Information processing system and method

US 20030140227A1
Filed: 02/04/2003
Published: 07/24/2003
Est. Priority Date: 12/26/2000
Status: Active Grant

First Claim

Patent Images

1. An information processing system in which a key tree is formed so as to include leaves, a root, and nodes existing in paths from the respective leaves to the root, wherein a plurality of devices are assigned to respective leaves and keys are assigned to the root, the leaves, and the nodes, respectively;

and an enabling key block (EKB) is provided to a device, wherein the enabling key block (EKB) includes data produced by selecting a path in the key tree and encrypting an upper-level key in the selected path using a lower-level key in the selected path such that the encrypted data can be decrypted only by the device which can use a node key set corresponding to the selected path, wherein the key tree includes a plurality of subtrees serving as category trees that are grouped in accordance with categories and managed by category entities; and

the enabling key block (EKB) is produced by a key distribution center (KDC) such that an EKB type definition list representing the correspondence between an EKB type identifier and one or more category tree identification data each identifying a category tree that can process an EKB of an EKB type identified by the EKB type identifier is held in the key distribution center (KDC), one or more category tree identification data corresponding to an EKB type identifier included in an EKB request are extracted from the EKB type definition list, and an EKB is produced which can be decrypted in common in the one or more category trees identified by the extracted one or more category tree identification data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An information processing system and method are disclosed in which information processing is performed in a highly efficient manner using an enabling key block (EKB) on the basis of a tree structure including category subtrees. A key tree is formed so as to include a plurality of subtrees serving as category trees categorized in accordance with categories and managed by category entities. An EKB including data produced by selecting a path in a tree and encrypting a higher-level key in the selected path using a lower-level key in the selected path. The resultant EKB is provided to a device. Distribution of EKB'"'"'s is managed on the basis of an EKB type definition list representing the correspondence between an EKB type identifier and one or more identification data identifying one or more category trees that can process an EKB of an EKB type specified by the EKB type identifier.

80 Citations

View as Search Results

27 Claims

1. An information processing system in which a key tree is formed so as to include leaves, a root, and nodes existing in paths from the respective leaves to the root, wherein a plurality of devices are assigned to respective leaves and keys are assigned to the root, the leaves, and the nodes, respectively;
- and an enabling key block (EKB) is provided to a device, wherein the enabling key block (EKB) includes data produced by selecting a path in the key tree and encrypting an upper-level key in the selected path using a lower-level key in the selected path such that the encrypted data can be decrypted only by the device which can use a node key set corresponding to the selected path, wherein the key tree includes a plurality of subtrees serving as category trees that are grouped in accordance with categories and managed by category entities; and
  
  the enabling key block (EKB) is produced by a key distribution center (KDC) such that an EKB type definition list representing the correspondence between an EKB type identifier and one or more category tree identification data each identifying a category tree that can process an EKB of an EKB type identified by the EKB type identifier is held in the key distribution center (KDC), one or more category tree identification data corresponding to an EKB type identifier included in an EKB request are extracted from the EKB type definition list, and an EKB is produced which can be decrypted in common in the one or more category trees identified by the extracted one or more category tree identification data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. An information processing system according to claim 1, wherein, in the EKB type definition list, the identification data identifying a category tree that can process an EKB is a node ID identifying a node in the category tree.
  - 3. An information processing system according to claim 1, wherein the EKB type definition list includes a description of a device belonging to a category tree.
  - 4. An information processing system according to claim 1, wherein the EKB type definition list can by held or accessed by an EKB requester that requests the key distribution center (KDC) to produce an EKB;
    - and the EKB requester selects an EKB type identifier on the basis of the EKB type definition list and outputs an EKB production request including the selected EKB type identifier to the key distribution center (KDC).
  - 5. An information processing system according to claim 1, wherein the category entity produces a sub enabling key block (sub-EKB) serving as an EKB that can be processed on the basis of one or more keys assigned to nodes or leaves in a category tree managed by the category entity;
    - and on the basis of one or more sub-EKB'"'"'s produced by one or more category entities corresponding to one or more category tree identification data selected on the basis of the EKB type definition list, the key distribution center (KDC) produces an EKB that can be processed in common in one or category trees defined in the EKB type definition lists.
  - 6. An information processing system according to claim 1, wherein the key tree includes a root tree having a multilevel tree structure at the top, a top-level category tree directly connected to the root tree, and a sub-category tree located at a level below the top-level category tree and connected to the top-level category tree;
    - the category entity serves as a manager entity of the top-level category tree and manages the top-level category tree and the sub-category tree located below the top level category tree and connected to the top level category tree;
      
