[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

WO2001043108A1 - Systeme et procede de commande a cles - Google Patents

Systeme et procede de commande a cles Download PDF

Info

Publication number
WO2001043108A1
WO2001043108A1 PCT/JP2000/008681 JP0008681W WO0143108A1 WO 2001043108 A1 WO2001043108 A1 WO 2001043108A1 JP 0008681 W JP0008681 W JP 0008681W WO 0143108 A1 WO0143108 A1 WO 0143108A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
data
authentication
public encryption
encryption key
Prior art date
Application number
PCT/JP2000/008681
Other languages
English (en)
Japanese (ja)
Inventor
Toshiaki Hioki
Miwa Kanamori
Yoshihiro Hori
Takahisa Hatakeyama
Shigeki Furuta
Tadaaki Tonegawa
Takeaki Anazawa
Original Assignee
Sanyo Electric Co., Ltd.
Fujitsu Limited
Hitachi, Ltd.
Nippon Columbia Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sanyo Electric Co., Ltd., Fujitsu Limited, Hitachi, Ltd., Nippon Columbia Co., Ltd. filed Critical Sanyo Electric Co., Ltd.
Priority to AU17341/01A priority Critical patent/AU1734101A/en
Priority to JP2001543712A priority patent/JP4223721B2/ja
Publication of WO2001043108A1 publication Critical patent/WO2001043108A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority

Definitions

  • the present invention relates to an information distribution system for distributing information to a terminal such as a mobile phone, and an authentication method for determining whether or not a device constituting the system is a legitimate device for receiving information distribution. It relates to a key management system that manages keys. Background art
  • information is transmitted by digital signals. Therefore, for example, even when individual users copy music or video information transmitted over the information communication network as described above, such copying does not cause any deterioration in sound quality or image quality, and the information is copied. Can be performed.
  • distributing music data and image data to the public through a digital information communication network is itself an act limited by the public transmission right of the copyright holder, and is a sufficient measure for copyright protection. Needs to be taken.
  • An object of the present invention is to provide an authentication key for performing authentication processing for a terminal device or the like that receives such information when copyrighted data is distributed through an information communication network, for example, an information communication network such as a mobile phone.
  • An object of the present invention is to provide a key management system for performing management.
  • a key management system according to the present invention is a key management system for registering a public encryption key embedded in a device and for certifying the registered public encryption key. It has a first terminal device, a certification institution terminal, and examination means. The plurality of first terminal devices apply for registration of a public encryption key to be incorporated in the device.
  • the authentication institution terminal is connected to the plurality of first terminal devices via a communication line, and performs registration management of a public encryption key and encryption with a certificate that can be decrypted with the authentication key, to the public encryption key.
  • the examination means determines eligibility for registration in the key management system based on the device specification information.
  • the examination means includes a first storage device for storing examination information corresponding to a result of examining whether or not the device incorporates the public encryption key.
  • the certification authority terminal includes a second storage device and an encryption processing unit.
  • the second storage device stores a public encryption key.
  • the encryption processing unit generates certificate-encrypted data in which the public encryption key is subjected to certificate-encryption that can be decrypted using an authentication key.
  • the certification authority terminal responds to the application for registration of the public encryption key from each first terminal, and based on the examination information stored in the first storage device of the examination means, the requested public encryption key. Judge whether or not to register the certificate.
  • the public encryption key is stored in the second storage device, and the public encryption key is encrypted by the encryption processing unit, and the encryption with certificate is performed. It generates data and outputs the encrypted data with certificate and the authentication key to the first terminal device that has applied.
  • a key management method for applying encryption to public encryption keys Generating the examination information corresponding to the result of determining the eligibility of registration in the key management system based on the device specification information, and examining the examination information based on the application for registration of the public encryption key. The step of deciding whether to register the requested public encryption key, and if so, the public encryption key has been encrypted with a certificate that can be decrypted with an authentication key. Generating encrypted data with a certificate and providing the encrypted data with a certificate and an authentication key to an application source.
  • a key management system for registering a public encryption key embedded in a device and certifying the registered public encryption key includes: a plurality of first terminal devices; This is a key management method in a key management system including a certification authority terminal and an examination means.
  • the plurality of first terminal devices apply for registration of a public encryption key to be incorporated in the device.
  • the certification authority terminal is connected to a plurality of first terminal devices via a communication line, and performs registration management of a public encryption key and encryption with a certificate that can be decrypted with the authentication key to the public encryption key.
  • the examination means determines eligibility for registration in the key management system based on the device specification information.
  • the examination means includes a first storage device for storing examination information corresponding to a result of examining whether or not the device incorporates the public encryption key.
  • the certification authority terminal includes a second storage device that stores the public encryption key.
  • the certificate authority terminal In the key management method in the key management system, the certificate authority terminal generates certificated encrypted data in which a public encryption key has been subjected to certificated encryption that can be decrypted by the authentication key, and the first encrypted data is generated. Based on the application for registration of the public encryption key from the terminal, it is determined whether to register the requested public encryption key in accordance with the examination information stored in the first recording device of the examination means. When registering, the public encryption key is stored in the second storage device, and the public encryption key is encrypted by the encryption processing unit to generate encrypted data with a certificate. The encrypted data and authentication key are output to the first terminal device that has applied.
  • FIG. 1 is a conceptual diagram schematically illustrating a part of a configuration of a key management system 100 according to the present invention including a data distribution system.
  • FIG. 2 is a conceptual diagram for describing the entire configuration of the key management system 1000 shown in FIG. 1 in more detail.
  • FIG. 3 is a flowchart for explaining the operation of the manufacturer terminal 20.1 provided in each manufacturer that manufactures terminal devices, memory cards, and the like.
  • FIG. 4 is a flowchart for explaining the operation of the examination institution terminal 210.
  • FIG. 5 is a slow chart for explaining the operation of the certification authority terminal 202.
  • FIG. 6 is a flowchart for explaining the operation of distribution server 10.1.
  • FIG. 7 is a flowchart for explaining the operation of the authentication server.
  • FIG. 8 is a flowchart for explaining the operation of the distribution terminal.
  • FIG. 9 shows a key for communication used in the data distribution system shown in FIG.
  • -It is a diagram for collectively explaining characteristics such as data (key data).
  • FIG. 10 is a schematic block diagram showing the configuration of the distribution server 10.1.
  • FIG. 11 is a schematic block diagram for explaining the configuration of mobile phone 100.
  • FIG. 12 is a schematic block diagram for explaining the configuration of the memory card 110.
  • FIG. 13 is a first flowchart for explaining a distribution mode using the memory card 110. is there.
  • FIG. 14 is a second flowchart for explaining the distribution mode using the memory module 110.
  • FIG. 15 is a first flowchart illustrating a reproduction process for outputting the encrypted content data stored in the memory card 110 to the outside as music.
  • FIG. 16 is a second flowchart illustrating a reproduction process for outputting the encrypted content data stored in the memory card 110 to the outside as music.
  • FIG. 17 is a first flowchart for explaining a process of moving or copying content data and key data between two memory cards. You.
  • FIG. 18 is a second flowchart for explaining a process of moving or copying content data and key data between two memory cards.
  • FIG. 19 is a diagram showing a process for requesting deletion of the public encryption key and the authentication data registered from the maker terminals 220.1 to 220.k.
  • FIG. 20 is a flowchart for explaining the operation of the certification authority terminal 202.
  • FIG. 21 is a flowchart for explaining the operation of the authentication server when an instruction to delete the registration of the target authentication data is issued.
  • FIG. 22 is a diagram showing a process of deleting the public encryption key and the authentication data registered from the certificate authority terminal 202.
  • FIG. 1 is a conceptual diagram schematically illustrating a part of a configuration of a key management system 100 according to the present invention including a data distribution system.
  • a distribution server 10 that manages copyrighted music data distributes a distribution carrier for distributing music data (hereinafter also referred to as content data) after encrypting the music data using a predetermined encryption method. Give such encrypted data to the mobile phone company that is 20.
  • the authentication server 12 authenticates whether or not the device accessed for distribution of music data is a legitimate device.
  • the authentication server 12 is pre-recorded in a portable telephone 100, a memory card 110, or the like, which is a device for receiving distribution of music data, when the device is manufactured.
  • the public encryption key and authentication data uniquely assigned to each device type (class) to authenticate whether these devices are legitimate devices are passed to the key certification system 20. Received from 0 and stored in database 14
  • the distribution carrier 20 relays a distribution request (delivery request) from each user to the distribution server 10 through its own mobile phone network. If there is a distribution request, the distribution server 10 confirms that the access is from a legitimate device by the authentication server 12, encrypts the requested content data, and then carries the distribution carrier 20. It is distributed to each user's mobile phone via the telephone network.
  • the mobile phone 100 of user 1 receives the encrypted content data received by the mobile phone 100, decrypts the encryption performed in the transmission, and decrypts the encrypted content data. It is configured to be stored in a removable memory card 110 to be given to a music playback unit (not shown) in the mobile phone 100.
  • the user 1 can listen to music that reproduces such content data via headphones 130 or the like connected to the mobile phone 100.
  • the distribution server 10, the authentication server 12, and the distribution carrier 20 are collectively referred to as a music server 30.
  • the process of transmitting content data from the music server 30 to each mobile phone terminal or the like is referred to as “distribution”.
  • the distribution carrier 20 counts the frequency each time content data for one song is distributed, for example, so that the copyright fee generated each time the user receives (downloads) the content data can be distributed.
  • Carrier 20 mobile phone It would be easy for the copyright holder to secure the copyright subject if it were to be collected as a telephone charge.
  • the user 2 having the memory card 112 can receive the distribution of the content data directly from the music server 30 by his / her own mobile phone 102.
  • the user 2 receives content data or the like having a considerable amount of information directly from the music server 30, a relatively long time may be required for the reception.
  • the content data can be copied from the user 1 who has already received the distribution of the content data, the convenience for the user is improved.
  • the content data received by the user 1 is copied to the user 2 together with the information necessary to make the content data itself reproducible. Call.
  • the user 1 copies the information (reproduction information) necessary for reproduction to the user 2, after the information is moved, the user 1 cannot reproduce the content data.
  • the content data is distributed as encrypted content data encrypted according to a predetermined encryption method, and “reproduction information” is, as described later, encrypted content data according to the predetermined encryption method.
  • a license key which is a decryption information key capable of decrypting the information, and license information data composed of information related to copyright protection and reproduction conditions.
