METHOD FOR GENERATING DECRYPTION KEY, APPARATUS AND METHOD USING DECRYPTION KEY
First Claim
1. A decryption key generation method including:
- dividing a group of a plurality of user identification information items for individually identifying a plurality of user systems into a plurality of subgroups;
assigning the subgroups to a plurality of different leaves on a tree structure respectively, the tree structure including a root node, one or a plurality of nodes and the leaves;
assigning different individual key generation polynomials to all or some of the root, the nodes, and the leaves on the tree structure respectively;
assigning each subgroup one of the individual key generation polynomials which corresponds to one of leaves assigned to the each subgroup or an ancestor node of the one of the leaves; and
substituting each user identification information item in the each subgroup into the one of the individual key generation polynomial assigned to the each subgroup and a common key generation polynomial common to the root, the nodes, and the leaves, to obtain a decryption key unique to each user system which corresponds to the each user identification information item, wherein at least one of linear sums of coefficients with the same degree of the one of the individual key generation polynomial and the common key generation polynomial differs for each of the root, the nodes, and the leaves on the tree structure, and the linear sums of other coefficients with the same degrees are constant.
1 Assignment
0 Petitions
Accused Products
Abstract
A decryption key unique to each user system is a value obtained by (a)assigning different individual key generation polynomials to a root, a plurality of nodes, and a plurality of leaves of a tree structure, respectively, (b) assigning the different leaves on the tree structure a plurality of subgroups obtained by dividing a group of a plurality of user identification information items which are for individually identifying the user systems, and (c) substituting the user identification information item of the each user system into one of the individual key generation polynomials which corresponds to one of leaves assigned to one of the subgroups to which the user identification information item corresponding to the each user system belongs or an ancestor node of the one of the leaves and a common key generation polynomial common to the root, the nodes, and the leaves.
-
Citations
31 Claims
-
1. A decryption key generation method including:
-
dividing a group of a plurality of user identification information items for individually identifying a plurality of user systems into a plurality of subgroups;
assigning the subgroups to a plurality of different leaves on a tree structure respectively, the tree structure including a root node, one or a plurality of nodes and the leaves;
assigning different individual key generation polynomials to all or some of the root, the nodes, and the leaves on the tree structure respectively;
assigning each subgroup one of the individual key generation polynomials which corresponds to one of leaves assigned to the each subgroup or an ancestor node of the one of the leaves; and
substituting each user identification information item in the each subgroup into the one of the individual key generation polynomial assigned to the each subgroup and a common key generation polynomial common to the root, the nodes, and the leaves, to obtain a decryption key unique to each user system which corresponds to the each user identification information item, wherein at least one of linear sums of coefficients with the same degree of the one of the individual key generation polynomial and the common key generation polynomial differs for each of the root, the nodes, and the leaves on the tree structure, and the linear sums of other coefficients with the same degrees are constant. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A content distribution system which distributes an encrypted content and header information to a plurality of user systems, comprising:
-
a first encryption unit configured to encrypt a content such that the content is adapted to be decrypted with a session key, to obtain the encrypted content;
a second encryption unit configured to encrypt the session key with a public key corresponding to a plurality of decryption keys respectively assigned to the user systems, to obtain an encrypted session key;
a generation unit configured to generate the header information which includes the encrypted session key and allows the encrypted session key to be decrypted by using a decryption key unique to each user system which is permitted to decrypt the encrypted session key; and
a transmission unit configured to transmit the encrypted content and the header information to each user system;
wherein the decryption key unique to each user system is a value obtained by (a)assigning different individual key generation polynomials to a root, a plurality of nodes, and a plurality of leaves of a tree structure, respectively, (b) assigning the different leaves on the tree structure a plurality of subgroups obtained by dividing a group of a plurality of user identification information items which are for individually identifying the user systems, and (c) substituting the user identification information item of the each user system into one of the individual key generation polynomials which corresponds to one of leaves assigned to one of the subgroups to which the user identification information item corresponding to the each user system belongs or an ancestor node of the one of the leaves and a common key generation polynomial common to the root, the nodes, and the leaves. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
-
-
14. A user system comprising:
-
a memory to store a decryption key unique to the user system which is a value obtained by (a)assigning different individual key generation polynomials to a root, a plurality of nodes, and a plurality of leaves of a tree structure, respectively, (b) assigning the different leaves on the tree structure a plurality of subgroups obtained by dividing a group of a plurality of user identification information items which are for individually identifying a plurality of user systems, and (c) substituting the user identification information item of the user system into one of the individual key generation polynomials which corresponds to one of the leaves assigned to one of the subgroups to which the user identification information item corresponding to the user system belongs or an ancestor node of the one of the leaves and a common key generation polynomial common to the root, the nodes, and the leaves;