      the category entity produces a sub enabling key bock (sub-EKB) serving as an EKB that can be processed on the basis of one or more keys assigned to nodes or leaves in the top-level category tree and sub-category tree, located below the top-level category tree and connected to the top-level category tree, which are managed by the category entity; and
      
      on the basis of one or more sub-EKB'"'"'s produced by one or more category entities corresponding to one or more category tree identification data selected on the basis of the EKB type definition list, the key distribution center (KDC) produces an EKB that can be processed in common in one or category trees defined in the EKB type definition lists.
  - 7. An information processing system according to claim 1, wherein the key distribution center (KDC) performs registration of a new EKB type identifier in the EKB type definition list, if and only if approval of the registration is obtained from all category entities managing one or more category trees selected as category trees that can process an EKB type to be registered.
  - 8. An information processing system according to claim 1, wherein the key distribution center (KDC) performs revocation of a EKB type identifier registered in the EKB type definition list, if and only if a revocation request is received from at least one of category entities managing one or more category trees selected as category trees that can process an EKB type to be revoked.
  - 9. An information processing system according to claim 1, wherein in response to an EKB type definition list request issued by an EKB requester or a category entity requesting the key distribution center (KDC) to produce an EKB, the key distribution center (KDC) transmits a newest version of EKB type definition list to the requester of the list.
  - 10. An information processing system according to claim 1, wherein the category entity sends information of a change in a category tree managed by the category entity to the key distribution center (KDC);
    - and in accordance with the tree change notification received from the category entity, the key distribution center (KDC) performs necessary renewal on the EKB type definition list and sends renewal information to the EKB requester and the category entity.

11. An EKB distribution apparatus serving to produce an EKB and being disposed in an information processing system in which a key tree is formed so as to include a subtree serving as a category tree categorized in accordance with a category, the category tree including leaves, a root, and nodes existing in paths from the respective leaves to the root, wherein a plurality of devices are assigned to respective leaves and keys are assigned to the root, the leaves, and the nodes, respectively;
- and an enabling key block (EKB) is provided to a device, wherein the enabling key block (EKB) includes data produced by selecting a path in the key tree and encrypting an upper-level key in the selected path using a lower-level key in the selected path such that the encrypted data can be decrypted only by the device which can use a node key set corresponding to the selected path, wherein the EKB distribution apparatus stores, in storage means, an EKB type definition list representing the correspondence between an EKB type identifier and one or more identification data identifying one or more category trees that can process an EKB of an EKB type identified by the EKB type identifier; and
  
  upon receiving an EKB production request from an EKB requester, extracts one or more category tree identification data corresponding to an EKB type identifier included in the EKB production request from the EKB type definition list, and produces an EKB that can be decrypted in common in one or more category trees identified by the one or more category tree identification data.

12. An EKB requesting apparatus serving as an EKB requester which issues an EKB production request and being disposed in an information processing system in which a key tree is formed so as to include a subtree serving as a category tree categorized in accordance with a category, the category tree including leaves, a root, and nodes existing in paths from the respective leaves to the root, wherein a plurality of devices are assigned to respective leaves and keys are assigned to the root, the leaves, and the nodes, respectively;
- and an enabling key block (EKB) is provided to a device, wherein the enabling key block (EKB) includes data produced by selecting a path in the key tree and encrypting an upper-level key in the selected path using a lower-level key in the selected path such that the encrypted data can be decrypted only by the device which can use a node key set corresponding to the selected path, wherein the EKB requesting apparatus stores, in storage means, an EKB type definition list representing the correspondence between an EKB type identifier and one or more identification data identifying one or more category trees that can process an EKB of an EKB type identified by the EKB type identifier; and
  
  produces EKB production request data including an EKB type identifier in the EKB type definition list and outputs the EKB issue request.