  • the reproduction information necessary for reproducing such content data is not copied to the terminal of the user 2, the user 2 can reproduce the music only by obtaining the encrypted content data. Can not. Therefore, user 2 If you want to play such music, you need to re-
  • transceiver mode communication is possible. It is possible to transfer (move) the information collectively from user to user 2 and to transfer (copy) only the encrypted content data.
  • the mutual relationship between the mobile phone 100 and the memory card 11 ⁇ used for the reproduction operation and in the movement operation, the mutual relationship between the memory cards 110 and 112 used to move the content data.
  • it is necessary to perform mutual authentication of each other which is a legitimate device.
  • a public encryption key and authentication data uniquely assigned to each device type (class) in the key authentication system 200 are used. .
  • FIG. 2 is a conceptual diagram for describing the entire configuration of the key management system 1000 shown in FIG. 1 in more detail.
  • FIG. 2 there are a plurality of distribution servers 10.1 to 10.n (n: natural number), and these are connected to one authentication server 12 via a communication network.
  • distribution carrier 20.1 There is a distribution carrier corresponding to each of distribution servers 10. 1 to 10. N, but in FIG. 2, distribution carrier 20.1 corresponding to distribution server 10. 1 is exemplarily shown. Have been. Of course, multiple distribution servers may share the distribution carrier 20.1.
  • the distribution carrier 20.1 From the distribution carrier 20.1, it is composed of each set of mobile phones 100 to 108 and memory cards 110 to 118 attached to them via the mobile phone network. C encryption Conte N'data and the like are delivered to the delivery terminal
  • the authentication server 12 is connected to the distribution institution terminals 11.1 to 11.1 m (m: natural number) via a communication network, and the distribution institution terminals 11.1 to 11.1 m , Content data is supplied to a plurality of content data vending machines 3010.:! To 3010.h (h: natural number).
  • FIG. 2 exemplarily shows content data vending machines 301 0.1 to 301 0.h corresponding to the distribution institution terminal 11.m. As will be described later, the user can use these content data vending machines 3010.:! From 30 to 110.h, it is also possible to receive distribution of encrypted content data etc. to the memory cards 11 1 to 1 17.
  • each of the content data vending machines 30 10 .1 to 30 10 .h is always connected online with the distribution institution terminal 11 .m, and when there is a distribution request from the user, the distribution institution terminal 1 1.
  • the authentication server 12 via the m may be used to authenticate the memory card as an authorized device, or the content data vending machine 30 10 .1 to 30 10 .0.h
  • a configuration may be adopted in which a database for storing content data for distribution and a database for authentication are provided, and the distributor terminal 11.m periodically updates the data in these databases.
  • the key certification system 200 includes a manufacturer terminal 220.1-220.k (k: natural number) provided for each manufacturer that manufactures the mobile phone 100 and the like and the memory card 110 and the like. 1 to 2 20.k connected via a communication network, and mobile phones 100 and memory cards 110 and the like manufactured by each manufacturer have specifications conforming to the key management system 1000.
  • each manufacturer when registering a public encryption key and authentication data to be incorporated into a device, each manufacturer must provide the manufacturer terminal with the design information, performance information, and manufacturing condition information of the device into which the public encryption key is to be incorporated.
  • Input via each of 220.1-2.20.k, and transmit to the examination agency 210 via a communication network.
  • the certification authority terminal 210 connected to the main terminal 220.1-2.20.k and the certification authority terminal 202 via a communication line is a specification of the equipment to be manufactured by each manufacturer. stored in the scan 2 1 2 - check, the examination report one bet about whether or not compatible with the system creates and with the reply to the manufacturer terminal an application has been made for, corresponding to the examination result examination information data base I do.
  • the certification institution terminal 202 sends the public encryption key and the authentication data for which registration has been requested from the main terminal 220.1-2.20.k connected via the communication line to the certification authority terminal 202.
  • the registration management and certifiable encryption that can be decrypted with the authentication key are performed.
  • the certificate authority terminal 202 is a maker terminal 220.
  • the requested public encryption key is used. It is determined whether or not to register the encryption key and the authentication data.
  • the public encryption key and the authentication data are stored in the database 204.
  • the authentication institution terminal 202 includes an encryption processing unit capable of generating certified encrypted data in which the public encryption key and the authentication data are subjected to certified encryption that can be decrypted by the authentication key.
  • the public encryption key and the authentication data are encrypted by this encryption processing unit to generate certificate-encrypted data, and the maker terminal 220.:! ⁇ 220.k
  • the encrypted data with certification and the authentication key are output to the manufacturer terminal that made the application.
  • performing the public encryption key with certifiable encryption that can be decrypted with an authentication key means that both the public encryption key and the authentication data are encrypted so that they can be decrypted with the authentication key. It may be configured, or the public encryption key and the authentication data are authenticated.
  • a configuration may be adopted in which proof is performed using data generated accompanying the decryption.
  • the authentication key is a public authentication key
  • the certified encryption can be performed using a secret encryption key that is asymmetric with respect to the public authentication key.
  • FIG. 3 is a flowchart for explaining the operation of the manufacturer terminal 220.1 provided in each manufacturer that manufactures terminal equipment, memory cards, and the like in the system shown in FIG.
  • step S1000 When the processing of the maker terminal 22.1 is started (step S1000), the maker inputs device information via the main terminal 22.1, and authorizes the relevant device to the ban agency terminal 210. Apply (step S1002).
  • the maker terminal 220.1 waits for a response from the examination agency terminal 210 (step S1004).
  • a response from the examination body and an examination report on the examination result is received from the examination body (step S1006), subsequently, at the manufacturer terminal 220.1, it is determined whether or not the device has been approved by the examination body. Is performed (step S1008).
  • step S1022 the process returns to step S1002 again.
  • step S1008 the maker terminal 220.1 subsequently requests the certification authority terminal 202 to register the public encryption key and the authentication data (step S1010).
  • the maker terminal 220.1 waits for a response from the certification authority terminal 202 (step S1012).
  • step S1014 it is determined whether or not registration has been permitted in the authentication institution terminal 202 (step S1014). If the registration is rejected, determine the reason for the rejection (step S1016). If the registration application to the certification body is incomplete, correct the application (step S1016). [Step S] 0] S) Then, the process returns to step S 110.
  • step S106 if the reason for refusal is non-authorization of the device itself, the manufacturer changes the design of the device and sends the The notification is made (step S1002), and the process returns to step S1002 again.
  • step S 101 the manufacturer terminal 220. 1 records the encrypted data with certification and the authentication key based on the registered certification body, and An assembling instruction is performed (Step S1020), and the process is terminated (Step S1024).
  • the manufacturer will manufacture a terminal device incorporating the registered encrypted data with certification and the authentication key.
  • FIG. 4 is a flowchart for explaining the operation of the examination institution terminal 210 shown in FIG.
  • the terminal 210 of the examination organization is in a waiting state until an examination request is made from any external terminal (such as the terminal 220.1 or the terminal 202). Step S1102).
  • step S112 When it is detected that a request has been made from any of the external terminals (step S112), it is subsequently determined from which terminal the request has been made (step S1104). If the request is from the maker terminal 220. 1 (step S1104), then, the examination agency terminal 210 examines the device information (step S1106). Subsequently, the examination institution terminal 210 creates an examination report for the manufacturer terminal 220.1 based on the examination result of the device information (step S1108).
  • the examination report is sent to the maker terminal 220.1 (step S111).
  • step S 1 1 1 2 If the examination result is unapproved (step S 1 1 1 2), the process will return to step The process returns to S1102 and waits for a request from the external terminal.
  • step S111 if the result of the examination is approval (step S111), the examination information for the database is created (step S111), and the examination information is recorded in the database (step S111). In step S1116), the process returns to step S1102 to wait for a request from an external terminal.
  • step SI104 determines whether the access is from the authentication device terminal.
  • the CB terminal searches the database for the vetting information (step S1120) and determines whether or not to authenticate to the CB terminal. An examination report is prepared for judging whether this is the case (step S1122).
  • the examination report is transmitted to the terminal of the certification organization (step S1124), and the process shifts to step S1102 to wait for a request from the external terminal again.
  • FIG. 5 is a flowchart for explaining the operation of the certification authority terminal 202 shown in FIG.
  • certificate authority terminal 202 is in a connection waiting state until a connection request is received from maker terminal 220.1 or the like (step S1202).
  • the certification institution terminal 202 transmits a search request for the database 212 to the examination institution terminal 210 (step S1204).
  • the certification institution terminal 202 is in a state of waiting for a response from the examination institution terminal 210 (step S1206).
  • step S1208 When there is a response from the terminal 210 of the examination agency, and subsequently, when the examination report is received from the terminal 210 of the examination agency (step S1208), and the content of the examination report indicates that the terminal device has not been examined. Sends a message to the maker terminal 220.1 that it has not been examined (step S1212), and the process returns to step S1202 to wait for a connection request.
  • step S1210 if the content of the audit report indicates that the terminal device has already been audited (step S1210), then the certification authority terminal 202 checks the key database 204 based on the content of the audit report. A search is performed (step S1214). If there is a key that is duplicated with the public encryption key for which the application was made, or if there is an error in the contents of the authentication data, it is notified that there is an error in the application contents such as a duplicate key. Then, the process returns to step S1202, and the process returns to step S1202 to wait for a connection request.
  • step S1216 the certification authority terminal records the public encryption key and the authentication data in the key database 204 (step S1220), and encrypts the public encryption key and the authentication data. To generate encrypted data with certification (step S1222).
  • the certificate authority terminal 202 transmits the encrypted data with certification and the authentication key to the main terminal 220.1 (step S1224).
  • step S1226 the public encryption key and the authentication data are further transmitted to the authentication server 12 (step S1226), and the process proceeds to step S1202, where the connection request is again waited.
  • FIG. 6 is a flowchart for explaining the operation of distribution server 10.1 shown in FIG.
  • the distribution server 10.1 receives and holds the authentication key from the authentication institution terminal 202 via the authentication server 12 in advance.
