The apparatus and method of the encryption device and a decryption method, a device and a method of information processing

 

The invention relates to radio communications, in particular, for encryption, decryption and processing information. The technical result is to increase the degree of security of information. For this data, encrypted interface means playback from a digital video disk (CVP), transferred to a personal computer and a device for magneto-optical disks via the bus. In the device for magneto-optical disks, in which the change function is not open to the user, the received data is decrypted by the interface. In contrast, a personal computer, which is open to the user, the encrypted data is decrypted using the key with the temporary variable, through an interface, and the result of the decryption additionally decrypted using the session key through land application program. 12 N. and 25 C.p. f-crystals, 24 ill.

The technical field

The invention relates to a device and method of the encryption device and the decryption method and device and method, information processing, and more specifically to a device and method of the encryption device and the security information.

Prior art

Recently created a network that consists of many electronic devices, including audio - video devices, computers, and so forth, which are connected to each other via a bus so that they can be transferred to different data.

In the case when, for example, uses the network of the aforementioned type, data, video, playable with CVP (digital video disk) or CHD (digital flexible disk) via the playback device CVP connected to the network, you can pass the bus on the display type television receiver or monitor and display it. It usually has permission from the copyright owners, obtained at the time of purchase CVP for playback and viewing of video playback with CVP on the display.

However, usually the owner of the copyright does not allow you to make copies of the data reproduced from the CVP to another recording medium, and to use them. Thus, to prevent the transmission of data over the bus (LAN) from unauthorized taken up, you can encrypt the data on the transmission and decrypt the data on the receiving side.

However, the electronic device pota predefined purposes, therefore, so the user could not modify or introduce a different part to get or change the internal data (edit functions) device. On the other hand, with regard to, for example, personal computers, architecture or electronic circuits are open to users, and they can add a card and install various application programs to add or modify various functions. Accordingly, with regard to a personal computer, it is relatively easy to directly access or modify the data in the internal bus of a personal computer by adding a predefined hardware or application software systems. This shows that through the creation and use of application software can be easily performed, for example, receiving data transmitted in the form of encrypted data from the playback device CVP, on the television receiver, and the decryption or copying the received data for a personal computer.

In other words, the personal computer has a weak connection between the part of the communication channel, affecting communication through smih data and includes many sites that can physically and logically be modified by the user. In contrast, consumer electronic devices have a strong connection between these elements and only a small degree allow user intervention.

The invention

The present invention is a device and method of the encryption device and the decryption method and device and method, information processing, whereby it is possible to more reliably prevent unauthorized copying of data.

To achieve the specified result, in accordance with one aspect of the present invention, the proposed device encryption, containing the encryption tool to encrypt the data using a cryptographic key, the first generating tool for generating the first key, the second generating tool for generating a second key which is changed from a pre-defined constant when encrypting data, and the means of formation for generating the cryptographic key using the first key and the second key.

In accordance with the second Szowaniem cryptographic key, generating a first key, generating a second key which is changed from a pre-defined constant when encrypting data, and generating the cryptographic key using the first key and the second key.

Device encryption and the encryption method by generating the cryptographic key using the first key and the second key that changes with the predefined constant when data is encrypted, it is possible to encrypt with a high degree of reliability.

In accordance with the following aspect of the present invention, the decryption device containing means for receiving encrypted data, a decryption tool for decrypting the received data using a cryptographic key, the first generating tool for generating the first key, the second generating tool for generating a second key which is changed from a pre-defined constant when the decryption, and the means of formation for generating the cryptographic key using the first key and the second key.

In accordance with another aspect of the present invention a method of dem cryptographic key, generating a first key, generating a second key which is changed from a pre-defined constant when decrypting data, and generating the cryptographic key using the first key and the second key.

In the decryption device and method of decrypting, by generating the cryptographic key using the first key and the second key that changes with the predefined constant when decrypting data, it is possible to decrypt the encrypted data with a high degree of reliability.

In accordance with another aspect of the present invention proposed a data processing system containing multiple devices of information processing that are connected to each other via a bus, and device information processing include the first device, information processing, each of which has the function, which is not open to the user, and the second device, information processing, each of which has the function, which is open to the user, each of the first devices of information processing includes first means for receiving shifrovannaya cryptographic key, the first generating tool for generating the first key, the second generating tool for generating a second key which is changed from a pre-defined constant when decrypting data, and the first means of formation for generating the cryptographic key using the first key generated by the first generating tool, and the second key generated by the second generating tool, each of the second processing devices information includes second means for receiving encrypted data, third-generating tool for generating the first key, the fourth-generating tool for generating a second key which is changed from a pre-defined constant when decrypting data, the second means of formation for the formation of the first cryptographic key using one of the mentioned first key generated by the third generating tool, and the second key generated by the fourth generating tool, a third means of formation for forming the second cryptographic key using the other of the said first key formed tritico decryption to decrypt the encrypted data, accepted means of receiving, using the first cryptographic key, and the third decrypting tool to further decrypt the data decrypted by the second decrypting tool, using the second cryptographic key.

In accordance with another aspect of the present invention, a method of information processing for the information processing system consisting of a set of processing devices of information, United with each other by a bus, and the device information processing include the first device, information processing, each of which has the function, which is not open to the user, and the second device, information processing, each of which has the function, which is open to the user, which includes operations performed by each of the first devices of information processing, receiving encrypted data, decrypting the received data using a cryptographic key, generating a first key, generating a second key which is changed from a pre-defined constant when decrypting data, and generating the cryptographic key using the first is the generation, and the operations performed by each of the second devices of information processing, receiving encrypted data, generating a first key, generating a second key which is changed from a pre-defined constant when decrypting data, the formation of the first cryptographic key using one of the mentioned first key and the second key, the formation of the second cryptographic key using the other of the said first key and the second key, decrypt the data received at the step of receiving, using the first cryptographic key and additional decryption of data using the second cryptographic key.

In the claimed system and information processing method, information processing, because in the first device information processing with functions, the modification of which is not revealed to the user, the cryptographic key is generated using a first key and a second key, changing with the predefined constant when encrypting data, and secondly the device information processing with functions which change solved for the user, generates a first cryptographic key from the IC is m constant when decrypting data, and then generate the second cryptographic key using another of these keys, then the encrypted data is decrypted using the first cryptographic key, and the decrypted data is optionally decrypted using the second cryptographic key, the claimed device and method of information processing have a higher degree of reliability than known from the prior art.

In accordance with another aspect of the present invention, the claimed data processing unit containing means for receiving data transmitted to it through the bus, the means of formation, including the system software, for the formation of the first cryptographic key and the second cryptographic key, which is changed from a pre-defined constant when decrypting data, from the data received by means of the reception, the first decryption tool for decrypting encrypted data received by means of receiving, using one of the mentioned first cryptographic key and the second cryptographic key generated by means of formation, and the second Redstone, using the other of the said first cryptographic key and the second cryptographic key generated by means of formation.

In accordance with another aspect of the present invention a method of processing information comprising the operation of receiving data transmitted over the bus, the formation of the received data of the first cryptographic key and the second cryptographic key, changing with the predefined constant when decrypting data, decrypting the received encrypted data using one of the mentioned first cryptographic key and the second cryptographic key, and additional decryption decrypted data using the other of the said first cryptographic key and the second cryptographic key.

In these information-processing device and method, information processing, since the first cryptographic key and the second cryptographic key, changing with the predefined constant when decrypting data, are formed on the basis of the program of the software system, the decryption can be performed for each application program, and carried the other tasks, features and advantages of the present invention will become apparent from the following description and claims, in conjunction with the attached drawings, in which similar parts or elements are denoted by the same reference position.

Brief description of drawings

Fig.1 is a block diagram illustrating an example of construction of the information processing system, which can be used in the present invention.

