Key management apparatus

US 20030081786A1
Filed: 10/23/2002
Published: 05/01/2003
Est. Priority Date: 10/26/2001
Status: Abandoned Application

First Claim

Patent Images

1. A digital work protection system including a key management apparatus and a user apparatus, the key management apparatus generating and correlating device keys with nodes in a tree structure and assigning the user apparatus to the device keys, the key management apparatus comprising:

a determining unit operable to determine whether to add new leaves to the tree structure based on the number of leaves to which no user apparatus has been assigned;

an extending unit operable to, if the determining unit determines to add, generate new leaves to extend from one of the leaves to which no user apparatus has been assigned;

a user apparatus assigning unit operable to assign a user apparatus to one of the newly generated leaves;

a device key generating unit operable to generate and correlate new device keys with nodes with which no device key has been correlated, among all nodes from the one of the newly generated leaves to a root inclusive; and

a device key assigning unit operable to assign, to the user apparatus, device keys corresponding to the all nodes existing from the one of the newly generated leaves to the root inclusive, wherein the user apparatus either encrypts a content using one of the assigned device keys and writes the encrypted content onto a recording medium or reads an encrypted content from the recording medium and decrypts the read content using the one of the assigned device keys.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A digital work protection system composed of (a) user apparatuses that are recording apparatuses and/or reproduction apparatuses for recording or reproducing digital contents such as movies, (b) a recording medium, and (c) a key management apparatus that manages the assignment of device keys to the user apparatuses using a tree structure. The key management apparatus always keeps some leaves with which no user apparatus is not correlated in the tree structure, generates new leaves that are connected from the leaves and belong to a new layer, and assigns new user apparatuses to the newly generated leaves.

43 Citations

View as Search Results

16 Claims

1. A digital work protection system including a key management apparatus and a user apparatus, the key management apparatus generating and correlating device keys with nodes in a tree structure and assigning the user apparatus to the device keys, the key management apparatus comprising:
- a determining unit operable to determine whether to add new leaves to the tree structure based on the number of leaves to which no user apparatus has been assigned;
  
  an extending unit operable to, if the determining unit determines to add, generate new leaves to extend from one of the leaves to which no user apparatus has been assigned;
  
  a user apparatus assigning unit operable to assign a user apparatus to one of the newly generated leaves;
  
  a device key generating unit operable to generate and correlate new device keys with nodes with which no device key has been correlated, among all nodes from the one of the newly generated leaves to a root inclusive; and
  
  a device key assigning unit operable to assign, to the user apparatus, device keys corresponding to the all nodes existing from the one of the newly generated leaves to the root inclusive, wherein the user apparatus either encrypts a content using one of the assigned device keys and writes the encrypted content onto a recording medium or reads an encrypted content from the recording medium and decrypts the read content using the one of the assigned device keys.

2. A key management apparatus for generating and correlating device keys with nodes in a tree structure and assigning a user apparatus to the device keys, comprising:
- a determining unit operable to determine whether to add new leaves to the tree structure based on the number of leaves to which no user apparatus has been assigned;
  
  an extending unit operable to, if the determining unit determines to add, generate new leaves to extend from one of the leaves to which no user apparatus has been assigned;
  
  a user apparatus assigning unit operable to assign a user apparatus to one of the newly generated leaves;
  
  a device key generating unit operable to generate and correlate new device keys with nodes with which no device key has been correlated, among all nodes existing from the one of the newly generated leaves to a root inclusive; and
  
  a device key assigning unit operable to assign, to the user apparatus, device keys corresponding to the all nodes existing from the one of the newly generated leaves to the root inclusive.

3. A key management apparatus for generating and correlating device keys with nodes in a tree structure and assigning a plurality of user apparatuses to the device keys, comprising:
- a device key storage unit operable to store in advance the tree structure and device keys that have been assigned to user apparatuses correlated with some leaves in the tree structure;
  
  a determining unit operable to determine whether to add new leaves to the tree structure based on the number of leaves to which no user apparatus has been assigned;
  
  an extending unit operable to, if the determining unit determines to add, generate new leaves to extend from one of the leaves to which no user apparatus has been assigned;
  
  a user apparatus assigning unit operable to assign a user apparatus to one of the newly generated leaves;
  
  a device key generating unit operable to generate and correlate new device keys with nodes with which no device key has been correlated, among all nodes existing from the one of the newly generated leaves to a root inclusive; and
  
