U.S. patent application number 11/325468 was filed with the patent office on 2006-07-13 for authentication method, encryption method, decryption method, cryptographic system and recording medium.
Invention is credited to Kun Suk Kim, Kang Soo Seo, Jea Yong Yoo.
Application Number | 20060155991 11/325468 |
Document ID | / |
Family ID | 37172374 |
Filed Date | 2006-07-13 |
United States Patent
Application |
20060155991 |
Kind Code |
A1 |
Kim; Kun Suk ; et
al. |
July 13, 2006 |
Authentication method, encryption method, decryption method,
cryptographic system and recording medium
Abstract
An authentication method, encryption method, decryption method,
cryptographic system and recording medium are disclosed. The
present invention includes the steps of decrypting authentication
information and a content provider's public key stored in a
certificate signed by a certificate authority with a public key of
the certificate authority to authenticate the content provider
using the decrypted authentication information and authenticating
the public key of the content provider by checking the decrypted
public key of the content provider. And, the present invention
provides the encryption method includes the steps of encrypting
content data with a secret key, encrypting the secret key with a
public key, and transferring the encrypted content data and the
encrypted secret key.
Inventors: |
Kim; Kun Suk; (Anyang-si,
KR) ; Yoo; Jea Yong; (Seoul, KR) ; Seo; Kang
Soo; (Anyang-si, KR) |
Correspondence
Address: |
HARNESS, DICKEY & PIERCE, P.L.C.
P.O. BOX 8910
RESTON
VA
20195
US
|
Family ID: |
37172374 |
Appl. No.: |
11/325468 |
Filed: |
January 5, 2006 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
60641779 |
Jan 7, 2005 |
|
|
|
Current U.S.
Class: |
713/168 |
Current CPC
Class: |
G11B 2220/2541 20130101;
G11B 20/0021 20130101; H04L 9/3249 20130101; H04L 9/3268 20130101;
H04L 2209/38 20130101; G11B 20/00086 20130101; H04L 2209/60
20130101 |
Class at
Publication: |
713/168 |
International
Class: |
H04L 9/00 20060101
H04L009/00 |
Foreign Application Data
Date |
Code |
Application Number |
Nov 25, 2005 |
KR |
10-2005-0113647 |
Nov 25, 2005 |
KR |
10-2005-0113648 |
Claims
1. An authentication method comprising the steps of: decrypting
authentication information and a content provider's public key
stored in a certificate signed by a certificate authority with a
public key of the certificate authority to authenticate the content
provider using the decrypted authentication information; and
authenticating the content provider's public key by checking the
decrypted public key of the content provider.
2. The authentication method of claim 1, further comprising the
step of checking whether the certificate is valid before performing
authentication.
3. The authentication method of claim 1, wherein the authentication
information and the content provider's public key are encrypted
using a private key of the certificate authority.
4. The authentication method of claim 1, wherein the certificate is
one of a plurality of certificates in a certificate chain.
5. The authentication method of claim 1, wherein the certificate is
stored as a file in a recording medium.
6. The authentication method of claim 5, wherein the file exists in
a directory storing certificates only within the recording
medium.
7. The authentication method of claim 1, wherein the certificate is
a certificate downloaded from an outside of a recording medium.
8. The authentication method of claim 1, wherein the certificate
follows X.509 of a public key infrastructure (PKI).
9. The authentication method of claim 1, wherein the certificate is
a certificate used in authenticating data stored within a recording
medium.
10. The authentication method of claim 1, wherein the certificate
is a root certificate used in authenticating an application within
a recording medium and/or a local storage.
11. The authentication method of claim 1, wherein the certificate
is a root certificate used in verifying a signature located at a
signature file of a binding unit associated with a recording medium
within a local storage.
12. A recording medium comprising: a data area storing content
data; and an authentication management area storing authentication
information, wherein a certificate generated from encrypting
authentication information and a content provider's public key is
stored in the authentication management area.
13. The recording medium of claim 12, wherein a private key of a
certificate authority is used in encrypting the authentication
information and the public key.
14. The recording medium of claim 13, wherein the certificate is
one of a plurality of certificates in a certificate chain.
15. The recording medium of claim 12, wherein the certificate
exists in a directory storing the certificates only within a file
structure within the recording medium.
16. The recording medium of claim 12, wherein the certificate is a
certificate used for authentication of data within the recording
medium.
17. The recording medium of claim 12, wherein the certificate is a
root certificate used for authentication of an application within
the recording medium.
18. The recording medium of claim 12, wherein the certificate is a
root certificate used in verifying a signature located at a
signature file of a binding unit associated with the recording.
19. The recording medium of claim 12, wherein the certificate
follows X.509 of a public key infrastructure (PKI).
20. An encryption method comprising the steps of: encrypting
content data with a secret key; encrypting the secret key with a
public key; and transferring the encrypted content data and the
encrypted secret key.
