US20060155991A1 - Authentication method, encryption method, decryption method, cryptographic system and recording medium - Google Patents
Authentication method, encryption method, decryption method, cryptographic system and recording medium Download PDFInfo
- Publication number
- US20060155991A1 US20060155991A1 US11/325,468 US32546806A US2006155991A1 US 20060155991 A1 US20060155991 A1 US 20060155991A1 US 32546806 A US32546806 A US 32546806A US 2006155991 A1 US2006155991 A1 US 2006155991A1
- Authority
- US
- United States
- Prior art keywords
- certificate
- key
- recording medium
- encrypted
- public key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3249—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/10—Digital recording or reproducing
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/0021—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B7/00—Recording or reproducing by optical means, e.g. recording using a thermal beam of optical radiation by modifying optical properties or the physical structure, reproducing using an optical beam at lower power by sensing optical properties; Record carriers therefor
- G11B7/004—Recording, reproducing or erasing methods; Read, write or erase circuits therefor
- G11B7/0045—Recording
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B7/00—Recording or reproducing by optical means, e.g. recording using a thermal beam of optical radiation by modifying optical properties or the physical structure, reproducing using an optical beam at lower power by sensing optical properties; Record carriers therefor
- G11B7/004—Recording, reproducing or erasing methods; Read, write or erase circuits therefor
- G11B7/005—Reproducing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B2220/00—Record carriers by type
- G11B2220/20—Disc-shaped record carriers
- G11B2220/25—Disc-shaped record carriers characterised in that the disc is based on a specific recording technology
- G11B2220/2537—Optical discs
- G11B2220/2541—Blu-ray discs; Blue laser DVR discs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Definitions
- the present invention relates to an authentication method, encryption method, decryption method, cryptographic system and recording medium.
- BD Blu-ray disc
- the BD as a next generation recording medium technology is a next generation optical record solution provided with data remarkably surpassing that of a conventional DVD. And, many efforts are made to research and develop the BD together with other digital devices.
- the above-explained recording medium is provided with a networking function to enable a CA and a user to exchange information with each other on a network.
- a networking function to enable a CA and a user to exchange information with each other on a network.
- An object of the present invention is to provide security to a high-density optical recording medium using a public key infrastructure (PKI) that is currently and widely used.
- PKI public key infrastructure
- Another object of the present invention is to provide a certificate to a user on a network using the public key infrastructure (PKI).
- PKI public key infrastructure
- FIG. 1 is a flowchart of an authentication method using the public key infrastructure.
- PKI public key infrastructure
- a public key and a private key are used.
- the public key is made available to everyone via a publicly accessible repository or director. In case of attempting to encrypt and transmit information, the information is encrypted using the public key and the encrypted information is then transmitted.
- the private key is a key left as a secret to each owner. Because the key pair is mathematically related, whatever is encrypted with a public key may only be decrypted by its corresponding private key, and vice versa.
- authentication information 101 is encrypted via an encryption algorithm 102 using a private key 106 of a trusted certificate authority (CA).
- a cipher text 103 generated from the encryption is decrypted via a decryption algorithm 104 using a public key 107 of the trusted CA.
- a person to be authenticated is authenticated using an authentication information 105 obtained from a result of the decryption.
- Positions of the private and public keys 106 and 107 shown in FIG. 1 can be switched to each other.
- the authentication information is encrypted with the public key and the encrypted authentication information is decrypted with the private key to obtain the authentication information.
- the present invention which is proposed to solve the problem, provides an authentication method using a certificate and a recording medium storing the certificate. And, the present invention provides an encryption method using a secret key, a decryption method and a cryptographic system.
- a true content provider (CP) and data provided from the content provider are protected as well as a user's playback system.
- security can be provided to a new high-density optical recording medium.
- the present invention is directed to an authentication method, encryption method, decryption method, cryptographic system and recording medium that substantially obviate one or more problems due to limitations and disadvantages of the related art.
- An authentication method according to the present invention proposed to solve the above-explained problem is characterized in using a certificate.
- the certificate is a certificate signed by a certificate authority. And, authentication information and a content provider's public key are stored in the certificate.
- an authentication method includes the steps of decrypting authentication information and a content provider's public key in a certificate signed by a certificate authority with a public key of the certificate authority to authenticate the content provider using the decrypted authentication information and authenticating the content provider's public by checking the decrypted public key of the content provider.
- the authentication method further includes the step of checking whether the certificate is valid before performing authentication.
- the encrypted authentication information and the content provider's public key are encrypted using a private key of the certificate authority.
- the certificate is one of a plurality of certificates in a certificate chain.
- the certificate is stored as a file in a recording medium.
- the file exists in a directory storing the certificate only within the recording medium.
- the certificate is a certificate downloaded from an outside of a recording medium.
- the certificate follows X.509 of a public key infrastructure (PKI).
- PKI public key infrastructure
- the certificate is a certificate used in authenticating data stored within a recording medium.
- the certificate is a root certificate used in authenticating an application within a recording medium and/or a local storage.
- the certificate is a root certificate used in verifying a signature located at a signature file of a binding unit associated with a recording medium within a local storage.
- a recording medium in another aspect of the present invention, includes a data area storing content data and an authentication management area storing authentication information, wherein a certificate generated from encrypting the authentication information with a public key of a content provider is stored in the authentication management area.
- a private key of a certificate authority is used in encrypting the authentication information.
- the certificate is one of a plurality of certificates in a certificate chain.
- the certificate exists in a directory storing the certificate only within a file structure within the recording medium.
- the certificate is a certificate used for authentication of data within the recording medium.
- the certificate is a root certificate used for authentication of an application within the recording medium.
- the certificate is a root certificate used in verifying a signature located at a signature file of a binding unit associated with the recording medium within a local storage.
- the certificate follows X.509 of a public key infrastructure (PKI).
- PKI public key infrastructure
- an encryption method includes the steps of encrypting content data with a secret key, encrypting the secret key with a public key, and transferring the encrypted content data and the encrypted secret key.
- the public key belongs to an optical terminal.
- the public key belongs to a content provider.
- the content data is encrypted by AES algorithm.
- the content data is encrypted by DES algorithm.
- the secret key is encrypted by RSA cryptographic algorithm.
- the public key is distributed by a handshake process between a content provider and a optical player.
- the secret key includes a session key.
- the session key is generated by using random data.
- a decryption method includes the steps of receiving an encrypted secret key and encrypted content data, decrypting an encrypted secret key and decrypting encrypted content data using the decrypted secret key.
- the encrypted secret key is decrypted using a private key of an optical player.
- the encrypted secret key is decrypted using a private key of a content provider.
- the encrypted secret key is decrypted by RSA cryptographic algorithm.
- the encrypted content data is decrypted by AES algorithm.
- the encrypted content data is decrypted by DES algorithm.
- the secret key includes a session key.
- the session key is generated by using random data.
- a cryptographic system includes an encryption system encrypting content data with a secret key, the encryption system encrypting the secret key with a public key, the encryption system transferring the encrypted content data and the encrypted secret key and a decryption system receiving the encrypted secret key and the encrypted content data, the decryption system decrypting the encrypted secret key, the decryption system decrypting the encrypted content data using the decrypted secret key.
- FIG. 1 is a flowchart of an authentication method using a public key infrastructure according to a related art
- FIG. 2 is a diagram of a security infrastructure in a recording medium according to the present invention.
- FIG. 3 is a schematic diagram of a generation of a certificate according to the present invention.
- FIG. 4 is a diagram of a certificate chain used in an authentication method according to the present invention.
- FIG. 5 is a diagram of a file structure of a recording medium according to the present invention, in which a certificate according to the present invention is stored in the recording medium;
- FIG. 6 is a flowchart of an authentication method using a certificate within a recording medium according to the present invention.
- FIG. 7 is a diagram of an authentication method in a network according to the present invention.
- FIG. 8 is a diagram of an authentication method in a network according to the present invention.
- FIG. 9 is a flowchart of an SSL handshake according to one embodiment of the present invention.
- FIG. 10 is a diagram for an encryption method using a secret key according to the present invention.
- FIG. 11 is a flowchart of an encryption and decryption method using a secret key and a public key according to the present invention.
- FIG. 2 is a diagram of a security infrastructure in a recording medium according to the present invention.
- storage resources such as PlayList, AV clips and the like and network resources are stored in a recording medium according to the present invention.
- the present invention relates to an authentication method in a recording medium using certificates signed by a trusted certificate authority (hereinafter abbreviated CA) and a recording medium storing the certificates.
- CA trusted certificate authority
- a trusted root CA 202 verifies and certifies authenticity of an AACS (advanced access content system) or CPS (content protection system) 201 .
- the AACS or CPS 201 verifies to certify authenticities of CAs 204 , 205 and 206 .
- the AACS or CPS 201 becomes the trusted CA 202 by itself to certify content providers 204 , 205 and 206 as well.
- a certificate is an electronic document attached to a public key by a trusted third party or CA (AACS or CPS), which provides proof that the public key belongs to a legitimate owner and has not been compromised. Certificates are issued by CAs (certificate authorities) and are signed with the CA's private key. Furthermore, the certificates are used in proving AACS, CPS or CPs' identities or rights.
- CA trusted third party
- Certificates bind an identity to a pair of keys that can be used in encrypting and signing information.
- a certificate makes it possible to verify someone's claim that he has the right to use a given key, thereby preventing people from using phony keys to impersonate other users.
- a certificate may contain version, serial number, signature algorithm, issuer, valid from, valid to, subject, public key, CA's signature and the like.
- Certificates can be stored in a recording medium to be provided to a user. Certificates can be supplied to the user 203 from a CP via a network outside the recording medium.
- FIG. 3 is a schematic diagram of a generation of a certificate according to the present invention.
- a certificate 305 is generated by encrypting authentication information 301 for an authentication target and a CP's public key 302 via a signature algorithm 303 .
- a digest of the authentication information 301 and the CP's public key 302 is calculated using a hash function.
- the digest is encrypted with a CA's private key to generate a digital signature.
- the digital signature is then stored to generate the certificate 305 .
- the encryption using the private key via the signature algorithm is called ‘sign’.
- Digital signature functions for electronic documents like a handwritten signature does for printed documents.
- the signature is an unforgeable piece of data that asserts that a named entity wrote or otherwise agreed to the document to which the signature is attached.
