Electrical computers and digital processing systems: support – Data processing protection using cryptography – By stored data protection
Reexamination Certificate
1999-01-15
2002-09-24
Hua, Ly V. (Department: 2132)
Electrical computers and digital processing systems: support
Data processing protection using cryptography
By stored data protection
C380S200000, C380S201000, C380S044000, C705S057000, C705S051000
Reexamination Certificate
active
06457127
ABSTRACT:
BACKGROUND OF THE INVENTION
The invention relates to a method of generating a key for controlling the access to information on an information carrier, which key comprises an M-bit master key originating from a read and/or write apparatus which cooperates with the information carrier and an information carrier key originating from the information carrier.
The invention further relates to a read and/or write apparatus including means for cooperating with an information carrier, further including means adapted to generate an M-bit master key for generating a key for controlling the access to information on an information carrier.
The invention further relates to an information carrier having a information carrier key for controlling the access to information on the information carrier.
The method in accordance with the invention can be used in a copy-protection system aimed at preventing illegal copying of information by storing this information on an information carrier in encrypted form.
A method of the type defined in the opening paragraph is known from, inter alia, European Patent Application EP-A 0 644 474. Said document describes a method of preventing illegal copying of information from one information carrier to another. This method can be used in systems where, for example for reasons of confidentiality, the information to be transmitted is encrypted and can subsequently be decrypted with the aid of the key to be generated. Said method can also be utilized in so-called access systems, where the presence of the correct key is required in order to gain access to given information systems, such as for example data bases.
SUMMARY OF THE INVENTION
To this end, a key comprising an M-bit master key originating from a device and an information carrier key originating from the information carrier is generated in order to control the access to the information on the information carrier. This M-bit master key forms part of the so-called shared secret, which must remain a secret in order to assure that access to the information on the information carrier is restricted to users who copy information from the one information carrier to the other in a legal manner.
When the information is copied from the one information carrier which carries the key to another information carrier, this information carrier key is not passed on. As a result of this, it is not possible to generate a correct key by means of the last-mentioned information carrier. Consequently, this information carrier cannot be played back on a device requiring this key.
If a recording of information is to be read from an illegally copied information carrier the key, required to allow this, cannot be generated because the relevant information carrier key will not be found on the information carrier. This is in contradistinction to the so-called identifiers R associated with the relevant information recordings, which can usually be found on the illegally copied information carrier.
On account of statutory restrictions or limitations imposed on the computing time a comparatively small M-bit master key is used. A comparatively small M-bit master key has the drawback that in general it is readily compromised. Compromising is to be understood to means the disclosure of the content of the key in that a given information carrier is hacked. As a result of this hacking, the M-bit master key becomes known. With the knowledge of this M-bit master key it is then possible to make illegal copies if the information carrier key has also been compromised.
In the case that the M-bit master key, which is part of the shared secret, is no longer a secret, it could be necessary to replace the compromised key, which may entail substantial cost and inconvenience for the user of the information. In existing cryptographic systems for secure communication the key material is replaced regularly. In such systems (for example broadcast systems) the key material is replaced at the instant that the key material used until then has been or is likely to be compromised. When the invention is applied to copy protection of stored information the replacement of the key material poses a problem because material encrypted with the old key material is to be played back. This is in contradistinction to, for example, broadcast systems in which the data broadcast in the past need no longer be protected against illegal decryption.
It is another object of the invention to preclude illegal copying of information from the one information carrier to the other using a comparatively small M-bit master key and to achieve that if the key material of a protected information carrier is compromised the copy protection system remains intact with an acceptable probability.
To this end, the method in accordance with the invention is characterized in that the M-bit master key is selected from an N-bit string by determining a number p, in dependence upon an identifier R, the identifier R being associated with a recording of information on the information carrier, and by reading the N-bit string from a position defined by the number p, N being substantially greater than M.
By selecting the M-bit master key from a comparatively large shared secret, the N-bit string, in dependence on an identifier R, which is associated with a recording of information on an information carrier, a large number of unique M-bit master keys can be generated.
This has the advantage that compromising of one or a small number of the selected M-bit master keys will not result in immediate loss of the copy protection. If one or a small number of the selected M-bit master keys is/are compromised it is possible that previous recordings made with those keys and future recordings which will be made are copied illegally by means of these M-bit master keys.
It is not possible to determine in advance whether the next recording can be copied because it is not possible to predict whether a compromised M-bit master key or a non-compromised M-bit master key will be used. This is not possible because the number p is derived from the identifier R via cryptographic techniques such as hash functions. As a result of this, compromising of one or a large number of the selected M-bit master keys will be even less harmful for the copy protection.
The present invention enables the use of a large shared secret and enables this large shared secret to be used for the generation of keys of limited key length. The computing time required for generating the key and subsequently encrypting or decrypting the information can thus be limited. As a result of the size of the shared secret it will take a longer time before it can be compromised completely. Compromising of a single M-bit master key will then only result in a gradual degradation of the copy protection in the copy protection system rather than in an abrupt loss of the copy protection.
The invention is inter alia based on the recognition of the fact that use can be made of a large shared secret, namely the N-bit string from which the M-bit master key is selected for each recording of information to be protected against illegal copying. Thus, it is possible to have a large shared secret and yet to comply with restraints imposed on the permissible size of the M-bit master key.
Another variant is characterized in that, in addition, said number p is dependent upon the information carrier key.
Since the number p depends both upon the identifier R and on the information carrier key it is possible to generate a large number of unique M-bit master keys.
Another variant is characterized in that said identifier R is associated with a recording sequence number.
By associating the identifier R with a recording sequence number it is possible to generate another M-bit master key for each recording of information. As a rule, only the information of one recording can be copied illegally in the case that one M-bit master key is compromised, without enabling recordings made shortly before or shortly after this to be copied illegally.
Possible examples of relationships between the identifier R and th
Belk Michael E.
Hua Ly V.
LandOfFree
Method of and device for generating a key does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method of and device for generating a key, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method of and device for generating a key will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2839363