13. A category tree managing apparatus serving to manage a category tree and being disposed in an information processing system in which a key tree is formed so as to include a subtree serving as a category tree categorized in accordance with a category, the category tree including leaves, a root, and nodes existing in paths from the respective leaves to the root, wherein a plurality of devices are assigned to respective leaves and keys are assigned to the root, the leaves, and the nodes, respectively;
- and an enabling key block (EKB) is provided to a device, wherein the enabling key block (EKB) includes data produced by selecting a path in the key tree and encrypting an upper-level key in the selected path using a lower-level key in the selected path such that the encrypted data can be decrypted only by the device which can use a node key set corresponding to the selected path, wherein the category tree managing apparatus produces a sub enabling key block (sub-EKB) functioning as an EKB that can be processed on the basis of a key assigned to a node or leaf belonging to a category tree managed by the category tree managing apparatus and outputs the resultant sub enabling key block (sub-EKB) to a key distribution center (KDC).

14. An information storage medium having an EKB type definition list stored therein, the EKB type definition list being produced such that a key tree is formed so as to include a subtree serving as a category tree categorized in accordance with a category, the category tree including leaves, a root, and nodes existing in paths from the respective leaves to the root, wherein a plurality of devices are assigned to respective leaves and keys are assigned to the root, the leaves, and the nodes, respectively;
- an enabling key block (EKB) is produced so as to include data produced by selecting a path in the key tree and encrypting an upper-level key in the selected path using a lower-level key in the selected path so that the encrypted data can be decrypted only by the device which can use a node key set corresponding to the selected path; and
  
  the EKB type definition list is produced so as to represent the correspondence between an EKB type identifier assigned to the enabling key block (EKB) and identification data identifying a category tree that can process an EKB of an EKB type identified by the EKB type identifier.
- View Dependent Claims (15, 16)
- - 15. An information storage medium according to claim 14, wherein, in the EKB type definition list, the identification data identifying a category tree that can process an EKB is a node ID identifying a node in the category tree.
  - 16. An information storage medium according to claim 14, wherein the EKB type definition list includes a description of a device belonging to a category tree.

17. An information processing method comprising:
- forming a key tree including a subtree serving as a category tree categorized in accordance with a category and managed by a category entity, said category tree including leaves, a root, and nodes existing in paths from the respective leaves to the root, wherein a plurality of devices are assigned to respective leaves and keys are assigned to the root, the leaves, and the nodes, respectively; and
  
  providing an enabling key block (EKB) to a device, wherein the enabling key block (EKB) includes data produced by selecting a path in the key tree and encrypting an upper-level key in the selected path using a lower-level key in the selected path such that the encrypted data can be decrypted only by the device which can use a node key set corresponding to the selected path, wherein the enabling key block (EKB) is produced by a key distribution center (KDC) such that an EKB type definition list representing the correspondence between an EKB type identifier and one or more category tree identification data each identifying a category tree that can process an EKB of an EKB type identified by the EKB type identifier is held in the key distribution center (KDC), one or more category tree identification data corresponding to an EKB type identifier included in an EKB request are extracted from the EKB type definition list, and an EKB is produced which can be decrypted in common in the one or more category trees identified by the extracted one or more category tree identification data.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 18. An information processing method according to claim 17, wherein in the EKB type definition list, the identification data identifying a category tree that can process an EKB is a node ID identifying a node in the category tree.
  - 19. An information processing method according to claim 17, wherein the EKB type definition list includes a description of a device belonging to a category tree.
  - 20. An information processing method according to claim 17, wherein the EKB type definition list can by held or accessed by an EKB requester that requests the key distribution center (KDC) to produce an EKB;
    - and the EKB requester selects an EKB type identifier on the basis of the EKB type definition list and outputs an EKB production request including the selected EKB type identifier to the key distribution center (KDC).
  - 21. An information processing method according to claim 17, wherein the category entity produces a sub enabling key block (sub-EKB) serving as an EKB that can be processed on the basis of one or more keys assigned to nodes or leaves in a category tree managed by the category entity;
    - and on the basis of one or more sub-EKB'"'"'s produced by one or more category entities corresponding to one or more category tree identification data selected on the basis of the EKB type definition list, the key distribution center (KDC) produces an EKB that can be processed in common in one or category trees defined in the EKB type definition lists.
  - 22. An information processing method according to claim 17, wherein the key tree includes a root tree having a multilevel tree structure at the top, a top-level category tree directly connected to the root tree, and a sub-category tree located at a level below the top-level category tree and connected to the top-level category tree;
    - the category entity serves as a manager entity of the top-level category tree and manages the top-level category tree and the sub-category tree located below the top level category tree and connected to the top level category tree;
      