- digital signatures enable “authentication” of digital messages, assuring user of both the identity of CP and the integrity of the messages.
- One who having a secret key can make a signature only and has to prove the person who signed is the person in question. And, the signed data cannot be changed.
- the signature algorithm 303 can employ various cryptographic algorithms such as RSA (Rive-Shamir-Adelman), DSA (digital signature algorithm) and the like.
- RSA Rivest Cipher
- DSA digital signature algorithm
- the RSA is the most popular algorithm used as a public key cryptographic algorithm performing encryption using public and private keys.
- the RSA performs encryption with the private key.
- the RSA is safe in performing encryption with a public key as well.
- the RSA enables encryption with the private or public key.
- the DSA is similar to the RSA. Yet, unlike the RSA, the DSA is a cryptographic algorithm that does not need an original message.
- the authentication information may correspond to the digital signature of the CP.
- the CP's private key can be used for the generation of the CP's digital signature.
- the authentication information may correspond to a specific message that the trusted CA certifies authenticity of the CP or the CP's public key.
- a private key 304 of the trusted CA can be used for encryption of the authentication information and the CP's public key 302 .
- the trusted CA corresponds to a trusted third party, an AACC, a CPS or another CA. If necessary, the CP can become the trusted CA by itself.
- the generated certificate 305 is stored in a specific area of a recording medium to be used or can be used for a place that needs the certificate on a network.
- a user e.g., a BD terminal decrypts the digital signature included in the certificate 305 using the CA's public key to obtain the authentication information and the CP's public key.
- the BD terminal can authenticate the CP from the decrypted authentication information.
- the authentication of the CP using the authentication information can be executed in various ways. For instance, a digest is computed by applying the hash function to the authentication information and the CP's public key, the digest is encrypted, and the encrypted digest is then transferred as well as the non-encrypted authentication information and CP's public key. The encrypted digest is decrypted. The hash function is applied to the non-encrypted authentication information and CP's public key to compute the digest. The decrypted digest is compared to the hash-function-applied digest. If the former is equal to the latter, the authentication is completed. Otherwise, the authentication is not completed.
- the authentication information can be sent to a user together with the CP's public key corresponding to the private key.
- the signature algorithm is applicable to the encryption that uses the CP's private key.
- the digital signature generated from the signature algorithm becomes the CP's digital signature.
- the digital signature is encrypted using a private key of the trusted CA certifying the authenticities of the CP's identity and the CP's public key to be provided to a user together with the CP's public key.
- the authentication in the present invention means a confirmation of a CP's authenticity or a confirmation of an authenticity of the public key generated from the CP or BD terminal.
- the CP is an entity providing data or a specific function to the BD terminal via a recording medium or network.
- the authentication can be used in checking integrity of the data provided by the CP and in checking authenticity of the CP or public key.
- the certificate 305 is used in authenticating a user's public key by using other (CA's) public key.
- CA's other public key.
- the certificate provides proof that the CP's public key 302 belongs to a legitimate owner and has not been compromised.
- the CP and BD terminal generate their private/public key pairs and get certificates through the trusted CA.
- the CP's public key 302 can be used for the purpose of encryption and the like executed after the authentication as well as for the purpose of the above-explained authentication.
- the CP can sign the content and can enclose a certificate to certify a user that the content is actually sent by the CP.
- FIG. 4 is a diagram of a certificate chain used in an authentication method according to the present invention.
- certificates can be enclosed with content, forming a hierarchical chain, wherein one certificate testifies to the authenticity of a previous certificate.
- a root CA that is trusted without a certificate form any other CA.
- Certificates are stored in a key database that is placed in a recording medium or BD terminal.
- a trusted root CA can perform a certification 402 of the authenticity of an AACS, a certification 403 of the authenticity of a CPS or a certification 404 of the authenticity of another CA. As a proof for this, the trusted root CA issues each certificate.
- the AACS, CPS or another CA can independently certify the authenticities of infrastructures such as a BD terminal, a CP and the like ( 402 - 1 , 402 - 2 , 402 - 3 ). Such a structure is called a certificate chain.
- the certification may include a certification for private/public key pairs generated from the BD terminal and/or CPs.
- the trusted root CA certifies itself ( 401 ) to issue a certificate that corresponds to a root certificate 401 .
- Each of the CAs composes a certificate revocation list (CRL).
- CTL certificate revocation list
- a CP or user checks whether a certificate to be used for authentication is revoked. If the certificate to be used for the authentication is revoked, the authentication is not completed.
- the certificate generated through the certificate chain is stored as a file format in a specific area of a recording medium.
- the certificate can be used for authentication or can be downloaded to a player from an outside of the recording medium.
- the certificate can be used for authentication of the BD terminal or CP on a network.
- FIG. 5 is a diagram of a file structure of a recording medium according to the present invention, in which certificates generated from the process in FIG. 3 are stored in the recording medium.
- the BDMV directory 502 includes an index file (“index.bdmv”) 503 as general (upper) file information to secure interactivity with a user, a movie object file (“MovieObject.bdmv”) 504 , a PLAYLIST directory 505 having information of data substantially recorded within a disc and information reproducing the recorded data, a CLIPINF directory 506 and the like.
- index.bdmv index.bdmv
- MovieObject.bdmv movie object file
- PLAYLIST directory 505 having information of data substantially recorded within a disc and information reproducing the recorded data
- CLIPINF directory 506 and the like.
- At least one or more certificates can exist within a recording medium.
- a position and directory name of the CERTIFICATE directory 507 are exemplarily shown in the drawing. Regardless of the name and position, a file or directory, in which data used for authentication of data associated with a recording medium according to the present invention is stored, are included in the present invention.
- the certificate can exist within the CERTIFICATE directory 507 a various way. And, each data is authenticated using the corresponding certificate. For instance, files including “content000.crt” as a certificate used for authentication of data recorded within a recording medium, “app.discroot.crt” as a trusted root certificate used for authentication of application, “bu.discroot.crt” as a certificate used in verifying a signature located at “Binding Unit Signature file”, and the like can exist within the CERTIFICATE directory.
- FIG. 6 is a flowchart of an authentication method using a certificate within a recording medium according to the present invention.
- the CP to use in verifying authenticity of a CP or CP's public key, the CP generates a certificate by encrypting authentication information of an authentication target and the CP's public key with CA's private key ( 601 ). The generated certificate is then recorded in a recording medium ( 602 ). A user, e.g., a BD terminal decrypts the encrypted authentication information and CP's public key within the certificate with CA's public key ( 603 ). The CP is then authenticated by the authentication information obtained as a result of the decryption. And, it can be confirmed that the CP's public key belongs to a legitimate owner by the decrypted CP's public key. Namely, by the decrypted authentication information and CP's public key, the CP and the CP's public key are authenticated.
- the CA corresponds to a trusted certificate authority of a third party, an AACS or a CPS.
- a signature algorithm as RSA, DSA and the like can be used.
- a user e.g., a BD terminal can authenticate the CP to confirm that a provided content is not illegally copied but is provided from an authentic CP. Moreover, it can be confirmed that the CP's public key belongs to a legitimate owner.
- the above-generated certificate may be stored in a recording medium to be usable or may be provided to a user from a CP via a network.
- FIG. 7 is a diagram of an authentication method in a network according to the present invention, in which a CP is authenticated on a network for example.
- a trusted root CA 702 authenticates an AACS or CPS 701 .
- the AACS or CPS 701 can issue certificates certifying CPs 704 and 705 , respectively.
- a disguised site 706 can disguise its public key as that of the CP 704 or 705 from a BD terminal 703 on a network.
- the BD terminal 703 trusts and uses a public key of the disguised site 706 as an authentic public key of the CP 704 or 705 and may provide important information to the disguised site 706 .
- a certificate that the trusted CA 701 or 702 certifies the authenticity of the CP 704 or 705 is needed.
- the BD terminal 703 can sagely use the public key of the CP 704 or 705 .
- FIG. 7 shows a process of downloading the certificate of the CP 1 704 to the BD terminal 703 via the network using an SSL (secure socket layer) or TLS (transport layer security).
- the disguised site 706 can act as the CP 1 704 .
- the CP 1 704 has to provide the BD terminal 703 with the certificate from the trusted root CA 702 or the AACS or CPS 701 , a user can be protected against the disguised site 706 .
- the authentic CPs can be protected in a manner that the disguised site is made not to disguise itself as the authentic CP.
- the CP can be a specific server.
- the BD terminal is explained as an example of a device for recording or playing a high-density optical recording medium.
- the present invention is applicable to the device for recording or playing the high-density optical recording medium as a client communicating with the server.
- FIG. 8 is a diagram of an authentication method in a network according to the present invention.
- a certificate is generated by encrypting authentication information of a CP as an authentication target and the CP's public key with a trusted CA's private key to authenticate the CP on a network ( 801 ).
- the certificate encrypted by the CA's private key is called a certificate signed by the CA.
- a user e.g., BD terminal requests a certificate of the CP via the network ( 802 )
- the CP transfers the certificate via the network ( 803 ).
- the transferred certificate is decrypted with the CA's public key by the BD terminal ( 804 ).
- the CP and the CP's public key are authenticated ( 805 ).
- the authentication information may correspond to the content of certifying authenticity of the CP by itself.
- the authentication information may correspond to information necessary for the authentication of the CP.
- the authentication information may become a digital signature generated via signature algorithm performed on specific data about the CP using the CP's private key.
- the CP's public key that is encrypted to be transferred together may be a public key corresponding to the CP's private key.
- the certificate of the present invention certifies the authenticity of the CP that provides specific data or function and provides a proof that the CP's public key belongs to the CP.
- a recording medium which is provided with a networking function, can provide additional data to a user from a VP via a network.
- the authentication method according to the present invention enables the additional data to be trusted as provided from an authentic CP.
- a process that a user requests a certificate of a CP ( 802 ) and a process that the CP delivers the certificate via a network ( 803 ) can be achieved through an SSL (secure sockets layer) or TLS (transport layer security) handshake process.
- the SSL supports a hash function such MD-5 and SHA-1 to generate a message authentication code to check integrity of authentication information.
- FIG. 9 is a flowchart of an SSL handshake according to one embodiment of the present invention.
- the SSL which is a data transport protocol, enables authentication and confirmation of integrity of a message. And, the SSL enables a secret key exchange function between an Internet browser and an Internet server. Though this, security of a network for a playback system is secured.