a receiving unit configured to receive an encrypted content obtained by encrypting a content with a session key and header information which includes an encrypted session key and allows the encrypted session key to be decrypted;
a session key decryption unit configured to decrypt the session key from the received header information by using the decryption key; and
a content decryption unit configured to decrypt the received encrypted content by using the decrypted session key. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
-
21. A tracking system which tests a test object user system and specifies an unauthorized user from a plurality of users of a plurality of user systems, comprising:
-
a content encryption unit configured to encrypt a content with a session key to obtain an encrypted content;
a generation unit configured to generate header information which includes an encrypted session key obtained by encrypting the session key and allows the encrypted session key to be decrypted with a decryption key of each user system which is permitted to decrypt the encrypted session key;
an acquiring unit configured to acquire a decryption result of the encrypted content which is obtained by the test object user system by inputting the encrypted content and the header information to the test object user system; and
a specifying unit configured to specify not less than one user system based on which the test object user system is produced from the user systems on the basis of a relationship between each header information and each decryption result acquired when the each header information is input to the test object user system, by causing the generation unit to generate the header information while changing the number of user systems to be invalidated which are inhibited from decrypting the encrypted session key;
wherein the decryption key unique to each user system is a value obtained by (a)assigning different individual key generation polynomials to a root, a plurality of nodes, and a plurality of leaves of a tree structure, respectively, (b) assigning the different leaves on the tree structure a plurality of subgroups obtained by dividing a group of a plurality of user identification information items which are for individually identifying the user systems, and (c) substituting the user identification information item of the each user system into one of the individual key generation polynomials which corresponds to one of leaves assigned to one of the subgroups to which the user identification information item corresponding to the each user system belongs or an ancestor node of the one of the leaves and a common key generation polynomial common to the root, the nodes, and the leaves. - View Dependent Claims (22, 23)
-
-
24. A content distribution method in a content distribution system which distributes an encrypted content and header information to a plurality of user systems, comprising:
-
encrypting a content such that the content is adapted to be decrypted with a session key, to obtain the encrypted content;
encrypting the session key with a public key corresponding to a plurality of decryption keys respectively assigned to the user systems, to obtain an encrypted session key;
generating the header information which includes the encrypted session key and allows the encrypted session key to be decrypted by using a decryption key unique to each user system which is permitted to decrypt the encrypted session key; and
transmitting the encrypted content and the header information to each user system, wherein the decryption key unique to each user system is a value obtained by (a)assigning different individual key generation polynomials to a root, a plurality of nodes, and a plurality of leaves of a tree structure, respectively, (b) assigning the different leaves on the tree structure a plurality of subgroups obtained by dividing a group of a plurality of user identification information items which are for individually identifying the user systems, and (c) substituting the user identification information item of the each user system into one of the individual key generation polynomials which corresponds to one of leaves assigned to one of the subgroups to which the user identification information item corresponding to the each user system belongs or an ancestor node of the one of the leaves and a common key generation polynomial common to the root, the nodes, and the leaves.
-
-
25. A method for decrypting an encrypted content in a user system, including:
-
storing, in a memory, a decryption key unique to the user system which is a value obtained by (a)assigning different individual key generation polynomials to a root, a plurality of nodes, and a plurality of leaves of a tree structure, respectively, (b) assigning the different leaves on the tree structure a plurality of subgroups obtained by dividing a group of a plurality of user identification information items which are for individually identifying a plurality of user systems, and (c) substituting the user identification information item of the user system into one of the individual key generation polynomials which corresponds to one of the leaves assigned to one of the subgroups to which the user identification information item corresponding to the user system belongs or an ancestor node of the one of the leaves and a common key generation polynomial common to the root, the nodes, and the leaves;
receiving an encrypted content obtained by encrypting a content with a session key and header information which includes an encrypted session key and allows the encrypted session key to be decrypted;
decrypting the session key from the received header information by using the decryption key; and
decrypting the received encrypted content by using the decrypted session key.
