Secure key management for scalable codestreams

US 20070009103A1
Filed: 07/11/2005
Published: 01/11/2007
Est. Priority Date: 07/11/2005
Status: Active Grant

First Claim

Patent Images

1. A method for securing access to levels within a codestream including a plurality of scalable access types, comprising:

representing a first set of first levels of a fully-ordered access type, in which each lower-ranked first level is always included within each higher-ranked first level, with a fully-ordered node set;

representing a second set of second levels of a partially-ordered access type, in which each lower-ranked second level is not always included within each higher-ranked second level, with a partially-ordered node set;

combining the fully-ordered node set and the partially-ordered node set to create an access node set including a partially-ordered set in which each access node represents a combination of the first levels and the second levels;

generating a key set including a key corresponding with each node in the access node set; and

encrypting the codestream.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Key management is performed to generate a single key allowing of the decoding of all authorized levels of a plurality of access types within a scalable codestream. An access node set is derived from sets representing access types having hierarchies representable by fully ordered sets, such as resolution and layer levels, and hierarchies representable by partially ordered sets, such as tile and precinct levels. The access node set derived is a partially ordered set representing the combinations of levels of the access types included within the codestream. A hierarchical key management system is applied to the access node set to assign a key to each of the access nodes, generate content encryption keys, and encrypt the codestream. A client receiving the codestream, access node set, and other public information uses the key to derive additional keys to decrypt the codestream.

12 Citations

View as Search Results

20 Claims

1. A method for securing access to levels within a codestream including a plurality of scalable access types, comprising:
- representing a first set of first levels of a fully-ordered access type, in which each lower-ranked first level is always included within each higher-ranked first level, with a fully-ordered node set;
  
  representing a second set of second levels of a partially-ordered access type, in which each lower-ranked second level is not always included within each higher-ranked second level, with a partially-ordered node set;
  
  combining the fully-ordered node set and the partially-ordered node set to create an access node set including a partially-ordered set in which each access node represents a combination of the first levels and the second levels;
  
  generating a key set including a key corresponding with each node in the access node set; and
  
  encrypting the codestream.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein at least one of an additional fully-ordered access type and an additional partially-ordered access type is represented with an additional node set and combined with the fully-ordered node set and the partially-ordered node set in creating the access node set.
  - 3. The method of claim 1, further comprising providing access to a desired combination of levels among the plurality of scalable access types by providing the access node set and a desired key from the key set corresponding with a desired access node representing the desired combination of levels.
  - 4. The method of claim 1, wherein the fully-ordered node set and the partially-ordered node set are combined by determining a product of each node.
  - 5. The method of claim 1, wherein the codestream includes a Joint Photographic Experts Group 2000 codestream, and wherein:
    - the fully-ordered access type includes one of;
      
      access by resolution;
      
      access by layer; and
      
      access by color component; and
      
      the partially-ordered access type includes one of;
      
      access by tile; and
      
      access by precinct.
  - 6. The method of claim 1, further comprising:
    - identifying at least one extraneous second level that represents access to noncontiguous data elements; and
      
      removing the extraneous second level such that the access set does not include combinations involving the extraneous second level.
  - 7. The method of claim 1, wherein the keys are generated using a hierarchical key scheme operable for use with a partially ordered set.
  - 8. The method of claim 7, wherein the hierarchical key scheme includes:
    - identifying at least one root node from the access node set, the root node representing a combination of a highest first level access and a highest second level access;
      
      assigning a root key to the root node;
      
      identifying access nodes other than the at least one root node as child nodes;
      
      identifying at least one parent node for each of a plurality of child nodes, the parent node representing a combination of levels for which one of either the first level and the second level includes a next higher-ranked level than in a combination of levels associated with the child node; and
      
      for each of the child nodes, calculating a child key from at least one parent key of the at least one parent node of the child node.
  - 9. The method of claim 8, wherein the root key includes a random number assigned to the root node, further comprising:
    - associating a random number with each of the child nodes; and
      
      for each of the child nodes, calculating the child key using a Group Diffie Hellman protocol using the random number associated with the child node and the at least one parent key of the at least one parent node of the child node.
  - 10. The method of claim 1, further comprising:
    - generating content encryption keys for each of a plurality of packets including data involved in presenting content specified by the combination of the first levels and the second levels associated with a corresponding access node by hashing the key associated with the corresponding access node using a cryptographic hash function; and
      
      encrypting the codestream with the content encryption keys.
  - 11. A computer-medium having computer-useable instructions embodied thereon for executing the method of claim 1.

12. A method for accessing levels within a codestream including a plurality of scalable access types, comprising:
- identifying a first desired level of access among a set of first levels of a fully-ordered access type, in which each lower-ranked first level is always included within each higher-ranked first level;
  
  identifying a second desired level of access among a second set of second levels of a partially-ordered access type, in which each lower-ranked second level is not always included within each higher-ranked second level;
  
  securing authorization to access the codestream at a desired level combination including the first desired level and the second desired level;
  
  receiving an access node set including a partially-ordered set of access nodes representing a combination of a fully-ordered node set representing the fully-ordered access type and a partially ordered node set representing the partially-ordered access type; and
  
  receiving a single key allowing access to the codestream at the desired level combination and, by using the access node set, access at least one lower combination including at least one of a lower-ranked first level and a lower-ranked second level.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The method of claim 12, further comprising deriving a plurality of additional keys providing access to the desired level combination and the at least one lower combination from the access node set and the single key.
  - 14. The method of claim 13, wherein the plurality of keys is derived from the access node set and the single key using a Group Diffie Hellman protocol.
  - 15. The method of claim 13, further comprising applying a hash function to at least one of the single key and the plurality of keys to derive content encryption keys for each of a plurality of packets including data involved in presenting content at one of the desired level combination and the at least one lower combination.
  - 16. The method of claim 12, wherein the codestream includes a Joint Photographic Experts Group 2000 codestream, and wherein:
    - the fully-ordered access type includes one of;
      
      access by resolution;
      
      access by layer; and
      
      access by color component; and
      
      the partially-ordered access type includes one of;
      
      access by tile; and
      
      access by precinct.
  - 17. A computer-medium having computer-useable instructions embodied thereon for executing the method of claim 12.

18. A system for controlling access to levels within a codestream including a plurality of scalable access types, the system comprising:
- a server comprising one or more computers programmed to perform actions including;
  
  maintaining an access node set including a plurality of access nodes each representing a member of a partially ordered of set of combinations of levels to a plurality of scalable access types;
  
  maintaining a key for each of the plurality of access nodes, each key permitting access to a combination of levels associated with an access node and any combination of levels including at least one lower-ranked level;
  
  receiving an authorization request for a desired level combination indicating a desired access level for each of the plurality of scalable access types;
  
  identifying set a desired access node for the desired level combination and retrieving a desired key for with the desired access node; and
  
  communicating the access node set and the desired key; and
  
  a client comprising one or more computers programmed to perform actions including;
  
  selecting the desired level combination;
  
  receiving the access node set and the desired key; and
  
  using the desired key access to the codestream at the desired level combination and, by using the access node set and the desired key, deriving at least one additional key providing access to a combination of levels including at least one lower-ranked level.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, wherein the server is further programmed to generate the key for each of the plurality of access nodes including:
    - identifying a root node from the access node set, the root node representing a combination of highest levels for the plurality of scalable access types;
      
      assigning a root key to the root node;
      
      identifying access nodes other than the root node as child nodes;
      
      identifying at least one parent node for each of a plurality of child nodes, the parent node representing a combination of levels for which one of the combination of levels is a next higher-ranked level than for the child node; and
      
      for each of the child nodes, calculating a child key from at least one parent key of the at least one parent node of the child node.
  - 20. The system of claim 19, wherein the server is further programmed to generate the key for each of the plurality of access nodes, including:
    - associating a random number with each of the child nodes; and
      
      for each of the child nodes, calculating the child key using a group Diffie Hellman protocol using the random number associated with the child node and the at least one parent key of the at least one parent node of the child node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Zhu, Bin, Li, Shipeng, Feng, Min

Granted Patent

US 7,644,445 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/270
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 9/0836   using tree structure or hie...

H04L 9/0841   involving Diffie-Hellman or...

Secure key management for scalable codestreams

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

12 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Secure key management for scalable codestreams

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others