CN101542966B

CN101542966B - Information processing device

Info

Publication number: CN101542966B
Application number: CN200780042754.1A
Authority: CN
Inventors: 浅野智之; 草川雅文
Original assignee: Sony Corp
Current assignee: Sony Corp
Priority date: 2006-11-16
Filing date: 2007-10-03
Publication date: 2013-03-27
Anticipated expiration: 2027-10-03
Also published as: CN101542966A; JP2008131076A

Abstract

An information processing device is provided for making it possible to reduce the number of keys for a terminal device to hold and a calculating amount necessary for decoding encrypted data. The information processing device sets up an entirely tree structure comprised of n-leaf nodes, a root node, a plurality of intermediate nodes other than root nodes and leaf nodes, divides the entirely tree structure into a plurality of basic component trees with n<1/y> leaf nodes and classifies it into y classes (y is a divisor of log(n)), so that root nodes of the basic component trees at a lower class are configured to become leaf nodes of the basic component trees at a higher class. Further, the information processing device allocates a subset of the terminal device to each node of each basic component tree and generates a directional graph in which directional branches to mutually connect coordinate points on coordinate axes are generated.

Description

Information processor

Technical field

The present invention relates to information process unit, terminal unit, information processing method, key generation method and program thereof.

Background technology

Now, the development of the encryption technology relevant with the contents distribution on network etc. causes the interest that people are increasing.The method of distributing especially, safely and effectively the encryption key of enabling decryption of encrypted content causes that people pay close attention to especially.In general, have with effective reception power n (n be 2 or above natural number) recipient for distributor of distribution of encrypted content, and the mechanism without n recipient's ability enabling decryption of encrypted content in the middle of a plurality of interceptors that only is present on the network is absolutely necessary.Further, become in time because have the recipient's of effective reception power quantity n, so need to deal with flexibly the mechanism of variation of recipient's set.

Further, in machine-processed like this realization, inevitably, aspect the distributor, can produce the processing load relevant with generation, preservation and the distribution of encryption key, the encryption of content etc., and aspect the recipient, can produce the relevant processing loads such as deciphering with the preservation of decruption key and reception, content.The burden of really, encrypting the distribution cost is corresponding alleviating along with the various nearest technical development such as the raising of the communication speed of the raising of the throughput of messaging device, memory capacity etc. and information transmission path.But, because the remarkable increase of the client's of content distribution service quantity and must be enough to watch out for the requirement of skilled malice interceptor's encryption technology to safety, increase by encrypting the processing load that distribution causes thereupon.

Under such environment, as using broadcast channel safely information to be sent to the optional one group of recipient's of distributor technology, people have proposed the scheme such as cancelling scheme and broadcast encryption scheme.An example of broadcast encryption scheme is the encryption key distribution scheme that is disclosed in the following non-patent literature 1, and the feature of this scheme is to use existing hierarchical tree structure that cipher key distribution scheme is made the improvement that key is derived the aspect, path.Specifically, the scheme that this recipient's set is considered to be divided into a plurality of subsets does not add and creates a new subset in this subset by will being included in recipient in certain subset, as the result who repeats this method, create a subset chain, then derive with along the corresponding encryption key of every subset of this chain.Thereby, can reduce quantity, the amount of calculation of generating solution decryption key and the traffic of key distribution of the key that the recipient preserves.

Non-patent literature 1:Nattapong Attrapadung and Hideki Imai, " Subset Incre-mental Chain Based Broadcast Encryption with Shorter Ciphertext ", The 28thSymposium on Information Theory and Its Application (SITA2005).

Summary of the invention

The problem to be solved in the present invention

According to the encryption key distribution scheme of above-mentioned non-patent literature 1 with have obvious advantage such as comparing with the cipher key distribution scheme the SD scheme (subset difference scheme) according to the CD scheme (complete subtree scheme) of prior art.But, from the practical point of view of planning to realize, exist in large numbers of situations of recipient the quantity of the key that the terminal unit on the receiving terminal will be preserved and the very large problem still of the amount of calculation in the required terminal unit when using the decruption key deciphering.

The present invention makes in order to solve top problem, therefore, the purpose of this invention is to provide the novelty of the required amount of calculation of the quantity that can reduce the key that terminal unit will preserve and decrypt encrypted data and improve information process unit, terminal unit, information processing method, key generation method and program thereof.

The means of dealing with problems

In order to solve top problem, according to one aspect of the present invention, provide and comprised following information process unit: tree structure arranges part, be used for the whole binary tree that configuration is comprised of n leaf node, root node and a plurality of intermediate nodes different from root node and leaf node, and whole tree is divided into comprises n ^1/yThe a plurality of basic subtree of individual leaf node, to form y layer (y is the approximate number of log (n)) hierarchy, so that the root node of the basic subtree of lower floor is consistent with the leaf node of the basic subtree on upper strata, the sets definition of leaf node that will be lower than the node w of whole tree becomes Aw, in the leaf node of basic subtree, will be positioned at the locational leaf node of certain leaf node v left side i and be defined as v ^(-i), be defined as v and will be positioned at the right side locational leaf node of i ⁽⁺ⁱ⁾, two leaf node u and v (v is on the right side of u) about basic subtree will gather (u → v) be defined as { Au, Au ∪ Au ⁽⁺¹⁾..., Au ∪ ... ∪ Av}, and will gather (u ← v) be defined as { Av, Av ∪ Av ⁽¹⁾..., Av ∪ ... ∪ Au}, when in than the low a plurality of leaf nodes of the node v of basic subtree, the leaf node that is positioned at left end is defined by lv ', and the leaf node that is positioned at right-hand member is defined by rv ' time, will gather (l _Root' → r _Root') and set (l _Root' ⁽⁺¹⁾← r _Root') be associated with the root node root of basic subtree on the top layer, will gather (lv ' → rv ' ⁽¹⁾) and set (lv ' ⁽⁺¹⁾← rv ') be associated with the root node v of basic subtree on other layer except top layer, if the intermediate node v of each subtree is positioned at its father node left side, then will gather (lv ' ⁽⁺¹⁾← rv ') be associated with intermediate node v, and if the intermediate node v of each subtree is positioned at its father node right side, then will gather (lv ' → rv ' ⁽¹⁾) be associated with intermediate node v; With the directed graph generating portion, be used for for the root node of each basic subtree and each of intermediate node v, generate with the degree of comprising that from left to right increases and arrange and be included in set (l in horizontal axis _Root' → r _Root') or set (lv ' → rv ' ⁽¹⁾) in the corresponding coordinate points of subset and arrange connection coordinate point directed edge directed graph and/or arrange and be included in set (l in horizontal axis with the degree of comprising that increases from right to left _Root' ⁽⁺¹⁾← r _Root') or set (lv ' ⁽⁺¹⁾← rv ') coordinate points that the subset in is corresponding also arranges the directed graph of the directed edge of connection coordinate point.

Further, the directed graph generating portion may further include that directed edge arranges part between subtree, be used for arranging from the directed graph corresponding with the basic subtree of lower floor to the directed edge of the corresponding directed graph of the basic subtree on upper strata.

Further, between subtree directed edge arrange part can arrange from the directed graph corresponding with the basic subtree of lower floor the first coordinate points to the corresponding directed graph of the basic subtree on upper strata in the directed edge of the second coordinate points.

The subset corresponding with the second coordinate points can comprise the subset corresponding with the first coordinate points.

Further, the directed graph generating portion can comprise that reference axis arranges part and directed edge arranges part, reference axis arranges part and can for the root node of each basic subtree and each among the intermediate node v, arrange with the degree of comprising that from left to right increases and arrange and be included in set (l _Root' → r _Root') or set (lv ' → rv ' ⁽¹⁾) in the first horizontal axis of the corresponding coordinate points of subset and/or degree of comprising arrange from right to left with increasing and be included in set (l _Root' ⁽⁺¹⁾← r _Root') or set (lv ' ⁽⁺¹⁾The second horizontal axis of the coordinate points that the subset ← rv ') is corresponding, at least two interim coordinate points also are set in addition altogether, and directed edge arranges, and part can (k be log (n being provided with given integer k on the left end of first and second each root of horizontal axis and/or right-hand member ^1/y) approximate number) and calculate and satisfy n ^(x-1)/k*y＜(rv '-lv '+1)≤n ^X/k*yInteger x after, the left end coordinate points that repeatedly arranges on every the first horizontal axis begins to extend to the n of being separated by ^{I/ (k*y)}(directed edge to the right of the coordinate points of i=0～x-1), the right-hand member coordinate points that repeatedly arranges on every the second horizontal axis begins to extend to the n of being separated by ^{I/ (k*y)}(the directed edge left of the coordinate points of i=0～x-1), the interim coordinate points of eliminating on each root of the first and second horizontal axis has head or all directed edges of tail arranged, and gets rid of other directed edge except the longest directed edge the directed edge of each coordinate points on arriving the first and second horizontal axis.

Information process unit may further include the key generating portion, is used for generating according to directed graph the set key (set key) of encrypted content or content key.

Further, the key generating portion can be in response to the input about the intermediate key t (Si) of the subset S corresponding with certain coordinate points in the directed graph, output with corresponding to the corresponding set key k (Si) of the subset Si of this coordinate points and have at coordinate points S tail directed edge on coordinate points S1, S2 ..., intermediate key t (S1), the t (S2) of Sk ..., t (Sk).

Further, the key generating portion can be in response to the input about the set key k (S) of the subset S corresponding with certain coordinate points in the directed graph, output have at coordinate points S coordinate points S1, S2 on the head of directed edge of tail ..., set key k (S1), the k (S2) of Sk ..., k (Sk).

Information process unit may further include encryption section, be used for to use in the set secret key encryption perhaps content key.

Information process unit may further include translator unit, is used for the interior perhaps content key that encryption section is encrypted is sent to respectively some or all terminal units that are associated with leaf node 1～n of whole tree.

Information process unit may further include the subset determining section, be used for when the subset of leaf node 1～n of whole tree is defined by Si, determine to allow deciphering to use the set (N R) of terminal unit of the content of set key or content key encryption, and determine to satisfy set (N R)={ S1 ∪ S2 ∪ ... m subset S1～Sm of ∪ Sm}.

Further, the subset determining section can determine to make the subset S1 of the value minimum of m～Sm.

Further, the translator unit information that the information of indication set (N R) or indication can be consisted of the subset S1 of set (N R)～Sm is sent to terminal unit.

Further, translator unit can use encryption section respectively that the interior perhaps content key of the set secret key encryption corresponding with subset S1～Sm is sent to terminal unit.