  a device key assigning unit operable to assign, to the user apparatus, device keys corresponding to the all nodes existing from the one of the newly generated leaves to the root inclusive.
- View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11)
- - 4. The key management apparatus of claim 3, wherein the determining unit includes:
    - a counting unit operable to refer to the tree structure stored in the device key storage unit and count leaves to which no user apparatus is assigned; and
      
      a comparison unit operable to compare the counted number of leaves with a threshold value, wherein the determining unit determines to add new leaves to the tree structure if the counted number of leaves is equal to or smaller than the threshold value.
  - 5. The key management apparatus of claim 4, wherein the device key generating unit further generates and correlates new device keys with all roots of subtrees that are generated when the nodes existing from the leaf to the root inclusive are deleted from the tree structure, the key management apparatus further comprising:
    - an encrypted media key generating unit operable to generate encrypted media keys by encrypting media keys using all device keys generated by the device key generating unit on a one-to-one basis; and
      
      an encrypted media key writing unit operable to write the generated encrypted media keys onto a recording medium.
  - 6. The key management apparatus of claim 5, wherein the comparison unit stores the threshold value in advance and compares the counted number of leaves with the threshold value.
  - 7. The key management apparatus of claim 5, wherein the device key storage unit stores the same number of pieces of node information as there are nodes in the tree structure, the pieces of node information being linked to each other in the same manner as the nodes in the tree structure, each piece of node information including node ID information for identifying a certain node, a device key corresponding to the certain node, and user apparatus ID information for identifying a user apparatus corresponding to the certain node, the extending unit generates a new piece of node information that contains only node ID information identifying a new leaf, the new piece of node information linking to a piece of node information containing node ID information that identifies a leaf to which no user apparatus is assigned, the user apparatus assigning unit adds user apparatus ID information to the new piece of node information, and the device key generating unit adds a device key to the new piece of node information.
  - 8. The key management apparatus of claim 5, wherein the tree structure stored in the device key storage unit is an n-ary tree structure, wherein n is an integer no smaller than 2, and the extending unit generates n new leaves extending from one leaf.
  - 9. The key management apparatus of claim 5, wherein the tree structure stored in the device key storage unit is an n-ary tree structure, wherein n is an integer no smaller than 2, and the extending unit generates m new leaves extending from one leaf, wherein m is an integer satisfying m>
    - n.
  - 10. The key management apparatus of claim 9, wherein the extending unit generates m new leaves extending from one leaf, wherein m=n+1.
  - 11. The key management apparatus of claim 8, wherein the extending unit generates n further-new leaves extending from each of then new leaves, resulting in generation of n²leaves.

12. A user apparatus for either encrypting a content using one of a plurality of device keys assigned by a key management apparatus, which has one or more device keys for each node existing from each leaf to a root inclusive, and writing the encrypted content onto a recording medium or reading an encrypted content from the recording medium and decrypting the read content using one of the assigned device keys, wherein the key management apparatus (a) determines whether to add new leaves to the tree structure based on the number of leaves to which no user apparatus is assigned, (b) if it is determined to add, generates new leaves to extend from one of the leaves to which no user apparatus has been assigned, (c) assigns a user apparatus to one of the newly generated leaves, (d) generates and correlates new device keys with nodes with which no device key has been correlated, among all nodes existing from the one of the newly generated leaves to a root inclusive, and (e) assigns to the user apparatus all device keys corresponding to the nodes existing from the one of the newly generated leaves to the root inclusive, the user apparatus comprising:
- a media key identifying unit operable to identify an encrypted media key that was encrypted using one of the device keys assigned to the user apparatus, out of a plurality of encrypted media keys written on the recording medium;
  
  a media key decrypting unit operable to restore a media key by decrypting the identified encrypted media key using the device key that was used for encrypting the media key; and
  
  an encryption/decryption unit operable to either encrypt a content using the generated media key and write the encrypted content onto the recording medium or read an encrypted content from the recording medium and decrypt the read content using the generated media key.

