the inquiry message and the information in the response message 'hence a reproducible device certification message and the regenerative device generates a response message; use a shared secret to prove the information contained in the inquiry message And the information contained in the response message, thereby generating a non-reproducible device certification message; Verify that the reproducible device certification message matches the non-reproducible device certification message. In another concept, the present invention provides a method for preventing unauthorized access to information in a system. The system includes a non-recycling device with a control logic. The paper size is applicable to the Chinese National Standard (CNS) A4 specification (2I0X297). Dong) 432852 ·-V. Description of the invention (9) and renewable equipment with a control logic1. The method includes: transmitting a media query message from a reproducible device to a non-reproducible device; certifying that the information contained in the media query message and the information contained in the media response message are generated in the non-reproduced device, thereby generating a non-reproduced device Device media certification message; send media response message and non-reproduced split media certification message to reproducible device: prove the information contained in the media response message and the information contained in the media inquiry message in the reproducible device, thus generating renewable Device media certification information; and verifying the non-reproducible device media certification message with the reproducible device media certification message in the reproducible device. Preferably, the 'reproducible device includes a counter to generate a regenerable device count, which is included in the media inquiry message, and the method further includes: in a non-reproducible device, incrementing the regenerable device count by one; and In the regenerative device, the regenerative device count is incremented by one to complete the verification step. It is preferred that the reproducible device includes a random number generator for generating the reproducible device random number, which is included in the media inquiry message, and the method further includes: In the regenerative device, the regenerative device random number is incremented by one; and if the verification step is completed, the regenerable device random number is incremented in the regenerative device by one. In yet another concept, the present invention provides a system to prevent unauthorized deposits in the system. _____________ * 12-This paper size applies to Chinese National Standards (CNS > A4 · (21GX297)) Printed by the Employees' Cooperative of the Central Standards Bureau of the Ministry of Economic Affairs 4 3 2852. a? __________B7_ V. Description of the invention (10) Method for obtaining information 'The system includes a non-regenerating device and a renewable device. The method includes: (a) a sub-negotiation request from a non-regenerating device The device is transmitted to the regenerable device; (b) a challenge and status query is transmitted from the regenerative device to the non-reproducible device; (c) determining whether the non-reproducible device and the regenerable device are in password synchronization; and (d) if the non-reproducible device is If neither the regenerative device is in the password synchronization, return to step (a). _ Preferably, the method further includes the following steps. (E) Determine whether the non-reproducible device and the regenerable device are in packet synchronization; and (f ) When both the non-regenerative device and the regenerative device are in the process of synchronizing the packets, the information is provided to the reproducible device in the individually numbered packets. Preferably, the information is provided to a preset access view The regenerative device in the information providing step further includes verifying part of the information by the regenerable device in the default access window and receiving the information. In the following description, the additional purpose, advantages and novelty of the present invention will be partially described. Characteristics, and those skilled in this technology will also partially understand when reviewing the following description, or learn from the examples of the present invention that β can be implemented and combined with the tools and combinations specifically indicated in the scope of the attached patent application. The purpose and advantages of the present invention are obtained. Brief description of the drawings The drawings, which are part of this specification, illustrate several implementations of the present invention. 13- The paper size is applicable to the Chinese National Standard (CNS) A4 specification (210X29? Mm) 4 3 28 5 2.1 4 3 28 5 2.1 Printed A7 by Zhengong Consumer Cooperative of the Central Bureau of Quasi-Ministry of Economic Affairs ------ One-B7 V. Description of Invention (") ~ ~ ~ Example 'Cooperate with this description to explain this Principle of the invention β Fig. 1 is a block diagram of an embodiment of the present invention. Fig. 2 / Tiger diagram illustrates an embodiment of a one-way pairing operation according to the present invention, which is between the source and the certification conditional access module (cam) . image 3 The flow chart illustrates another embodiment of the one-way pairing operation between the source and the CAM. [Fig. 4] The flow chart illustrates the one-way pairing operation between the CAM and the proof. Example of a two-way pairing operation between cA] v [of a shared secret key. FIG. 6 is a flowchart illustrating an example of a two-way pairing operation between a source and a cam with a directly shared secret key. An embodiment of a two-way pairing operation between CAMs sharing a shared secret volume. Figure 8 illustrates a diagram of an embodiment of a two-way pairing operation between a CAM and a sink having a directly shared secret volume. Figure 9 is a diagram illustrating another embodiment of a two-way pairing operation between a CAM and a sink having a direct shared secret key. Fig. 10 is a block diagram of a first embodiment of a title-based stolen card rejection (PCR) architecture according to the present invention = > Fig. 11 is a flowchart illustrating the operation of the title-based PCR protocol according to the present invention. Fig. 12 is a flowchart illustrating another embodiment of a titled PCR protocol with a window inquiry operation. This paper size applies to China National Standard (CNS) A4 < 2 丨 〇X 297mm) ---- ^-丨 '--- ^ ------ 1T ------. 4. (Please read tt · Back of the Note赉 Refill this page} _ -14 -___ Printed by the Consumers' Cooperative of the Central Bureau of Standards of the Ministry of Education 4 3 28 52, 1 a? __ B7_ V. Description of the Invention (12) Figure 13 illustrates another implementation of the present invention For example, it has a metered title PCR architecture. The flowchart of FIG. 14 illustrates the operation of the metered header PCr protocol according to the present invention. The circle 15 flowchart illustrates the operation of the metered header PCR protocol with a credit request according to the present invention. Fig. 16 is a block diagram illustrating another embodiment of the present invention having a metered title type stolen card rejection (pCR) architecture with non-volatile memory (NVM) in the source. _ Fig. 17 is a block diagram illustrating the present invention. In another embodiment, a combined super-encryption / re-encryption and header are shown. FIG. 18 is a flowchart illustrating the operation of the super-encryption and re-encryption Pcr protocol. FIG. 19 is a block diagram illustrating another embodiment of the present invention. Encryption / re-encryption PCR architecture. The flowchart of FIG. 20 illustrates the operation of merging super-encryption / re-encryption PCR protocols. Block of FIG. 21 The figure illustrates another embodiment of the present invention having a proven media source architecture. The flowchart of FIG. 22 illustrates the operation of the proven media source agreement according to the present invention. The flowchart of FIG. 23 illustrates another aspect of the proven media source agreement according to the present invention. One operation. FIG. 24 is a block diagram illustrating another embodiment of the present invention, with a combined super-encryption / re-encryption header PCR and media certification architecture. FIG. 25 is a flowchart illustrating combined super-encryption / re-encryption according to the present invention. Title ____- 15- This paper size applies to Chinese National Standards (CNS > A4 now (210X297 mm)) ------- ^ --- Sliding -------- ΪΤ ----- -.4- mm-f Please read the ii on the back of the page and then fill in this page} 4 328 52. A7 B7 Shellfish consumer cooperation with the Central Bureau of Standards, Ministry of Economic Affairs. (13) The operation of the PCR and media certification protocol. Figure 26 is a block diagram illustrating another embodiment of the present invention, which has m (BBRAM) PCR, -nvm on -Video Decoder (STB), and CAM architecture There is a battery powered backup ram. Figure 27 is a flowchart illustrating the operation of the data pCR protocol, which There is an NVM on the cymbal and -BBRAM on the CAM. The same figure is used to indicate the same or similar elements in each figure. The structure and operation are understood from the drawings and the following description. Those skilled in the art can understand that the same in each figure The differences between the elements, structures and operations indicated by the numbers. Detailed Description of the Invention Reference will now be made in detail to the presently preferred embodiments of the present invention, and examples thereof will be described in the accompanying drawings. FIG. 1 is a simplified block diagram of an embodiment to illustrate a typical stolen card rejection (PCR) system according to the present invention. In FIG. 1 ... The conditional access module (CAM) conditionally authorizes access to information from the back-end system 700 through the video decoder (which includes the source and Shen Ze). Sources receive information from almost any system or source, such as data streams, broadcast streams, or readable storage media such as readable and / or green CD-ROMs, disks, or media. Examples of readable and / or recordable discs include (but are not limited to) cd4dvd discs, which contain digital sound and visual information such as movies and other information and executables. The term information used herein refers broadly to content data, such as sound and / or visual materials, as well as other sources and executable materials from any source. Similarly, a specific program or title in the information may contain content data such as who and how, or visual, data, as well as other data from any service, and the paper size is suitable-1 installed, please read on the back Intentional matters ^ really fill in this purchase) Order 4 3 28 5 2 .1 V. Description of the invention (14) A7 B7 Employees of the Central Standards Bureau, Ministry of Economic Affairs, consumer cooperation Du printed equipment source 200 contains custom circuits familiar to those skilled in the art to Receiving a data stream, a propagation stream, and / or custom circuits to retrieve information from a readable and / or recordable optical disc, magnetic disk or magnetic tape. This is done using any of the techniques familiar to those skilled in the art, examples of which may be Reference is made to U.S. Patent No. 5,48,609 issued to Cohen et al., And U.S. Patent No. 5,440,631 issued to Akiyama et al. = ≫ Operate Shen 300 to transfer assets into a visual and / or auditory acceptable form for use of Various known visual and / or sound display devices are used to display, or execute an executable file or process data. Taking a movie as an example, Shen 300 contains conventional circuits known to those skilled in the art to convert information into visual and sound information for display in visual and / or sound display systems. As for other applications, such as accessing executable files, the Shen 300 may be (or installed as) a general purpose computing device, for example. Although the source 200 and the Shen 300 are shown in FIG. 1 as separate devices, they may be combined into one device. And although the source 200 and the Shen 300 shown in FIG. 1 are part of the video decoder (STB) 100, either or both of them can be separated from the STB. The CAM 400 preferably includes an inexpensive module with decryption and better login capabilities. CAM 400 can decrypt information content (movies, songs, articles, executable files, etc.), or CAM 400 can decrypt a keyword to allow the device in video decoder 100 (it preferably contains source 200 or Shen 300) Decrypt information content. Alternatively, CAM 400 can authorize Source 200 and Shen 300 to access information. For example, the CAM 400 includes a set of pins 402 that can be inserted into a socket 102 mounted on a video decoder 100. In the description of the present invention, CAM 400 is considered as an example of a renewable safety device. Although the CAM 400 shown in FIG. 1 is outside the video decoder 100, it can also be included in the video decoder 100-17. This paper size applies the Chinese National Standard (CNS) A4 specification (210 X: 297 mm) -------- ^ --- install ------ 1T ------, fruit * «(Please read the ΐ ΐ ΐShi Fei on the back before filling this page) Central Standards of the Ministry of Economic Affairs扃 Printed by the employee consumer cooperative 4 3 28 5 2 .J A7 __B7 V. In the description of the invention (15) 'to require the video decoder 100 to be turned on to remove the CAM 400. It is best to perform the regeneration of the CAM 400 under the authorization of the information provider, and perform it on the basis of individual needs to replace the damaged CAM or steal the CAM, or perform it periodically to further prevent the stealing of the Cam 400 . Therefore, the PCR system according to the present invention is designed to be ' favorable to allow customers to replace CAMs for legal purposes in response to CAM failure, and to allow replacement and insertion of CAMs for reasons of safety and / or enhancement or improvement of operations. CAM 400 includes a microprocessor 400 or similar to enable it to perform decryption and registration (such as billing, management of access authorization records and other transaction information management) 'and, in some embodiments, may also Perform re-encryption. The Cam 400 preferably uses a certain combination of regional non-volatile memory 406 and (online or offline) services to connect to remote nodes to perform logins reliably. In some examples, the CAM 400 must retrieve this information ' from a local memory 406 or a remote file storage area for use by a non-reproducible playback device, i.e. the audio decoder 100. This frequency of reads and / or writes determines the efficiency of the non-reproducible memory used in the area compared to the remote file storage area (accessed via a modem or other device). As mentioned above, the 'CAM 400 utilizes the area storage element 406 which is located on the CAM 400 or in a related storage element. For example, it is located in the video decoder 100, and the storage element 202 or 302 is preferably a part of the source 200 or the Shen 300, respectively, or it is on another board or module of its own. The backend 700 (including a conditional access system) announces to the information user that information can be accessed, or otherwise handles registration. The backend 700 can directly provide (or not provide) information such as movies to the video decoder 100. For example, information users can obtain movies from a regional source (such as a DVD), which can only be registered at -------------- 18-This paper size is suitable for financial standards (CNS) A4im (210X297) Li) (Jing Xian read the back <. Note: Please fill in this page again.) .Shang_ order 4 3 28 52. at B7 Printed by the Shellfish Consumer Cooperative of the Central Standards Bureau of the Ministry of Economic Affairs 5. Description of the invention (16) Only access after access. This system is disclosed in commonly assigned US Patent No. 5,822,291, which is incorporated herein by reference. Assuming that at least a part of the source content is protected by encryption, a corresponding decryption procedure can be achieved by using a secret that can be used legally by CAM 400, which operates in accordance with backend 700. CAM 400 is preferably a regenerative device, which is controlled by the information provider or the guarantee authority, one or both of which may be part of the backend 700. For example, the guarantee authority may be an entity unrelated to the backend 700. Keywords used on CAM 400. Alternatively, the guarantee authority is the same entity as the back end 700, or is installed in the back end 700. Examples of assurance agency operations can be found in CCITT recommendation X.509 (1989). The video decoder 100 is preferably a non-reproducible device that can be owned or rented by the customer of the information provider. Because stealers can sell competitive (stolen) products at a lower cost than information sold by legitimate information providers, there is a need for a renewable that enables non-reproducible products (ie, video decoder 100) to reject theft. Product (ie CAM 400). Especially, the stolen card rejection (PCR) is most effective when the back-end system 700 is used, so the stealer must reduce the function of the CAM 400, so learn the universal secret of the CAM 400, and make the information receiving device such as a video decoder The reduced functionality of 100 may be achieved by changing the legal broadcast receiver or legal playback device. If the thief is unwilling (or unable) to reduce the function of individual CAMs to learn personal secrets or modify functions, such as playing green on individual CAMs, then the access system remains secure. In other words, PCR is most effective if the 2 possible restriction methods are easier and not economically acceptable. In addition, even a thief wants to establish a different -19- ---- ^-. 