- a player e.g., a BD terminal delivers a client_hello message to a CP ( 903 ).
- the client_hello message includes SSL version, random data, session ID, supported cipher suites and the like.
- the CP 902 transfers a server_hello message, a certificate of CP and key exchange information of CP to the BD terminal 902 ( 904 ).
- the server_hello message includes SSL version, random data, session ID, supported cipher suites and the like. Through this, the BD terminal 901 and the CP 902 compromise the cipher suite to use with each other.
- the client_hello and server_hello messages are not limited to the formats explained in the embodiment of the present invention shown in FIG. 9 .
- the BD terminal 901 can use the public key of the CP certified by the trusted CA.
- the BD terminal 901 transfer the key exchange information including the random data encrypted using the CP's public key and the compromised suites to the CP 902 ( 905 ).
- the encryption using the public key employs the RSA scheme for example.
- the BD terminal 901 and the CA 902 share a secret key such a session key using the random data.
- the CP 902 sends the compromised cipher suites back to the BD terminal 901 ( 906 ). Through this, as the BD terminal 901 and the CP 902 share the same secret key, a secure channel is established ( 907 ).
- the cipher suite is a set of cryptographic algorithms. Algorithms from a cipher suite are used in creating keys and in encrypting information. A cipher suite specifies one algorithm for each of the key exchange, the bulk encryption and the message authentication. Key exchange algorithms protect information required for creating shared keys. Bulk algorithms encrypt messages exchanged between clients and servers. And, message authentication algorithms generate message hashes and signatures that ensure the integrity of a message.
- the data is encrypted and decrypted using the public and private keys, which is called ‘asymmetric encryption’.
- the step 907 in which the BD terminal 901 and the CP 902 share the same secret key, the same key is shared to perform encryption and decryption with the same key, which is called ‘symmetric encryption’.
- the BD terminal 901 and the CP 902 can safely exchange information mutually using the shared encryption key without interruptive intrusions of hackers.
- FIG. 10 is a diagram for an encryption method using a secret key according to the present invention.
- a public key of a CP certified by a trusted CA is delivered to a user, e.g., a BD terminal.
- the BD terminal forwards random data to the CP using the delivered CP's public key to share such a secret key as a session key with the CP.
- the session key is an encryption key used during one communication session only between parties communicating with each other. In case that there are too many ciphertexts, it is highly probable that a key can be computed by analyzing the ciphertexts.
- the session key is a temporary key used for this prevention.
- a session is a logical connection for conversations between a BD terminal and a CP on a network.
- the public key can be delivered in two ways. Firstly, the public key of the CP is delivered to the BD terminal. Secondly, the public key of the BD terminal is delivered to the CP in the same manner.
- FIG. 10 shows an example of the latter case, in which encryption and decryption methods using a delivered public key 1007 of a BD terminal and a secret key such as a session key 1004 are shown.
- a CP generates an encrypted file 1005 by encrypting content data (plaintext) through cryptographic algorithm using a session key 1004 .
- the cryptographic algorithm includes AES (advanced encryption standard), DES (data encryption standard), Triple DES or the like.
- AES advanced encryption standard
- DES data encryption standard
- Triple DES Triple DES
- the secret key is used in the present invention, it corresponds to a symmetric encryption.
- An encrypted session key 1008 is generated by encrypting the session key 1004 with a public key 1007 of the BD terminal.
- RSA may be used as cryptographic algorithm.
- the public key it corresponds to an asymmetric encryption.
- the encrypted file 1005 and the encrypted session key 1008 are transferred to the BD terminal.
- the BD terminal decrypts the received encrypted session key 1008 with a private key 1009 of the BD terminal to restore to the original session key 1004 .
- Cryptographic algorithm 1010 used for the decryption adopts the RSA algorithm to correspond to the cryptographic algorithm 1006 used for the encryption.
- the encrypted file 1005 is decrypted using the restored session key 1004 ( 1011 ).
- the cryptographic algorithm 1011 used for the decryption adopts the AES or DES to correspond to the cryptographic algorithm 1003 used for the encryption.
- content data 1002 transferred from the CP is recovered.
- the CP can share the same secret key 1004 with the BD terminal using the above-explained methods. And, the CP can deliver the content to the BD terminal using the secret key 1004 .
- the BD terminal After the CP has transferred the CP's public key to the BD terminal, if the BD terminal attempts to transfer the content, which is encrypted with the secret key such as a session key, and the session key, which is encrypted using the CP's public key, to the CP, positions of the CP and the BD terminals are switched to each other and the public key 1007 of the BD terminal is replaced by the public key of the CP.
- the secret key such as a session key
- the session key which is encrypted using the CP's public key
- FIG. 11 is a flowchart of an encryption and decryption method using a secret key and a public key according to the present invention.
- a BD terminal transfers a certificate to a CP ( 1101 ).
- the certificate includes a public key of the BD terminal at least.
- the content is encrypted with such a secret key as a session key.
- the session key is encrypted with the delivered public key of the BD terminal ( 1102 ).
- An encrypted file generated from encryption of the content and the encrypted session key are transferred to the BD terminal ( 1103 ).
- the BD terminal restores the session key by decrypting the received encrypted session key with a private key of the BD terminal ( 1104 ).
- the BD terminal decrypts the received encrypted file using the restored session key ( 1105 ). Through this, the BD terminal can obtain the content which the CP attempts to deliver to a user ( 1106 ).
- the authentication method, recording medium, encryption method, decryption method and cryptographic system of the present invention security can be provided to the high-density optical recording medium, the reproduction system associated with the high-density optical recording medium, and the network.
- the present invention protects the content provider and the playback system that reproduces the recording medium. And, by establishing the secure channel between the playback system of the recording medium and the content provider through the network to secure the safe data exchange, the present invention provides more convenient functions to the users and the content providers.
Abstract
An authentication method, encryption method, decryption method, cryptographic system and recording medium are disclosed. The present invention includes the steps of decrypting authentication information and a content provider's public key stored in a certificate signed by a certificate authority with a public key of the certificate authority to authenticate the content provider using the decrypted authentication information and authenticating the public key of the content provider by checking the decrypted public key of the content provider. And, the present invention provides the encryption method includes the steps of encrypting content data with a secret key, encrypting the secret key with a public key, and transferring the encrypted content data and the encrypted secret key.
Description
- This application claims the benefit of the Korean Patent Application No. 10-2005-0113647, filed on Nov. 25, 2005, and No. 10-2005-0113648, filed on Nov. 25, 2005, which are hereby incorporated by reference as if fully set forth herein.
- This application claims the benefit of the U.S. Provisional Application No. 60/641,779, filed on Jan. 7, 2005, in the name of inventor Kun Suk KIM, entitled “METHOD FOR SECURITY AND CERTIFICATIOND OF DIGITAL CONTENTS”, which is hereby incorporated by reference as if fully set forth herein.
- 1. Field of the Invention
- The present invention relates to an authentication method, encryption method, decryption method, cryptographic system and recording medium.
- 2. Discussion of the Related Art
- Recently, a new high-density recording medium, e.g., Blu-ray disc (hereinafter abbreviated BD) has been developed to store video data of high image quality and audio data of high sound quality for long duration.
- The BD as a next generation recording medium technology is a next generation optical record solution provided with data remarkably surpassing that of a conventional DVD. And, many efforts are made to research and develop the BD together with other digital devices.
- Moreover, many efforts are made to research and develop an optical record player with the application of the BD specifications. Since a security scheme in the BD has not been set up, the development and utilization of a complete optical record player still have difficulty in fact.
- Besides, the above-explained recording medium is provided with a networking function to enable a CA and a user to exchange information with each other on a network. In this case, it is a problem that a clear method of verifying whether the CA and user are trusted has not been settled yet.
- An object of the present invention is to provide security to a high-density optical recording medium using a public key infrastructure (PKI) that is currently and widely used.
- Another object of the present invention is to provide a certificate to a user on a network using the public key infrastructure (PKI).
- To achieve theses objects, the public key infrastructure is used.
FIG. 1 is a flowchart of an authentication method using the public key infrastructure. In the public key infrastructure (PKI), a public key and a private key are used. - The public key is made available to everyone via a publicly accessible repository or director. In case of attempting to encrypt and transmit information, the information is encrypted using the public key and the encrypted information is then transmitted. On the other hand, the private key is a key left as a secret to each owner. Because the key pair is mathematically related, whatever is encrypted with a public key may only be decrypted by its corresponding private key, and vice versa.
- In
FIG. 1 ,authentication information 101 is encrypted via anencryption algorithm 102 using aprivate key 106 of a trusted certificate authority (CA). Acipher text 103 generated from the encryption is decrypted via adecryption algorithm 104 using apublic key 107 of the trusted CA. And, a person to be authenticated is authenticated using anauthentication information 105 obtained from a result of the decryption. - Positions of the private and
public keys FIG. 1 can be switched to each other. In this case, the authentication information is encrypted with the public key and the encrypted authentication information is decrypted with the private key to obtain the authentication information. - Meanwhile, according to the developments of a recording medium and a network such as Internet, problems including hacking and the like are raised. Even if security technologies including various authentication methods using certificates are developed, a safe security technology of a new high-density optical recording medium is not determined yet. In particular, since a clear and efficient method of authenticating such a server as a CP does not exist in the BD, a security problem still remains unsolved.
- The present invention, which is proposed to solve the problem, provides an authentication method using a certificate and a recording medium storing the certificate. And, the present invention provides an encryption method using a secret key, a decryption method and a cryptographic system.
- According to the present invention, a true content provider (CP) and data provided from the content provider are protected as well as a user's playback system. Hence, security can be provided to a new high-density optical recording medium.
- Accordingly, the present invention is directed to an authentication method, encryption method, decryption method, cryptographic system and recording medium that substantially obviate one or more problems due to limitations and disadvantages of the related art.
- An authentication method according to the present invention proposed to solve the above-explained problem is characterized in using a certificate. The certificate is a certificate signed by a certificate authority. And, authentication information and a content provider's public key are stored in the certificate.
