×

Digital work protection system, key management apparatus, and user apparatus

  • US 7,272,229 B2
  • Filed: 10/23/2002
  • Issued: 09/18/2007
  • Est. Priority Date: 10/26/2001
  • Status: Expired due to Fees
First Claim
Patent Images

1. A user apparatus that is assigned one or more device keys by a key management apparatus that has at least one device key in association with an n-ary tree (n being a integer equal to or greater than 2), and encrypts or decrypts based on the assigned device key,wherein the key management apparatus (a) stores the at least one device key in one-to-one correspondence with at least one node in the n-ary tree, a plurality of the nodes on at least one path from a root node to a leaf node having been revoked, (b) encrypts a media key respectively using a plurality of common device keys to generate a plurality of encrypted media keys, each common device key being one of the at least one device key that is in correspondence with a valid node and that is commonly assigned to at least one user apparatus, and writes the generated plurality of encrypted media keys to a recording medium in an order relating to the structure of the n-ary tree, and (c) generates a piece of revocation information for each revoked node excluding the leaf nodes showing (i) whether each of n directly subordinate nodes of the revoked node is respectively revoked or not and (ii) whether the media key has been encrypted using a device key in correspondence with the revoked node, to obtain a plurality of pieces of revocation information, and writes the obtained pieces of revocation information to the recording medium in the order relating to the structure of the n-ary tree,the user apparatus comprising:

  • a specification unit operable to specify one encrypted media key using the plurality of pieces of revocation information, from amongst the plurality of encrypted media keys that has been encrypted based on one of the device keys assigned to the user apparatus;

    a decryption unit operable to generate the media key by decrypting the specified encrypted media key based on the device key assigned to the user apparatus; and

    an encryption/decryption unit operable to perform at least one of (d) encrypting content based on the generated media key and writing the encrypted content to the recording medium, and (e) decrypting, based on the obtained media key, encrypted content read from the recording medium to generate content,wherein the specification unit is operable to (1) check, in accordance with the order relating to the structure of the n-ary tree and starting from the root node of the n-ary tree, each of the plurality of pieces of revocation information recorded on the recording medium, and (2) count how many of the checked pieces of revocation information show existence of a media key encrypted using a device key, andwherein, when a node corresponding to a piece of revocation information that is a current checking target of the specification unit exists on a path from the leaf node allocated to the user apparatus to the root node, the specification unit is operable to specify, as the encrypted media key encrypted by a device key allocated to the user apparatus, an encrypted media key that exists in a position determined according to how many pieces of revocation information have been counted since the checking by the specification unit started.

View all claims
  • 3 Assignments
Timeline View
Assignment View
    ×
    ×