1 --- strict ------ 1T ------. ^ * (Please read the Note: Please fill in this page again.) This paper size applies to Chinese national standards (CNS > A4 size (210X2? 7mm). Printed by the Consumer Cooperatives of the Central Standards Bureau of the Ministry of Economic Affairs. ^ 328 5 2.1 A7 B7 17) The same video decoder device can still maintain security. This is assuming that it cannot do so on a large scale, not only because the establishment, distribution, and support of these devices are too expensive, but also because even legal video decoder devices Profits are also low. Therefore, a rational and economically driven stealer would prefer to build stolen CAMs rather than stolen playback devices. Therefore, the actual threat to the information provider comes from the stolen CAMs. To be explicit As an example of PCR, video decoder 100 will refuse communication from CAMs due to unauthorized communication. Explicit PCR enables the device to detect attempts to bypass the security check provided by CAM 400, and to reject communication from stealing CAMs And unauthorized. 'Taking the implicit PCR as an example, if you try to bypass CAM 400, the device cannot obtain an acceptable service level based on the uninterrupted and unbroken source material, because of the disruption or interruption in effective communication. In order to be an effective card stealing rejection module, a PCR system should Effectively reject various attacks, that is, an effective PCR system should be able to steal CAMs (pipe attacks) based on legal video decoder devices and stolen CAMs, legal video decoders and stolen video decoder devices. Fight against the use of legal CAM. The description of these solutions has nothing to do with whether the video decoder device can prove itself. For example, if a stolen version of a video decoder device itself proves that a legal CAM can be used to freely access information, it is safe In addition, in a pipeline attack, a legitimate CAM is used to enable a legitimate device to generate content bits, while a stolen CAM is used to decrypt these content bits. Another attack is to steal a legitimate video decoder on the stream Product, or can make CAM return to the video decoder stream. (Please read the precautions on the back before filling this page) -20- Standards are applicable to Chinese National Standards (CNS) Λ4 specifications (210X 297 mm) m852. A7 B7 V. Description of the invention (18) Printed by the Bayer Consumer Cooperative of the Central Standards Bureau of the Ministry of Economic Affairs. The use of pairing protocols enhances PCR efficiency and media source certification. Interface protection protocols can also be used. As described below, individualization can support the security attributes of these protocols. Those skilled in the art will understand the PCR system according to the present invention Contains any combination of pairing agreement, PCR agreement, interface protection agreement, and anti-theft technology. Therefore, to standardize security, any combination of multilayer agreements can be used. One such multilayer protocol that can be used, for example, is a one-way pairing of proven and proven CAM operations, with a titled PCR protocol. In particular, the choice of portfolio depends on the business goals of the information provider. This is a significant improvement over conventional systems, as many conventional devices rely on a secure system architecture and do not provide the flexibility of architecture choices required by business plans. The pairing and PCR protocols described below can counter the theft of video decoders or CAM's, as well as pipeline attacks and theft attacks, which are used separately. The detection of stealing is characterized by a partial replay of information generated by video decoder 100, which is in the field of the invention. In addition, real-time certification of video decoder 100, CAM 400, and media providing information can prevent users from accessing information on currently authorized media. Each CAM 400 is preferably individualized and matched with a special video decoder ιOO. Individualization refers to the fact that each CAM (or a smaller subset of CAMs) contains a secret, which is difficult to derive from the secret knowledge of other CAMs. It is obvious that compared to theft, the conditional access provider is essentially a CA1V [individualized in order to obtain these individualized secrets from the CAM. Each CAM 400 preferably also contains a universal keyword or a string of keywords for conditional access to information β 21-This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 publication) ---- ----; --- Meal ------ 1T ------ ^ • I ♦ (please read it on the back first) Note $ service and then fill out this page) A7 B7 ί 328 52 ： V. Description of the invention (19) The universal concept refers to the fact that the rapid dissemination and distribution agency will strictly limit the number of versions of the content, which can be disseminated or available at any time. Pairing The requirement of pairing prevents theft (which successfully reverse engineered a legitimate Cam) from mass-producing CAMs, which are source devices that use other users. Specifically, it is intended to prevent a derived CAM from successfully pairing with the source device (except for authorizing that the original CAM can be paired) ^ The back-end system 700 issues a pairing instruction 'to combine a source 200 with a downstream CAM 400 . Similarly, a pairing instruction can be issued to combine a CAM 400 and a downstream sink 300. The pairing is one-way, and only one of the two entities (such as a downstream entity) is a certifying entity (that is, an entity can then prove that communication to other entities is as if sent from there). To verify. This pairing can be used instead or in addition to allow encrypted communication to be directed to the attesting entity. A one-way pairing can be established by showing a proof common keyword to the entity, which thus effectively authorizes the entity to successfully communicate with an entity to have a corresponding secret keyword. The public key word of the certificate is displayed in order to clearly prove the combination of the public key word and the entity (its authorization is communicated by the public key word). One way to establish a two-way pair is by establishing two one-way pairs. The purpose of the pairing is to allow 2 real Zhaos to establish a shared secret 値. This can be achieved by using the public key word of the proof and the corresponding secret key word of the proof entity. If a shared secret key is established based on a single one-way pairing, the unidentified entity will hand over a common keyword to the corresponding secret key word it owns. This keyword pair can be generated on the device. Now it is in the device manufacturing process. 22- This paper size is applicable to China National Standard (CNS) A4 specification (210X297 mm). (This page) Printed by the Consumer Standards Cooperative of the Central Bureau of Standards of the Ministry of Economic Affairs. Printed by the Consumer Standards Cooperative of the Central Standards Bureau of the Ministry of Economics. 3 28 52 .1 A7-— __B7 _ V. Description of the invention (2) The relevant period is established. To establish a shared secret, two entities can use the function f as shown in US Patent No. 4,200,770, where f (ρυΒΚΕγ entity i, pRWKEY entity 2) = i (PUBKEY entity 2, PRIVKEY entity 1). In this example, entities such as entity 1 and entity 2 derive the shared secret 値 by applying the function f to the public keywords of other entities and their own secret keywords. Or use the public key word of the certificate to establish the shared secret in the cryptographic method (refer to US Patent No. 4,405,829 or the public key word encryption system and signature design based on discrete logarithms; T. E1 Gamal, Cryptographic Essence ( 1985)), where the shared secret can be selected directly from the entity performing the encryption. Or two-way pairing will directly lead to the establishment of a shared secret 値. In order to retain the desired pairing utility, the backend 700 or some other trusted authority may determine or verify the degree to which the different certified title of the rating is combined with a common public keyword. An entity can decide its own role before or after authorizing communication with a particular entity, which limits the number of significantly different entities that it will communicate with. Unpairing / Unauthorized ... According to the concept of the present invention, a digital symbol table and / or specific target unauthorized message can be issued to effectively remove intruders from the system. Specific target messages can be encrypted and / or uniquely authenticated in a known source 200, Shen 300 or CAM 400 device. In a passive unauthorized form, the termination of the pairing can be seen, for example, by checking the termination date of the zone information which is properly configured by the device. As described in detail below, if it is suitable to use a certificate to indicate pairing _ 23- This paper size applies to China National Standards (CNs) A4 (21〇X 297 mm) --------; --- Install ------. 玎 ----— * multiply 0-. (Please read the 'Notes 35- on the back side before filling out this page) η 3 28 5 2. ^ Α7 Β7 ------ -V. Description of the invention (21) The combination of the delayed system support delay 'where the pairing is at least-the concept cannot be verified immediately. The pairing can be used temporarily and later confirmed or rejected (ie, released or unauthorized) by the appropriate authority. Some of the embodiments of the pairing agreement in the following description use digital certificates, which connect related information with a single entity, as shown in the entity certification (information) operation, or prove by connecting related information of different entities, such as cross certification (Information) Operations shown β The results of these operations are entity certificates and cross-certificates, respectively. _ Generate certificates using knowledge of secretly signed keywords so that the relevant public verification keywords appear in the acceptable keyword string owned by the verification entity. Keywords can be built into a string by using certificates. It should be understood that the certificates in the following agreement include the signature on this article and the university itself (if required). In some examples, part of the text can be known separately by the verifier or transmitted to the verifier separately. The certificate also contains instructions for which public signature verification keywords should be used to verify the certificate. The conditional access system back-end 700 can generate a transfer certificate. An entity certificate can be generated by the conditional access system backend 700 or by an authority trusted by the backend. In the use of the agreement shown in the figure below, an ID is associated with an unproven entity. J can be generated randomly or pseudo-randomly during the pairing operation. The public key of the entity to be proven (if required by the conditional access system backend 700) can be addressed by the backend 700 by using the entity ID, or the communication with the backend 700 (preferably secure) can be understood as Part of the pairing operation. The secret keywords of the entity to be proven communicate with the entity in some cases (preferably -24- this paper size applies to China National Standards (CNS) A4 specifications (2 丨 0 > < Four 7mm ----: ---: --- install -------- ΪΤ ------ ^-(please read the > i intentions on the back before filling in this Page) The Central Standards Bureau of the Ministry of Economic Affairs, Jeonggong Consumer Cooperatives, India ’s Ministry of Economic Affairs, the Central Standards Bureau, and X Consumer Cooperatives ’Seals (5) Invention Description (22) is safe) as part of the pairing operation. The latter technology allows the backend 700 to dynamically allocate a shared common key to a given entity group 3. One of the two entities in the pairing may reject the pairing based on information received from other entities or from the backend 700. A typical architecture for performing the following pairing agreement operations is shown in Figure 17. Figures 2 to 9 illustrate the operation of the agreement by showing the parallel processing of the source 2000 'CAM 400 and the backend 700, and its various interactions. Those skilled in the art will understand that the information in the figure is sufficient, and the order of some steps may be changed without going beyond the spirit or scope of the present invention. Parallel line packet garden in the figure—the flow arrows, for example, are between source 200, CAM 400, and backend 700 (refer to step S205 ', step S213, step S207, step S2I5, and step S210 in FIG. 2), It is intended to describe a synchronous operation in which the receiving device must receive the message before processing (as shown by the flow arrow). Symbol description: When displayed between the arguments of the subroutine, the comma indicates the serialization of the data stream. The noun message itself is a concatenation of the sub-messages, and the symbol ㊉ represents a bit-wise exclusive OR of a bit stream of the same length. One-way Pairing of Source and Proof CAM Reference is now made to Figures 2 and 3 to illustrate the one-way pairing agreement of Source 200 and Prove CAM 400. In each agreement chart, for ease of understanding, similar steps in each agreement are indicated with similar reference numbers, but it should be understood that the actual implementation of these steps can actually be the same or different. As shown in Fig. 2, tf 'source 200 transmits a source id to CAM 400 (S201). After receiving the source ID (S204), the CAM 400 transmits a CAM and the source ID to the backend 700 (S205). After receiving the source z D, the back end 700 will be generated-delivery -25- This paper size is common to the Chinese National Standard (CNS) Please read and memorize it. Note-I- Binding