Fig.2 is a block diagram illustrating an example implementation of a device for playing a digital video disc (CVP), a personal computer (PC) devices, and magneto-optical disks shown in Fig.1.

Fig.3 is a block diagram illustrating an authentication procedure performed is shown in Fig.1 the information processing system.

Fig.4 is a timing diagram illustrating shown in Fig.3 the identification procedure.

Fig.5 - schematic representation of the format of the unique ID (ID) of the node.

Fig.6 is a timing chart illustrating another procedure of identification.

Fig.7 is a similar diagram illustrating another procedure of identification.

Fig.8 is a similar diagram illustrating another procedure of identification.

Fig.9 is a similar d is imovane.

Fig.11 is a block diagram illustrating an example of construction of the 1394 interface used is shown in Fig.10 the encryption process.

Fig.12 is a block diagram illustrating an example of a more detailed construction shown in Fig.11 1394 interface.

Fig.13 is a block diagram illustrating an example of a more detailed construction shown in Fig.12 shift register with linear feedback.

Fig.14 is a block diagram illustrating an example of a more detailed construction shown in Fig.12 shift register with linear feedback.

Fig.15 is a block diagram illustrating an example of construction of the 1394 interface used is shown in Fig.10 the encryption process.

Fig.16 is a block diagram illustrating a more detailed construction shown in Fig.15 1394 interface.

Fig.17 is a block diagram illustrating an example of construction of the 1394 interface used is shown in Fig.10 the encryption process.

Fig.18 is a block diagram illustrating a more detailed construction shown in Fig.17 1394 interface.

Fig.19 is a block diagram illustrating an example of construction of parts of the system used is shown in Fig.10 the encryption process.

Fig.20 is a block diagram illustrating a more detailed post is RFAS, used in shown in Fig.10 the encryption process.

Fig.22 is a block diagram illustrating another example of construction of the 1394 interface used is shown in Fig.10 the encryption process.

Fig.23 is a block diagram illustrating another example of construction of the 1394 interface used is shown in Fig.10 the encryption process.

Fig.24 is a block diagram illustrating another example of the construction of part of the system used is shown in Fig.10 the encryption process.

Description of the preferred embodiments of the invention

In Fig.1 presents an example of the information processing system, which can be used in the present invention. Shows an information processing system includes a playback device 1 with digital video disc or digital flexible disk (CVP), a personal computer (PC) 2, device 3 to the magneto-optical disks, the transmitted data receiver 4, a monitor 5 and a television receiver 6, which are all connected to each other via a serial bus 11 1394, EIRE (Institute of electronics engineers and electronics).

In Fig.2 provides more detail of the internal construction of the device 1 play with CVP, personal computerimprovement with CVP connected to the bus 11 1394 interface 26 1394. The playback device 1 with CVP includes a Central processing unit (CPU) 21 that performs various kinds of processing in accordance with programs stored in ROM (read only memory device) 22. NVR (storage device with random access) 23 is used for storing data, programs and so forth necessary for the CPU 21 to execute various processes. The operation unit 24 includes buttons, switches, remote control and so on, and when it is brought into action by the user, it outputs a signal corresponding to the operation. Drive 25 actuates CVP (not shown) for playback of high-pressure data. EEPROM (electrically erasable programmable permanent memory) 27 stores information such as key information, which is stored and when turning off the power source of the device. Internal bus 28 connects the components with each other.

Device 3 to the magneto-optical disks includes a CPU 31, ROM 32, NVR 33, the operation unit 34, the drive 35, the interface 36 1394, EEPROM 37 and the internal bus 38, which have functions similar to the functions described above, the playback device 1 with CVP. Avoid izbytochnoi the cauldron) for recording data on the magneto-optical disk, or play with such a disk.

The personal computer 2 is connected to the 1394 bus interface 49 1394. The personal computer 2 includes a CPU 41, which performs various kinds of processing in accordance with programs stored in the ROM 42 and NVR 43, which accordingly remember, data, programs, etc. necessary for execution of the CPU 41 different operations. To the interface 44 I / o connected keypad 45 and a mouse 46, and an interface 44 I / o displays the entering signals from the keypad 45 and mouse 46 to the CPU 41. Interface 44 I / o is connected to the drive 47 for hard disk drives (ChRW), so that the data, programs and so forth can be recorded on the hard disk (not shown) and reproduced from the hard disk by the driver 47 hard disk. The interface 44 I / o you can properly install the expansion card 48, so that it is possible to additionally provide the necessary function to the personal computer 2. EEPROM 50 is used to remember information that is saved when you turn off the power of the personal computer 2, type information about the different keys. Internal bus 51 is made of, for example, in the form of bus SDA (connection of peripheral devices), local bus or p-opened for user so that the user can take the data transferred via the internal bus 51 by an appropriate connection of certain fees to the extension Board 48 or through the creation and installation of certain program system software.

In contrast, in any of the devices consumer electronic equipment (EBA), device type 1 playback with CVP and device 3 to the magneto-optical disks, internal bus 28 or internal bus 38 is not exposed to the user and the user cannot receive the transmitted data on it, unless it is made special changes.

The following describes the authentication procedure performed between the source and the receiver. Here, the authentication procedure is, for example, as shown in Fig.3, between a hardware and software tool 20 in the form of one of the programs of the system software stored in advance in the ROM 22 of the device 1 play with CVP serving as the source, and the license administrator 62 in the form of one of the programs of the system software stored in the ROM 42 of the personal computer 2 serving as a receiver, and processed in the CPU 41.

In Fig.the MSC (PC 2). Key service (service) and function (hashing) are memorized in advance in the EEPROM 27 device 1 play with CVP. They both are presented to the user of the playback device 1 with CVP from the copyright owner and the user stores them securely in EEPROM.

The key service provided for each information provided by the copyright owner, and is common for systems that are created using bus 11 1394. It should be noted that the system in the present description means a generalized unit formed by multiple devices.

The hash function is a function for outputting data of a fixed length, for example 64 or 128 bits in response to the input data of arbitrary length, and is a function with which it is difficult to determine the parameter x, if set (=hash (x)), and it is difficult to determine the set of x1 and x2, which satisfies the equality hash (x1)=hash (x2). As known examples of one-way hash functions can be specified MD5, SHA etc., the Detailed description of one-way hash function described in Bruce Schneier, "Applied Cryptography (Second Edition), Wiley".

The personal computer 2 as receiver stores samisen item copyright and special to the personal computer 2. The license key is a value that is obtained by applying a hash function to the data (ID | | key obsluzhivaniya) of n + m bits obtained by the connection ID of n bits and a key of m bits. In particular, the license key is given by the following expression

clutchless=hash (ID | | cleocin)

As an ID you can, for example, to use UniqueID site, prescribed standards for the 1394 bus. Unique ID node is as shown in Fig.5, from 8 bytes (64 bits), in which the first 3 bytes are issued by the Institute IEEE particular manufacturer electronic devices. The last 5 bytes can determine each manufacturer for each device available to any user by the manufacturer. Each manufacturer applies, for example, among the lowest 5 bytes sequentially for individual devices with the use of the singular for one device, and when using all the numbers 5 bytes manufacturer issued another UniqueID site, the higher 3 bytes which are different, while one device with the lowest 5 bytes applies singular. In accordance with this UniqueID node differs in different b the military means 20 of the device 1 play with CVP manages the interface 26 1394 to request that the personal computer 2 about ID by bus 11 1394. License administrator 62 of the personal computer 2 receives at step S2, the request ID. In particular, the interface 49 1394 receipt of a signal request ID, transmitted from the device 1 play with CVP bus 11 1394, outputs a signal to the CPU 41. License administrator 62 processor CPU 41 when receiving a request ID, reads the stored EEPROM ID and transmits at step S3 ID via bus 11 in 1394 device 1 play with CVP interface 49 1394.

At step S4, the playback device 1 with CVP ID is accepted by the interface 26 1394 and transferred to the hardware-software tool 20, which is driven by the CPU 21.