21. The encryption method of claim 20, wherein the public key
belongs to an optical terminal.
22. The encryption method of claim 20, wherein the public key
belongs to a content provider.
23. The encryption method of claim 20, wherein the content data is
encrypted by AES algorithm.
24. The encryption method of claim 20, wherein the content data is
encrypted by DES algorithm.
25. The encryption method of claim 20, wherein the secret key is
encrypted by RSA cryptographic algorithm.
26. The encryption method of claim 20, wherein the public key is
distributed by a handshake process between a content provider and
an optical player.
27. The encryption method of claim 20, wherein the secret key
comprises a session key.
28. The encryption method of claim 27, wherein the session key is
generated by using random data.
29. A decryption method comprising the steps of: receiving an
encrypted secret key and encrypted content data; decrypting the
encrypted secret key; and decrypting the encrypted content data
using the decrypted secret key.
30. The decryption method of claim 29, wherein the encrypted secret
key is decrypted using a private key of an optical player.
31. The decryption method of claim 29, wherein the encrypted secret
key is decrypted using a private key of a content provider.
32. The decryption method of claim 29, wherein the encrypted secret
key is decrypted by RSA cryptographic algorithm.
33. The decryption method of claim 29, wherein the encrypted
content data is decrypted by AES algorithm.
34. The decryption method of claim 29, wherein the encrypted
content data is decrypted by DES algorithm.
35. The decryption method of claim 29, wherein the secret key
comprises a session key.
36. The decryption method of claim 35, wherein the session key is
generated through random data.
37. A cryptographic system comprising: an encryption system
encrypting content data with a secret key, the encryption system
encrypting the secret key with a public key, the encryption system
transferring the encrypted content data and the encrypted secret
key; and a decryption system receiving the encrypted secret key and
the encrypted content data, the decryption system decrypting the
encrypted secret key, the decryption system decrypting the
encrypted content data using the decrypted secret key.
Description
[0001] This application claims the benefit of the Korean Patent
Application No. 10-2005-0113647, filed on Nov. 25, 2005, and No.
10-2005-0113648, filed on Nov. 25, 2005, which are hereby
incorporated by reference as if fully set forth herein.
[0002] This application claims the benefit of the U.S. Provisional
Application No. 60/641,779, filed on Jan. 7, 2005, in the name of
inventor Kun Suk KIM, entitled "METHOD FOR SECURITY AND
CERTIFICATIOND OF DIGITAL CONTENTS", which is hereby incorporated
by reference as if fully set forth herein.
BACKGROUND OF THE INVENTION
[0003] 1. Field of the Invention
[0004] The present invention relates to an authentication method,
encryption method, decryption method, cryptographic system and
recording medium.
[0005] 2. Discussion of the Related Art
[0006] Recently, a new high-density recording medium, e.g., Blu-ray
disc (hereinafter abbreviated BD) has been developed to store video
data of high image quality and audio data of high sound quality for
long duration.
[0007] The BD as a next generation recording medium technology is a
next generation optical record solution provided with data
remarkably surpassing that of a conventional DVD. And, many efforts
are made to research and develop the BD together with other digital
devices.
[0008] Moreover, many efforts are made to research and develop an
optical record player with the application of the BD
specifications. Since a security scheme in the BD has not been set
up, the development and utilization of a complete optical record
player still have difficulty in fact.
[0009] Besides, the above-explained recording medium is provided
with a networking function to enable a CA and a user to exchange
information with each other on a network. In this case, it is a
problem that a clear method of verifying whether the CA and user
are trusted has not been settled yet.
[0010] An object of the present invention is to provide security to
a high-density optical recording medium using a public key
infrastructure (PKI) that is currently and widely used.
[0011] Another object of the present invention is to provide a
certificate to a user on a network using the public key
infrastructure (PKI).
[0012] To achieve theses objects, the public key infrastructure is
used. FIG. 1 is a flowchart of an authentication method using the
public key infrastructure. In the public key infrastructure (PKI),
a public key and a private key are used.
[0013] The public key is made available to everyone via a publicly
accessible repository or director. In case of attempting to encrypt
and transmit information, the information is encrypted using the
public key and the encrypted information is then transmitted. On
the other hand, the private key is a key left as a secret to each
owner. Because the key pair is mathematically related, whatever is
encrypted with a public key may only be decrypted by its
corresponding private key, and vice versa.
[0014] In FIG. 1, authentication information 101 is encrypted via
an encryption algorithm 102 using a private key 106 of a trusted
certificate authority (CA). A cipher text 103 generated from the
encryption is decrypted via a decryption algorithm 104 using a
public key 107 of the trusted CA. And, a person to be authenticated
is authenticated using an authentication information 105 obtained
from a result of the decryption.
