Information processing system and method
First Claim
1. An information processing system in which a key tree is formed so as to include leaves, a root, and nodes existing in paths from the respective leaves to the root, wherein a plurality of devices are assigned to respective leaves and keys are assigned to the root, the leaves, and the nodes, respectively;
- and an enabling key block (EKB) is provided to a device, wherein the enabling key block (EKB) includes data produced by selecting a path in the key tree and encrypting an upper-level key in the selected path using a lower-level key in the selected path such that the encrypted data can be decrypted only by the device which can use a node key set corresponding to the selected path, wherein the key tree includes a plurality of subtrees serving as category trees that are grouped in accordance with categories and managed by category entities; and
the enabling key block (EKB) is produced by a key distribution center (KDC) such that an EKB type definition list representing the correspondence between an EKB type identifier and one or more category tree identification data each identifying a category tree that can process an EKB of an EKB type identified by the EKB type identifier is held in the key distribution center (KDC), one or more category tree identification data corresponding to an EKB type identifier included in an EKB request are extracted from the EKB type definition list, and an EKB is produced which can be decrypted in common in the one or more category trees identified by the extracted one or more category tree identification data.
1 Assignment
0 Petitions
Accused Products
Abstract
An information processing system and method are disclosed in which information processing is performed in a highly efficient manner using an enabling key block (EKB) on the basis of a tree structure including category subtrees. A key tree is formed so as to include a plurality of subtrees serving as category trees categorized in accordance with categories and managed by category entities. An EKB including data produced by selecting a path in a tree and encrypting a higher-level key in the selected path using a lower-level key in the selected path. The resultant EKB is provided to a device. Distribution of EKB'"'"'s is managed on the basis of an EKB type definition list representing the correspondence between an EKB type identifier and one or more identification data identifying one or more category trees that can process an EKB of an EKB type specified by the EKB type identifier.
80 Citations
27 Claims
-
1. An information processing system in which a key tree is formed so as to include leaves, a root, and nodes existing in paths from the respective leaves to the root, wherein a plurality of devices are assigned to respective leaves and keys are assigned to the root, the leaves, and the nodes, respectively;
- and an enabling key block (EKB) is provided to a device, wherein the enabling key block (EKB) includes data produced by selecting a path in the key tree and encrypting an upper-level key in the selected path using a lower-level key in the selected path such that the encrypted data can be decrypted only by the device which can use a node key set corresponding to the selected path,
wherein the key tree includes a plurality of subtrees serving as category trees that are grouped in accordance with categories and managed by category entities; and
the enabling key block (EKB) is produced by a key distribution center (KDC) such that an EKB type definition list representing the correspondence between an EKB type identifier and one or more category tree identification data each identifying a category tree that can process an EKB of an EKB type identified by the EKB type identifier is held in the key distribution center (KDC), one or more category tree identification data corresponding to an EKB type identifier included in an EKB request are extracted from the EKB type definition list, and an EKB is produced which can be decrypted in common in the one or more category trees identified by the extracted one or more category tree identification data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- and an enabling key block (EKB) is provided to a device, wherein the enabling key block (EKB) includes data produced by selecting a path in the key tree and encrypting an upper-level key in the selected path using a lower-level key in the selected path such that the encrypted data can be decrypted only by the device which can use a node key set corresponding to the selected path,
-
11. An EKB distribution apparatus serving to produce an EKB and being disposed in an information processing system in which a key tree is formed so as to include a subtree serving as a category tree categorized in accordance with a category, the category tree including leaves, a root, and nodes existing in paths from the respective leaves to the root, wherein a plurality of devices are assigned to respective leaves and keys are assigned to the root, the leaves, and the nodes, respectively;
- and an enabling key block (EKB) is provided to a device, wherein the enabling key block (EKB) includes data produced by selecting a path in the key tree and encrypting an upper-level key in the selected path using a lower-level key in the selected path such that the encrypted data can be decrypted only by the device which can use a node key set corresponding to the selected path,
wherein the EKB distribution apparatus stores, in storage means, an EKB type definition list representing the correspondence between an EKB type identifier and one or more identification data identifying one or more category trees that can process an EKB of an EKB type identified by the EKB type identifier; and
upon receiving an EKB production request from an EKB requester, extracts one or more category tree identification data corresponding to an EKB type identifier included in the EKB production request from the EKB type definition list, and produces an EKB that can be decrypted in common in one or more category trees identified by the one or more category tree identification data.
- and an enabling key block (EKB) is provided to a device, wherein the enabling key block (EKB) includes data produced by selecting a path in the key tree and encrypting an upper-level key in the selected path using a lower-level key in the selected path such that the encrypted data can be decrypted only by the device which can use a node key set corresponding to the selected path,
-
12. An EKB requesting apparatus serving as an EKB requester which issues an EKB production request and being disposed in an information processing system in which a key tree is formed so as to include a subtree serving as a category tree categorized in accordance with a category, the category tree including leaves, a root, and nodes existing in paths from the respective leaves to the root, wherein a plurality of devices are assigned to respective leaves and keys are assigned to the root, the leaves, and the nodes, respectively;
- and an enabling key block (EKB) is provided to a device, wherein the enabling key block (EKB) includes data produced by selecting a path in the key tree and encrypting an upper-level key in the selected path using a lower-level key in the selected path such that the encrypted data can be decrypted only by the device which can use a node key set corresponding to the selected path,
wherein the EKB requesting apparatus stores, in storage means, an EKB type definition list representing the correspondence between an EKB type identifier and one or more identification data identifying one or more category trees that can process an EKB of an EKB type identified by the EKB type identifier; and
produces EKB production request data including an EKB type identifier in the EKB type definition list and outputs the EKB issue request.
- and an enabling key block (EKB) is provided to a device, wherein the enabling key block (EKB) includes data produced by selecting a path in the key tree and encrypting an upper-level key in the selected path using a lower-level key in the selected path such that the encrypted data can be decrypted only by the device which can use a node key set corresponding to the selected path,
-
13. A category tree managing apparatus serving to manage a category tree and being disposed in an information processing system in which a key tree is formed so as to include a subtree serving as a category tree categorized in accordance with a category, the category tree including leaves, a root, and nodes existing in paths from the respective leaves to the root, wherein a plurality of devices are assigned to respective leaves and keys are assigned to the root, the leaves, and the nodes, respectively;
- and an enabling key block (EKB) is provided to a device, wherein the enabling key block (EKB) includes data produced by selecting a path in the key tree and encrypting an upper-level key in the selected path using a lower-level key in the selected path such that the encrypted data can be decrypted only by the device which can use a node key set corresponding to the selected path,
wherein the category tree managing apparatus produces a sub enabling key block (sub-EKB) functioning as an EKB that can be processed on the basis of a key assigned to a node or leaf belonging to a category tree managed by the category tree managing apparatus and outputs the resultant sub enabling key block (sub-EKB) to a key distribution center (KDC).
- and an enabling key block (EKB) is provided to a device, wherein the enabling key block (EKB) includes data produced by selecting a path in the key tree and encrypting an upper-level key in the selected path using a lower-level key in the selected path such that the encrypted data can be decrypted only by the device which can use a node key set corresponding to the selected path,
-
14. An information storage medium having an EKB type definition list stored therein, the EKB type definition list being produced such that a key tree is formed so as to include a subtree serving as a category tree categorized in accordance with a category, the category tree including leaves, a root, and nodes existing in paths from the respective leaves to the root, wherein a plurality of devices are assigned to respective leaves and keys are assigned to the root, the leaves, and the nodes, respectively;
- an enabling key block (EKB) is produced so as to include data produced by selecting a path in the key tree and encrypting an upper-level key in the selected path using a lower-level key in the selected path so that the encrypted data can be decrypted only by the device which can use a node key set corresponding to the selected path; and
the EKB type definition list is produced so as to represent the correspondence between an EKB type identifier assigned to the enabling key block (EKB) and identification data identifying a category tree that can process an EKB of an EKB type identified by the EKB type identifier. - View Dependent Claims (15, 16)
- an enabling key block (EKB) is produced so as to include data produced by selecting a path in the key tree and encrypting an upper-level key in the selected path using a lower-level key in the selected path so that the encrypted data can be decrypted only by the device which can use a node key set corresponding to the selected path; and
-
17. An information processing method comprising:
-
forming a key tree including a subtree serving as a category tree categorized in accordance with a category and managed by a category entity, said category tree including leaves, a root, and nodes existing in paths from the respective leaves to the root, wherein a plurality of devices are assigned to respective leaves and keys are assigned to the root, the leaves, and the nodes, respectively; and
providing an enabling key block (EKB) to a device, wherein the enabling key block (EKB) includes data produced by selecting a path in the key tree and encrypting an upper-level key in the selected path using a lower-level key in the selected path such that the encrypted data can be decrypted only by the device which can use a node key set corresponding to the selected path,wherein the enabling key block (EKB) is produced by a key distribution center (KDC) such that an EKB type definition list representing the correspondence between an EKB type identifier and one or more category tree identification data each identifying a category tree that can process an EKB of an EKB type identified by the EKB type identifier is held in the key distribution center (KDC), one or more category tree identification data corresponding to an EKB type identifier included in an EKB request are extracted from the EKB type definition list, and an EKB is produced which can be decrypted in common in the one or more category trees identified by the extracted one or more category tree identification data. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A program storage medium having a computer program stored therein for causing a computer system to execute information processing in an information processing system in which a key tree is formed so as to include a subtree serving as a category tree categorized in accordance with a category, the category tree including leaves, a root, and nodes existing in paths from the respective leaves to the root, wherein a plurality of devices are assigned to respective leaves and keys are assigned to the root, the leaves, and the nodes, respectively;
- and an enabling key block (EKB) is provided to a device, wherein the enabling key block (EKB) includes data produced by selecting a path in the key tree and encrypting an upper-level key in the selected path using a lower-level key in the selected path such that the encrypted data can be decrypted only by the device which can use a node key set corresponding to the selected path, wherein the computer program comprising the steps of;
on the basis of an EKB type identifier included in an EKB production request, extracting identification data identifying a category tree from an EKB type definition list representing the correspondence between an EKB type identifier and one or more identification data identifying one or more category trees that can process an EKB of an EKB type identified by the EKB type identifier; and
producing an EKB that can be decrypted in common in one or more category trees identified by the extracted identification data.
- and an enabling key block (EKB) is provided to a device, wherein the enabling key block (EKB) includes data produced by selecting a path in the key tree and encrypting an upper-level key in the selected path using a lower-level key in the selected path such that the encrypted data can be decrypted only by the device which can use a node key set corresponding to the selected path, wherein the computer program comprising the steps of;
Specification