At step S5 hardware-software means 20 transmits the ID transmitted from the personal computer 2, and key service, which is stored in the EEPROM 27, to generate the data (ID | | cleocin), and applies the hash function defined by the following expression data for the formation of a license key (LK).

LK=hash (ID | | cleocin).

Then at step S6, the software 20 generates a cryptographic key ck, which is described in detail below. Cryptographic key ck is used as a session key in the playback device 1 with black the cue key QC formed at the step S6. using the key LK, formed at the step S5, as a key to obtain encrypted data (encrypted key) sh. In other words, the software calculates the following expression:

W=the Cipher. (LK, KK),

where the Cipher. (A, b) represents the encryption of data using the key And normal key cryptography.

Then at step S8 hardware-software means 20 transmits the encrypted data W formed at the step S7. in the personal computer 2. In particular, the encrypted data W are transferred from the interface 26 1394 device 1 play with CVP in the personal computer 2 via the bus 11 1394. In the personal computer 2, the encrypted data W on the stage 39 are accepted by the interface 49 1394. License administrator 62 decrypts the received thus encrypted data using the license key stored in the EEPROM 50, in accordance with the following expression, to generate a decryption key QC'.

QC'=Desir. (cluiche, W),

where Desir. (A, b) represents the decryption of data using the key And normal key cryptography.

It should be noted that as the algorithm for encryption is usually described in detail in the aforementioned work "Applied Cryptography".

Key LK generated at step S5 device 1 play with CVP, has a value equal to the value (key licensirovania) stored in the EEPROM 50 of the personal computer 2. In other words, the following expression is satisfied:

LK=cluiche.

In line with this, key QC' obtained through decryption in step S10 personal computer 2 has a value equal to the value of a cryptographic key ck generated at step 36 the playback device 1 with CVP. In other words, the following expression is satisfied:

QC'=QC.

Thus, keys QC and QC', which are equal to each other, can usually have and playback device with CVP (source) and a personal computer 2 (the receiver). Therefore, either the key QC can actually be used as a cryptographic key, or you can create a pseudo-random number based on the key QC and use it as a cryptographic key and the source and the receiver.

Since the license key is generated based on the specific device ID and key maintenance, provide appropriate information, as described above, the other device cannot create key QC ilk or QC', because it does not have a license key. Accordingly, when the playback device 1 with CVP then encrypts the data playback using the cryptographic key ck, and transmits the resulting data to the personal computer 2, and if the personal computer 2 has legally obtained the license key, because it has the cryptographic key QC', he can decrypt the encrypted playback data transmitted to it from the device 1 play with CVP. However, if the personal computer 2 is not legitimate, because it does not have a cryptographic key QC', he cannot decrypt the transmitted encrypted data on it playing. In other words, because only valid device may generate cryptographic keys QC and QC', the result is the identity.

Even in the event of theft license key one personal computer 2 as ID in a variety of different blocks, the other device cannot decrypt encrypted data sent to it from the device 1 play with CVP, using a license key. In accordance with this provides improved sedimentassociated with CVP) is not only a personal computer 2, but the device 3 to the magneto-optical disks.

In this case, the ID is stored IN, as well as license key is memorized key its in EEPROM 50 personal computer 2 serving as a receiver 1, and in the EEPROM 37 in the device 3 to the magneto-optical disks, employee receiver 2, is remembered ID as ID, as well as licensed to remember the key Ani.

Procedures in steps S11-S20 performed between the device 1 play with CVP (source) and a personal computer 2 (receiver 1) is essentially the same as shown in Fig.4 procedures in the steps S1-S10. Therefore, to avoid redundancy, the description of the procedures S11-S20 is omitted.

After the interaction device 1 play with CVP with the personal computer 2 to perform the identification procedure thus, as described above, it asks at step S21 device 3 to the magneto-optical disks about ID. When receiving a phase signal S22 request ID through an interface 36 1394 device 3 to the magneto-optical disks, the hardware-software means 30 (Fig.10) in the device 3 to the magneto-optical disks reads the ID (ID) stored in the EEPROM at step S23, and transmits the ID of the interface with the e 324 ID through the interface 26 1394 and creates at step S25 key LK on the basis of the following expression:

LC=hash (ID | | cleocin).

Next, a hardware-software means 20 calculates at step S26 following expression for the encryption key ck generated at step S16, using the key LK formed at the step S25 to generate encrypted data m2.

m2=the Cipher. (LC, QC).

Then, in step S27, the hardware-software means 20 transmits the encrypted data m2 interface 26 1394 device 3 to the magneto-optical disks via the bus 11 1394.

Device 3 to the magneto-optical disks takes on the step S28, the data is encrypted m2 via the interface 36 1394 and calculates at step S29 the following expression for generating the cryptographic key kk2':

kk2'=Desir. (key Ani, m2).

Cryptographic keys kk1' and kk2' get a personal computer 2 and the device 3 to the magneto-optical disks, respectively, thus, as described above. Their values equal to the value of a cryptographic key KK playback device 1 with CVP.

Although shown in Fig.6 procedure, the playback device 1 with CVP separately requests the personal computer 2 and the device 3 to the magneto-optical disks about their ID, and processes the received ID there, and the request about And who, as shown in Fig.7.

In particular, it is shown in Fig.7 procedure, the playback device 1 with CVP as a source asks for all the receivers, which in this procedure are the personal computer 2 and the device 3 to the magneto-optical disks, about ID by broadcast data. After receiving the personal computer 2 and the device 3 on the magneto-optical disk request signal on the transmission ID in the steps S42 and S43, respectively, each of them reads IT or ID stored in EEPROM 50 or EEPROM 37. and at step S44 or step S45 transmits it to the device 1 play with CVP. The playback device 1 with CVP takes on the steps S46 and S47 identifiers ID.

The playback device 1 with CVP creates at step S48, the cryptographic key LK on the basis of the following expression:

LC=hash (ID | | cleocin).

Next, at step S49 is generated cryptographic key LK on the basis of the following expression:

LC=hash (ID | | key service).

Next, at step S50 in the playback device 1 with high-generated cryptographic key ck, and step S51, the cryptographic key is encrypted in accordance with the following expression using the key LK:

R1=Cipher. (LK, Szowaniem key LK:

m2=the Cipher. (LC, QC).

Then, in step S53 thus obtained ID, R1, ID and m2 are connected in accordance with the following expressions for the formation of the encrypted data :

W=ID | | R1 | | ID | | m2.

The encrypted data W generated in the device 1 play with CVP thus, as described above, then at step S54 are transmitted to the personal computer and the device 3 to the magneto-optical disks by means of broadcast data.

The personal computer 2 and the device 3 to the magneto-optical disks accepts encrypted data W in steps S55 and S56, respectively. Then at steps S57 and S58 in the personal computer 2 and the device 3 to the magneto-optical disks perform calculations in accordance with the following expression to create a cryptographic key kk1' and kk2', respectively:

kk1'=Desir. (key Ani, R1).

kk2'=Desir. (key Ani, m2).

Fig.8 illustrates an example procedure in which one receiver can use many services such as decryption of many types of information). As shown in Fig.8, when the present procedure, for example, in the EEPROM 50 personal computer 2 serving as a receiver, memorized many licensin with CVP, employee as the source, the memorized many service keys (key absolutive, key absolutive, key absolutive and so on). In this case, when the step S81, the playback device 1 with CVP requests the personal computer 2, as receiver, ID, it transmits IDOSIYE identification information (service) to be subsequently transmitted from the playback device 1 with CVP. When at step S82, the personal computer 2 receives IDOSIYE, he chooses one of the many license keys stored in the EEPROM 50, which corresponds to IDOSIYE and executes at step S90 decoding by using the selected license key. Other operations are similar to the operations shown in Fig.4.

