Method for broadcast encryption and key revocation of stateless receivers
First Claim
Patent Images
1. A digital processing apparatus accessing a computer readable storage medium storing logic, the logic comprising:
- assigning each user in a group of users respective private information Iu;
selecting at least one session encryption key K;
partitioning users not in a revoked set R into disjoint subsets Sil, . . . Sim having associated subset keys Lil, . . . Lim;
encrypting the session key K with the subset keys Lil, . . . , Lim to render m encrypted versions of the session key K;
identifying subsets of users using a subset difference routine wherein respective groups of users correspond to a universe of sets Sl, . . . , Sw that can be described as “
a first subtree A minus a second subtree B that is entirely contained in A”
with each node in the tree having a set of labels, one unique to the node and others that are induced by ancestor nodes and with each user being assigned labels from all nodes hanging from nodes in a direct path between the user and the root but not from nodes in the direct path itself, further comprising;
partitioning the users into groups Sl, . . . , Sw, wherein “
w”
is an integer, and the groups establish subtrees in a tree;
using private information Iu to decrypt the session key, wherein the act of decrypting includes using information ij such that a user belongs to a subset Sij, and retrieving a subset key Lij using the private information of the user.
1 Assignment
0 Petitions
Accused Products
Abstract
A tree is used to partition stateless receivers in a broadcast content encryption system into subsets. Two different methods of partitioning are disclosed. When a set of revoked receivers is identified, the revoked receivers define a relatively small cover of the non-revoked receivers by disjoint subsets. Subset keys associated with the subsets are then used to encrypt a session key that in turn is used to encrypt the broadcast content. Only non-revoked receivers can decrypt the session key and, hence, the content.
23 Citations
1 Claim
-
1. A digital processing apparatus accessing a computer readable storage medium storing logic, the logic comprising:
-
assigning each user in a group of users respective private information Iu; selecting at least one session encryption key K; partitioning users not in a revoked set R into disjoint subsets Sil, . . . Sim having associated subset keys Lil, . . . Lim; encrypting the session key K with the subset keys Lil, . . . , Lim to render m encrypted versions of the session key K; identifying subsets of users using a subset difference routine wherein respective groups of users correspond to a universe of sets Sl, . . . , Sw that can be described as “
a first subtree A minus a second subtree B that is entirely contained in A”
with each node in the tree having a set of labels, one unique to the node and others that are induced by ancestor nodes and with each user being assigned labels from all nodes hanging from nodes in a direct path between the user and the root but not from nodes in the direct path itself, further comprising;partitioning the users into groups Sl, . . . , Sw, wherein “
w”
is an integer, and the groups establish subtrees in a tree;using private information Iu to decrypt the session key, wherein the act of decrypting includes using information ij such that a user belongs to a subset Sij, and retrieving a subset key Lij using the private information of the user.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsLotspiech, Jeffrey Bruce, Naor, Dalit, Naor, Simeon
-
Primary Examiner(s)NGUYEN, MINH DIEU T
-
Application NumberUS11/117,677Publication NumberTime in Patent Office1,811 DaysField of Search713162-163, 380/277, 705/50, 725/31, 709202-203, 709217-219, 709227-229US Class Current713/163CPC Class CodesG11B 20/0021 involving encryption or dec...H04L 12/18 for broadcast or conference...H04L 2209/605 Copy protectionH04L 2209/606 Traitor tracingH04L 63/0428 wherein the data content is...H04L 9/0836 using tree structure or hie...H04L 9/0891 Revocation or update of sec...