A 4 3 28 5 2 A7 B7 The Consumer Cooperative of the Central Standards Bureau of the Ministry of Economic Affairs prints the V. Invention Statement (23) and sends it to the CAM 400 (S211, S212, S213). Proof 値 (CAM-ID, Source-ID). The CAM 400 then transmits the cross-certificate to the source 200 (S202). The CAM 400 determines whether there is a regional entity certificate on the CAM 400 (S208). That is, in the entity certificate (CAm_ID, CAM_Pub), CAM-Pub is a common keyword of CAM. If the determination is yes, the CAM 400 transmits the regional entity certificate of the CAM 400 to the source 200, and the CAM 400 is paired with the source 200 (S210, S203). If the determination is negative, the CAM 400 receives a regional entity certificate from the backend 700, and if the backend 700 has a regional entity certificate of the CAM 400 (S209_, S215, S214). The CAM 400 transmits the regional entity certificate received from the backend 700 to the source 200, and the CAM 400 is paired with the source 200 (S210, S203). Alternatively, the above certificate is taken from the cross certificate (entity certificate (CAMJD, CAM Pub), Source_ID)) or the cross certificate (CAM_Pub, Source_ID). In the process of verifying the certificate, the source 200 in particular checks its calculated cross-certificate using its specific source ID. In this embodiment, it is assumed that the CAM 400 has the secret key CAM_Priv regardless of this agreement. If necessary, the CAM 400 transmits (once) the entity certificate to the source 200 (S210), regardless of whether the backend 700 can access the certificate, and then transmits it to the CAM 400. When CAM 400 checks a regional entity certificate, it checks if the version of its entity certificate is currently valid. If it is not valid, it can use the version (if any) of the entity certificate received from the backend 100. In another embodiment as shown in FIG. 3, the source 200 sends a source ID to 26- This paper size applies to China National Standard (CNS) A4 specification (210X297 mm) -----_-- ^- -^ ------ ΐτ ------ Φ (please read the back of ^, ^ -notes before filling in this page) 432852.1 A7 B7 V. Description of the invention (24) CAM 400 (S301) After receiving the source ID (S303), the CAM 400 transmits a CAM ID and the source ID to the backend 700 (S304, S308). The backend 700 generates a CAM hidden keyword, CAM_Priv, and a CAM common keyword, CAM_Pub, and generates a cross-certificate, that is, a back-end generates a cross-certificate (CAM_Pub, Scmrce_ID) (S309, S310). The backend 700 then transmits the CAM hidden keywords, CAM_Pdv to CAM 400 via a secure transmission (S3H, S305). The backend 700 also transmits the cross-certificate to the CAM 400, which in turn transmits the cross-certificate to the source 200 (S312, S306, S307, S302). CAM 400 is now paired with Source 200. _ In the embodiment of FIG. 3, it is assumed that the CAM secret keyword, CAM_Priv, is not in CAM 400 without regard to this agreement. Assume that there is a secure channel to secretly transmit the CAM secret key, CAM_Priv to CAM 400 from the backend 700. One-way Pairing of CAM and Proofer Shen Referring now to Figures 4 and 5, a one-way pairing agreement between CAM 400 and Proofer Shen 300 will be described. In FIG. 4, the Shen 300 transmits a Shen ID to the CAM 400 (S401). After receiving the Shen ID (S404), the CAM 400 transmits a CAM ID and a Shen ID to the backend 700 (S405, S410). Shen 300 determines whether there is a regional entity certificate (S402). If the determination is yes, Shen 300 transmits Shen 300's regional entity certificate to CAM 400 (S403, S406), that is, the entity certificate (Sink_ID, Sink_Pub), and Sink_Pub is Shen's public keyword. If the determination is negative, the agreement ends. CAM 400 then transmits the regional entity certificate of Shen 300 to backend 700 (S407, S411). The back end 700 judges whether it holds Shen 300's area-27- This paper size applies to China's National Standard (CNS) A4 specification (210X297 mm) ---- ^ --- ^ --- ^- ---- 1T ------ ^ »4 (Please read the note on the back of the page and like this page before filling out this page) The central standard of the Ministry of Economic Affairs printed for the Beigong Consumer Cooperative 4 32S52J 'Λ: _ B7 V. Description of the invention (25) An entity certificate, and if there is, determine whether the regional entity certificate held by the backend 700 replaces the regional entity certificate held by Shen 300 (S412, S413). If the determination in steps S412 and S413 is YES, the backend 700 transmits the regional entity certificate of Shen 300 held by the backend 700 (S414, S408) to the CAM 400. By the way, the backend 700 generates a crossover certificate (S415), that is, the backend generates a crossover certificate (Sink_ID, CAM_ID). The backend 700 then transmits the certificate to the CAM 400 (S416, S409), so that the CAM 400 and the Shen 300 are paired. If the CAM 400 receives the physical certificate from the Shen 300 in step S406, the physical certificate information includes the version, or the termination date, or the date of issue. In addition, in step S414, only the entity certificate or the sink public key Sink_Pub is transmitted. If Sink_Pub is transmitted, it should preferably be safely transmitted to CAM 400 to avoid undetected replacement. In addition, if an entity certificate (corresponding to a specific SinkJD) is held in the backend 700, it replaces the version received from CAM 400 from Shen 300 (based on the entity certificate information). Sink Pub), which is included in the transmission of Bulu S414. If the backend 700 does not receive the entity certificate information, the regional entity certificate (if any) is transmitted to the CAM 400. Alternatively, the above certificate is a cross-certificate (entity certificate (Sink_ID, Sink Pub), CAMjD), or a cross-certification (Sink_Pub, CAM_ID). In the process of verifying the certificate, CAM 400 especially uses its specific CAMJD to check the calculated delivery certificate. CAM 400 uses the latest entity certificate (if any) received from Shen 300 and / or backend 700. In another embodiment as shown in FIG. 5, Shen 300 transmits a Shen ID to CAM 400 (S51). After receiving the Shen ID (S502), CAM 400 transmits a -28. This paper size applies Chinese national standards (CNS) A4 Specifications (210 X 297 Public Love > IJI — IJ --— 11 —----- • * (Please read the _ Cautions on the reverse side before entering this page)) tSJ · Ministry of Economy Wisdom Printed by the Consumer Affairs Cooperative of the Property Bureau 4 3 23 52.1 A7 B7 Printed by the Shellfish Consumer Cooperative of the Central Government Bureau of the Ministry of Economic Affairs 5. Description of the invention (26) CAM ID and Shen ID to the back end 700 (S503, S506). The backend 700 uses Shen ID to query the common keyword Sink_Pub of Shen 300 (S507). The backend 700 then sends Sink_Pub to CAM 400, and CAM 400 is paired with Shen 300 (S508, S504). The source with the direct shared secret card is paired with the CAM bidirectionally. In this and the following two-way agreements, the shared secret card is transmitted from the backend 700 to the CAM 400 as an important part of the pairing operation. Reached between secure communication devices. If it is not already owned by another entity that is not related to the matching agreement, this secret should preferably be communicated from the backend 700 to the other entity via the CAM 400, so as to keep it secret on the channel between the CAM 400 and the other entity. This can be achieved, for example, by an encryption procedure in which another entity knows the corresponding decryption procedure. We use 値 (Source_Secret) SOURCE and 値 (Sink_Secret) s: to show the secret security version. The source 200 or Shen 300 does not know its secret regardless of the pairing agreement, because this can be dynamically determined by the backend 700. For example, if it is considered advantageous to authorize at least 2 CAMs to communicate with a single source (or sink), this method can be used to force the maintenance of different cryptographic identities. In FIG. 6, the source 200 transmits a source ID to the CAM 400, which transmits a source ID and a CAM ID to the back end 700 (S601, S602, S603, S605). Backend 700 uses source ID to query a source secret Source_Secret (S606), which is sent to CAM 400 via secure transmission (S607, S604). Although not shown in FIG. 6, if the source 200 does not know Source_Secret, the backend 700 will send (Source_Secret) St. Urce to the CAM 400. In either case, the CAM 400 is paired with the source 200. -29- --------- Choose clothes-(Please read # -Back < -Cautions before filling out this page) Binding paper / ^ degrees apply Chinese National Standard (〇 阳) 4 Grid (210 father 297 mm) Printed by Zhengong Consumer Cooperative, Central Samples Bureau of the Ministry of Economic Affairs ^ 3 ^ 852. A7 __B7__ V. Description of the invention (27) In another embodiment shown in FIG. 7, The source 200 transmits a source ID to the CAM 400, which transmits the source ID and the CAM ID to the back end 700 (S701, S703, S704'S708). The backend 700 generates a source secret source_Secret (S709), and transmits 値 Source_Secret to the CAM 400 via a secure transmission (S710, S705). The backend 700 then generates a (Source__Secret) source (S7) 1). In this embodiment, it is assumed that the source is unknown beforehand and the source is secret. The backend 700 then transmits (Source_Secret) S () un; e to the CAM 400, which transmits it to the source 200 (S712, S706, S707, S702). Therefore CAM 400 becomes paired with source 200. The CAM with the direct shared secret card is paired with Shen in both directions. Referring now to FIGS. 8 and 9, the CAM 400 with the directly shared secret key is paired with Shen 300 in two directions. In FIG. 8, the source 200 transmits a sink ID to the CAM 400, which transmits the sink ID and the CAM ID to the back end 700 (S801, S802, S803, S805). The backend 700 uses Shen ID to query a Shen secret Sink_Secret (S806), which is sent to the CAM 400 via a secure transmission (S807, S804). Although not shown in FIG. 8, if Shen 300 does not know Sink_Secret, the backend 700 transmits Sink_Secret Sint to CAM 400. In either case, CAM 400 will be paired with Shen 300. In another embodiment shown in FIG. 9, the Shen 300 transmits a Shen ID to the CAM 400, which transmits the Shen ID and the CAM ID to the back end 700 (S901, S903, S904'S908). The backend 700 generates a sink secret Sink_Secret (S909), and transmits Sink_Secret to the CAM 400 via a secure transmission (S910, S905). The back end 700 then generates a sink_Secret Sink (S9U). It is assumed in this embodiment that the source does not know the source secret in advance. Next, the back end 700 pass. ^; Install 111T-^ --- _ * (Please read the note on the back first, and then fill out this page) _—_____- 30- This standard is applicable to Chinese national standards (CNS ) A4 specification (210X297mm) 4328 52. A7 B7 V. Description of the invention (28) Send 値 (sink_secret) Sin々jCAM 4〇0, which sends it to Shen 300 (s9i2, 5906 4907, ^ 02 ^ Therefore CAM 400 becomes paired with Shen 300. One-way hash function (hash) A one-way hash function is a function that takes possible arbitrary length inputs (for example, length is bits) and maps the input to some-fixed The output of the preset length 'where the output is represented as a hash word or hash 値. The one-way concept of a function refers to its intended safety feature that is difficult to calculate with respect to reversal. F 丨 ps Function defined in SHA -1 is a common example of a hash function. You can also refer to "Security of Compression Coding" by author Seim G, Akl; the meaning of cryptography in the background description of the invention (I983 Password Forum). Keyword Derivation Function (KDF) A shared secret, although established between two entities, can be repeated by A keyword derivation function is extended. The keyword derivation function specifies the length of the shared secret 値. If this process is used by Diffle_Heiiman to generate the original, first shared secret 値, the length 値 is different from that specified by the keyword derivation function '2 Individuals can independently derive the second shared secret 値 of the specified length from the first 値. The shared secret 値 can be proved by pairing. The input of the KDF specifically includes the shared secret 値. Another input (represented by a KDF variable) is Is a counter that increments between KDF applications or random or pseudo-random 値, it is best not to use it repeatedly in subsequent KDF applications. The output is a hash word that is considered a keyword, or may be of different length Multiple keywords. Keywords can then be used in batch encryption methods such as data encryption standards. Keywords can also be used as the input of a subroutine to use proofs and encryption as defined below. KDF's input shared secrets. In some cases To maintain the constant, -31-This paper size is applicable to the Chinese National Standard (CNS) A4 specification (2IOX297 mm) ^; --- Withdrawal — (Please read the back first Please fill in this page and fill in this page) Order Λ Printed by the Consumer Standards Cooperative of the Central Standards Bureau of the Ministry of Economic Affairs and printed by the Cooperative Standards of the Ministry of Economic Affairs and the Consumers ’Cooperatives of the Central Standard Vehicle Bureau of the Ministry of Economics 4328 52. at ___ B7 V. Description of Invention (29) By, for example, periodically replacing the new shared key (generated by one of the 2 entities) with the new shared key to recover the input itself, it is best to use a random or pseudo-random number generation method. By using a proof defined below And the encryption subroutine can transfer the newly input shared secret key from the original entity to another entity, where the keywords are used as the proof and the encryption subroutine input is generated using the KDF with the current input shared secret key. In the following subroutine definitions, shared secrets may not be used, so there is no need to understand that they appear in the subroutine argument table. KDF (KDF variable) = Hash (KDF variable "shared secret 値, KDF variable) instruction proof function (proof). You can use a proof to prove an instruction of arbitrary length. Its function is similar to HMAC. You can refer to the keyword hash function of message proof. The author] Vi Bellare et al. 'Cryptographic Essence (Cryptographic Forum 1996), which uses nested hashing. Proof (KDF variable, message) = Hash96 (message, keyword) ㊉ keyword, where Hash96 represents the 96 most significant bits of the hash word Hash (message, keyword), and the result of the keyword and keyword is because Input KDF variables and get KDF. For example, if the function SHA-1 is used as a hash in KDF, the derived keywords can be the first 64 bits, and the keywords are 96 bits long. Specifically, the keywords are equal to the 64 least significant bits of the KDF (KDF variables), and the keywords are equal to the 96 most significant bits of the KDF (KDF variables). Because the message cannot be calculated from the result of the proof function, for example, -32- This paper size can be applied to the Chinese national standard (CNS M4 specification (210X297 mm) ----: ---: ----- (please first (Read the note on the back and fill out this page)

* ST 4328 52 A7 B7 is transmitted by full power, as described in V. Invention Description (30). Encryption method is used to separate the message as defined in general text or below. Encryption, Decryption, and Confirmation In the case of suppressing KDF variables, it is necessary to generate the KDF variable 受 which is the subjective keyword 値 assuming it is known 'or to negotiate between the two titles. The following definitions apply: Encryption (general text messages) = general information θ keywords = encrypted text messages decryption (encrypted text messages) = encrypted messages θ keywords = general text messages if and only if encryption (regional general text messages) matches The received encrypted text message 'confirms that the received encrypted text message is 眞. The acknowledgement is used by the receiving entity to ensure that the transmitting entity has the general knowledge in this document. If the other party suspects that this article is normal, it will break the security of this function. The actual application confirmation can be used in place of Hash (—general text) to replace the general text itself. The recipient did not detect proof that the confirmation message could not be changed before. Stolen Card Rejection (PCR) Agreements These agreements use the results of a pairing operation, whereby the source 200 and CAM 400 share a secret. This secret proves to the source 200 (explicit or hidden) CAM 400. Take the pairing of CAM 400 and Shen 300 as an example, they share another secret in order to prove Shen 300 to CAM 400. The agreed operating environment should preferably include the following states: 1) Setting information access: requesting playback: 2) Information access: status of requesting playback; 3) Ending information access: aborting playback with positive action 'set no more resources -33 This paper size applies to Chinese national standards (CNS > A4 now (210X297 mm) ---- ^ --- ^ ------ 1T ------. 41 (Please read t Note on the back then fill in this f) Printed by the Consumer Standards Cooperative of the Central Standards Bureau of the Ministry of Economic Affairs A7

Printed by Shelley Consumer Cooperative of the Shenyang Elevator Bureau of the Ministry of Economic Affairs 4 3 28 5 2 V. Description of the Invention (31) Information cannot be accessed before the information is accessed; 4) Clear information access: Related to ending information access, actions The processing of (if any) is after the playback is paused or suspended, if this happens, then the setting information access is resumed.