Further, in order to solve top problem, according to another aspect of the present invention, provide and comprised following terminal unit: the key generating portion, be used for generating according to directed graph the set key of deciphering encrypted content or encrypted content key, wherein, directed graph generates as follows: the whole binary tree that configuration is comprised of n leaf node, root node and a plurality of intermediate nodes different from root node and leaf node, and whole tree is divided into comprises n ^1/yThe a plurality of basic subtree of individual leaf node, to form y layer (y is the approximate number of log (n)) hierarchy, so that the root node of the basic subtree of lower floor is consistent with the leaf node of the basic subtree on upper strata, the sets definition of leaf node that will be lower than the node w of whole tree becomes Aw, in the leaf node of basic subtree, will be positioned at the locational leaf node of certain leaf node v left side i and be defined as v ^(-i), be defined as v and will be positioned at the right side locational leaf node of i ⁽⁺ⁱ⁾, two leaf node u and v (v is on the right side of u) about basic subtree will gather (u → v) be defined as { Au, Au ∪ Au ⁽⁺¹⁾..., Au ∪ ... ∪ Av}, and will gather (u ← v) be defined as { Av, Av ∪ Av ⁽¹⁾..., Av ∪ ... ∪ Au}, when in than the low a plurality of leaf nodes of the node v of basic subtree, the leaf node that is positioned at left end is defined by lv ', and the leaf node that is positioned at right-hand member is defined by rv ' time, will gather (l _Root' → r _Root') and set (l _Root' ⁽⁺¹⁾← r _Root') be associated with the root node of basic subtree on the top layer, will gather (lv ' → rv ' ⁽¹⁾) and set (lv ' ⁽⁺¹⁾← rv ') be associated with the root node v of basic subtree on other layer except top layer, if the intermediate node v of each subtree is positioned at its father node left side, then will gather (lv ' ⁽⁺¹⁾← rv ') be associated with intermediate node v, if the intermediate node v of each subtree is positioned at its father node right side, then will gather (lv ' → rv ' ⁽¹⁾) be associated with intermediate node v, and for the root node of each basic subtree and each among the intermediate node v, generate with the degree of comprising that from left to right increases and arrange and be included in set (l in horizontal axis _Root' → r _Root') or set (lv ' → rv ' ⁽¹⁾) in the corresponding coordinate points of subset and arrange connection coordinate point directed edge directed graph and/or arrange and be included in set (l in horizontal axis with the degree of comprising that increases from right to left _Root' ⁽⁺¹⁾← r _Root') or set (lv ' ⁽⁺¹⁾← rv ') coordinate points that the subset in is corresponding also arranges the directed graph of the directed edge of connection coordinate point.

Further, can arrange from the directed graph corresponding with the basic subtree of lower floor to the directed edge of the corresponding directed graph of the basic subtree on upper strata.

Further, can arrange from the directed graph corresponding with the basic subtree of lower floor the first coordinate points to the corresponding directed graph of the basic subtree on upper strata in the directed edge of the second coordinate points, can comprise the subset corresponding with the first coordinate points with the subset corresponding with the second coordinate points.

Terminal unit may further include decryption portion, is used for set secret key decryption encrypted content or the encrypted content key of using the key generating portion to generate.

Further, the key generating portion can be in response to the input about the intermediate key t (Si) of the subset S corresponding with certain coordinate points in the directed graph, output with corresponding to the corresponding set key k (Si) of the subset S of this coordinate points and with the directed edge that tail is arranged at coordinate points S on corresponding subset S1, the S2 of coordinate points ..., intermediate key t (S1), the t (S2) of Sk ..., t (Sk).

Further, decryption portion can be used set secret key decryption encrypted content key, and uses decrypted content keys enabling decryption of encrypted content.

Further, terminal unit can comprise receiving unit, be used for the set (N R) when the terminal unit of the content of having determined to allow deciphering to use set key or content key encryption, and determined satisfied set (N R)={ S1 ∪ S2 ∪ ... during the m subset S1 of ∪ Sm}～Sm, receive the information of the subset S1 that the information of indication set (N R) or indication consist of set (N R)～Sm, wherein, the subset of leaf node 1～n of whole tree is defined by Si; With the judgement part, be used for judging according to reception information whether terminal unit belongs to the some of subset S1～Sm, and determine whether permission enabling decryption of encrypted content according to result of determination.

Terminal unit may further include decryption portion, be used for using set secret key decryption encrypted content or the encrypted content key of the generation of key generating portion, with when judging that part judges that terminal unit belongs to subset S1～Sm some, decryption portion can be used set secret key decryption encrypted content or encrypted content key.

Further, in order to solve top problem, according to another aspect of the present invention, the information processing method that comprises the steps is provided: the whole binary tree that configuration is comprised of n leaf node, root node and a plurality of intermediate nodes different from root node and leaf node, and whole tree is divided into comprises n ^1/yThe a plurality of basic subtree of individual leaf node is to form y layer (y is the approximate number of log (n)) hierarchy, so that the root node of the basic subtree of lower floor is consistent with the leaf node of the basic subtree on upper strata; The sets definition of leaf node that will be lower than the node w of whole tree becomes Aw, in the leaf node of basic subtree, will be positioned at the locational leaf node of certain leaf node v left side i and be defined as v ^(-i), be defined as v and will be positioned at the right side locational leaf node of i ⁽⁺ⁱ⁾, two leaf node u and v (v is on the right side of u) about basic subtree will gather (u → v) be defined as { Au, Au ∪ Au ^(+l)..., Au ∪ ... ∪ Av}, and will gather (u ← v) be defined as { Av, Av ∪ Av ⁽¹⁾..., Av ∪ ... ∪ Au}, when in than the low a plurality of leaf nodes of the node v of basic subtree, the leaf node that is positioned at left end is defined by lv ', and the leaf node that is positioned at right-hand member is defined by rv ' time, will gather (l _Root' → r _Root') and set (l _Root' ⁽⁺¹⁾← r _Root') be associated with the root node root of basic subtree on the top layer, will gather (lv ' → rv ' ⁽¹⁾) and set (lv ' ⁽⁺¹⁾← rv ') be associated with the root node v of basic subtree on other layer except top layer, if the intermediate node v of each subtree is positioned at its father node left side, then will gather (lv ' ⁽⁺¹⁾← rv ') be associated with intermediate node v, and if the intermediate node v of each subtree is positioned at its father node right side, then will gather (lv ' → rv ' ⁽¹⁾) be associated with intermediate node v; With for the root node of each basic subtree and each among the intermediate node v, generate with the degree of comprising that from left to right increases and arrange and be included in set (l in horizontal axis _Root' → r _Root') or set (lv ' → rv ' ⁽¹⁾) in the corresponding coordinate points of subset and arrange connection coordinate point directed edge directed graph and/or arrange and be included in set (l in horizontal axis with the degree of comprising that increases from right to left _Root' ⁽⁺¹⁾← r _Root') or set (lv ' ⁽⁺¹⁾← rv ') coordinate points that the subset in is corresponding also arranges the directed graph of the directed edge of connection coordinate point.