  • distribution server 10.1 is in a connection waiting state until a connection request is received from a user (step S1302).
  • distribution server 10.1 receives the public encryption key and the encrypted data with certification of the device to be distributed (step S1304).
  • the distribution server decrypts the encrypted data with the certificate using the authentication key, obtains the public encryption key and the encrypted data with the certificate (step S1306), and determines whether the decryption processing of the encrypted data with the certificate is valid. Then, it is determined whether or not the password has been encrypted by the certificate authority terminal 202 (step S1308).
  • step S1308 If it is determined that the encrypted data with certification is invalid, that is, it is not encrypted at the certification authority terminal 202 (step S1308), the license cannot be transmitted. Notified to the terminal equipment in which the connection request (Step S 1 3 20), again the process is returned to step S 1 302, the connection waiting state of the user c
  • step S1308 if it is determined in step S1308 that the encrypted data with certification is valid, that is, it is determined that the encrypted data has been encrypted by the certificate authority terminal 202, the authentication data is subsequently referred to the authentication server 12 ( Step S1310).
  • step S1320 If the authentication data is not approved, the terminal device is notified that the license cannot be transmitted (step S1320), and the process shifts to step S1302 to wait for a connection from the user.
  • step S 1310 if it is determined that the authentication data is registered (step S 1310), the connection with the distribution destination device is secured using the public encryption key that has been encrypted and transmitted (step S 1310). Step S1312).
  • the license is transmitted to the distribution destination device, and charging information is stored in the charging database (step S1314).
  • license means a license key for encrypted content data and restriction information for reproduction (license key).
  • the distribution server determines whether or not to transmit the encrypted content data (step S1316), and if it is not necessary to transmit the content data, the process proceeds to step S1302, and the user again receives the request from the user. The connection waits.
  • step S1316 when transmission of the encrypted content data is requested, the encrypted content data is transmitted to the distribution destination device (step S1318), and after the transmission is completed, the user waits for a connection. The process is returned to (step S1302).
  • FIG. 7 is a flowchart for explaining the operation of the authentication server shown in FIG.
  • authentication server 12 is in a connection waiting state until there is a connection request from distribution server 10.1, etc. or authentication authority terminal 202 (step S1402).
  • step S1404 determines from which terminal the connection request is made. If it is determined that the connection is from the distribution server 10.1, the authentication server 12 accepts the authentication data. Then, the database 14 is searched (step S1406). Subsequently, the search result is transmitted to the delivery server 10.1 which is the inquiry destination (step S1408), and the process returns to the connection waiting state (step S1402). On the other hand, if it is determined in step S1404 that the request is from the certificate authority terminal 202, the authentication server 12 receives the newly registered public encryption key and authentication data from the certificate authority terminal 202 (step S1404). 1 41 0).
  • step S1412 the public encryption key and the authentication data are registered in the database 14 (step S1412), and the process returns to the connection waiting state (step S1402).
  • FIG. 8 is a flowchart for explaining the operation of the distribution terminal (the mobile terminal 100 and the memory card 110 are collectively referred to as a “distribution terminal”) shown in FIG.
  • the distribution terminal when a distribution operation is started by a distribution request from a user to a distribution terminal (step S1500), the distribution terminal outputs a distribution request to distribution server 10.1 (step S1500).
  • step S1500 when a distribution operation is started by a distribution request from a user to a distribution terminal (step S1500), the distribution terminal outputs a distribution request to distribution server 10.1 (step S1500).
  • step S1500 distribution request from a user to a distribution terminal
  • the distribution terminal transmits the encrypted data with certification to the distribution server 10.1. (Step S1504).
  • the distribution terminal secures a connection with the distribution server 10.1 based on the encrypted data with certification (step S1508).
  • the distribution terminal receives and accepts the license from distribution server 10. 1, and stores the license in memory card 110 (step S 1510).
  • the distribution terminal notifies the distribution server 10.1 of the presence / absence of transmission of the encrypted content data according to the instruction from the user (step S1512).
  • step S1514 If it is not necessary to transmit the encrypted content data because the encrypted content data has already been copied to the memory card 110 (step S1514), the process ends (step S1522). .
  • step S1514 the encryption If the transmission of the encrypted data is requested, a request for the distribution of the encrypted content data is made, and after receiving the encrypted content data, the data is stored in the memory card (step S1516), and the processing is completed. (Step S1 522).
  • step S1506 if the distribution server notifies the distribution server that distribution is impossible (step S1520), the process ends without performing any of license distribution and encrypted content data distribution (step S1506). 1 522).
  • the public encryption assigned to the mobile phone 100 is performed.
  • the key KP p and the authentication data C rtf (p) are recorded and held in the form of encrypted data with certification that is encrypted so that they can be decrypted by a public decryption key (public authentication key) KPmaster.
  • the mobile phone 100 Since the mobile phone 100 does not perform the authentication process, the mobile phone 100 does not hold the public decryption key KPmaster.
  • the public encryption key KPmedia and the authentication data Crtf (m) are registered in the memory card 110.
  • the memory card 110 is registered in advance with the authentication institution terminal 202 in the key management system, for example, when the memory card 110 is registered with the public encryption key KPmedia and the authentication data assigned to the memory card.
  • C rtf (m) is recorded and stored in a form encrypted by a public decryption key (public authentication key) KPmaster.
  • the memory card 110 and the distribution server 10 have means for recording and holding the public decryption key (public authentication key) KPmaster.
  • the public decryption key (public authentication key) KPmaster is a proof that all devices that output data in the system are devices that can exchange data in exchange of session keys.
  • Public encryption key used to send the key to the other party And to use the acquisition of authentication de one data, a system common public decryption key of Ru c
  • FIG. 9 shows a key for communication used in the data distribution system shown in FIG.
  • -It is a diagram for collectively explaining characteristics such as data (key data).
  • the key for managing the data processing in the memory card 110 is specific to the type of the medium called the memory card, and the type of the memory card is individually determined.
  • the natural number n in the description of the secret decryption key Kcard (n) and the public encryption key KPcard (n) represents a number for distinguishing each memory card.
  • data encrypted with the public encryption key KP ca r d (n) can be decrypted with the secret decryption key K ca r d (n) that exists for each memory card.
  • Kme dia (n) for decrypting the data encrypted by (n).
  • the distribution server 10.1 and the memory capacity 1101 or 112 for each communication, for example, for each user's access to the music server 30, respectively.
  • the generated common keys K s, K sl, and K s 2 are used.
  • the common key K s or the like is generated, for example, every time the user accesses the music server 30 once.
  • the key may be used, or, for example, the common key may be changed for each song and then distributed to the user each time.
  • a unit of communication or a unit of access is referred to as a “session”
  • the common key K s and the like are also referred to as a “session key”.
  • the common key Ks has a value unique to each communication session, and is managed in the distribution server, the memory card, and the mobile phone.
  • license key a key for decrypting the encrypted content data
  • the encrypted content data is used by the license key Kc. It shall be decrypted.
  • license information data License there are a management code for specifying the content data, access control data including information such as a limitation on the number of times of reproduction, and the like.
  • the content data Dc in the distribution data is, for example, music data, and data that can be decrypted with the license key Kc is referred to as encrypted content data [Dc] Kc.
  • the notation [Y] X indicates that the data is data obtained by converting the data Y into a cipher that can be decrypted by a key (key) X.
  • the key used in the encryption processing and the decryption processing is also referred to as “key”.
  • each of the distribution server, the mobile phone, and the memory card generates its own session key. That is, the session key generated by the distribution server 10.1 or the mobile phone 100 is defined as a session key Ks, the session key generated by one of the memory cards 110 is defined as a session key Ks1, and the memory card The session key generated by the other memory card 112 having the same configuration as 110 is referred to as a session key Ks2.
  • each device constituting the system when each device constituting the system generates a session key by itself and receives data, in other words, when it is a data transmission destination.
  • the source is the session key delivered from this destination.
  • the data is decrypted and this encrypted data is transmitted.
  • One feature of the transmission destination is that the received data is decrypted using the session key generated by itself.
  • KP p (m) KP p (m)
  • KP p (m) the secret decryption key that can decrypt the data decrypted with the key KP p (m).
  • the public encryption key KP p (m) and the secret decryption key K p (m) are specific to the type of mobile phone, and the natural number m is used to distinguish the type of mobile phone. It is.
  • FIG. 10 is a schematic block diagram showing the configuration of the distribution server 10 shown in FIG. 2 (hereinafter, distribution servers 10. 1 to 10 .n are collectively referred to as distribution server 10).
  • the distribution server 10 includes a distribution information database 304 for storing data obtained by decoding content data (music data) according to a predetermined method, distribution information such as a license ID, and the like.
  • a charging database 302 for holding charging information according to the number of times of access to content data, etc., and a data bus BS 1 for transferring data from a distribution information database 304 and a charging data base 302.
  • a data processing unit 310 for receiving and performing predetermined encryption processing via a communication network, and a communication device for exchanging data between the distribution carrier 20 and the data processing unit 31 ° via a communication network 350.
  • the data processing unit 310 is controlled by a distribution control unit 312 for controlling the operation of the data processing unit 310 according to the data on the data bus BS1, and a distribution control unit 312. Then, the session key generator 314 for generating the session key Ks and the session key Ks generated from the session key generator 314 are encrypted with the public encryption key KP media. And an encryption processing unit 316 for giving to the data bus BS 1, and the communication device 350 and the data bus BS for transmitting the data encrypted by the session key Ks in the mobile phone of each user and transmitted.
  • the license key K c and the license key are obtained by using the decryption processing unit 318 that receives the data via the public key 1 and performs the decryption processing, and the public encryption key KP card (n) extracted by the decryption processing unit 318.