Caption PCR In the caption PCR embodiment, a customer is logged in by a customer who accesses an information time window, and then the customer is allowed to access information during that window. The protocol suitable for the time window is much longer than the information (for example, borrowing a movie for two days). 5 In this embodiment as shown in FIG. 10, the source 200 preferably includes: the information receiving / generating device 204'recovery generator 206, the source Control logic 208, proof logic 210 'and access window logic 212. The recovery generator generates an arbitrary 'recovery generator' such as a counter to generate a count, or a random number generator to generate a random number, where the counter can count up by any increment, or count by any decrement. Count down. Moreover, CAM 400 preferably includes CA (conditional access) decryption logic 408, timer 410, CAM control logic 412, certification logic 414, and access window 416. The access window logic 2 12 and 416 set a time length limit 'in the source 200 and the CAM 400, respectively, to allow the user to access a specific program. The operation of the embodiment of Fig. 10 is shown in the flowcharts of Figs. 11 and 12. Those skilled in the art will understand that the agreements in Figs. 丨 and 丨 are executed by the source control logic 208 and the CAM control logic 412, respectively. In FIG. 11, the source 200 provides the following message to the CAM 400, which includes a counter 自 from the recovery generator 206, and a program title to be accessed from the information receiving / generating device 204 (S 1101). The counter used 値 -34 of the previous message-This paper size is applicable to the Chinese National Standard (CNS) A4 specification (210X297 mm) ----- ^ --- ^ --- seed clothing ------ ίτ ------ ^ (please read and read this article on the reverse side before filling out this page) Printed by A7 B7, Shellfish Consumer Cooperative, Central Stairway Bureau of the Ministry of Economic Affairs 5. Description of invention (32) The counter is different. For example, the counter may be a random number from a random number generator that is reselected each time the protocol is executed, or a counter stored in non-volatile memory (NVM) that is incremented each time it is used. The CAM 400 uses the shared secret determined in the above-mentioned pairing operation to prove the message (S1109). The CAM 400 then sends the certified message back to the source 200 (S 1102 ′ S U 10), and then the source 200 also uses the shared secret determined in the above pairing operation to prove the message (S 1103). Both source 200 and CAM 400 reset the access window based on access window logic 212 and 416 in source 200 and CAM 400, respectively. CAM 400 then logs in to the user access (sm2), which can be used later by the backend 700 (not shown in Figure 10) to determine how much money should be charged to the user. The proof logic 2 10 (FIG. 10) in the source 200 verifies the proof message generated by the source 200 in step S1103 and the proof message (S j 105) generated by the move in step S1109. These proof messages should match because they each use the same common trial keyword. If the proof message does not match ', the source 200 ceases the agreement. If the proof message matches (verifies), the source 200 transmits the content of the desired program for access by the information receiving / generating device 204 in the source 200 to the CAM 400 (S1106, S1113). The CAM control logic 412 uses the CA decryption logic 408 in the CAM 400 to decrypt the received information (si 114), and the CAM 400 sends the decrypted information to the Shen 300 ', which is displayed to the user in a usable form (sm5, S 1 1 Π). Each source 200 and CAM 400 uses their own access window logic (212 and 416) to determine whether the access window has been terminated (011107, 51116). When each CAM 400 and source 200 independently determines that the access window in their respective memory has been terminated, it stops processing the information independently. _____- 35- This paper size applies to Chinese National Standard (CNS) A4 (2 丨 0X297mm) I— I u Binding I ^ *.. (Please read the ΐ · Implement on the back before filling this page) 4328 52 A7 B7 V. Description of the Invention (33) Because the above agreement will charge the user for the entire time window, the source 200 preferably asks CAM 400 whether the previously purchased window is still used. This inquiry is performed in the step of FIG. 12 before the step of FIG. 11. As shown in FIG. 12, the source 200 queries the CAM 400 for the remaining time of the program and a message including the counter and the title (S1201, S1207). The CAM 400 uses a timer 410 (Fig. 10) to determine the remaining time. The CAM 400 uses the proof logic 414 (Fig. 10) to prove the counter 値 and the actual remaining time (S1208), and returns the actual remaining time and the certified counter 値 to the source 200 (S1209, S1202) together with the actual remaining time. The source 2_00 uses the proof logic 206 to prove the counter and the remaining time (S1203), and then determines whether its proof matches the proof executed by CAM 400, that is, to verify the proof (s 1204) »If it matches, the source sets the remaining time to Yes (S1205), if the proof does not match, the source sets the remaining time to non (S1206). Therefore, for example, when the playback of a DVD disc has been interrupted, the user cannot be charged a second time. The proof of the title preferably confirms to the source 200 that the CAM 400 is logging in to access the information 'and that the information is being generated by the source 200. This authorized source generates 200 bits

Yuan D, the Central Bureau of Standards, Ministry of Economic Affairs, Shellfish Consumer Cooperative, -------- ^ --- ^-{Please read the 'Cautions on the back before filling this page) In playback mode, it is best to track multiple times and stop playback when the window is empty. This agreement is suitable when there is only a single paid window and the information must be played in that window, especially when the window is much larger than the actual broadcast information. This embodiment uses two parties (combining the source and sink devices) or three parties (the source and sink devices are separated), and / or a PC architecture. In addition, in this embodiment, the non-volatile memory 202 is not required in the source 200, but the source 200 preferably knows the title information '-36- This paper rule is against the General National Standard of China (CNS) (2.0 × 297 mm ) ≪ 32852. A7 B7 V. Description of the Invention (34) and restricting continued playback. From the beginning of the window, if the information traffic (ie total length) is used as a measurement instead of the playing time, then the metered title PCR is a more suitable protocol.

Metered-Title PCR Another PCR protocol is a metered-Title PCR, in which customers charge incrementally when they access information. Examples of this embodiment and examples of the agreements used by them are shown in Figs. Fig. 13 illustrates a preferred apparatus for performing the operations shown in Figs. It can be registered and charged according to the playing time or the total length of information access (ie bytes). _ Printed by the Consumers' Cooperative of the Central Bureau of Standards of the Ministry of Economic Affairs (please read the notes on the back before filling this page) In this embodiment shown in Figure I3, the source 200a preferably includes: information receiving / generating device 204a 'recovery generator 206a, source control logic 208a, certification logic 210a, and access window logic 212a, timing number 214a, and information meter 216a. The recovery generator 206a generates an arbitrary frame. The recovery generator 206a is a counter to generate a counting frame, or a random number generator to generate a random number. In addition, CAM 400a preferably includes: decryption logic 408a, timer 410a, CAM control logic 412a, certification logic 414a, access window logic 416a, and information meter 418a. The access window logics 212a and 416a in the sources 200a and CAM 400a respectively set time limits that allow the user to access a particular program. In addition, the information meter 216a and the information meter 218a preferably measure the amount of data by detecting the number of data packets containing information during the access process. Those skilled in the art should understand that information is transmitted in different data packets with numbers, and each packet can contain a preset amount of data. The timer 410a and the information meter 418a track the amount of information used and / or the amount of remaining windows. And those who are familiar with this technology should understand that the typical agreement points in Figures 14 and 15 are -37- This paper size is applicable to China's national operating rate (CNS) A4 specification (2 丨 0X297 mm) 4 3 28 5 2 Central standard of the Ministry of Economic Affairs Printed by the Bureau Shellfish Consumer Cooperative A7 B7 V. Description of the Invention (35) It is executed by the source control logic 208a and the CAM control logic 412a. In the embodiment of the agreement shown in FIG. 14, the source 200a provides a message to the CAM 400a, which includes: a recovery card generated by the recovery generator 206a, a program title to be accessed, and a playback window request (S 1401, S1408). A new playback window can extend a previously purchased but not fully used playback window. The CAM 400a uses the certification logic 414a to prove the message, and sends the certified message along with the processing window back to the source 200a (S1409, S1410, S1402). The source 200a also uses the proof logic 210a to prove the message (S1403), and uses the source control logic 208a to determine whether it matches the source certificate (S1404) to verify that the CAM certificate = the verification certificate of the CAM 400a indicates that the CAM 400a is in step. S1412 charges, or has accessed the new request window for green access. When verifying the message, the source 200a accesses the window (S1405) by a preset amount "play window J. Then, the source 200a sends information (its desired program to be accessed) from the information receiving / generating device 204a. To CAM 400a (S1406, S1413). CAM 400a uses decryption logic 408a to decrypt the information (S1414), and provides the decrypted information to the sink device and displays it to the user in a usable way (S1415, S1417). Each source 200a and CAM 400a uses its access window logic 212a and 416a and its information meters 216a and 418a to determine whether the access window has been terminated (S1407, S1416). Preferably, the access window logic 212a and the access window logic 416a The length of each set access window can be expressed by a period of time or a preset number of data packets. When expressed by a period of time, the timer 410a monitors the remaining access windows. If a preset number of data packets is used At the time of display, the number of data packets detected by the information meter 216a and the information meter 418a is -38-This paper size applies to the Chinese National Standard (CNS) M specification (210X297 mm) '' ----:-^ --- ^ ------ 1Τ ------ 0 (please read 'read the back ^ -note ^ -item before filling out this page) 432852. Central Standard of the Ministry of Economic Affairs Printed by Bureau Coconut Consumer Cooperative A7 B7 5. The invention description (36) carries the desired program information being accessed. Once the preset number of data packets has been detected, the source 200a and CAM 400a will stop processing. Therefore, use is allowed The user accesses the information until the CAM 400a or the source 200a determines that the access window has terminated. And at the end of the information playback, the 'source 200a or CAM 400a has an unused partial window', that is, unused credit, so as shown in Figure 5 It indicates that it requests the credit source 200a to provide a message to the CAM 400a, which includes: a credit request, and the message certificate includes incrementing the counter by one, and requesting credit (ie, requesting credit, proof (counter plus _ —, requesting credit)) sl5〇1, S1502). The CAM 400a uses the proof logic 414a to prove the request for credit and counter increment (S1503). Then the CAM 400a matches whether the proof performed by the proof logic 414a matches the proof performed by the proof logic 2 10a. Verify the certificate (S1504). If the certificate If it matches, it will verify that cam 400a logs in to the credit request (S1505). If it does not match, the agreement will stop. In addition, CAM 400a determines in this request whether to resume (connect to the latest counter) to request a playback window. A random frame is used instead of a counter frame (which requires a non-volatile memory 202), and the frame may be followed by the latest random frame incremented by one. CAM 400a stops processing information at this point, and source 200a stops generating information. The allowable credit is preferably requested by the lesser of CAM 400a and the source 200a based on its own information. If the CAM 400a only uses the tracked information to determine the user's expired credit, a legitimate source 200a can be used to broadcast the unlimited information that the CAM 400a stole. Similarly, if the CAM 400 only uses the information given by the source 200 to determine the user's expired credit, then the stolen source 200 can be used to play the ____- 39- _ This paper standard applies Chinese National Standard (CNS) A4. Specifications (2 丨 0X297mm) ~ (Please read the back page before filling out this page) Binding-Order Printed by the Male Standards Consumer Cooperative of the Central Standards Bureau of the Ministry of Economics 432852, A7 _______B7 V. Description of Invention (37) Law CAM 400 Unlimited information. Note that the ability of the source 200 to prove a credit request does not necessarily confirm that the source 200 is requesting the credit, and only the same device certified by cam 400 will make the request. Or 'if there is no incremental payment, this agreement may use the amount deducted from the single charge to cover a large window' to repay the previous debit window. For example, users will request 48 hours of actual information access. In this case, source 200a uses CAM 400a as a gauge of the total remaining length in the window, while source 200a reports its incremental total usage. The prepaid window is preferably divided into a number of checkpoints to correspond to other playback window requests1 and the source 200a is preferably to report the next checkpoint in advance. The source 200a reports to cam 400a each time it arrives at the checkpoint and sets up information access again each time. If the debit window is only a period of time during which the information is being accessed ', a titled PC R (as described above) is sufficient and simple, as no intermediate reporting is necessary. In this embodiment, 'whether the credit method or the debit method is used, the CAM 400a and the source 200a will track information access, and stop playing when the window is used up. If the CAM 400a does not track the amount of information accessed, a stolen source device can be used to play back information that is almost free of legitimate Cams. Similarly, if the source 200a does not track the amount of information used, the legitimate CAM will give an authorized window to the source 200a after the stolen CAM can decrypt unlimited information from the source 200a. Metered-title pCR with NVM (non-volatile memory) on the source device The embodiment shown in Figure 16 uses a protocol substantially the same as above, except that credit can be requested after power loss. According to the working cycle of the NVM 220b and 420b in the information meter 21 and the information meter 418b (including the battery __- 40- this paper size is applicable to China National Car (CNS) _A4) (210X297 public ^ ― ) _ --------- 1 --- XIANG ------ ^ ------ ^ * · (Please read the back. Note before filling out this page) ^ 32852. At B7 Economy The Ministry of Standards and Technology Administration of the People's Republic of China, Printed Bags of the Shellfish Consumer Cooperative, V. Description of the Invention (38) Powered RAM (BBRAM)), and decide how to update the information meters 218b and 418b from time to time, users should be charged almost all fees that should be charged The NVM 220b in the β information meter 2 16b is in the source 200b and the NVM in the information meter 418b of the CAM 400b, preferably with storage capacity, which is larger than the program to be accessed, executable files, etc. The actual amount of information. Super-encryption and re-encryption In the embodiment of Fig. 17 and the corresponding protocol shown in Fig. 18, effective reuse of the information stream can be prevented from being sent to and from CAM 400ce. For example, an attacker attempts to intercept the information flow between the source 200c and the CAM 400c, or between the CAM 400c and the Shen 300c. Although the data flow between source 200c and CAM 400c can be decrypted with general stealing CAM, this agreement is resistant to these attacks and allows the fine-tuning of payment details at will. In FIG. 17, the source 200c preferably includes a receiving / generating device 204c, a super-encryption logic 222c, and a source logic 208c. The super-encryption device 222c uses, for example, DES (Data Encryption Standard) FIPS Pub. 46-2 (1998) to encrypt information data (which is encrypted), thereby generating super-encrypted information. Moreover, the CAM 400c preferably includes super decryption logic 422c, conditional access decryption logic 408c, which is the same as the decryption logic 422c 'interface encryption logic 426c, and the CAM control logic 412c. Shen 300c contains interface decryption logic 304c to decrypt the re-encrypted information data from CAM 400c using a negotiated trial key. Shen 300c also contains Shen control logic 306c. The backend 700 interacts with the CAM 400c. A typical output device 500 is connected to the interface decryption logic 304c, although those skilled in the art will understand that the output device 500 can be integrated with Shen 300c. ----: --J --- ^ ------ 1T ------ Λ-. * (Read the "Notes on the back" before filling out this page) _ -41-This paper The dimensions are applicable to the Chinese National Standard (CNS) A4 specification (210X297). 