Secure key management for scalable codestreams

US 7,644,445 B2
Filed: 07/11/2005
Issued: 01/05/2010
Est. Priority Date: 07/11/2005
Status: Active Grant

First Claim

Patent Images

1. A computer-storage medium having computer-useable instructions embodied thereon for executing a method of accessing levels within a codestream comprising a plurality of scalable access types, comprising:

identifying a first desired level of access among a set of first levels of a fully-ordered access type, in which each lower-ranked first level is always included within each higher-ranked first level;

identifying a second desired level of access among a second set of second levels of a partially-ordered access type, in which each lower-ranked second level is not always included within each higher-ranked second level;

securing authorization to access the codestream at a desired level combination comprising the first desired level and the second desired level;

receiving an access node set comprising a partially-ordered set of access nodes representing a product of a fully-ordered node set representing the fully-ordered access type and a partially ordered node set representing the partially-ordered access type;

receiving a single key allowing access to the codestream at the desired level combination; and

using the access node set and the single key to access at least one lower combination comprising at least one of a lower-ranked first level and a lower-ranked second level.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Key management is performed to generate a single key allowing of the decoding of all authorized levels of a plurality of access types within a scalable codestream. An access node set is derived from sets representing access types having hierarchies representable by fully ordered sets, such as resolution and layer levels, and hierarchies representable by partially ordered sets, such as tile and precinct levels. The access node set derived is a partially ordered set representing the combinations of levels of the access types included within the codestream. A hierarchical key management system is applied to the access node set to assign a key to each of the access nodes, generate content encryption keys, and encrypt the codestream. A client receiving the codestream, access node set, and other public information uses the key to derive additional keys to decrypt the codestream.

9 Citations

View as Search Results

4 Claims

1. A computer-storage medium having computer-useable instructions embodied thereon for executing a method of accessing levels within a codestream comprising a plurality of scalable access types, comprising:
- identifying a first desired level of access among a set of first levels of a fully-ordered access type, in which each lower-ranked first level is always included within each higher-ranked first level;
  
  identifying a second desired level of access among a second set of second levels of a partially-ordered access type, in which each lower-ranked second level is not always included within each higher-ranked second level;
  
  securing authorization to access the codestream at a desired level combination comprising the first desired level and the second desired level;
  
  receiving an access node set comprising a partially-ordered set of access nodes representing a product of a fully-ordered node set representing the fully-ordered access type and a partially ordered node set representing the partially-ordered access type;
  
  receiving a single key allowing access to the codestream at the desired level combination; and
  
  using the access node set and the single key to access at least one lower combination comprising at least one of a lower-ranked first level and a lower-ranked second level.

2. A system for controlling access to levels within a codestream comprising a plurality of scalable access types, the system comprising:
- a server comprising one or more computers programmed to perform actions including;
  
  maintaining an access node set comprising a plurality of access nodes each representing a member of a partially ordered set of combinations of levels to a plurality of scalable access types, wherein the access node set is a product of at least one fully-ordered set and at least one partially-ordered set;
  
  maintaining a key for each of the plurality of access nodes, each key permitting access to a combination of levels associated with an access node and any combination of levels comprising at least one lower-ranked level;
  
  receiving an authorization request for a desired level combination indicating a desired access level for each of the plurality of scalable access types;
  
  identifying set a desired access node for the desired level combination and retrieving a desired key for with the desired access node; and
  
  communicating the access node set and the desired key; and
  
  a client comprising one or more computers programmed to perform actions including;
  
  selecting the desired level combination;
  
  receiving the access node set and the desired key; and
  
  using the desired key access to the codestream at the desired level combination and, by using the access node set and the desired key, deriving at least one additional key providing access to a combination of levels comprising at least one lower-ranked level.
- View Dependent Claims (3, 4)
- - 3. The system of claim 2, wherein the server is further programmed to generate the key for each of the plurality of access nodes by performing actions comprising:
    - identifying a root node from the access node set, the root node representing a combination of highest levels for the plurality of scalable access types;
      
      assigning a root key to the root node;
      
      identifying access nodes other than the root node as child nodes;
      
      identifying at least one parent node for each of a plurality of child nodes, the parent node representing a combination of levels for which one of the combination of levels is a next higher-ranked level than for the child node; and
      
      for each of the child nodes, calculating a child key from at least one parent key of the at least one parent node of the child node.
  - 4. The system of claim 3, wherein the server is further programmed to generate the key for each of the plurality of access nodes, by performing actions comprising:
    - associating a random number with each of the child nodes; and
      
      for each of the child nodes, calculating the child key using a group Diffie Hellman protocol using the random number associated with the child node and the at least one parent key of the at least one parent node of the child node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Feng, Min, Zhu, Bin, Li, Shipeng
Primary Examiner(s)
Kim; Jung
Assistant Examiner(s)
PERUNGAVOOR, VENKATANARAY

Application Number

US11/178,943
Publication Number

US 20070009103A1
Time in Patent Office

1,639 Days
Field of Search

726/2, 726/17, 726/27, 726/30, 380/259, 380/278
US Class Current

726/30
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 9/0836   using tree structure or hie...

H04L 9/0841   involving Diffie-Hellman or...

Secure key management for scalable codestreams

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

9 Citations

4 Claims

Specification

Solutions

Use Cases

Quick Links

Secure key management for scalable codestreams

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

4 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links