  • the encryption processing unit 32 for encrypting the license data under the control of the distribution control unit 312, the output of the encryption processing unit 320, and the memory card attached to the mobile phone. Is transmitted to the communication device 350 via the data bus BS 1 based on the session key, for example, the session key K sl, which is encrypted and transmitted by the session key K s and decrypted and extracted by the decryption processing unit 318. And an encryption processing unit 322.
  • the data processing unit 310 is configured to store the public decryption key KPster in the KPmaster storage unit 324, and the public decryption key KPster output from the KPmaster storage unit 324, based on the communication network via the communication device 350 via the communication device 350. And a decoding processing unit 326 for decoding data supplied to the data bus BS1.
  • the encryption processing unit 316 encrypts the session key K s generated by the K s generation unit 314 using the public encryption key KPme dia extracted by the decryption processing by the decryption processing unit 326, and distributes it.
  • the control unit 312 uses the authentication data C rtf (m) and C rtf (p) extracted by the decryption processing in the decryption processing unit 326 to determine whether the memory Authenticate if there is.
  • FIG. 11 is a schematic block diagram for explaining the configuration of mobile phone 100 shown in FIG.
  • the mobile phone 100 receives the signal from the antenna 1102 for receiving a signal wirelessly transmitted by the mobile phone network, and converts the signal from the antenna 1102 into a baseband signal, or converts data from the mobile phone.
  • Transmitter / receiver 1104 for modulating and providing the signal to antenna 1102, data bus BS2 for transmitting / receiving data to / from each section of mobile phone 100, and operation of mobile phone 100 via data bus BS2 1106 for controlling the mobile phone 100, a touch key unit 1108 for giving external instructions to the mobile phone 100, and information output from the controller 1106 etc. as visual information to the user.
  • a sound reproducing unit for reproducing sound based on data received via the data bus BS2 in a normal call operation.
  • a session key Ks for encrypting data exchanged on the data bus BS 2 is generated by a random number or the like.
  • Music playback unit 1508 for playing back the music signal, and the output of the music playback unit 1508 and the output of the audio playback unit 1 1 1 and 2 are selected according to the operation mode.
  • Digital-to-analog conversion unit that receives the output of the mixing unit 15 1 ⁇ and converts it to an analog signal for external output, and digital-to-analog It includes a connection terminal 1514 for receiving the output of the conversion section 1512 and connecting to the headphone 130.
  • the mobile phone 100 transmits [ ⁇ ⁇ , ⁇ ,,, ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ C rtf (p)] KP master holding unit 1 5 2 5, Kp holding unit 1 5 2 0 holding secret decryption key K p, and secret decryption given from ⁇ holding unit 1 5 2 0
  • a decryption processing unit 1 5 2 2 that decrypts and extracts the session key K s 1 encrypted with the public encryption key KP ⁇ given from the memory card 120 via the data bus BS 2 based on the key ⁇ ⁇
  • the encryption processing unit 1504 encrypts its own session key Ks from the Ks generation unit 1502 by the session key Ks1 given from the decryption processing unit 152. And outputs it to the data bus BS2.
  • FIG. 12 is a schematic block diagram for describing a configuration of memory card 110.
  • the public encryption key KPme dia and the authentication data C rtf of the memory card 110 attached to the mobile phone 100 and the public encryption key K of the memory card 111 attached to the mobile phone 102 will be described.
  • Pm edia and authentication data C rtf are distinguished from each other, and the one for the memory card 110 is made public.
  • the encryption key KPme dia (1) and the authentication data C rtf (1) are made public. It will be called the encryption key KPme dia (2) and the authentication data C rtf (2).
  • the data encrypted with the public encryption key KPmedia (1) can be decrypted, and an asymmetric secret decryption key is used as the secret decryption key Kmedia (1).
  • the data encrypted with the public encryption key KPme dia (2) can be decrypted, and the asymmetric secret decryption key is called the secret decryption key Km edia (2).
  • the memory card 110 holds a data bus BS 3 for transmitting / receiving signals to / from the memory interface 1200 via the terminal 1202 and a secret key Kme dia (1) corresponding to the memory card 110. (1) by performing a decryption process using a secret decryption key Kme dia (1) from the storage unit 1402 and the data provided from the memory interface 1200 to the data bus BS 3, thereby obtaining a session key K s.
  • the encryption switch 1406 for encrypting the output of the switching switch 1409 and providing the data to the data bus BS 3 based on the data and the session key K s extracted by the decryption processing unit 1404 for the data on the data bus BS 3
  • the data bus BS 4 A decoding unit 14 1 0 of order, data different from the bus BS 4 for each memory card public encryption key KP card (n) in the license keys K c being encrypted, the license information data
  • a memory for storing License data and receiving and storing encrypted content data [D c] K c encrypted by the license key K c from the data bus BS 3 .
  • the memory card 110 is further encrypted by a card (1) holding unit 14 15 for holding the value of the secret decryption key K card (1) and a public encryption key KP card (1). And decrypts the license key K c and license information data License encrypted data ([K c, License] K card (l)) read from the memory 144 2 to obtain the data bus BS.
  • the decryption processing unit 14 16 given to 5 and the data transfer processing, etc., the public encryption key KP card (n) of the other party's memory card is received from the decryption processing unit 14 10 Based on the encryption key KP card (n), the license key Kc output on the data bus BS5 and the license information data License are encrypted and then output to the switching switch 1409 for encryption.
  • Section 14 14 and data transfer with the outside via data bus BS 3 The license information data License is received between the data bus BS5 and the controller 1420 for controlling the operation of the memory card 110, and the license information data License is transmitted between the controller 1420 for controlling the operation of the memory card 110 and the data bus BS5.
  • a register 1500 capable of transmitting and receiving data is provided.
  • the memory card 110 further includes a session key Ks1 generating unit 1432 for generating a session key Ks1 unique to the card, and a session key Ks1 generated by the session key generating circuit 1432. And an encryption processing unit 1430 for encrypting and providing the encrypted data to the data bus BS3.
  • the memory card 110 also has contacts Pa, Pb, Pc and Pd, and has its own session key K s 1 provided from the K s 1 generator 1 432 and the KP card holding The output of the part 1 405, the license key Kc given from the data bus BS5, and the license key given from the encryption processing part 1414 and encrypted by the other party's public encryption key KP card (n) It is provided with a switch 1409 for selectively outputting any one of them according to the operation mode in response to the Kc and the license information data License.
  • the output from the Ks1 generator 1432 is output to the contact Pa, and the KP card is output to the contact Pb.
  • the output of 405 is connected to the contact Pc, and the output of the encryption processing unit 144 is connected to the contact Pd. Therefore, the encryption processing section 1406 performs encryption processing on the data provided from the switching switch 1409, respectively.
  • the switching switch 1409 transmits its own public encryption key KP card (1) or its own session key Ks1 to the music server 30 when it is the distribution destination.
  • the switching switch 14409 is closed on the contact Pc side in the playback mode, and is closed on the contact Pd side in the movement mode in the movement source.
  • the switching switch 14 ⁇ 9 sequentially transmits its own public encryption key KP card (1) and its own session key K s 1 to the source even when it is the destination in the mobile mode. Closes to the contact Pb side and the contact Pa side.
  • the memory card 110 further has contacts P e, P f and P g, and receives a session key K s from the music server given from the decryption processing section 144 and a K s 1 generation section 14.
  • a switching switch 1 4 for selectively outputting one of them according to the operation mode. 3 5 is provided.
  • the output from the decryption processing unit 1444 is connected to the node P e
  • the output of the K s 1 generator 1442 is connected to the node P f
  • the data bus BS 4 is connected to the node P g . Therefore, the encryption processing unit 1406 and the decryption processing unit 14010 perform encryption processing and decryption processing, respectively, based on the key given from the switching switch 1445.
  • the switching switch 1 435 is closed to the contact Pe when extracting the session key K s 1 from the music server 30 in the case of the distribution operation, and the music is switched in the case of the distribution operation.
  • the encrypted license key Kc and the license information data License from the server 30 are decrypted by the session key Ks1, they are closed to the contact point Pf.
  • the switch 1 4 3 5 is closed to the contact P f when performing the decryption process in the reproducing operation, and is closed to the contact P g when performing the encrypting process in the reproducing operation.
  • the switching switch 1 4 3 5 is connected to the contact P f when performing the decoding process when the moving source is the moving source.
  • the switching switch 1 435 is closed to the contact P e when receiving the session key of the movement source when the movement destination is the movement destination, and is closed when the movement destination is the movement destination.
  • receiving the key Kc and the license information data License it is closed to the contact point Pf.
  • the memory card 110 further records and holds the public encryption key KPme dia and the authentication data C rtf (m) in a form encrypted by the public decryption key (public authentication key) KPmaster.
  • KPme dia, C rtf (m)] KP master Holder 1 442 is provided.
  • the output of the KPmstear holding section 1442 is directly supplied to the data bus BS3.
  • the memory card 110 has a data bus based on the public decryption key KPmaster output from the KPmaster holding unit 1450 for recording and retaining the public decryption key KPmaster, and the public decryption key KPmaster output from the KPmaster holding unit 1450.
  • the decryption processing unit 1 The public encryption key K Pme dia of the public encryption key KPme dia and the authentication data C rtf (m) of the other memory extracted by the decryption process in the decryption process is encrypted.
  • the certificate data C rtf is provided to the controller 1420 via the data bus BS5.
  • the area enclosed by the solid line in Fig. 12 will not be accessible to a third party due to the erasure of internal data or the destruction of the internal circuit if the memory card 11 ⁇ is subjected to unauthorized open processing from the outside.
  • the module is incorporated in the module TRM for disabling the reading of data in the circuit existing in the area.
  • Such modules are commonly referred to as tamper resistant modules.
  • the configuration including the memory 14 1 and 2 can be incorporated in the module TRM.
  • the configuration shown in FIG. 12 since all the data held in the memory 14 12 is encrypted data, a third party can use this memory 14 1 It is not possible to play music with only the data in 2 Since there is no need to provide the memory 1412 in the impossible and expensive tumbler resistant module, there is an advantage that the manufacturing cost is reduced.
  • FIGS. 13 and 14 are first and second flowcharts for explaining the distribution mode using the memory card 110 described in FIG.
  • FIGS. 13 and 14 illustrate the operation in the case where the user 1 receives the distribution of the content data from the distribution server 12 using the mobile phone 100 in which the memory card 110 is mounted.
  • a delivery request is made from the mobile phone 100 of the user 1 by operating the key button of the touch key 1108 by the user or the like (step S100).
  • the public encryption key KPmedia held in the memory card 110 is a public encryption key KPmedia (1) to distinguish it from the public encryption key KPmedia of another memory card.
  • the certification data in the memory card 110 and the portable telephone 100 are designated as Crtf (1) and Crtf (p), respectively.
  • the public encryption key and the secret decryption key unique to the mobile phone 100 are abbreviated as KPp and Kp, respectively.