02852. At _____ B7 Printed by the Bayer Consumer Cooperative of the Central Standards Bureau of the Ministry of Economic Affairs 5. Description of the invention (39) In the typical agreement of this embodiment shown in FIG. 18 , Source 200c々CAM400c provides the title of the program to be accessed (S1801, S1804). The CAM 400c preferably uses the title to find out the keywords (S1805) 'required in the information access process (such as decryption) and makes a registration input (or charge) (s1806). Source 200c uses super-encryption logic 222c to super-encrypt the protected information (S1802), preferably under the current trial key (which is shared with CAM 400c). This (string) trial keyword is established using a keyword derivation function with a contract as described above. Shen 300c transmits a Shen counter 値 to CAM 400c (S1814, S1807), which is used by Shen 300c and CAM 400c to derive a new negotiation keyword (S1815, S1808). The CAM 400c then receives the super-encrypted information data from the source 200c (S1803, S1809). The CAM 400c uses super encryption logic 422c to super decrypt the super encrypted information (S1810). CAM 4〇Oc then uses conditional access decryption logic 424c to decrypt the information itself (S1S11), and (: 8) ^ 4〇c uses interface encryption logic 420c to defer to 3〇c (s 1812) ) Re-encrypted information. Shen 300c receives the re-encrypted information from CAM 400c, and uses the negotiation keywords and interface decryption logic 304c to decrypt the re-encrypted information (S1813, S 18 16, S1817). Shen 300c can now process information data It is displayed to the user in a usable form, such as display on the output device 500. In step S1814, it is better to provide a counter 値 (sink counter) to the CAM 400c at the step S1814, which is provided by the Shen 300c and the CAM. 400c is used to derive the resumption keywords shared by Shen 300c and CAM 400c. Shen 300c preferably uses a new counter every time the agreement is re-executed. According to this embodiment, each time access Information programs can be accessed (not only for the first time), and the information can be accessed (or charged). And in this embodiment, Lai-42- this paper Λ degree applies Chinese National Standard (CNS) A4 ^ grid (210X297 mm) Ί ---_--- ^--* -(Please read the context on the back of the article before filling out this page) Booking Travel A7 B7 V. Invention Description (40) Source 200c uses a keyword to super-encrypt the protected information 'with (at least) a stable proof of CAM 400c is used as a preventive measure to prevent the theft of CAM reuse information. In addition, source 200c can introduce recovery keywords into super encryption for super encryption, thus changing the keywords used for super encryption to communicate with CAM 400c. Yu, it is better that the legal Shen 300c will reinstate the keywords into the trial, and the replay of the current information flow to Shen 300c will not be effectively decrypted by the Shen device. In addition, a bundle of intercepted information flows to the legal CAM 400c. Replaying will result in additional registration of access, so it is possible to detect theft or charge an additional access fee to the thief. In this embodiment, CAM 400c can log in with any one of the fineness ( Pay), and the video decoder 100e (source and / or Shen) does not need to know the login (pay) policy. Moreover, this embodiment can be used in two-party, three-party 'and, or PC architecture.

Combining Super-Encryption / Re-Encryption and Header-Type PCR The embodiment of FIG. 19 merges the attributes of header-type PCR and super-encryption / re-encryption. This understanding (Fig. 19) of the architecture implementing the agreement of the present invention roughly includes the merge of Figs. 10 and 17. For the purpose of FIG. 19, source 200d and CAM 400d include all the elements shown in source 200 and CAM 400 of FIG. Du printed by the Central Bureau of Standards, Ministry of Economic Affairs, Poverty Alleviation Cooperation (please read the note on the back ^ > and then fill out this page) In Figure 20, the source 200d provides a message to the CAM 400d, which includes the counter and Information title is the program to be accessed (S2001, S2006). The source 200d and the CAM 400d respectively use the certification logic 414d of the CAM 400d to provide independent certification information (S2007). The source 200d receives the proof message from the CAM 400d (S2008, S2002), while the proof logic 2Od of the source 200d verifies the proof message (S2003). If the certified information matches (S2004), then the source -43 This paper scale is applicable to the Chinese National Standard (CNS) A4 specification (210 X 297 mm) Printed by the Central Standard of the Ministry of Economic Affairs of the Cooperative Consumer Cooperative 432852 · at __B7__ 五 、 Description of the invention (41) 200d sends super-encrypted information to CAM 400d, where it is super-decrypted (S2005, S2012, S2013). The CAM 400d then uses the super decryption logic 422d (in a preferred embodiment, the super decryption logic 422d is the same as the conditional access decryption logic 408d) to decrypt the information (S2014). In step S2017, Shen 300d preferably provides a counter 値 (Sink counter) to CAM 400d, which is used by Shen 300d and CAM 400d to derive the recovery trial keywords shared by Shen 300d and CAM 400d (S2010, S20, 1, S2018 ). Shen 300d had better use the new counter in different information. CAM 400d uses the interface encryption logic 426d to re-encrypt the information in the code containing the negotiation key of Shen 300d (S2015) `` Shen 300d receives the re-encrypted information from CAM 400D and uses the consultation key and the interface decryption logic 3 〇4d to decrypt the re-encrypted information (S2020). Shen 300d is now able to process information data via, for example, output device 500 in a user-usable form. This embodiment makes use of the fact that the reason that it is proved to be potentially stronger than encryption is the consideration of high-speed data encryption and decryption implementation. Proving Media Source In the above embodiment, the PCR protocol cannot prevent the information stream from being replayed from the source to the CAM, because it cannot distinguish the information bit from the replay. In some commercial models, this is sufficient 'because this replay will lead to greening. However, if the model requires the CAM to see that the information stream is being generated by the source device 20 at the current playback time', then the agreement in Figure 22 may The architecture used in Figure 21 is used. In the embodiment of FIG. 21, 'the source 200e preferably includes an information receiving / generating device, a recovery generator 206e, and the source control logic 208e.' Proof logic _- 44 -____ This paper scale is applicable to China National Standards (CNS) A4 specifications (210X297 mm) (Please read the notes on the back before filling in this page) Printed by the Consumer Cooperatives of the Central Standards Bureau of the Ministry of Economic Affairs 4328 52. A7 _____B7__ V. Description of the invention (42) 210e, and media certification logic 224e . CAM 400e preferably includes a recovery generator 432e, CAM control logic 412e, certification logic 414e, and media certification logic 435e. The recovery generator 432e is a counter or a random number generator. The operation of the embodiment shown in FIG. 21 is as described in the flowchart of FIG. 22. The understanding shown in FIG. 22 is preferably performed by the source control logic 208e and the CAM control logic 412e, respectively. The source 200e preferably provides a message to the CAM 400e, which contains a counter 値 (source counter) from the recovery generator 206e (S2201, S2208). The recovery generator is preferably a counter in this embodiment. The CAM 400 uses the certification logic 412 to prove the message (S2209). CAM 400 also generates another counter 値 (CAM_counter, CAM counter) from the recovery generator 428e, and sends a certified message and 値 CAM_counter to the source 200e (S2210, S2202). The source 200e uses the proof logic 210e to prove the message (S 2 2 0 3). CAM 400d proves the message of the certificate and waits for the source 200d to respond (S2211). The recovery generator 206e is preferably a counter in this embodiment. When verifying the certification message (S2204) 'Source 200e sends another message to CAM 400e, including certification 値 CAM_counter and the title of the information to be accessed, such as programs, executable files, etc. (S2205, S2206), and the CAM counter (S2207)値 Increment. The CAM 400e verifies the message (S2U2, S2213) generated in step S2205 with the message proved in the CAM step S2211, and upon successful verification, the CAM 400e increments the CAM_counter (S2214) value and returns to step S2211. If the proof in step S2113 is NO, the CAM 400e refuses to further process the information. In the second agreement of FIG. 23, the recovery generator 432e in the CAM 400e is the most ___-45-This paper is in accordance with the applicable Chinese standard 隼 (CNS) Α4ϋ (21GX297 mm) ^ '-------- ^ --- ^ ------ 1T ------ ^ * (Please read the notes on the back before filling out this page) Printed by the Shellfish Consumer Cooperative, Central Procurement Bureau, Ministry of Economic Affairs 4328 52. A7 __B7_ 5 The invention description (43) is a random number generator. The CAM 400e supplies the random number of the recovery generator 432e to the source 200e (S2305, S2301). Both the source 200e and the CAM 400e prove the random number and the program to be accessed, and the title of the executable file, that is, the proof (random, title) (S2302, S2306). Source 200e passes the proof from proof logic 210e (52303) to CAM 400e (S2307) and increments the random number 値 (52304). During verification, the CAM 400e increments the random number (S2308, S2309), and the agreement continues. If the CAM 400e cannot verify the proof of the random number, it refuses to process the information. After transmitting the random number and title of the certificate to the CAM 400e in step S2303, the source 200e is about to increment the random number 値. Because the protocol shown in Figures 22 and 23 does not directly prove the information flow, but proves that the source 200e is accessing the information, it cannot be distinguished from a specific title (that is, the source 200e believes that it is accessing the information). Therefore, this agreement must be repeated during the information broadcast. The frequency of repetitions depends on the threat. For example, if the goal is to request playback from the original media, the agreement must be repeated a sufficient number of times to eliminate the need to take time to move media between the source device and the challenge. If the CAM 400e does not receive the desired proof message, it must continue to process the information decryption. The effectiveness of this agreement depends on the difficulty of generating a media theft and source device theft. It is difficult to steal source devices if the legitimate source device contains proprietary technology that prevents a thief from quickly mass-producing them. Alternatively, each legitimate source device has a verifiable secret, so each can use it to prove itself to CAM. Individualization of these secrets can be combined with paired use as a mandatory anti-theft agency. Combination of super encryption / re-encryption, title-based PCR, and media certification_-46- This paper size applies to China National Standard (CNS) A4 specification (210X297 mm) ----_--- ^ --- ^ ------ II ------ 0 (please read ^ -back < note before filling out this page) Employee Consumer Cooperatives, Central Standards Bureau, Ministry of Economic Affairs, India Zhen 3 28 5 2, 1 A7 __B7 _ V. Description of the Invention (44) The embodiment of FIG. 24 combines super-encryption / re-encryption with header PCR and media certification. The understanding of the architecture for implementing the agreement of this embodiment (as shown in FIG. 25) roughly includes a combination of the architectures shown in FIGS. 10, 17, and 21. For the purpose of FIG. 24, the sources 200f and CAM 400f include all the basic elements shown in the sources 200 and CAM 400 of FIG. 10, and all the basic elements of the sources 200c and CAM 400c of FIG. In the flowchart of FIG. 25, the source 200f provides a message to the CAM 400f including the source counter and the title of the program to be accessed (steps S2501, S2508). CAM 400f uses certification logic 414f to prove the message and provides the certified message to source 200f (S25 10). CAM jOOf also generates another counter 値 (CAM_counter) from the recovery generator (also known as CAM counter) 432, and transmits a certified message and 値 CAM_counter to the source 200f (S2510, S2502), and in this embodiment the recovery generator 206f is preferably a counter. CAM 400f uses the title to unlock information access and processing, such as decryption and registration input (S2511). Source 200f uses proof logic 210f to verify the authenticity of the message (S2504). If the verification is negative, the source 200f stops generating information and the agreement ends. Shen 300f sends a sink counter 値 (S2523, S2512) to CAM 400f, which is used by Shen 300f and CAM 400f to derive a negotiated trial keyword (S2513, S2524). When verifying the proof message (S2504), the source 200f sends another message to CAM 4〇Of, including the certificate of CAM_counter and the trial keyword evidence (S25〇5 'S25 丨 5). CAM 400f determines whether it matches The certification previously performed by the CAM 400f in step S25 14 to verify the certification of the message. If the verification is no, the CAM 400f stops processing the information and the agreement ends. If the verified information is verified __- 47 -___ This paper size applies Chinese National Standard (CNS) A4 (210x297 mm) I n II I- I-I 1 I.: nn I nn-·-{Please read first Note on the back, please fill in this page again) 4 Printed by the Central Bureau of Standards, Ministry of Economic Affairs, Shellfish Consumer Cooperative, 328 52 · at _____B7_V. Description of the invention (45) If yes, CAM 400f will restore the generator 432f such as CAM_counter ( S2517) Increment. Then CAM 400f receives super encrypted information data from source 200f (S2507, S2318). CAM 400f uses super decryption logic 422f to super decrypt the super encrypted information (S2S19). The CAM 400f uses the CA decryption logic 408f to decrypt the information itself (S2520), and then the interface decryption logic 426f re-encrypts the information with the Shen 300f (S2521) under the negotiation key. Shen 300f receives the re-encrypted information from CAM 400f (S2523, S2525), and uses negotiation keywords and interface decryption logic 306f to decrypt the re-encrypted information (S2526). Shen 300f can now organize information in a form that users can use. Although the protocol of this embodiment has been illustrated using a recovery generator 432 (which is in the form of a counter in CAM 400f) for proof, it can also use a random number generator in CAM 400f instead of CAM_counter in a manner similar to 21 and 23 described above. If the title block is omitted in this embodiment, the agreement is best to combine only super encryption / re-encryption and media certification. In addition, in this embodiment, the trial keyword evidence provided by the source 200f to the CAM 400f is preferably sufficient for the CAM. 400f reconfirmed that the source 200f knew the correct trial keyword β. For example, the trial keyword evidence can be a component of the trial keyword itself, a keyword function 'or other evidence belonging to the keyword. Reduced functionality. Data PCR with NVM (non-volatile memory) on STB and BBRAM (battery-powered RAM) on CAM Now refer to the flowchart of FIG. 2 * 7 to explain the operation of FIG. 26. This embodiment uses the non-volatile memory 1 丨 6 (NVM) and CAM-48 on the video decoder 100 (STB). This paper size is applicable