Multiple authority key derivation
First Claim
1. A computer-implemented method, comprising:
- receiving a root key from a key authority;
generating, based at least in part on the root key and using a cryptographic hash function that includes an operand associated with usage restrictions on at least some generated keys, a plurality of keys that corresponds to a plurality of levels hierarchically subordinate to the key authority;
generating a key hierarchy comprising the root key and the plurality of keys arranged according to the plurality of levels;
associating, based at least in part on the cryptographic hash function, a subset of the usage restrictions to an individual level of the key hierarchy;
receiving encrypted data having been encrypted using a particular key in the key hierarchy, the encrypted data being decryptable using any key in the key hierarchy at a level equal to or higher than that of the particular key but undecryptable by any key lower in the key hierarchy than the level;
decrypting the encrypted data using a key from the key hierarchy; and
providing access to the decrypted data.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder'"'"'s ability to decrypt data depends on the key'"'"'s position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.
241 Citations
19 Claims
-
1. A computer-implemented method, comprising:
-
receiving a root key from a key authority; generating, based at least in part on the root key and using a cryptographic hash function that includes an operand associated with usage restrictions on at least some generated keys, a plurality of keys that corresponds to a plurality of levels hierarchically subordinate to the key authority; generating a key hierarchy comprising the root key and the plurality of keys arranged according to the plurality of levels; associating, based at least in part on the cryptographic hash function, a subset of the usage restrictions to an individual level of the key hierarchy; receiving encrypted data having been encrypted using a particular key in the key hierarchy, the encrypted data being decryptable using any key in the key hierarchy at a level equal to or higher than that of the particular key but undecryptable by any key lower in the key hierarchy than the level; decrypting the encrypted data using a key from the key hierarchy; and providing access to the decrypted data. - View Dependent Claims (2, 3)
-
-
4. A system, comprising:
-
one or more processors; and memory including instructions executable with the one or more processors to cause the system to at least; receive a root key from a key authority; generate a plurality of keys to form a key hierarchy that comprises the root key and a plurality of keys that corresponds to a plurality of levels hierachically subordinate to the key authority, each key of the plurality of keys being derived using a cryptographic hash function, the cryptographic hash function including an operand that is associated with a usage restriction on at least some keys of the plurality of keys; associate, based on the cryptographic hash function, a particular combination of one or more usage restrictions to each key of the plurality of keys; and cause one or more cryptographic operations to be performed using a particular key from the key hierarchy, wherein causing performance of the one or more cryptographic operations includes encrypting data in a manner that results in the encrypted data being decryptable using any key in the key hierarchy at a level equal to or higher than that of the particular key, but undecryptable using any key lower in the key hierarchy than the level. - View Dependent Claims (5, 6, 7, 8, 9, 10)
-
-
11. A non-transitory computer-readable storage medium having stored therein instructions that, when executed by one or more processors of a computer system, cause the computer system to at least:
-
receive a root key from a key authority; generate, based at least in part on the root key and using a cryptographic hash function that includes an operand associated with usage restrictions on at least some generated keys, a plurality of keys that corresponds to a plurality of levels hierarchically subordinate to the key authority; generate a key hierarchy comprising the root key and the plurality of keys arranged according to the plurality of levels; associate, based at least in part on the cryptographic hash function, a subset of the usage restrictions to an individual level of the key hierarchy; obtain unencrypted data; encrypt the unencrypted data to produce encrypted data using a particular key in the key hierarchy, the encrypted data being decryptable using a key in the key hierarchy at a level equal to or higher than that of the particular key and undecryptable by a key lower in the key hierarchy than the level; and provide access to the encrypted data. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
Specification