  • the memory card 110 receives [KPme dia, C rtf (m)] the public encryption key K Pme dia (1) and the authentication data C rtf (1 ) (KPme dia (1), C rtf (1)) KPmaster is output to the mobile phone 100 (step S102 ').
  • the distribution request transferred from the memory card 110 and the encrypted data with certification [KP p, C rtf (p)] KP master, [KP me dia (1), C rtf (l) ]
  • KPma ster is received (Step S104)
  • the decryption processing unit 326 performs decryption processing using the public decryption key KP master, and the authentication data C rtf (1), C rtf (p), the public encryption key KP p, the public encryption key KPme dia ( 1) is extracted (step S105).
  • Certificated encrypted data [KP p, C rtf (p)] KPmaster, [KPm edia (1), C rtf (1)] Whether or not the data was encrypted by the certificate authority terminal 202 in the decryption processing of KPm aster (Step S106), and if it is determined that the data has been encrypted by the authentication institution terminal 202, the process proceeds to the next step S107, in which it is determined that the data has not been encrypted by the authentication institution terminal 202. In this case, the processing ends (step S154).
  • the distribution control unit 3 1 2 Based on the decrypted authentication data C rtf (1) and C rtf (p), the distribution control unit 3 1 2 makes an inquiry to the authentication server 1 2 and the authentication data C rtf of the memory card and the mobile phone. If both (1) and C rtf (p) are legitimate authentication data, the process proceeds to the next process (step S107), and if any of them is not legitimate authentication data, the process ends ( Step S1 54).
  • session key generating section 3 14 generates session key Ks. Further, the encryption processing unit 3 16 in the distribution server 12 encrypts the session key K s with the received public encryption key KPm edia (1) to encrypt the session key K s [K s] Km edia ( 1) is generated (step S108).
  • the distribution server 1 2 sends the encrypted session key [K s] Km d i a
  • the communication device 350 transmits the encrypted session key [K s] Kme dia (1) from the encryption processing unit 316 to the memory card 110 of the mobile phone 100 via the communication network. (Step S110).
  • the memory card 110 Upon receiving the encryption session key [Ks] Kmedia (1) (step S112), the memory card 110 receives a data bus via the memory interface 1200.
  • the reception data given to the BS 3 is decrypted by the decryption processing unit 1404 using a secret decryption key Kmedia (1) to decrypt and extract the session key Ks (step S114).
  • the session is set by the Ks1 Key K s 1 is generated (step S 1 15).
  • the switching switch 1409 selects a state in which the contact points Pa or Pb are sequentially closed, so that the encryption processing unit 1406 transmits the session key generation unit 14 3 via the contact point Pa.
  • the session key K s 1 given from 2 and the public encryption key KP card (1) (public encryption key for the memory card 11 ⁇ ) given from the holding unit 1405 via the contact point Pb Then, the data is encrypted by the session key Ks (step S116), and the data [KP card (1), Ks1] Ks is generated (step S118).
  • the mobile phone 100 transmits the data [KP card (1), K sl] Ks encrypted by the encryption processing unit 1406 to the distribution server 12 (step S12 ⁇ ).
  • the data [KP card (1), K s 1] K s is received by the communication device 350 (step S 122), and the data [KP card ( 1), K sl] K s is decrypted by the decryption unit 3 1 8 using the session key K s to decrypt and extract the public encryption key KP card (1) and the session key K s 1 (step S 1 twenty four) .
  • the distribution control unit 312 generates license information data License including license ID data and the like based on the data held in the distribution information database 304 and the like (step S126).
  • the distribution server 12 obtains the license key Kc from the rooster self information database 304 (step S134), and the encryption processing unit 320 transmits the license key Kc from the distribution control unit 312 and the license information.
  • the data License is encrypted using the public encryption key KP card (1) given by the decryption processing section 318 (step S136).
  • the encryption processing unit 322 outputs the data [K c,
  • License] K card (1) is received, and data encrypted by the session key K s1 from the memory card 110 is supplied to the data bus BS1.
  • the communication device 350 transmits the data [[Kc, License] K card (1)] K sl decrypted by the encryption processing unit 322 to the memory card 110. (St-Nop S140).
  • the decoding processing unit 1 4 1 0 The decryption process is performed by the session key K s1 given from the K s1 generation unit 1432 via the contact point P f (step S144), and the data [Kc, License] Kcard (1) is extracted. Store it in 4 1 2 (Step S146).
  • the data [K c, License] K card (1) stored in the memory 14 12 is decrypted under the control of the controller 1420.
  • the decrypted license information data License is stored in the register 1500 (step 148).
  • the distribution server 12 obtains the encrypted content data [D c] K c from the distribution information database 304 and transmits it to the memory card 110 via the communication device 350 (step S 149).
  • the memory card 110 stores the received encrypted content data [Dc] Kc as it is in the memory. It is stored in 14 1 2 (step S 15 1).
  • the memory card 110 itself transmits the public encryption key KPme dia (1) and the session key K s 1 to the side (delivery server 12) that sends the encrypted content data. Then, the distribution can be received, and the memory card 110 is in a state where music can be reproduced.
  • the delivery receipt is notified from the memory card 110 to the delivery server 12, and when the delivery receipt is received by the delivery server 12 (step S 152), the billing data base 302 stores the billing data of the user 1. Is stored (step S 153), and the process ends (step S 154).
  • the content data is distributed after the memory card and mobile phone have been authenticated, so that the system security and copyright protection are further enhanced.
  • charging data is stored in the charging database in step S140.
  • Data [[K c, License] K card (l)] This may be performed when K sl is transmitted to the memory card 110.
  • FIGS. 15 and 16 illustrate a reproduction process for decrypting a music signal from the encrypted content data held in the memory card 110 in the mobile phone 100 and outputting the music signal to the outside as music.
  • the first and second flowcharts Referring to FIG. 15 and FIG. 16, a reproduction request is output to mobile phone 100 in response to an instruction of user 1 from touch key 111 or the like of mobile phone 100 (step S200).
  • the mobile phone 100 transmits the encrypted data [KPp, Crtf (p)] KPmaster to the memory card 110 (step S241).
  • the decryption processing unit 1452 When the memory card 110 receives the encrypted data with certification [KP p, C rtf (p)] KPmaster, the decryption processing unit 1452 performs decryption processing, and the public encryption key KP p and the authentication data. C rtf (p) is extracted (step S243).
  • step S245 it is determined whether or not the data has been encrypted by the certificate authority terminal 202 (step S245). If it is determined that the data has been encrypted by the certificate authority terminal 202, the process proceeds to the next step S The process proceeds to 246, and if it is determined that the data has not been decrypted by the certification authority terminal 202, the process ends (step S280). If it is determined that the device is an authorized device, the memory card 110 generates a session key Ks1 (step S246). The memory card: I 10 further encrypts the session key K s 1 with the extracted public encryption key KP p (step S248), and generates the generated encrypted session key [K sl] Kp. The message is transmitted to the mobile phone 100 (step S250).
  • the decryption processing unit 1 522 uses the secret decryption key Kp to decrypt the session key and generate the session generated by the memory card 110.
  • the key Ks1 is extracted (step S252).
  • the Ks generator 1 502 generates a session key Ks (step S254)
  • the encryption processing unit 1504 of the mobile phone 100 encrypts the session key Ks generated by the mobile phone 100 with the session key Ks1, and generates an encrypted session key [ Ks] Ks1 is generated (step S254), and the encrypted session key [Ks] Ks1 is transmitted to the memory card 110 (step S256).
  • the memory card 110 receives the session key Ks generated and decrypted by the mobile phone 100 via the data bus BS2, decrypts it with the session key Ks1, and The generated session key Ks is extracted (step S258).
  • the controller 1.420 sets the register 1
  • step S259 Based on the license information data License held in 500, it is determined whether decryption is possible (step S259). If it is determined that decryption is possible, the process proceeds to the next process, and if decryption is determined to be impossible. Ends the processing (step S280). Subsequently, the memory card 110 reads out the encrypted data [Kc, License] Kcard (1) from the memory 1412, and the decryption processing unit 1416 performs decryption processing. (Step S260).
  • step S2 If the data read from the memory 1412 can be decrypted by the secret decryption key Kc ard (1) (step S262), the license key Kc is extracted (step S264). On the other hand, if decryption is impossible, the process ends (step S280).
  • the license information data License in the register 1500 is further changed with respect to the number of times of reproduction (step S266).
  • the encryption processing unit 1406 encrypts the license key K c with the extracted session key K s (step S2688), and encrypts the encrypted license key [K c] Give Ks to the data bus BS2 (step S270).
  • the decryption processing unit 1506 of the mobile phone 100 acquires the license key Kc by performing decryption processing using the session key Ks (step S272). Subsequently, the memory card 110 reads the encrypted content data [D c] K c from the memory 141 2 and gives it to the data bus BS 2 (step S 274).
  • the music playback unit 1508 of the mobile phone 100 decrypts the encrypted content data [Dc] K c with the extracted license key K c to generate plain text content data (step S 276). A music signal is reproduced from the data and given to the mixing unit 1510 (step S276).
  • the digital-to-analog conversion section 1512 receives and converts the data from the mixing section 1510, outputs the music reproduced outside, and ends the processing (step S232).
  • the memory card itself and the mobile phone generate the session key Ks1 or Ks, respectively, thereby transmitting and receiving the encrypted content data.
  • the operation can be performed.
  • the memory card 110 performs the reproducing operation after the mobile phone 100 is authenticated, the security of the system and the protection of copyright are improved.
  • FIGS. 17 and 18 are first and second flowcharts for explaining a process of moving or copying content data, key data, and the like between two memory cards.
  • the mobile phone 102 having the same configuration as the mobile phone 100 is the transmitting side, and the mobile phone 100 is the receiving side. It is also assumed that a memory card 112 having the same configuration as that of the memory card 110 is mounted on the mobile phone 102.
  • the mobile phone 102 first outputs a move request or a copy request to the mobile phone 100 (step S300).
  • the memory card 112 reads the encrypted content data [Dc] Kc in the memory 1412 in response to the request and outputs it to the memory card 110. Then (step S302), the memory device 110 stores the encrypted content data [Dc] Kc in the memory 1412 (step S304).
  • step S300 It is determined whether the given request is a “move request” or a “copy request” (step S306, step S306 ′). If the request is a “move request”, the memory card 110 Responds to this transfer request, encrypts the public encryption key KPme dia (1) and the authentication data C rtf (1) from the [KP me dia, C rtf (m)] K P master holding unit 1442 The obtained encrypted data with certificate [KPmedia (1), Crtf (l)] KPmaster is output to the mobile phone 100 (step S307).
  • the mobile phone 100 transmits the data [KPmdia (1), Crtf (1)] KPmstear from the memory card 110 to the mobile phone 102 (step S308).
  • the mobile phone 102 When the mobile phone 102 receives the data [KPme dia (1), C rtf (1)] KP master transferred from the memory card 11 ⁇ (step S 309), it decrypts the data in the memory card 112.
  • the unit 1 452 performs a decryption process, and extracts the authentication data C rtf (1) and the public encryption key KPmedia (1) (step S310).
  • the controller 1420 Based on the decrypted authentication data C rtf (1), the controller 1420 performs authentication, and in the case of access from a regular memory card, shifts to the next processing (step S311), and is not a regular memory card. In this case, the mobile phone 102 sends a notification that movement is not possible, and the memory card 112 ends the process (step S374). When the mobile phone 100 receives the movement-impossible notification (step S313), the memory card 110 also terminates the processing (step S374).