to the Chinese National Standard (CNS) A4 specification (2 丨 〇 > < 297). ) ----: ---: --- ^ ------. Order ------ ^ • I '(Please read the intentions on the back before filling this page) 4 Cut 52 · 5 Printed by the Central Bureau of Standards, Ministry of Economic Affairs, Shellfish Consumer Cooperative, A7, B7, V. Invention Description (46) 406g of battery-powered RAM (BBRAM) on 400g. In addition, although the video decoder STB 100 includes a merged source and a sinker, the understanding STB 100 can also include only a source or a sink, while others are external to the STB 100. In this embodiment of FIG. 26, the STB 100 (which may be a combination of the source 200 and the Shen 300) preferably includes an information receiving / generating device 102, an index counter 104 in the NVM 116, a cryptographic logic device 106, The seed in STB logic device 108, keyword logic 110, and NVM 116 generates logic H2. In addition, CAM 400g preferably includes cryptographic logic 440g, index counter 442 in NVM 406g, keyword logic 446, and seed generation logic 448 in NVM 406g. The understanding shown in FIG. 27 is preferably performed by the STB control logic 108 and the CAM control logic 444, respectively. In the flowchart shown in FIG. 27, the stored map provides a negotiation message to the CAM 400 to establish a new shared secret card (seed) to prove the CAM 400g to the video decoder 100 (S2701, S2707). This message only occurs when CAM 400g and STB 100 are not password synchronized. The information provided by the information provider is best provided in discrete index information packets, while the STB 100 and CAM 400 both use the index counter 104 (preferably included in the NVM 116) and the index counter 442 (preferably included in the NVM 406g). Middle) Calculate the number of information packets provided in STB 100 and CAM 400g respectively. After the CAM 400g receives the message, the STB 100 and the CAM 400 must be synchronized according to their respective counts, that is, they start counting from the same packet. In step S2708, the CAM 400g provides a message to the STB 100, including challenge certification and encryption, and a status certificate (S2708, S2702). This status is _______- 49- _ This paper size is applicable to China National Standard (CNS) A4 (210X297 mm) -------- ^ --- ¾ ------ 1T --- --- d.. > (Please read the notes on the back before filling out this page) Printed by the Consumers' Cooperative of the Central Standards Bureau of the Ministry of Economic Affairs 4 3 2852 ·, at B7 V. Invention Description (47) STB 100 instructs it ( STB 100) whether it is still in cipher synchronization with CAM 400g (S2703), that is, password synchronization. In other words, determine whether CAM 400g and STB 100 still use the same trial keywords, that is, the status indicates whether to use the previously defined certification and Encrypt subprograms to complete certification and encryption. Proof of attack and encryption of pickle are best operated separately. From this challenge, the STB 100 can infer the packet index (that is, the challenge packet) that it must respond to. STB 100 also infers the packet index from this challenge, and must then send the resulting response (ie, the beginning of the response window, which follows the pick window). If the STB 100 determines that it is not a password synchronization, the agreement returns to step S2701. If STB 100 and CAM 400g are password synchronized, then step S2504 determines by STB 100 whether it is in packet synchronization with CAM 400g. If the STB 100 determines that it is not synchronized (S270), the STB 100 transmits a packet resynchronization certification request to the CAM 400g (S2706, S2709). If STB 100 and CAM 400g are in packet synchronization (S2704), the flow skips to step S2705, and STB 100 provides a certified response to CAM 400g (S2705, S2710). Proof responses are calculated from the challenged packet, and it is based on the message sent by STB 100 and the general text corresponding to the packet. CAM 400g then verifies the response to the certificate (S271 丨). If a response is received and verified during the response window, CAM 400g decrements the NACK counter by one. Control then returns to step S2708. The certification response in step S2705 is preferably not transmitted immediately after calculation. Conversely, it is not sent until the beginning of the response window, but it is best to send it before the end of the window. Alternatively, an encrypted response (not a certification response) is transmitted by the STB 100 at step S2705, in which case the CAM 400g uses a confirmation subroutine. In ___- 50 -__ This paper size applies to China National Standard (CNS) A4 specification (210X297 mm) I —II ^ n II. I 1111 Order — 111 Qi (please read the precautions on the back of Jing before filling in (This page) A7 B7 432852 V. Description of the invention (48) ^ is response encryption. In this case, HashB (response) can be used instead of% ^ „杳 When the challenge is transmitted, it starts to challenge the above window corresponding to several different indexes β δ * aa > lacking. Better, pick and shoot the packet window, and in response The window is starting to look forward ^ ^ ★ The full window is random. The challenge view index is in the challenge window, and it is best to wish ® i I η ▲, each time the agreement window of Figure 27 is executed, it is best to have a random length. It is defined by CAM 4〇gt $ Μ et β Η m ～ ΑΑ's longer length, although it should be defined as large as possible. The response video is preferably fixed enough to allow the STB 100 response to reliably transmit the CAM 4〇g ° CAM 400 sends its new challenge after responding to the window

Yes (if the same-response is calculated by CAM 400), then this challenge acknowledges the response provided by STB 100. ’If STB 100 is unsatisfied with the received and predicted picks’, then STB 100 will suspend the transmission of information packets. It is better not to send packets to CAM 400g and not to directly release packets returned from CAM 400g. In addition to the start of the challenge packet and response window, STB 100 also infers RDM from the challenge. Use 値 RDM to prove and encrypt subsequent messages, that is, 値 RDM becomes the trial keyword used instead of the negotiated trial key. Preferably, the first trial keyword proves to the STB 100 that CAM 400g 'and the subsequent trial keywords confirm to the STB 100 that it is still communicating with the CAM 400g, and confirms to the CAM 400g that it is still communicating with the same STB 100, the STB 100 Negotiate a keyword at the beginning. Although STB 100 corresponds to the challenge from CAM 400g, it is actually a legitimate operation to pair CAM 400g (which is verified by STB 100). If the STB 100 does not receive the challenge from the paired CAM 400g, it will reject the communication information packet. Better 'If the legal CAM 400g detects too many violations (such as because of stealing CAM's -51-This paper size applies to Chinese National Standard (CNS) A4 specifications (210 X297 mm) (Please read the note on the back first ^^ Please fill out this page 'Feng' " Printed by the Central Standardization Bureau of the Ministry of Economic Affairs, Consumer Cooperatives, Ben Ben 4328 52. A7B7 Printed by the Consumers Cooperative of the Central Standards Bureau of the Ministry of Economics, 5. Description of Invention (49) appears, then it Will refuse to create a challenge, and STB 100 will refuse to steal CAM. When STB 100 is first started with the new CAM 400g, the agreement will establish a shared secret. If the challenge and status are OK, STB 100 will be in STB 100 A NACK request flag is set in the microprocessor 114 on the upper side, and it is written into the NVM 116 with the RDM. When the microprocessor 114 on the STB 100 calculates a response, the response (with the current RDM-related 値) is stored in the NVM 116 until the communication with CAM 400g, and the response has ended processing. The understanding is shown in Figure 26, the microprocessor 114 and NV_M 116 are shown in a schematic rather than an architectural way. On CAM 400g, each response window starts Change NACJC from time to time, and If the correct response is received at the end of the preset period, the NACK counter is decremented by one (if N ACK is not changed). The CAM 400g preferably includes a microprocessor 450, as shown in the schematic diagram of Figure 26, to calculate a response and The NACK status is determined, and the calculated NACK status of the response and challenge is embedded in the NVM 406g on the CAM 400g. The shared secret (seed) is negotiated, which is caused by, for example, the use of KDF variables such as counters and a long-term shared secret値). If the response is earlier (that is, sent before the response window starts) but the following is 眞, that is, the encrypted response message header (if any) sent with the certified response is correct, then CAM 400g generates a NACK and sends New challenges (including new ones for RDM), thus ending the current challenge too soon. If the packet resynchronization certification request is verified to be correct, CAM 400g sets itself as the current packet index of STB 100 'and issues a new challenge , __: 52 This paper size applies Chinese National Standard (CNS) M specifications (2 "〇 > < 297 mm) '----: ---: --- selection ---. 1r ------ Φ, (Please read the back of t first, s-ii . $ ^ Fill in this page again) 432852 A7 B7 Printed by the Central Laboratories of the Ministry of Economic Affairs, Shellfish Consumer Cooperative, V. Invention Description (50) So the current challenge is ended too soon. CAM 400g sets a CAM flag during the processing of a shared secret / negotiation message , Which has a NACK request flag setting. CAM 400g resets the CAM flag in response to a subsequent negotiation message, which does not have a NACK request flag setting, or when an information packet is received, or if the tracking function exceeds the negotiation message retry or time limit when executed on CAM . NACK is added to CAM 400g in response to a negotiation message, which has a NACK request flag setting, unless the tracking function is performed and the CAM flag is set when the message is received. If the CAM flag in the status does not match the NACK request flag setting of STB 100, STB 100 will not accept the returned challenge message. In this case, STB 100 sends another negotiation message to CAM 400g. The STB in this agreement does not need to know the payment information or payment strategy. Alternatively, in this embodiment, the CAM 400g does not use BBRAM for storage but is registered one hour before. Preferably, each registration record of information access also includes a type / level and / or title keyword ID, which corresponds to the CA keyword used by CAM 400g to decrypt the information. Although the present invention has been fully explained by referring to the examples of the drawings, it should be noted that those skilled in the art can make various changes and modifications. For example, those skilled in the art can understand that the PCR system of the present invention can cooperate with other information to counter theft. The protection method (such as requiring an original media) is used by the author Linnartz in the article entitled "Philips Electronics Co., Ltd. Response to Various Recommendations" published in the Data Collection Subgroup Copy Protection Technology Working Group. It will also be understood that the protocols and architectures described herein can be modified to meet the security requirements of a particular application by selectively adopting some known protocols and / or architectures. Therefore, except for -53-, this paper size is applicable to the Chinese Standard (CNS) A4 specification (210X297 mm > ---- ^ ------ ^ ------ 1T ------ Φ (Please read the notes on the back before filling in this page) 4 3 28 52 · a7 __B7 V. Description of the invention (51) It is not these changes and / or amendments that violate the scope of the invention as defined in the appended patent scope, otherwise it should Explain that it is included.. ^ ^ Order (please read the second article on the back before filling out this page) Printed by the Central Standards Bureau of the Ministry of Economic Affairs, Shellfish Consumer Cooperatives 54 This paper size applies to Chinese National Standards (CNS) A4 size (210 X 297 mm)

Claims (1)

8 Do 8 8 ABCD 4 3 28 52 / VI. Patent application scope 1. A device for preventing unauthorized access to information, including: a non-reproducing device for receiving information to be processed; and a renewable device, It is used to authorize a non-reproducible device to process information. The non-reproducible device is paired with the regenerable device by a shared secret, so that the non-reproducible device and the regenerable device communicate with each other, wherein the regenerable device uses the shared secret and is based on a preset Establish a protocol to communicate with non-regenerative devices. 2- As the device of the patent application Fanyuan No. 1, wherein the information is encrypted, the non-reproducing device includes an output to output the _information to the regenerable device, and the regenerable device includes a decryption logic to decrypt the information, and a The output is used to output the decrypted information to the non-reproducing device. 3. For example, the device of any one of items 1 and 2 of Shenyang Qingcheli Fanyuan, wherein the information includes a specific program, and at least one of the non-reproducible device and the regenerable device includes an access window logic for generating An access time window for a preset time period of a specific program, the time window restricting access to the specific program to the preset time period. 4. The device of claim 3, wherein the non-regenerative device includes a control logic to generate an inquiry message, and a proof logic uses the shared secret to prove the information contained in the inquiry message and a response message Information in order to generate a non-reproducible device certification message, wherein the regenerable device preferably includes a certification logic, using the shared secret to prove the information contained in the inquiry message, and respond to the information in the message to generate a renewable Device certification information, the reproducible device also contains a control logic, which is operable to generate a response message, and the response is _________- 55- The paper size applies the Chinese National Standard (CNS) A4 specification (210X297 mm) ^- ----- ^ ------ ΐτ ------ (Please read the note ^^ on the back before filling out this page) Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs 4328 52. A8 B8 C8 D8 Printed by the Consumer Cooperatives of the Central Standards Bureau of the Ministry of Economic Affairs 6. Information on the scope of patent applications provided to the non-renewable device; the control logic of the non-renewable device is more operable to make the renewable device Reproducing apparatus with non-proof post message matches proof 'proof device and if the message matches non-renewable information reproducing apparatus proved message, places the particular program may be supplied to the reproducing apparatus. 5. If the device in the scope of patent application No. 4 is provided, after providing the response message to the non-recyclable device I, the regenerable device will log in to access the information. 6. The device according to item 4 of the scope of patent application, wherein the inquiry message includes at least one of a random code and a title of the specific program. 7. If the device in the scope of the patent application for item 6 further includes a recovery generator, combined with a non-regenerating device to generate the random 値 0. 8. If the device in the patent application park for the seventh item, the recovery generator Contains a counter. 9. The device according to item 7 of the patent application scope, wherein the recovery generator comprises a random number generator. 10. The device according to item 4 of the patent application, wherein the inquiry message further includes a remaining access time request, the response message includes a remaining time indication, and the non-reproducing device includes an access window logic. The proof message matches the non-regenerative device proof message, which indicates the time remaining. 11. For example, the patented Fan Yuanmu device of item 4, wherein the message further includes a processing window request, and the renewable device further includes an information meter to measure the amount of information that has been accessed, and the renewable device provides a response The processing window 'in the message can therefore be extended to access the time window to include the processing window time. -56- This paper size applies to Chinese National Standard (CNS) Λ4 specification (210 X 297 mm) ----: --Γ --- Packing-(Jing first read the notes on the back to fill in this page) Order line 432852. A8 BS C8 D8 Printed by the Consumer Standards Cooperative of the Central Standards Bureau of the Ministry of Economic Affairs 6. Application scope of patents 12. If the device of the patent application park No. 11 is used, 'The non-regenerating device also contains an information meter to measure the stored The amount of information taken; if the response message matches the certificate's response message, the non-reproducible device can extend the access time window to include the processing window time. 13. For a device with a scope of patent application of item 12, the regenerable device Each of the information meter in the non-regenerating device and the information meter in the non-regenerating device includes a non-volatile memory. 