Method for broadcast encryption and key revocation of stateless receivers
First Claim
Patent Images
1. A method for broadcast encryption, comprising:
- assigning each user in a group of users respective private information Iu;
selecting at leas one session encryption key K;
partitioning use not in a revoked set R into disjoint subsets Si1, . . . Sim having associated subset keys Li1, . . . , Lim;
encrypting the session key K with the subset keys Li1, . . . , Lim to render m encrypted versions of the session key K;
partitioning the users into groups S1, . . . , Sw, wherein “
w”
is an integer, and the groups establish subtrees in a tree, wherein each subset Si1, . . . Sim includes all leaves in a subtree rooted at some node vi at least each node in the subtree being associated with a respective subset key, wherein content is provided to users in at least one message defining a header, and the header includes at most r*log(N/r) subset keys and encryptions, wherein r is the number of users in the revoked set R and N is the total number of users.
1 Assignment
0 Petitions
Accused Products
Abstract
A tree is used to partition stateless receivers in a broadcast content encryption system into subsets. Two different methods of partitioning are disclosed. When a set of revoked receivers is identified, the revoked receivers define a relatively small cover of the non-revoked receivers by disjoint subsets. Subset keys associated with the subsets are then used to encrypt a session key that in turn is used to encrypt the broadcast content. Only non-revoked receivers can decrypt the session key and, hence, the content.
79 Citations
78 Claims
-
1. A method for broadcast encryption, comprising:
-
assigning each user in a group of users respective private information Iu;
selecting at leas one session encryption key K;
partitioning use not in a revoked set R into disjoint subsets Si1, . . . Sim having associated subset keys Li1, . . . , Lim;
encrypting the session key K with the subset keys Li1, . . . , Lim to render m encrypted versions of the session key K;
partitioning the users into groups S1, . . . , Sw, wherein “
w”
is an integer, and the groups establish subtrees in a tree, wherein each subset Si1, . . . Sim includes all leaves in a subtree rooted at some node vi at least each node in the subtree being associated with a respective subset key, wherein content is provided to users in at least one message defining a header, and the header includes at most r*log(N/r) subset keys and encryptions, wherein r is the number of users in the revoked set R and N is the total number of users. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for broadcast encryption, comprising:
-
assigning each user in a group of users respective private information Iu;
selecting at least one session encryption key K;
partitioning users not in a revoked set R into disjoint subsets Si1, . . . Sim having associated subset keys Li1, . . . , Lim;
encrypting the session key K with the subset keys Li1, . . . , Lim to render m encrypted versions of the session key K;
partitioning the users into groups S1, . . . , Sw, wherein “
w”
is an integer, and the groups establish subtrees in a tree, wherein each subset Si1, . . . Sim includes all leaves in a subtree rooted at some node v1 at least each node in the subtree being associated with a respective subset key, wherein content is provided to users in at least one message, and wherein each user processes the message using at most log log N operations plus a single decryption operation, wherein N is the total number of users.
-
-
11. A method for broadcast encryption, comprising:
-
assigning each user in a group of users respective private information Iu;
selecting at least one session encryption key K;
partitioning users not in a revoked set R into disjoint subsets Si1, . . . Sim having associated subset keys Li1, . . . , Lim;
encrypting the session key K with the subset keys Li1, . . . , Lim to render m encrypted versions of the session key K;
partitioning the users into groups S1, . . . , Sw, wherein “
w”
is an integer, and the groups establish subtrees in a tree, wherein the tree includes a root and plural nodes, each node having at least one associated label, and wherein each subset includes all leaves in a subtree rooted at some node vi that are not in the subtree rooted some other node vj that descends from vi, wherein content is provided to users in at least one message defining a header, and the header includes at most 2r−
1 subset keys and encryptions, wherein r is the number of users in the revoked set R.
-
-
12. A method for broadcast encryption, comprising:
-
assigning each user in a group of users respective private information Iu;
selecting at least one session encryption key K;
partitioning users not in a revoked set R into disjoint subsets Si1, . . . Sim having associated subset keys Li1, . . . Lim;
encrypting the session key K with the subset keys Li1, . . . , Lim to render m encrypted versions of the session key K;
partitioning the users into groups S1, . . . , Sw, wherein “
w”
is an integer, and the groups establish subtrees in a tree, wherein the tree includes a root and plural nodes, each node having at least one associated label, and wherein each subset includes all leaves in a subtree rooted at some node vi that are not in the subtree rooted at some other node vj that descends from vi, wherein each user must store 0.5 log2 N+0.5 log N+1 keys, wherein N is the total number of users.