  • step S311 if it is confirmed that the memory card is a regular memory card, the Ks2 generation circuit 1432 of the memory card 112 generates a session key Ks2 (step S314), the encryption processing unit 1430 decrypts the session key Ks2 using the public encryption key KPmedia (1) (step S315).
  • the mobile phone 1 2 transmits the encrypted session key [K s 2] KPme dia (1) to the mobile phone 100 (step S 3 16).
  • the mobile phone 100 receives the encrypted session key [K s 2] KPme dia (1), (Step S 3 210), and transmits it to the memory card 110, and in the memory card 110, the decryption processing unit 1444 decrypts the memory card 110 and receives the session key K s 2 (Step S 3 210 ). Further, a session key K s1 is generated in the memory card 110 (step S321).
  • the memory card 1 In the memory card 110, the memory card 1
  • the public encryption key KP card (1) of 10 and the session key K s 1 are changed (step S 322), and the data [KP The card (1) sends K s 1] K s 2 (step S 324).
  • the mobile phone 102 receives the data [KP card (1), K s 1] K s 2 (step S 326), and transfers it to the memory card 112.
  • the memory card 111 decrypts the encrypted data [KP card (1), K sl] K s 2 transmitted from the memory card 111 with the session key K s 2. Then, the public encryption key KP card (1) and the session key K s1 of the memory card 110 are decrypted and extracted (step S330).
  • Kcard (2) corresponding to the license key Kc and license information data License encrypted by the public encryption key KPcard (2) of 2 are read (step S332). ).
  • the license key Kc and the license information data License are decrypted by the decryption processing section 1416 of the memory card 112 and the secret decryption key Kcard (2) (step S334).
  • the controller 1420 of the memory card 112 replaces the value of the license information data Lice nse thus decoded with the data value in the register 1500 (step S336).
  • the encryption processing unit 144 of the memory card 112 uses the public encryption key KP card (1) of the memory card 110 extracted by the decryption processing unit 114 to generate the license key Kc and the license key.
  • the information data License is encrypted (step S338).
  • the memory card 112 outputs data [[K c, License] K card (1)] K sl to the mobile phone 102 (step S342), and the mobile phone 102 outputs the data. [[Kc, License] K card (l)] K sl is transmitted to the mobile phone 100 (step S344).
  • the data [[K c, License] K card (1)] K s 1 received by the mobile phone 100 (step S 346) is transmitted to the memory card 110, and the memory card 110 is decrypted.
  • the processing unit 1410 decrypts the decoded data [[Kc, License] K card (1)] K sl and receives the data [K c, License] K card (1). (Step S348).
  • the decryption processing unit 1410 In the memory card 110, the decryption processing unit 1410
  • the data [Kc, License] Kcard (1) decoded based on Ks1 is stored in the memory 1412 (step S350). Further, in the memory card 110, the data [Kc, License] Kcard (1) is decrypted based on the decryption processing section 1416 secret secret key Kcard (1), and decrypted.
  • the stored license information data License is stored in the register 1500 (step S352).
  • the memory card 110 When the storage of the decrypted license information data License in the register 1500 is completed, the memory card 110 notifies the mobile phone 100 of the acceptance of the movement, and the mobile phone 100 A move acceptance is transmitted (step S354).
  • the mobile phone 102 When the mobile phone 102 receives the movement reception from the mobile phone 100, the mobile phone 102 transfers the transfer to the memory card 112, and the memory card 112 stores the data in the register 150 00 accordingly.
  • the deleted license information data License is deleted (step 358).
  • the mobile phone 102 in response to the reception of the movement, the mobile phone 102 sends the movement data stored in the memory 141 2 of the memory card 1 12 to the user 2 on the display 1 110. Displays a message asking if you want to delete the stored data corresponding to. In response, user 2 inputs an answer to this message from touch key 1 108 (step S360).
  • step S358 When the data in the register 1500 has been erased (step S358), and an answer to the above message has been input (step S360), the controller 1420 in the memory card 112 It is determined whether to erase the data in the memory (step S362).
  • step S 36 When the deletion of the corresponding data in the memory 1412 has been instructed (step S 36),
  • step S364 Controlled by the controller 1420, the encrypted content data [Dc] Kc and the data [Kc, License] Kcard (2) in the memory 1412 are erased (step S364), and the processing is performed. Is completed (step S374). On the other hand, if the deletion of the corresponding data in the memory 1412 has not been instructed (step S362), the process ends (step S374). In this case, the encrypted content data [Dc] Kc and the data [Kc, License] Kcard (2) remain in the memory 141 2, but the license information data License Therefore, the user 2 cannot reproduce the music data unless the reproduction information is distributed from the music server 30 again. That is, the memory card 112 is in “state SB”. In the memory card 110, since the license key Kc and the license information data are moved in addition to the encrypted content data, the memory card 110 is in the “state SA”.
  • step S 306 ′ if it is determined in step S 306 ′ that a “replication request” has been given, copy acceptance is transmitted from mobile phone 100 to mobile phone 102 (step S 370).
  • step S372 the process ends (step S374).
  • the source and destination memory cards themselves generate session keys and then perform the move operation and the copy operation. Can be performed.
  • data transfer from the memory card 112 to the memory card 110 can be performed by a mobile phone terminal having the session key generation circuit 1502 as described above. It is also possible to use a memory card and an interface device that can connect the memory card without intervening, thereby further improving the convenience for the user.
  • the license information data recorded in the memory 1412 for the license information data for uniforming the number of times of reproduction in the reproduction information is corrected by the register 1500 every time reproduction is performed.
  • the license information data is updated by changing to the license information data that records the number of plays. In this way, even if content data moves between memory cards, the number of playbacks of content data whose number of playbacks is limited should not exceed the number of playbacks determined at the time of distribution. Is possible.
  • the memory card 112 performs the moving operation after authenticating the memory card 110, the security of the system and the protection of copyright are improved.
  • the configuration is described in which a registration request for a public encryption key and authentication data is made to the certification authority terminal 202 from the manufacturer terminals 220.1-20.2k. With such a configuration, it is possible to improve system security and copyright protection.
  • the certification authority (key administrator) is responsible It is necessary to delete the public encryption key and authentication data registered from the institution terminal 202.
  • FIG. 19 is a diagram showing a process for requesting deletion of the public encryption key and the authentication data registered from the maker terminals 22.1 to 22.0.k, corresponding to the first case described above. is there.
  • step S20000 if it is determined that the secret decryption key corresponding to the public encryption key has been leaked, the maker administrator starts the application process (step S20000) and performs authentication. Apply to the institution terminal 202 for deregistration of the public encryption key. At this time, the leakage of the secret decryption key is reported to the certification authority terminal 202 as the reason for such an erasure application (step S2002). Thus, the processing from the maker terminal 220.:! To 220.k is completed (step S204).
  • FIG. 20 is a flowchart for explaining the operation of the certification authority terminal 202 in consideration of the case where the registration cancellation request as described in FIG. 19 is made, and is a diagram corresponding to FIG. 5 of the first embodiment. It is.
  • certification authority terminal 202 starts the processing (step S 12).
  • step S 122 ′ it is in a connection waiting state until a connection request is made from the maker terminal 220. 1 or the like.
  • the certification institution terminal 202 determines whether the connection request is a deletion request or an examination request (Step S120) 2 ').
  • step S122 ' if the connection request is an erasure request, the certification authority terminal 202 receives the application for erasing the registration of the public encryption key from the maker terminal 222.1. Step S 1 2 2 8). Further, the certificate authority terminal 202 records the deletion of the authentication data for the public encryption key in the key database 204 (step S123). Subsequently, the certification institution terminal 202 instructs the authentication server 12 to delete the registration of the target authentication data (step S 1 2 3 2), and the process returns to step S 1 202 2 ′ I do.
  • the certification authority terminal 202 requests the examination authority terminal 210 to search the database 211. Request (step SI204). Subsequent processing is the same as the processing of the certification authority terminal 202 of the first embodiment, and therefore, description thereof will not be repeated.
  • FIG. 21 describes the operation of the authentication server when the certification authority terminal 202 instructs the authentication server 12 to delete the registration of the target authentication data, as described in FIG. 20.
  • 9 is a flowchart corresponding to FIG. 7 of the first embodiment. is there.
  • authentication server 12 is in a connection waiting state until there is a connection request from distribution server 10.1, etc. or authentication institution terminal 202 (step S1402).
  • the authentication server 12 determines from which terminal the connection request is made (step S1404). If it is determined that the request is from the certification authority terminal 202, the authentication server 12 next determines whether the connection request is a registration request or a deletion request (step S1414). .
  • the authentication server 12 further receives authentication data and a registration deletion instruction from the certification authority terminal 202 (step S14416). Subsequently, the authentication server 12 registers the deletion of the authentication data in the database 14 (step S1418), and the process returns to step S1402. Through the above processing, use of the leaked public encryption key is prohibited.
  • step 1414 if the connection request from the certification authority terminal 202 is a registration request, the subsequent processing is the same as the processing shown in FIG. The description will not be repeated.
  • step 1402 determines which terminal is the connection request (step S1404). If it is determined that the connection is from distribution server 10.1, authentication data is accepted and database 14 is searched (step S1406).
  • the authentication server 12 determines whether the public encryption key corresponding to the authentication data exists in the database 14 or the public encryption key corresponding to the authentication data.
  • the search result is sent to the delivery server 10.1, which is the inquiry destination, as to whether or not the registration has been deleted for (step S1408), and the process returns to the connection waiting state (step S1402). ).
  • FIG. 22 is a diagram showing a process for deleting the public encryption key and the authentication data registered from the certificate authority terminal 202 corresponding to the above-described second case.
  • the key administrator of the certification authority when it is found that the secret key for creating the certified encrypted data has been leaked from the certification authority terminal 202, the secret for creating the certified encrypted data.
  • the key is changed (step S2102), and a notification of the authentication data to be deleted is transmitted to all maker terminals (step S2104).
  • the certificate authority terminal 202 instructs the deletion of all the authentication data related to the leaked private key for creating the encrypted data with proof (step S2106), and the process from the certificate authority terminal 202 ends. Yes (step S21008).
  • the authentication server 12 deletes the authentication data. This prohibits the use of the public encryption key related to the leaked private key for creating encrypted data with proof.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