[0015] Positions of the private and public keys 106 and 107 shown
in FIG. 1 can be switched to each other. In this case, the
authentication information is encrypted with the public key and the
encrypted authentication information is decrypted with the private
key to obtain the authentication information.
[0016] Meanwhile, according to the developments of a recording
medium and a network such as Internet, problems including hacking
and the like are raised. Even if security technologies including
various authentication methods using certificates are developed, a
safe security technology of a new high-density optical recording
medium is not determined yet. In particular, since a clear and
efficient method of authenticating such a server as a CP does not
exist in the BD, a security problem still remains unsolved.
[0017] The present invention, which is proposed to solve the
problem, provides an authentication method using a certificate and
a recording medium storing the certificate. And, the present
invention provides an encryption method using a secret key, a
decryption method and a cryptographic system.
[0018] According to the present invention, a true content provider
(CP) and data provided from the content provider are protected as
well as a user's playback system. Hence, security can be provided
to a new high-density optical recording medium.
SUMMARY OF THE INVENTION
[0019] Accordingly, the present invention is directed to an
authentication method, encryption method, decryption method,
cryptographic system and recording medium that substantially
obviate one or more problems due to limitations and disadvantages
of the related art.
[0020] An authentication method according to the present invention
proposed to solve the above-explained problem is characterized in
using a certificate. The certificate is a certificate signed by a
certificate authority. And, authentication information and a
content provider's public key are stored in the certificate.
[0021] Additional advantages, objects, and features of the
invention will be set forth in part in the description which
follows and in part will become apparent to those having ordinary
skill in the art upon examination of the following or may be
learned from practice of the invention. The objectives and other
advantages of the invention may be realized and attained by the
structure particularly pointed out in the written description and
claims hereof as well as the appended drawings.
[0022] To achieve these objects and other advantages and in
accordance with the purpose of the invention, as embodied and
broadly described herein, an authentication method according to the
present invention includes the steps of decrypting authentication
information and a content provider's public key in a certificate
signed by a certificate authority with a public key of the
certificate authority to authenticate the content provider using
the decrypted authentication information and authenticating the
content provider's public by checking the decrypted public key of
the content provider.
[0023] For example, the authentication method further includes the
step of checking whether the certificate is valid before performing
authentication.
[0024] For example, the encrypted authentication information and
the content provider's public key are encrypted using a private key
of the certificate authority.
[0025] For example, the certificate is one of a plurality of
certificates in a certificate chain.
[0026] For example, the certificate is stored as a file in a
recording medium.
[0027] For example, the file exists in a directory storing the
certificate only within the recording medium.
[0028] For example, the certificate is a certificate downloaded
from an outside of a recording medium.
[0029] For example, the certificate follows X.509 of a public key
infrastructure (PKI).
[0030] For example, the certificate is a certificate used in
authenticating data stored within a recording medium.
[0031] For example, the certificate is a root certificate used in
authenticating an application within a recording medium and/or a
local storage.
[0032] For example, the certificate is a root certificate used in
verifying a signature located at a signature file of a binding unit
associated with a recording medium within a local storage.
[0033] In another aspect of the present invention, a recording
medium includes a data area storing content data and an
authentication management area storing authentication information,
wherein a certificate generated from encrypting the authentication
information with a public key of a content provider is stored in
the authentication management area.
[0034] For example, a private key of a certificate authority is
used in encrypting the authentication information.
[0035] For example, the certificate is one of a plurality of
certificates in a certificate chain.
[0036] For example, the certificate exists in a directory storing
the certificate only within a file structure within the recording
medium.
[0037] For example, the certificate is a certificate used for
authentication of data within the recording medium.
[0038] For example, the certificate is a root certificate used for
authentication of an application within the recording medium.
[0039] For example, the certificate is a root certificate used in
verifying a signature located at a signature file of a binding unit
associated with the recording medium within a local storage.
[0040] For example, the certificate follows X.509 of a public key
infrastructure (PKI).
[0041] In another aspect of the present invention, an encryption
method includes the steps of encrypting content data with a secret
key, encrypting the secret key with a public key, and transferring
the encrypted content data and the encrypted secret key.
[0042] For example, the public key belongs to an optical
terminal.
[0043] For example, the public key belongs to a content
provider.
[0044] For example, the content data is encrypted by AES
algorithm.
[0045] For example, the content data is encrypted by DES
algorithm.
[0046] For example, the secret key is encrypted by RSA
cryptographic algorithm.
[0047] For example, the public key is distributed by a handshake
process between a content provider and a optical player.
[0048] For example, the secret key includes a session key.
[0049] For example, the session key is generated by using random
data.
[0050] In another aspect of the present invention, a decryption
method includes the steps of receiving an encrypted secret key and
encrypted content data, decrypting an encrypted secret key and
decrypting encrypted content data using the decrypted secret
key.
[0051] For example, the encrypted secret key is decrypted using a
private key of an optical player.
[0052] For example, the encrypted secret key is decrypted using a
private key of a content provider.
