×

Data protection system that protects data by encrypting the data

  • US 9,130,741 B2
  • Filed: 04/08/2013
  • Issued: 09/08/2015
  • Est. Priority Date: 03/29/2001
  • Status: Expired due to Term
First Claim
Patent Images

1. A terminal device that is used in a data protection system that comprises three or more terminals including the terminal device, an encryption device, and an encryption key designation device, and that protects distribution data that is to be distributed to said terminals, according to said encryption device encrypting the distribution data, wherein:

  • each terminal is operable to(i) store a decryption key group assigned individually to the terminal, respectively, according to(a) a determination of two or more terminal groups, which are groups having two or more terminals as members, so that each of the terminals is a member of at least one of the terminal groups, and so that any one of the terminal groups that shares a same terminal as a member with an other one of the terminal groups does not completely include the other one of the terminal groups sharing the same terminal as a member and is not completely included in the other one of the terminal groups sharing the same terminal as a member,(b) a decision of one or more decryption keys individually in correspondence with each terminal and each determined terminal group, and(c) an assignment, to each terminal, the decryption key group, where the decryption key group is based on the decryption key decided in correspondence with the terminal, and decryption keys decided in correspondence with all terminal groups that include the terminal, respectively;

    (ii) obtain an encrypted distribution data group that has been output from said encryption device, and(iii) use a stored decryption key to decrypt encrypted distribution data;

    said encryption key designation device is operable to designate encryption keys, and includes;

    an invalid terminal designation unit for receiving a specification of one or more terminal whose encryption keys have been exposed and designating the one or more terminals as invalid terminals such that data will be encrypted so that the one or more terminal designated as invalid will be unable to decrypt the data; and

    an encryption key designation unit for designating, when all the decryption keys assigned to the terminals, other than decryption keys assigned to the one or more invalid terminals, are prescribed as valid decryption keys, and when a procedure for selecting an assigned valid decryption key for the most terminals not designated as invalid terminals is repeated until all terminals not designated as invalid terminals have been assigned a selected valid decryption key, encryption keys that respectively correspond to each of the valid decryption keys that are selected as a result of the procedure; and

    said encryption device includes an encryption unit for encrypting distribution data by successively using all the designated encryption keys to encrypt distribution data, generating the encrypted distribution data group, and outputting the generated encrypted distribution data group; and

    a key storage device for, when each terminal is corresponded with a node on a lowest level in an N-ary tree structure having a plurality of hierarchies, where N is a natural number equal to or greater than three,determining, for each node other than the nodes on the lowest level, a plurality of combination patterns, for each one of N nodes that are reached from the each node constituting a parent node of the one of the N nodes, that are combinations of two or more of the N nodes including the one of the N nodes, and that include a combination of all of the N nodes,deciding an individual decryption key for each determined combination pattern and storing each decided decryption key in correspondence with the parent node, andfurther stores an individual decryption key in correspondence with each node in the lowest level.

View all claims
  • 0 Assignments
Timeline View
Assignment View
    ×
    ×