-
-
26. A method for specifying an unauthorized user from a plurality of users of a plurality of user systems, the method applied to a tracking system which tests a test object user system and includes:
-
a content encryption unit configured to encrypt a content with a session key to obtain an encrypted content;
a generation unit configured to generate a header information item which includes an encrypted session key obtained by encrypting the session key and allows the encrypted session key to be decrypted with a decryption key of each user system which is permitted to decrypt the encrypted session key; and
an acquiring unit configured to acquire a decryption result of the encrypted content which is obtained by the test object user system by inputting the encrypted content and the header information item to the test object user system;
the method including;
causing the generation unit to generate the header information item while changing the number of user systems to be invalidated which are inhibited from decrypting the encrypted session key, to obtain a plurality of header information items;
specifying not less than one user system based on which the test object user system is produced from the user systems on the basis of a relationship between each of the header information items and each decryption result acquired when the each of the header information items is input to the test object user system, wherein the decryption key unique to each user system is a value obtained by (a)assigning different individual key generation polynomials to a root, a plurality of nodes, and a plurality of leaves of a tree structure, respectively, (b) assigning the different leaves on the tree structure a plurality of subgroups obtained by dividing a group of a plurality of user identification information items which are for individually identifying the user systems, and (c) substituting the user identification information item of the each user system into one of the individual key generation polynomials which corresponds to one of leaves assigned to one of the subgroups to which the user identification information item corresponding to the each user system belongs or an ancestor node of the one of the leaves and a common key generation polynomial common to the root, the nodes, and the leaves.
-
-
27. A computer program stored on a computer readable medium, the computer program for operating the computer to distributes an encrypted content and header information to a plurality of user systems, the computer program comprising:
-
first program instruction means for instructing the computer processor to encrypt a content such that the content is adapted to be decrypted with a session key, to obtain the encrypted content;
second program instruction means for instructing the computer processor to encrypt the session key with a public key corresponding to a plurality of decryption keys respectively assigned to the user systems, to obtain an encrypted session key;
third program instruction means for instructing the computer processor to generate the header information which includes the encrypted session key and allows the encrypted session key to be decrypted by using a decryption key unique to each user system which is permitted to decrypt the encrypted session key; and
fourth program instruction means for instructing the computer processor to transmit the encrypted content and the header information to each user system;
wherein the decryption key unique to each user system is a value obtained by (a)assigning different individual key generation polynomials to a root, a plurality of nodes, and a plurality of leaves of a tree structure, respectively, (b) assigning the different leaves on the tree structure a plurality of subgroups obtained by dividing a group of a plurality of user identification information items which are for individually identifying the user systems, and (c) substituting the user identification information item of the each user system into one of the individual key generation polynomials which corresponds to one of leaves assigned to one of the subgroups to which the user identification information item corresponding to the each user system belongs or an ancestor node of the one of the leaves and a common key generation polynomial common to the root, the nodes, and the leaves.
-
-
28. A computer program stored on a computer readable medium, the computer program for operating the computer as a user system decrypting an encrypted content distributed from a content distribution system, the computer program comprising:
-
first program instruction means for instructing the computer processor to store, in a memory, a decryption key unique to the user system which is a value obtained by (a)assigning different individual key generation polynomials to a root, a plurality of nodes, and a plurality of leaves of a tree structure, respectively, (b) assigning the different leaves on the tree structure a plurality of subgroups obtained by dividing a group of a plurality of user identification information items which are for individually identifying a plurality of user systems, and (c) substituting the user identification information item of the user system into one of the individual key generation polynomials which corresponds to one of the leaves assigned to one of the subgroups to which the user identification information item corresponding to the user system belongs or an ancestor node of the one of the leaves and a common key generation polynomial common to the root, the nodes, and the leaves;
second program instruction means for instructing the computer processor to receive an encrypted content obtained by encrypting a content with a session key and header information which includes an encrypted session key and allows the encrypted session key to be decrypted;
third program instruction means for instructing the computer processor to decrypt the session key from the received header information by using the decryption key; and
fourth program instruction means for instructing the computer processor to decrypt the received encrypted content by using the decrypted session key.