[0053] For example, the encrypted secret key is decrypted by RSA
cryptographic algorithm.
[0054] For example, the encrypted content data is decrypted by AES
algorithm.
[0055] For example, the encrypted content data is decrypted by DES
algorithm.
[0056] For example, the secret key includes a session key.
[0057] For example, the session key is generated by using random
data.
[0058] In a further aspect of the present invention, a
cryptographic system includes an encryption system encrypting
content data with a secret key, the encryption system encrypting
the secret key with a public key, the encryption system
transferring the encrypted content data and the encrypted secret
key and a decryption system receiving the encrypted secret key and
the encrypted content data, the decryption system decrypting the
encrypted secret key, the decryption system decrypting the
encrypted content data using the decrypted secret key.
[0059] It is to be understood that both the foregoing general
description and the following detailed description of the present
invention are exemplary and explanatory and are intended to provide
further explanation of the invention as claimed.
BRIEF DESCRIPTION OF THE DRAWINGS
[0060] The accompanying drawings, which are included to provide a
further understanding of the invention and are incorporated in and
constitute a part of this application, illustrate embodiment(s) of
the invention and together with the description serve to explain
the principle of the invention. In the drawings:
[0061] FIG. 1 is a flowchart of an authentication method using a
public key infrastructure according to a related art;
[0062] FIG. 2 is a diagram of a security infrastructure in a
recording medium according to the present invention;
[0063] FIG. 3 is a schematic diagram of a generation of a
certificate according to the present invention;
[0064] FIG. 4 is a diagram of a certificate chain used in an
authentication method according to the present invention;
[0065] FIG. 5 is a diagram of a file structure of a recording
medium according to the present invention, in which a certificate
according to the present invention is stored in the recording
medium;
[0066] FIG. 6 is a flowchart of an authentication method using a
certificate within a recording medium according to the present
invention;
[0067] FIG. 7 is a diagram of an authentication method in a network
according to the present invention;
[0068] FIG. 8 is a diagram of an authentication method in a network
according to the present invention;
[0069] FIG. 9 is a flowchart of an SSL handshake according to one
embodiment of the present invention;
[0070] FIG. 10 is a diagram for an encryption method using a secret
key according to the present invention; and
[0071] FIG. 11 is a flowchart of an encryption and decryption
method using a secret key and a public key according to the present
invention.
DETAILED DESCRIPTION OF THE INVENTION
[0072] Reference will now be made in detail to the preferred
embodiments of the present invention, examples of which are
illustrated in the accompanying drawings. Wherever possible, the
same reference numbers will be used throughout the drawings to
refer to the same or like parts.
[0073] First of all, a digital authentication method in a recording
medium according to one preferred embodiment of the present
invention and a digital authentication method on a network
according to one preferred embodiment of the present invention will
be explained with reference to the attached drawings as
follows.
[0074] FIG. 2 is a diagram of a security infrastructure in a
recording medium according to the present invention.
[0075] First of all, storage resources such as PlayList, AV clips
and the like and network resources are stored in a recording medium
according to the present invention.
[0076] These resources need to be protected against an unauthorized
entity such as a hacker and the like. For this, authentication, key
generation & distribution, a certificate issued by a trusted
certificate authority, encryption/decryption and the like are
used.
[0077] The present invention relates to an authentication method in
a recording medium using certificates signed by a trusted
certificate authority (hereinafter abbreviated CA) and a recording
medium storing the certificates.
[0078] Referring to FIG. 2, a trusted root CA 202 verifies and
certifies authenticity of an AACS (advanced access content system)
or CPS (content protection system) 201. The AACS or CPS 201
verifies to certify authenticities of CAs 204, 205 and 206. In this
case, the AACS or CPS 201 becomes the trusted CA 202 by itself to
certify content providers 204, 205 and 206 as well.
[0079] The certification is carried out by certificates. A
certificate is an electronic document attached to a public key by a
trusted third party or CA (AACS or CPS), which provides proof that
the public key belongs to a legitimate owner and has not been
compromised. Certificates are issued by CAs (certificate
authorities) and are signed with the CA's private key. Furthermore,
the certificates are used in proving AACS, CPS or CPs' identities
or rights.
[0080] Certificates bind an identity to a pair of keys that can be
used in encrypting and signing information. A certificate makes it
possible to verify someone's claim that he has the right to use a
given key, thereby preventing people from using phony keys to
impersonate other users.
[0081] Besides, a certificate may contain version, serial number,
signature algorithm, issuer, valid from, valid to, subject, public
key, CA's signature and the like.
[0082] Certificates can be stored in a recording medium to be
provided to a user. Certificates can be supplied to the user 203
from a CP via a network outside the recording medium.
[0083] FIG. 3 is a schematic diagram of a generation of a
certificate according to the present invention.
