USRE39802E1 - Storage medium for preventing an irregular use by a third party - Google Patents

Storage medium for preventing an irregular use by a third party Download PDF

Info

Publication number
USRE39802E1
USRE39802E1 US09/476,319 US47631999A USRE39802E US RE39802 E1 USRE39802 E1 US RE39802E1 US 47631999 A US47631999 A US 47631999A US RE39802 E USRE39802 E US RE39802E
Authority
US
United States
Prior art keywords
medium
encrypted
storage medium
computer
electronic data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
US09/476,319
Inventor
Takayuki Hasebe
Ryota Akiyama
Makoto Yoshioka
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujitsu Ltd
Original Assignee
Fujitsu Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from JP04058048A external-priority patent/JP3073590B2/en
Application filed by Fujitsu Ltd filed Critical Fujitsu Ltd
Priority to US09/476,319 priority Critical patent/USRE39802E1/en
Application granted granted Critical
Publication of USRE39802E1 publication Critical patent/USRE39802E1/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1408Protection against unauthorised use of memory or access to memory by using cryptography
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/0021Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
    • G11B20/00217Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier the cryptographic key used for encryption and/or decryption of contents recorded on or reproduced from the record carrier being read from a specific source
    • G11B20/00253Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier the cryptographic key used for encryption and/or decryption of contents recorded on or reproduced from the record carrier being read from a specific source wherein the key is stored on the record carrier
    • G11B20/00347Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier the cryptographic key used for encryption and/or decryption of contents recorded on or reproduced from the record carrier being read from a specific source wherein the key is stored on the record carrier wherein the medium identifier is used as a key