-
-
29. A computer program stored on a computer readable medium, the computer program for operating the computer as a tracking system which tests a test object user system and specifies an unauthorized user from a plurality of users of a plurality of user systems, the computer program comprising:
-
first program instruction means for instructing the computer processor to encrypt a content with a session key to obtain an encrypted content;
second program instruction means for instructing the computer processor to generate header information which includes an encrypted session key obtained by encrypting the session key and allows the encrypted session key to be decrypted with a decryption key of each user system which is permitted to decrypt the encrypted session key;
third program instruction means for instructing the computer processor to acquire a decryption result of the encrypted content which is obtained by the test object user system by inputting the encrypted content and the header information to the test object user system; and
fourth program instruction means for instructing the computer processor to specify not less than one user system based on which the test object user system is produced from the user systems on the basis of a relationship between each header information and each decryption result acquired when the each header information is input to the test object user system, by causing the generation unit to generate the header information while changing the number of user systems to be invalidated which are inhibited from decrypting the encrypted session key;
wherein the decryption key unique to each user system is a value obtained by (a)assigning different individual key generation polynomials to a root, a plurality of nodes, and a plurality of leaves of a tree structure, respectively, (b) assigning the different leaves on the tree structure a plurality of subgroups obtained by dividing a group of a plurality of user identification information items which are for individually identifying the user systems, and (c) substituting the user identification information item of the each user system into one of the individual key generation polynomials which corresponds to one of leaves assigned to one of the subgroups to which the user identification information item corresponding to the each user system belongs or an ancestor node of the one of the leaves and a common key generation polynomial common to the root, the nodes, and the leaves.
-
-
30. An encryption apparatus which generates an encrypted content and header information which are distributed to a plurality of user systems, comprising:
-
a first encryption unit configured to encrypt a content such that the content is adapted to be decrypted with a session key, to obtain the encrypted content;
a second encryption unit configured to encrypt the session key with an encryption key corresponding to a plurality of decryption keys respectively assigned to the user systems, to obtain an encrypted session key;
a generation unit configured to generate the header information which includes the encrypted session key and allows the encrypted session key to be decrypted by using a decryption key unique to each user system which is permitted to decrypt the encrypted session key;
wherein the decryption key unique to each user system is a value obtained by (a)assigning different individual key generation polynomials to a root, a plurality of nodes, and a plurality of leaves of a tree structure, respectively, (b) assigning the different leaves on the tree structure a plurality of subgroups obtained by dividing a group of a plurality of user identification information items which are for individually identifying the user systems, and (c) substituting the user identification information item of the each user system into one of the individual key generation polynomials which corresponds to one of leaves assigned to one of the subgroups to which the user identification information item corresponding to the each user system belongs or an ancestor node of the one of the leaves and a common key generation polynomial common to the root, the nodes, and the leaves.
-
-
31. A decryption apparatus included in a user system which receives an encrypted content obtained by encrypting a content with a session key and header information which includes an encrypted session key and allows the encrypted session key to be decrypted, the apparatus comprising:
-
a memory to store a decryption key unique to the user system which is a value obtained by (a)assigning different individual key generation polynomials to a root, a plurality of nodes, and a plurality of leaves of a tree structure, respectively, (b) assigning the different leaves on the tree structure a plurality of subgroups obtained by dividing a group of a plurality of user identification information items which are for individually identifying a plurality of user systems, and (c) substituting the user identification information item of the user system into one of the individual key generation polynomials which corresponds to one of the leaves assigned to one of the subgroups to which the user identification information item corresponding to the user system belongs or an ancestor node of the one of the leaves and a common key generation polynomial common to the root, the nodes, and the leaves;
a session key decryption unit configured to decrypt the session key from the received header information by using the decryption key; and
a content decryption unit configured to decrypt the received encrypted content by using the decrypted session key.
-
Specification