Further, in order to solve top problem, according to another aspect of the present invention, the key generation method that generates the set key of deciphering encrypted content or encrypted content key according to directed graph is provided, wherein, directed graph obtains as follows: the whole binary tree that configuration is comprised of n leaf node, root node and a plurality of intermediate nodes different from root node and leaf node, and whole tree is divided into comprises n ^1/yThe a plurality of basic subtree of individual leaf node, to form y layer (y is the approximate number of log (n)) hierarchy, so that the root node of the basic subtree of lower floor is consistent with the leaf node of the basic subtree on upper strata, the sets definition of leaf node that will be lower than the node w of whole tree becomes Aw, in the leaf node of basic subtree, will be positioned at the locational leaf node of certain leaf node v left side i and be defined as v ^(-i), be defined as v and will be positioned at the right side locational leaf node of i ⁽⁺ⁱ⁾, two leaf node u and v (v is on the right side of u) about basic subtree will gather (u → v) be defined as { Au, Au ∪ Au ⁽⁺¹⁾..., Au ∪ ... ∪ Av}, and will gather (u ← v) be defined as { Av, Av ∪ Av ⁽¹⁾..., Av ∪ ... ∪ Au}, when in than the low a plurality of leaf nodes of the node v of basic subtree, the leaf node that is positioned at left end is defined by lv ', and the leaf node that is positioned at right-hand member is defined by rv ' time, will gather (l _Root' → r _Root') and set (l _Root' ⁽⁺¹⁾← r _Root') with top layer on the root joint root spot correlation connection of basic subtree, will gather (lv ' → rv ' ⁽¹⁾) and set (lv ' ⁽⁺¹⁾← rv ') be associated with the root node v of basic subtree on other layer except top layer, if the intermediate node v of each subtree is positioned at its father node left side, then will gather (lv ' ⁽⁺¹⁾← rv ') be associated with intermediate node v, if the intermediate node v of each subtree is positioned at its father node right side, then will gather (lv ' → rv ' ⁽¹⁾) be associated with intermediate node v, and for the root node of each basic subtree and each among the intermediate node v, generate with the degree of comprising that from left to right increases and arrange and be included in set (l in horizontal axis _Root' → r _Root') or set (lv ' → rv ' ⁽¹⁾) in the corresponding coordinate points of subset and arrange connection coordinate point directed edge directed graph and/or arrange and be included in set (l in horizontal axis with the degree of comprising that increases from right to left _Root' ⁽⁺¹⁾← r _Root') or set (lv ' ⁽⁺¹⁾← rv ') coordinate points that the subset in is corresponding also arranges the directed graph of the directed edge of connection coordinate point.

Further, in order to solve top problem, according to another aspect of the present invention, the program of the processing that computer is carried out comprise the steps is provided: the whole binary tree that configuration is comprised of n leaf node, root node and a plurality of intermediate nodes different from root node and leaf node, and whole tree is divided into comprises n ^1/yThe a plurality of basic subtree of individual leaf node is to form y layer (y is the approximate number of log (n)) hierarchy, so that the root node of the basic subtree of lower floor is consistent with the leaf node of the basic subtree on upper strata; The sets definition of leaf node that will be lower than the node w of whole tree becomes Aw, in the leaf node of basic subtree, will be positioned at the locational leaf node of certain leaf node v left side i and be defined as v ^(-i), be defined as v and will be positioned at the right side locational leaf node of i ⁽⁺ⁱ⁾, two leaf node u and v (v is on the right side of u) about basic subtree will gather (u → v) be defined as { Au, Au ∪ Au ⁽⁺¹⁾..., Au ∪ ... ∪ Av}, and will gather (u ← v) be defined as { Av, Av ∪ Av ⁽¹⁾..., Av ∪ ... ∪ Au}, when in than the low a plurality of leaf nodes of the node v of basic subtree, the leaf node that is positioned at left end is defined by lv ', and the leaf node that is positioned at right-hand member is defined by rv ' time, will gather (l _Root' → r _Root') and set (l _Root' ⁽⁺¹⁾← r _Root') be associated with the root node root of basic subtree on the top layer, will gather (lv ' → rv ' ⁽¹⁾) and set (lv ' ⁽⁺¹⁾← rv ') be associated with the root node v of basic subtree on other layer except top layer, if the intermediate node v of each subtree is positioned at its father node left side, then will gather (lv ' ⁽⁺¹⁾← rv ') be associated with intermediate node v, and if the intermediate node v of each subtree is positioned at its father node right side, then will gather (lv ' → rv ' ⁽¹⁾) be associated with intermediate node v; With for the root node of each basic subtree and each among the intermediate node v, generate with the degree of comprising that from left to right increases and arrange and be included in set (l in horizontal axis _Root' → r _Root') or set (lv ' → rv ' ⁽¹⁾) in the corresponding coordinate points of subset and arrange connection coordinate point directed edge directed graph and/or arrange and be included in set (l in horizontal axis with the degree of comprising that increases from right to left _Root' ⁽⁺¹⁾← r _Root') or set (lv ' ⁽⁺¹⁾← rv ') coordinate points that the subset in is corresponding also arranges the directed graph of the directed edge of connection coordinate point.