14. For example, the device of Patent Application No. 12 wherein each of the non-regenerating device and the regenerable device includes an access window. Logic device for generating an access time window where the access to the information is limited to the shorter of the access time window generated by the access window logic device. 2 items, in which each of the non-reproducible device and the regenerable device includes an access window logic device to determine the remaining amount of access time and to generate a credit amount, wherein the access window logic device The shorter of the generated access time window determines the credit amount. 16. For the device under the scope of the patent application, the information is encrypted, and the non-reproducible device further includes a super-encryption logic to super-encrypt the information; and The regenerative device further includes a super-decryption logic to super-decrypt the super-encrypted information, and a decryption logic to decrypt the information. For example, the device of the patent application No. 16 of the patent application park, wherein the regenerative device further includes an interface encryption logic. It is used for re-encrypting and decrypting information, and the non-regenerating device further includes an interface decryption logic for decrypting the re-encrypting information. -57- i Paper size applies Chinese National Standard (CNS) Λ4 specification (210 X 297 mm)- -----— ------ ^ --- ^ ------ ΐτ ------ 0 -... (锖 read the note on the back ^ before filling this page) 4 3 28 5 2AS B8 C8 D8 Central Standard of the Ministry of Economic Affairs Printed by Zhengong Consumer Cooperative 6. Patent application scope 18. For the device with patent application scope item 17, where the information contains the special program to be accessed, and where the non-regenerative device contains a control logic operable to generate a message The regenerable device includes a control logic operable to determine a super-decryption keyword from the message, and negotiate a plurality of key words for super-decryption and re-encryption. 19. For example, the device in the 18th scope of the patent application, wherein the non- The regeneration device includes a source operable to generate the message, the source including the super-encryption logic and the control logic; and a sink operable to negotiate re-encrypted keywords, the sink including the interface decryption logic and the control logic β 20. For example, the device of the patent application No. 19, wherein the source and the sink include an integrated device. 21 ' The device of claim 19, wherein the source and the sink include a plurality of separate devices. 22. For a device under the scope of patent application 19, the message includes a title of the specific program. 23. The device of claim 19, wherein the control logic of the reproducible device determines a super decryption key based at least in part on the content of the message. 24. If the device of the scope of patent application 17 is applied, wherein the non-reproducible device includes a non-reproducible device media certification logic to prove a medium carrying information to be accessed 'and the renewable device includes a media certification logic Used to prove the media. 25. As for the device of the patent application No. 24, the regenerative device provides an optional device to the non-regenerative device. -58- This paper size is applicable to Chinese National Standards (CNS) .M specifications (21 〇X 297 mm) --'--------------------- Order to read the line, please read E first (Notes on the back t and item-S fill out this page) Printed by the Consumer Cooperative of the Central Hazel Bureau of the Ministry of Economic Affairs, and applied for patent scope 26. The device in the scope of patent application No. 25, further includes a recovery generator combined with the renewable device to generate the random radon. The device of claim 26, wherein the recovery generator includes a counter. 28. The device of claim 26, wherein the recovery generator includes a random number generator. 29. For the device in the first scope of the patent application, wherein the information is encrypted, and the non-regenerative device further includes a super-encryption logic to super-encrypt the information; and wherein the renewable device further includes a super-decryption logic to super-decrypt the super-encryption information. Encrypted information, and a decryption logic to decrypt the information. 30. The device according to item 29 of the patent application scope, wherein the reproducible device further includes an interface encryption logic to re-encrypt and decrypt the information, and the non-reproducible device further includes an interface decryption logic to decrypt the re-encrypted informationa 3 L If the device of the scope of patent application No. 30, wherein the information contains the specific program to be accessed, the non-reproducible device contains a control logic operable to scrap a message 'and the regenerable device contains a control operation operable判定 Determine a super-decryption keyword from the message, and negotiate a plurality of keywords for super-decryption and re-encryption. 32. The device according to item 31 of the patent application scope, wherein the non-regenerative device includes a source, the source includes the super encryption logic and the control logic; and is operable to negotiate the keywords for re-encryption, the sink includes the interface decryption logic and The control logic. 33. If the device of the scope of application for the patent No. 32, where the source and the sink contains -59- This paper size applies the Chinese National Standard (CNS) Λ 4 ^ grid (210 X 29? Mm >) ------ ^ --- ^ ------ ΪΤ ------ ^-·-(Please read the notes on the back before filling out this page) 4328 52. Α8 Β8 C8 D8 Out of standard employees in the Ministry of Economic Affairs Consumption cooperative print 6. Integrated device with patent application scope. 34. If the device with patent application scope No. 32, where the source and the sink contains a plurality of separate devices. 35. With the patent application scope No. 32 equipment, where The message contains a title of the specific program. 36_ If the device of the scope of patent application 32, wherein the control logic of the reproducible device is at least partly based on the content of the message to determine a super-decryption keyword 37. If the scope of the patent application The device of item 30 ", wherein the non-reproducible device includes a non-reproducible device media certification logic to prove a medium, which carries information to be accessed, and the regenerable device includes a media certification logic to prove the media. 38. If you apply for the 37th item of Patent Park The regenerative device provides a random coil to the non-regenerative device. 39. For example, the device in the scope of patent application No. 38 further includes a recovery generator combined with the renewable device to generate the random coil. 40 · For example, the device of the scope of patent application 39, wherein the recovery generator includes a counter. 41. The device of the scope of patent application 39, wherein the recovery generator includes a random number generator. / 42. For patent application The device of the scope item 1, wherein the non-reproducible device includes a non-reproducible device media certification logic to prove a medium carrying information to be accessed, and the regenerable device includes a media certification logic to prove the media. 60- This paper size applies to Chinese National Standards (CNS) M specifications (210 x ^ 97 cm) -------: --- --------------- order --- line (please (Please read Note 1f. On the back before filling this page) Printed by the Consumer Standards Cooperative of the Central Bureau of Standards of the Ministry of Economic Affairs A8 B8 C8 D8 6. Application for Patent Scope 43 · If you apply for the scope of Patent Scope Item 42, the renewable device provides Feel free to give Non-regenerating device. 44. For example, the device of patent application No. 43 includes a recovery generator combined with the regenerative device to generate the random 产生. 45. For example, the device of patent application No. 44 includes The recovery generator includes a counter. 46. The device according to item 45 of the patent application park, wherein the recovery generator includes a random number generator. 47. A method to prevent unauthorized access to the yellow message in a system, The system includes a non-regenerative device having a control logic and a regenerable device having a control logic. The method includes the following steps: pairing a non-regenerative device with a regenerable device; The selection message selectively certifies the message exchanged between the non-reproducible device and the regenerable device and transmits a certification message to the other of the non-regenerative device and the regenerable device: verification in another non-regenerative device and regenerable device Supporting information; and authorizing access to that information. 48. If the method according to item 47 of the scope of patent application, the pairing step further includes the following steps: generating the ID 非 of the non-regenerating device; generating the ID 値 of the regenerable device; ID 値 -61-This paper size adopts Chinese national standard (CNS > Λ4 specification (210X297mm ---- 一-: --- ^ ------ ir ------ 0 (Please read the notes on the back of the poem before filling in this X) 4328 52 Λ8 Β8 C8 D8 Printed by the Consumer Cooperatives of the Central Standards Bureau of the Ministry of Economic Affairs 6. Apply for a patent scope C / Generate at least one certificate; and transmit the at least one certificate to at least —Non-regenerative devices and regenerable devices. 49. If the method of the scope of patent application is 48, the ID of the regenerative device contains a public key. 50. If the method of the scope of patent application 48, which generates The step of ID 値 of the non-regenerating device further includes transmitting the ID 値 to the regenerable device. 51. For example, the method of applying for patent park No. 48, wherein the system includes a back-end system, and the step of generating a certificate is further included in Back-end system generation 1 52. If the method of applying for patent No. 51 in the patent application park, the at least one certificate combines the ID of the non-renewable device and the renewable. 53. If the method of applying for the scope of patent No. 51, the at least one certificate is combined ID 値 and non-renewable devices of regenerable devices. 54. For example, the method of item 51 in the scope of patent application, wherein the at least one certificate combines a common keyword of non-renewable devices and ID 値 of non-renewable devices. The method of item 54 further includes the following steps: If the non-regenerating device does not contain at least one certificate, provide at least one certificate to the non-regenerating device. 56. For the method of applying for patent model park item 54, the at least one certificate is combined A common keyword of a renewable device and the ID of a renewable device. 57. For example, the method of the 48th scope of the patent application, where the non-regeneration device includes a source device. 58_ The method of the 48th scope of the patent application, where the non-regeneration The device contains a -62- this paper size ϊΛΛϋϋ ® Jiaxian (C; NS) Λ4 present grid (210χ) 97ϋ ----, ----- pain ------ ir ----- -0 (Please read the cautions on the reverse side first (Write this page) · 432852. AS B8 C8 D8 Printed by the Men ’s Consumer Cooperatives of the Ministry of Economic Affairs of the Ministry of Economic Affairs. 6. Application for patent scope sinking device. 59. For the method of applying for the 47th item of the Patent Park, the system includes a Back-end system and the pairing step further includes the following steps: generating the ID of the non-regenerating device; determining whether the non-regenerating device contains an entity certificate; transmitting the entity certificate to the renewable device and the back-end system; determining the back-end Does the system include _another entity certificate; transmitting an entity certificate and the other entity certificate to the renewable device; and_ transmitting a cross-certificate to the renewable device. 60. If the method according to item 47 of the patent application scope, wherein the system includes a back-end system and the pairing step further includes the following steps: generating the ID 非 of the non-regenerating device; determining the back-end system based on the ID 値 of the non-regenerating device The secret information of the regeneration device in China and Africa; and transmitting the secret information to the regenerative device. 61. If the method of the scope of application for the patent No. 54 further includes the step of providing secret information to the non-reproducing device if the non-reproducing device does not contain secret information. 62. The method of claim 60, wherein the non-regenerative device includes a source device. 63. The method according to item 61 of the patent application park, wherein the non-regenerative device includes a sink device. 64. If you apply for the method of item 47 in the scope of patent application, where each non-recycling device and can be -63- This paper size applies to China National Standard (CNS) A4 specification (210X297 mm) ---- ΊΙ .--- ^ ------ ΐτ --------. it. f. (Please read the note on the back before filling in this page) ^ 328 52 Α8 Β8 C8 DS Cooperative cooperative printing 6. The patent application Fanyuan regeneration device includes a proof logic, and the step of selectively proving the information further includes the following steps: sending an inquiry message from the non-regeneration clothes to the renewable device; using a shared secret to prove The information contained in the inquiry message and the information in the _response message say 'to generate a reproducible device certification message, and the regenerative device generates the response message; use the shared secret to prove the information contained in the inquiry message and include The information in the response message is used to generate a non-reproducible device certification message: and _ verify that the reproducible device certification message matches the non-reproduced device certification message. 65. The method according to item 64 of the patent application, wherein the inquiry message includes a random program and a specific program of the information and a title, but the response message does not include the information. 66. For the method of applying for the scope of patent application No. 64, the method further includes the step of accessing the information after the green message is provided by the renewable device to the non-reproduced device. 67. The method of claim 64, wherein the non-regenerative device is a recovery generator, and further includes a step of generating the random loop. 68. The method according to item 67 of the patent application park, wherein the recovery generator includes a counter, and the random is not a count. 69. The method of claim 67 in the patent application park, wherein the recovery generator includes a random number generator, and the random number is a random number. 70. For example, the method of applying for the patent item No. 64, wherein the inquiry message further includes a request for remaining access time, and the response message includes a remaining time indicator -64-----: -.--- equipment- ----- Order -------- Line c, please read the attention items on the back before filling in this page) This paper size applies the Chinese National Standard (CNS) Α4 specification (2 〖〇X297mm） 43 ^ 8 52. A8 B8 C8 D8 Printed by the Ministry of Economic Affairs_Central Bureau of Standards Λ Industrial Consumer Cooperative Co., Ltd. 6. The scope of patent application is shown, and the non-reproducible device includes an access window logic. The method further includes the following steps: If the The reproducible device certification message matches the non-reproducible device certification message 'means the remaining time of the TF. 71. For example, the method of applying for patent item No. 64, wherein the message further includes a processing window request, and the regenerative device further includes an information meter, and the method further includes the following steps: measuring that the regenerative device has been stored The amount of information taken; and the processing window in the response message, where the access time window can be extended to include the processing window time. 72. If the method according to item 71 of the patent application scope, wherein the non-regenerating device further includes an information meter, and the method further includes the following steps: measuring the amount of information accessed by the non-regenerating device; and if the renewable device proves If the message matches the non-reproducible device certification message, then the access time window is extended to include the processing window time. 73. If the method of the scope of patent application is No. 72, wherein each of the non-regenerative and regenerable devices includes an access window logic device, To determine the remaining amount of access time, and the method further includes the steps of: generating an access time window in a non-reproducible device, generating an access time window in a reproducible device; and limiting access to non-reproducible devices and regenerable devices The shorter of the resulting access time windows. 