Information processing system and method
First Claim
1. An information processing system, comprising:
- a plurality of category entities;
a key tree including a plurality of leaves, a root, a plurality of nodes existing in paths from the plurality of leaves to the root, and a plurality of sub-trees serving as category trees grouped in accordance with categories and managed by the plurality of category entities;
a plurality of devices assigned to at least some of the leaves;
a plurality of keys assigned to the root, to at least some of the leaves and to at least some of the nodes;
an enabling key block (EKB) including encrypted data, the encrypted data being produced by selecting one of the paths in the key tree and encrypting an upper-level key in the selected path using a lower-level key in the selected path such that the encrypted data can be decrypted only by a selected one of the plurality of devices which can use a node key set corresponding to the selected path, the EKB being provided to the selected device and being capable of being decrypted in common in at least one of the category trees; and
a key distribution center (KDC) adapted to produce and issue the EKB, the KDC having an EKB type definition list representing a correspondence between an EKB type identifier and identification data for identifying at least one of the category trees that can process EKB having a particular EKB type identified by the EKB type identifier;
wherein the KDC is operable to send a notification of a change in state of a selected one of the category trees which is capable of processing the particular EKB to a selected one of the category entities that uses the particular EKB.
1 Assignment
0 Petitions
Accused Products
Abstract
An information processing system and method are disclosed in which information processing is performed in a highly efficient manner using an enabling key block (EKB) on the basis of a tree structure including category subtrees. A key tree is produced so as to include a plurality of subtrees that are grouped in accordance with categories and managed by category entities. An EKB is produced so as to include data produced by selecting a path in the key tree and encrypting an upper-level key in the selected path using a lower-level key in the selected path. The resultant EKB is provided to a device. If a change occurs in state of a category tree capable of processing an EKB identified in the EKB type definition list, a notification of the change in state is sent to an entity that uses the EKB thereby making it possible for an EKB requester to perform processing in accordance with a newest EKB.
-
Citations
15 Claims
-
1. An information processing system, comprising:
-
a plurality of category entities;
a key tree including a plurality of leaves, a root, a plurality of nodes existing in paths from the plurality of leaves to the root, and a plurality of sub-trees serving as category trees grouped in accordance with categories and managed by the plurality of category entities;
a plurality of devices assigned to at least some of the leaves;
a plurality of keys assigned to the root, to at least some of the leaves and to at least some of the nodes;
an enabling key block (EKB) including encrypted data, the encrypted data being produced by selecting one of the paths in the key tree and encrypting an upper-level key in the selected path using a lower-level key in the selected path such that the encrypted data can be decrypted only by a selected one of the plurality of devices which can use a node key set corresponding to the selected path, the EKB being provided to the selected device and being capable of being decrypted in common in at least one of the category trees; and
a key distribution center (KDC) adapted to produce and issue the EKB, the KDC having an EKB type definition list representing a correspondence between an EKB type identifier and identification data for identifying at least one of the category trees that can process EKB having a particular EKB type identified by the EKB type identifier;
wherein the KDC is operable to send a notification of a change in state of a selected one of the category trees which is capable of processing the particular EKB to a selected one of the category entities that uses the particular EKB. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An information processing method for use in a system having a key tree including a plurality of leaves, a root, and a plurality of nodes existing in paths from the plurality of leaves to the root, the method comprising:
-
assigning a plurality of devices to at least some of the leaves;
assigning a plurality of keys to the root, to at least some of the leaves, and to at least some of the nodes;
producing an enabling key block (EKB), the EKB including encrypted data produced by selecting one of the paths in the key tree and encrypting an upper-level key in the selected path using a lower-level key in the selected path such that the encrypted data can be decrypted only by a selected one of the plurality of devices which can use a node key set corresponding to the selected path;
providing the EKB to the selected device;
generating an EKB type definition list representing a correspondence between an EKB type identifier and identification data; and
sending a notification from a key distribution center (KDC) of a change in state of a selected one of a plurality of category trees to an entity that uses the EKB, the selected category tree being capable of processing the EKB based upon the EKB type definition list. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A recording medium recorded with a computer program for executing an information processing method in an information processing system having a key tree that includes a plurality of leaves, a root, and a plurality of nodes existing in paths from the plurality of leaves to the root, the information processing method comprising:
-
receiving state change information indicating a change in state of a category tree from a category entity that manages the category tree;
producing a notification of the change in state in accordance with the state change information received from the category entity; and
sending the notification to an entity that uses an enabling key block (EKB) that is capable of being processed in the category tree.
-
Specification