[0084] Referring to FIG. 3, a certificate 305 is generated by
encrypting authentication information 301 for an authentication
target and a CP's public key 302 via a signature algorithm 303.
[0085] In particular, a digest of the authentication information
301 and the CP's public key 302 is calculated using a hash
function. The digest is encrypted with a CA's private key to
generate a digital signature. The digital signature is then stored
to generate the certificate 305.
[0086] Besides, the encryption using the private key via the
signature algorithm is called `sign`.
[0087] Digital signature functions for electronic documents like a
handwritten signature does for printed documents. The signature is
an unforgeable piece of data that asserts that a named entity wrote
or otherwise agreed to the document to which the signature is
attached. In other words, digital signatures enable
"authentication" of digital messages, assuring user of both the
identity of CP and the integrity of the messages. One who having a
secret key can make a signature only and has to prove the person
who signed is the person in question. And, the signed data cannot
be changed.
[0088] The signature algorithm 303 can employ various cryptographic
algorithms such as RSA (Rive-Shamir-Adelman), DSA (digital
signature algorithm) and the like. Currently, the RSA is the most
popular algorithm used as a public key cryptographic algorithm
performing encryption using public and private keys. The RSA
performs encryption with the private key. Yet, the RSA is safe in
performing encryption with a public key as well. Hence, the RSA
enables encryption with the private or public key. The DSA is
similar to the RSA. Yet, unlike the RSA, the DSA is a cryptographic
algorithm that does not need an original message.
[0089] Besides, the authentication information may correspond to
the digital signature of the CP. In this case, the CP's private key
can be used for the generation of the CP's digital signature.
[0090] Moreover, the authentication information may correspond to a
specific message that the trusted CA certifies authenticity of the
CP or the CP's public key.
[0091] A private key 304 of the trusted CA can be used for
encryption of the authentication information and the CP's public
key 302. The trusted CA corresponds to a trusted third party, an
AACC, a CPS or another CA. If necessary, the CP can become the
trusted CA by itself.
[0092] The generated certificate 305 is stored in a specific area
of a recording medium to be used or can be used for a place that
needs the certificate on a network. A user, e.g., a BD terminal
decrypts the digital signature included in the certificate 305
using the CA's public key to obtain the authentication information
and the CP's public key.
[0093] Besides, if there is no public key corresponding to the CA's
private key used for the encryptions of the authentication
information and the CP's public key, it is unable to decrypt the
authentication information and the CP's public key in the
certificate. Namely, it is unable to authenticate the CP and the
CP's public key.
[0094] The BD terminal can authenticate the CP from the decrypted
authentication information. The authentication of the CP using the
authentication information can be executed in various ways. For
instance, a digest is computed by applying the hash function to the
authentication information and the CP's public key, the digest is
encrypted, and the encrypted digest is then transferred as well as
the non-encrypted authentication information and CP's public key.
The encrypted digest is decrypted. The hash function is applied to
the non-encrypted authentication information and CP's public key to
compute the digest. The decrypted digest is compared to the
hash-function-applied digest. If the former is equal to the latter,
the authentication is completed. Otherwise, the authentication is
not completed.
[0095] Moreover, having been encrypted using the CP's private key,
the authentication information can be sent to a user together with
the CP's public key corresponding to the private key. In this case,
the signature algorithm is applicable to the encryption that uses
the CP's private key. And, the digital signature generated from the
signature algorithm becomes the CP's digital signature. The digital
signature is encrypted using a private key of the trusted CA
certifying the authenticities of the CP's identity and the CP's
public key to be provided to a user together with the CP's public
key.
[0096] Besides, the authentication in the present invention means a
confirmation of a CP's authenticity or a confirmation of an
authenticity of the public key generated from the CP or BD
terminal. The CP is an entity providing data or a specific function
to the BD terminal via a recording medium or network. The
authentication can be used in checking integrity of the data
provided by the CP and in checking authenticity of the CP or public
key.
[0097] Namely, the certificate 305 according to the present
invention is used in authenticating a user's public key by using
other (CA's) public key. In other words, the certificate provides
proof that the CP's public key 302 belongs to a legitimate owner
and has not been compromised. The CP and BD terminal generate their
private/public key pairs and get certificates through the trusted
CA.
[0098] Besides, the CP's public key 302 can be used for the purpose
of encryption and the like executed after the authentication as
well as for the purpose of the above-explained authentication.
[0099] In providing content to a user, the CP can sign the content
and can enclose a certificate to certify a user that the content is
actually sent by the CP.
[0100] FIG. 4 is a diagram of a certificate chain used in an
authentication method according to the present invention.
[0101] First of all, multiple certificates can be enclosed with
content, forming a hierarchical chain, wherein one certificate
testifies to the authenticity of a previous certificate. At the end
of a certificate hierarchy is a root CA that is trusted without a
certificate form any other CA. Certificates are stored in a key
database that is placed in a recording medium or BD terminal.
