Method for tracing traitor receivers in a broadcast encryption system

US 7,010,125 B2
Filed: 01/26/2001
Issued: 03/07/2006
Est. Priority Date: 01/26/2001
Status: Expired due to Term

First Claim

Patent Images

1. A method for identifying disabling at least one traitor receiver with at least one associated unique, compromised decryption key in a broadcast encryption system, comprising:

receiving a set of subsets derived from a tree defining leaves, each leaf representing a respective receiver;

identifying at least one traitor subset from the set of subsets as containing at least one leaf representing a candidate traitor receiver;

using the traitor subset, undertaking at least one of identifying disabling the traitor receiver; and

determining whether the traitor subset represents at least two traitor receiver candidates, and if so, dividing the traitor subset into two child sets, wherein the act of identifying or disabling includes encoding plural subsets of the set of subsets with a false key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for tracing traitor receivers in a broadcast encryption system. The method includes using a false key to encode plural subsets representing receivers in the system. The subsets are derived from a tree using a Subset-Cover system, and the traitor receiver is associated with one or more compromised keys that have been obtained by a potentially cloned pirate receiver. Using a clone of the pirate receiver, the identity of the traitor receiver is determined, or the pirate receiver clones are rendered useless for decrypting data using the compromised key by generating an appropriate set of subsets.

Citations

21 Claims

1. A method for identifying disabling at least one traitor receiver with at least one associated unique, compromised decryption key in a broadcast encryption system, comprising:
- receiving a set of subsets derived from a tree defining leaves, each leaf representing a respective receiver;
  
  identifying at least one traitor subset from the set of subsets as containing at least one leaf representing a candidate traitor receiver;
  
  using the traitor subset, undertaking at least one of identifying disabling the traitor receiver; and
  
  determining whether the traitor subset represents at least two traitor receiver candidates, and if so, dividing the traitor subset into two child sets, wherein the act of identifying or disabling includes encoding plural subsets of the set of subsets with a false key.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising determining whether the traitor subset is a member of a frontier set, and if so, removing a complementary subset from the frontier set.
  - 3. The method of claim 1, further comprising executing a binary search on the set of subsets using probabilities.
  - 4. The method of claim 3, wherein the binary search ends by determining that the difference between a probability p_jof decrypting a message when the first j subsets contain the false key and a probability p_j−
    - 1, of decrypting a message when the first j−
      
      1 subsets contain the false key is at least equal to a predetermined probability.
  - 5. The method of claim 4, wherein the traitor subset is identified when |p_j−
    - 1−
      
      p_j|>
      
      p/m, wherein m is the number of subsets in the set of subsets.
  - 6. The method of claim 1, further comprising identifying or disabling plural traitor receivers embodied in a clone.
  - 7. The method of claim 1, wherein the act of identifying or disabling includes encoding the first j subsets of the set of subsets with a false key.

8. A device, comprising:
- a computer readable medium, comprising;
  
  logic means for accessing a tree to generate a set of subsets of the tree, the tree including leaves representing at least one traitor device characterized by a compromised key;
  
  logic means for encrypting a false key j times and for encrypting a session key m-j times, wherein m is a number of subsets in the set of subsets;
  
  logic means responsive to the means for encrypting for identifying a traitor subset; and
  
  logic means for using the traitor subset to identify or disable the traitor device.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The computer program device of claim 8, further comprising:
    - logic means for determining whether the traitor subset represents a least two candidate traitor devices, and if so, dividing the traitor subset into two child sets.
  - 10. The computer program device of claim 9, further comprising logic means for determining whether the traitor subset is a member of a frontier set, and if so, removing a complementary subset from the frontier set.
  - 11. The computer program device of claim 8, further comprising logic means for executing a binary search an the set of subsets using probabilities.
  - 12. The computer program device of claim 11, wherein the binary search ends by determining that the difference between a probability p_jof decrypting a message when the first j subsets contain the false key and a probability p_j−
    - of decrypting a message when the first j−
      
      1 subsets contain the false key is at least equal to a predetermined probability.
  - 13. The computer program device of claim 12, wherein the traitor subset is identified when |p_j−
    - 1−
      
      p_j|>
      
      p/m, wherein m is the number of subsets in the set of subsets.

14. A computer programmed with instructions to cause the computer to execute method acts including:
- using a false key to encode plural subsets representing stateless receivers, at least one traitor receiver of which is associated with at least one compromised key that has been obtained by at least one pirate receiver; and
  
  using the pirate receiver or a clone thereof, determining the identity of the traitor receiver, or rendering the pirate receiver or clone thereof useless for decrypting data using the compromised key.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
- - 15. The computer of claim 14, wherein the subsets define a set of subsets, and the method acts undertaken by the computer further include:
    - receiving the set of subsets derived from a tree defining leaves, each leaf representing a respective receiver;
      
      identifying at least one traitor subset from the set of subsets as containing at least one leaf representing the traitor receiver; and
      
      using the traitor subset, identifying the traitor receiver.
  - 16. The computer of claim 15, wherein the method acts undertaken by the computer further comprise:
    - determining whether the traitor subset represents at least two candidate traitor receivers, and if so, dividing the traitor subset into two child sets.
  - 17. The computer of claim 16, wherein the method acts undertaken by the computer further comprise determining whether the traitor subset is a member of a frontier set, and if so, removing a complementary subset from the frontier set.
  - 18. The computer of claim 15, wherein the act of identifying includes:
    - encoding plural subsets of the set of subsets with the false key.
  - 19. The computer of claim 18, wherein the method acts undertaken by the computer further Comprise executing a binary search on the set of subsets using probabilities.
  - 20. The computer of claim 19, wherein the binary search ends by determining that a probability p_jof decrypting a message when the first j subsets contain the false key is at least equal to a predetermined probability.
  - 21. The computer of claim 20, wherein the traitor subset is identified when |P_j−
    - 1−
      
      p_j|>
      
      p/m, wherein m is the number of subsets in the set of subsets.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Lotspiech, Jeffrey Bruce, Naor, Dalit, Naor, Simeon
Primary Examiner(s)
Moise, Emmanuel L.
Assistant Examiner(s)
Davis, Zachary A.

Application Number

US09/771,239
Publication Number

US 20020133701A1
Time in Patent Office

1,866 Days
Field of Search

380/242, 380/240, 380/210, 380/200, 380/201, 380/227, 380/228, 380/277, 380/278, 380/279, 380/281, 380/44, 380/45, 725/25, 725/31
US Class Current

380/242
CPC Class Codes

G11B 20/00086   Circuits for prevention of ...

G11B 20/0021   involving encryption or dec...

G11B 20/00224   wherein the key is obtained...

G11B 20/00246   wherein the key is obtained...

G11B 20/00253   wherein the key is stored o...

G11B 20/00492   wherein content or user dat...

G11B 2220/2537   Optical discs

H04L 2209/601   Broadcast encryption

H04L 2209/606   Traitor tracing

H04L 9/0836   using tree structure or hie...

H04L 9/0891   Revocation or update of sec...

H04N 21/26606   for generating or managing ...

H04N 21/4181   for conditional access

H04N 21/4331   Caching operations, e.g. of...

H04N 21/4623   Processing of entitlement m...

H04N 7/1675   Providing digital key or au...

Method for tracing traitor receivers in a broadcast encryption system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method for tracing traitor receivers in a broadcast encryption system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links