65 results about "Key tree" patented technology

A method and apparatus is provided for consolidating cryptographic key updates, the consolidated update information enabling, for example, a returning member of a secure group who has been offline, to recover the current group key, at least in most cases. The unconsolidated key updates each comprise an encrypted key, corresponding to a node of a key hierarchy, that has been encrypted using a key which is a descendant of that node. The key updates are used to maintain a key tree with nodes in this tree corresponding to nodes in the key hierarchy. Each node of the key tree is used to store, for each encrypting key used in respect of the encrypted key associated with the node, the most up-to-date version of the encrypted key with any earlier versions being discarded. The key tree, or a subset of the tree, is then provided to group members.

A system and method of managing multicast key distribution that includes associating a multicast address with each internal node of the key tree, wherein the key tree is created based on the last hop topology.

A configuration is provided for enabling a process in which appropriate content code corresponding to apparatuses and applications of various model types and versions is selected to be performed. In a configuration in which content code recorded on an information recording medium is obtained, and processing, such as a security check in accordance with the content code, conversion of the content data, and embedding of player information into the content, is performed, at least a portion of the content code is set as encrypted data, and as an encryption key therefore, a node key set so as to correspond to a node of a key tree having a hierarchical structure is used. With this configuration, it is possible to specify in advance a player capable of decrypting the encryption part of the content code by using the node key, and only appropriate content code compliant with each player is processed, thereby making it possible to prevent a process of using invalid content code.

The inventive data processing apparatus enables own memory device to store a plurality of key distribution approval data files each containing such a header data comprising a number of “link-count” data units each designating actual number of applicable contents data per decodable contents key based on an enabling key block (EKB) distribution key enciphering key (KEK) enciphered by a corresponding enabling key block (EKB) provided for by a hierarchy key tree structure. When storing a plurality of the enabling key blocks (EKB) in a memory device, such a key enciphering key (KEK) contained in an enabling key block (EKB) having a number of link-count data units is previously decoded and stored in the memory device. By way of applying the stored (KEK) when utilizing contents data, the enabling key block (EKB) processing step is deleted, whereby promoting higher efficiency in the utilization of contents data.

An information processing system and method are disclosed in which information processing is performed in a highly efficient manner using an enabling key block (EKB) on the basis of a tree structure including category subtrees. A key tree is formed so as to include a plurality of subtrees serving as category trees categorized in accordance with categories and managed by category entities. An EKB including data produced by selecting a path in a tree and encrypting a higher-level key in the selected path using a lower-level key in the selected path. The resultant EKB is provided to a device. Distribution of EKB's is managed on the basis of an EKB type definition list representing the correspondence between an EKB type identifier and one or more identification data identifying one or more category trees that can process an EKB of an EKB type specified by the EKB type identifier.

An information processing system and method using an encryption key block sets sub-trees classified based on data processing ability of the devices (capability) in a key tree in which respective keys are corresponded to a root, nodes and leaves of a tree in which a plurality of devices are constituted as the leaves, generates a sub-enabling key block which is effective for an entity in a managing subject of each sub-tree (entity), and generates an enabling key block decodable only by the entities having common capability. Also, an information processing system and method using an encryption key block manages a partial tree of a key tree (sub-tree), generates a sub-enabling key block based only on a key set corresponding to nodes or leaves included in the sub-tree, and generates an enabling key block decodable only by selected entities by using the sub-enabling key block. Thus, it is possible to generate and distribute an enabling key block corresponding to data processing ability of a device and to manage devices by dividing a hierarchical key tree structure.

The present invention relates to a key management method based on wireless Mesh network, which is characterized in that the method includes procedures below: As relation amongst communication nodes of a mesh cluster varies, an auxiliary updating node is selected from a key tree in correspondence with the Mesh cluster. Wherein, the key tree is provided with a ternary tree structure. A key and a blind key of the auxiliary updating node are created at random. Keys and blind keys at all key nodes in a key path of the key tree are calculated for the auxiliary updating node. Besides, all key nodes of the key tree broadcast to blind keys of all key nodes on the key path. Each leaf node of the key tree updates its own keys and blind keys and works out cluster keys. The technic proposal of the present invention provides parameters of total information length while nodes are added and leaves, password calculation quantity, total combined cluster information length and so on lower than those of prior arts, thus eliminating conflicts of safety demands of prior arts with expansibility and QoS demands.

A unified broadcast encryption system divides a media key tree into S subtrees, divides digital content into segments, and converts some of the segments into variations; the number of segments and variations is q. The system subdivides each of the subtrees into q/|S| subdivided subtrees, assigns a key media variant to each of the subdivided subtrees, and generates a unified media key block (MKB_u). The system decrypts digital content by obtaining required key media variants from the MKB_u, using the key media variant to find an entry in a variant key table, decrypt a title key, and locate a variant number from the variant key table. The system uses the variant number to identify which of the variations may be decrypted by the title key and uses the title key to decrypt segments and variations.

A system and method is disclosed for performing unified broadcast encryption and traitor tracing for digital content. In one embodiment a media key tree is divided into S subtrees, the media key tree including media keys and initial values, which may be random values. The digital content is divided into a plurality of segments and at least some of the segments are converted into a plurality of variations. The random values are transformed into media key variations and a separate media key variant is assigned to each of the subdivided subtrees. A unified media key block including the media key tree is stored on the media.

The invention belongs to the technical field of cloud storage, and discloses a cloud storage system and method capable of supporting secure data deduplication and deletion. The method comprises the following technical algorithms: providing secure data deduplication between different users by adopting a deduplication and encryption scheme and a server-assisted network structure; and building secureand efficient data deletion by using an encapsulation key tree. The invention further can support dynamic data updating, namely supporting interpolation, deletion and alteration operation of data inthe system. Efficient data updating is executed by adopting an increment data updating method, and only updated parts are required to be encrypted and uploaded. Through the combination with an increment updating technology, withdrawing/reworking operation of dynamic data is also considered, so that calculation and communication expenses for cloud storage are greatly reduced. Furthermore, detailedsecurity analysis and performance assessment are performed in the method disclosed by the invention. A result shows that the method disclosed by the invention can fulfill an expected security aim andalso realize efficient data deletion and deduplication operation.

The present invention provides an encryption system and method for resisting re-encryption key leakage and capable of cancelling attributes. The method comprises: 1, setting the parameters of an encryption system; 2, generating the main private key and the public key of the encryption system; 3, generating a user private key; 4, building a re-encryption key tree; 5, generating a cryptograph file; 6, cancelling attributes; 7, performing re-encryption agency; 8, accessing the cryptograph file; 9, determining whether the update position of the cryptograph file is 1 or not; 10, decrypting an un-updating cryptograph file; 11, updating the private key; 12, decrypting the update cryptograph file; and 13, quitting the encryption system. Through adoption of a dual-agency re-encryption server model, the encryption system and method for resisting re-encryption key leakage and capable of cancelling attributes can resist the leakage of the re-encryption key. When the attributes are cancelled, an attribute user group is employed to construct the re-encryption key tree so as to effectively, timely and accurately cancel the indirect attributes. When the encryption is performed, the secret is dispersed to resist the conspiracy attack.

The invention discloses a revocable attribute-based encryption system and method for cloud storage. An attribute authorization module generates a public key and a main private key of an encryption system, and an attribute private key and an attribute group initial key of a data user; a data owner module constructs a data access structure, and obtain initial ciphertext by encrypting the plaintext;a data management module generates a attribute group key through the constructed key encryption key tree, performs re-encryption processing on the initial ciphertext to generate a ciphertext file anda ciphertext header of the ciphertext file, and stores the ciphertext file via a storage module; the data management module can also update the attribute group key after the data user module attributeis revoked, and process to obtain an updated ciphertext file. The data user module accesses the ciphertext file and decrypts the ciphertext file to obtain a plaintext corresponding to the ciphertextfile. Therefore, the attribute-level user revocation capability is implemented, the collusion attack between a revoking user and a non-revoking user can be resisted, and fixed-length ciphertext lengthand higher efficiency are achieved.

The present invention addresses the foregoing need by creating two identically structured storage trees with a single storage root key. As envisioned in the current art (e.g., the TCPA specification), all migratable keys will be stored in a migratable storage tree. These migratable keys will be storage keys except at the extreme end of any branch, where the key (known as a leaf key) will be a user key. However, an additional storage tree will also be created which shadows the migratable storage key. This second storage tree will be comprised entirely of non-migratable storage keys of the quicker loading type except for the leaf keys (which will be identical to the leaf keys in the migratable storage tree (MST). The second storage tree (SST) will have a storage key for every migratable storage key in the MST. The use authorization for the keys in the SST will be identical to the use authorization for the MST.

The data processing system is realizable by executing a step of ciphering contents keys used for decoding ciphered contents data by applying mutually different ciphering keys before storing ciphered contents keys in memory as header data of the corresponding contents data. One of the ciphered contents keys comprises ciphered data ciphered by a ciphering key provided for by enabling key block comprising such data composition which is solely decodable by specific device by way of disposing related keys in such corresponding nodes on the path ranging from roots to leaves of a key tree structure for distributing keys. The other ciphered contents key comprises such data ciphered by a specific key proper to a corresponding storage device to enable the device for reproducing contents data to properly and selectively utilize data of ciphered key, whereby enabling the data processing system to properly reproduce decoded contents data.

The invention provides a key tree-based specific text information processing method and system, comprising the steps of: storing specific text information; generating a key tree including the specific text information; searching whether the given character string is included in the specific text information the key tree includes according to the key tree and then outputting the searching result. And the invention is used to raise specific text information processing rate, reduce misreporting and raise processing rate of the whole service.