Fig.9 illustrates the following example procedure. In the presented procedure in EEPROM 27 device 1 play with CVP serving as the source, the memorized cleocin, the hash function and the function for generating the pseudo-random number (PRNG). They are set by the copyright owner and stored in a secure manner. In the EEPROM 50 personal computer 2 serving as a receiver, the stored ID, LK, LK' function G (mixing) and the function of generating the tea number, created by the copyright owner, and LK' is created so that it can satisfy the following expression:

Luke'=G^ - 1 (R)

R=PRNG(H) + PRNG(LK)

H=hash (ID | | cleocin).

It should be noted that G^ - 1 means the inverse function of the function G. G^ - 1 has the characteristic that easy to calculate if you know a pre-set rule, but if the rule is not known, it is difficult to calculate. As this function, you can use a function that is used for public-key cryptography.

The function for generating pseudo-random function may be provided in the form of hardware.

Hardware-software means 20 of the device 1 play with CVP initially requests at step S101 license administrator 62 of the personal computer 2 in relation ID. License administrator 62 of the personal computer 2, when the step S102 signal is received from the request ID, reads the ID stored in the EEPROM 50 and transmits it at step S103 on the playback device 1 with CVP. Hardware-software means 20 of the device 1 play with CVP at step S104 takes this ID and step S105 calculates the following expression:

H=hash (ID | | Klucis expression:

W=QC (+) PRNG.

It should be noted that A (+) represents an exclusive OR operation with the values of a and B.

In other words, the key ck is encrypted through the implementation of the exclusive OR operation for each bit of the result PRNG (H) obtained by entering N, computed in step S105, the key generation PRNG pseudo-random number, and at step S106, the key is created QC.

Then, in step S108 software 20 passes W on personal computer 2.

At step S109, the personal computer 2 accepts W and at step S110 calculates the following expression:

QC'=W ( + ) (Luke') + PRNG(LK).

In particular, to obtain QC' throughout the implementation of the exclusive OR operation for W transmitted from the playback device 1 with high-pressure values(Luke'), obtained by applying LK' recorded in the EEPROM 50, the function G is also stored in the EEPROM 50, and the resulting PRNG(LK) obtained by applying LK' stored in the EEPROM 50, the function of generating pseudo-random numbers PRNG, also stored in the EEPROM 50.

Here, as can be seen from the following expression, QC=QC':

QC'= W ( + ) (Luke') + PRNG(LK)=

= QC (+) PRNG(H) + R + PRNG(LK)=

= QC (+) PRNG(H) + KPS the personal computer 2 as a receiver have the cryptographic keys QC and QC', which are usually equal to each other. Since LK and LK' can only be created by the copyright owner, even if the source will attempt to illegally create LK and LK' he will not be able to create them and, consequently, the protection can be further improved.

Although in the above description, the identification is performed, for example, between the source and the receiver, a personal computer 2 can usually be used as a load arbitrary application program. As such the application program can be used illegally created by the application program. Accordingly, for each application program should determine whether it is licensed by the copyright owner or not. Therefore, as shown in Fig.3, between each section 61 of the application program and the license administrator 62 may perform the identification procedure thus, as described above. In this case, the license administrator 62 serves as a source, and a portion 61 of the application program serving as a receiver.

The following describes the operation when, after identification exercise (after the usual receiving a cryptographic key) encrypted data is transmitted from stacktracetop, internal functions which are not disclosed to the average user, device type 1 playback with CVP or device 3 to the magneto-optical disks, performing encryption and decryption of data transmitted over the bus 11 1394, is the interface 26 1394 or interface 36 1394. Although encryption and decryption use the S key, and session key temporary variable i, the S key, and session key i temporary variable (more precisely, the key i' to be used to generate the key i temporary variable), originate from software and hardware tools 20 or hardware means 30 to the interface 26 1394 or interface 36 1394, respectively. Key's session consists of key Ss of the initial value (first information), to be used as initial values, and key Si of destruction, to be used for the destruction of the key i temporary variable (the second information). Key Ss of the initial value and the key Si destruction can consist of high-order bits and low-order bits a predetermined number of bits of cryptographic CC (=CC') created under the above identication, respectively. Key's session appropriately adjusted for each session, for example di variable, created from key Si destruction and key i', frequently updated in the same session, and, for example, you can use the temporal information with a predefined constant or etc.

Now suppose that serve as a source video data reproduced by the playback device 1 with CVP, and inferred from it, is transmitted to the device 3 to the magneto-optical disks and the personal computer 2 via the bus 11 1394, so they are decrypted by the device 3 to the magneto-optical disks and the personal computer 2. In this case, the playback device 1 with high performing encryption is performed using the S key, and session key i temporary variable, through an interface 26 1394. In the device 3 to the magneto-optical disks performing decryption is performed using the S key, and session key i temporary variable through an interface 36 1394.

In contrast, the personal computer 2 of the license, the administrator 62 generates a key Ss primary key values S session on section 61 of the application program and generates a key Si destruction and the key i temporary variable (more precisely the key i' to generate the key i temporary variable) on the interface 49 1394 (communication area). holds the decryption using the key i temporary variable, and the decrypted data is optionally decrypted using the key's session (or rather key Ss of the initial value), by section 61 of the application program.

Thus, as in the personal computer 2 internal bus 51 is opened for the user interface 49 1394 is only the first stage of the decryption, so that the resulting data is still in encrypted state. Then there is a second stage of additional decryption by section 61 of the application program for the formation of the unencrypted data. The personal computer 2 do not add function, suitable for copying data (unencrypted) that are transmitted to the internal bus 51 to the hard disk 47 or any other device.

Thus, in the present system, although the device BEA, an internal bus which is not open to the user, executes the encryption process or decryption after using the S key, and session key temporary variable i, in the other device (the personal computer 2 or a similar device), an internal bus which is open, separate procedure decryption using the key i temporary paramline this method of procedure decrypt one stage and decryption procedure in two separate phases, should be satisfied with the following expression:

Desir.(S, Desir. (i, a Cipher. (Sal (S+i), data)))=Data

where Sal (S+i) represents the result obtained by entering the S key, and the key i temporary variable in a predefined algorithm.

In Fig.11 shows an example of construction of the interface 26 1394, which satisfies the above expression. As shown in Fig.11, the interface 26 1394 data of m bits generated by the additive generator 71, served on the generator 73 compression. Shift register 72 with linear feedback (SLOS) displays the data of 1 bit, and supplies them to the generator 73 compression. Generator 73 compression selects the output signal of the additive generator 71 in response to the output signals of the shift register 72 with linear feedback, and outputs the selected data as a cryptographic key to the adder 74. The adder 74 adds input scriptorama (data of m bits to be fed to the bus 11 1394) and data of m bits (cryptographic key) received from generator 73 compression, and outputs the result of the summation in the form of a cryptogram (encrypted data) to the bus 11 1394.

Performing the summation by the adder 74 is a summation of the output signal generator 73 and compression ndrug with each other and displays the sum without carry.

In Fig.12 shows an example of a more detailed construction shown in Fig.11 interface 26 1394. From key's session, the output of the hardware-software means 20, the key Ss of the initial value is passed through the adder 81 in register 82 and stored in it. Key Ss of the initial value, for example, consists of 55 words (one word has a length of from 8 to 32 bits). Next key's session coming from hardware-software means 20, the key Si destruction, consisting, for example, of 32 bits from MDR (bits), is stored in another register 85.

The key i' is stored in the next register 84. Here, for example, every time the bus 11 1394 transmitted one packet, the register 84 receives the key 1' of two bits, and when in register 84 is memorized key 1' 16 packs (32-bit), it folds with key Si of the 32 bits stored in the register 85, by means of the adder 86 and acts as the final key i the temporary variable to the adder 81. The adder 81 adds the value stored at the moment in the register 82, and the key i temporary variable coming from the adder 86, and the resulting sum is supplied to the register 82 to remember.

If the number of bits of the word in register 82 is, for example, 8, because the key is ever got part of 8 bits, and every 8 bits are added to the word of a predetermined address (0-54) register 82.

After the first memory in such a way that key Ss of the initial value in the register 82, it is updated by the key i temporary variable every time you pass scriptorama to 16 packages.

The adder 83 selects the pre-defined 2 words (shown in Fig.12 case clocking word address 23 address 54) 55 words stored in the register 82, sums the two selected word and output word register 73 compression. Further, the output signal of the adder 83 is transmitted to the one shown in Fig.12 constant at address 0 register 82, to remember instead of the previous stored values at address 0.

Then, at the next clock, the addresses of the two to be transmitted to the adder 83 words are shifted up by one word, in Fig.12 from address 54 address 23 address 53 and the address 22, respectively, and the address you want to update the output signal of the adder 83 is shifted to a higher address. However, since addresses greater than the address 0, no, in this case, the address is shifted to the address 54.

It should be noted that the adders 81, 83 and 86 in other respects can perform the operation "exclusive OR".

Shift n bits and the adder 102 for adding the values of predetermined bits (registers) of the n bits of the shift register 101. The shift register 101 stores the bits coming from the adder 102, the left in Fig.13 the case of the EAP, and shifts the data that was stored here before, at the next register Bn-1on the right side. A similar implementation is carried out also registers Bn-1Bn-2, ... Then, at the next clock, the value obtained by adding the values of bits of the adder 102, stored, respectively, the leftmost in Fig.13 bat Inn. The above operation is sequentially repeated until the output signal is subsequently not get one bit from the right in Fig.13 register1.

Although in Fig.13 shows an example of conventional construction, more specifically, the shift register 72 with linear feedback can be done thus, as shown, for example, in Fig.14. In the form shown in Fig.14 shift register 72 with a linear feedback shift register 101 consists of 31 bits, and the register value in1on the right end in Fig.14 and register in31on the left end in Fig.14 are summed in adder 102 and the resulting sum is fed back to the register in31.

When the data bit is 1, the output of shift register 72 with linear feedback, have Legionowo generator 71, in memory 92 FIFO type (PAT) to remember. On the other hand, when the data bit 1 from the shift register 72 with linear feedback, have a logical value of 0, the section 91 of discernment state does not accept data of m bits received from the CPU 31, and terminates execution of the encryption. So, are selected and stored in memory 92 FIFO type generator 73 compression only the data of m bits generated by the additive generator 71, which are displayed when testirovanie in which the shift register 72 with linear feedback outputs the logical value 1.

Stored in the memory 92 FIFO type data of m bits serves as a cryptographic key to the adder 74, through which they develop data scriptorama (data playback CVP), subject to the transfer to generate the cryptogram.

Encrypted data is transferred from the playback device 1 with HPC device 3 to the magneto-optical disks and the personal computer 2 via the bus 11 1394.

The interface 36 1394 device 3 to the magneto-optical disks are made, as shown in Fig.15, to decrypt the data received from the bus 11 1394. In the interface 36 1394 Dannii feedback (SLOS), served on the generator 173 compression. Then the key of m bits output from generator 173 compression, served on a subtractive device 174. Subtractive device 174 subtracts the key coming from the generator 173 compression of the cryptogram decryption of the cryptogram in scriptorama.

It is shown in Fig.15 interface 36 1394 done, mostly, similarly shown in Fig.11 interface 11 1394, but differs only in that shown in Fig.11, the adder 74 is replaced by device subtraction 174.

In Fig.16 shows a more detailed implementation of the interface 36 1394 in Fig.15. As shown in Fig.16, although the interface 36 1394 done, mostly, similarly shown in Fig.12 interface 26 1394, the adder 74 (Fig.12) is replaced by device subtraction 174. Other components of the additive generator 171, shift register 172 with linear feedback generator 173 compression adder 181, register 182, the adder 183, registers 184 and 185, additional adder 186, section 191 of the recognition of States and PORT 192 correspond to the additive generator 71, shift register 72 with linear feedback generator 73 compression, the adder 81, the register 82, the adder 83, the registers 84 and 85, the adder 86, section 91 of the recognition of States and PORT 92, shown in Fig.12, the CE is to inromania interface 26 1394 in Fig.12, in order to avoid redundancy, the description is omitted. However, in the shown in Fig.16 interface 36 1394 key of m bits coming from POMT generator 192 173 compression, is subtracted from the cryptogram by device subtraction 174 for decrypting the cryptogram.

As described above, in the interface 36 1394 encrypted data is decrypted simultaneously using the S key, the session key Ss of the original values and key Si of destruction) and key temporary variable.

In contrast, as described above, in the personal computer 2, the decryption is performed in two stages separately interface 49 1394 and section 61 of the application program.

In Fig.17 shows an example of construction of the interface 49 1394, where decryption is performed by hardware means. It is shown in Fig.17 interface 49 1394 is mostly similar to the interface 36 1394, shown in Fig.15. In particular, the interface 49 1394 also consists of an additive generator 271, shift register 172 with linear feedback generator 273 compression device 274 subtraction, and these components are basically similar additive generator 171, shift register 172 with linear feedback generator 173 and compression device 174 subtraction, shown n the Fig.15 interface 36 1394, served from the license administrator 62 on the additive generator 271 in the form of key i', intended for forming the key i temporary variable, and key Si destruction of key's session for the destruction of key temporary variable i in the form of key Ss initial values served a neutral element in which all bits are 0.

In particular, as shown in Fig.18, since all bits of the key Ss initial values are 0, essentially similar to the alternative case, in which no key Ss of the initial value, a cryptographic key is generated based on only key i temporary variable. As a result, the device 274 subtraction performs decryption only on the basis of key temporary variable i cryptogram. In addition, since the decryption on the basis of key Ss of the initial values is not performed, the data obtained by the decryption is stored in an encrypted state. Accordingly, even if data removed from the internal bus 51 and written to the hard disk 47 or some other recording media, they cannot actually be used.

Section 61 of the application program, which is optionally decrypts the previously decrypted data on onrestart software consists, as shown in Fig.19, of an additive generator 371, shift register 372 linear feedback generator 373 compression device 374 subtraction. The basic design components similar to those shown in Fig.15 designs additive generator 171, shift register 172 with linear feedback generator 173 and compression device 174 subtraction, respectively.

However, although the key Ss primary key values S session, a normal key initial value is supplied in the same manner as in the case of Fig.15, each of these keys - key Si destruction and key i' used to create key temporary variable i represents the data of the neutral element in which all bits are 0.

As a result, as particularly shown in Fig.20 (elements 371-392 correspond to elements 171-192, shown in Fig.16, respectively), since all bits of key i' memorized in the register 384, and key Si destruction, stored in the register 385, correspond to 0, all bits of the key i is a temporary variable that is output from the adder 386, also correspond to 0, and the action is essentially similar to the operation of the alternative case in which there is no key i temporary persetel through the device 374 subtracting the cryptogram is decrypted in scriptorama based on the cryptographic key, created this way, as described above. Since this cryptogram obtained through decryption in the first stage based on the key i temporary variable through an interface 49 1394, as described above, the full scriptorama here can be obtained by performing decryption in the second stage based on the key Ss of the initial value.

In the device 3 to the magneto-optical disks, when the cryptogram is decrypted in this way, as described above, the CPU 31 supplies the decrypted data to the drive 35 so that they can be recorded on the magneto-optical disk.

In the personal computer 2, the CPU 41 (section 61 of the application program) to send the data decrypted in this way, as described above, for example on the drive 47 on hard magnetic disks for recording. In the personal computer 2, although the expansion card 48 of the control data can be connected predefined fee for control data sent via the internal bus 51, since the element that can completely decrypt the data transmitted on the internal bus 51 is section 61 of the application program, even if the expansion card 48 can control the data for which the imp is being decryption based on the key's session), however, it is impossible to control data, completely decoded in scriptorama. Consequently, it is possible to prevent illegal copying.

It should be noted that the normal processing of the session key can be executed using, for example, the way Diffie-Hellman or etc.

It should be noted that in some other case, for example, when the interface 49 1394 or section 61 of the application program of the personal computer 2 has such a relatively low processing capabilities that it cannot perform decryption, if one or both of the session key and the temporary variable is formed from the neutral element on the side of the source, although they are used with a neutral element on the receiver side, the data transfer is possible essentially without the use of a session key and key temporary variable. However, when using this method increases the likelihood of illegal copying of data.

If the plot 61 of the application program is the result of unauthorized copying, there is a probability that the decoded data can be copied illegally. However, this can be prevented if section 61 of the application program identified by the license in addition to the usual cryptographic key, you can use a digital algorithm, using public key cryptography.

It is shown in Fig.11, 12 and 15-20 described above 1394 interfaces satisfy the relation of homomorphism. In particular, if the keys K1and K2are elements of the Galois field G, the Kg· Kg group operations provides an element of Galois field G. moreover, the following expression is satisfied for a predetermined function H:

N(K1·To2)=H(K1)· N(K2)

In Fig.21 shows an example of construction of the interface 26 1394. In the interface 26 1394 key's session is fed to shift registers 501-503 with linear feedback to perform the initialization. The sizes of n1-n3shift registers 501-503 with linear feedback are separately about 20 bits, with individual sizes of n1-n3are relatively simple. Accordingly, for example, for the key's session in the beginning establish senior n1bits for the shift register 501 with linear feedback, the next highest n2bits initially set to the shift register 502 with linear feedback and the next highest n3bits initially set to the shift register 503 l is a total operation on m bits, when the clocking function generates an enable signal, for example the logical value 1, and outputs the data of m bits. The value of m can be, for example, 8, 16, 32, 40 and so on.

The output signals of the shift register 501 with linear feedback and shift register 502 with linear feedback entered into the adder 504, through which they are added. Of the total value of the adder 504 transfer component is fed to the function 506 clocking, while the component of the sum is supplied to the adder 505, through which it is summed with the output signal of the shift register 503 with linear feedback. Transfer component adder 505 is fed to the function 506 clocking, while the component of the sum is fed to the circuit 508 "exclusive OR".

Since the combination of data supplied from the adder adder 504 and 505, represents one of the numbers 00, 01, 10 and 11, funkcija 506 clocking outputs data of one of the numbers 000-111 in accordance with a combination of data supplied to the shift registers 501-503 with linear feedback. Each of the shift registers 501-503 with linear feedback performs a shift operation on m bits and, when the input logical value of 1 displays the new data of m bits, and when you enter lcause OR" performs the exclusive OR operation for the component amounts the output from the adder 505 and key i temporary variable stored in the register 507, and outputs the calculation result to the schema 509 "exclusive OR". Scheme 509 exclusive OR performs the exclusive OR operation for the input scriptorama and enter the cryptographic key from the circuit 508 "exclusive OR", and outputs the calculation result in the form of a cryptogram.

In Fig.22 shows another example interface 36 1394 device 3 to the magneto-optical disks. As shown in Fig.22, the interface 36 1394 includes elements 601-609, which are similar to the elements 501-509, described above with reference to Fig.21, respectively. Therefore, to avoid redundancy, the description of similar elements is omitted. However, it is shown in Fig.22 interface 36 1394 differs from that shown in Fig.21 interface 26 1394 fact that while in the interface 26 1394 made the implementation of the encryption interface 36 1394 is performing decryption.

In Fig.23 shows an example of construction of the interface 49 1394 device 3 to the magneto-optical disks. As shown in Fig.23, the interface 36 1394 includes elements 701-709, similar elements 601-609, described above with reference to Fig.22, respectively. However, the key's session, originally is, in which all bits correspond to 0. In accordance with this, in this case, decryption is essentially the only key i temporary variable stored in the register 707.

In Fig.24 shows an example of construction of section 61 of the application program of the personal computer 2. As shown in Fig.24, section 61 of the application program includes elements 801-809, basically similar items 601-609, described above with reference to Fig.22, respectively. Section 61 of the application program differs from that shown in Fig.22 interface 36 1394 only to those that want to enter in the register 807 key temporary variable i is a neutral element in which all bits are 0. In accordance with this, in section 61 of the application program is generated cryptographic key, and performing decryption is performed only on the basis of key's session.

It should be noted that as shown in Fig.19, 20 and 24 processing is carried out by section 61 of the application program, it is executed by the software.

Although in the above description, the playback device 1 with CVP serves as a source, and a personal computer 2 and the device 3 to the magneto-optical disks serve as the zaimosvyazi different devices is also not limited to the 1394 bus, and instead, you can use various buses. Connected to the external bus of the electronic device is not limited to the above, and instead, you can connect any other device.

Based on the description of the invention, specialists in the art it should be clear that you can make many changes and modifications without changing the nature and scope of the invention as set forth in the present description.

Claims

1. Device encryption is designed to encrypt data using a cryptographic key that contains the first means of providing the first information, the second means providing second information, the means of generating the cryptographic key using the first information and the second information and a means of encrypting data using said cryptographic key, wherein said cryptographic key is changed with a predetermined clock when data is encrypted in accordance with the change of the specified second information.

2. Device encryption p. 1, characterized in that the said means forming provides the formation of the, even if the first information and the second information included in the specified cryptographic key used individually to sequentially decrypt the encrypted data.

3. Device encryption p. 1, characterized in that for generating the cryptographic key specified means of formation adds a second information value, the initial value which is the first information.

4. Device encryption p. 3, characterized in that the first information has a number of bits greater than the second information, and said means forming summarizes the second information bits in predefined locations in the first information, allocates bits in predefined locations of the summation and addition sums allocated bits for generating the cryptographic key.

5. Device encryption p. 4, characterized in that the said means of forming additional updates predefined bits of the summation with the additional summation of allocated bits.

6. Device encryption p. 5, characterized in that the said means of forming viber is sustained fashion specific constant for the formation of a cryptographic key.

7. Device encryption p. 1, characterized in that it further comprises a means for transferring data, the encrypted cryptographic key, to another device through a bus.

8. The encryption method used to encrypt the data using a cryptographic key that contains the following steps: providing first information, providing second information, generating the cryptographic key using the first information and second information, encrypt data using said cryptographic key, wherein said cryptographic key is changed with a predetermined clock when data is encrypted in accordance with the change of the specified second information.

9. Encryption method under item 8, characterized in that the produced formation homomorphisms cryptographic key.

10. Encryption method under item 8, characterized in that there is a specified cryptographic key, which enables the accurate result of the decryption, even if the first information and second information, which contain cryptographic key used individually for sequential decryption Shi is he the second information is added to the value the initial value which is the first information.

12. Encryption on p. 11, characterized in that the first information has a number of bits greater than the number of bits of the second information and the second information is added to the first bits of information in pre-defined locations, and in pre-defined locations are allocated bits of the summation, and these selected bits are additionally added for generating the cryptographic key.

13. Encryption method under item 12, wherein the pre-defined bits of the summation is updated with the additional summation of allocated bits.

14. Encryption method under item 13, wherein the predefined bits are optionally selected from the additional summation of allocated bits predefined constant for the formation of a cryptographic key.

15. Encryption method under item 8, additionally containing the phase data, the encrypted cryptographic key, to another device through a bus.

16. The decryption device that is designed to decrypt the data using crypto is information, second means providing a second information, the means of generating the cryptographic key using the first information and the second information, and the means of decrypting the received encrypted data using said cryptographic key, wherein said cryptographic key is changed with a predetermined clock when decrypting data in accordance with the change of the specified second information.

17. The decryption device under item 16, characterized in that the said means of forming includes first means forming a first cryptographic key using one of the specified first information and second information, and second means forming a second cryptographic key using another of the specified first information and second information, and the specified decrypting tool includes a first decryption tool for decrypting the encrypted data using the first cryptographic key and the second decryption tool to further decrypt the data decrypted by the specified first means for decrypting, using the second cryptographic key.

application software for processing the decoded data.

19. The decryption method that is designed to decrypt the data using a cryptographic key that contains the following steps: receiving the encrypted data, the first information providing second information, generating the cryptographic key using the first information and the second information, and decrypt the received encrypted data using said cryptographic key, wherein said cryptographic key is changed with a predetermined constant decrypt data in accordance with the change of the specified second information.

20. The decryption method according to p. 19, wherein the first cryptographic key is generated using the first information and the second information, and the second cryptographic key generated by using the other of the first information and the second information, and the encrypted data is first decrypted using the first cryptographic key, and these data decrypted using the first cryptographic key, optionally decrypted using the second cryptographic key.

21. The device decryption on p. 20 different software for processing the decoded data.

22. The information processing system containing multiple processors of information, United with each other, and the specified information-processing device includes a first device, information processing, each of which has the function, which is not open to the user, and the second device, information processing, each of which has the function, which is open to the user, with each of these first devices of information processing includes means receiving the encrypted data, the first means of providing the first information, the second means providing second information, the first means of generating the cryptographic key using the first information and the second information, and the means of decrypting the received encrypted data using said cryptographic key, wherein said cryptographic key is changed with a predetermined clock when decrypting data in accordance with the change of the specified second information, each of the identified second device information processing includes first means receiving the encrypted data, the first with the formation of the first cryptographic key using one of the specified first information and second information, moreover, the specified second information is changed with a predetermined clock when decrypting data, second means forming a second cryptographic key using the other of the specified first information and second information, and the means of decrypting the received encrypted data using said cryptographic key, wherein said cryptographic key is changed with a predetermined clock when decrypting data in accordance with the change of the specified second information, the second decrypting tool to further decrypt the data decrypted by the specified first means for decrypting, using the second cryptographic key.

23. The method of information processing for the information processing system consisting of a set of processing devices of information, United with each other, and the specified information-processing device includes a first device, information processing, each of which has the function, which is not open to the user, and the second device, information processing, each of which has the function, which is open to polzovateley data providing the first information, second information, the formation of a cryptographic key using the first information and the second information, and decrypting the received encrypted data using said cryptographic key, wherein said cryptographic key is changed with a predetermined clock when decrypting data in accordance with the change of the specified second information, and the steps that are performed by each of the second processing devices information, including receiving encrypted data, providing the first information, second information, the formation of the first cryptographic key using one of the specified first information and second information, the formation of the second cryptographic key, using another of the specified first information and second information, wherein said cryptographic key is changed with a predetermined clock when decrypting data in accordance with the change of the specified second information, and decrypting the received encrypted data using the first cryptographic key, and additional decryption decrypted Danto receiving the encrypted data, the means of formation, including the system software, for the formation of the first cryptographic key and the second cryptographic key, the first tool decrypt the encrypted data using one of the specified first cryptographic key and the second cryptographic key generated by the specified means of formation, and the second decrypting tool for additional decryption and data decrypted by the specified first means for decrypting, using another of these first cryptographic key and the second cryptographic key generated by the specified means of formation, wherein said second cryptographic key is changed when the decryption of the data.

25. The method of processing information, containing the following steps: receiving the encrypted data, the formation of the received data of the first cryptographic key and the second cryptographic key, decrypting the received encrypted data using one of the specified first cryptographic key and the second cryptographic key and decrypt the data using another the second cryptographic key is changed when the decryption of the data.

26. Device encryption is designed to encrypt data using a cryptographic key that contains the cipher tool, the first tool providing information, United with the specified cipher tool, the second tool providing information, United with the specified cipher tool, and a means of generating the cryptographic key, United with the specified encryption tool with which the tool encryption encrypts the data using a cryptographic key generated by the specified means of generating the cryptographic key in accordance with the first information, provided the first means of providing information and the second information is provided by the second means of providing information, moreover, the specified second information is changed in a predetermined time when data is encrypted.

27. Device encryption p. 26, characterized in that the said means of generating the cryptographic key generates a cryptographic key, which enables the accurate result of the decryption, even if the first information and second information, rovannykh data.

28. Device encryption p. 26, characterized in that the means of generating the cryptographic key adds a second information value, the initial value which is the first information.

29. Device encryption p. 20, characterized in that the first information has a number of bits greater than the number of bits of the second information, and the specified means of generating the cryptographic key adds a second information to the first bits of information in pre-defined locations, and allocates bits of the summation in pre-defined locations, and additional sums allocated bits for generating the cryptographic key.

30. Device encryption p. 29, characterized in that the said means of generating the cryptographic key additionally updates the result of the addition by adding additional bits allocated.

31. Device encryption p. 30, characterized in that the said means of generating the cryptographic key selects predefined bits from the result of adding additional bits allocated to the predefined constant for the formation of cryptog the transmission, United with the specified cipher tool, and the tool transfer data encrypted using a cryptographic key, to another device via the bus.

33. The decryption device that is designed to decrypt the data using a cryptographic key that contains the tool receiving, decrypting tool, coupled with means for receiving, the first means of providing information, United with the specified decrypting tool, the second tool providing information, United with the specified decrypting tool, and a means of generating the cryptographic key, United with the specified decrypting tool with which the specified decrypting tool, which decrypts the data received by the specified tool receiving, using a cryptographic key generated by the specified driver cryptographic key in accordance with the first information, provided the first means of providing information and the second information, provided with a second means of providing information, and the specified second information is changed in a predetermined time when the decryption Yes is the means of generating the cryptographic key includes a first shaper cryptographic key, coupled with the above first and second means of providing information for the formation of the first cryptographic key using one of the specified first information and second information, and the second shaper cryptographic key connected with these first and second means of providing information for the formation of the second cryptographic key using the other of the specified first information and second information, and a decrypting tool includes a first decryption section and the second section of the decryption, and the specified first decryption section decrypts the encrypted data using the first cryptographic key and the second decryption section decrypts the data decrypted by the first decryption section, using the second cryptographic key.

35. The decryption device according to p. 34, characterized in that the second decryption section formed from a software application intended to process the encrypted data.

36. The information processing system containing multiple processors of information, United with each other, and the device processing infinie which is not open to the user, and the second group of devices, information processing, each of which has the function, which is open to the user, each of these first devices of information processing includes a tool receiving, decrypting tool, which, United with the specified tool reception, the first means of providing information, United with the specified decrypting tool, the second tool providing information, United with the specified decrypting tool, and a means of generating the cryptographic key, United with the specified decrypting tool, whereby the tool decrypt decrypts data received by the specified tool receiving, using a cryptographic key, form specified by means of generating the cryptographic key in accordance with the first information, provided the first means of providing information and the second information is provided by the second means of providing information, and the specified second information is changed in a predetermined time when the decryption of data, each of the identified second device information processing includes a tool receiving, Pern with the specified decrypting tool, the first means of providing information, United with the specified tool reception, the second means of providing information, United with the specified receiver, the first means of generating the cryptographic key, United with the specified first and second means of providing information, and second means forming a cryptographic key that is United with the specified first and second means of providing information with which specified the first tool decrypt decrypts the data received by the specified tool receiving, using the first cryptographic key generated by a first imaging unit cryptographic key in accordance with one of the first information is provided by means of providing the first information and the second information, is provided by means of providing the second information, and the specified second decrypting tool, optionally decrypts the data pre-decoded first specified means of decryption using the second cryptographic key generated by the specified second means for generating the cryptographic key, in accordance the information is changed in a predetermined time when the decryption of the data.

37. The information-processing device that is designed to decrypt the data containing means, means forming a cryptographic key, comprising software, United with the specified tool reception, the first decrypting tool, which, United with the specified means of generating the cryptographic key with the specified tool, and the second decrypting tool, which, United with the specified means of generating the cryptographic key and the first decryption tool, using which the specified first decrypting tool, which decrypts the encrypted data received by the specified means of reception, in accordance with one of the first cryptographic key generated by the specified means of generating the cryptographic key, or the second cryptographic key generated by the specified means of generating the cryptographic key, and the specified second tool decrypt decrypts and processes the data previously decrypted specified by the first decrypting tool in accordance with another of the above first and second cryptographic keys, and the specified second cryptographic key is changed BP>

 

Same patents:

The invention relates to the field of telecommunications and computer technology and may find use in communication systems, computing and information systems for cryptographic close binary information when communicating

The invention relates to the field of telecommunications and computing, and more particularly to the field of cryptographic methods to protect information transmitted over telecommunication networks

The invention relates to the field of telecommunications and computing, and more particularly to the field of cryptographic methods to protect information transmitted over telecommunication networks

The invention relates to the field of telecommunications and computing, and more particularly to the field of cryptographic methods and devices for protecting information transmitted over telecommunication networks

The invention relates to a method of operating a communication network, mainly radio network packet data, which contains the station operator network and a lot of user stations

The invention relates to telecommunications and computing, and more particularly to cryptographic methods for data encryption

The invention relates to the field of telecommunications and computing, and more particularly to the field of cryptographic methods for data encryption

The invention relates to the field of cryptography, namely the formation of the encryption key/decryption and can be used as a separate element in the construction of symmetric cryptographic systems designed for transmission of encrypted voice, sound, TV, etc

FIELD: communication systems.

SUBSTANCE: system has receiver, transmitter, processing element, connected to receiver and transmitter and controlling receiver and transmitter, digital rights module, connected to processing elements and controlling operation of communication device in digital rights environment on domain basis, while digital rights module of communication device together with dispenser of domains of digital rights environment on domain basis is made with possible selective addition of communication device to domain, owning one or several communication devices, which together use a cryptographic key.

EFFECT: possible selective retrieval and decoding of digital content on basis of membership in a domain.

10 cl, 11 dwg

FIELD: data transfer technologies.

SUBSTANCE: device which should be transmission destination, is authenticated, and if device is not authorized, then encrypted data, read from memorizing device, are decoded to produce decoded data, which are then encrypted again on basis of data of specific device key, received from device, which should be transmission destination for receiving re-encrypted data. Re-encrypted data are then transferred to device, which should be transmission destination.

EFFECT: forbidden unauthorized copying of data.

8 cl, 13 dwg

FIELD: electric communications and computer engineering, in particular, methods and devices for cryptographic transformation of data.

SUBSTANCE: the essence of method is in generation of binary vector, appropriate for date and time of discontinuous message transfer, generation of binary vector of secret parameter, generator of binary identification vector and addition thereof to discontinuous message. Message is different from known methods because it includes additionally forming a random binary vector and binary vector of protection key, while binary vector of secret parameter is formed by double compressing of random binary vector, while binary identification vector is formed by transformation in circle of residue class by module p of binary vector, appropriate for data and time of transfer of discontinuous message and binary vector of secret parameter.

EFFECT: rejection of false messages, increased speed of process of confirming authenticity of discontinuous message.

1 dwg

FIELD: ciphering key transmission methods and systems.

SUBSTANCE: according to proposed method same information Kc is afforded for more than one receivers 1 pertaining to receiver group G; each receiver saves SAi information unambiguously assigned to the latter. Kc information is determined by expression Kc = f(K,biSAi), where f is desired function; K is information common to all receivers; b1 is information different for each receiver and for each value of information K. Each receiver is given access to information b1 prior to submitting information Kc. Information K is transferred to all receivers directly prior to submitting information Kc so that each receiver can calculate the latter using mentioned expression.

EFFECT: simplified design and enhanced response of system to piratical cards.

13 cl, 2 dwg

FIELD: data transmission.

SUBSTANCE: in accordance to the invention, data of content of input digital data is encrypted on basis of data of first key, which is then encrypted on basis of function, generated on basis of a random number, and data of second key, generated with usage of data of specific key of device and common key data. During decoding, encoded data is received, consisting of encrypted content data, encrypted first key data, random number and common key data, second key data is generated on basis of specific device key data and common key data, encrypted first key data is decoded on basis of generated second key data and function, generated on basis of random number, encrypted content data is decoded on basis of decoded data of first key.

EFFECT: unauthorized data copying is prevented.

2 cl, 13 dwg

FIELD: data transfer.

SUBSTANCE: in accordance to the invention, digital data are decoded, which are encrypted on basis of specific device key data, which is supposed to be transmission destination, data is extracted from decoded encrypted data, which is related to copying conditions, and recording of decoded encrypted data into recording device is performed on basis of extracted data, related to copy allowing conditions.

EFFECT: prevented unauthorized copying of data.

2 cl, 12 dwg

FIELD: information encryption.

SUBSTANCE: method includes forming quantum photonic status sequence on the transmitting station to encode encryption keys and transmission of these statuses via open space to receiving station; at that, the distance between the stations is previously measured and clock on both station is synchronised; then, transmitting station converts quantum photonic statuses to one- or multiphoton orthogonal statuses and measures their sending time, which is sent to receiving station; the receiving station measures receiving time of the one- or multiphotonic quantised statuses, determines delay value, using which decoding and eavesdropping are performed.

EFFECT: provision of encryption key security during its long-distance transmission via open space, provision of long-term stability and reducing error stream in transmitted encryption keys on receiving station.

3 dwg, 2 tbl

FIELD: information technology.

SUBSTANCE: system and the method of information protection in computer networks based on key distribution, includes numerous units and a trust centre (TC). All the units are connected with one another and with the TC by communication channels. Each unit of the network and the TC has executive processor circuit as well as memory. TC includes the pseudo-random number generator designed to generate long-term keys, key blocks, primary incidence sub-matrix of lower size for building the incidence matrix (IM) of the required size; to form half-weight columns with the required number of binary bits for building the IM of the required size on the basis of the primary lower-size sub-matrix, with the extension capacity of the IM depending on the number of the network units communicating to one another to transfer the formed key blocks to the network units involved in the data exchange process through the communication channels. One key block corresponds to each unit; the processor executive circuits of the network units form the common secret key in order to ensure confidentiality while exchanging information between the units.

EFFECT: simplification of the key distribution method.

10 cl, 2 dwg

FIELD: information systems.

SUBSTANCE: invention refers to the data processing systems and, particularly, to the methods and devices providing cryptographic protection in the data processing system. The broadcasting key, renewed through a long lapse of time, is encrypted using a registration key and is periodically supplied to a user. The key with a short-time renewal is encrypted using the broadcasting key. The short-time key is available with each broadcasting message, thereat the information, sufficient for calculating the short-time key, is provided in the internet protocol header preceding to the broadcasting content. The broadcasting messages are then encrypted using the short-time key, thereat the user encrypts a broadcasting message using this short-time key.

EFFECT: creation of protected and efficient method of keys renewal in the data processing system.

24 cl, 30 dwg

FIELD: information technologies.

SUBSTANCE: invention refers to data transmission, specifically to effective cryptographic data transmission in real-time security protocol. Transmitting terminal can be used for data decoding with session key received from bitstream. Bitstream can be transmitted with head information to transmitting terminal. To maintain bandwidth the information can be divided into parts, and each part is transmitted with encrypted data package. Transmitting terminal can be used for restoration of bitstream from information parts comprising package headers, and use of bitstream for session key receiving. Session key can be used for data decoding.

EFFECT: higher cryptographic security of transferred data.

24 cl, 6 dwg

Up!