[0102] Referring to FIG. 4, a trusted root CA can perform a
certification 402 of the authenticity of an AACS, a certification
403 of the authenticity of a CPS or a certification 404 of the
authenticity of another CA. As a proof for this, the trusted root
CA issues each certificate. The AACS, CPS or another CA can
independently certify the authenticities of infrastructures such as
a BD terminal, a CP and the like (402-1, 402-2, 402-3). Such a
structure is called a certificate chain.
[0103] Besides, the certification may include a certification for
private/public key pairs generated from the BD terminal and/or
CPs.
[0104] There exists no higher CA that can certify the trusted CA in
the certificate chain. In this case, the trusted root CA certifies
itself (401) to issue a certificate that corresponds to a root
certificate 401.
[0105] Each of the CAs composes a certificate revocation list
(CRL). In authenticating the CP or the CP's public key by receiving
a downloaded certificate revocation list, a CP or user checks
whether a certificate to be used for authentication is revoked. If
the certificate to be used for the authentication is revoked, the
authentication is not completed.
[0106] The certificate generated through the certificate chain is
stored as a file format in a specific area of a recording medium.
The certificate can be used for authentication or can be downloaded
to a player from an outside of the recording medium. And, the
certificate can be used for authentication of the BD terminal or CP
on a network.
[0107] FIG. 5 is a diagram of a file structure of a recording
medium according to the present invention, in which certificates
generated from the process in FIG. 3 are stored in the recording
medium.
[0108] Referring to FIG. 5, in a recording medium according to the
present invention, at least one BDMV directory 502 and a directory
storing a certificate, e.g., a CERTIFICATE directory 507 exist
below one root directory 501.
[0109] The BDMV directory 502 includes an index file ("index.bdmv")
503 as general (upper) file information to secure interactivity
with a user, a movie object file ("MovieObject.bdmv") 504, a
PLAYLIST directory 505 having information of data substantially
recorded within a disc and information reproducing the recorded
data, a CLIPINF directory 506 and the like.
[0110] Besides, at least one or more certificates can exist within
a recording medium. And, a position and directory name of the
CERTIFICATE directory 507 are exemplarily shown in the drawing.
Regardless of the name and position, a file or directory, in which
data used for authentication of data associated with a recording
medium according to the present invention is stored, are included
in the present invention.
[0111] The certificate can exist within the CERTIFICATE directory
507 a various way. And, each data is authenticated using the
corresponding certificate. For instance, files including
"content000.crt" as a certificate used for authentication of data
recorded within a recording medium, "app.discroot.crt" as a trusted
root certificate used for authentication of application,
"bu.discroot.crt" as a certificate used in verifying a signature
located at "Binding Unit Signature file", and the like can exist
within the CERTIFICATE directory.
[0112] FIG. 6 is a flowchart of an authentication method using a
certificate within a recording medium according to the present
invention.
[0113] Referring to FIG. 6, to use in verifying authenticity of a
CP or CP's public key, the CP generates a certificate by encrypting
authentication information of an authentication target and the CP's
public key with CA's private key (601). The generated certificate
is then recorded in a recording medium (602). A user, e.g., a BD
terminal decrypts the encrypted authentication information and CP's
public key within the certificate with CA's public key (603). The
CP is then authenticated by the authentication information obtained
as a result of the decryption. And, it can be confirmed that the
CP's public key belongs to a legitimate owner by the decrypted CP's
public key. Namely, by the decrypted authentication information and
CP's public key, the CP and the CP's public key are
authenticated.
[0114] In this case, as mentioned in the foregoing description, the
CA corresponds to a trusted certificate authority of a third party,
an AACS or a CPS. In encrypting the data with the CA's private key
(601), such a signature algorithm as RSA, DSA and the like can be
used.
[0115] According to the explained flowchart shown in FIG. 6, a
user, e.g., a BD terminal can authenticate the CP to confirm that a
provided content is not illegally copied but is provided from an
authentic CP. Moreover, it can be confirmed that the CP's public
key belongs to a legitimate owner.
[0116] As mentioned in the foregoing description, the
above-generated certificate may be stored in a recording medium to
be usable or may be provided to a user from a CP via a network.
[0117] FIG. 7 is a diagram of an authentication method in a network
according to the present invention, in which a CP is authenticated
on a network for example.
[0118] Referring to FIG. 7, as mentioned in the foregoing
description; a trusted root CA 702 authenticates an AACS or CPS
701. The AACS or CPS 701 can issue certificates certifying CPs 704
and 705, respectively.
[0119] A disguised site 706 can disguise its public key as that of
the CP 704 or 705 from a BD terminal 703 on a network. In this
case, if there is no certificate of the trusted root CA 702, the BD
terminal 703 trusts and uses a public key of the disguised site 706
as an authentic public key of the CP 704 or 705 and may provide
important information to the disguised site 706. To prevent the
danger on a network, needed is a certificate that the trusted CA
701 or 702 certifies the authenticity of the CP 704 or 705.
