Secure key management for scalable codestreams
First Claim
1. A computer-storage medium having computer-useable instructions embodied thereon for executing a method of accessing levels within a codestream comprising a plurality of scalable access types, comprising:
- identifying a first desired level of access among a set of first levels of a fully-ordered access type, in which each lower-ranked first level is always included within each higher-ranked first level;
identifying a second desired level of access among a second set of second levels of a partially-ordered access type, in which each lower-ranked second level is not always included within each higher-ranked second level;
securing authorization to access the codestream at a desired level combination comprising the first desired level and the second desired level;
receiving an access node set comprising a partially-ordered set of access nodes representing a product of a fully-ordered node set representing the fully-ordered access type and a partially ordered node set representing the partially-ordered access type;
receiving a single key allowing access to the codestream at the desired level combination; and
using the access node set and the single key to access at least one lower combination comprising at least one of a lower-ranked first level and a lower-ranked second level.
2 Assignments
0 Petitions
Accused Products
Abstract
Key management is performed to generate a single key allowing of the decoding of all authorized levels of a plurality of access types within a scalable codestream. An access node set is derived from sets representing access types having hierarchies representable by fully ordered sets, such as resolution and layer levels, and hierarchies representable by partially ordered sets, such as tile and precinct levels. The access node set derived is a partially ordered set representing the combinations of levels of the access types included within the codestream. A hierarchical key management system is applied to the access node set to assign a key to each of the access nodes, generate content encryption keys, and encrypt the codestream. A client receiving the codestream, access node set, and other public information uses the key to derive additional keys to decrypt the codestream.
9 Citations
4 Claims
-
1. A computer-storage medium having computer-useable instructions embodied thereon for executing a method of accessing levels within a codestream comprising a plurality of scalable access types, comprising:
-
identifying a first desired level of access among a set of first levels of a fully-ordered access type, in which each lower-ranked first level is always included within each higher-ranked first level; identifying a second desired level of access among a second set of second levels of a partially-ordered access type, in which each lower-ranked second level is not always included within each higher-ranked second level; securing authorization to access the codestream at a desired level combination comprising the first desired level and the second desired level; receiving an access node set comprising a partially-ordered set of access nodes representing a product of a fully-ordered node set representing the fully-ordered access type and a partially ordered node set representing the partially-ordered access type; receiving a single key allowing access to the codestream at the desired level combination; and using the access node set and the single key to access at least one lower combination comprising at least one of a lower-ranked first level and a lower-ranked second level.
-
-
2. A system for controlling access to levels within a codestream comprising a plurality of scalable access types, the system comprising:
-
a server comprising one or more computers programmed to perform actions including; maintaining an access node set comprising a plurality of access nodes each representing a member of a partially ordered set of combinations of levels to a plurality of scalable access types, wherein the access node set is a product of at least one fully-ordered set and at least one partially-ordered set; maintaining a key for each of the plurality of access nodes, each key permitting access to a combination of levels associated with an access node and any combination of levels comprising at least one lower-ranked level; receiving an authorization request for a desired level combination indicating a desired access level for each of the plurality of scalable access types; identifying set a desired access node for the desired level combination and retrieving a desired key for with the desired access node; and communicating the access node set and the desired key; and a client comprising one or more computers programmed to perform actions including; selecting the desired level combination; receiving the access node set and the desired key; and using the desired key access to the codestream at the desired level combination and, by using the access node set and the desired key, deriving at least one additional key providing access to a combination of levels comprising at least one lower-ranked level. - View Dependent Claims (3, 4)
-
Specification