74. If the method of applying for the scope of the patent, the item 73, further includes the following steps: According to the restricted access step and generated according to the access, a use is required to be given. -65- This paper standard Lai + Lai Jiapi ((: called 44 threats) (21 (^ 297mm) '" ~~-11 --J '11 j ^ 1T ---- 11 ^.-"♦ < Please read the precautions on the back before filling this page) 4328 52. Β8 CS D8 Printed by the Central Bureau of Standards and Quarantine of the Ministry of Economic Affairs, Shellfish Consumer Cooperatives. 6. Credit amount of those applying for patents. 75. For the method of applying for the scope of patents No. 64, the information is encrypted, and the information includes one of the information. In a specific program title, the non-reproducible device includes a super-encryption logic, and the reproducible device includes a super-decryption logic, and the method further includes the following steps: super-encrypt the information in the non-reproducible device; provide the super-encrypted information to the reproducible device And decrypt the super-encrypted information in the reproducible device. 76- The method according to item 75 of the patent application garden, wherein the reproducible device includes a decryption device, and the method further includes the following steps: decrypting the Information 77. The method of claim 76 of the patent application park, wherein the non-regenerating device includes a source device, the renewable device includes re-encryption logic, and the system further includes a sink device including decryption logic, and the method further includes the following Step 骒: re-encrypt the decrypted information; provide the re-encrypted information to the sink device; and decrypt the re-encrypted information. 78. The method of item 77 of the patent application park further includes the following steps: And the interface encryption keywords in the decryption step. 79. For example, the method of claim 78 in the scope of patent application, wherein the step of judging an interface encryption keyword further includes the following steps: Sending a random message from the sink device to the Recycling device; -66-This paper size is applicable to China's family standards < CN &) Α4 size (210X297) '' ---- ^-, --- ^ ------ tr --- ---- Lian '-(Please read the precautions on the back before filling this page) 4328 52 · A8 B8 C8 D8 Patent Application Scope Consumer Co-operation of the Central Standard Vehicle Bureau of the Ministry of Economic Affairs' Du Yin 11 used in this renewable device Contained in the Shen Sui The information in the document can be used to derive the interface encryption keywords independently: and the information contained in the software can be used in the sink device to independently derive the interface encryption keywords. 80. For the method of the 75th scope of the patent application, The method further includes the following steps: determining the super-encrypting keywords used in the super re-encryption step and the super-decrypting step. 81. For example, in the method of applying for the scope of the patent, the step of determining a super-encrypting keyword further includes the following Steps: _ Use the information according to the title of a specific program to determine the super-encrypted keywords of the renewable pack 1. 82. For the method of applying for patent No. 75, the message further includes a random message, and the method further includes the following steps: transmitting a media inquiry message from the reproducible device to a non-reproducible device; The information contained in the media inquiry message and the information contained in a media response message are used to generate a non-reproducible device media certification message; transmitting the media response message and the non-reproduced device media certification message to the renewable device; certification The information generated in the renewable device and included in the media response message and the information included in the media inquiry message, thereby generating a renewable device media certification message: and using the renewable device media certification message in the renewable device Verify the non-reproducible device media certification message. -67- This paper size applies the national standard (CNS) A4 specification (2 丨 0X297 mm) (Please read the precautions on the back before filling out this page) i equipment · -5 — 泉 A8 B8 C8 D8 432852. 6 Scope of patent application 83. The method of claim 82, in which the media inquiry message is included in the response message 84. The method of claim 82 in the patent application park, wherein the regenerative device includes a counter for generating The regenerative device count included in the media inquiry message, and the method further includes the steps of: incrementing the regenerable device count in a non-reproducible device; and, if the verification step is successful, incrementing the regenerable device in the regenerable device. The device counts 値. 85. The method according to item 82 of the patent application, wherein the reproducible device includes a random number generator for generating a random 値 of the reproducible device included in the media message, and the method further includes the following steps. : Increment the regenerative device randomly at the non-regenerating device; and increment the regenerative device at the regenerative device if the verification step is successful 86. —A method for preventing unauthorized access to encrypted information in a system, the system includes: a non-regenerative device with a control logic and a super-encryption logic 'a renewable device with a control logic and A super-decryption logic, the method includes the following steps: the central government's quasi-burial agency, the Shellfish Consumer Cooperative, prints and super-encrypts the information in the non-reproducible device: provides the super-encrypted information to the reproducible device; and decrypts the reproducible device; The super-encrypted information. 87. For example, the method of the patent application No. 86, wherein the reproducible device includes decryption logic, and the method includes the following steps: Decrypt the information on the reproducible device. ~ 68 _ This paper standard applies to China Standard (CNS) A4 specification (210X297) Printed by the Central Samples Bureau of the Ministry of Economic Affairs, Shellfish Consumer Cooperative, 432852. H C8 D8 VI. Application for a patent scope 88. For the method of the 87th scope of the patent application, where the non-renewable device package The source device, the renewable device includes re-encryption logic, and the system Su further includes a sink device and its package Contains decryption logic, and the method further includes the following steps: re-encrypting the decrypted information: providing the re-encrypted information to the sink device; and decrypting the re-encrypted information. 89. For the method of applying for patent No. 88, the method further includes the following steps: Impatience: It is judged that the interface encryption key used in the re-encryption step and the -decryption step is not acceptable. 90. For example, the method of the 89th scope of the patent application, wherein the step of determining the interface-like key words further includes the following steps: The sink device sends a sinker to the renewable device; the information contained in the sinker is used in the regenerative device to reveal the interface encrypted keywords openly; and the sinker device is used to contain the sinker ’s random key. The information is encrypted with the unique export interface. 91. The method according to item 86 of the patent application scope further includes the following steps: determining the super-dense keywords used in the super-re-encryption step and the super-decryption step. 92. If the method of applying for item 91 of the patent scope, where the information includes a specific program with a title, and the step of determining a super-encrypted keyword further includes the following steps: Use the information according to the title of the specific program to determine the Recyclable __________- 69-_ This paper is compliant with family standards (CNS) A surgery M 210X297 male thin) '----- ---- ^ ---: --------- II- ----- Please read 1 »on the back of the page 1 · Issue free and then fill out this 4328 52. Ag B8 C8 D8 Printed by the Consumer Cooperatives of the Central Standards Bureau of the Ministry of Economy . 93. —A method for preventing unauthorized access to information in a system, the system comprising a non-regenerative device having a control logic, and a regenerative device having a control logic 'The method comprises the following steps: transmitting from the regenerable device Media inquiry message to a non-reproduced device; proof that the information generated in the non-reproduced device is included in the media inquiry message and information included in a media response message to generate a non-reproduced device media certification message; send the media response message And the non-reproducible device media certification information to the regenerable device; certifying the information generated in the regenerable device and included in the media response message and the information contained in the media's 1-sentence message to generate a renewable device media certification message ; And verifying the non-reproducible device media certification message with the reproducible device media certification message at the reproducible device. 94. The method of claim 93, wherein the regenerative device includes a counter to generate a count of the regenerable device included in the media inquiry message, and the method further includes the following steps: increment the non-reproducible device The regenerative device counts: and if the verification step is successful, the regenerative device counts are retransmitted at the regenerative device. 95. The method according to item 93 of the patent application, wherein the renewable device includes a random number generator for generating a random number of the renewable device included in the media inquiry message, and the method further includes the following steps: -70 -__ This paper size applies to Chinese national standards (〇 阳 > 八 4 规格 (21〇 > < 297 mm)) (Please read the precautions on the back before filling this page). -1r A8 B8 C8 D8 432852. The scope of the patent application is to increment the random number of the regenerative device at the non-regenerable device; and if the verification step is successful, the random number of the regenerative device is transmitted at the regenerative device. 96.-Preventing unauthorized access-System The information method includes a non-regenerating device and a renewable device. The method includes the following steps: (a) transmitting a sub-negotiation request from the non-regenerating device to the renewable device: (b) transferring a challenge and A status query is transmitted from the renewable device to the non-reproducible device: _ (c) determines whether the non-reproducible device and the regenerable device are in password synchronization; and (d) if the non-reproducible device is If neither the device nor the regenerative device is in the password synchronization, return to step (a). 97. If the method of the scope of the patent application is 96, it further includes the following steps: (e) determine whether the non-regenerative device and the regenerable device are in a packet. Synchronization: and (f) when the non-regenerating device and the regenerable device are in packet synchronization, 'the information is provided to the regenerable device in a separately numbered packet. Method, in which information is provided to a reproducible device in a default access response window, and the step of providing information further includes the following steps: a part of the information and the information are verified by the regenerable device in the default access response window Accepted. 99. For example, the method of applying for patent No. 98 in the patent park, wherein the renewable device contains -71-This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) ----- „- --1 --- ^ ------ 1T ------ Λ --- (Please read the note on the back before filling this page) Printed by the Consumer Cooperative of the Central Standards Bureau of the Ministry of Economic Affairs 4328 52 A8 B8 C8 D8 Employees of the Central Bureau of Assistance, Ministry of Economic Affairs Printed by the Consumer Cooperatives 6. The patent application scope responds to the error counter of the regenerative device, and the verification step further includes the following steps: Verify that the general text transmitted from the regenerative device to the non-regenerative device is received by the non-regenerable device. The method of scope item 98, wherein the regenerative device includes an error counter in response to the regenerable device, and the verification step further includes the following steps: Verify that the information is received in the default access response window. 101. If applying for a patent The method of Fanyuan Item 98 further includes the following steps: When the verification is unsuccessful in the regenerative device, an error count is accumulated. 102. If the method of applying patent No. ιo1, further includes the following steps: if a preset error count description is recognized, the processing of the renewable device is suspended. 103. The method of claim 101, wherein the regenerative device includes a counter, which counts the number of errors before the verification step, and the method further includes the following steps: if the verification is unsuccessful, the counter is decremented to delete one of the errors Instructions. 104. For the method of applying for item 103 of the patent scope, wherein the error is reflected by a NACK. 105. The method of claim 104, wherein when the information is received before the preset access response window, the NACK count is not decremented. 106. If the method of applying for the patent item No. 98, wherein the default access response is __ -72- This paper size is applicable to China National Standards (CNS) A # now grid (210X297 mm) iiln I J-- J— n I-f Please read the notes on the back before filling out this page} Order / 1328 5 2 A8 6S C8 D8 VI. The scope of patent application window has a start time and a duration, and the method further includes The Central Laboratories of the Ministry of Economic Affairs printed the following steps: Set the start time and duration of the default access response window to respond to the challenge from the renewable device in step (b). 107. If the method according to item 97 of the patent application is applied, wherein if the regenerative device and the non-regenerative device are not in packet synchronization, step (b) further includes the following steps: instruct the regenerable device to become a packet with the non-regenerative device Synchronize. 108. The method of claiming scope 107 of the patent application, wherein the step of instructing the regenerable device to become a packet synchronization step further includes: transmitting an instruction from the non-regenerable device to the regenerable device, the instruction including a packet index; Set the reproducible device as the packet index; and return to step (b). 109. The method of claim 108, wherein the packet index is randomly selected in a challenge response time window. 110. The method of claim 96 further includes: If the non-regenerative and regenerative device is not cryptographically synchronized in step (c), a new challenge is issued. 111. If the method of applying for patent No. 96 in the patent application, wherein if no meaningful challenge is received from the renewable device, the method further includes the following steps: In step (a), send another seed negotiation request ^ 112. The method of Patent Fangu Item 96 further includes the following steps: a non-reproducing device requests the NACK status of the regenerative device; and judging whether the request is acknowledged from the challenge. ~ -73- (210X297, ^ 7 (Please read the precautions on the back first and then fill out this page). 1T A