Further, in order to solve top problem, according to another aspect of the present invention, the program of the step of the set key that makes computer executive basis directed graph generate deciphering encrypted content or encrypted content key is provided, wherein, directed graph obtains as follows: the whole binary tree that configuration is comprised of n leaf node, root node and a plurality of intermediate nodes different from root node and leaf node, and whole tree is divided into comprises n ^1/yThe a plurality of basic subtree of individual leaf node, to form y layer (y is the approximate number of log (n)) hierarchy, so that the root node of the basic subtree of lower floor is consistent with the leaf node of the basic subtree on upper strata, the sets definition of leaf node that will be lower than the node w of whole tree becomes Aw, in the leaf node of basic subtree, will be positioned at the locational leaf node of certain leaf node v left side i and be defined as v ^(-i), be defined as v and will be positioned at the right side locational leaf node of i ⁽⁺ⁱ⁾, two leaf node u and v (v is on the right side of u) about basic subtree will gather (u → v) be defined as { Au, Au ∪ Au ⁽⁺¹⁾..., Au ∪ ... ∪ Av}, and will gather (u ← v) be defined as { Av, Av ∪ Av ⁽¹⁾..., Av ∪ ... ∪ Au}, when in than the low a plurality of leaf nodes of the node v of basic subtree, the leaf node that is positioned at left end is defined by lv ', and the leaf node that is positioned at right-hand member is defined by rv ' time, will gather (l _Root' → r _Root') and set (l _Root' ⁽⁺¹⁾← r _Root') with top layer on the root joint root spot correlation connection of basic subtree, will gather (lv ' → rv ' ⁽¹⁾) and set (lv ' ⁽⁺¹⁾← rv ') be associated with the root node v of basic subtree on other layer except top layer, if the intermediate node v of each subtree is positioned at its father node left side, then will gather (lv ' ⁽⁺¹⁾← rv ') be associated with intermediate node v, if the intermediate node v of each subtree is positioned at its father node right side, then will gather (lv ' → rv ' ⁽¹⁾) be associated with intermediate node v, and for the root node of each basic subtree and each among the intermediate node v, generate with the degree of comprising that from left to right increases and arrange and be included in set (l in horizontal axis _Root' → r _Root') or set (lv ' → rv ' ⁽¹⁾) in the corresponding coordinate points of subset and arrange connection coordinate point directed edge directed graph and/or arrange and be included in set (l in horizontal axis with the degree of comprising that increases from right to left _Root' ⁽⁺¹⁾← r _Root') or set (lv ' ⁽⁺¹⁾← rv ') coordinate points that the subset in is corresponding also arranges the directed graph of the directed edge of connection coordinate point.

In order to solve top problem, according to one aspect of the present invention, provide and comprised following information process unit: directed graph obtains part, is used for obtaining the directed graph that is comprised of many directed edges, so that an afterbody of the longest directed edge of formation directed graph is consistent with the afterbody of directed graph; With the key generating portion, be used for dividing the directed graph that obtains to generate the set key of encryption or decryption content or content key according to the directed graph acquisition unit.

Further, in order to solve top problem, according to one aspect of the present invention, provide the information process unit of processing interim directed graph, interim directed graph is for given integer k, according to satisfying n ^(x-1)/k＜(rv-lv+1)≤n ^X/kNatural number x, spread length is n on the first to the 4th horizontal axis ^I/k(i=0,1, ..., x-1) many directed edges form, at n leaf node by assigned number 1～n (n is natural number), in root node and the binary tree that a plurality of intermediate nodes different from root node and leaf node form, wherein, in a plurality of leaf nodes lower than certain intermediate node v or certain root node v, the number that is assigned to the leaf node that is positioned at left end is defined as lv, and the number that will be assigned to the leaf node that is positioned at right-hand member is defined as rv, for natural number i and j (i≤j), suppose to gather (i → j) be expressed as { { i}, { i, i+1}, ..., { i, i+1, ..., j-1, j}}, and will gather (i ← j) be expressed as { { j}, { j, j-1}, ..., { j, j-1, ..., i+1, i}}, arrange and to be associated with root node and to contain respectively that (subset in 1 → n) is associated and is arranged in the first horizontal axis of the coordinate points on the horizontal axis with the degree of comprising of from left to right increase with being included in set, arrange and to be associated with root node and to contain respectively that (subset in 2 ← n) is associated and is arranged in the second horizontal axis of the coordinate points on the horizontal axis with the degree of comprising of from right to left increase with being included in set, for each intermediate node, arrange and to be associated with certain intermediate node v and to contain respectively that (subset among the lv → rv-1) is associated and is arranged in the 3rd horizontal axis of the coordinate points on the horizontal axis with the degree of comprising of from left to right increase with being included in set, and arrange and to be associated with certain intermediate node v and to contain respectively that (subset among the lv+1 ← rv) is associated and is arranged in the 4th horizontal axis of the coordinate points on the horizontal axis with the degree of comprising of from right to left increase with being included in set, comprise that with this information process unit interim directed graph obtains part, be used for obtaining interim directed graph; The directed graph generating portion, the longer directed edge in the middle of many directed edges that divide the interim directed graph that obtains by staying the interim directed graph acquisition unit of formation generates directed graph; With the key generating portion, be used for generating according to directed graph the set key of encrypted content or content key.

