The invention provides a method and system for generating a watermark on the basis of graphic, a terminal, and a medium. The method includes acquiring a watermark image and at least one watermark unit image; acquiring watermark encryption information; determining the distribution information of the watermark unit images in the watermark image according to the watermark encryption information and a preset encryption model, the distribution information comprising imaging regions of the watermark unit images in the watermark image; and overlaying each watermark unit image into a corresponding imaging region in the watermark image to generate the watermark. The watermark encryption information has a one-to-one corresponding relationship with the distribution information of the watermark unit images in the watermark image, and the corresponding relationship can be defined by a user so that others cannot crack the watermark without knowing the encryption model, thereby improving the watermark cracking difficulty. Moreover, the method can generate the watermark according to the watermark image and the watermark unit images input by the user, and provide personalized customization of the watermark under the function of encryption to improve the user experience.

An encryption method includes an operation method of an encryption system and is a method of encrypting encryption target information.

A security system is disclosed in which a secure communication session is established between an external security processor and an interface device. After insertion of the external security processor into the interface device, an authorization server provides authorization to the external security processor and the interface device based on, for example, identification information for each device. A derived key may be generated using a common device security key, and a seed value stored at the interface device. The derived key may then be used for multiple communication sessions between the interface device and the external security processor.

A content recording apparatus includes an obtaining unit which obtains a content having a variable-length packet structure, an encrypter which generates encrypted data by encrypting the content, and a recorder which records the encrypted data in a block unit having a fixed length in a recording medium. The encrypted data includes an invalidated region unnecessary for reproduction of the content. The recorder records a size of the invalidated region in the recording medium.

A content recording apparatus includes an obtaining unit which obtains a content having a variable-length packet structure, an encrypter which generates encrypted data by encrypting the content, and a recorder which records the encrypted data in a block unit having a fixed length in a recording medium. The encrypted data includes an invalidated region unnecessary for reproduction of the content. The recorder records a size of the invalidated region in the recording medium.

An information storage device including one or more processors configured to store an encrypted content and to control access of an external device to the information storage device is provided. The one or more processors are further configured to store a converted title key obtained by converting a title key which is an encryption key to be applied to decryption of the encrypted content, and a user token obtained by converting binding secret information to be applied to calculate the title key from the converted title key. The one or more processors are further configured to allow the external device having a confirmed access right to the information storage device to read out the user token.

A system and methods for permitting open access to data objects and for securing data within the data objects is disclosed. According to one embodiment of the present invention, a method for securing a data object is disclosed. According to one embodiment of the present invention, a method for securing a data object is disclosed. The method includes the steps of (1) providing a data object comprising digital data and file format information; (2) embedding independent data into a data object; and (3) scrambling the data object to degrade the data object to a predetermined signal quality level. The steps of embedding and scrambling may be performed until a predetermined condition is met. The method may also include the steps of descrambling the data object to upgrade the data object to a predetermined signal quality level, and decoding the embedded independent data.

A method and apparatus for controlling access to encrypted data is provided. The device comprises: a processor and a memory, the processor configured to: control access to encrypted data, stored at the memory, the encrypted data categorized according to a plurality of categories, using a respective encryption key for each category in the plurality of categories; and, control access to a given encryption key according to given criteria associated with a given category, respective criteria different for each respective category, access to the given encryption key including one or more of, when the respective criteria are met, generating the given encryption key and decrypting the given encryption key.

A technique to manage members of a group of decoders having access to broadcast data, each group member sharing a common broadcast encryption scheme (BES) comprising the steps of, in a stage for a decoder to become a group member, receiving keys pertaining to the position in the group according to the BES, receiving a current group access data comprising a current group access key, and in a stage of accessing broadcast data, using the current group access data to access the broadcast data, and in a stage of renewing the current group access key, sending a first group message comprising at lease a next group access key encrypted so that only non-revoked decoders can access it, said group message being further encrypted by the current group access key, updating the current group access key with the next group access key.

A configuration in which a reliable source of illegal copy content is analyzed using content in which a reproduction path can be set is realized. Content which has a segment area including a plurality of items of variation data which can be decrypted using different keys and in which a reproduction path corresponding to the selected variation data can be set is used. Each item of variation data is configured such that embedded information such as a digital watermark can be acquired from decrypted data. Each item of variation data includes a 192-byte source packet or a 6144-byte aligned unit. A reproduction device selects and reproduces one item of variation data from each segment area on the basis of a variation data identifier recorded in the variation data.