13. A recording medium having recorded thereon:
- encrypted media keys that are generated by encrypting media keys using device keys as encryption keys, wherein the device keys are generated by a key management apparatus, and the key management apparatus (a) determines whether to add new leaves to the tree structure based on the number of leaves to which no user apparatus is assigned, (b) if it is determined to add, generates new leaves to extend from one of the leaves to which no user apparatus has been assigned, (c) assigns a user apparatus to one of the newly generated leaves, (d) generates and correlates new device keys with nodes with which no device key has been correlated, among all nodes existing from the one of the newly generated leaves to a root inclusive, and (e) assigns to the user apparatus all device keys corresponding to the nodes existing from the one of the newly generated leaves to the root inclusive.

14. A key management method for use in a key management apparatus that generates and correlates device keys with nodes in a tree structure and assigns a plurality of user apparatuses to the device keys, wherein the key management apparatus stores the tree structure and device keys that have been assigned to user apparatuses correlated with some leaves in the tree structure;
- the key management method comprising;
  
  a determining step for determining whether to add new leaves to the tree structure based on the number of leaves to which no user apparatus is assigned;
  
  an extending step for, if the determining step determines to add, generating new leaves to extend from one of the leaves to which no user apparatus has been assigned;
  
  a user apparatus assigning step assigning a user apparatus to one of the newly generated leaves;
  
  a device key generating step for generating and correlating new device keys with nodes with which no device key has been correlated, among all nodes existing from the one of the newly generated leaves to a root inclusive; and
  
  a device key assigning step for assigning to the user apparatus all device keys corresponding to the nodes existing from the one of the newly generated leaves to the root inclusive.

15. A key management program for use in a key management apparatus that generates and correlates device keys with nodes in a tree structure and assigns a plurality of user apparatuses to the device keys, wherein the key management apparatus stores the tree structure and device keys that have been assigned to user apparatuses correlated with some leaves in the tree structure;
- the key management program comprising;
  
  a determining step for determining whether to add new leaves to the tree structure based on the number of leaves to which no user apparatus is assigned;
  
  an extending step for, if the determining step determines to add, generating new leaves to extend from one of the leaves to which no user apparatus has been assigned;
  
  a user apparatus assigning step assigning a user apparatus to one of the newly generated leaves;
  
  a device key generating step for generating and correlating new device keys with nodes with which no device key has been correlated, among all nodes existing from the one of the newly generated leaves to a root inclusive; and
  
  a device key assigning step for assigning to the user apparatus all device keys corresponding to the nodes existing from the one of the newly generated leaves to the root inclusive.

16. A computer-readable recording medium on which a key management program for use in a key management apparatus that generates and correlates device keys with nodes in a tree structure and assigns a plurality of user apparatuses to the device keys is recorded, wherein the key management apparatus stores the tree structure and device keys that have been assigned to user apparatuses correlated with some leaves in the tree structure;
- the key management program comprising;
  
  a determining step for determining whether to add new leaves to the tree structure based on the number of leaves to which no user apparatus is assigned;
  
  an extending step for, if the determining step determines to add, generating new leaves to extend from one of the leaves to which no user apparatus has been assigned;
  
  a user apparatus assigning step assigning a user apparatus to one of the newly generated leaves;
  
  a device key generating step for generating and correlating new device keys with nodes with which no device key has been correlated, among all nodes existing from the one of the newly generated leaves to a root inclusive; and
  
  a device key assigning step for assigning to the user apparatus all device keys corresponding to the nodes existing from the one of the newly generated leaves to the root inclusive.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Matsushita Electric Industrial Company Limited (Panasonic Holdings Corporation)
Original Assignee
Matsushita Electric Industrial Company Limited (Panasonic Holdings Corporation)
Inventors
Nakano, Toshihisa, Tatebayashi, Makoto, Futa, Yuichi, Yokota, Kaoru, Matsuzaki, Natsume, Yamamichi, Masato

Application Number

US10/277,747
Publication Number

US 20030081786A1
Time in Patent Office

Days
Field of Search
US Class Current

380/277
CPC Class Codes

G11B 20/00086   Circuits for prevention of ...

G11B 20/00137   involving measures which re...

G11B 20/00188   involving measures which re...

G11B 20/0021   involving encryption or dec...

G11B 20/00246   wherein the key is obtained...

G11B 20/00253   wherein the key is stored o...

G11B 20/00536   wherein encrypted content d...

H04L 2209/605   Copy protection

H04L 9/0822   using key encryption key

H04L 9/0836   using tree structure or hie...

H04L 9/0891   Revocation or update of sec...

Key management apparatus

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

43 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Key management apparatus

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links