- Additional advantages, objects, and features of the invention will be set forth in part in the description which follows and in part will become apparent to those having ordinary skill in the art upon examination of the following or may be learned from practice of the invention. The objectives and other advantages of the invention may be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
- To achieve these objects and other advantages and in accordance with the purpose of the invention, as embodied and broadly described herein, an authentication method according to the present invention includes the steps of decrypting authentication information and a content provider's public key in a certificate signed by a certificate authority with a public key of the certificate authority to authenticate the content provider using the decrypted authentication information and authenticating the content provider's public by checking the decrypted public key of the content provider.
- For example, the authentication method further includes the step of checking whether the certificate is valid before performing authentication.
- For example, the encrypted authentication information and the content provider's public key are encrypted using a private key of the certificate authority.
- For example, the certificate is one of a plurality of certificates in a certificate chain.
- For example, the certificate is stored as a file in a recording medium.
- For example, the file exists in a directory storing the certificate only within the recording medium.
- For example, the certificate is a certificate downloaded from an outside of a recording medium.
- For example, the certificate follows X.509 of a public key infrastructure (PKI).
- For example, the certificate is a certificate used in authenticating data stored within a recording medium.
- For example, the certificate is a root certificate used in authenticating an application within a recording medium and/or a local storage.
- For example, the certificate is a root certificate used in verifying a signature located at a signature file of a binding unit associated with a recording medium within a local storage.
- In another aspect of the present invention, a recording medium includes a data area storing content data and an authentication management area storing authentication information, wherein a certificate generated from encrypting the authentication information with a public key of a content provider is stored in the authentication management area.
- For example, a private key of a certificate authority is used in encrypting the authentication information.
- For example, the certificate is one of a plurality of certificates in a certificate chain.
- For example, the certificate exists in a directory storing the certificate only within a file structure within the recording medium.
- For example, the certificate is a certificate used for authentication of data within the recording medium.
- For example, the certificate is a root certificate used for authentication of an application within the recording medium.
- For example, the certificate is a root certificate used in verifying a signature located at a signature file of a binding unit associated with the recording medium within a local storage.
- For example, the certificate follows X.509 of a public key infrastructure (PKI).
- In another aspect of the present invention, an encryption method includes the steps of encrypting content data with a secret key, encrypting the secret key with a public key, and transferring the encrypted content data and the encrypted secret key.
- For example, the public key belongs to an optical terminal.
- For example, the public key belongs to a content provider.
- For example, the content data is encrypted by AES algorithm.
- For example, the content data is encrypted by DES algorithm.
- For example, the secret key is encrypted by RSA cryptographic algorithm.
- For example, the public key is distributed by a handshake process between a content provider and a optical player.
- For example, the secret key includes a session key.
- For example, the session key is generated by using random data.
- In another aspect of the present invention, a decryption method includes the steps of receiving an encrypted secret key and encrypted content data, decrypting an encrypted secret key and decrypting encrypted content data using the decrypted secret key.
- For example, the encrypted secret key is decrypted using a private key of an optical player.
- For example, the encrypted secret key is decrypted using a private key of a content provider.
- For example, the encrypted secret key is decrypted by RSA cryptographic algorithm.
- For example, the encrypted content data is decrypted by AES algorithm.
- For example, the encrypted content data is decrypted by DES algorithm.
- For example, the secret key includes a session key.
- For example, the session key is generated by using random data.
- In a further aspect of the present invention, a cryptographic system includes an encryption system encrypting content data with a secret key, the encryption system encrypting the secret key with a public key, the encryption system transferring the encrypted content data and the encrypted secret key and a decryption system receiving the encrypted secret key and the encrypted content data, the decryption system decrypting the encrypted secret key, the decryption system decrypting the encrypted content data using the decrypted secret key.
- It is to be understood that both the foregoing general description and the following detailed description of the present invention are exemplary and explanatory and are intended to provide further explanation of the invention as claimed.
- The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the principle of the invention. In the drawings:
-
FIG. 1 is a flowchart of an authentication method using a public key infrastructure according to a related art; -
FIG. 2 is a diagram of a security infrastructure in a recording medium according to the present invention; -
FIG. 3 is a schematic diagram of a generation of a certificate according to the present invention; -
FIG. 4 is a diagram of a certificate chain used in an authentication method according to the present invention; -
FIG. 5 is a diagram of a file structure of a recording medium according to the present invention, in which a certificate according to the present invention is stored in the recording medium; -
FIG. 6 is a flowchart of an authentication method using a certificate within a recording medium according to the present invention; -
FIG. 7 is a diagram of an authentication method in a network according to the present invention; -
FIG. 8 is a diagram of an authentication method in a network according to the present invention; -
FIG. 9 is a flowchart of an SSL handshake according to one embodiment of the present invention; -
FIG. 10 is a diagram for an encryption method using a secret key according to the present invention; and -
FIG. 11 is a flowchart of an encryption and decryption method using a secret key and a public key according to the present invention. - Reference will now be made in detail to the preferred embodiments of the present invention, examples of which are illustrated in the accompanying drawings. Wherever possible, the same reference numbers will be used throughout the drawings to refer to the same or like parts.
- First of all, a digital authentication method in a recording medium according to one preferred embodiment of the present invention and a digital authentication method on a network according to one preferred embodiment of the present invention will be explained with reference to the attached drawings as follows.
-
FIG. 2 is a diagram of a security infrastructure in a recording medium according to the present invention. - First of all, storage resources such as PlayList, AV clips and the like and network resources are stored in a recording medium according to the present invention.
- These resources need to be protected against an unauthorized entity such as a hacker and the like. For this, authentication, key generation & distribution, a certificate issued by a trusted certificate authority, encryption/decryption and the like are used.
- The present invention relates to an authentication method in a recording medium using certificates signed by a trusted certificate authority (hereinafter abbreviated CA) and a recording medium storing the certificates.
- Referring to
FIG. 2 , a trustedroot CA 202 verifies and certifies authenticity of an AACS (advanced access content system) or CPS (content protection system) 201. The AACS orCPS 201 verifies to certify authenticities ofCAs CPS 201 becomes the trustedCA 202 by itself to certifycontent providers - The certification is carried out by certificates. A certificate is an electronic document attached to a public key by a trusted third party or CA (AACS or CPS), which provides proof that the public key belongs to a legitimate owner and has not been compromised. Certificates are issued by CAs (certificate authorities) and are signed with the CA's private key. Furthermore, the certificates are used in proving AACS, CPS or CPs' identities or rights.
- Certificates bind an identity to a pair of keys that can be used in encrypting and signing information. A certificate makes it possible to verify someone's claim that he has the right to use a given key, thereby preventing people from using phony keys to impersonate other users.
- Besides, a certificate may contain version, serial number, signature algorithm, issuer, valid from, valid to, subject, public key, CA's signature and the like.
- Certificates can be stored in a recording medium to be provided to a user. Certificates can be supplied to the
user 203 from a CP via a network outside the recording medium. -
FIG. 3 is a schematic diagram of a generation of a certificate according to the present invention. - Referring to
FIG. 3 , acertificate 305 is generated by encryptingauthentication information 301 for an authentication target and a CP'spublic key 302 via asignature algorithm 303. - In particular, a digest of the
authentication information 301 and the CP'spublic key 302 is calculated using a hash function. The digest is encrypted with a CA's private key to generate a digital signature. The digital signature is then stored to generate thecertificate 305. - Besides, the encryption using the private key via the signature algorithm is called ‘sign’.
- Digital signature functions for electronic documents like a handwritten signature does for printed documents. The signature is an unforgeable piece of data that asserts that a named entity wrote or otherwise agreed to the document to which the signature is attached. In other words, digital signatures enable “authentication” of digital messages, assuring user of both the identity of CP and the integrity of the messages. One who having a secret key can make a signature only and has to prove the person who signed is the person in question. And, the signed data cannot be changed.
- The
signature algorithm 303 can employ various cryptographic algorithms such as RSA (Rive-Shamir-Adelman), DSA (digital signature algorithm) and the like. Currently, the RSA is the most popular algorithm used as a public key cryptographic algorithm performing encryption using public and private keys. The RSA performs encryption with the private key. Yet, the RSA is safe in performing encryption with a public key as well. Hence, the RSA enables encryption with the private or public key. The DSA is similar to the RSA. Yet, unlike the RSA, the DSA is a cryptographic algorithm that does not need an original message. - Besides, the authentication information may correspond to the digital signature of the CP. In this case, the CP's private key can be used for the generation of the CP's digital signature.
- Moreover, the authentication information may correspond to a specific message that the trusted CA certifies authenticity of the CP or the CP's public key.
- A
private key 304 of the trusted CA can be used for encryption of the authentication information and the CP'spublic key 302. The trusted CA corresponds to a trusted third party, an AACC, a CPS or another CA. If necessary, the CP can become the trusted CA by itself. - The generated
certificate 305 is stored in a specific area of a recording medium to be used or can be used for a place that needs the certificate on a network. A user, e.g., a BD terminal decrypts the digital signature included in thecertificate 305 using the CA's public key to obtain the authentication information and the CP's public key. - Besides, if there is no public key corresponding to the CA's private key used for the encryptions of the authentication information and the CP's public key, it is unable to decrypt the authentication information and the CP's public key in the certificate. Namely, it is unable to authenticate the CP and the CP's public key.
- The BD terminal can authenticate the CP from the decrypted authentication information. The authentication of the CP using the authentication information can be executed in various ways. For instance, a digest is computed by applying the hash function to the authentication information and the CP's public key, the digest is encrypted, and the encrypted digest is then transferred as well as the non-encrypted authentication information and CP's public key. The encrypted digest is decrypted. The hash function is applied to the non-encrypted authentication information and CP's public key to compute the digest. The decrypted digest is compared to the hash-function-applied digest. If the former is equal to the latter, the authentication is completed. Otherwise, the authentication is not completed.
- Moreover, having been encrypted using the CP's private key, the authentication information can be sent to a user together with the CP's public key corresponding to the private key. In this case, the signature algorithm is applicable to the encryption that uses the CP's private key. And, the digital signature generated from the signature algorithm becomes the CP's digital signature. The digital signature is encrypted using a private key of the trusted CA certifying the authenticities of the CP's identity and the CP's public key to be provided to a user together with the CP's public key.
- Besides, the authentication in the present invention means a confirmation of a CP's authenticity or a confirmation of an authenticity of the public key generated from the CP or BD terminal. The CP is an entity providing data or a specific function to the BD terminal via a recording medium or network. The authentication can be used in checking integrity of the data provided by the CP and in checking authenticity of the CP or public key.
- Namely, the
certificate 305 according to the present invention is used in authenticating a user's public key by using other (CA's) public key. In other words, the certificate provides proof that the CP'spublic key 302 belongs to a legitimate owner and has not been compromised. The CP and BD terminal generate their private/public key pairs and get certificates through the trusted CA. - Besides, the CP's
public key 302 can be used for the purpose of encryption and the like executed after the authentication as well as for the purpose of the above-explained authentication. - In providing content to a user, the CP can sign the content and can enclose a certificate to certify a user that the content is actually sent by the CP.
-
FIG. 4 is a diagram of a certificate chain used in an authentication method according to the present invention. - First of all, multiple certificates can be enclosed with content, forming a hierarchical chain, wherein one certificate testifies to the authenticity of a previous certificate. At the end of a certificate hierarchy is a root CA that is trusted without a certificate form any other CA. Certificates are stored in a key database that is placed in a recording medium or BD terminal.
- Referring to
FIG. 4 , a trusted root CA can perform acertification 402 of the authenticity of an AACS, acertification 403 of the authenticity of a CPS or acertification 404 of the authenticity of another CA. As a proof for this, the trusted root CA issues each certificate. The AACS, CPS or another CA can independently certify the authenticities of infrastructures such as a BD terminal, a CP and the like (402-1, 402-2, 402-3). Such a structure is called a certificate chain. - Besides, the certification may include a certification for private/public key pairs generated from the BD terminal and/or CPs.
- There exists no higher CA that can certify the trusted CA in the certificate chain. In this case, the trusted root CA certifies itself (401) to issue a certificate that corresponds to a
root certificate 401. - Each of the CAs composes a certificate revocation list (CRL). In authenticating the CP or the CP's public key by receiving a downloaded certificate revocation list, a CP or user checks whether a certificate to be used for authentication is revoked. If the certificate to be used for the authentication is revoked, the authentication is not completed.
- The certificate generated through the certificate chain is stored as a file format in a specific area of a recording medium. The certificate can be used for authentication or can be downloaded to a player from an outside of the recording medium. And, the certificate can be used for authentication of the BD terminal or CP on a network.
-
FIG. 5 is a diagram of a file structure of a recording medium according to the present invention, in which certificates generated from the process inFIG. 3 are stored in the recording medium. - Referring to
FIG. 5 , in a recording medium according to the present invention, at least oneBDMV directory 502 and a directory storing a certificate, e.g., aCERTIFICATE directory 507 exist below oneroot directory 501. - The
BDMV directory 502 includes an index file (“index.bdmv”) 503 as general (upper) file information to secure interactivity with a user, a movie object file (“MovieObject.bdmv”) 504, aPLAYLIST directory 505 having information of data substantially recorded within a disc and information reproducing the recorded data, aCLIPINF directory 506 and the like. - Besides, at least one or more certificates can exist within a recording medium. And, a position and directory name of the
CERTIFICATE directory 507 are exemplarily shown in the drawing. Regardless of the name and position, a file or directory, in which data used for authentication of data associated with a recording medium according to the present invention is stored, are included in the present invention. - The certificate can exist within the CERTIFICATE directory 507 a various way. And, each data is authenticated using the corresponding certificate. For instance, files including “content000.crt” as a certificate used for authentication of data recorded within a recording medium, “app.discroot.crt” as a trusted root certificate used for authentication of application, “bu.discroot.crt” as a certificate used in verifying a signature located at “Binding Unit Signature file”, and the like can exist within the CERTIFICATE directory.
-
FIG. 6 is a flowchart of an authentication method using a certificate within a recording medium according to the present invention. - Referring to
FIG. 6 , to use in verifying authenticity of a CP or CP's public key, the CP generates a certificate by encrypting authentication information of an authentication target and the CP's public key with CA's private key (601). The generated certificate is then recorded in a recording medium (602). A user, e.g., a BD terminal decrypts the encrypted authentication information and CP's public key within the certificate with CA's public key (603). The CP is then authenticated by the authentication information obtained as a result of the decryption. And, it can be confirmed that the CP's public key belongs to a legitimate owner by the decrypted CP's public key. Namely, by the decrypted authentication information and CP's public key, the CP and the CP's public key are authenticated. - In this case, as mentioned in the foregoing description, the CA corresponds to a trusted certificate authority of a third party, an AACS or a CPS. In encrypting the data with the CA's private key (601), such a signature algorithm as RSA, DSA and the like can be used.
- According to the explained flowchart shown in
FIG. 6 , a user, e.g., a BD terminal can authenticate the CP to confirm that a provided content is not illegally copied but is provided from an authentic CP. Moreover, it can be confirmed that the CP's public key belongs to a legitimate owner. - As mentioned in the foregoing description, the above-generated certificate may be stored in a recording medium to be usable or may be provided to a user from a CP via a network.
-
FIG. 7 is a diagram of an authentication method in a network according to the present invention, in which a CP is authenticated on a network for example. - Referring to
FIG. 7 , as mentioned in the foregoing description; a trustedroot CA 702 authenticates an AACS orCPS 701. The AACS orCPS 701 can issuecertificates certifying CPs - A disguised
site 706 can disguise its public key as that of theCP BD terminal 703 on a network. In this case, if there is no certificate of the trustedroot CA 702, theBD terminal 703 trusts and uses a public key of the disguisedsite 706 as an authentic public key of theCP site 706. To prevent the danger on a network, needed is a certificate that the trustedCA CP - Since the certificate may include a public key of the
CP CA BD terminal 703 can sagely use the public key of theCP - Moreover,
FIG. 7 shows a process of downloading the certificate of theCP1 704 to theBD terminal 703 via the network using an SSL (secure socket layer) or TLS (transport layer security). In this case, the disguisedsite 706 can act as theCP1 704. Yet, since theCP1 704 has to provide theBD terminal 703 with the certificate from the trustedroot CA 702 or the AACS orCPS 701, a user can be protected against the disguisedsite 706. Furthermore, the authentic CPs can be protected in a manner that the disguised site is made not to disguise itself as the authentic CP. - Besides, the CP can be a specific server. And, the BD terminal is explained as an example of a device for recording or playing a high-density optical recording medium. Hence, the present invention is applicable to the device for recording or playing the high-density optical recording medium as a client communicating with the server.
-
FIG. 8 is a diagram of an authentication method in a network according to the present invention. - Referring to
FIG. 8 , a certificate is generated by encrypting authentication information of a CP as an authentication target and the CP's public key with a trusted CA's private key to authenticate the CP on a network (801). The certificate encrypted by the CA's private key is called a certificate signed by the CA. If a user, e.g., BD terminal requests a certificate of the CP via the network (802), the CP transfers the certificate via the network (803). The transferred certificate is decrypted with the CA's public key by the BD terminal (804). By the decrypted authentication information and CP's public key, the CP and the CP's public key are authenticated (805). - Besides, the authentication information may correspond to the content of certifying authenticity of the CP by itself. In some cases, the authentication information may correspond to information necessary for the authentication of the CP. For instance, the authentication information may become a digital signature generated via signature algorithm performed on specific data about the CP using the CP's private key. The CP's public key that is encrypted to be transferred together may be a public key corresponding to the CP's private key.
- Hence, the certificate of the present invention certifies the authenticity of the CP that provides specific data or function and provides a proof that the CP's public key belongs to the CP.
- A recording medium, which is provided with a networking function, can provide additional data to a user from a VP via a network. In this case, the authentication method according to the present invention enables the additional data to be trusted as provided from an authentic CP.
- Besides, a process that a user requests a certificate of a CP (802) and a process that the CP delivers the certificate via a network (803) can be achieved through an SSL (secure sockets layer) or TLS (transport layer security) handshake process. Generally, the SSL supports a hash function such MD-5 and SHA-1 to generate a message authentication code to check integrity of authentication information.
-
FIG. 9 is a flowchart of an SSL handshake according to one embodiment of the present invention. - The SSL, which is a data transport protocol, enables authentication and confirmation of integrity of a message. And, the SSL enables a secret key exchange function between an Internet browser and an Internet server. Though this, security of a network for a playback system is secured.
- In the SSL, a parameter of an encryption message should be compromised. For this, a player, e.g., a BD terminal delivers a client_hello message to a CP (903). The client_hello message includes SSL version, random data, session ID, supported cipher suites and the like.
- The
CP 902 transfers a server_hello message, a certificate of CP and key exchange information of CP to the BD terminal 902 (904). The server_hello message includes SSL version, random data, session ID, supported cipher suites and the like. Through this, theBD terminal 901 and theCP 902 compromise the cipher suite to use with each other. Besides, the client_hello and server_hello messages are not limited to the formats explained in the embodiment of the present invention shown inFIG. 9 . - Since a public key of the
CP 902 certified by the trusted CA is included in the certificate, theBD terminal 901 can use the public key of the CP certified by the trusted CA. - The
BD terminal 901 transfer the key exchange information including the random data encrypted using the CP's public key and the compromised suites to the CP 902 (905). The encryption using the public key employs the RSA scheme for example. TheBD terminal 901 and theCA 902 share a secret key such a session key using the random data. - The
CP 902 sends the compromised cipher suites back to the BD terminal 901 (906). Through this, as theBD terminal 901 and theCP 902 share the same secret key, a secure channel is established (907). - Besides, the cipher suite is a set of cryptographic algorithms. Algorithms from a cipher suite are used in creating keys and in encrypting information. A cipher suite specifies one algorithm for each of the key exchange, the bulk encryption and the message authentication. Key exchange algorithms protect information required for creating shared keys. Bulk algorithms encrypt messages exchanged between clients and servers. And, message authentication algorithms generate message hashes and signatures that ensure the integrity of a message.
- In the
steps 903˜906, the data is encrypted and decrypted using the public and private keys, which is called ‘asymmetric encryption’. In thestep 907, in which theBD terminal 901 and theCP 902 share the same secret key, the same key is shared to perform encryption and decryption with the same key, which is called ‘symmetric encryption’. - Thus, the
BD terminal 901 and theCP 902 can safely exchange information mutually using the shared encryption key without interruptive intrusions of hackers. -
FIG. 10 is a diagram for an encryption method using a secret key according to the present invention. - As mentioned in the foregoing description of
FIG. 9 , a public key of a CP certified by a trusted CA is delivered to a user, e.g., a BD terminal. The BD terminal forwards random data to the CP using the delivered CP's public key to share such a secret key as a session key with the CP. - Besides, the session key is an encryption key used during one communication session only between parties communicating with each other. In case that there are too many ciphertexts, it is highly probable that a key can be computed by analyzing the ciphertexts. The session key is a temporary key used for this prevention. And, a session is a logical connection for conversations between a BD terminal and a CP on a network.
