Information processing system and method for distributing encrypted message data
First Claim
1. An information processing system for distributing encrypted message data, said system comprising:
- a receiving device, including;
holding means for holding a key set that is specific to said receiving device and which includes a portion of a plurality of node keys and a corresponding leaf key, the plurality of node keys being associated with a plurality of nodes whereby a given one of the plurality of node keys is associated with a particular one of the plurality of nodes, the plurality of nodes being arranged according to a hierarchical tree structure having a root node and a plurality of leaves, the portion of the plurality of node keys being the node keys associated with the nodes disposed along a particular path from the root node of the hierarchical tree structure to a particular one of the plurality of leaves that is associated with said receiving device and with its corresponding leaf key, andencryption processing means for decrypting encrypted message data distributed to said receiving device by using the key set; and
a distributing device, including;
message data generating means for generating an enabling key block (EKB) using one or more keys selected from the group consisting of the portion of the plurality of node keys and the corresponding leaf key, andmessage data distributing means for distributing a storage medium storing first message data that includes data in which first content is encrypted with a first content key, data in which the first content key is encrypted by a content key encryption key, and a link to a location on the storage medium wherein data is stored in which the content key encryption key is encrypted by the enabling key block (EKB), and storing second message data that includes data in which second content is encrypted by a second content key, data in which the second content key is encrypted by the content key encryption key, and another link to the location on the storage medium wherein the data is stored in which the content key encryption key is encrypted by the enabling key block (EKB).
1 Assignment
0 Petitions
Accused Products
Abstract
A content key, an authentication key, and a program data etc. are transmitted with an enabling key block (EKB) in an encrypted key constitution of a tree structure. The EKB has a constitution in which a device as a leaf of the tree holds a leaf key and a limited node key, and a specific enabling key block (EKB) is generated and distributed to a group specified by a specific node to limit devices that can be renewed. As the devices that do not belong to the group cannot perform decryption, the security for distributing keys etc. can be secured. Thus, distribution of various kinds of keys or data is executed in an encryption key constitution of a tree structure to realize an information processing system and method enabling to distribute data efficiently and safely.
-
Citations
29 Claims
-
1. An information processing system for distributing encrypted message data, said system comprising:
-
a receiving device, including; holding means for holding a key set that is specific to said receiving device and which includes a portion of a plurality of node keys and a corresponding leaf key, the plurality of node keys being associated with a plurality of nodes whereby a given one of the plurality of node keys is associated with a particular one of the plurality of nodes, the plurality of nodes being arranged according to a hierarchical tree structure having a root node and a plurality of leaves, the portion of the plurality of node keys being the node keys associated with the nodes disposed along a particular path from the root node of the hierarchical tree structure to a particular one of the plurality of leaves that is associated with said receiving device and with its corresponding leaf key, and encryption processing means for decrypting encrypted message data distributed to said receiving device by using the key set; and a distributing device, including; message data generating means for generating an enabling key block (EKB) using one or more keys selected from the group consisting of the portion of the plurality of node keys and the corresponding leaf key, and message data distributing means for distributing a storage medium storing first message data that includes data in which first content is encrypted with a first content key, data in which the first content key is encrypted by a content key encryption key, and a link to a location on the storage medium wherein data is stored in which the content key encryption key is encrypted by the enabling key block (EKB), and storing second message data that includes data in which second content is encrypted by a second content key, data in which the second content key is encrypted by the content key encryption key, and another link to the location on the storage medium wherein the data is stored in which the content key encryption key is encrypted by the enabling key block (EKB). - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An information processing method for distributing encrypted message data, said method comprising:
-
generating a plurality of node keys, the plurality of node keys being associated with a plurality of nodes whereby a given one of the plurality of node keys is associated with a particular one of the plurality of nodes, the plurality of nodes being arranged according to a hierarchical tree structure having a root node and a plurality of leaves, the plurality of leaves being associated with a plurality of leaf keys and with a plurality of devices whereby a given one of the plurality of leaves is associated with a specific one of the plurality of leaf keys and with a particular one of the plurality of devices; generating an enabling key block (EKB) using one or more keys selected from the group consisting of the plurality of node keys and the plurality of leaf keys; distributing a storage medium storing first message data that includes data in which first content is encrypted by a first content key, data in which the first content key is encrypted by a content key encryption key, and a link to a location on the storage medium wherein data is stored in which the content key encryption key is encrypted by the enabling key block (EKB), and storing second message data that includes data in which second content is encrypted by a second content key, data in which the second content key is encrypted by the content key encryption key, and another link to the location on the storage medium wherein the data is stored in which the content key encryption key is encrypted by the enabling key block (EKB), the content key encryption key being the renewal node key; and decrypting, at a given one of the plurality of different devices, the encrypted first message data using an associated key set that is specific to and stored in that device and using the data in which the content key encryption key is encrypted by the enabling key block (EKB), the associated key set including a specific portion of the plurality of node keys that are associated with the nodes disposed along a particular path from the root node of the hierarchical tree structure to a particular one of the plurality of leaves that is associated with that device and including the leaf key associated with that device so that the key set associated with a given one of the plurality of devices is different than the key set associated with another one of the plurality of devices. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. An information recording medium that is readable by an information processing system and having stored therein data, said data comprising:
-