-
-
13. A method for broadcast encryption, comprising:
-
assigning each user in a group of users respective private information Iu;
selecting at least one session encryption key K;
partitioning users not in a revoked set R into disjoint subsets Si1, . . . Sim having associated subset keys Li1, . . . Lim;
encrypting the session key K with the subset keys Li1, . . . , Lim to render m encrypted versions of the session key K;
partitioning the users into groups S1, . . . , Sw, wherein “
w”
is an integer, and the groups establish subtrees in a tree, wherein the tree includes a root and plural nodes, each node having at least one associated label, and wherein each subset includes all leaves in a subtree rooted at some node vi that are not in the subtree rooted some other node vj that descends from vi, wherein content is provided to users in at least one message, and wherein each user processes the message using at most log N operations plus a single decryption operation, wherein N is the total number of users.
-
-
14. A method for broadcast encryption, comprising:
-
assigning each user in a group of users respective private information Iu;
selecting at least one session encryption key K;
partitioning users not in a revoked set R into disjoint subsets Si1, . . . Sim having associated subset keys Li1, . . . Lim;
encrypting the session key K with the subset keys Li1, . . . , Lim to render m encrypted versions of the session key K;
partitioning the users into groups S1, . . . , Sw, wherein “
w”
is an integer, and the groups establish subtrees in a tree, wherein the tree includes a root and plural nodes, each node having at least one associated label, and wherein each subset includes all leaves in a subtree rooted at some node vi that are not in the subtree rooted some other node vj that descends from vi, wherein the revoked set R defines a spanning tree, and wherein the method includes;
initializing a cover tree T as the spanning tree;
iteratively removing nodes from the cover tree T and adding nodes to cover until the cover tree T has at most one node.
-
-
15. A method for broadcast encryption, comprising:
-
assigning each user in a group of users respective private information Iu;
selecting at least one session encryption key K;
partitioning users not in a revoked set R into disjoint subsets Si1, . . . Sim having associated subset keys Li1, . . . Lim;
encrypting the session key K with the subset keys Li1, . . . , Lim to render m encrypted versions of the session key K;
partitioning the users into groups S1, . . . , Sw, wherein “
w”
is an integer, and the groups establish subtrees in a tree, wherein the tree includes a root and plural nodes, each node having at least one associated label, and wherein each subset includes all leaves in a subtree rooted at some node vi that are not in the subtree rooted some other node vj that descends from vi, wherein each node has at least one label possibly induced by at least one of its ancestors, and wherein each user is assigned labels from all nodes hanging from a direct path between the user and the root but not from nodes in the direct path. - View Dependent Claims (16)
-
-
17. A method for broadcast encryption, comprising:
-
assigning each user in a group of users respective private information Iu;
selecting at least one session encryption key K;
partitioning users not in a revoked set R into disjoint subsets Si1, . . . Sim having associated subset keys Li1, . . . Lim; and
encrypting the session key K with the subset keys Li1, . . . , Lim to render m encrypted versions of the session key K, wherein content is provided to users in at least one message having a header including a cryptographic function EL, and the method includes prefix-truncating the cryptographic function EL.
-
-
18. A method for broadcast encryption, comprising:
-
assigning each user in a group of users respective private information Iu;
selecting at least one session encryption key K;
partitioning users not in a revoked set R into disjoint subsets Si1, . . . Sim having associated subset keys Li1, . . . Lim; and
encrypting the session key K with the subset keys Li1, . . . , Lim to render m encrypted versions of the session key K, wherein content is provided to users in at least one message defining plural portions, and each portion is encrypted with a respective session key.
-
-
19. A computer program device, comprising:
-
a computer program storage device including a program of instructions usable by a computer, comprising;
logic means for accessing a tree to identify plural subset keys;
logic means for encrypting a message with a session key;
logic means for encrypting the session key at least once with each of the subset keys to render encrypted versions of the session key;
logic means for sending the encrypted versions of the session key in header of the message to plural stateless receivers, wherein logic means provide content to receivers in at least one message, and wherein each receiver processes the message using at most log log N operations plus a single decryption operation, wherein N is the total number of receivers. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A computer program device, comprising:
-
a computer program storage device including a program of instructions usable by a computer, comprising;
logic means for accessing a tree to identify plural subset keys;
logic means for encrypting a message with a session key;
logic means for encrypting the session key at least once with each of the subset keys to render encrypted versions of the session key;
logic means for sending the encrypted versions of the session key in a header of the message to plural stateless receivers;
logic means for partitioning receivers not in a revoked set R into disjoint subsets Si1, . . . Sim having associated subset keys Li1, . . . , Lim;
logic means for partitioning the users into groups S1, . . . , Sw, wherein “
w”
is an integer, and the groups establish subtrees in a tree, wherein the tree includes a root and plural nodes, each node having at least one associated label, and wherein each subset includes all leaves in a subtree rooted at some node vi that are not in the subtree rooted at some other node vj that descends from vi, wherein logic means provide content to receivers in at least one message defining a header, and the header includes at most 2r−
1 subset keys and encryptions, wherein r is the number of receivers in the revoked set R.