- The public key can be delivered in two ways. Firstly, the public key of the CP is delivered to the BD terminal. Secondly, the public key of the BD terminal is delivered to the CP in the same manner.
-
FIG. 10 shows an example of the latter case, in which encryption and decryption methods using a deliveredpublic key 1007 of a BD terminal and a secret key such as a session key 1004 are shown. - First of all, a CP generates an
encrypted file 1005 by encrypting content data (plaintext) through cryptographic algorithm using asession key 1004. - The cryptographic algorithm includes AES (advanced encryption standard), DES (data encryption standard), Triple DES or the like. As the secret key is used in the present invention, it corresponds to a symmetric encryption.
- An encrypted session key 1008 is generated by encrypting the session key 1004 with a
public key 1007 of the BD terminal. In this case, RSA may be used as cryptographic algorithm. As the public key is used, it corresponds to an asymmetric encryption. - The
encrypted file 1005 and the encrypted session key 1008 are transferred to the BD terminal. The BD terminal decrypts the received encrypted session key 1008 with aprivate key 1009 of the BD terminal to restore to theoriginal session key 1004. -
Cryptographic algorithm 1010 used for the decryption adopts the RSA algorithm to correspond to thecryptographic algorithm 1006 used for the encryption. Theencrypted file 1005 is decrypted using the restored session key 1004 (1011). Thecryptographic algorithm 1011 used for the decryption adopts the AES or DES to correspond to thecryptographic algorithm 1003 used for the encryption. As a result of the decryption (1011),content data 1002 transferred from the CP is recovered. - The CP can share the same secret key 1004 with the BD terminal using the above-explained methods. And, the CP can deliver the content to the BD terminal using the
secret key 1004. - After the CP has transferred the CP's public key to the BD terminal, if the BD terminal attempts to transfer the content, which is encrypted with the secret key such as a session key, and the session key, which is encrypted using the CP's public key, to the CP, positions of the CP and the BD terminals are switched to each other and the
public key 1007 of the BD terminal is replaced by the public key of the CP. -
FIG. 11 is a flowchart of an encryption and decryption method using a secret key and a public key according to the present invention. To encrypt content and a secret key to transfer, a BD terminal transfers a certificate to a CP (1101). Preferably, the certificate includes a public key of the BD terminal at least. - The content is encrypted with such a secret key as a session key. And, the session key is encrypted with the delivered public key of the BD terminal (1102). An encrypted file generated from encryption of the content and the encrypted session key are transferred to the BD terminal (1103).
- The BD terminal restores the session key by decrypting the received encrypted session key with a private key of the BD terminal (1104). The BD terminal decrypts the received encrypted file using the restored session key (1105). Through this, the BD terminal can obtain the content which the CP attempts to deliver to a user (1106).
- Accordingly, by the authentication method, recording medium, encryption method, decryption method and cryptographic system of the present invention, security can be provided to the high-density optical recording medium, the reproduction system associated with the high-density optical recording medium, and the network.
- Hence, the present invention protects the content provider and the playback system that reproduces the recording medium. And, by establishing the secure channel between the playback system of the recording medium and the content provider through the network to secure the safe data exchange, the present invention provides more convenient functions to the users and the content providers.
- It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit or scope of the inventions. Thus, it is intended that the present invention covers the modifications and variations of this invention provided they come within the scope of the appended claims and their equivalents.
Claims (37)
1. An authentication method comprising the steps of:
decrypting authentication information and a content provider's public key stored in a certificate signed by a certificate authority with a public key of the certificate authority to authenticate the content provider using the decrypted authentication information; and
authenticating the content provider's public key by checking the decrypted public key of the content provider.
2. The authentication method of claim 1 , further comprising the step of checking whether the certificate is valid before performing authentication.
3. The authentication method of claim 1 , wherein the authentication information and the content provider's public key are encrypted using a private key of the certificate authority.
4. The authentication method of claim 1 , wherein the certificate is one of a plurality of certificates in a certificate chain.
5. The authentication method of claim 1 , wherein the certificate is stored as a file in a recording medium.
6. The authentication method of claim 5 , wherein the file exists in a directory storing certificates only within the recording medium.
7. The authentication method of claim 1 , wherein the certificate is a certificate downloaded from an outside of a recording medium.
8. The authentication method of claim 1 , wherein the certificate follows X.509 of a public key infrastructure (PKI).
9. The authentication method of claim 1 , wherein the certificate is a certificate used in authenticating data stored within a recording medium.
10. The authentication method of claim 1 , wherein the certificate is a root certificate used in authenticating an application within a recording medium and/or a local storage.
11. The authentication method of claim 1 , wherein the certificate is a root certificate used in verifying a signature located at a signature file of a binding unit associated with a recording medium within a local storage.
12. A recording medium comprising:
a data area storing content data; and
an authentication management area storing authentication information,
wherein a certificate generated from encrypting authentication information and a content provider's public key is stored in the authentication management area.
13. The recording medium of claim 12 , wherein a private key of a certificate authority is used in encrypting the authentication information and the public key.
14. The recording medium of claim 13 , wherein the certificate is one of a plurality of certificates in a certificate chain.
15. The recording medium of claim 12 , wherein the certificate exists in a directory storing the certificates only within a file structure within the recording medium.
16. The recording medium of claim 12 , wherein the certificate is a certificate used for authentication of data within the recording medium.
17. The recording medium of claim 12 , wherein the certificate is a root certificate used for authentication of an application within the recording medium.
18. The recording medium of claim 12 , wherein the certificate is a root certificate used in verifying a signature located at a signature file of a binding unit associated with the recording.
19. The recording medium of claim 12 , wherein the certificate follows X.509 of a public key infrastructure (PKI).
20. An encryption method comprising the steps of:
encrypting content data with a secret key;
encrypting the secret key with a public key; and
transferring the encrypted content data and the encrypted secret key.
21. The encryption method of claim 20 , wherein the public key belongs to an optical terminal.
22. The encryption method of claim 20 , wherein the public key belongs to a content provider.
23. The encryption method of claim 20 , wherein the content data is encrypted by AES algorithm.
24. The encryption method of claim 20 , wherein the content data is encrypted by DES algorithm.
25. The encryption method of claim 20 , wherein the secret key is encrypted by RSA cryptographic algorithm.
26. The encryption method of claim 20 , wherein the public key is distributed by a handshake process between a content provider and an optical player.
27. The encryption method of claim 20 , wherein the secret key comprises a session key.
28. The encryption method of claim 27 , wherein the session key is generated by using random data.
29. A decryption method comprising the steps of:
receiving an encrypted secret key and encrypted content data;
decrypting the encrypted secret key; and
decrypting the encrypted content data using the decrypted secret key.
30. The decryption method of claim 29 , wherein the encrypted secret key is decrypted using a private key of an optical player.
31. The decryption method of claim 29 , wherein the encrypted secret key is decrypted using a private key of a content provider.
