Information processing system and method for distributing encrypted message data

US 7,443,984 B2
Filed: 04/02/2001
Issued: 10/28/2008
Est. Priority Date: 04/06/2000
Status: Expired due to Fees

First Claim

Patent Images

1. An information processing system for distributing encrypted message data, said system comprising:

a receiving device, including;

holding means for holding a key set that is specific to said receiving device and which includes a portion of a plurality of node keys and a corresponding leaf key, the plurality of node keys being associated with a plurality of nodes whereby a given one of the plurality of node keys is associated with a particular one of the plurality of nodes, the plurality of nodes being arranged according to a hierarchical tree structure having a root node and a plurality of leaves, the portion of the plurality of node keys being the node keys associated with the nodes disposed along a particular path from the root node of the hierarchical tree structure to a particular one of the plurality of leaves that is associated with said receiving device and with its corresponding leaf key, andencryption processing means for decrypting encrypted message data distributed to said receiving device by using the key set; and

a distributing device, including;

message data generating means for generating an enabling key block (EKB) using one or more keys selected from the group consisting of the portion of the plurality of node keys and the corresponding leaf key, andmessage data distributing means for distributing a storage medium storing first message data that includes data in which first content is encrypted with a first content key, data in which the first content key is encrypted by a content key encryption key, and a link to a location on the storage medium wherein data is stored in which the content key encryption key is encrypted by the enabling key block (EKB), and storing second message data that includes data in which second content is encrypted by a second content key, data in which the second content key is encrypted by the content key encryption key, and another link to the location on the storage medium wherein the data is stored in which the content key encryption key is encrypted by the enabling key block (EKB).

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A content key, an authentication key, and a program data etc. are transmitted with an enabling key block (EKB) in an encrypted key constitution of a tree structure. The EKB has a constitution in which a device as a leaf of the tree holds a leaf key and a limited node key, and a specific enabling key block (EKB) is generated and distributed to a group specified by a specific node to limit devices that can be renewed. As the devices that do not belong to the group cannot perform decryption, the security for distributing keys etc. can be secured. Thus, distribution of various kinds of keys or data is executed in an encryption key constitution of a tree structure to realize an information processing system and method enabling to distribute data efficiently and safely.

Citations

29 Claims

1. An information processing system for distributing encrypted message data, said system comprising:
- a receiving device, including;
  
  holding means for holding a key set that is specific to said receiving device and which includes a portion of a plurality of node keys and a corresponding leaf key, the plurality of node keys being associated with a plurality of nodes whereby a given one of the plurality of node keys is associated with a particular one of the plurality of nodes, the plurality of nodes being arranged according to a hierarchical tree structure having a root node and a plurality of leaves, the portion of the plurality of node keys being the node keys associated with the nodes disposed along a particular path from the root node of the hierarchical tree structure to a particular one of the plurality of leaves that is associated with said receiving device and with its corresponding leaf key, andencryption processing means for decrypting encrypted message data distributed to said receiving device by using the key set; and
  
  a distributing device, including;
  