      the category entity produces a sub enabling key bock (sub-EKB) serving as an EKB that can be processed on the basis of one or more keys assigned to nodes or leaves in the top-level category tree and sub-category tree, located below the top-level category tree and connected to the top-level category tree, which are managed by the category entity; and
      
      on the basis of one or more sub-EKB'"'"'s produced by one or more category entities corresponding to one or more category tree identification data selected on the basis of the EKB type definition list, the key distribution center (KDC) produces an EKB that can be processed in common in one or category trees defined in the EKB type definition lists.
  - 23. An information processing method according to claim 17, wherein the key distribution center (KDC) performs registration of a new EKB type identifier in the EKB type definition list, if and only if approval of the registration is obtained from all category entities managing one or more category trees selected as category trees that can process an EKB type to be registered.
  - 24. An information processing method according to claim 17, wherein the key distribution center (KDC) performs revocation of an EKB type identifier registered in the EKB type definition list, if and only if a revocation request is received from at least one of category entities managing one or more category trees selected as category trees that can process an EKB type to be revoked.
  - 25. An information processing method according to claim 17, wherein in response to an EKB type definition list request issued by an EKB requester or a category entity requesting the key distribution center (KDC) to produce an EKB, the key distribution center (KDC) transmits a newest version of EKB type definition list to the requester of the list.
  - 26. An information processing method according to claim 17, wherein the category entity sends information of a change in a category tree managed by the category entity to the key distribution center (KDC);
    - and in accordance with the tree change notification received from the category entity, the key distribution center (KDC) performs necessary renewal on the EKB type definition list and sends renewal information to the EKB requester and the category entity.

27. A program storage medium having a computer program stored therein for causing a computer system to execute information processing in an information processing system in which a key tree is formed so as to include a subtree serving as a category tree categorized in accordance with a category, the category tree including leaves, a root, and nodes existing in paths from the respective leaves to the root, wherein a plurality of devices are assigned to respective leaves and keys are assigned to the root, the leaves, and the nodes, respectively;
- and an enabling key block (EKB) is provided to a device, wherein the enabling key block (EKB) includes data produced by selecting a path in the key tree and encrypting an upper-level key in the selected path using a lower-level key in the selected path such that the encrypted data can be decrypted only by the device which can use a node key set corresponding to the selected path, wherein the computer program comprising the steps of;
  
  on the basis of an EKB type identifier included in an EKB production request, extracting identification data identifying a category tree from an EKB type definition list representing the correspondence between an EKB type identifier and one or more identification data identifying one or more category trees that can process an EKB of an EKB type identified by the EKB type identifier; and
  
  producing an EKB that can be decrypted in common in one or more category trees identified by the extracted identification data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sony Corporation (Sony Group Corp.)
Original Assignee
Sony Corporation (Sony Group Corp.)
Inventors
Asano, Tomoyuki, Oishi, Tateo, Osawa, Yoshitomo, Ishiguro, Ryuji, Taki, Ryuta

Granted Patent

US 6,911,974 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/157
CPC Class Codes

G06F 21/107   License processing; Key pro...

G06F 21/1076   Revocation

G06F 2221/2107   File encryption

G11B 20/00086   Circuits for prevention of ...

G11B 20/0021   involving encryption or dec...

H04L 2209/60   Digital content management,...

H04L 9/0822   using key encryption key

H04L 9/0836   using tree structure or hie...

H04L 9/0891   Revocation or update of sec...

Information processing system and method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

80 Citations

27 Claims

Specification

Use Cases

Quick Links

Others

Information processing system and method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

80 Citations

27 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others