Key management apparatus
First Claim
1. A digital work protection system including a key management apparatus and a user apparatus, the key management apparatus generating and correlating device keys with nodes in a tree structure and assigning the user apparatus to the device keys, the key management apparatus comprising:
- a determining unit operable to determine whether to add new leaves to the tree structure based on the number of leaves to which no user apparatus has been assigned;
an extending unit operable to, if the determining unit determines to add, generate new leaves to extend from one of the leaves to which no user apparatus has been assigned;
a user apparatus assigning unit operable to assign a user apparatus to one of the newly generated leaves;
a device key generating unit operable to generate and correlate new device keys with nodes with which no device key has been correlated, among all nodes from the one of the newly generated leaves to a root inclusive; and
a device key assigning unit operable to assign, to the user apparatus, device keys corresponding to the all nodes existing from the one of the newly generated leaves to the root inclusive, wherein the user apparatus either encrypts a content using one of the assigned device keys and writes the encrypted content onto a recording medium or reads an encrypted content from the recording medium and decrypts the read content using the one of the assigned device keys.
1 Assignment
0 Petitions
Accused Products
Abstract
A digital work protection system composed of (a) user apparatuses that are recording apparatuses and/or reproduction apparatuses for recording or reproducing digital contents such as movies, (b) a recording medium, and (c) a key management apparatus that manages the assignment of device keys to the user apparatuses using a tree structure. The key management apparatus always keeps some leaves with which no user apparatus is not correlated in the tree structure, generates new leaves that are connected from the leaves and belong to a new layer, and assigns new user apparatuses to the newly generated leaves.
43 Citations
16 Claims
-
1. A digital work protection system including a key management apparatus and a user apparatus, the key management apparatus generating and correlating device keys with nodes in a tree structure and assigning the user apparatus to the device keys, the key management apparatus comprising:
-
a determining unit operable to determine whether to add new leaves to the tree structure based on the number of leaves to which no user apparatus has been assigned;
an extending unit operable to, if the determining unit determines to add, generate new leaves to extend from one of the leaves to which no user apparatus has been assigned;
a user apparatus assigning unit operable to assign a user apparatus to one of the newly generated leaves;
a device key generating unit operable to generate and correlate new device keys with nodes with which no device key has been correlated, among all nodes from the one of the newly generated leaves to a root inclusive; and
a device key assigning unit operable to assign, to the user apparatus, device keys corresponding to the all nodes existing from the one of the newly generated leaves to the root inclusive, wherein the user apparatus either encrypts a content using one of the assigned device keys and writes the encrypted content onto a recording medium or reads an encrypted content from the recording medium and decrypts the read content using the one of the assigned device keys.
-
-
2. A key management apparatus for generating and correlating device keys with nodes in a tree structure and assigning a user apparatus to the device keys, comprising:
-
a determining unit operable to determine whether to add new leaves to the tree structure based on the number of leaves to which no user apparatus has been assigned;
an extending unit operable to, if the determining unit determines to add, generate new leaves to extend from one of the leaves to which no user apparatus has been assigned;
a user apparatus assigning unit operable to assign a user apparatus to one of the newly generated leaves;
a device key generating unit operable to generate and correlate new device keys with nodes with which no device key has been correlated, among all nodes existing from the one of the newly generated leaves to a root inclusive; and
a device key assigning unit operable to assign, to the user apparatus, device keys corresponding to the all nodes existing from the one of the newly generated leaves to the root inclusive.
-
-
3. A key management apparatus for generating and correlating device keys with nodes in a tree structure and assigning a plurality of user apparatuses to the device keys, comprising:
-
a device key storage unit operable to store in advance the tree structure and device keys that have been assigned to user apparatuses correlated with some leaves in the tree structure;
a determining unit operable to determine whether to add new leaves to the tree structure based on the number of leaves to which no user apparatus has been assigned;
an extending unit operable to, if the determining unit determines to add, generate new leaves to extend from one of the leaves to which no user apparatus has been assigned;
a user apparatus assigning unit operable to assign a user apparatus to one of the newly generated leaves;
a device key generating unit operable to generate and correlate new device keys with nodes with which no device key has been correlated, among all nodes existing from the one of the newly generated leaves to a root inclusive; and
a device key assigning unit operable to assign, to the user apparatus, device keys corresponding to the all nodes existing from the one of the newly generated leaves to the root inclusive. - View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A user apparatus for either encrypting a content using one of a plurality of device keys assigned by a key management apparatus, which has one or more device keys for each node existing from each leaf to a root inclusive, and writing the encrypted content onto a recording medium or reading an encrypted content from the recording medium and decrypting the read content using one of the assigned device keys, wherein
the key management apparatus (a) determines whether to add new leaves to the tree structure based on the number of leaves to which no user apparatus is assigned, (b) if it is determined to add, generates new leaves to extend from one of the leaves to which no user apparatus has been assigned, (c) assigns a user apparatus to one of the newly generated leaves, (d) generates and correlates new device keys with nodes with which no device key has been correlated, among all nodes existing from the one of the newly generated leaves to a root inclusive, and (e) assigns to the user apparatus all device keys corresponding to the nodes existing from the one of the newly generated leaves to the root inclusive, the user apparatus comprising: -
a media key identifying unit operable to identify an encrypted media key that was encrypted using one of the device keys assigned to the user apparatus, out of a plurality of encrypted media keys written on the recording medium;
a media key decrypting unit operable to restore a media key by decrypting the identified encrypted media key using the device key that was used for encrypting the media key; and
an encryption/decryption unit operable to either encrypt a content using the generated media key and write the encrypted content onto the recording medium or read an encrypted content from the recording medium and decrypt the read content using the generated media key.
-
-
13. A recording medium having recorded thereon:
-
encrypted media keys that are generated by encrypting media keys using device keys as encryption keys, wherein the device keys are generated by a key management apparatus, and the key management apparatus (a) determines whether to add new leaves to the tree structure based on the number of leaves to which no user apparatus is assigned, (b) if it is determined to add, generates new leaves to extend from one of the leaves to which no user apparatus has been assigned, (c) assigns a user apparatus to one of the newly generated leaves, (d) generates and correlates new device keys with nodes with which no device key has been correlated, among all nodes existing from the one of the newly generated leaves to a root inclusive, and (e) assigns to the user apparatus all device keys corresponding to the nodes existing from the one of the newly generated leaves to the root inclusive.
-
-
14. A key management method for use in a key management apparatus that generates and correlates device keys with nodes in a tree structure and assigns a plurality of user apparatuses to the device keys, wherein
the key management apparatus stores the tree structure and device keys that have been assigned to user apparatuses correlated with some leaves in the tree structure; the key management method comprising;
a determining step for determining whether to add new leaves to the tree structure based on the number of leaves to which no user apparatus is assigned;
an extending step for, if the determining step determines to add, generating new leaves to extend from one of the leaves to which no user apparatus has been assigned;
a user apparatus assigning step assigning a user apparatus to one of the newly generated leaves;
a device key generating step for generating and correlating new device keys with nodes with which no device key has been correlated, among all nodes existing from the one of the newly generated leaves to a root inclusive; and
a device key assigning step for assigning to the user apparatus all device keys corresponding to the nodes existing from the one of the newly generated leaves to the root inclusive.
-
15. A key management program for use in a key management apparatus that generates and correlates device keys with nodes in a tree structure and assigns a plurality of user apparatuses to the device keys, wherein
the key management apparatus stores the tree structure and device keys that have been assigned to user apparatuses correlated with some leaves in the tree structure; the key management program comprising;
a determining step for determining whether to add new leaves to the tree structure based on the number of leaves to which no user apparatus is assigned;
an extending step for, if the determining step determines to add, generating new leaves to extend from one of the leaves to which no user apparatus has been assigned;
a user apparatus assigning step assigning a user apparatus to one of the newly generated leaves;
a device key generating step for generating and correlating new device keys with nodes with which no device key has been correlated, among all nodes existing from the one of the newly generated leaves to a root inclusive; and
a device key assigning step for assigning to the user apparatus all device keys corresponding to the nodes existing from the one of the newly generated leaves to the root inclusive.
-
16. A computer-readable recording medium on which a key management program for use in a key management apparatus that generates and correlates device keys with nodes in a tree structure and assigns a plurality of user apparatuses to the device keys is recorded, wherein
the key management apparatus stores the tree structure and device keys that have been assigned to user apparatuses correlated with some leaves in the tree structure; the key management program comprising;
a determining step for determining whether to add new leaves to the tree structure based on the number of leaves to which no user apparatus is assigned;
an extending step for, if the determining step determines to add, generating new leaves to extend from one of the leaves to which no user apparatus has been assigned;
a user apparatus assigning step assigning a user apparatus to one of the newly generated leaves;
a device key generating step for generating and correlating new device keys with nodes with which no device key has been correlated, among all nodes existing from the one of the newly generated leaves to a root inclusive; and
a device key assigning step for assigning to the user apparatus all device keys corresponding to the nodes existing from the one of the newly generated leaves to the root inclusive.
Specification