Definitions

  • the present invention relates to an electronic data protection system, and more particularly, it relates to an electronic data protection system for protecting electronic data, for example, software used for a computer and data published electronically, from being illegally copied by a third party.
  • the object of the present invention is to provide an electronic data protection system enabling certain protection of electronic data, such as software used for a computer and electronically published data from illegal copying by a third party.
  • an electronic data protection system for protecting electronic data from illegal copying by a third party, the system including:
  • the electronic data is software used in a computer.
  • the electronic data is electronically published data.
  • the storage medium stores a plurality of encrypted electronic data, and each encrypted electronic data has a different electronic data decrypting key; the vendor computer encrypts only an electronic decrypting key for the encrypted electronic data permitted by a vendor by using the medium key, and stores the encrypted electronic data key on the storage medium as the encrypted permission information; and the user computer decrypts the encrypted electronic data corresponding to the encrypted permission information.
  • the vendor computer writes the medium number on the storage medium is an un-writable form which the user computer cannot rewrite.
  • the vendor computer stores the encrypted permission information on a different storage medium, and the different storage medium is supplied for use with the user computer.
  • the vendor computer transfers the encrypted permission information to the user computer through a transmission line, and the user computer decrypts the encrypted electronic data from the storage medium based on the encrypted permission information.
  • the vendor computer sends the encrypted permission information to the user in a document, and the user computer decrypts the encrypted electronic data from the storage medium based on the encrypted permission information described in the document.
  • the storage medium is an optical magnetic disk, or a partially embossed optical disk.
  • the vendor computer further comprises a software encrypting key management table including software names and encrypting keys corresponding to respective software names.
  • the user computer further comprises a software decrypting key management table including software names and decrypting keys corresponding to respective software names.
  • FIG. 1 is a schematic block diagram of a conventional electronic data protection system
  • FIG. 2 is a principal view of the present invention
  • FIG. 3 shows one embodiment of the present invention
  • FIG. 4 is a flowchart of a storage process of software according to the present invention.
  • FIGS. 5A and 5B are explanatory views for one example of the encrypting process
  • FIG. 6 shows a software encrypting key management table according to an embodiment of the present invention
  • FIGS. 7 , 7 A and 7 B are flowcharts for generating permission information
  • FIG. 8 is an explanatory view of generation of the permission information
  • FIGS. 9 , 9 A and 9 B are flowcharts for a decrypting process of software
  • FIGS. 10A , 10 B, and 10 C are explanatory views of a program as electronic data
  • FIG. 11A , 11 B, and 11 C are explanatory views of data as electronic data
  • FIG. 12 is an explanatory view of a ROM/RAM mixed type optical magnetic disk
  • FIG. 13 is an explanatory view for permission information stored in another storage medium.
  • FIG. 14 is an explanatory view of multiple software written on one storage medium.
  • FIG. 1 is a schematic block diagram of a conventional electronic data protection system, particularly, a software protection system.
  • the feature of the conventional software protection system lies in generation of permission information 72 by using a user's personal number 91 as explained in detail below.
  • a software storage medium 71 for example, an optical magnetic disk, a CD-ROM, a floppy disk and the like, is provided by a vendor to a user. That is, the vendor provides the software storage medium 71 storing the software to the user.
  • the software storage medium 71 includes the permission information 72 and encrypted software 73 .
  • the vendor computer includes a personal key generating unit 81 , a software decrypting key 82 and an encrypting circuit 83 .
  • the user computer includes the user's personal number 91 , a personal key generating unit 92 , a decrypting circuit 93 , a software decrypting key 94 , and a decrypting circuit 95 .
  • the software is stored in the software storage medium 71 after encryption.
  • a user's personal key is generated by using the user's personal number 91 , and the software decrypting key 82 is decrypted by the user's personal key so that the encrypting circuit 83 encrypts the software decrypting key 82 to generate the permission information.
  • the permission information is stored on the software storage medium 71 .
  • the user buys the software storage medium 71 including the permission information 72 and the encrypted software 73 , and the user computer decrypts the encrypted software 73 so that it is possible to execute the unencrypted program.
  • the personal key generating unit 81 generates the personal key based on the user's personal number 91 , for example, an apparatus number of a computer.
  • the software decrypting key 82 decrypts the encrypted software 73 .
  • the encrypting circuit 83 generates the permission information 72 for storage on the software storage medium 71 .
  • the personal key generating unit 92 receives the user's personal number 91 and generates the user's personal key.
  • the decrypting circuit 93 decrypts the permission information 72 from the software storage medium 71 based on the personal key 81 .
  • the software decrypting key 94 is input to the decrypting circuit 95 , the decrypting circuit 95 decrypts the encrypting software 73 to generate the plate text software. As a result, the plain text software is loaded into a main storage of the user computer.
  • the conventional software protection system utilizes a user's personal number (or, an apparatus number of a computer) and a personal key.
  • the execution for the computer is applied by the permission information 72 so that only that computer can execute the plain text software. Accordingly, the user cannot utilize a different computer even if he is authorized. Further, it is impossible to transfer such plain text software to a third party.
  • a storage medium for storing electronic data includes a medium number.
  • a vendor authorizes use of the medium number. According to the present invention, it is possible to access only electronic data stored on the medium authorized by the vendor.
  • FIG. 2 is a principal view of the present invention.
  • the storage medium 1 includes a medium number (or medium personal number) 12 , permission information 13 , and encrypted electronic data 14 .
  • the electronic data includes computer software and electronically published data, as explained below.
  • the vendor computer includes a medium personal key generating unit 21 , an electronic data decrypting key 22 , and a decrypting unit 23 .
  • the user computer includes a medium personal key generating unit 31 , a decrypting unit 32 , an electronic data decrypting key 33 , and a decrypting unit 34 .
  • the personal key generating unit 21 and 31 generate a medium key based on the medium number 12 .
  • the encrypting unit 23 encrypts the electronic data decrypting key 22 based on the medium key.
  • the decrypting unit 32 decrypts the permission information 13 based on the medium key, and generates the electronic data decrypting key 33 . Further, the decrypting unit 34 decrypts the encrypted electronic data 14 based on the electronic data decrypting key 33 , and generates the plain text electronic data.
  • the personal key generating unit 21 generates the medium key based on the medium number
  • the encrypting unit 23 encrypts the electronic data decrypting key 22 based on the medium key
  • the encrypting unit 23 writes the encrypted data onto the storage medium 1 as the permission information 13 .
  • the personal key generating unit 31 generates the medium key based on the medium number 12 of the storage medium 1
  • the decrypting unit 32 decrypts the permission information 13 based on the personal key, and generates an original electronic data decrypting key 33
  • decrypting unit 34 decrypts the encrypted electronic data 14 based on the original electronic data decrypting key 33 , and provides the plain text electronic data.
  • a different electronic data decrypting key 22 is provided for every encrypted electronic data 14 .
  • only the medium number 12 may be written onto the storage medium 1 in the un-rewritable form by the user computer.
  • only the permission information 13 may be stored on another medium, for example, a floppy disk, by the vendor computer, and be provided for use in the user computer.
  • the vendor may transfer the permission information 13 to the user computer through a transmission line, so the user computer can decrypt the encrypted electronic data 14 based on the permission information 13 to provide the plain text electronic data.
  • the encrypted electronic data 14 there are software for operating various computers, or various types of data (character data, image data, sound data), and these are encrypted to protect content thereof. Accordingly, since the medium 1 storing the encrypted electronic data 14 includes the medium number in the un-rewritable form, the vendor computer allows use of the electronic data having the medium number. Accordingly, it is possible to use only the encrypted electronic data 14 stored on the correct medium 1 and authorized by the vendor. As a result, it is possible to transfer the stored electronic data to another user so that it is possible to use this medium 1 in another computer.
  • FIGS. 3 to 14 are explanatory views for embodiments of the present invention. As one example of electronic data shown in FIG. 2 , an explanation is given next for software used for a computer.
  • FIG. 3 shows one embodiment of the present invention.
  • the software storage medium 11 for example, an optical magnetic disk (particularly, a disk having a capacity in the range of several hundred M-byte to several G-byte), is a medium for storing software authorized by a vendor for use by a user.
  • the software storage medium 11 stores the medium number 12 in an un-rewritable form, the permission information 13 granting permission for use of the software to the user, and the encrypted software 15 .
  • the medium number 12 is a particular personal number for the medium 11 , and this medium number cannot be rewritten (i.e., is un-rewritable) by the user. That is, this medium number 12 is written into an area which the user cannot rewrite.
  • This area can be managed in various forms. For example, this area may be managed by an Operating System (OS). Further, it may be possible to arranged that this area cannot be rewritten by means of the Operating System.
  • OS Operating System
  • the permission information 13 is provided from the vendor to the user to permit use of the software.
  • this permission information 13 incorporates encrypted data for decrypting the encrypted software 15 (see, FIGS. 7 and 8 ).
  • the encrypted software 15 is shown in FIGS. 4 to 6 .
  • the vendor computer includes the personal key generating unit 21 , the software decrypting key 24 , and the encrypting unit 23 .
  • the personal key generating unit 21 generates the medium key based on the medium number 12 read from the software storage medium 11 (see, FIG. 7 ).
  • the encrypting unit 23 encrypts the software decrypting key 24 based on the medium key generated by the personal key generating unit 31 .
  • the data encrypted by the encrypting unit 23 is stored in the software storage medium 11 as the permission information 13 .
  • the user computer includes the personal key generating unit 31 , the decrypting unit 32 , the software decrypting key 35 , and the decrypting unit 34 .
  • the personal key generating unit 31 generates the medium key based on the medium number 12 read from the software storage medium 11 (see, FIG. 7 ).
  • the decrypting unit 32 decrypts the permission information 13 read from the software storage medium 11 based on the medium key generated by the personal key generating unit 31 , and generates the software decrypting key 35 (see, FIG. 9 ).
  • the decrypting unit 34 decrypts the encrypted software 15 read from the software storage medium 11 based on the software decrypting key 35 , and generates the plain text software (see, FIG. 9 ).
  • the user computer then executes the plain text software.
  • FIG. 4 is a flowchart of a storage process of the software according to the present invention. This flowchart shows the storage process of the encrypted software 15 and the encrypted permission information 13 .
  • the vendor generates the software, for example, a job program, etc., and stores the generated software onto the software storage medium.
  • the vendor generates the software encrypting key.
  • the software encrypting key is stored in an encrypting key management table (see, FIG. 6 ) corresponding to each software. That is, the encrypting key generated by step S 2 is stored in the encrypting key management table in correspondence with the name of the software generated by step S 1 .
  • step S 4 the software encrypting key corresponding to the software designated by the vendor is taken from the encrypting key management table.
  • step S 5 the vendor encrypts the plain text software by using the software encrypting key taken from the encrypting key management table to generate the encrypted software.
  • a main body of the software is encrypted by the encrypting key so as to generate the encrypted software body by using, for example, a data encryption standard (DES) which is widely used in the United States.
  • DES data encryption standard
  • FIG. 5B in the DES, the main body of the software having 64-bit train is encrypted to the same 64-bit train, but having a different bit order.
  • step S 6 the encrypted software is stored in the storage medium of the vendor (or, a manufacturer of the medium) so that it is possible to hold the once encrypted software. Accordingly, in a subsequent use of the software, the encrypting process can be omitted by the vendor since the software held on the medium is used again.