Un terminal (210) d'institution conçu pour l'examen et relié à une pluralité de terminaux de fabricants (220.1-220.k) et à un terminal d'institution (202) conçu pour l'authentification, par l'intermédiaire de lignes de communication, vérifie les spécifications d'appareils devant être fabriqués par les fabricants respectifs et stocke les informations relatives aux résultats de l'examen dans une base de données (212). Le terminal d'institution (202) conçu pour l'authentification effectue, en fonction des informations présentes dans la base de données (212), un chiffrement certifié susceptible d'être décodé par sa clé d'authentification et de commande d'enregistrement, sur des clés publiques de chiffrement appliquées pour l'enregistrement à partir des terminaux de fabricants (220.1-220.k) reliés par l'intermédiaire des lignes de communication.
PCT/JP2000/008681 1999-12-08 2000-12-07 Systeme et procede de commande a cles WO2001043108A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
AU17341/01A AU1734101A (en) 1999-12-08 2000-12-07 Key control system and key control method
JP2001543712A JP4223721B2 (ja) 1999-12-08 2000-12-07 鍵管理システムおよび鍵管理方法

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP11/349297 1999-12-08
JP34929799 1999-12-08

Publications (1)

Publication Number Publication Date
WO2001043108A1 true WO2001043108A1 (fr) 2001-06-14

Family

ID=18402822

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2000/008681 WO2001043108A1 (fr) 1999-12-08 2000-12-07 Systeme et procede de commande a cles

Country Status (4)

Country Link
JP (1) JP4223721B2 (fr)
AU (1) AU1734101A (fr)
TW (1) TW552788B (fr)
WO (1) WO2001043108A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2012108941A (ja) * 2012-02-07 2012-06-07 Fujitsu Ltd 無線端末及びその制御方法
JP2013522989A (ja) * 2010-03-16 2013-06-13 クアルコム,インコーポレイテッド アクセス端末識別情報の認証の円滑化
US9112905B2 (en) 2010-10-22 2015-08-18 Qualcomm Incorporated Authentication of access terminal identities in roaming networks
US9668128B2 (en) 2011-03-09 2017-05-30 Qualcomm Incorporated Method for authentication of a remote station using a secure element

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH04315249A (ja) * 1991-04-15 1992-11-06 Omron Corp 個人認証装置
JPH1040172A (ja) * 1996-07-25 1998-02-13 Toshiba Corp コンピュータシステム及びデータ転送方法
JPH11154944A (ja) * 1997-11-19 1999-06-08 Ntt Data Corp 著作物流通方法及びシステム、著作物保護装置、及び記録媒体
JPH11265317A (ja) * 1998-03-16 1999-09-28 Nippon Telegr & Teleph Corp <Ntt> 著作権保護システム
JPH11306673A (ja) * 1998-04-17 1999-11-05 Toshiba Corp データ記憶装置、同装置を用いたデータ処理システム、およびコピープロテクト方法並びに記録媒体

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH09167220A (ja) * 1995-12-18 1997-06-24 N T T Electron Technol Kk 情報通信用icカードと、その発行システム並びにその通信システム
JP3874127B2 (ja) * 1997-04-10 2007-01-31 日本電信電話株式会社 認証システムにおける登録鍵重複防止装置
JP3851939B2 (ja) * 1997-05-19 2006-11-29 日本電信電話株式会社 公開鍵証明証管理方法及びその記録媒体
JP3272283B2 (ja) * 1997-11-14 2002-04-08 富士通株式会社 電子データ保管装置
JPH11219339A (ja) * 1998-02-04 1999-08-10 Ntt Data Corp コンテンツ供給システム及び記録媒体
JP3822997B2 (ja) * 1998-03-19 2006-09-20 株式会社日立製作所 放送情報配信システム

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH04315249A (ja) * 1991-04-15 1992-11-06 Omron Corp 個人認証装置
JPH1040172A (ja) * 1996-07-25 1998-02-13 Toshiba Corp コンピュータシステム及びデータ転送方法
JPH11154944A (ja) * 1997-11-19 1999-06-08 Ntt Data Corp 著作物流通方法及びシステム、著作物保護装置、及び記録媒体
JPH11265317A (ja) * 1998-03-16 1999-09-28 Nippon Telegr & Teleph Corp <Ntt> 著作権保護システム
JPH11306673A (ja) * 1998-04-17 1999-11-05 Toshiba Corp データ記憶装置、同装置を用いたデータ処理システム、およびコピープロテクト方法並びに記録媒体

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
KOYOSHI YAMANAKA ET AL.: "Multimedia on demand service ni okeru joho hogo system", NTT R&D, vol. 44, no. 9, 10 September 1995 (1995-09-10), pages 813 - 818, XP002937490 *
SEIGO KOTANI ET AL.: "Secure PC card", FUJITSU, vol. 49, no. 3, May 1998 (1998-05-01), pages 246 - 249, XP002937491 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2013522989A (ja) * 2010-03-16 2013-06-13 クアルコム,インコーポレイテッド アクセス端末識別情報の認証の円滑化
US9578498B2 (en) 2010-03-16 2017-02-21 Qualcomm Incorporated Facilitating authentication of access terminal identity
US9112905B2 (en) 2010-10-22 2015-08-18 Qualcomm Incorporated Authentication of access terminal identities in roaming networks
US9668128B2 (en) 2011-03-09 2017-05-30 Qualcomm Incorporated Method for authentication of a remote station using a secure element
JP2012108941A (ja) * 2012-02-07 2012-06-07 Fujitsu Ltd 無線端末及びその制御方法

Also Published As

Publication number Publication date
AU1734101A (en) 2001-06-18
TW552788B (en) 2003-09-11
JP4223721B2 (ja) 2009-02-12

Similar Documents

Publication Publication Date Title
JP3930321B2 (ja) データ配信システムおよびそれに使用される記録装置
JP3873090B2 (ja) データ記録装置、データ供給装置およびデータ配信システム
JP3677001B2 (ja) データ配信システムおよびそれに用いられる記録装置
JP4010481B2 (ja) データ配信システムおよびそれに用いるデータ供給装置、端末装置ならびに記録装置
JP3759455B2 (ja) データ再生装置
JP4545994B2 (ja) データ再生装置それに用いるデータ再生回路、およびデータ記録装置
US6999948B1 (en) Memory card
JP3568470B2 (ja) シェル型データ端末装置
JP2002094499A (ja) データ端末装置およびヘッドホン装置
JP3895940B2 (ja) 情報端末装置
JP3934941B2 (ja) 記録装置
CN1441590B (zh) 硬盘组件
JP4223721B2 (ja) 鍵管理システムおよび鍵管理方法
JP4553472B2 (ja) データ端末装置
JP3782356B2 (ja) 記録装置およびそれを用いたデータ配信システム
JP2002175084A (ja) 再生装置
JP4502487B2 (ja) 携帯端末装置
JP3851155B2 (ja) ライセンス移動システム、ライセンス管理サーバおよびデータ端末装置
JP2002094500A (ja) データ端末装置
JP4554801B2 (ja) データ端末装置
JP2002099743A (ja) データ再生装置およびライセンス管理方法
JP2001265939A (ja) 配信システム
JP4540202B2 (ja) データ再生装置およびデータ端末装置
JP2003101521A (ja) ライセンス管理装置およびそれを用いたデータ端末装置
WO2001063834A1 (fr) Enregistreur et systeme de distribution utilisant celui-ci

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
ENP Entry into the national phase

Ref country code: JP

Ref document number: 2001 543712

Kind code of ref document: A

Format of ref document f/p: F

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase