Key management system and playback apparatus
First Claim
1. A key management apparatus for generating key information in association with a tree structure which has at least one root node and in which plural nodes are assigned under a node as leaves, comprising;
- a composite number operating unit which calculates a composite number which is a product of more than one arbitrary prime numbers;
a first confidential information storage unit which stores an arbitrary natural number which is smaller than the composite number and is relatively prime to the composite number, as first confidential information, in association with the root node;
a public information storage unit which stores natural numbers, which are relatively prime to each other in a subset expressed by a combination of plural child nodes of an arbitrary node in the tree structure, as public information in association with the subset;
a first master key operating unit which calculates master keys corresponding to the child nodes of the root node based on the first confidential information assigned to the root node and the public information;
a first master key storage unit which stores the master keys in association with the corresponding child nodes;
a second confidential information operating unit which calculates, for each node, second confidential information, by a bijective function based on the master keys set to parent node having the node as the child node and the composite number;
a second confidential information storage unit which stores the second confidential information in association with the corresponding arbitrary node;
a second master key operating unit which calculates the master keys corresponding to the child nodes of each of the nodes based on the second confidential information assigned to each of the nodes and the public information;
a second master key storage unit which stores the master keys in association with the corresponding child nodes;
an encryption/decryption key operating unit which calculates encryption/decryption keys, for the subset, based on the first confidential information or the second confidential information assigned to the node and the public information; and
an encryption/decryption key storage unit which stores the encryption/decryption keys in association with the nodes.
1 Assignment
0 Petitions
Accused Products
Abstract
The Information providing system includes a key management center, information transmitter and information receiver. The key management center assigns, to the receivers, confidential information and public information for decrypting the encrypted information transmitted by the information transmitter. The key management center determines the set of the receivers for which decryption of the encrypted information is not permitted, generates key information that can be decrypted only by the receivers other than the set, and transmits the key information with the information encryption key for encrypting the transmission information to the information receivers. The information transmitter encrypts the transmission information with the information encryption key of the transmission information to produce the encrypted information, and transmits it to the information receivers with the key information.
25 Citations
8 Claims
-
1. A key management apparatus for generating key information in association with a tree structure which has at least one root node and in which plural nodes are assigned under a node as leaves, comprising;
-
a composite number operating unit which calculates a composite number which is a product of more than one arbitrary prime numbers;
a first confidential information storage unit which stores an arbitrary natural number which is smaller than the composite number and is relatively prime to the composite number, as first confidential information, in association with the root node;
a public information storage unit which stores natural numbers, which are relatively prime to each other in a subset expressed by a combination of plural child nodes of an arbitrary node in the tree structure, as public information in association with the subset;
a first master key operating unit which calculates master keys corresponding to the child nodes of the root node based on the first confidential information assigned to the root node and the public information;
a first master key storage unit which stores the master keys in association with the corresponding child nodes;
a second confidential information operating unit which calculates, for each node, second confidential information, by a bijective function based on the master keys set to parent node having the node as the child node and the composite number;
a second confidential information storage unit which stores the second confidential information in association with the corresponding arbitrary node;
a second master key operating unit which calculates the master keys corresponding to the child nodes of each of the nodes based on the second confidential information assigned to each of the nodes and the public information;
a second master key storage unit which stores the master keys in association with the corresponding child nodes;
an encryption/decryption key operating unit which calculates encryption/decryption keys, for the subset, based on the first confidential information or the second confidential information assigned to the node and the public information; and
an encryption/decryption key storage unit which stores the encryption/decryption keys in association with the nodes.
-
-
2. A playback apparatus comprising:
-
a unit which obtains a composite number generated by a key management apparatus, public information, and confidential information assigned to leaves corresponding to playback apparatuses;
a unit which obtains key information generated by the key management apparatus;
a unit which obtains encrypted contents encrypted with an encryption key generated by the key management apparatus;
a unit which determines whether or not a subset to which the playback apparatus itself belongs, exists from the key information;
a third master key operating unit which calculates master keys corresponding to nodes existing on a path from the leaf to a root node by a bijective function, based on the confidential information assigned to the leaf corresponding to the playback apparatus, the composite number and the public information;
a second master key storage unit which stores the master keys in association with the corresponding leaves;
a decryption key operating unit which calculates decryption key, for the subset to which the playback apparatus belongs, based on the master keys, the composite number and the public information;
a unit which decrypts the encrypted contents with the decryption key; and
a unit which plays decrypted contents.
-
-
3. A recording medium carrying:
- key information encrypted with encryption key generated by a key management unit;
and encrypted contents encrypted by the key information, wherein the key management unit comprises;
a composite number operating unit which calculates a composite number which is a product of more than one arbitrary prime numbers;
a first confidential information storage unit which stores an arbitrary natural number which is smaller than the composite number and is relatively prime to the synthesizing number, as first confidential information, in association with the root node;
a public information storage unit which stores natural numbers, which are relatively prime to each other in a subset expressed by a combination of plural child nodes of an arbitrary node in the tree structure, as public information in association with the subset;
a first master key operating unit which calculates master keys corresponding to the child nodes of the root node based on the first confidential information assigned to the root node and the public information;
a first master key storage unit which stores the master keys in association with the corresponding child nodes;
a second confidential information operating unit which calculates, for each node, second confidential information by a bijective function based on the master key assigned to parent node having the node as the child node and the composite number;
a second confidential information storage unit which stores the second confidential information in association with the corresponding arbitrary node;
a second master key operating unit which calculates the master keys corresponding to the child nodes of each of the nodes based on the second confidential information assigned to each of the nodes and the public information;
a second master key storage unit which stores the master keys in association with the corresponding child nodes;
an encryption/decryption key operating unit which calculates encryption/decryption keys, for the subset, based on the first confidential information or the second confidential information assigned to the node and the public information; and
an encryption/decryption key storage unit which stores the encryption/decryption keys in association with the nodes.
- key information encrypted with encryption key generated by a key management unit;
-
4. A key management system comprising a key management apparatus, a recording apparatus and a playback apparatus,
wherein the key management apparatus comprises: -
a composite number operating unit which calculates a composite number which is a product of more than one arbitrary prime numbers;
a first confidential information storage unit which stores an arbitrary natural number which is smaller than the composite number and is relatively prime to the composite number, as first confidential information, in association with the root node;
a public information storage unit which stores natural numbers, which are prime relative to each other in a subset expressed by a combination of plural child nodes of an arbitrary node in the tree structure, as public information in association with the subset;
a first master key operating unit which calculates master keys corresponding to the child nodes of the root node based on the first confidential information assigned to the root node and the public information;
a first master key storage unit which stores the master keys in association with the corresponding child nodes;
a second confidential information operating unit which calculates, for each node, second confidential information, by a bijective function based on the master key assigned to parent nodes having the node as the child node and the composite number, a second confidential information storage unit which stores the second confidential information in association with the corresponding arbitrary node;
a second master key operating unit which calculates the master keys corresponding to the child nodes of each of the nodes based on the second confidential information assigned to each of the nodes and the public information;
a second master key storage unit which stores the master keys in association with the corresponding child nodes;
an encryption/decryption key operating unit which calculates encryption/decryption keys, for the subset, based on the first confidential information or the second confidential information assigned to the node and the public information;
an encryption/decryption key storage unit which stores the encryption/decryption keys in association with the nodes;
a unit which supplies the key information and the encryption key to the recording apparatus; and
a unit which supplies the public information and the confidential information to the playback apparatus, wherein the recording apparatus comprises;
a unit which obtains the encryption key generated by the key management apparatus;
a unit which generates encrypted contents by encrypting contents with the encryption key; and
a unit which records the encrypted contents on a recording medium, wherein the playback apparatus comprising;
a unit which obtains the composite number, the public information and confidential information assigned to the leaf corresponding to the playback apparatus from the key management apparatus;
a unit which obtains the key information generated by the key management apparatus and the encrypted contents from the recording medium;
a unit which determines whether or not a subset to which the playback apparatus itself belongs, exists from the key information;
a third master key operating unit which calculates master keys corresponding to nodes existing on a path from the leaf to a root node by a bijective function, based on the confidential information assigned to the leaf corresponding to the playback apparatus, the composite number and the public information;
a second master key storage unit which stores the master keys in association with the corresponding leaves;
a decryption key operating unit which calculates decryption key, for the subset to which the playback apparatus belongs, based on the master keys, the composite number and the public information;
a unit which decrypts the encrypted contents with the decryption key; and
a unit which plays decrypted contents.
-
-
5. A key management method for generating key information in association with a tree structure which has at least one root node and in which plural nodes are assigned under the node as leaves, comprising:
-
a composite number operating process which calculates a composite number which is a product of more than one arbitrary prime numbers;
a first confidential information storage process which stores an arbitrary natural number which is smaller than the composite number and is relatively prime to the composite number, as first confidential information, in association with the root node;
a public information storage process which stores natural numbers, which are relatively prime to each other in a subset expressed by a combination of plural child nodes of an arbitrary node in the tree structure, as public information in association with the subset;
a first master key operating process which calculates master keys corresponding to the child nodes of the root node based on the first confidential information assigned to the root node and the public information;
a first master key storage process which stores the master keys in association with the corresponding child nodes;
a second confidential information operating process which calculates, for each node, second confidential information, by a bijective function based on the master key assigned to parent node having the node as the child node and the composite number;
a second confidential information storage process which stores the second confidential information in association with the corresponding arbitrary node;
a second master key operating process which calculates the master keys corresponding to the child nodes of each of the nodes based on the second confidential information assigned to each of the nodes and the public information;
a second master key storage process which stores the master keys in association with the corresponding child nodes;
an encryption/decryption key operating process which calculates encryption/decryption keys, for the subset, based on the first confidential information or the second confidential information set to the node and the public information; and
an encryption/decryption key storage process which stores the encryption/decryption keys in association with the nodes.
-
-
6. A key management program product executed on a computer, the program product allows the computer to function as a key management apparatus for generating key information in association with a tree structure which has at least one root node and in which plural nodes are assigned under the node as leaves, the key management apparatus comprising:
-
a composite number operating unit which calculates a composite number which is a product of more than one arbitrary prime numbers;
a first confidential information storage unit which stores an arbitrary natural number which is smaller than the composite number and is relatively prime to the composite number, as first confidential information, in association with the root node;
a public information storage unit which stores natural numbers, which are relatively prime to each other in a subset expressed by a combination of plural child nodes of an arbitrary node in the tree structure, as public information in association with the subset;
a first master key operating unit which calculates master keys corresponding to the child nodes of the root node based on the first confidential information assigned to the root node and the public information;
a first master key storage unit which stores the master keys in association with the corresponding child nodes;
a second confidential information operating unit which calculates, for each node, second confidential information, by a bijective function based on the master key assigned to parent node having the node as the child node and the composite number;
a second confidential information storage unit which stores the second confidential information in association with the corresponding arbitrary node;
a second master key operating unit which calculates the master keys corresponding to the child nodes of each of the nodes based on the second confidential information assigned to each of the nodes and the public information;
a second master key storage unit which stores the master keys in association with the corresponding child nodes;
an encryption/decryption key operating unit which calculates encryption/decryption keys, for the subset, based on the first confidential information or the second confidential information assigned to the node and the public information; and
an encryption/decryption key storage unit which stores the encryption/decryption keys in association with the nodes.
-
-
7. A playback apparatus method comprising:
-
a process which obtains a composite number generated by a key management apparatus, public information, and confidential information assigned to leaves corresponding to playback apparatuses;
a process which obtains key information generated by the key management apparatus;
a process which obtains encrypted contents encrypted with an encryption key generated by the key management apparatus;
a process which determines whether or not a subset to which the playback apparatus itself belongs, exists from the key information;
a third master key operating process which calculates master keys corresponding to nodes existing on a path from the leaves to a root node by a bijective function, based on the confidential information assigned to the leaf corresponding to the playback apparatus, the composite number and the public information;
a second master key storage process which stores the master keys in association with the corresponding leaves;
a decryption key operating process which calculates decryption key, for the subset to which the playback apparatus belongs, based on the master keys, the composite number and the public information;
a process which decrypts the encrypted contents with the decryption key; and
a process which plays decrypted contents.
-
-
8. A playback program product executed on a computer, the program product allows the computer to function as a playback apparatus comprising:
-
a unit which obtains a composite number generated by a key management apparatus, public information, and confidential information assigned to leaves corresponding to playback apparatuses;
a unit which obtains key information generated by the key management apparatus;
a unit which obtains encrypted contents encrypted with an encryption key generated by the key management apparatus;
a unit which determines whether or not a subset to which the playback apparatus itself belongs exists from the key information;
a third master key operating unit which calculates master keys corresponding to nodes existing on a path from the leaves to a root node by a bijective function, based on the confidential information assigned to the leaf corresponding to the playback apparatus, the composite number and the public information;
a second master key storage unit which stores the master keys in association with the corresponding leaves;
a decryption key operating unit which calculates decryption key, for the subset to which the playback apparatus belongs, based on the master keys, the composite number and the public information;
a unit which decrypts the encrypted contents with the decryption key; and
a unit which plays decrypted contents.
-
Specification