  • step S 7 the encrypted software is stored on the software storage medium 11 .
  • step S 8 the vendor determines whether or not the encrypting process for the software is completed and the encrypted software is stored on the storage medium. When the result is “YES”, the encrypting process is completed by the vendor.
  • the encrypting process returns to the step S 7 and sequentially stores the encrypted software having the name of the software designated. As explained above, the encrypted software is stored on the software storage medium 11 .
  • FIGS. 5A and 5B are explanatory views of one example of the encrypting process.
  • a header portion H includes a software name as an identifier, and a main body of the software S includes the plain text software.
  • the header portion H is not encrypted, and the main body of the software S is encrypted by the encrypting key K.
  • the encryption is performed, for example, using the DES (Data Encryption Standard) as shown in FIG. 5 B.
  • the DES is already known in the United States.
  • the 64-bit bit train of the plain text software is converted to the same 64-bit train as above, but having a different bit order.
  • the decrypting unit decrypts the encrypted 64-bit train to the plain text software by using the DES.
  • FIG. 6 shows a software encrypting key management table according to an embodiment of the present invention.
  • the software encrypting key management table 4 is formed by the same of the software and the encrypting key corresponding to the name of the software.
  • An escape character “ENC” is attached to each software name to indicate that the corresponding software is already encrypted.
  • the encrypted key is formed by a 64-bit bit train as explained above.
  • the software encrypting key is taken from the software encrypting key management table.
  • the encrypting circuit 41 encrypts the plain text software based on the software encrypting key obtained by the above (1).
  • the encrypted software is stored on the software storage medium 11 as the encrypted software 15 .
  • the above steps are repeated for all plain text software designated by the vendor. As explained above, since once encrypted software is held by the vendor, this encrypted software is stored again on the software storage medium when another user requests this plain text software.
  • the medium number 12 is provided for only the corresponding storage medium, and is written onto the medium 11 in an un-rewritable form (i.e., the medium personal number cannot be rewritten).
  • the encrypting key stored in the software encrypting key management table 4 colacides with the decrypting key when using an object key number as an encrypting algorithm.
  • the software encrypting key corresponding to the plain text software is taken from the software encrypting key management table, the plain text software is encrypted by the software encrypting key to generate the encrypted software, and the encrypting software is stored in the software storage medium 11 .
  • FIGS. 7A and 7B are flowcharts for generating permission information
  • FIG. 8 is an explanatory view of generation of the permission information. The flowchart explains that the permission information 13 is generated for the software to be authorized and stored on the software storage medium.
  • step S 11 the name of the software to be authorized is input to the software decrypting key management table 5 .
  • step S 12 the software decrypting key is loaded from the software decrypting key management table 5 .
  • the decrypting key corresponding to the name of the software to be authorized is sent from the software decrypting key management table 5 to the encrypting circuit 33 .
  • step S 13 the medium number 12 is loaded from the software storage medium 11 .
  • step S 14 the medium key is generated in the personal key generating circuit 211 . That is, as shown in FIG. 7B , the medium number (plain text, i.e., unencrypted) is encrypted by a secret key (or, a secret algorithm) so that the medium key (encrypted) is generated.
  • a secret key or, a secret algorithm
  • the secret key in not used.
  • step S 15 the software decrypting key (plain text, i.e., unencrypted) is encrypted by the medium key so that the permission information (encrypted) is generated.
  • the DES is used for the above encrypting process.
  • step S 16 the permission information encrypted by the step S 15 is stored in the software storage medium 11 .
  • the encrypted software is stored on the software storage medium 11 , the medium key 12 is read therefrom, the software decrypting key is encrypted by the medium key to generate the encrypted permission information 13 , and the encrypted permission information 13 is stored on the software storage medium 11 . Accordingly, the encrypted software 1 and the encrypted permission information 13 are stored on the software storage medium 11 .
  • the software decrypting key management table 5 is provided for massaging the software decrypting key which is used when the encrypted software 15 is decrypted to derive the plain text software.
  • the software decrypting key is managed in correspondence with the software name.
  • the software decrypting key management table 5 stores the decrypting key having the same structure as the software encrypting key management table 4 .
  • the medium number 12 is read from the software storage medium 11 .
  • the personal key generating circuit 211 receives this medium number and generates the medium key (see, step S 14 of FIG. 7 A).
  • the software decrypting key corresponding to the software to be sold is taken from the software decrypting key management table 5 , and this key is input to the encrypting circuit 231 .
  • This software decrypting key is encrypted by the personal key in the encrypting circuit 231 so that the encrypting circuit 231 generates the permission information 13 .
  • the permission information 13 includes the software name having the escape character ENC and the encrypted permission information, and this permission information 13 is stored on the software storage medium 11 .
  • the software decrypting key and the algorithm (or, the secret key) are protected by a known safety means (not shown).
  • the vendor generates the medium key based on the medium number 12 read from the software storage medium 11 , encrypts the software decrypting key based on the medium key, and stores this software decrypted key into the software storage medium 11 as the permission information 13 .
  • FIGS. 9A and 9B are a flowcharts of a decrypting process of the software.
  • the user buys the software storage medium 11 and mounts it in the user computer.
  • the software of the storage medium 11 is loaded into a main memory to execute the program.
  • step S 21 the user computer receives an instruction to execute the software.
  • step S 22 the medium number 12 is taken from the software storage medium 11 .
  • step S 23 the medium key (unencrypted) is encrypted by the secret key (or, the algorithm) to generate the encrypted medium key.
  • step S 24 the encrypted permission information is decrypted by th medium key so that the plain text software decrypting key is generated.
  • step S 25 the encrypted software 15 is read from the software storage medium 11 .
  • step S 26 the encrypted software is decrypted by the software decrypting key so that the plain text software is generated.
  • step S 27 the user computer executes the plain text software.
  • the medium key is generated based on the medium key 12 from the software storage medium 11
  • the permission information 13 is decrypted based on the medium key to generate the software decrypting key 35
  • the encrypted software is decrypted by the software decrypting key 35 to generate the plain text software.
  • FIGS. 10A , 10 B, and 10 C are explanatory views of a program as electronic data.
  • FIG. 10A shows an entire structure
  • FIG. 10B shows a flowchart
  • FIG. 10C is an explanatory view of execution of the software.
  • an optical magnetic disk 6 corresponds to the software storage medium 11 of FIGS. 2 and 3 , and stores the medium number 12 , the permission information 13 and the encrypted program 16 .
  • the user buys the optical magnetic disk 6 and mounts this disk in an optical magnetic apparatus.
  • an optical disk, a CD-ROM, a floppy disk, a hard disk, a magnetic tape, a cassette tape, and the like are known as storage media.
  • a program loader 61 has a function of a key generating process (personal key generating process 31 ) and a decrypting process (decrypting process 32 and 34 ), and loads the corresponding decrypted program from the optical magnetic disk 6 into a main storage 63 in an execution stage of the program instruction so that the execution state of the program is established.
  • the main storage 63 is formed by a RAM to expand the plain text program which is taken from the optical magnetic disk 6 .
  • step S 31 the program loader 61 receives the execution instruction for the program.
  • step S 32 the program loader 61 loads a program to be executed and decrypts it.
  • step S 33 the plain text program is expanded in the main memory to obtain an executable plain text program.
  • step S 34 the plain text program in the main memory is executed.
  • FIG. 10C a relationship between the software storage medium and the user computer is explained in detail.
  • the user computer takes the medium number 12 from the software storage medium 11 , and sends it to the personal key generating circuit 311 to generate the encrypted medium key (see, step S 23 of FIG. 9 ).
  • the decrypting circuit 321 receives the permission information 13 from the software storage medium 13 , and encrypts it based on the medium key from the generating circuit 311 . As a result, the software decrypting key 351 (corresponding to the software decrypting key 35 ) is obtained by the decrypting circuit 321 .
  • the decrypting circuit 341 receives the encrypted software 15 from the software storage medium 11 , and decrypts it based on the software decrypting key 351 to generate the plain text program, then the plain text program is stored in the main storage 63 .
  • FIG. 11A , 11 B, and 11 C are explanatory views for electronic data, for example, character data (text), symbols, image data, and sound data.
  • FIG. 11A shows an entire structure
  • FIG. 11B shows a flowchart
  • FIG. 11C is an explanatory view showing execution of the software.
  • an optical magnetic disk 6 corresponds to the software storage medium 11 of FIGS. 2 and 3 , and stores the medium number 12 , the permission information 13 and the encrypted data 17 .
  • the user buys the optical magnetic disk 6 and mounts this disk in an optical magnetic apparatus.
  • an optical disk, a CD-ROM, a floppy disk, a hard disk, a magnetic tape, a cassette tape, and the like are known as storage media.
  • a read/write (R/W) module 64 has a function of a key generating process (personal key generating process 31 ) and a decrypting process (decrypting process 32 and 34 ), and stores the corresponding decrypted data from the optical magnetic disk 6 into a main storage 63 in an execution stage of the read instruction.
  • the main storage 63 is formed by a RAM to expand the unencrypted data which is taken from the optical magnetic disk 6 .
  • step S 41 the R/W module 64 executes an application program.
  • step S 42 the R/W module 64 reads the data from the optical magnetic disk.
  • step S 43 the R/W module takes the data and encrypts it.
  • step S 44 the unencrypted data is stored in the main memory 63 .
  • step 45 the data is displayed and reproduced.
  • FIG. 11C a relationship between the data storage medium and the user computer is explained in detail.
  • the user computer takes the medium number 12 from the data storage medium 111 , and sends it to the personal key generating circuit 311 to generate the encrypted medium key (see, step S 23 of FIG. 9 ).
  • the decrypting circuit 321 receives the permission information 13 from the data storage medium 111 , and encrypts it based on the medium key from the generating circuit 311 . As a result, the data decrypting key 352 (corresponding to the software decrypting key 35 ) is obtained by the decrypting circuit 321 .
  • the decrypting circuit 341 receives the encrypted data 15 from the data storage medium 111 , and decrypts it based on the data decrypting key 351 to generate the unencrypted data, then the unencrypted data is stored in the main storage 63 .
  • FIG. 12 is an explanatory view of a ROM/RAM mixed type optical magnetic disk.
  • the ROM/RAM mixed type optical magnetic disk has un-rewritable area for storing the medium number 12 , and has a readable/writable area for the permission information 13 , and a read only area/write only area for the encrypted software 15 .
  • the medium number is given to the optical magnetic disk to write the medium number into the un-rewritable area.
  • FIG. 13 is an explanatory view of the permission information stored in another storage medium.
  • the software storage medium previously stores the medium number and the encrypted software.
  • the permission information is stored into another storage medium. This means that them medium number and the encrypted software (or, encrypted data) are previously written onto, for example, the CD-ROM which has no write area, and the permission information is previously written onto a floppy disk.
  • FIG. 14 is an explanatory view of multiple of software written onto one storage medium, for example, an optical disk and a CD-ROM.
  • the encrypting circuit encrypts a plurality of software decrypting keys 1 to N based on the personal key to generate a plurality of permission information 1 to N each corresponding to each software decrypting key 1 to N.
  • a plurality of permission information 1 to N is stored on the software storage medium.
  • the medium number 12 is stored on the storage medium 1 which stores the encrypted electronic data in the un-rewritable form, and permission to use the electronic data is given by the medium key 12 . Accordingly, it is possible to use only the encrypted electronic data stored in correct medium 1 as authorized by the vendor so that it is possible to prevent illegal copying by a third party. Further, it is possible to transfer the electronic data stored in the storage medium 1 . Still further, it is possible to use the same storage medium in another computer. Still further, it is possible to store a plurality of electronic data in one medium. Still further, it is possible to individually sell the storage medium.