  message data generating means for generating an enabling key block (EKB) using one or more keys selected from the group consisting of the portion of the plurality of node keys and the corresponding leaf key, andmessage data distributing means for distributing a storage medium storing first message data that includes data in which first content is encrypted with a first content key, data in which the first content key is encrypted by a content key encryption key, and a link to a location on the storage medium wherein data is stored in which the content key encryption key is encrypted by the enabling key block (EKB), and storing second message data that includes data in which second content is encrypted by a second content key, data in which the second content key is encrypted by the content key encryption key, and another link to the location on the storage medium wherein the data is stored in which the content key encryption key is encrypted by the enabling key block (EKB).
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The information processing system according to claim 1, wherein said encryption processing means of said receiving device obtains a renewal node key by decrypting the enabling key block (EKB).
  - 3. The information processing system according to claim 1, wherein at least one of the first message data and the second message data includes an authentication key used in authentication processing.
  - 4. The information processing system according to claim 1, wherein at least one of the first message data and the second message data includes a key for generating an integrity check value (ICV) of its content.
  - 5. The information processing system according to claim 1, wherein at least one of the first message data and the second message data includes a program code.
  - 6. The information processing system according to claim 1, wherein said message data distributing means and said receiving device each include associated authentication processing means for executing authentication processing, and a distribution of said message data is performed on the condition that the authentication processing between said message data distributing means and said receiving device has been completed.
  - 7. The information processing system according to claim 1, wherein an intermediate device is disposed between said message data distributing means and said receiving device, and said message data distributing means generates and distributes enabling key block (EKB) data and encrypted first and second message data that can be decrypted only in target devices targeted for distributing said message data.
  - 8. The information processing system according to claim 1, wherein a same encryption key is used for both the first content key and the second content key.
  - 9. The information processing system according to claim 1, wherein the hierarchical tree structure includes a category group that includes only the nodes and leaves which are subordinate to a further one of the plurality of nodes;
    - wherein the category group is associated with a set of devices that belong to a category defined by a kind of device, a kind of a service or a kind of a managing means.
  - 10. The information processing system according to claim 9, wherein the category group further includes one or more sub-category groups in the hierarchical tree structure;
    - wherein the sub-category group is associated with a sub-set of devices that belong to a category defined by another kind of device, kind of a service, or kind of a managing means.

11. An information processing method for distributing encrypted message data, said method comprising:
- generating a plurality of node keys, the plurality of node keys being associated with a plurality of nodes whereby a given one of the plurality of node keys is associated with a particular one of the plurality of nodes, the plurality of nodes being arranged according to a hierarchical tree structure having a root node and a plurality of leaves, the plurality of leaves being associated with a plurality of leaf keys and with a plurality of devices whereby a given one of the plurality of leaves is associated with a specific one of the plurality of leaf keys and with a particular one of the plurality of devices;
  
  generating an enabling key block (EKB) using one or more keys selected from the group consisting of the plurality of node keys and the plurality of leaf keys;
  
  distributing a storage medium storing first message data that includes data in which first content is encrypted by a first content key, data in which the first content key is encrypted by a content key encryption key, and a link to a location on the storage medium wherein data is stored in which the content key encryption key is encrypted by the enabling key block (EKB), and storing second message data that includes data in which second content is encrypted by a second content key, data in which the second content key is encrypted by the content key encryption key, and another link to the location on the storage medium wherein the data is stored in which the content key encryption key is encrypted by the enabling key block (EKB), the content key encryption key being the renewal node key; and
  
  decrypting, at a given one of the plurality of different devices, the encrypted first message data using an associated key set that is specific to and stored in that device and using the data in which the content key encryption key is encrypted by the enabling key block (EKB), the associated key set including a specific portion of the plurality of node keys that are associated with the nodes disposed along a particular path from the root node of the hierarchical tree structure to a particular one of the plurality of leaves that is associated with that device and including the leaf key associated with that device so that the key set associated with a given one of the plurality of devices is different than the key set associated with another one of the plurality of devices.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The information processing method according to claim 11, wherein said decrypting step includes a renewal node key obtaining step of obtaining a renewal node key by decrypting the enabling key block (EKB), and a message data decrypting step for executing decryption of the encrypted first message data using the renewal node key.
  - 13. The information processing method according to claim 11, wherein at least one of the first message data and the second message data includes an authentication key used in the authentication processing.
  - 14. The information processing method according to claim 11, wherein at least one of the first message data and the second message data includes a key for generating an integrity check value (ICV) of its content.
  - 15. The information processing method according to claim 11, wherein at least one of the first message data and the second message data includes a program code.
  - 16. The information processing method according to claim 11, further comprising an authentication processing step for executing authentication processing, andwherein said message data distributing step is performed on the condition that said authentication processing step has been completed.
  - 17. The information processing method according to claim 11, wherein said message data distributing step generates and distributes enabling key block (EKB data and encrypted first and second message data that can be decrypted only in a target device targeted for receiving said message data.
  - 18. The information processing method according to claim 11, wherein a same encryption key is used for both the first content key and the second content key.