a plurality of node keys, the plurality of node keys being associated with a plurality of nodes whereby a given one of the plurality of node keys is associated with a particular one of the plurality of nodes, the plurality of nodes being arranged according to a hierarchical tree structure having a root node and a plurality of leaves, the plurality of leaves being associated with a plurality of leaf keys and with a plurality of devices whereby a given one of the plurality of leaves is associated with a specific one of the plurality of leaf keys and with a particular one of the plurality of devices; an enabling key block (EKB) which is encrypted using one or more keys selected from the group consisting of the plurality of node keys and the plurality of leaf keys; first message data that includes data in which first content is encrypted with a first content key, data in which the first content key is encrypted by a content key encryption key, and a link to a location on said information recording medium wherein data is stored in which the content key encryption key is encrypted by the enabling key block (EKB) so that when the information processing system processes the first content, the information processing system decrypts the EKB using one or more keys selected from the group consisting of the plurality of node keys and the plurality of leaf keys, decrypts the data in which the content key encryption key is encrypted using the EKB, decrypts the data in which the first content key is encrypted using the content key encryption key, and decrypts the data in which the first content is encrypted using the first content key; and second message data that includes data in which second content is encrypted by a second content key, data in which the second content key is encrypted by the content key encryption key, and another link to the location on said information recording medium wherein the data is stored in which the content key encryption key is encrypted by the enabling key block (EKB) so that when the information processing system processes the second content, the information processing system decrypts the EKB using one or more keys selected from the group consisting of the plurality of node keys and the plurality of leaf keys, decrypts the data in which the content key encryption key is encrypted using the EKBE, decrypts the data in which the second content key is encrypted using the content key encryption key, and decrypts the data in which the second content is encrypted using the second content key. - View Dependent Claims (20, 21)
-
-
22. A computer-readable medium for storing instructions for carrying out a method of decrypting encrypted content, said method comprising:
-
obtaining a storage medium storing first message data that includes data in which first content is encrypted by a first content key, data in which the first content key is encrypted by a content key encryption key, and a link to a location on the storage medium wherein data is stored in which the content key encryption key is encrypted by the enabling key block (EKB), and storing second message data that includes data in which second content is encrypted by a second content key, data in which the second content key is encrypted by the content key encryption key, and another link to the location on the storage medium wherein the data is stored in which the content key encryption key is encrypted by the enabling key block (EKB); obtaining an enabling key block (EKB) using at least one or more keys selected from the group consisting of a plurality of node keys and a plurality of leaf keys, the plurality of node keys being associated with a plurality of nodes whereby a given one of a plurality of node keys is associated with a particular one of the plurality of nodes, the plurality of leaf keys being associated with a plurality of leaves whereby a given one of the plurality of leaf keys is associated with a specific one of the plurality of leaves, the plurality of nodes being arranged according to a hierarchical tree structure having a root node and the plurality of leaves, at least one of the plurality of node keys being renewable using the renewal node key; decrypting, using the enabling key block, the data in which the content key encryption key is encrypted; decrypting, using the content key encryption key, the data in which content key is encrypted; and
decrypting the at least one of the encrypted first content using the content key. - View Dependent Claims (23)
-
-
24. An information processing method for distributing encrypted message data, said method comprising:
-
generating a plurality of node keys, the plurality of node keys being associated with a plurality of nodes whereby a given one of the plurality of node keys is associated with a particular one of the plurality of nodes, the plurality of nodes being arranged according to a hierarchical tree structure having a root node and a plurality of leaves, the plurality of leaves being associated with a plurality of leaf keys and with a plurality of devices whereby a given one of the plurality of leaves is associated with a specific one of the plurality of leaf keys and with a particular one of the plurality of devices; generating an enabling key block (EKB) using one or more keys selected from the group consisting of the plurality of node keys and the plurality of leaf keys; and generating a storage medium storing first message data that includes data in which first content is encrypted by a first content key, data in which the first content key is encrypted by a content key encryption key, and a link to a location on the storage medium wherein data is stored in which the content key encryption key is encrypted by the enabling key block (EKB), and storing second message data that includes data in which second content is encrypted by a second content key, data in which the second content key is encrypted by the content key encryption key, and another link to the location on the storage medium wherein the data is stored in which the content key encryption key is encrypted by the enabling key block (EKB), to distribute the first message data and the second message data to a plurality of devices. - View Dependent Claims (25, 26, 27)
-
-
28. An information processing method, comprising:
-
obtaining a storage medium storing first message data that includes data in which first content is encrypted by a first content key, data in which the first content key is encrypted by a content key encryption key, and a link to a location on the storage medium wherein data is stored in which the content key encryption key is encrypted by the enabling key block (EKB), and storing second message data that includes data in which second content is encrypted by a second content key, data in which the second content key is encrypted by the content key encryption key, and another link to the location on the storage medium wherein the data is stored in which the content key encryption key is encrypted by the enabling key block (EKB); obtaining the enabling key block (EKB) using at least one or more keys selected from the group consisting of a plurality of node keys and a plurality of leaf keys, the plurality of node keys being associated with a plurality of nodes whereby a given one of a plurality of node keys is associated with a particular one of the plurality of nodes, the plurality of leaf keys being associated with a plurality of leaves whereby a given one of the plurality of leaf keys is associated with a specific one of the plurality of leaves, the plurality of nodes being arranged according to a hierarchical tree structure having a root node and the plurality of leaves, at least one of the plurality of node keys being renewable using the renewal node key; decrypting, using the enabling key block (EKB), the data in which the content key encryption key is encrypted; decrypting, using the content key encryption key, the data in which content key is encrypted; and
decrypting the encrypted first content using the content key. - View Dependent Claims (29)
-
Specification