32. The decryption method of claim 29 , wherein the encrypted secret key is decrypted by RSA cryptographic algorithm.
33. The decryption method of claim 29 , wherein the encrypted content data is decrypted by AES algorithm.
34. The decryption method of claim 29 , wherein the encrypted content data is decrypted by DES algorithm.
35. The decryption method of claim 29 , wherein the secret key comprises a session key.
36. The decryption method of claim 35 , wherein the session key is generated through random data.
37. A cryptographic system comprising:
an encryption system encrypting content data with a secret key, the encryption system encrypting the secret key with a public key, the encryption system transferring the encrypted content data and the encrypted secret key; and
a decryption system receiving the encrypted secret key and the encrypted content data, the decryption system decrypting the encrypted secret key, the decryption system decrypting the encrypted content data using the decrypted secret key.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/325,468 US20060155991A1 (en) | 2005-01-07 | 2006-01-05 | Authentication method, encryption method, decryption method, cryptographic system and recording medium |
Applications Claiming Priority (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US64177905P | 2005-01-07 | 2005-01-07 | |
KR1020050113647A KR20060081336A (en) | 2005-01-07 | 2005-11-25 | Digital certificates in a recoding medium |
KR1020050113648A KR20060081337A (en) | 2005-01-07 | 2005-11-25 | Encryption and decryption method using a secret key |
KR10-2005-0113648 | 2005-11-25 | ||
KR10-2005-0113647 | 2005-11-25 | ||
US11/325,468 US20060155991A1 (en) | 2005-01-07 | 2006-01-05 | Authentication method, encryption method, decryption method, cryptographic system and recording medium |
Publications (1)
Publication Number | Publication Date |
---|---|
US20060155991A1 true US20060155991A1 (en) | 2006-07-13 |
Family
ID=37172374
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/325,468 Abandoned US20060155991A1 (en) | 2005-01-07 | 2006-01-05 | Authentication method, encryption method, decryption method, cryptographic system and recording medium |
US11/325,457 Expired - Fee Related US7668439B2 (en) | 2005-01-07 | 2006-01-05 | Apparatus for reproducing data, method thereof and recording medium |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/325,457 Expired - Fee Related US7668439B2 (en) | 2005-01-07 | 2006-01-05 | Apparatus for reproducing data, method thereof and recording medium |
Country Status (4)
Country | Link |
---|---|
US (2) | US20060155991A1 (en) |
JP (2) | JP2008527833A (en) |
KR (3) | KR20060081336A (en) |
CN (3) | CN101099211A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080098214A1 (en) * | 2006-10-24 | 2008-04-24 | Antonio Rodriguez Martinez | Encryption/decryption method, method for safe data transfer across a network, computer program products and computer readable media |
US20080301465A1 (en) * | 2007-06-04 | 2008-12-04 | Microsoft Corporation | Protection of software transmitted over an unprotected interface |
US20100095360A1 (en) * | 2008-10-14 | 2010-04-15 | International Business Machines Corporation | Method and system for authentication |
US8781442B1 (en) * | 2006-09-08 | 2014-07-15 | Hti Ip, Llc | Personal assistance safety systems and methods |
US20180012027A1 (en) * | 2014-12-24 | 2018-01-11 | International Business Machines Corporation | Recording data and using the recorded data |
Families Citing this family (27)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7644279B2 (en) * | 2001-12-05 | 2010-01-05 | Nvidia Corporation | Consumer product distribution in the embedded system market |
JP5013477B2 (en) | 2004-11-09 | 2012-08-29 | トムソン ライセンシング | Combining content on separate storage media |
KR20060081336A (en) * | 2005-01-07 | 2006-07-12 | 엘지전자 주식회사 | Digital certificates in a recoding medium |
KR20060107282A (en) * | 2005-04-07 | 2006-10-13 | 엘지전자 주식회사 | Data reproducing method, data recording/reproducing player and data transmitting method |
CN101887736B (en) * | 2005-11-15 | 2012-11-21 | 松下电器产业株式会社 | Reproducing device and program |
JP4264551B2 (en) * | 2005-12-08 | 2009-05-20 | ソニー株式会社 | Information processing apparatus, information recording medium manufacturing apparatus, information recording medium and method, and computer program |
JP4655951B2 (en) * | 2006-02-06 | 2011-03-23 | ソニー株式会社 | Information processing apparatus, information recording medium manufacturing apparatus, information recording medium and method, and computer program |
WO2007111208A1 (en) * | 2006-03-24 | 2007-10-04 | Matsushita Electric Industrial Co., Ltd. | Reproduction device, debug device, system lsi, and program |
KR101292770B1 (en) * | 2006-11-06 | 2013-08-02 | 삼성전자주식회사 | Method and apparatus of reproducing Audio Visual data comprising application having indeterminate start time |
US8312075B1 (en) * | 2006-11-29 | 2012-11-13 | Mcafee, Inc. | System, method and computer program product for reconstructing data received by a computer in a manner that is independent of the computer |
US8875271B2 (en) * | 2006-12-08 | 2014-10-28 | Microsoft Corporation | Executing unsigned content and securing access in a closed system |
US20080263679A1 (en) * | 2007-04-23 | 2008-10-23 | Microsoft Corporation | Storing information in closed computing devices |
CN101911089B (en) * | 2008-01-21 | 2013-06-12 | 索尼公司 | Information processing device, disc, information processing method, and program |
JP2009271589A (en) * | 2008-04-30 | 2009-11-19 | Sony Corp | Information processor, its control method, control program, and name mapping information |
US8266448B2 (en) | 2008-12-09 | 2012-09-11 | Nvidia Corporation | Apparatus, system, method, and computer program product for generating and securing a program capable of being executed utilizing a processor to decrypt content |
US8868925B2 (en) | 2008-12-09 | 2014-10-21 | Nvidia Corporation | Method and apparatus for the secure processing of confidential content within a virtual machine of a processor |
KR101023709B1 (en) * | 2008-12-30 | 2011-03-25 | 한국전기연구원 | encryption system for remote inspecting and method for changing key thereof |
US8869289B2 (en) * | 2009-01-28 | 2014-10-21 | Microsoft Corporation | Software application verification |
US8402280B1 (en) | 2009-10-15 | 2013-03-19 | Nvidia Corporation | System, method, and computer program product for buffering in association with audio/video digital rights management (DRM) processing |
KR101138152B1 (en) * | 2009-10-23 | 2012-04-24 | 에스케이플래닛 주식회사 | Conditional storing system and method for iptv |
US9961052B2 (en) * | 2013-06-28 | 2018-05-01 | Extreme Networks, Inc. | Virtualized host ID key sharing |
CN104283680A (en) * | 2013-07-05 | 2015-01-14 | 腾讯科技(深圳)有限公司 | Data transmission method, client side, server and system |
KR101790948B1 (en) * | 2015-10-26 | 2017-10-27 | 삼성에스디에스 주식회사 | Apparatus and method for providing drm service, apparatus and method for playing contents using drm service |
CN106789092A (en) * | 2017-02-28 | 2017-05-31 | 河源弘稼农业科技有限公司 | Cipher key transmission methods, cipher key delivery device, server and communication equipment |
JP7195796B2 (en) * | 2018-07-23 | 2022-12-26 | キヤノン株式会社 | Information processing device, control method for information processing device, and program |
KR102216869B1 (en) * | 2019-05-28 | 2021-02-17 | 국민대학교산학협력단 | Apparatus and method for decrypting end-to-end encrypted files |
US11394538B2 (en) * | 2019-11-05 | 2022-07-19 | David Lee Anthony Ramirez | System and method for verifying the no-later-than date-of-existence, data integrity, identity of the recorder, and timestamp of the recording for digital content |
Citations (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5473692A (en) * | 1994-09-07 | 1995-12-05 | Intel Corporation | Roving software license for a hardware agent |
US5774552A (en) * | 1995-12-13 | 1998-06-30 | Ncr Corporation | Method and apparatus for retrieving X.509 certificates from an X.500 directory |
US6189098B1 (en) * | 1996-05-15 | 2001-02-13 | Rsa Security Inc. | Client/server protocol for proving authenticity |
US6249867B1 (en) * | 1998-07-31 | 2001-06-19 | Lucent Technologies Inc. | Method for transferring sensitive information using initially unsecured communication |
US20010034834A1 (en) * | 2000-02-29 | 2001-10-25 | Shinako Matsuyama | Public-key-encryption data-communication system and data-communication-system forming method |
US20020104019A1 (en) * | 2001-01-31 | 2002-08-01 | Masayuki Chatani | Method and system for securely distributing computer software products |
US20030016819A1 (en) * | 2001-07-20 | 2003-01-23 | Lebin Cheng | Secure socket layer (SSL) load generation with handshake replay |
US20030097566A1 (en) * | 2001-11-22 | 2003-05-22 | Yoko Kumagai | Public key certificate generation method, validation method and apparatus thereof |
US20040103283A1 (en) * | 2000-08-18 | 2004-05-27 | Zoltan Hornak | Method and system for authentification of a mobile user via a gateway |
US20040223741A1 (en) * | 2003-05-06 | 2004-11-11 | Yoo Jea Yong | Recording medium having data structure for managing video data and additional content data thereof and recording and reproducing methods and apparatuses |
US20060153021A1 (en) * | 2005-01-07 | 2006-07-13 | Seo Kang S | Method and apparatus for reproducing data from recording medium using local storage |
US20060155786A1 (en) * | 2005-01-10 | 2006-07-13 | Seo Kang S | Recording medium, and method and apparatus for reproducing data from recording medium using local storage |
US20060153017A1 (en) * | 2005-01-07 | 2006-07-13 | Kim Kun S | Method and apparatus for protecting shared data and method and apparatus for reproducing data from recording medium using local storage |
US20060156010A1 (en) * | 2005-01-07 | 2006-07-13 | Kim Kun S | Apparatus for reproducing data, method thereof and recording medium |
US20080133564A1 (en) * | 2004-11-09 | 2008-06-05 | Thomson Licensing | Bonding Contents On Separate Storage Media |
Family Cites Families (32)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6580870B1 (en) | 1997-11-28 | 2003-06-17 | Kabushiki Kaisha Toshiba | Systems and methods for reproducing audiovisual information with external information |
CN1153140C (en) * | 1998-01-16 | 2004-06-09 | 马克罗韦森公司 | System and method for authenticating peer components |
JP2000269950A (en) * | 1999-03-12 | 2000-09-29 | Matsushita Electric Ind Co Ltd | Copyright protection system |
JP2000357196A (en) * | 1999-04-13 | 2000-12-26 | Sony Corp | Device and method for information processing, device and method for management, provided medium, system and method for providing information, and device for information transmission |
JP2001083874A (en) * | 1999-09-14 | 2001-03-30 | Sony Corp | Information provision system, information regulator, information signal receiver and information provision method |
WO2001082610A1 (en) | 2000-04-21 | 2001-11-01 | Sony Corporation | Information processing apparatus and method, program, and recorded medium |
JP2002063543A (en) * | 2000-06-09 | 2002-02-28 | Dainippon Printing Co Ltd | Producing device and providing device electronic form |
US20010056533A1 (en) * | 2000-06-23 | 2001-12-27 | Peter Yianilos | Secure and open computer platform |
JP2002009763A (en) * | 2000-06-26 | 2002-01-11 | Sanyo Electric Co Ltd | Data reproduction device, terminal using it, and reproduction method |
JP4655345B2 (en) * | 2000-08-31 | 2011-03-23 | ソニー株式会社 | Information processing apparatus, information processing method, and program providing medium |
JP2002236622A (en) * | 2001-02-13 | 2002-08-23 | Sony Corp | Device for regenerating information device for recording information, method of regenerating information, method of recording information, recording medium for information, and medium for recording program |