-
-
30. A computer program device, comprising:
-
a computer program storage device including a program of instructions usable by a computer, comprising;
logic means for accessing a tree to identify plural subset keys;
logic means for encrypting a message with a session key;
logic means for encrypting the session key at least once with each of the subset keys to render encrypted versions of the session key;
logic means for sending the encrypted versions of the session key in a header of the message to plural stateless receivers;
logic means for partitioning receivers not in a revoked set R into disjoint subsets Si1, . . . Sim having associated subset keys Li1, . . . , Lim;
logic means for partitioning the users into groups S1, . . . , Sw, wherein “
w”
is an integer, and the groups establish subtrees in a tree, wherein the tree includes a root and plural nodes, each node having at least one associated label, and wherein each subset includes all leaves in a subtree rooted at some node vi that are not in the subtree rooted at some other node vj that descends from vi, wherein each receiver must store 0.51 log2 N+0.5 log N+1 keys, wherein N is the total number of receivers.
-
-
31. A computer program device, comprising:
-
a computer program storage device including a program of instructions usable by a computer, comprising;
logic means for accessing a tree to identify plural subset keys;
logic means for encrypting a message with a session key;
logic means for encrypting the session key at least once with each of the subset keys to render encrypted versions of the session key;
logic means for sending the encrypted versions of the session key in a header of the message to plural stateless receivers;
logic means for partitioning receivers not in a revoked set R into disjoint subsets Si1, . . . Sim having associated subset keys Li1, . . . , Lim;
logic means for partitioning the users into groups S1, . . . , Sw, wherein “
w”
is an integer, and the groups establish subtrees in a tree, wherein the tree includes a root and plural nodes, each node having at least one associated label, and wherein each subset includes all leaves in a subtree rooted at some node vi that are not in the subtree rooted at some other node vj that descends from vi, wherein logic means provide content to receivers in at least one message, and wherein each receiver processes the message using at most log N operations plus a single decryption operation, wherein N is the total number of receivers.
-
-
32. A computer program device, comprising:
-
a computer program storage device including a program of instructions usable by a computer, comprising;
logic means for accessing a tree to identify plural subset keys;
logic means for encrypting a message with a session key;
logic means for encrypting the session key at least once with each of the subset keys to render encrypted versions of the session key;
logic means for sending the encrypted versions of the session key in a header of the message to plural stateless receivers;
logic means for partitioning receivers not in a revoked set R into disjoint subsets Si1, . . . Sim having associated subset keys Li1, . . . , Lim;
logic means for partitioning the users into groups S1, . . . , Sw, wherein “
w”
is an integer, and the groups establish subtrees in a tree, wherein the tree includes a root and plural nodes, each node having at least one associated label, and wherein each subset includes all leaves in a subtree rooted at some node vi that are not in the subtree rooted at some other node vj that descends from vi, wherein the revoked set R defines a spanning tree, and wherein the computer program device includes;
logic means for initializing a cover tree T as the spanning tree; and
logic means for iteratively removing nodes from the cover tree T and adding nodes to a cover until the cover tree T has at most one node. - View Dependent Claims (33, 34)
-
-
35. A computer program device, comprising:
-
a computer program storage device including a program of instructions usable by a computer, comprising;
logic means for accessing a tree to identify plural subset keys;
logic means for encrypting a message with a session key;
logic means for encrypting the session key at least once with each of the subset keys to render encrypted versions of the session key; and
logic means for sending the encrypted versions of the session key in a header of the message to plural stateless receivers, wherein logic means provide content to receivers in at least one message having a header including a cryptographic function EL, and the computer program device includes logic means for prefix-truncating the cryptographic function EL.
-
-
36. A computer program device, comprising:
-
a computer program storage device including a program of instructions usable by a computer, comprising;
logic means for accessing a tree to identify plural subset keys;
logic means for encrypting a message with a session key;
logic means for encrypting the session key at least once with each of the subset keys to render encrypted versions of the session key; and
logic means for sending the encrypted versions of the session key in a header of the message to plural stateless receivers, wherein logic means provide content to receivers in at least one message defining plural portions, and each portion is encrypted with a respective session key.
