Renewable traitor tracing
First Claim
1. A method of preventing re-use of compromised sequence keys in a broadcast encryption system, the method comprising:
- receiving a distributed protected file and a sequence key block at a receiver, the sequence key block being formulated to cryptographically revoke traitorous receivers;
selecting a first Sequence Key from a plurality of Sequence Keys, the plurality of Sequence Keys being associated with the receiver, and the plurality of Sequence Keys being related by the sequence key block;
determining by cryptographic testing that the first Sequence Key is compromised,cryptographic testing comprising applying the first Sequence Key to the sequence key block;
determining that at least one additional Sequence Key is available;
traversing the sequence key block to select a second Sequence Key from the plurality of sequence keys;
determining by cryptographic testing that the second sequence key is compromised,cryptographic testing comprising applying the first Sequence Key to the sequence key block;
traversing the remainder of the sequence key block and thereby determining that no uncompromised sequence keys can be determined from the sequence key block;
identifying the receiver as traitorous based on the lack of uncompromised sequence keys.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention provides a method performed on a computer of preventing re-use of compromised keys in a broadcast encryption system. In an exemplary embodiment, the method includes (1) incorporating a particular set of Sequence Keys assigned by a license agency into individual receivers, (2) assigning a Sequence Key Block (SKB) by the license agency to at least one distributed protected file, (3) performing incremental cryptographic testing by the individual receivers to determine if a selected Sequence Key from the set of Sequence Keys is compromised, (4) if the selected Sequence Key is not compromised, decrypting the file, and (5) if the selected Sequence Key is compromised and if a subsequent Sequence Key from the set of Sequence Keys is available, selecting the subsequent Sequence Key.
-
Citations
20 Claims
-
1. A method of preventing re-use of compromised sequence keys in a broadcast encryption system, the method comprising:
-
receiving a distributed protected file and a sequence key block at a receiver, the sequence key block being formulated to cryptographically revoke traitorous receivers; selecting a first Sequence Key from a plurality of Sequence Keys, the plurality of Sequence Keys being associated with the receiver, and the plurality of Sequence Keys being related by the sequence key block; determining by cryptographic testing that the first Sequence Key is compromised, cryptographic testing comprising applying the first Sequence Key to the sequence key block; determining that at least one additional Sequence Key is available; traversing the sequence key block to select a second Sequence Key from the plurality of sequence keys; determining by cryptographic testing that the second sequence key is compromised, cryptographic testing comprising applying the first Sequence Key to the sequence key block; traversing the remainder of the sequence key block and thereby determining that no uncompromised sequence keys can be determined from the sequence key block; identifying the receiver as traitorous based on the lack of uncompromised sequence keys. - View Dependent Claims (2, 3, 4, 5, 6, 13, 15)
-
-
7. A computer program product for preventing re-use of compromised sequence keys in a broadcast encryption system, the computer program product comprising a non-transitory computer readable storage medium having computer readable program code embodied therewith, the computer readable program code comprising computer readable code for:
-
receiving a distributed protected file and a sequence key block at a receiver, the sequence key block being formulated to cryptographically revoke traitorous receivers; selecting a first Sequence Key from a plurality of Sequence Keys, the plurality of Sequence Keys being associated with the receiver, and the plurality of Sequence Keys being related by the sequence key block; determining by cryptographic testing that the first Sequence Key is compromised, cryptographic testing comprising applying the first Sequence Key to the sequence key block; determining that at least one additional Sequence Key is available; traversing the sequence key block to select a second Sequence Key from the plurality of sequence keys; determining by cryptographic testing that the second sequence key is compromised, cryptographic testing comprising applying the first Sequence Key to the sequence key block; traversing the remainder of the sequence key block and thereby determining that no uncompromised sequence keys can be determined from the sequence key block identifying the receiver as traitorous based on the lack of uncompromised sequence keys. - View Dependent Claims (8, 9, 10, 11, 12, 14, 16, 17, 18, 19, 20)
-
Specification