Further, in order to solve top problem, according to one aspect of the present invention, provide and comprised following information process unit: tree structure arranges part, is used for configuration by n the leaf node of assigned number 1～n (n is natural number), the binary tree that root node and a plurality of intermediate nodes different from root node and leaf node form is for natural number i and j (i≤j), to gather (i → j) be defined as { { i}, { i, i+1}, ..., i, i+1 ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, { j, j-1}, ..., { j, j-1, ..., i+1, i}}, and in a plurality of leaf nodes lower than certain intermediate node v or certain root node v, the number that is assigned to the leaf node that is positioned at left end is arranged to lv, and the number that will be assigned to the leaf node that is positioned at right-hand member is arranged to rv; Reference axis arranges part, be used for to arrange and to be associated with root node and to contain respectively that (1 → n) subset is associated and is arranged in the first horizontal axis of the coordinate points on the horizontal axis with the degree of comprising of from left to right increase with being included in set, be associated with root node and contain respectively that (subset in 2 ← n) is associated and is arranged in the second horizontal axis of the coordinate points on the horizontal axis with the degree of comprising that increases from right to left with being included in set, for each intermediate node, be associated with certain intermediate node v and contain respectively that (subset among the lv → rv-1) is associated and is arranged in the 3rd horizontal axis of the coordinate points on the horizontal axis with the degree of comprising that from left to right increases with being included in set, with be associated with certain intermediate node v and contain respectively that (subset among the lv+1 ← rv) is associated and is arranged in the 4th horizontal axis of the coordinate points on the horizontal axis with the degree of comprising that increases from right to left with being included in set, place each on the right side of the coordinate points that is positioned at the 3rd horizontal axis right-hand member and be positioned at two interim coordinate points on the left side of coordinate points of the second and the 4th horizontal axis left end, and the coordinate points that will be positioned at the first horizontal axis right-hand member is arranged to the first interim coordinate points and the second interim coordinate points is placed on the right of the first interim coordinate points; With the directed graph generating portion, be used for generating as follows respectively with set (1 → n-1), set (2 ← n), ((directed graph that lv ← rv-1) is relevant: given integer k is set, and n is satisfied in calculating for lv+1 → rv) and set in set ^(x-1)/k＜(rv-lv+1)≤n ^X/kInteger x, and among integer i=0～x-1 each, be n by coupling length ^I/kOne or more directed edge to the right, be formed on the directed walk that tail is arranged on the most left coordinate points on the first and the 3rd horizontal axis, be n by coupling length ^I/kOne or more directed edge left, be formed on the directed walk that tail is arranged on the rightest coordinate points on the second and the 4th horizontal axis, the interim coordinate points of eliminating on each root of the first to the 4th horizontal axis has tail or all directed edges of head arranged, and get rid of other directed edge except the longest directed edge the directed edge of each coordinate points on arriving the first to the 4th horizontal axis, with be that 1 directed edge adds with set and (in 1 → n-1) the relevant directed graph, generates and gather (1 → n) relevant directed graph by the length that the first interim coordinate points on the first horizontal axis is had head.

As mentioned above, use the encryption key distribution scheme of intermediate key and set key and to generate the set key according to above-mentioned directed graph distribution intermediate key, thereby can not make the quantity of the key that each user preserves to reduce the worst-case value of the required amount of calculation of each user (terminal unit) generating solution decryption key when the enciphered message of deciphering distribution with increasing.

Further, information process unit can comprise the key generating portion, is used for generating according to directed graph the set key of encrypted content or content key.

Further, the key generating portion can be in response to the input about the intermediate key t (Si) of the subset S corresponding with certain coordinate points in the directed graph, output with corresponding to the corresponding set key k (Si) of the subset S of this coordinate points and have at coordinate points S tail directed edge on coordinate points S1, S2 ..., intermediate key t (S1), the t (S2) of Sk ..., t (Sk).

Further, the key generating portion can comprise that initial intermediate key arranges part, is used for given random number is arranged to the intermediate key corresponding with the afterbody of each directed graph.

Further, information process unit can comprise encryption section, be used for to use in the set secret key encryption perhaps content key.

Further, information process unit can comprise translator unit, is used for the interior perhaps content key that encryption section is encrypted is sent to respectively some or all terminal units that are associated with the leaf node 1～n (n is natural number) that consists of given binary tree.

Further, information process unit can comprise the subset determining section, be used for the subset of leaf node 1～n is defined by Si, determine to allow deciphering to use the set (N R) of terminal unit of the content of set key or content key encryption, and determine to satisfy set (N R)={ S1 ∪ S2 ∪ ... m subset S1～Sm of ∪ Sm}.

Further, information process unit can comprise translator unit, and the information of subset S1～Sm of (N R) is sent to terminal unit to be used for indicate information or the indication formation of set (N R) to gather.

Information process unit may further include decryption portion, be used for to use in the set secret key decryption perhaps content key.

Information process unit may further include the receiving unit that is associated with the one or more leaf node 1～n (n is natural number) that consist of given binary tree, is used for receiving the interior perhaps content key that uses the set secret key encryption.

The encrypted content that receiving unit receives or encrypted content key can by with the S set i of the subset that is defined as leaf node 1～n in one or more information process units deciphering of being associated as the leaf node of the element of the S set that comprises the leaf node that is associated with self.

Further, in order to solve top problem, according to another aspect of the present invention, provide to comprise following terminal unit: the key generating portion is used for the set key according to directed graph generation decryption content or content key.Directed graph generates as follows: configuration is by n the leaf node of assigned number 1～n (n is natural number), the binary tree that root node and a plurality of intermediate nodes different from root node and leaf node form, for natural number i and j (i≤j), to gather (i → j) be defined as { { i}, { i, i+1}, ..., { i, i+1, ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, { j, j-1}, ..., { j, j-1, ..., i+1, i}}, with in a plurality of leaf nodes lower than certain intermediate node v or certain root node v, the number that is assigned to the leaf node that is positioned at left end is arranged to lv, and the number that will be assigned to the leaf node that is positioned at right-hand member is arranged to rv, arrange and to be associated with root node and to contain respectively that (subset in 1 → n) is associated and is arranged in the first horizontal axis of the coordinate points on the horizontal axis with the degree of comprising of from left to right increase with being included in set, be associated with root node and contain respectively that (subset in 2 ← n) is associated and is arranged in the second horizontal axis of the coordinate points on the horizontal axis with the degree of comprising that increases from right to left with being included in set, for each intermediate node, be associated with certain intermediate node v and contain respectively that (subset among the lv → rv-1) is associated and is arranged in the 3rd horizontal axis of the coordinate points on the horizontal axis with the degree of comprising that from left to right increases with being included in set, with be associated with certain intermediate node v and contain respectively that (subset among the lv+1 ← rv) is associated and is arranged in the 4th horizontal axis of the coordinate points on the horizontal axis with the degree of comprising that increases from right to left with being included in set, place each on the right side of the coordinate points that is positioned at the 3rd horizontal axis right-hand member and be positioned at two interim coordinate points on the left side of coordinate points of the second and the 4th horizontal axis left end, the coordinate points that will be positioned at the first horizontal axis right-hand member is arranged to the first interim coordinate points and the second interim coordinate points is placed on the right of the first interim coordinate points, generate as follows respectively and set (1 → n-1), set (2 ← n), ((directed graph that lv ← rv-1) is relevant: given integer k is set, and n is satisfied in calculating for lv+1 → rv) and set in set ^(x-1)/k＜(rv-lv+1)≤n ^X/kInteger x, and among integer i=0～x-1 each, be n by coupling length ^I/kOne or more directed edge to the right, be formed on the directed walk that tail is arranged on the most left coordinate points on the first and the 3rd horizontal axis, be n by coupling length ^I/kOne or more directed edge left, be formed on the directed walk that tail is arranged on the rightest coordinate points on the second and the 4th horizontal axis, the interim coordinate points of eliminating on each root of the first to the 4th horizontal axis has tail or all directed edges of head arranged, and get rid of other directed edge except the longest directed edge the directed edge of each coordinate points on arriving the first to the 4th horizontal axis, with be that 1 directed edge adds with set and (in 1 → n-1) the relevant directed graph, generates and gather (1 → n) relevant directed graph by the length that the first interim coordinate points on the first horizontal axis is had head.

Further, terminal unit can comprise decryption portion, is used for using set secret key decryption encrypted content or encrypted content key.

Further, the key generating portion can be in response to the input about the intermediate key t (S) of the subset S corresponding with certain coordinate points in the directed graph, output with corresponding to the corresponding set key k (S) of the subset S of this coordinate points and with the directed edge that tail is arranged at coordinate points S on corresponding subset S1, the S2 of coordinate points ..., intermediate key t (S1), the t (S2) of Sk ..., t (Sk).

Further, when the subset of the leaf node 1～n that sets is defined by Si, and at the set of the terminal unit of the content of having determined to allow deciphering to use set key or content key encryption (N R), determined satisfied set (N R)={ S1 ∪ S2 ∪ ... m subset S1～Sm of ∪ Sm}, consist of in the situation of information of the subset S1 of set (N R)～Sm with the information that receives indication set (N R) or indication, terminal unit can comprise the judgement part, be used for judging according to reception information whether terminal unit belongs to the some of subset S1～Sm, and determine whether permission enabling decryption of encrypted content according to result of determination.

Further, when judging that terminal unit belongs to subset S1～Sm some, decryption portion can use with terminal unit under the corresponding set secret key decryption of subset in content key perhaps.

Further, in order to solve top problem, according to another aspect of the present invention, provide the information processing method that comprises the steps: the directed graph obtaining step, be used for obtaining by at the directed graph that is formed by many directed edges, stay the central longer directed edge of many directed edges that consists of interim directed graph and the directed graph that generates; Generate step with key, be used for generating according to the directed graph that obtains by the directed graph obtaining step set key of encryption or decryption content or content key.

Further, in order to solve top problem, according to another aspect of the present invention, provide the information processing method of processing interim directed graph, interim directed graph is for given integer k, according to satisfying n ^(x-1)/k＜(rv-lv+1)≤n ^X/kNatural number x, spread length is n on the first to the 4th horizontal axis ^I/k(i=0,1, ..., x-1) many directed edges form, at n leaf node by assigned number 1～n (n is natural number), in root node and the binary tree that a plurality of intermediate nodes different from root node and leaf node form, wherein, in a plurality of leaf nodes lower than certain intermediate node v or certain root node v, the number that is assigned to the leaf node that is positioned at left end is defined as lv, and the number that will be assigned to the leaf node that is positioned at right-hand member is defined as rv, for natural number i and j (i≤j), suppose to gather (i → j) be expressed as { { i}, { i, i+1}, ..., { i, i+1, ..., j-1, j}}, and will gather (i ← j) be expressed as { { j}, { j, j-1}, ..., { j, j-1, ..., i+1, i}}, arrange and to be associated with root node and to contain respectively that (subset in 1 → n) is associated and is arranged in the first horizontal axis of the coordinate points on the horizontal axis with the degree of comprising of from left to right increase with being included in set, arrange and to be associated with root node and to contain respectively that (subset in 2 ← n) is associated and is arranged in the second horizontal axis of the coordinate points on the horizontal axis with the degree of comprising of from right to left increase with being included in set, for each intermediate node, arrange and to be associated with certain intermediate node v and to contain respectively that (subset among the lv → rv-1) is associated and is arranged in the 3rd horizontal axis of the coordinate points on the horizontal axis with the degree of comprising of from left to right increase with being included in set, and arrange and to be associated with certain intermediate node v and to contain respectively that (subset among the lv+1 ← rv) is associated and is arranged in the 4th horizontal axis of the coordinate points on the horizontal axis with the degree of comprising of from right to left increase with being included in set, comprise interim directed graph obtaining step with this information processing method, be used for obtaining interim directed graph; Directed graph generates step, and the longer directed edge in the middle of many directed edges that divide the interim directed graph that obtains by staying the interim directed graph acquisition unit of formation generates directed graph; Generate step with key, be used for generating according to directed graph the set key of encrypted content or content key.