-
-
37. A computer programmed with instructions to cause the computer to execute method acts including:
-
encrypting broadcast content;
sending the broadcast content to plural stateless receivers and to at least one revoked receiver such that each stateless receiver can decrypt the content and the revoked receiver cannot decrypt the content;
partitioning the users into groups S1, . . . , Sw, wherein “
w”
is an integer, and the groups establish subtrees in a tree, wherein each subset Si1, . . . , Sim includes all leaves in a subtree rooted at some node vi, at least each node in the subtree being associated with a respective subset key, wherein content is provided to receivers in at least one message defining a header, and the header includes at most r*log(N/r) subset keys and encryptions, where r is the number of receivers in the revoked set R and N is the total number of receivers. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51)
-
-
52. A computer programmed with instructions to cause the computer to execute method acts including:
-
encrypting broadcast content;
partitioning users into groups S1, . . . , Sw, wherein “
w”
is an integer, and the groups establish subtrees in a tree, wherein each subset Si1, . . . , Sim includes all leaves in a subtree rooted at some node vi, at least each node in the subtree being associated with a respective subset key;
sending the broadcast content to plural stateless receivers and to at least one revoked receiver such that each stateless receiver can decrypt the content and the revoked receiver cannot decrypt the content, wherein content is provided to receivers in at least one message, and wherein each receiver processes the message using at most log log N operations plus a single decryption operation, wherein N is the total number of receivers. - View Dependent Claims (53)
-
-
54. A computer programmed with instructions to cause the computer to execute method acts including:
-
encrypting broadcast content;
sending the broadcast content to plural stateless receivers and to at least one revoked receiver such that each stateless receiver can decrypt the content and the revoked receiver cannot decrypt the content, wherein content is provided to receivers in at least one message having a header including a cryptographic function EL, and the method acts undertaken by the computer include prefix-truncating the cryptographic function EL.
-
-
55. A computer programmed with instructions to cause the computer to execute method acts including:
-
encrypting broadcast content;
sending the broadcast content to plural stateless receivers and to at least one revoked receiver such that each stateless receiver can decrypt the content and the revoked receiver cannot decrypt the content, wherein content is provided to receivers in at least one message defining plural portions, and each portion is encrypted by the computer with a respective session key.
-
-
56. A receiver of content, comprising:
-
means for storing respective private information Iu;
means for receiving at least one session encryption key K encrypted with plural subset keys, the session key encrypting content; and
means for obtaining at least one subset key using the private information such that the session key K can be decrypted to play the content, wherein the receiver receives content in at least one message defining a header, and the header includes at most r*log(N/r) subset keys and encryptions, wherein r is the number of receivers in a revoked set R and N is the total number of receivers. - View Dependent Claims (57, 58, 59, 60, 61, 62, 63)
-
-
64. A receiver of content, comprising:
-
means for storing respective private information Iu;
means for receiving at least one session encryption key K encrypted with plural subset keys, the session key encrypting content; and
means for obtaining at least one subset key using the private information such that the session key K can be decrypted to play the content, wherein the receiver receives content in at least one message defining a header, and wherein the receiver processes the message using at most log log N operations plus a single decryption operation, wherein N is the total number of receivers.
-
-
65. A receiver of content, comprising:
-
means for storing respective private information Iu;
means for receiving at least one session encryption key K encrypted with plural subset keys, the session key encrypting content; and
means for obtaining at least one subset key using the private information such that the session key K can be decrypted to play the content, wherein the receiver receives content in message having a header including at most 2r−
1 subset keys and encryptions, wherein r is the number of receivers in the revoked set R.
-
-
66. A receiver of content, comprising:
-
means for storing respective private information Iu;
means for receiving at least one session encryption key K encrypted with plural subset keys, the session key encrypting content; and
means for obtaining at least one subset key using the private information such that the session key K can be decrypted to play the content, wherein the receiver must store 0.5 log2 N+0.5 log N+1 keys, wherein N is the total number of receivers.
-
-
67. A receiver of content, comprising:
-
means for storm respective private information Iu;
means for receiving at least one session encryption key K encrypted with plural subset keys, the session key encrypting content; and
means for obtaining at least one subset key using the private information such that the session key K can be decrypted to play the content, wherein content is provided to the receiver in at least one message, and wherein the receiver processes the message using at most log N operation plus a single decryption operation, wherein N is the total number of receivers.
-
-
68. A receiver of content, comprising:
-
a data storage storing respective private information Iu;
a processing device receiving at least one session encryption key K encrypted with plural subset keys, the session key encrypting content, the processing device obtaining at least one subset key using the private information such at the session key K can be decrypted to play the content, wherein the receiver receives content in at least one message defining a header, and wherein the receiver processes the message using at most log log N operations plus a single decryption operation, wherein N is the total number of receivers. - View Dependent Claims (69, 70, 71, 72, 73, 74, 75, 76, 77, 78)
-
Specification