A system for receiving encrypted data delivered to a PC (personal computer) or other terminal via a recording medium or a communications network such as the Internet, entering the received data, for instance, into a recording/reproduction apparatus connected to the terminal, decrypting the entered data with an encryptor/decryptor apparatus within the recording/reproduction apparatus, and recording the decrypted data onto a recording medium is now considered.
FIG. 4 shows a typical encryptor/decryptor apparatus. The reference numeral 60 in the figure denotes an encryptor/decryptor processor, which represents a portion excluding the encryptor/decryptor apparatus's interface, CPU, and other components to be incorporated in the form of an IC (integrated circuit). The encryptor/decryptor processor 60 includes an encryptor/decryptor computing section 61, a key selector 62, a hardware key generator 64, and a key memory 69.
The hardware key generator 64 includes a ROM 65 in which fixed-value data is written; an arithmetic circuit 66 for inverting and shifting the bits of data read from the ROM 65, calculating the exclusive OR (EOR or XOR) of such bits, or otherwise operating on the data read from the ROM 65; and a latch circuit 67 for latching, at a time specified by an external command, the data generated from the arithmetic circuit 66 in accordance with a clock (CLK). The data output from the latch circuit 67 is entered into the key selector 62 as a hardware key.
Upon external command, the hardware key generated from the hardware key generator 64 is first selected by the key selector 62, and operated on in conjunction with input data in the encryptor/decryptor computing section 61 for performing calculations to produce a first-step process key, which is then written into the key memory 69.
Next, the first-step process key is read from the key memory 69, selected by the key selector 62, and operated on in conjunction with the input data in the encryptor/decryptor computing section 61 for performing calculations to produce a second-step process key, which is then written into the key memory 69 in replacement of the first-step process key.
In the encryptor/decryptor computing section 61, a third-step process key and subsequent process keys are then calculated. Finally, a contents key, which is a secret key for data encryption or decryption, is calculated and written into the key memory 69.
If, in the resulting state, a command for selecting a decryption mode is entered and ciphertext data is entered as input data, the contents key read from the key memory 69 is selected by the key selector 62, and operated on in conjunction with the ciphertext data in the encryptor/decryptor computing section 61 to decrypt the ciphertext data. As a result, the encryptor/decryptor computing section 61 outputs plain text data.
If, on the other hand, a command for selecting an encryption mode is entered and plain text data is entered as input data, the plain text data is encrypted similarly, and the encryptor/decryptor computing section 61 outputs ciphertext data.
However, the use of the aforementioned encryptor/decryptor apparatus, that is, the encryptor/decryptor processor 60, permits a circuit designer or other similar specialist to readily know the value of the hardware key by viewing the RTL (register transfer level) description of the hardware key generator 64 included in the circuitry.
It is therefore necessary to pay careful attention to design file management at the RTL in order to ensure the secrecy of the hardware key, which is used as a unique secret key. However, since it is difficult to take all possible security measures, it is not easy to ensure the secrecy of the hardware key for security assurance.
It is therefore an object of the present invention to provide means for generating key data in such a manner as to ensure security.