Abstract

A storage medium stores encrypted electronic data, a medium personal number which is unique for each storage medium and encrypted permission information. At least the medium personal number is written onto the storage medium in an un-rewritable form which a user computer cannot rewrite.

Description

This is a division of application Ser. No. 08/341,176 filed on Nov. 18, 1994, now U.S. Pat. No. 5,555,304 which is a divisional of application Ser. No. 08/031,339 filed on Mar. 15, 1993 now U.S. Pat. No. 5,392,351.
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to an electronic data protection system, and more particularly, it relates to an electronic data protection system for protecting electronic data, for example, software used for a computer and data published electronically, from being illegally copied by a third party.
2. Description of the Related Art
Recently, various computers, electronic publishing and the like, which utilize electronic data, are widely used in various fields. In general, software and electronic data are protected by copyright is various countries.
However, it is relatively easy for a third party to illegally copy electronic data suffers significant damage in that he cannot derive legitimate benefits. As a result of this damage, the cost of electronic data, i.e., the software and electronically published data rises so that users also suffer due to increased prices.
Accordingly, it is necessary to provide a protection system for electronic data, such as software and electronically published data, in addition to protection by means of copyright.
SUMMARY OF THE INVENTION
The object of the present invention is to provide an electronic data protection system enabling certain protection of electronic data, such as software used for a computer and electronically published data from illegal copying by a third party.
In accordance with the present invention, there is provided an electronic data protection system for protecting electronic data from illegal copying by a third party, the system including:
    • a storage medium for storing an encrypted electronic data, a medium number and as encrypted permission information; a vendor computer having a personal key generating unit for generating a medium key based on the medium number, an electronic data decrypting key, and an encrypting unit for encrypting the electronic data decrypting key based on the medium key to generate the encrypted permission information; and a user computer having a personal key generating unit for generating a medium key based on the medium number, a decrypting unit for decrypting the encrypted permission information based on the medium key to generate an electronic data decrypting key which is the same as the electronic data decrypting key of the vendor computer, and a decrypting unit for decrypting the encrypted electronic data based on the electronic data decrypting key to generate plain text (unencrypted) electronic data.
In a preferred embodiment, the electronic data is software used in a computer.
In another preferred embodiment, the electronic data is electronically published data.
In still another preferred embodiment, the storage medium stores a plurality of encrypted electronic data, and each encrypted electronic data has a different electronic data decrypting key; the vendor computer encrypts only an electronic decrypting key for the encrypted electronic data permitted by a vendor by using the medium key, and stores the encrypted electronic data key on the storage medium as the encrypted permission information; and the user computer decrypts the encrypted electronic data corresponding to the encrypted permission information.
In still another preferred embodiment, the vendor computer writes the medium number on the storage medium is an un-writable form which the user computer cannot rewrite.
In still another preferred embodiment, the vendor computer stores the encrypted permission information on a different storage medium, and the different storage medium is supplied for use with the user computer.
In still another preferred embodiment, the vendor computer transfers the encrypted permission information to the user computer through a transmission line, and the user computer decrypts the encrypted electronic data from the storage medium based on the encrypted permission information.
In still another preferred embodiment, the vendor computer sends the encrypted permission information to the user in a document, and the user computer decrypts the encrypted electronic data from the storage medium based on the encrypted permission information described in the document.
In still another preferred embodiment, the storage medium is an optical magnetic disk, or a partially embossed optical disk.
In still another preferred embodiment, the vendor computer further comprises a software encrypting key management table including software names and encrypting keys corresponding to respective software names.
In still another preferred embodiment, the user computer further comprises a software decrypting key management table including software names and decrypting keys corresponding to respective software names.
BRIEF EXPLANATION OF THE DRAWINGS
In the drawings:
FIG. 1 is a schematic block diagram of a conventional electronic data protection system;
FIG. 2 is a principal view of the present invention;
FIG. 3 shows one embodiment of the present invention;
FIG. 4 is a flowchart of a storage process of software according to the present invention;
FIGS. 5A and 5B are explanatory views for one example of the encrypting process;
FIG. 6 shows a software encrypting key management table according to an embodiment of the present invention;
FIGS. 7, 7A and 7B are flowcharts for generating permission information;
FIG. 8 is an explanatory view of generation of the permission information;
FIGS. 9, 9A and 9B are flowcharts for a decrypting process of software;
FIGS. 10A, 10B, and 10C are explanatory views of a program as electronic data;
FIG. 11A, 11B, and 11C are explanatory views of data as electronic data;
FIG. 12 is an explanatory view of a ROM/RAM mixed type optical magnetic disk;
FIG. 13 is an explanatory view for permission information stored in another storage medium; and
FIG. 14 is an explanatory view of multiple software written on one storage medium.
DESCRIPTION OF THE PREFERRED EMBODIMENTS
Before describing the preferred embodiments, a conventional art and its problems will be explained below.
FIG. 1 is a schematic block diagram of a conventional electronic data protection system, particularly, a software protection system. The feature of the conventional software protection system lies in generation of permission information 72 by using a user's personal number 91 as explained in detail below.
As shown in the drawing, a software storage medium 71, for example, an optical magnetic disk, a CD-ROM, a floppy disk and the like, is provided by a vendor to a user. That is, the vendor provides the software storage medium 71 storing the software to the user. The software storage medium 71 includes the permission information 72 and encrypted software 73. The vendor computer includes a personal key generating unit 81, a software decrypting key 82 and an encrypting circuit 83. Further, the user computer includes the user's personal number 91, a personal key generating unit 92, a decrypting circuit 93, a software decrypting key 94, and a decrypting circuit 95.
The software is stored in the software storage medium 71 after encryption. A user's personal key is generated by using the user's personal number 91, and the software decrypting key 82 is decrypted by the user's personal key so that the encrypting circuit 83 encrypts the software decrypting key 82 to generate the permission information. The permission information is stored on the software storage medium 71.
The user buys the software storage medium 71 including the permission information 72 and the encrypted software 73, and the user computer decrypts the encrypted software 73 so that it is possible to execute the unencrypted program.
In the vendor computer, the personal key generating unit 81 generates the personal key based on the user's personal number 91, for example, an apparatus number of a computer. The software decrypting key 82 decrypts the encrypted software 73. The encrypting circuit 83 generates the permission information 72 for storage on the software storage medium 71.
In the user computer, the personal key generating unit 92 receives the user's personal number 91 and generates the user's personal key. The decrypting circuit 93 decrypts the permission information 72 from the software storage medium 71 based on the personal key 81. The software decrypting key 94 is input to the decrypting circuit 95, the decrypting circuit 95 decrypts the encrypting software 73 to generate the plate text software. As a result, the plain text software is loaded into a main storage of the user computer.
An explained above, the conventional software protection system utilizes a user's personal number (or, an apparatus number of a computer) and a personal key.
In use of the personal number for the computer, the execution for the computer is applied by the permission information 72 so that only that computer can execute the plain text software. Accordingly, the user cannot utilize a different computer even if he is authorized. Further, it is impossible to transfer such plain text software to a third party.
In use of the personal number for portable hardware, it is necessary to provide an interface between the hardware and the computer so that the total cost for protection rises.
As a feature of the present invention, a storage medium for storing electronic data includes a medium number. A vendor authorizes use of the medium number. According to the present invention, it is possible to access only electronic data stored on the medium authorized by the vendor.
FIG. 2 is a principal view of the present invention. In FIG. 2, the storage medium 1 includes a medium number (or medium personal number) 12, permission information 13, and encrypted electronic data 14. In the present invention, the electronic data includes computer software and electronically published data, as explained below. The vendor computer includes a medium personal key generating unit 21, an electronic data decrypting key 22, and a decrypting unit 23. The user computer includes a medium personal key generating unit 31, a decrypting unit 32, an electronic data decrypting key 33, and a decrypting unit 34.
The personal key generating unit 21 and 31 generate a medium key based on the medium number 12. The encrypting unit 23 encrypts the electronic data decrypting key 22 based on the medium key.
The decrypting unit 32 decrypts the permission information 13 based on the medium key, and generates the electronic data decrypting key 33. Further, the decrypting unit 34 decrypts the encrypted electronic data 14 based on the electronic data decrypting key 33, and generates the plain text electronic data.
In the present invention, briefly, only the medium number 13 and the encrypted electronic data 14 are previously stored in the storage medium 1.
In the vendor computer, the personal key generating unit 21 generates the medium key based on the medium number, the encrypting unit 23 encrypts the electronic data decrypting key 22 based on the medium key, and the encrypting unit 23 writes the encrypted data onto the storage medium 1 as the permission information 13.
In the user computer, the personal key generating unit 31 generates the medium key based on the medium number 12 of the storage medium 1, the decrypting unit 32 decrypts the permission information 13 based on the personal key, and generates an original electronic data decrypting key 33, and decrypting unit 34 decrypts the encrypted electronic data 14 based on the original electronic data decrypting key 33, and provides the plain text electronic data.
Further, a different electronic data decrypting key 22 is provided for every encrypted electronic data 14. Only the electronic data decrypting key 22 of the encrypted electronic data 14. In which the use is permitted in the vendor computer, is encrypted by the medium key, and stored on the storage medium 1 as the permission information 13. Further, only the encrypted electronic data corresponding to this permission information 13 stored on the storage medium 1 is decrypted in the user computer to provide the plain text electronic data.
Still further, only the medium number 12 may be written onto the storage medium 1 in the un-rewritable form by the user computer. Still further, only the permission information 13 may be stored on another medium, for example, a floppy disk, by the vendor computer, and be provided for use in the user computer. Still further, the vendor may transfer the permission information 13 to the user computer through a transmission line, so the user computer can decrypt the encrypted electronic data 14 based on the permission information 13 to provide the plain text electronic data.
In this case, as the encrypted electronic data 14, there are software for operating various computers, or various types of data (character data, image data, sound data), and these are encrypted to protect content thereof. Accordingly, since the medium 1 storing the encrypted electronic data 14 includes the medium number in the un-rewritable form, the vendor computer allows use of the electronic data having the medium number. Accordingly, it is possible to use only the encrypted electronic data 14 stored on the correct medium 1 and authorized by the vendor. As a result, it is possible to transfer the stored electronic data to another user so that it is possible to use this medium 1 in another computer.
FIGS. 3 to 14 are explanatory views for embodiments of the present invention. As one example of electronic data shown in FIG. 2, an explanation is given next for software used for a computer.
FIG. 3 shows one embodiment of the present invention. In FIG. 3, the software storage medium 11, for example, an optical magnetic disk (particularly, a disk having a capacity in the range of several hundred M-byte to several G-byte), is a medium for storing software authorized by a vendor for use by a user. The software storage medium 11 stores the medium number 12 in an un-rewritable form, the permission information 13 granting permission for use of the software to the user, and the encrypted software 15.
The medium number 12 is a particular personal number for the medium 11, and this medium number cannot be rewritten (i.e., is un-rewritable) by the user. That is, this medium number 12 is written into an area which the user cannot rewrite. This area can be managed in various forms. For example, this area may be managed by an Operating System (OS). Further, it may be possible to arranged that this area cannot be rewritten by means of the Operating System.
The permission information 13 is provided from the vendor to the user to permit use of the software. In this case, this permission information 13 incorporates encrypted data for decrypting the encrypted software 15 (see, FIGS. 7 and 8). The encrypted software 15 is shown in FIGS. 4 to 6.
The vendor computer includes the personal key generating unit 21, the software decrypting key 24, and the encrypting unit 23. The personal key generating unit 21 generates the medium key based on the medium number 12 read from the software storage medium 11 (see, FIG. 7). The encrypting unit 23 encrypts the software decrypting key 24 based on the medium key generated by the personal key generating unit 31. The data encrypted by the encrypting unit 23 is stored in the software storage medium 11 as the permission information 13.
The user computer includes the personal key generating unit 31, the decrypting unit 32, the software decrypting key 35, and the decrypting unit 34. The personal key generating unit 31 generates the medium key based on the medium number 12 read from the software storage medium 11 (see, FIG. 7). The decrypting unit 32 decrypts the permission information 13 read from the software storage medium 11 based on the medium key generated by the personal key generating unit 31, and generates the software decrypting key 35 (see, FIG. 9). The decrypting unit 34 decrypts the encrypted software 15 read from the software storage medium 11 based on the software decrypting key 35, and generates the plain text software (see, FIG. 9). The user computer then executes the plain text software.
FIG. 4 is a flowchart of a storage process of the software according to the present invention. This flowchart shows the storage process of the encrypted software 15 and the encrypted permission information 13. In step S1, the vendor generates the software, for example, a job program, etc., and stores the generated software onto the software storage medium. In step S2, the vendor generates the software encrypting key. In step S3, the software encrypting key is stored in an encrypting key management table (see, FIG. 6) corresponding to each software. That is, the encrypting key generated by step S2 is stored in the encrypting key management table in correspondence with the name of the software generated by step S1.
In step S4, the software encrypting key corresponding to the software designated by the vendor is taken from the encrypting key management table. In step S5, the vendor encrypts the plain text software by using the software encrypting key taken from the encrypting key management table to generate the encrypted software. As shown in FIG. 5, a main body of the software is encrypted by the encrypting key so as to generate the encrypted software body by using, for example, a data encryption standard (DES) which is widely used in the United States. As shown in FIG. 5B, in the DES, the main body of the software having 64-bit train is encrypted to the same 64-bit train, but having a different bit order.
In step S6, the encrypted software is stored in the storage medium of the vendor (or, a manufacturer of the medium) so that it is possible to hold the once encrypted software. Accordingly, in a subsequent use of the software, the encrypting process can be omitted by the vendor since the software held on the medium is used again. In step S7, the encrypted software is stored on the software storage medium 11. In step S8, the vendor determines whether or not the encrypting process for the software is completed and the encrypted software is stored on the storage medium. When the result is “YES”, the encrypting process is completed by the vendor.
When the result is “NO”, the encrypting process returns to the step S7 and sequentially stores the encrypted software having the name of the software designated. As explained above, the encrypted software is stored on the software storage medium 11.
FIGS. 5A and 5B are explanatory views of one example of the encrypting process. A header portion H includes a software name as an identifier, and a main body of the software S includes the plain text software. The header portion H is not encrypted, and the main body of the software S is encrypted by the encrypting key K. The encryption is performed, for example, using the DES (Data Encryption Standard) as shown in FIG. 5B. The DES is already known in the United States.
As shown in FIG. 5B, according to the encrypting process of the DES, the 64-bit bit train of the plain text software is converted to the same 64-bit train as above, but having a different bit order. The decrypting unit decrypts the encrypted 64-bit train to the plain text software by using the DES.
FIG. 6 shows a software encrypting key management table according to an embodiment of the present invention. As shown in the drawing, the software encrypting key management table 4 is formed by the same of the software and the encrypting key corresponding to the name of the software. An escape character “ENC” is attached to each software name to indicate that the corresponding software is already encrypted. Further, the encrypted key is formed by a 64-bit bit train as explained above.
(1) Regarding the plain text software to be stored onto the storage medium, the software encrypting key is taken from the software encrypting key management table.
(2) The encrypting circuit 41 encrypts the plain text software based on the software encrypting key obtained by the above (1).
(3) The encrypted software is stored on the software storage medium 11 as the encrypted software 15.
The above steps are repeated for all plain text software designated by the vendor. As explained above, since once encrypted software is held by the vendor, this encrypted software is stored again on the software storage medium when another user requests this plain text software. The medium number 12 is provided for only the corresponding storage medium, and is written onto the medium 11 in an un-rewritable form (i.e., the medium personal number cannot be rewritten).
Further, the encrypting key stored in the software encrypting key management table 4 colacides with the decrypting key when using an object key number as an encrypting algorithm. As explained above, the software encrypting key corresponding to the plain text software is taken from the software encrypting key management table, the plain text software is encrypted by the software encrypting key to generate the encrypted software, and the encrypting software is stored in the software storage medium 11.
FIGS. 7A and 7B are flowcharts for generating permission information, and FIG. 8 is an explanatory view of generation of the permission information. The flowchart explains that the permission information 13 is generated for the software to be authorized and stored on the software storage medium.
In step S11, the name of the software to be authorized is input to the software decrypting key management table 5. In step S12, the software decrypting key is loaded from the software decrypting key management table 5. As shown in FIG. 8, the decrypting key corresponding to the name of the software to be authorized is sent from the software decrypting key management table 5 to the encrypting circuit 33.
In step S13, the medium number 12 is loaded from the software storage medium 11. In step S14, the medium key is generated in the personal key generating circuit 211. That is, as shown in FIG. 7B, the medium number (plain text, i.e., unencrypted) is encrypted by a secret key (or, a secret algorithm) so that the medium key (encrypted) is generated. In general, in use of the DES, a secret key is used, and in use of a secret algorithm, the secret key in not used.
In step S15, the software decrypting key (plain text, i.e., unencrypted) is encrypted by the medium key so that the permission information (encrypted) is generated. The DES is used for the above encrypting process. In step S16, the permission information encrypted by the step S15 is stored in the software storage medium 11.
As explained above, briefly, the encrypted software is stored on the software storage medium 11, the medium key 12 is read therefrom, the software decrypting key is encrypted by the medium key to generate the encrypted permission information 13, and the encrypted permission information 13 is stored on the software storage medium 11. Accordingly, the encrypted software 1 and the encrypted permission information 13 are stored on the software storage medium 11.
In FIG. 8, the software decrypting key management table 5 is provided for massaging the software decrypting key which is used when the encrypted software 15 is decrypted to derive the plain text software. The software decrypting key is managed in correspondence with the software name. The software decrypting key management table 5 stores the decrypting key having the same structure as the software encrypting key management table 4.
(1) When the vendor sells permission information to a user, the medium number 12 is read from the software storage medium 11. The personal key generating circuit 211 receives this medium number and generates the medium key (see, step S14 of FIG. 7A).
(2) Next, the software decrypting key corresponding to the software to be sold is taken from the software decrypting key management table 5, and this key is input to the encrypting circuit 231. This software decrypting key is encrypted by the personal key in the encrypting circuit 231 so that the encrypting circuit 231 generates the permission information 13. The permission information 13 includes the software name having the escape character ENC and the encrypted permission information, and this permission information 13 is stored on the software storage medium 11. In this case, the software decrypting key and the algorithm (or, the secret key) are protected by a known safety means (not shown).
As explained above, the vendor generates the medium key based on the medium number 12 read from the software storage medium 11, encrypts the software decrypting key based on the medium key, and stores this software decrypted key into the software storage medium 11 as the permission information 13.
FIGS. 9A and 9B are a flowcharts of a decrypting process of the software. The user buys the software storage medium 11 and mounts it in the user computer. The software of the storage medium 11 is loaded into a main memory to execute the program.
In step S21, the user computer receives an instruction to execute the software. In step S22, the medium number 12 is taken from the software storage medium 11. In step S23, the medium key (unencrypted) is encrypted by the secret key (or, the algorithm) to generate the encrypted medium key. In step S24, the encrypted permission information is decrypted by th medium key so that the plain text software decrypting key is generated.
In step S25, the encrypted software 15 is read from the software storage medium 11. In step S26, the encrypted software is decrypted by the software decrypting key so that the plain text software is generated. In step S27, the user computer executes the plain text software.
As explained above, briefly, the medium key is generated based on the medium key 12 from the software storage medium 11, the permission information 13 is decrypted based on the medium key to generate the software decrypting key 35, and the encrypted software is decrypted by the software decrypting key 35 to generate the plain text software.
FIGS. 10A, 10B, and 10C are explanatory views of a program as electronic data. FIG. 10A shows an entire structure, FIG. 10B shows a flowchart, and FIG. 10C is an explanatory view of execution of the software. In FIG. 10A, an optical magnetic disk 6 corresponds to the software storage medium 11 of FIGS. 2 and 3, and stores the medium number 12, the permission information 13 and the encrypted program 16. The user buys the optical magnetic disk 6 and mounts this disk in an optical magnetic apparatus. As other examples, an optical disk, a CD-ROM, a floppy disk, a hard disk, a magnetic tape, a cassette tape, and the like are known as storage media.
A program loader 61 has a function of a key generating process (personal key generating process 31) and a decrypting process (decrypting process 32 and 34), and loads the corresponding decrypted program from the optical magnetic disk 6 into a main storage 63 in an execution stage of the program instruction so that the execution state of the program is established. The main storage 63 is formed by a RAM to expand the plain text program which is taken from the optical magnetic disk 6.
In FIG. 10B, in step S31, the program loader 61 receives the execution instruction for the program. In step S32, the program loader 61 loads a program to be executed and decrypts it. In step S33, the plain text program is expanded in the main memory to obtain an executable plain text program. In step S34, the plain text program in the main memory is executed.
In FIG. 10C, a relationship between the software storage medium and the user computer is explained in detail.
(1) The user computer takes the medium number 12 from the software storage medium 11, and sends it to the personal key generating circuit 311 to generate the encrypted medium key (see, step S23 of FIG. 9).
(2) The decrypting circuit 321 receives the permission information 13 from the software storage medium 13, and encrypts it based on the medium key from the generating circuit 311. As a result, the software decrypting key 351 (corresponding to the software decrypting key 35) is obtained by the decrypting circuit 321.
(3) The decrypting circuit 341 receives the encrypted software 15 from the software storage medium 11, and decrypts it based on the software decrypting key 351 to generate the plain text program, then the plain text program is stored in the main storage 63.
As explained above, it is impossible to decrypt the encrypted software 15 in which the permission information 13 is not stored so that it is impossible to execute such a program. Further, if the software storage medium 11 is illegally copied by a third party, since the medium number 12 is not provided or is different, it is impossible to decrypt the correct software decrypting key 351 from the permission information 13. As a result, it is impossible to decrypt the encrypted program so that it is impossible to execute the program. As explained above, in the user computer, an algorithm and a secret key in the personal key generating circuit 311, a software decoding key, and the plain text software are protected by a known safety means.
FIG. 11A, 11B, and 11C are explanatory views for electronic data, for example, character data (text), symbols, image data, and sound data. FIG. 11A shows an entire structure, FIG. 11B shows a flowchart, and FIG. 11C is an explanatory view showing execution of the software.
In FIG. 11A, an optical magnetic disk 6 corresponds to the software storage medium 11 of FIGS. 2 and 3, and stores the medium number 12, the permission information 13 and the encrypted data 17. The user buys the optical magnetic disk 6 and mounts this disk in an optical magnetic apparatus. As other examples, an optical disk, a CD-ROM, a floppy disk, a hard disk, a magnetic tape, a cassette tape, and the like are known as storage media.
A read/write (R/W) module 64 has a function of a key generating process (personal key generating process 31) and a decrypting process (decrypting process 32 and 34), and stores the corresponding decrypted data from the optical magnetic disk 6 into a main storage 63 in an execution stage of the read instruction. The main storage 63 is formed by a RAM to expand the unencrypted data which is taken from the optical magnetic disk 6.
In FIG. 11B, in step S41, the R/W module 64 executes an application program. In step S42, the R/W module 64 reads the data from the optical magnetic disk. In step S43, the R/W module takes the data and encrypts it. In step S44, the unencrypted data is stored in the main memory 63. In step 45, the data is displayed and reproduced.
In FIG. 11C, a relationship between the data storage medium and the user computer is explained in detail.
(1) The user computer takes the medium number 12 from the data storage medium 111, and sends it to the personal key generating circuit 311 to generate the encrypted medium key (see, step S23 of FIG. 9).
(2) The decrypting circuit 321 receives the permission information 13 from the data storage medium 111, and encrypts it based on the medium key from the generating circuit 311. As a result, the data decrypting key 352 (corresponding to the software decrypting key 35) is obtained by the decrypting circuit 321.
(3) The decrypting circuit 341 receives the encrypted data 15 from the data storage medium 111, and decrypts it based on the data decrypting key 351 to generate the unencrypted data, then the unencrypted data is stored in the main storage 63.
FIG. 12 is an explanatory view of a ROM/RAM mixed type optical magnetic disk. The ROM/RAM mixed type optical magnetic disk has un-rewritable area for storing the medium number 12, and has a readable/writable area for the permission information 13, and a read only area/write only area for the encrypted software 15. In the present invention, the medium number is given to the optical magnetic disk to write the medium number into the un-rewritable area.
FIG. 13 is an explanatory view of the permission information stored in another storage medium. In this case, the software storage medium previously stores the medium number and the encrypted software. The permission information is stored into another storage medium. This means that them medium number and the encrypted software (or, encrypted data) are previously written onto, for example, the CD-ROM which has no write area, and the permission information is previously written onto a floppy disk.
FIG. 14 is an explanatory view of multiple of software written onto one storage medium, for example, an optical disk and a CD-ROM. At the vendor, the encrypting circuit encrypts a plurality of software decrypting keys 1 to N based on the personal key to generate a plurality of permission information 1 to N each corresponding to each software decrypting key 1 to N. A plurality of permission information 1 to N is stored on the software storage medium.
When the user requests a desired software name
Even if a user tries to use software for which he has no permission number, he cannot use such software because the encrypted software cannot be decrypted. Further, even if the user copies the permission information from another software storage medium 11, the medium number in the software storage medium cannot be copies so that is it impossible to decrypt the software correctly. Accordingly, it is possible to individually sell the software.
As explained above, according to the present invention, the medium number 12 is stored on the storage medium 1 which stores the encrypted electronic data in the un-rewritable form, and permission to use the electronic data is given by the medium key 12. Accordingly, it is possible to use only the encrypted electronic data stored in correct medium 1 as authorized by the vendor so that it is possible to prevent illegal copying by a third party. Further, it is possible to transfer the electronic data stored in the storage medium 1. Still further, it is possible to use the same storage medium in another computer. Still further, it is possible to store a plurality of electronic data in one medium. Still further, it is possible to individually sell the storage medium.

Claims (65)

1. A storage medium accessed by a vendor computer and user computer, said storage medium for storing information readable by said user computer, said storage medium comprising:
encrypted electronic data to be decrypted by the user computer; and
a medium personal number which is unique for each storage medium particularly personal for each storage medium and is different from a medium personal number of another storage medium, wherein at least the medium personal number is written onto the storage medium in an un-writable form which said user computer cannot rewrite, and said medium personal number is used for generating a decryption key for decrypting said encrypted electronic data in said user computer; and
permission information which includes the decryption key encrypted in a manner that is generated independent from a specific apparatus number for a specific computer, and generated based upon said medium personal number, said permission information and said medium personal number enabling the user computer to decrypt the encrypted decryption key and to decrypt the encrypted electronic data in a manner that the user computer does not use the specific apparatus number for the specific computer in decrypting the encrypted decryption key and the encrypted electronic data.
2. A storage medium as claimed in claim 1, wherein the electronic data is software used for a computer.
3. A storage medium as claimed in claim 1, wherein the electronic data is electronically published data.
4. A storage medium as claimed in claim 1, wherein the storage medium is an optical magnetic disk, or a partially embossed optical disk.
5. A storage medium as claimed in claim 1, wherein the storage medium is a CD-ROM.
6. A storage medium accessed by a vendor computer and user computer, said storage medium for storing information readable by said user computer, said storage medium comprising:
encrypted electronic data to be decrypted by the user computer; and
a medium personal number which is unique for each storage medium particularly personal for each storage medium and is different from a medium personal number of another storage medium, wherein at least the medium personal number is written onto the storage medium in an un-rewritable form which said user computer cannot rewrite, and said medium personal number is used for generating an encrypted permission information in said vendor computer; and
permission information encrypted in a manner that is generated independent from a specific apparatus number for a specific computer and generated based upon said medium personal number, wherein the permission information and said medium personal number enabling the user computer to decrypt the encrypted permission information and to decrypt the encrypted electronic data in a manner that the user computer does not use the specific apparatus number for the specific computer in decrypting the encrypted permission information and the encrypted electronic data.
7. A storage medium as claimed in claim 6, wherein the electronic data is software used for a computer.
8. A storage medium as claimed in claim 6, wherein the electronic data is electronically published data.
9. A storage medium as claimed in claim 6, wherein the storage medium is an optical magnetic disk, or a partially embossed optical disk.
10. A storage medium as claimed in claim 6, wherein the storage medium is a CD-ROM.
11. A storage medium accessed by a vendor computer and a user computer, said storage medium for storing information readable by said user computer, said storage medium comprising:
encrypted electronic data to be decrypted by the user computer;
a medium personal number which is unique for each storage medium particularly personal for each storage medium and is different from a medium personal number of another storage medium; and
encrypted permission information, that is generated independent from a specific apparatus number for a specific computer and generated based upon said medium personal number;
wherein at least the medium personal number is written onto the storage medium in an unrewritable form which a user computer cannot rewrite, and wherein said encrypted permission information and said medium personal number enabling the user computer to decrypt the encrypted permission information and to decrypt the encrypted electronic data in a manner that the user computer does not use the specific apparatus number for the specific computer in decrypting the encrypted permission information and the encrypted electronic data.
12. A storage medium as claimed in claim 11, wherein the electronic data is software used for a computer.
13. A storage medium as claimed in claim 11, wherein the electronic data is electrically published data.
14. A storage medium as claimed in claim 11, wherein the storage medium stores a plurality of encrypted electronic data, and each encrypted electronic data has a different electronic data decrypting key.
15. A storage medium as claimed in claim 11, wherein the storage medium is an optical magnetic disk, or a partially embossed optical disk.
16. A storage medium as claimed in claim 11, wherein the storage medium is a CD-ROM.
17. A storage medium accessed by a vendor computer and user computer, said storage medium for storing information readable by said user computer, said storage medium comprising:
a medium personal number which is particularly personal for each storage medium and is different from a medium personal number of another storage medium, wherein the medium personal number is written onto the storage medium in an un-rewritable form which a user storage reading apparatus cannot rewrite;
encrypted electronic data to be decrypted by the user computer; and
information which is encrypted based on said medium personal number and is encrypted independent from a specific apparatus number for a specific computer and said medium personal number is used for generating a decryption key, said decryption key and said medium personal number enabling said user computer to decrypt said encrypted electronic data in a manner that the user computer does not use the specific apparatus number for the specific computer in decrypting the encrypted electronic data.
18. A storage medium accessed by a vendor computer and user computer, said storage medium for storing information readable by said user computer, said storage medium comprising:
encrypted electronic data to be decrypted by the user computer;
a medium personal number which is particularly personal for each storage medium and is different from a medium personal number of another storage medium;
wherein at least the medium personal number is written onto the storage medium in an un-rewritable form which the user storage reading apparatus cannot rewrite, and said medium personal number is used for decrypting said encrypted electronic data; and
information which is encrypted based on said medium personal number and is encrypted independent from a specific apparatus number for a specific computer, said information and said medium personal number enabling said user computer to decrypt the encrypted electronic data in a manner that the user computer does not use the specific apparatus number for the specific computer in decrypting the encrypted electronic data.
19. A storage medium accessible from a first computer which encrypts a decryption key based upon a medium personal number and independent from a specific apparatus number for a specific first computer and which stores the encrypted decryption key onto the storage medium, and accessible from a plurality of second computers which decrypt the encrypted decryption key stored on the storage medium based upon the medium personal number and independent from a specific apparatus number for a specific second computer and which decrypt encrypted electronic data stored on the storage medium based upon the decryption key that has been decrypted based on the medium personal number and independent from the specific apparatus number for the specific second computer, the storage medium comprising:
a first storage area for storing encrypted electronic data to be decrypted by the second computer, the encrypted electronic data including electronic data encrypted based upon the decryption key;
a second storage area for storing the medium personal number, which is un-rewritable from at least the second computers, wherein the medium personal number is particularly personal for each storage medium and is different from a medium personal number of another storage medium; and
a third storage area for storing the encrypted decryption key, wherein the encrypted decryption key is generated based upon the medium personal number and the encrypted decryption key is generated independent from the specific apparatus number for the specific first computer,
wherein the encrypted decryption key in the third storage area and said medium personal number enables the second computer to decrypt the encrypted electronic data in the first storage area in a manner that the second computer does not use the specific apparatus number for the specific first computer in decrypting the encrypted electronic data.
20. The storage medium of claim 19, wherein the electronic information is software used for a computer.
21. The storage medium of claim 19, wherein the electronic information is electronically published information.
22. The storage medium of claim 19, wherein the storage medium is a read-only optical disk.
23. A storage medium accessible from a first computer which encrypts a decryption key based upon a medium personal number and independent from a specific apparatus number for a specific first computer and which stores the encrypted decryption key onto the storage medium and which encrypts electronic data based upon the decryption key and which stores the encrypted electronic data onto the storage medium, and accessible from a plurality of second computers which decrypt the encrypted decryption key stored on the storage medium based upon the medium personal number and independent from a specific apparatus number for a specific second computer and which decrypt encrypted electronic data stored on the storage medium based upon the encrypted decryption key that has been decrypted based on the medium personal number and independent from the specific apparatus number for the specific second computer, the storage medium comprising:
a first storage area for storing encrypted electronic data to be decrypted by the second computer, the encrypted electronic data includes electronic data encrypted based upon the decryption key;
a second storage area for storing the medium personal number, which is un-rewritable from at least the second computers, wherein the medium personal number is particularly personal for each storage medium and is different from a medium personal number of another storage medium; and
a third storage area for storing the encrypted decryption key, wherein the encrypted decryption key is generated based upon the medium personal number and the encrypted decryption key is generated independent from the specific apparatus number for the specific first computer,
wherein the encrypted decryption key in the third storage area and said medium personal number enables the second computer to decrypt the encrypted electronic data in the first storage area in a manner that the second computer does not use the specific apparatus number for the specific first computer in decrypting the encrypted electronic data.
24. A storage medium accessible from a first computer which encrypts a decryption key based upon a medium personal number and independent from a specific apparatus number for a specific computer and which stores the encrypted decryption key onto the storage medium, the storage medium comprising:
a first storage area for storing encrypted electronic data to be decrypted by a user computer, the encrypted electronic data including electronic data encrypted based upon the decryption key;
a second storage area for storing the medium personal number, which is un-rewritable, wherein the medium personal number is particularly personal for each storage medium and is different from a medium personal number of another storage medium; and
a third storage area for storing the encrypted decryption key, wherein the encrypted decryption key is generated based upon the medium personal number and the encrypted decryption key is generated independent from a specific apparatus number for a specific computer,
wherein the encrypted decryption key in the third storage area and said medium personal number enables the user computer to decrypt the encrypted electronic data in the first storage area in a manner that the user computer does not use the specific apparatus number for the specific first computer in decrypting the encrypted electronic data.
25. A storage medium accessible from a first computer which encrypts a decryption key based upon a medium personal number and independent from a specific apparatus number for a specific computer and which stores the encrypted decryption key onto the storage medium and which encrypts electronic data based upon the encrypted decryption key and which stores the encrypted electronic data onto the storage medium, the storage medium comprising:
a first storage area for storing encrypted electronic data to be decrypted by a user computer, the encrypted electronic data including electronic data encrypted based upon the decryption key;
a second storage area for storing the medium personal number, which is un-rewritable, wherein the medium personal number is particularly personal for each storage medium and is different from a medium personal number of another storage medium; and
a third storage area for storing the encrypted decryption key, wherein the encrypted decryption key is generated based upon the medium personal number and the encrypted decryption key is generated independent from a specific apparatus number for a specific computer,
wherein the encrypted decryption key in the third storage area and said medium personal number enables the user computer to decrypt the encrypted electronic data in the first storage area in a manner that the user computer does not use the specific apparatus number for the specific first computer in decrypting the encrypted electronic data.
26. A storage medium accessible from a plurality of computers which decrypt an encrypted decryption key stored on the storage medium, the encrypted decryption key being based upon a medium personal number and independent from a specific apparatus number for a specific computer, and which decrypt encrypted electronic data stored on the storage medium based upon the decryption key that has been decrypted based on the medium personal number and independent from the specific apparatus number for the specific computer, the storage medium comprising:
a first storage area for storing encrypted electronic data to be decrypted by a user computer, the encrypted electronic data including electronic data encrypted based upon the decryption key;
a second storage area for storing the medium personal number, which is un-rewritable, wherein the medium personal number is particularly personal for each storage medium and is different from a medium personal number of another storage medium; and
a third storage area for storing an encrypted decryption key, wherein the encrypted decryption key is generated based upon the medium personal number and the encrypted decryption key is generated independent from the specific apparatus number for the specific computer,
wherein the encrypted decryption key in the third storage area and said medium personal number enables the user computer to decrypt the encrypted electronic data in the first storage area in a manner that the user computer does not use the specific apparatus number for the specific first computer in decrypting the encrypted electronic data.
27. A storage medium accessible from a vendor computer and a user computer at different times, the storage medium comprising:
a first storage area for storing encrypted electronic data to be decrypted by the user computer, the encrypted electronic data including electronic data encrypted based upon a decryption key;
a second storage area for storing a medium personal number, which is un-rewritable from the computers, wherein the medium personal number is particularly personal for each storage medium and is different from a medium personal number of another storage medium; and
a third storage area for storing the encrypted decryption key, wherein the encrypted decryption key is generated based upon the medium personal number and the encrypted decryption key is generated independent from a specific apparatus number for a specific computer,
wherein the encrypted decryption key in the third storage area and said medium personal number enables the user computer to decrypt the encrypted electronic data in the first storage area in a manner that the user computer does not use the specific apparatus number for the specific first computer in decrypting the encrypted electronic data.
28. A storage medium accessed by a vendor computer and a user computer, said storage medium comprising:
a first storage area for storing encrypted electronic data to be decrypted by the user computer, the encrypted electronic data including electronic data encrypted based upon a decryption key;
a second storage area for storing a medium personal number, which is un-rewritable, wherein the medium personal number is particularly personal for each storage medium and is different from a medium personal number of another storage medium; and
a third storage area for storing an encrypted decryption key, wherein the encrypted decryption key is generated based upon the medium personal number and the encrypted decryption key is generated independent from a specific apparatus number for a specific computer,
wherein the encrypted decryption key in the third storage area and said medium personal number enables the user computer to decrypt the encrypted electronic data in the first storage area in a manner that the user computer does not use the specific apparatus number for the specific first computer in decrypting the encrypted electronic data.
29. A storage medium accessible from a first computer which encrypts a decryption key based upon a medium personal number and independent from a specific apparatus number for a specific first computer and which stores the encrypted decryption key onto the storage medium, and accessible from a plurality of second computers which decrypt the encrypted decryption key stored on the storage medium based upon the medium personal number and independent from a specific apparatus number for a specific second computer and which decrypt encrypted electronic data stored on the storage medium based upon the decryption key that has been decrypted based on the medium personal number and independent from the specific apparatus number for the specific second computer, the storage medium comprising:
a storage area for storing the medium personal number, which is un-rewritable from at least the second computers, wherein the medium personal number is particularly personal for each storage medium and is different from a medium personal number of another storage medium; and
a storage area for storing encrypted electronic data to be decrypted by the second computer and the encrypted decryption key, wherein the encrypted decryption key is generated based upon the medium personal number and the encrypted decryption key is generated independent from the specific apparatus number for the specific first computer, and wherein the encrypted decryption key and said medium personal number enables the second computer to decrypt the encrypted electronic data in a manner that the second computer does not use the specific apparatus number for the specific first computer in decrypting the encrypted electronic data.
30. The storage medium of claim 29, wherein the electronic information is software used for a computer.
31. The storage medium of claim 29, wherein the electronic information is electronically published information.
32. The storage medium of claim 29, wherein the storage medium is a read-only optical disk.
33. A storage medium accessible from a first computer which encrypts a decryption key based upon a medium personal number and independent from a specific apparatus number for a specific first computer and which stores the encrypted decryption key onto the storage medium and which encrypts electronic data to be decrypted by a specific second computer based upon the decryption key and which stores the encrypted electronic data onto the storage medium, and accessible from a plurality of second computers which decrypt the encrypted decryption key stored on the storage medium based upon the medium personal number and independent from a specific apparatus number for the specific second computer and which decrypt encrypted electronic data stored on the storage medium based upon the decryption key that has been decrypted based on the medium personal number and independent from the specific apparatus number for the specific second computer, the storage medium comprising:
a storage area for storing the medium personal number, which is un-rewritable from at least the second computers, wherein the medium personal number is particularly personal for each storage medium and is different from a medium personal number of another storage medium; and
a storage area for storing encrypted electronic data and the encrypted decryption key, wherein the encrypted decryption key is generated based upon the medium personal number and the encrypted decryption key is generated independent from the specific apparatus number for the specific second computer, and wherein the encrypted decryption key and said medium personal number enables the second computer to decrypt the encrypted electronic data in a manner that the second computer does not use the specific apparatus number for the specific second computer in decrypting the encrypted electronic data.
34. A storage medium accessible from a first computer which encrypts a decryption key based upon a medium personal number and independent from a specific apparatus number for a specific computer and which stores the encrypted decryption key onto the storage medium, the storage medium comprising:
a storage area for storing the medium personal number, which is un-rewritable, wherein the medium personal number is particularly personal for each storage medium and is different from a medium personal number of another storage medium;
a storage area for storing the encrypted decryption key, wherein the encrypted decryption key is generated based upon the medium personal number and the encrypted decryption key is generated independent from the specific apparatus number for the specific computer; and
a storage area for storing encrypted electronic data to be decrypted by a user computer which is accessible after the decryption key has been decrypted, wherein said decryption key and said medium personal number enables the user computer to decrypt the encrypted electronic data in a manner that the user computer does not use the specific apparatus number for the specific computer in decrypting the encrypted electronic data.
35. A storage medium accessible from a first computer which encrypts a decryption key based upon a medium personal number and independent from a specific apparatus number for a specific computer and which stores the encrypted decryption key onto the storage medium and which encrypts electronic data to be decrypted by a user computer based upon the decryption key and which stores the encrypted electronic data onto the storage medium, the storage medium comprising:
a storage area for storing the medium personal number, which is un-rewritable, wherein the medium personal number is particularly personal for each storage medium and is different from a medium personal number of another storage medium; and
a storage area for storing encrypted electronic data and the encrypted decryption key, wherein the encrypted decryption key is generated based upon the medium personal number and the encrypted decryption key is generated independent from the specific apparatus number for the specific computer, and wherein the encrypted decryption key and said medium personal number enables the user computer to decrypt the encrypted electronic data in a manner that the user computer does not use the specific apparatus number for the specific first computer in decrypting the encrypted electronic data.
36. A storage medium accessible from a plurality of computers which decrypt an encrypted decryption key stored on the storage medium, the encrypted decryption key being based upon a medium personal number and independent from a specific apparatus number for a specific computer and which enables a user computer to decrypt encrypted electronic data stored on the storage medium based upon the decryption key that has been decrypted based on the medium personal number and independent from the specific apparatus number for the specific computer in a particular computer, the storage medium comprising:
a storage area for storing the medium personal number, which is un-rewritable from the computers, wherein the medium personal number is particularly personal for each storage medium and is different from a medium personal number of another storage medium;
a storage area for storing the encrypted decryption key, wherein the encrypted decryption key is generated based upon the medium personal number and the encrypted decryption key is generated independent from the specific apparatus number for the specific computer; and
a storage area for storing encrypted electronic data which is accessible after the decryption key has been decrypted, wherein said decryption key and said medium personal number enables the user computer to decrypt the encrypted electronic data in a manner that the user computer does not use the specific apparatus number for the specific first computer in decrypting the encrypted electronic data.
37. A storage medium accessible from a vendor computer and a user computer at different times, the storage medium comprising:
a storage area for storing a medium personal number, which is un-rewritable from the computers, wherein the medium personal number is particularly personal for each storage medium and is different from a medium personal number of another storage medium;
a storage area for storing an encrypted decryption key, wherein the encrypted decryption key is generated based upon the medium personal number and the encrypted decryption key is generated independent from a specific apparatus number for a specific computer; and
a storage area for storing encrypted electronic data to be decrypted by the user computer which is accessible after the decryption key has been decrypted, wherein said decryption key and said medium personal number enables the user computer to decrypt the encrypted electronic data in a manner that the user computer does not use the specific apparatus number for the specific first computer in decrypting the encrypted electronic data.
38. A storage medium accessed by a vendor computer and a user computer, said storage medium comprising:
a storage area for storing a medium personal number, which is un-rewritable, wherein the medium personal number is particularly personal for each storage medium and is different from a medium personal number of another storage medium;
a storage area for storing an encrypted decryption key, wherein the encrypted decryption key is generated based upon the medium personal number and the encrypted decryption key is generated independent from a specific apparatus number for a specific computer; and
a storage area for storing encrypted electronic data to be decrypted by the user computer which is accessible after the decryption key has been decrypted, wherein said decryption key and said medium personal number enables the user computer to decrypt the encrypted electronic data in a manner that the user computer does not use the specific apparatus number for the specific first computer in decrypting the encrypted electronic data.
39. A storage medium accessible from a first computer which encrypts a decryption key based upon a medium personal number and independent from a specific apparatus number for a specific first computer and which stores the encrypted decryption key onto the storage medium, and accessible from a plurality of second computers which decrypt the encrypted decryption key stored on the storage medium based upon the medium personal number and independent from a specific apparatus number for a specific second computer and which decrypt encrypted electronic data stored on the storage medium based upon the decryption key that has been decrypted based on the medium personal number and independent from the specific apparatus number for the specific second computer, the storage medium comprising:
a storage area for storing the medium personal number, which is un-rewritable from at least the second computers, wherein the medium personal number is particularly personal for each storage medium and is different from a medium personal number of another storage medium; and
a storage area for storing encrypted electronic data to be decrypted by the second computer, which includes data encrypted based upon the medium personal number and encrypted independent from the specific apparatus number for the specific first computer,
wherein the second computer decrypts encrypted electronic data in a manner that the second computer does not use the specific apparatus number for the specific first computer in decrypting the encrypted decryption key and the encrypted electronic data.
40. The storage medium of claim 39, wherein the electronic information is software used for a computer.
41. The storage medium of claim 39, wherein the electronic information is electronically published information.
42. The storage medium of claim 39, wherein the storage medium is a read-only optical disk.
43. A storage medium accessible from a first computer which encrypts a decryption key based upon a medium personal number and independent from a specific apparatus number for a specific first computer and which stores the encrypted decryption key onto the storage medium and which encrypts electronic data based upon the decryption key and which stores the encrypted electronic data onto the storage medium, and accessible from a plurality of second computers which decrypt the encrypted decryption key stored on the storage medium based upon the medium personal number and independent from a specific apparatus number for a specific second computer and which decrypt encrypted electronic data stored on the storage medium based upon the decryption key that has been decrypted based on the medium personal number and independent from the specific apparatus number for the specific second computer, the storage medium comprising:
a storage area for storing the medium personal number, which is un-rewritable from at least the second computers, wherein the medium personal number is particularly personal for each storage medium and is different from a medium personal number of another storage medium; and
a storage area for storing encrypted electronic data to be decrypted by the second computer, which includes information encrypted based upon the medium personal number and encrypted independent from the specific apparatus number for the specific second computer,
wherein the second computer decrypts encrypted electronic data in a manner that the second computer does not use the specific apparatus number for the specific second computer in decrypting the encrypted electronic data.
44. A storage medium accessible from a vendor computer and a user computer, where the vendor computer encrypts a decryption key based upon a medium personal number and independent from a specific apparatus number for a specific computer and which stores the encrypted decryption key onto the storage medium, the storage medium comprising:
a storage area for storing the medium personal number, which is un-rewritable, wherein the medium personal number is particularly personal for each storage medium and is different from a medium personal number of another storage medium; and
a storage area for storing encrypted electronic data to be decrypted by the user computer wherein the encrypted electronic data includes information encrypted based upon the medium personal number and encrypted independent from the specific apparatus number for the specific computer,
wherein said user computer decrypts the encrypted electronic data in a manner that the second computer does not use the specific apparatus number for the specific computer in decrypting the encryption key and the encrypted electronic data.
45. A storage medium accessible from a first computer which encrypts a decryption key based upon a medium personal number and independent from a specific apparatus number for a specific computer and which stores the encrypted decryption key onto the storage medium and which encrypts electronic data to be decrypted by a user computer based upon the decryption key and which stores the encrypted electronic data onto the storage medium, the storage medium comprising:
a storage area for storing a medium personal number, which is un-rewritable, wherein the medium personal number is particularly personal for each storage medium and is different from a medium personal number of another storage medium; and
a storage area for storing encrypted electronic data wherein the encrypted electronic data includes information encrypted based upon the medium personal number and encrypted independent from the specific apparatus number for the specific computer,
wherein the user computer decrypts the encrypted electronic data in a manner that the second computer does not use the specific apparatus number for the specific computer in decrypting the encrypted decryption key and the encrypted electronic data.
46. A storage medium accessible from a plurality of computers which decrypt an encrypted decryption key stored on the storage medium, the encrypted decryption key being based upon the medium personal number and independent from a specific apparatus number for a specific computer and which decrypt encrypted electronic data stored on the storage medium based upon the decryption key that has been decrypted based on the medium personal number and independent from the specific apparatus number for the specific computer in a particular computer, comprising:
a storage area for storing the medium personal number, which is un-rewritable from the computers, wherein the medium personal number is particularly personal for each storage medium and is different from a medium personal number of another storage medium; and
a storage area for storing encrypted electronic data to be decrypted by a user computer wherein the encrypted electronic data includes information encrypted based upon the medium personal number and encrypted independent from the specific apparatus number for the specific computer,
wherein the user computer decrypts encrypted electronic data in a manner that the second computer does not use the specific apparatus number for the specific computer in decrypting the encrypted decryption key and the encrypted electronic data.
47. A storage medium accessible from different computers at different times, the storage medium comprising:
a storage area for storing the medium personal number, which is un-rewritable from the computers, wherein the medium personal number is particularly personal for each storage medium and is different from a medium personal number of another storage medium;
a storage area for storing encrypted electronic data to be decrypted by a user computer, which includes information encrypted based upon the medium personal number and encrypted independent from a specific apparatus number for a specific computer; and
a storage area for storing electronic data which is accessible after the encrypted electronic data has been decrypted,
wherein the medium personal number enables a user computer to decrypt the encrypted electronic data in a manner that the user computer does not use the specific apparatus number for the specific computer in decrypting the encrypted decryption key encrypted electronic data.
48. A storage medium accessed by a vendor computer and a user computer, said storage medium comprising:
a storage area for storing a medium personal number, which is un-rewritable, wherein the medium personal number is particularly personal for each storage medium and is different from a medium personal number of another storage medium;
a storage area for storing encrypted electronic data to be decrypted by the user computer which includes information encrypted based upon the medium personal number and encrypted independent from a specific apparatus number for a specific computer; and
a storage area for storing electronic data which is accessible after the encrypted electronic data has been decrypted,
wherein the medium personal number enables the user computer to decrypt the encrypted electronic data in a manner that the user computer does not use the specific apparatus number for the specific computer in decrypting the encrypted decryption key and the encrypted electronic data.
49. A storage medium accessed by a vendor computer and a user computer in a manner such that a decryption key is encrypted based upon a medium personal number and independent from a specific apparatus number for a specific computer and the encrypted decryption key is stored onto the storage medium, and accessed in a manner such that the encrypted decryption key stored on the storage medium is decrypted based upon the medium personal number and independent from the specific apparatus number for the specific computer and that encrypted electronic data stored on the storage medium is decrypted based upon the decryption key that has been decrypted based on the medium personal number and independent from the specific apparatus number for the specific computer, the storage medium comprising:
a storage area for storing the medium personal number, which is un-rewritable, wherein the medium personal number is particularly personal for each storage medium and is different from a medium personal number of another storage medium; and
a storage area for storing encrypted electronic data to be decrypted by the user computer, wherein the encrypted electronic data includes information encrypted based upon the medium personal number and encrypted independent from the specific apparatus number for the specific computer,
wherein the decryption key and said medium personal number enables the user computer to decrypt the encrypted electronic data in a manner that the user computer does not use the specific apparatus number for the specific computer in decrypting the encrypted electronic data.
50. The storage medium of claim 49, wherein the electronic information is software used for a computer.
51. The storage medium of claim 49, wherein the electronic information is electronically published information.
52. The storage medium of claim 49, wherein the storage medium is a read-only optical disk.
53. A storage medium accessed by a vendor computer and a user computer in a manner such that a decryption key is encrypted based upon a medium personal number and independent from a specific apparatus number for a specific computer and the encrypted decryption key is stored onto the storage medium and that electronic data is encrypted based upon the decryption key and the encrypted electronic data is stored onto the storage medium, and accessed in a manner such that the encrypted decryption key stored on the storage medium is decrypted based upon the medium personal number and independent from the specific apparatus number for the specific computer and that the encrypted electronic information stored on the storage medium is decrypted based upon the decryption key that has been decrypted based on the medium personal number and independent from the specific apparatus number for the specific computer in a particular second computer in different time, the storage medium comprising:
a storage area for storing a medium personal number, which is un-rewritable, wherein the medium personal number is particularly personal for each storage medium and is different from a medium personal number of another storage medium; and
a storage area for storing encrypted electronic data to be decrypted by the user computer, wherein the encrypted electronic data includes information encrypted based upon the medium personal number and encrypted independent from the specific apparatus number for the specific computer,
wherein the decryption key and said medium personal number enables the user computer to decrypt the encrypted electronic data in a manner that the user computer does not use the specific apparatus number for the specific computer in decrypting the encrypted electronic data.
54. A storage medium accessed by a vendor computer and a user computer in a manner such that a decryption key is encrypted based upon a medium personal number and independent from a specific apparatus number for a specific computer and that the encrypted decryption key is stored onto the storage medium, the storage medium comprising:
a storage area for storing the medium personal number, which is un-rewritable, wherein the medium personal number is particularly personal for each storage medium and is different from a medium personal number of another storage medium; and
a storage area for storing encrypted electronic data to be decrypted by the user computer, wherein the encrypted electronic data includes information encrypted based upon the medium personal number and encrypted independent from the specific apparatus number for the specific computer,
wherein the decryption key and said medium personal number enables the user computer to decrypt the encrypted electronic data in a manner that the user computer does not use the specific apparatus number for the specific computer in decrypting the encrypted electronic data.
55. A storage medium accessed by a vendor computer and a user computer in a manner such that a decryption key is encrypted based upon a medium personal number and independent from a specific apparatus number for a specific computer and the encrypted decryption key is stored onto the storage medium and that electronic data is encrypted based upon the decryption key and the encrypted electronic data is stored onto the storage medium, the storage medium comprising:
a storage area for storing the medium personal number, which is un-rewritable, wherein the medium personal number is particularly personal for each storage medium and is different from a medium personal number of another storage medium; and
a storage area for storing encrypted electronic data to be decrypted by the user computer, wherein the encrypted electronic data includes information encrypted based upon the medium personal number and encrypted independent from the specific apparatus number for the specific computer,
wherein the decryption key and said medium personal number enables the user computer to decrypt the encrypted electronic data in a manner that the user computer does not use the specific apparatus number for the specific computer in decrypting the encrypted electronic data.
56. A storage medium accessed by a vendor computer and user computer, said storage medium for storing information readable by said user computer, said storage medium comprising:
an area storing encrypted electronic data to be decrypted by the user computer;
an area storing a medium personal number which is particularly personal for each storage medium and is different from a medium personal number of another storage medium, wherein at least the medium personal number is written onto the storage medium in an un-rewritable form which the user computer cannot change; and
an area storing permission information which includes a decryption key encrypted in a manner that is independent from a specific apparatus number for a specific computer and based upon said medium personal number, wherein said permission information and said medium personal number enabling the user computer to decrypt the encrypted decryption key and to decrypt the encrypted electronic data in a manner that the user computer does not use the specific apparatus number for the specific computer in decrypting the encrypted decryption key and the encrypted electronic data.
57. A storage medium accessed by a vendor computer and user computer, said storage medium for storing information readable by said user computer, said storage medium comprising:
an area storing encrypted electronic data to be decrypted by the user computer;
an area storing a medium personal number which is particularly personal for each storage medium and is different from a medium personal number of another storage medium, wherein at least the medium personal number is written onto the storage medium in an un-rewritable form which the user computer cannot rewrite; and
wherein the user computer decrypts the encrypted electronic data using permission information which is encrypted in a manner that is independent from a specific apparatus number for a specific computer and based upon said medium personal number.
58. A storage medium accessed by a vendor computer and user computer said storage medium for storing information readable by said user computer, said storage medium comprising:
an area storing encrypted electronic data to be decrypted by the user computer;
an area storing a medium personal number which is particularly personal for each storage medium and is different from a medium personal number of another storage medium; and
wherein the user computer decrypts the encrypted electronic data using permission information that is encrypted independent from a specific apparatus number for a specific computer;
wherein at least the medium personal number is written onto the storage medium in an un-rewritable form which a user computer cannot rewrite.
59. A storage medium readable by a vendor computer and a user computer, said storage medium comprising:
data representing a medium personal number;
encrypted electronic data to be decrypted by the user computer; and
first data that is based on the medium personal number and encrypted independent from a specific apparatus number for a specific computer, wherein the medium personal number is un-rewritable and particularly personal for each storage medium and is different from a medium personal number of another storage medium, and wherein the user computer decrypts the encrypted electronic data using the first data in a manner that the user computer does not use the specific apparatus number for the specific computer in decrypting the encrypted electronic data.
60. A storage medium according to claim 59, wherein the first data includes a key encrypted based on the medium personal number.
61. A storage medium according to claim 59, wherein the encrypted data is encrypted based on the key.
62. A storage medium according to claim 59, wherein the first data comprises the medium personal number.
63. A storage medium readable by a vendor computer and a user computer at different times, the storage medium comprising:
data representing a medium personal number;
encrypted electronic data to be decrypted by the user computer; and
first data that is based on the medium personal number and encrypted independent from a specific apparatus number for a specific computer, wherein the medium personal number is un-rewritable and particularly personal for each storage medium and is different from a medium personal number of another storage medium, and wherein the user computer decrypts the encrypted electronic data using the first data in a manner that the user computer does not use the specific apparatus number for the specific computer in decrypting the encrypted electronic data.
64. A storage medium for storing data for access and processing by a vendor computer and a user computer, said storage medium comprising:
a medium personal number storage area including a medium personal number which is particularly personal for each storage medium and is different from a medium personal number of another storage medium, wherein the medium personal number is written onto the storage medium in an un-rewritable form which a user storage reading apparatus cannot rewrite;
an electronic information storage area including encrypted electronic data to be decrypted by the user computer; and
the user computer decrypts the encrypted electronic data based upon an encrypted decryption key which has been encrypted based on said medium personal number and encrypted independent from a specific apparatus number for a specific computer.
65. A storage medium for storing data for access and processing by a vendor computer and a user computer, said storage medium comprising:
an encrypted electronic data storage area including encrypted electronic data to be decrypted by the user computer;
a medium personal number storage area including a medium personal number which is particularly personal for each storage medium and is different from a medium personal number of another storage medium;
wherein at least the medium personal number is written onto the storage medium in an un-rewritable form which the user storage reading apparatus cannot rewrite, and said medium personal number enables decrypting of said encrypted electronic data from the user computer; and
wherein the user computer decrypts the encrypted electronic data based upon information which is encrypted based on said medium personal number and encrypted independent from a specific apparatus number for a specific computer.
US09/476,319 1992-03-16 1999-12-30 Storage medium for preventing an irregular use by a third party Expired - Lifetime USRE39802E1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US09/476,319 USRE39802E1 (en) 1992-03-16 1999-12-30 Storage medium for preventing an irregular use by a third party

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
JP04058048A JP3073590B2 (en) 1992-03-16 1992-03-16 Electronic data protection system, licensor's device and user's device
US08/031,339 US5392351A (en) 1992-03-16 1993-03-15 Electronic data protection system
US08/341,176 US5555304A (en) 1992-03-16 1994-11-18 Storage medium for preventing an illegal use by a third party
US08/603,760 US5796824A (en) 1992-03-16 1996-02-20 Storage medium for preventing an irregular use by a third party
US09/476,319 USRE39802E1 (en) 1992-03-16 1999-12-30 Storage medium for preventing an irregular use by a third party

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US08/603,760 Reissue US5796824A (en) 1992-03-16 1996-02-20 Storage medium for preventing an irregular use by a third party

Publications (1)

Publication Number Publication Date
USRE39802E1 true USRE39802E1 (en) 2007-08-28

Family

ID=26399131

Family Applications (1)

Application Number Title Priority Date Filing Date
US09/476,319 Expired - Lifetime USRE39802E1 (en) 1992-03-16 1999-12-30 Storage medium for preventing an irregular use by a third party

Country Status (1)

Country Link
US (1) USRE39802E1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070198795A1 (en) * 2006-02-08 2007-08-23 Toru Harada Application executing apparatus and application execution method

Citations (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0144522A2 (en) 1983-09-09 1985-06-19 Siemens Aktiengesellschaft Getter sorption pump having a heat accumulator for high-vacuum and gas discharge plants
JPS60175254A (en) 1984-02-22 1985-09-09 Noritaka Kawaoka Dead copy preventing method for software recording medium
US4577289A (en) 1983-12-30 1986-03-18 International Business Machines Corporation Hardware key-on-disk system for copy-protecting magnetic storage media
JPS61105986A (en) 1984-10-30 1986-05-24 Matsushita Electric Ind Co Ltd Movement of picture vector signal processing device
EP0191162A2 (en) 1984-12-18 1986-08-20 International Business Machines Corporation Method of software protection
JPS61204807A (en) 1985-03-08 1986-09-10 Hitachi Ltd Control system of magnetic disc device
JPS62108629A (en) 1985-11-06 1987-05-19 Nec Corp Program broadcast system
US4683553A (en) 1982-03-18 1987-07-28 Cii Honeywell Bull (Societe Anonyme) Method and device for protecting software delivered to a user by a supplier
JPS62205580A (en) 1986-03-05 1987-09-10 Hitachi Ltd Disk and data protection system using same
JPS62226335A (en) 1986-03-28 1987-10-05 Nec Corp Protecting system for copy of program
JPS6320790A (en) 1986-07-14 1988-01-28 Nec Corp Floppy disk system
WO1988002202A1 (en) 1986-09-10 1988-03-24 M/A-Com Government Systems, Inc. Metering retrieval of encrypted data stored in customer data retrieval terminal
US4747139A (en) 1984-08-27 1988-05-24 Taaffe James L Software security method and systems
EP0268139A2 (en) 1986-11-05 1988-05-25 International Business Machines Corporation Manipulating rights-to-execute in connection with a software copy protection mechanism
US4785361A (en) 1982-11-08 1988-11-15 Vault Corporation Method and apparatus for frustrating the unauthorized copying of recorded data
US4827508A (en) 1986-10-14 1989-05-02 Personal Library Software, Inc. Database usage metering and protection system and method
JPH01177229A (en) 1988-01-05 1989-07-13 Nec Corp Key distributing system
US4850017A (en) 1987-05-29 1989-07-18 International Business Machines Corp. Controlled use of cryptographic keys via generating station established control values
JPH01194029A (en) 1988-01-29 1989-08-04 Toshiba Corp Device for preventing program from being furtively used
US4866769A (en) 1987-08-05 1989-09-12 Ibm Corporation Hardware assist for protecting PC software
JPH022A (en) 1984-06-20 1990-01-05 Tomio Konno Method and apparatus for electronic communication with vacuum fiber
JPH02287970A (en) 1989-04-28 1990-11-28 Hitachi Maxell Ltd Optical recorder
JPH0330020A (en) 1989-06-28 1991-02-08 Fujitsu Ltd Detecting method for input miss of permission information
JPH0383132A (en) 1989-08-28 1991-04-09 Fujitsu Ltd Software protection control system
US5058162A (en) 1990-08-09 1991-10-15 Hewlett-Packard Company Method of distributing computer data files
US5065429A (en) 1989-04-03 1991-11-12 Lang Gerald S Method and apparatus for protecting material on storage media
US5199066A (en) 1989-04-18 1993-03-30 Special Effects Software, Inc. Method and apparatus for protecting software
US5276735A (en) 1992-04-17 1994-01-04 Secure Computing Corporation Data enclave and trusted path system
US5287408A (en) 1992-08-31 1994-02-15 Autodesk, Inc. Apparatus and method for serializing and validating copies of computer software
US5379433A (en) 1989-05-08 1995-01-03 Victor Company Of Japan, Ltd. Protection against unauthorized use of software recorded on recording medium

Patent Citations (32)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4683553A (en) 1982-03-18 1987-07-28 Cii Honeywell Bull (Societe Anonyme) Method and device for protecting software delivered to a user by a supplier
US4785361A (en) 1982-11-08 1988-11-15 Vault Corporation Method and apparatus for frustrating the unauthorized copying of recorded data
EP0144522A2 (en) 1983-09-09 1985-06-19 Siemens Aktiengesellschaft Getter sorption pump having a heat accumulator for high-vacuum and gas discharge plants
US4577289A (en) 1983-12-30 1986-03-18 International Business Machines Corporation Hardware key-on-disk system for copy-protecting magnetic storage media
JPS60175254A (en) 1984-02-22 1985-09-09 Noritaka Kawaoka Dead copy preventing method for software recording medium
JPH022A (en) 1984-06-20 1990-01-05 Tomio Konno Method and apparatus for electronic communication with vacuum fiber
US4747139A (en) 1984-08-27 1988-05-24 Taaffe James L Software security method and systems
JPS61105986A (en) 1984-10-30 1986-05-24 Matsushita Electric Ind Co Ltd Movement of picture vector signal processing device
EP0191162A2 (en) 1984-12-18 1986-08-20 International Business Machines Corporation Method of software protection
US4757534A (en) 1984-12-18 1988-07-12 International Business Machines Corporation Code protection using cryptography
JPS61204807A (en) 1985-03-08 1986-09-10 Hitachi Ltd Control system of magnetic disc device
JPS62108629A (en) 1985-11-06 1987-05-19 Nec Corp Program broadcast system
JPS62205580A (en) 1986-03-05 1987-09-10 Hitachi Ltd Disk and data protection system using same
JPS62226335A (en) 1986-03-28 1987-10-05 Nec Corp Protecting system for copy of program
JPS6320790A (en) 1986-07-14 1988-01-28 Nec Corp Floppy disk system
WO1988002202A1 (en) 1986-09-10 1988-03-24 M/A-Com Government Systems, Inc. Metering retrieval of encrypted data stored in customer data retrieval terminal
US5010571A (en) 1986-09-10 1991-04-23 Titan Linkabit Corporation Metering retrieval of encrypted data stored in customer data retrieval terminal
US4827508A (en) 1986-10-14 1989-05-02 Personal Library Software, Inc. Database usage metering and protection system and method
EP0268139A2 (en) 1986-11-05 1988-05-25 International Business Machines Corporation Manipulating rights-to-execute in connection with a software copy protection mechanism
US4850017A (en) 1987-05-29 1989-07-18 International Business Machines Corp. Controlled use of cryptographic keys via generating station established control values
US4866769A (en) 1987-08-05 1989-09-12 Ibm Corporation Hardware assist for protecting PC software
JPH01177229A (en) 1988-01-05 1989-07-13 Nec Corp Key distributing system
JPH01194029A (en) 1988-01-29 1989-08-04 Toshiba Corp Device for preventing program from being furtively used
US5065429A (en) 1989-04-03 1991-11-12 Lang Gerald S Method and apparatus for protecting material on storage media
US5199066A (en) 1989-04-18 1993-03-30 Special Effects Software, Inc. Method and apparatus for protecting software
JPH02287970A (en) 1989-04-28 1990-11-28 Hitachi Maxell Ltd Optical recorder
US5379433A (en) 1989-05-08 1995-01-03 Victor Company Of Japan, Ltd. Protection against unauthorized use of software recorded on recording medium
JPH0330020A (en) 1989-06-28 1991-02-08 Fujitsu Ltd Detecting method for input miss of permission information
JPH0383132A (en) 1989-08-28 1991-04-09 Fujitsu Ltd Software protection control system
US5058162A (en) 1990-08-09 1991-10-15 Hewlett-Packard Company Method of distributing computer data files
US5276735A (en) 1992-04-17 1994-01-04 Secure Computing Corporation Data enclave and trusted path system
US5287408A (en) 1992-08-31 1994-02-15 Autodesk, Inc. Apparatus and method for serializing and validating copies of computer software

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Albert et al., Computer, vol. 17, No. 4, Apr. 1984, Long Beach, California, "Combatting Software Piracy by Encryption and Key Management".

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070198795A1 (en) * 2006-02-08 2007-08-23 Toru Harada Application executing apparatus and application execution method
US8601280B2 (en) * 2006-02-08 2013-12-03 Ricoh Company, Ltd. Application executing apparatus and application execution method

Similar Documents

Publication Publication Date Title
US5796824A (en) Storage medium for preventing an irregular use by a third party
EP1580642B1 (en) Method and apparatus for protecting data on storage medium and storage medium
CN100442252C (en) Secure storage on recordable medium in a content protection system
US4683968A (en) System for preventing software piracy employing multi-encrypted keys and single decryption circuit modules
US7487547B2 (en) Content processing apparatus and content protection program
EP1596269A2 (en) A system and method for rendering selective presentation of documents
US20050021948A1 (en) Secure single drive copy method and apparatus
JP3819160B2 (en) Information management method and information management apparatus
KR100714213B1 (en) Key distribution via a memory device
KR100954636B1 (en) Method, system, and device for mutual authentication and content protection
JPH0383132A (en) Software protection control system
JPH0869419A (en) Recording device and recording medium for digital data
USRE39802E1 (en) Storage medium for preventing an irregular use by a third party
JP3184189B2 (en) Electronic data protection system, licensor side apparatus, user side apparatus, license information generation processing method, and electronic data decryption processing method
JP2696219B2 (en) Information protection method
JP3184192B2 (en) Storage medium for electronic data transfer
JP3184191B2 (en) Electronic data protection system, licensor side apparatus, user side apparatus, license information generation processing method, and electronic data decryption processing method
JP3184193B2 (en) Data writing device, data reading device, storage medium, and key sharing method
JP3184190B2 (en) Electronic data protection system, licensor side apparatus, user side apparatus, license information generation processing method, and electronic data decryption processing method
JP4213452B2 (en) Data processing system
JPH043224A (en) Method for managing soft module by ic card
KR100298506B1 (en) System for preventing illegal installation according to cooperation between integrated circuit card and program
JP2004110588A (en) Storage media access system
JP2005149166A (en) Ic card and ic card program

Legal Events

Date Code Title Description
FEPP Fee payment procedure

Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

FPAY Fee payment

Year of fee payment: 12