JP2003087235A (en) * | 2001-09-11 | 2003-03-20 | Sony Corp | Contents key delivery system, method for delivering contents key, information processor, and computer program |
US7031473B2 (en) | 2001-11-13 | 2006-04-18 | Microsoft Corporation | Network architecture for secure communications between two console-based gaming systems |
JP4145118B2 (en) | 2001-11-26 | 2008-09-03 | 松下電器産業株式会社 | Application authentication system |
JP4393733B2 (en) * | 2001-11-27 | 2010-01-06 | 大日本印刷株式会社 | Portable information recording medium |
CA2479619C (en) * | 2002-03-20 | 2008-05-20 | Research In Motion Limited | Certificate information storage system and method |
JP4217025B2 (en) * | 2002-04-12 | 2009-01-28 | 日本放送協会 | Content user registration server and program and method thereof, content distribution server and program thereof, content reproduction apparatus and program thereof |
US7523490B2 (en) * | 2002-05-15 | 2009-04-21 | Microsoft Corporation | Session key security protocol |
JP3791464B2 (en) * | 2002-06-07 | 2006-06-28 | ソニー株式会社 | Access authority management system, relay server and method, and computer program |
JP2004054798A (en) * | 2002-07-23 | 2004-02-19 | Kenwood Corp | Program authentication apparatus, program signature apparatus, program authentication method, program signature method, and program |
EP2246857A3 (en) * | 2002-09-12 | 2010-12-01 | Panasonic Corporation | Recording medium, playback device, program, playback method, and recording method |
JP2004153590A (en) * | 2002-10-31 | 2004-05-27 | Hitachi Ltd | Contents distribution method and contents storage device therefor |
JP2004157703A (en) * | 2002-11-06 | 2004-06-03 | Hitachi Ltd | Content protection system |
US7664372B2 (en) | 2002-11-20 | 2010-02-16 | Lg Electronics Inc. | Recording medium having data structure for managing reproduction of multiple component data recorded thereon and recording and reproducing methods and apparatuses |
US7634779B2 (en) | 2002-11-20 | 2009-12-15 | Sun Microsystems, Inc. | Interpretation of DVD assembly language programs in Java TV-based interactive digital television environments |
US7305711B2 (en) * | 2002-12-10 | 2007-12-04 | Intel Corporation | Public key media key block |
JP4226309B2 (en) * | 2002-12-11 | 2009-02-18 | 日本放送協会 | User certificate issuing server and program thereof, user authentication server and program thereof, content acquisition authentication device and program thereof |
JP4525350B2 (en) * | 2003-01-15 | 2010-08-18 | ソニー株式会社 | Signal processing system |
JP2004234189A (en) * | 2003-01-29 | 2004-08-19 | Mitsubishi Electric Information Systems Corp | Signature data verification support system and signature data verification support program |
JP2004311000A (en) * | 2003-03-24 | 2004-11-04 | Matsushita Electric Ind Co Ltd | Recording device and copyright protection system |
TW200518070A (en) * | 2003-10-10 | 2005-06-01 | Matsushita Electric Ind Co Ltd | Recording medium, reproduction device, program, and reproduction method |
JP2004103239A (en) * | 2003-10-20 | 2004-04-02 | Sony Computer Entertainment Inc | Disk-like recording medium, and device and method for reproducing the same |
-
2005
- 2005-11-25 KR KR1020050113647A patent/KR20060081336A/en not_active Application Discontinuation
- 2005-11-25 KR KR1020050113648A patent/KR20060081337A/en not_active Application Discontinuation
- 2005-12-07 KR KR1020050118682A patent/KR20060081339A/en not_active Application Discontinuation
-
2006
- 2006-01-02 CN CNA2006800018352A patent/CN101099211A/en active Pending
- 2006-01-02 JP JP2007550283A patent/JP2008527833A/en active Pending
- 2006-01-02 CN CNA2006800019942A patent/CN101103590A/en active Pending
- 2006-01-02 CN CN2006800018437A patent/CN101099212B/en not_active Expired - Fee Related
- 2006-01-02 JP JP2007550285A patent/JP2008527599A/en active Pending
- 2006-01-05 US US11/325,468 patent/US20060155991A1/en not_active Abandoned
- 2006-01-05 US US11/325,457 patent/US7668439B2/en not_active Expired - Fee Related
Patent Citations (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5473692A (en) * | 1994-09-07 | 1995-12-05 | Intel Corporation | Roving software license for a hardware agent |
US5774552A (en) * | 1995-12-13 | 1998-06-30 | Ncr Corporation | Method and apparatus for retrieving X.509 certificates from an X.500 directory |
US6189098B1 (en) * | 1996-05-15 | 2001-02-13 | Rsa Security Inc. | Client/server protocol for proving authenticity |
US6249867B1 (en) * | 1998-07-31 | 2001-06-19 | Lucent Technologies Inc. | Method for transferring sensitive information using initially unsecured communication |
US20010034834A1 (en) * | 2000-02-29 | 2001-10-25 | Shinako Matsuyama | Public-key-encryption data-communication system and data-communication-system forming method |
US20040103283A1 (en) * | 2000-08-18 | 2004-05-27 | Zoltan Hornak | Method and system for authentification of a mobile user via a gateway |
US20020104019A1 (en) * | 2001-01-31 | 2002-08-01 | Masayuki Chatani | Method and system for securely distributing computer software products |
US20030016819A1 (en) * | 2001-07-20 | 2003-01-23 | Lebin Cheng | Secure socket layer (SSL) load generation with handshake replay |
US20030097566A1 (en) * | 2001-11-22 | 2003-05-22 | Yoko Kumagai | Public key certificate generation method, validation method and apparatus thereof |
US20040223741A1 (en) * | 2003-05-06 | 2004-11-11 | Yoo Jea Yong | Recording medium having data structure for managing video data and additional content data thereof and recording and reproducing methods and apparatuses |
US20080133564A1 (en) * | 2004-11-09 | 2008-06-05 | Thomson Licensing | Bonding Contents On Separate Storage Media |
US20060153021A1 (en) * | 2005-01-07 | 2006-07-13 | Seo Kang S | Method and apparatus for reproducing data from recording medium using local storage |
US20060153017A1 (en) * | 2005-01-07 | 2006-07-13 | Kim Kun S | Method and apparatus for protecting shared data and method and apparatus for reproducing data from recording medium using local storage |
US20060156010A1 (en) * | 2005-01-07 | 2006-07-13 | Kim Kun S | Apparatus for reproducing data, method thereof and recording medium |
US20060153016A1 (en) * | 2005-01-07 | 2006-07-13 | Seo Kang S | Method and apparatus for reproducing data from recording medium using local storage |
US20060153022A1 (en) * | 2005-01-07 | 2006-07-13 | Seo Kang S | Method and apparatus for reproducing data from recording medium using local storage |
US20060164930A1 (en) * | 2005-01-07 | 2006-07-27 | Seo Kang S | Method and apparatus for reproducing data from recording medium using local storage |
US20060155786A1 (en) * | 2005-01-10 | 2006-07-13 | Seo Kang S | Recording medium, and method and apparatus for reproducing data from recording medium using local storage |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9112700B2 (en) * | 2006-09-08 | 2015-08-18 | Hti Ip, Llc | Personal assistance safety systems and methods |
US8781442B1 (en) * | 2006-09-08 | 2014-07-15 | Hti Ip, Llc | Personal assistance safety systems and methods |
US20140294180A1 (en) * | 2006-09-08 | 2014-10-02 | Hti Ip, Llc | Personal Assistance Safety Systems and Methods |
US20080098214A1 (en) * | 2006-10-24 | 2008-04-24 | Antonio Rodriguez Martinez | Encryption/decryption method, method for safe data transfer across a network, computer program products and computer readable media |
US20080301465A1 (en) * | 2007-06-04 | 2008-12-04 | Microsoft Corporation | Protection of software transmitted over an unprotected interface |
US20100095360A1 (en) * | 2008-10-14 | 2010-04-15 | International Business Machines Corporation | Method and system for authentication |
US9112910B2 (en) * | 2008-10-14 | 2015-08-18 | International Business Machines Corporation | Method and system for authentication |
US9882723B2 (en) | 2008-10-14 | 2018-01-30 | International Business Machines Corporation | Method and system for authentication |
US20180012027A1 (en) * | 2014-12-24 | 2018-01-11 | International Business Machines Corporation | Recording data and using the recorded data |
US9904790B2 (en) | 2014-12-24 | 2018-02-27 | International Business Machines Corporation | Recording data and using the recorded data |
US9973482B2 (en) | 2014-12-24 | 2018-05-15 | International Business Machines Corporation | Recording data and using the recorded data |
US10397205B2 (en) * | 2014-12-24 | 2019-08-27 | International Business Machines Corporation | Recording data and using the recorded data |
US10397204B2 (en) | 2014-12-24 | 2019-08-27 | International Business Machines Corporation | Recording data and using the recorded data |
Also Published As
Publication number | Publication date |
---|---|
KR20060081336A (en) | 2006-07-12 |
KR20060081339A (en) | 2006-07-12 |
CN101099211A (en) | 2008-01-02 |
JP2008527599A (en) | 2008-07-24 |
US7668439B2 (en) | 2010-02-23 |
CN101099212B (en) | 2010-12-08 |
KR20060081337A (en) | 2006-07-12 |
JP2008527833A (en) | 2008-07-24 |
US20060156010A1 (en) | 2006-07-13 |
CN101099212A (en) | 2008-01-02 |
CN101103590A (en) | 2008-01-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20060155991A1 (en) | Authentication method, encryption method, decryption method, cryptographic system and recording medium | |
US7596692B2 (en) | Cryptographic audit | |
US7542568B2 (en) | Encryption device a decrypting device a secret key generation device a copyright protection system and a cipher communication device | |
US20060161772A1 (en) | Secure authenticated channel | |
US7484090B2 (en) | Encryption apparatus, decryption apparatus, secret key generation apparatus, and copyright protection system | |
CN110771089A (en) | Secure communications providing forward privacy | |
US20080235810A1 (en) | Method of Authorizing Access to Content | |
US20040187001A1 (en) | Device arranged for exchanging data, and method of authenticating | |
US20070174618A1 (en) | Information security apparatus and information security system | |
US20050086504A1 (en) | Method of authenticating device using certificate, and digital content processing device for performing device authentication using the same | |
KR101452708B1 (en) | CE device management server, method for issuing DRM key using CE device management server, and computer readable medium | |
JPH11119650A (en) | Method for long-term verification of digital signature and device therefor | |
JPH09505711A (en) | Computer network encryption key distribution system | |
US20090016537A1 (en) | Method of authenticating and reproducing content using public broadcast encryption and apparatus therefor | |
KR20040108774A (en) | Authentication communication system, authentication communication apparatus, and authentication communication method | |
JP2008527874A (en) | ENCRYPTION SYSTEM, METHOD, AND COMPUTER PROGRAM (System and method for securely and conveniently processing combined state information of encryption) | |
JP2004519882A (en) | Authentication method and data transmission system | |
JP2003529253A (en) | Method and apparatus for approving and revoking credentials in a multi-level content distribution system | |
CN110958209A (en) | Bidirectional authentication method, system and terminal based on shared secret key | |
CN112383391A (en) | Data security protection method based on data attribute authorization, storage medium and terminal | |
CN113868684A (en) | Signature method, device, server, medium and signature system | |
EP1836794A2 (en) | Authentication method, encryption method, decryption method, cryptographic system and recording medium | |
Zhang et al. | License management scheme with anonymous trust for digital rights management | |
MXPA06008255A (en) | Method of authorizing access to content | |
JP2008252745A (en) | Content manager and method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: LG ELECTRONICS CO., KOREA, REPUBLIC OF Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:KIM, KUN SUK;YOO, JEA YONG;SEO, KANG SOO;REEL/FRAME:017443/0702 Effective date: 20060102 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO PAY ISSUE FEE |