[0120] Since the certificate may include a public key of the CP 704
or 705 certified by the trusted CA 701 or 702, the BD terminal 703
can sagely use the public key of the CP 704 or 705.
[0121] Moreover, FIG. 7 shows a process of downloading the
certificate of the CP1 704 to the BD terminal 703 via the network
using an SSL (secure socket layer) or TLS (transport layer
security). In this case, the disguised site 706 can act as the CP1
704. Yet, since the CP1 704 has to provide the BD terminal 703 with
the certificate from the trusted root CA 702 or the AACS or CPS
701, a user can be protected against the disguised site 706.
Furthermore, the authentic CPs can be protected in a manner that
the disguised site is made not to disguise itself as the authentic
CP.
[0122] Besides, the CP can be a specific server. And, the BD
terminal is explained as an example of a device for recording or
playing a high-density optical recording medium. Hence, the present
invention is applicable to the device for recording or playing the
high-density optical recording medium as a client communicating
with the server.
[0123] FIG. 8 is a diagram of an authentication method in a network
according to the present invention.
[0124] Referring to FIG. 8, a certificate is generated by
encrypting authentication information of a CP as an authentication
target and the CP's public key with a trusted CA's private key to
authenticate the CP on a network (801). The certificate encrypted
by the CA's private key is called a certificate signed by the CA.
If a user, e.g., BD terminal requests a certificate of the CP via
the network (802), the CP transfers the certificate via the network
(803). The transferred certificate is decrypted with the CA's
public key by the BD terminal (804). By the decrypted
authentication information and CP's public key, the CP and the CP's
public key are authenticated (805).
[0125] Besides, the authentication information may correspond to
the content of certifying authenticity of the CP by itself. In some
cases, the authentication information may correspond to information
necessary for the authentication of the CP. For instance, the
authentication information may become a digital signature generated
via signature algorithm performed on specific data about the CP
using the CP's private key. The CP's public key that is encrypted
to be transferred together may be a public key corresponding to the
CP's private key.
[0126] Hence, the certificate of the present invention certifies
the authenticity of the CP that provides specific data or function
and provides a proof that the CP's public key belongs to the
CP.
[0127] A recording medium, which is provided with a networking
function, can provide additional data to a user from a VP via a
network. In this case, the authentication method according to the
present invention enables the additional data to be trusted as
provided from an authentic CP.
[0128] Besides, a process that a user requests a certificate of a
CP (802) and a process that the CP delivers the certificate via a
network (803) can be achieved through an SSL (secure sockets layer)
or TLS (transport layer security) handshake process. Generally, the
SSL supports a hash function such MD-5 and SHA-1 to generate a
message authentication code to check integrity of authentication
information.
[0129] FIG. 9 is a flowchart of an SSL handshake according to one
embodiment of the present invention.
[0130] The SSL, which is a data transport protocol, enables
authentication and confirmation of integrity of a message. And, the
SSL enables a secret key exchange function between an Internet
browser and an Internet server. Though this, security of a network
for a playback system is secured.
[0131] In the SSL, a parameter of an encryption message should be
compromised. For this, a player, e.g., a BD terminal delivers a
client_hello message to a CP (903). The client_hello message
includes SSL version, random data, session ID, supported cipher
suites and the like.
[0132] The CP 902 transfers a server_hello message, a certificate
of CP and key exchange information of CP to the BD terminal 902
(904). The server_hello message includes SSL version, random data,
session ID, supported cipher suites and the like. Through this, the
BD terminal 901 and the CP 902 compromise the cipher suite to use
with each other. Besides, the client_hello and server_hello
messages are not limited to the formats explained in the embodiment
of the present invention shown in FIG. 9.
[0133] Since a public key of the CP 902 certified by the trusted CA
is included in the certificate, the BD terminal 901 can use the
public key of the CP certified by the trusted CA.
[0134] The BD terminal 901 transfer the key exchange information
including the random data encrypted using the CP's public key and
the compromised suites to the CP 902 (905). The encryption using
the public key employs the RSA scheme for example. The BD terminal
901 and the CA 902 share a secret key such a session key using the
random data.
[0135] The CP 902 sends the compromised cipher suites back to the
BD terminal 901 (906). Through this, as the BD terminal 901 and the
CP 902 share the same secret key, a secure channel is established
(907).
[0136] Besides, the cipher suite is a set of cryptographic
algorithms. Algorithms from a cipher suite are used in creating
keys and in encrypting information. A cipher suite specifies one
algorithm for each of the key exchange, the bulk encryption and the
message authentication. Key exchange algorithms protect information
required for creating shared keys. Bulk algorithms encrypt messages
exchanged between clients and servers. And, message authentication
algorithms generate message hashes and signatures that ensure the
integrity of a message.
