Multiple authority key derivation
First Claim
1. A computer-implemented method, comprising:
- generating a key hierarchy that comprises a root key and a plurality of levels of subordinate keys, a first level of the plurality of levels including a first subordinate key derived from the root key and associated with a first usage restriction, and a second level of the plurality of levels including a second subordinate key derived from the first subordinate key and associated with a second usage restriction that includes the first usage restriction;
receiving a request having been encrypted using the second subordinate key;
determining that the request indicates non-compliance with at least one of the first usage restriction or the second usage restriction; and
denying the request as a result of the non-compliance.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder'"'"'s ability to decrypt data depends on the key'"'"'s position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.
-
Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
generating a key hierarchy that comprises a root key and a plurality of levels of subordinate keys, a first level of the plurality of levels including a first subordinate key derived from the root key and associated with a first usage restriction, and a second level of the plurality of levels including a second subordinate key derived from the first subordinate key and associated with a second usage restriction that includes the first usage restriction; receiving a request having been encrypted using the second subordinate key; determining that the request indicates non-compliance with at least one of the first usage restriction or the second usage restriction; and denying the request as a result of the non-compliance. - View Dependent Claims (2, 3)
-
-
4. A system, comprising:
-
one or more processors; and memory including instructions that, if executed by the one or more processors, cause the system to at least; derive a plurality of keys to form a key hierarchy that comprises a root key and a plurality of levels of subordinate keys, each subordinate key being derived based on information encoding a usage restriction associated with a corresponding level of the plurality of levels; associate, based on the encoded information, a particular combination of one or more usage restrictions to each subordinate key in accordance with a respective level of the plurality of levels; and cause one or more cryptographic operations to be performed using a subordinate key from the key hierarchy. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11)
-
-
12. A non-transitory computer-readable storage medium having stored thereon instructions that, if executed by one or more processors of a computer system, cause the computer system to at least:
-
receive a root key from a key authority; derive a plurality of keys to form a key hierarchy that comprises the root key and a plurality of levels of subordinate keys, each subordinate key being derived using information encoding a usage restriction associated with a respective level of the plurality of levels; associate a particular combination of one or more usage restrictions to a level of the plurality of levels; and process a request associated with a particular subordinate key corresponding to the level based on compliance, for the request, with the particular combination of the one or more usage restrictions. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification