Method for broadcast encryption and key revocation of stateless receivers
First Claim
Patent Images
1. A method for broadcast encryption, comprising:
- assigning each user in a group of users respective private information Iu;
selecting at least one session encryption key K;
partitioning users not in a revoked set R into disjoint subsets Sil, . . . Sim having associated subset keys Lil, . . . Lim; and
encrypting the session key K with the subset keys Lil, . . . ,Lim to render m encrypted versions of the session key K.
1 Assignment
0 Petitions
Accused Products
Abstract
A tree is used to partition stateless receivers in a broadcast content encryption system into subsets. Two different methods of partitioning are disclosed. When a set of revoked receivers is identified, the revoked receivers define a relatively small cover of the non-revoked receivers by disjoint subsets. Subset keys associated with the subsets are then used to encrypt a session key that in turn is used to encrypt the broadcast content. Only non-revoked receivers can decrypt the session key and, hence, the content.
-
Citations
98 Claims
-
1. A method for broadcast encryption, comprising:
-
assigning each user in a group of users respective private information Iu;
selecting at least one session encryption key K;
partitioning users not in a revoked set R into disjoint subsets Sil, . . . Sim having associated subset keys Lil, . . . Lim; and
encrypting the session key K with the subset keys Lil, . . . ,Lim to render m encrypted versions of the session key K. - View Dependent Claims (2, 3, 4, 5, 6, 8, 10, 11, 19, 60)
-
-
7. (canceled)
-
9. (canceled)
-
12-18. -18. (canceled)
-
20. (canceled)
-
21. A computer program device, comprising:
-
a computer program storage device including a program of instructions usable by a computer, comprising;
logic means for accessing a tree to identify plural subset keys;
logic means for encrypting a message with a session key;
logic means for encrypting the session key at least once with each of the subset keys to render encrypted versions of the session key; and
logic means for sending the encrypted versions of the session key in a header of the message to plural stateless receivers. - View Dependent Claims (22, 23, 24, 25, 26, 28, 30, 31, 39)
-
-
27. (canceled)
-
29. (canceled)
-
32-38. -38. (canceled)
-
40. (canceled)
-
41. A computer programmed with instructions to cause the computer to execute method acts including:
-
encrypting broadcast content; and
sending the broadcast content to plural stateless receivers and to at least one revoked receiver such that each stateless receiver can decrypt the content and the revoked receiver cannot decrypt the content. - View Dependent Claims (42, 43, 46, 48, 50, 51, 52, 53, 54, 55, 56, 57, 95, 96, 98)
-
- 44. The computer of claim 43, wherein the tree is a complete binary tree.
-
44-1. (canceled)
-
47. (canceled)
-
49. (canceled)
-
58-59. -59. (canceled)
-
61. A method for broadcast encryption, comprising:
-
assigning each user in a group of users respective private information Iu;
selecting at least one session encryption key K;
partitioning all users into groups Sl, . . . ,Sw, wherein “
w”
is an integer, and the groups establish subtrees in a tree;
partitioning users not in a revoked set R into disjoint subsets Sil, . . . Sim having associated subset keys Lil, . . . Lim; and
encrypting the session key K with the subset keys Lil, . . . ,Lim to render m encrypted versions of the session key K, wherein the tree includes a root and plural nodes, each node having at least one associated label, and wherein each subset includes all leaves in a subtree rooted at some node vi that are not in the subtree rooted at some other node vj that descends from vi.
-
-
62. A potentially stateless receiver in a multicast system, comprising:
at least one data storage device storing plural labels of nodes that are not in a direct path between the receiver and a root of a tree having a leaf representing the receiver, but that hang off the direct path and that are induced by some node vi, an ancestor of the leaf representing the receiver, the labels establishing private information Iu of the receiver usable by the receiver to decrypt subset keys derived from the labels. - View Dependent Claims (63, 64)
-
65. A receiver of content, comprising:
-
means for storing respective private information Iu;
means for receiving at least one session encryption key K encrypted with plural subset keys, the session key encrypting content; and
means for obtaining at least one subset key using the private information such that the session key K can be decrypted to play the content. - View Dependent Claims (66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 97)
-
-
77. A receiver of content, comprising:
-
a data storage storing respective private information Iu;
a processing device receiving at least one session encryption key K encrypted with plural subset keys, the session key encrypting content, the processing device obtaining at least one subset key using the private information such that the session key K can be decrypted to play the content. - View Dependent Claims (78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88)
-
-
89. A medium holding a message of content of the general form <
- [i1, i2, . . . ,im, ELi1(K), ELi2(K), . . . ,ELim(K)], FK(M)>
, wherein K is a session key, FK is an encryption primitive, EK is an encryption primitive, Li are subset keys associated with subsets of receivers in an encryption broadcast system, M is a message body, and i1, i2, . . . ,im are tree node subsets defining a cover. - View Dependent Claims (90, 91, 92, 93, 94)
- [i1, i2, . . . ,im, ELi1(K), ELi2(K), . . . ,ELim(K)], FK(M)>
Specification