19. An information recording medium that is readable by an information processing system and having stored therein data, said data comprising:
- a plurality of node keys, the plurality of node keys being associated with a plurality of nodes whereby a given one of the plurality of node keys is associated with a particular one of the plurality of nodes, the plurality of nodes being arranged according to a hierarchical tree structure having a root node and a plurality of leaves, the plurality of leaves being associated with a plurality of leaf keys and with a plurality of devices whereby a given one of the plurality of leaves is associated with a specific one of the plurality of leaf keys and with a particular one of the plurality of devices;
  
  an enabling key block (EKB) which is encrypted using one or more keys selected from the group consisting of the plurality of node keys and the plurality of leaf keys;
  
  first message data that includes data in which first content is encrypted with a first content key, data in which the first content key is encrypted by a content key encryption key, and a link to a location on said information recording medium wherein data is stored in which the content key encryption key is encrypted by the enabling key block (EKB) so that when the information processing system processes the first content, the information processing system decrypts the EKB using one or more keys selected from the group consisting of the plurality of node keys and the plurality of leaf keys, decrypts the data in which the content key encryption key is encrypted using the EKB, decrypts the data in which the first content key is encrypted using the content key encryption key, and decrypts the data in which the first content is encrypted using the first content key; and
  
  second message data that includes data in which second content is encrypted by a second content key, data in which the second content key is encrypted by the content key encryption key, and another link to the location on said information recording medium wherein the data is stored in which the content key encryption key is encrypted by the enabling key block (EKB) so that when the information processing system processes the second content, the information processing system decrypts the EKB using one or more keys selected from the group consisting of the plurality of node keys and the plurality of leaf keys, decrypts the data in which the content key encryption key is encrypted using the EKBE, decrypts the data in which the second content key is encrypted using the content key encryption key, and decrypts the data in which the second content is encrypted using the second content key.
- View Dependent Claims (20, 21)
- - 20. The information recording medium according to claim 19 wherein said information recording medium stores an integrity check value (ICV) of at least one of the first content and the second content.
  - 21. The information recording medium according to claim 19, wherein a same encryption key is used for both the first content key and the second content key.

22. A computer-readable medium for storing instructions for carrying out a method of decrypting encrypted content, said method comprising:
- obtaining a storage medium storing first message data that includes data in which first content is encrypted by a first content key, data in which the first content key is encrypted by a content key encryption key, and a link to a location on the storage medium wherein data is stored in which the content key encryption key is encrypted by the enabling key block (EKB), and storing second message data that includes data in which second content is encrypted by a second content key, data in which the second content key is encrypted by the content key encryption key, and another link to the location on the storage medium wherein the data is stored in which the content key encryption key is encrypted by the enabling key block (EKB);
  
  obtaining an enabling key block (EKB) using at least one or more keys selected from the group consisting of a plurality of node keys and a plurality of leaf keys, the plurality of node keys being associated with a plurality of nodes whereby a given one of a plurality of node keys is associated with a particular one of the plurality of nodes, the plurality of leaf keys being associated with a plurality of leaves whereby a given one of the plurality of leaf keys is associated with a specific one of the plurality of leaves, the plurality of nodes being arranged according to a hierarchical tree structure having a root node and the plurality of leaves, at least one of the plurality of node keys being renewable using the renewal node key;
  
  decrypting, using the enabling key block, the data in which the content key encryption key is encrypted;
  
  decrypting, using the content key encryption key, the data in which content key is encrypted; and
  
  decrypting the at least one of the encrypted first content using the content key.
- View Dependent Claims (23)
- - 23. The computer-readable medium according to claim 22, wherein a same encryption key is used for both the first content key and the second content key.