[0137] In the steps 903.about.906, the data is encrypted and
decrypted using the public and private keys, which is called
`asymmetric encryption`. In the step 907, in which the BD terminal
901 and the CP 902 share the same secret key, the same key is
shared to perform encryption and decryption with the same key,
which is called `symmetric encryption`.
[0138] Thus, the BD terminal 901 and the CP 902 can safely exchange
information mutually using the shared encryption key without
interruptive intrusions of hackers.
[0139] FIG. 10 is a diagram for an encryption method using a secret
key according to the present invention.
[0140] As mentioned in the foregoing description of FIG. 9, a
public key of a CP certified by a trusted CA is delivered to a
user, e.g., a BD terminal. The BD terminal forwards random data to
the CP using the delivered CP's public key to share such a secret
key as a session key with the CP.
[0141] Besides, the session key is an encryption key used during
one communication session only between parties communicating with
each other. In case that there are too many ciphertexts, it is
highly probable that a key can be computed by analyzing the
ciphertexts. The session key is a temporary key used for this
prevention. And, a session is a logical connection for
conversations between a BD terminal and a CP on a network.
[0142] The public key can be delivered in two ways. Firstly, the
public key of the CP is delivered to the BD terminal. Secondly, the
public key of the BD terminal is delivered to the CP in the same
manner.
[0143] FIG. 10 shows an example of the latter case, in which
encryption and decryption methods using a delivered public key 1007
of a BD terminal and a secret key such as a session key 1004 are
shown.
[0144] First of all, a CP generates an encrypted file 1005 by
encrypting content data (plaintext) through cryptographic algorithm
using a session key 1004.
[0145] The cryptographic algorithm includes AES (advanced
encryption standard), DES (data encryption standard), Triple DES or
the like. As the secret key is used in the present invention, it
corresponds to a symmetric encryption.
[0146] An encrypted session key 1008 is generated by encrypting the
session key 1004 with a public key 1007 of the BD terminal. In this
case, RSA may be used as cryptographic algorithm. As the public key
is used, it corresponds to an asymmetric encryption.
[0147] The encrypted file 1005 and the encrypted session key 1008
are transferred to the BD terminal. The BD terminal decrypts the
received encrypted session key 1008 with a private key 1009 of the
BD terminal to restore to the original session key 1004.
[0148] Cryptographic algorithm 1010 used for the decryption adopts
the RSA algorithm to correspond to the cryptographic algorithm 1006
used for the encryption. The encrypted file 1005 is decrypted using
the restored session key 1004 (1011). The cryptographic algorithm
1011 used for the decryption adopts the AES or DES to correspond to
the cryptographic algorithm 1003 used for the encryption. As a
result of the decryption (1011), content data 1002 transferred from
the CP is recovered.
[0149] The CP can share the same secret key 1004 with the BD
terminal using the above-explained methods. And, the CP can deliver
the content to the BD terminal using the secret key 1004.
[0150] After the CP has transferred the CP's public key to the BD
terminal, if the BD terminal attempts to transfer the content,
which is encrypted with the secret key such as a session key, and
the session key, which is encrypted using the CP's public key, to
the CP, positions of the CP and the BD terminals are switched to
each other and the public key 1007 of the BD terminal is replaced
by the public key of the CP.
[0151] FIG. 11 is a flowchart of an encryption and decryption
method using a secret key and a public key according to the present
invention. To encrypt content and a secret key to transfer, a BD
terminal transfers a certificate to a CP (1101). Preferably, the
certificate includes a public key of the BD terminal at least.
[0152] The content is encrypted with such a secret key as a session
key. And, the session key is encrypted with the delivered public
key of the BD terminal (1102). An encrypted file generated from
encryption of the content and the encrypted session key are
transferred to the BD terminal (1103).
[0153] The BD terminal restores the session key by decrypting the
received encrypted session key with a private key of the BD
terminal (1104). The BD terminal decrypts the received encrypted
file using the restored session key (1105). Through this, the BD
terminal can obtain the content which the CP attempts to deliver to
a user (1106).
[0154] Accordingly, by the authentication method, recording medium,
encryption method, decryption method and cryptographic system of
the present invention, security can be provided to the high-density
optical recording medium, the reproduction system associated with
the high-density optical recording medium, and the network.
[0155] Hence, the present invention protects the content provider
and the playback system that reproduces the recording medium. And,
by establishing the secure channel between the playback system of
the recording medium and the content provider through the network
to secure the safe data exchange, the present invention provides
more convenient functions to the users and the content
providers.
[0156] It will be apparent to those skilled in the art that various
modifications and variations can be made in the present invention
without departing from the spirit or scope of the inventions. Thus,
it is intended that the present invention covers the modifications
and variations of this invention provided they come within the
scope of the appended claims and their equivalents.
* * * * *