24. An information processing method for distributing encrypted message data, said method comprising:
- generating a plurality of node keys, the plurality of node keys being associated with a plurality of nodes whereby a given one of the plurality of node keys is associated with a particular one of the plurality of nodes, the plurality of nodes being arranged according to a hierarchical tree structure having a root node and a plurality of leaves, the plurality of leaves being associated with a plurality of leaf keys and with a plurality of devices whereby a given one of the plurality of leaves is associated with a specific one of the plurality of leaf keys and with a particular one of the plurality of devices;
  
  generating an enabling key block (EKB) using one or more keys selected from the group consisting of the plurality of node keys and the plurality of leaf keys; and
  
  generating a storage medium storing first message data that includes data in which first content is encrypted by a first content key, data in which the first content key is encrypted by a content key encryption key, and a link to a location on the storage medium wherein data is stored in which the content key encryption key is encrypted by the enabling key block (EKB), and storing second message data that includes data in which second content is encrypted by a second content key, data in which the second content key is encrypted by the content key encryption key, and another link to the location on the storage medium wherein the data is stored in which the content key encryption key is encrypted by the enabling key block (EKB), to distribute the first message data and the second message data to a plurality of devices.
- View Dependent Claims (25, 26, 27)
- - 25. The information processing method according to claim 24, wherein at least one of the first message data and the second message data includes an authentication key used in authentication processing.
  - 26. The information processing method according to claim 24, wherein at least one of the first message data and the second message data includes a key for generating an integrity check value (ICV) of contents.
  - 27. The information processing method according to claim 24, wherein a same encryption key is used for both the first content key and the second content key.

28. An information processing method, comprising:
- obtaining a storage medium storing first message data that includes data in which first content is encrypted by a first content key, data in which the first content key is encrypted by a content key encryption key, and a link to a location on the storage medium wherein data is stored in which the content key encryption key is encrypted by the enabling key block (EKB), and storing second message data that includes data in which second content is encrypted by a second content key, data in which the second content key is encrypted by the content key encryption key, and another link to the location on the storage medium wherein the data is stored in which the content key encryption key is encrypted by the enabling key block (EKB);
  
  obtaining the enabling key block (EKB) using at least one or more keys selected from the group consisting of a plurality of node keys and a plurality of leaf keys, the plurality of node keys being associated with a plurality of nodes whereby a given one of a plurality of node keys is associated with a particular one of the plurality of nodes, the plurality of leaf keys being associated with a plurality of leaves whereby a given one of the plurality of leaf keys is associated with a specific one of the plurality of leaves, the plurality of nodes being arranged according to a hierarchical tree structure having a root node and the plurality of leaves, at least one of the plurality of node keys being renewable using the renewal node key;
  
  decrypting, using the enabling key block (EKB), the data in which the content key encryption key is encrypted;
  
  decrypting, using the content key encryption key, the data in which content key is encrypted; and
  
  decrypting the encrypted first content using the content key.
- View Dependent Claims (29)
- - 29. The information processing method according to claim 28, wherein a same encryption key is used for both the first content key and the second content key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sony Corporation (Sony Group Corp.)
Original Assignee
Sony Corporation (Sony Group Corp.)
Inventors
Ishiguro, Ryuji, Osawa, Yoshitomo, Oishi, Tateo, Asano, Tomoyuki, Mitsuzawa, Atsushi
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Lipman, Jacob

Application Number

US10/009,076
Publication Number

US 20020136411A1
Time in Patent Office

2,766 Days
Field of Search

380/278, 380/280
US Class Current

380/278
CPC Class Codes

G06F 21/107   License processing; Key pro...

G06F 21/1076   Revocation

G06F 21/109   by using specially-adapted ...

G06F 2221/2107   File encryption

G06F 2221/2109   Game systems

G11B 20/00086   Circuits for prevention of ...

G11B 20/0021   involving encryption or dec...

G11B 20/00253   wherein the key is stored o...

G11B 20/00536   wherein encrypted content d...

H04L 2209/60   Digital content management,...

H04L 9/0836   using tree structure or hie...

H04L 9/0891   Revocation or update of sec...

Y04S 40/20   Information technology spec...

Information processing system and method for distributing encrypted message data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Information processing system and method for distributing encrypted message data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links