Further, in order to solve top problem, according to another aspect of the present invention, the information processing method that comprises the steps is provided: the tree structure setting steps is used for configuration by n the leaf node of assigned number 1～n (n is natural number), the binary tree that root node and a plurality of intermediate nodes different from root node and leaf node form is for natural number i and j (i≤j), to gather (i → j) be defined as { { i}, { i, i+1}, ..., i, i+1 ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, { j, j-1}, ..., { j, j-1, ..., i+1, i}}, and in a plurality of leaf nodes lower than certain intermediate node v or certain root node v, the number that is assigned to the leaf node that is positioned at left end is arranged to lv, and the number that will be assigned to the leaf node that is positioned at right-hand member is arranged to rv; The reference axis setting steps, be used for to arrange and to be associated with root node and to contain respectively that (1 → n) subset is associated and is arranged in the first horizontal axis of the coordinate points on the horizontal axis with the degree of comprising of from left to right increase with being included in set, be associated with root node and contain respectively that (subset in 2 ← n) is associated and is arranged in the second horizontal axis of the coordinate points on the horizontal axis with the degree of comprising that increases from right to left with being included in set, for each intermediate node, be associated with certain intermediate node v and contain respectively that (subset among the lv → rv-1) is associated and is arranged in the 3rd horizontal axis of the coordinate points on the horizontal axis with the degree of comprising that from left to right increases with being included in set, with be associated with certain intermediate node v and contain respectively that (subset among the lv+1 ← rv) is associated and is arranged in the 4th horizontal axis of the coordinate points on the horizontal axis with the degree of comprising that increases from right to left with being included in set, place each on the right side of the coordinate points that is positioned at the 3rd horizontal axis right-hand member and be positioned at two interim coordinate points on the left side of coordinate points of the second and the 4th horizontal axis left end, and the coordinate points that will be positioned at the first horizontal axis right-hand member is arranged to the first interim coordinate points and the second interim coordinate points is placed on the right of the first interim coordinate points; Generate step with directed graph, be used for generating as follows respectively with set (1 → n-1), set (2 ← n), ((directed graph that lv ← rv-1) is relevant: given integer k is set, and n is satisfied in calculating for lv+1 → rv) and set in set ^(x-1)/k＜(rv-lv+1)≤n ^X/kInteger x, and among integer i=0～x-1 each, be n by coupling length ^I/kOne or more directed edge to the right, be formed on the directed walk that tail is arranged on the most left coordinate points on the first and the 3rd horizontal axis, be n by coupling length ^I/kOne or more directed edge left, be formed on the directed walk that tail is arranged on the rightest coordinate points on the second and the 4th horizontal axis, the interim coordinate points of eliminating on each root of the first to the 4th horizontal axis has tail or all directed edges of head arranged, and get rid of other directed edge except the longest directed edge the directed edge of each coordinate points on arriving the first to the 4th horizontal axis, with be that 1 directed edge adds with set and (in 1 → n-1) the relevant directed graph, generates and gather (1 → n) relevant directed graph by the length that the first interim coordinate points on the first horizontal axis is had head.

Further, in order to solve top problem, according to another aspect of the present invention, provide the key generation method that comprises the steps: key generates step, is used for generating according to directed graph the set key of decryption content or content key.Directed graph generates as follows: configuration is by n the leaf node of assigned number 1～n (n is natural number), the binary tree that root node and a plurality of intermediate nodes different from root node and leaf node form, for natural number i and j (i≤j), to gather (i → j) be defined as { { i}, { i, i+1}, ..., { i, i+1, ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, { j, j-1}, ..., { j, j-1, ..., i+1, i}}, with in a plurality of leaf nodes lower than certain intermediate node v or certain root node v, the number that is assigned to the leaf node that is positioned at left end is arranged to lv, and the number that will be assigned to the leaf node that is positioned at right-hand member is arranged to rv, arrange and to be associated with root node and to contain respectively that (subset in 1 → n) is associated and is arranged in the first horizontal axis of the coordinate points on the horizontal axis with the degree of comprising of from left to right increase with being included in set, be associated with root node and contain respectively that (subset in 2 ← n) is associated and is arranged in the second horizontal axis of the coordinate points on the horizontal axis with the degree of comprising that increases from right to left with being included in set, for each intermediate node, be associated with certain intermediate node v and contain respectively that (subset among the lv → rv-1) is associated and is arranged in the 3rd horizontal axis of the coordinate points on the horizontal axis with the degree of comprising that from left to right increases with being included in set, with be associated with certain intermediate node v and contain respectively that (subset among the lv+1 ← rv) is associated and is arranged in the 4th horizontal axis of the coordinate points on the horizontal axis with the degree of comprising that increases from right to left with being included in set, place each on the right side of the coordinate points that is positioned at the 3rd horizontal axis right-hand member and be positioned at two interim coordinate points on the left side of coordinate points of the second and the 4th horizontal axis left end, the coordinate points that will be positioned at the first horizontal axis right-hand member is arranged to the first interim coordinate points and the second interim coordinate points is placed on the right of the first interim coordinate points, generate as follows respectively and set (1 → n-1), set (2 ← n), ((directed graph that lv ← rv-1) is relevant: given integer k is set, and n is satisfied in calculating for lv+1 → rv) and set in set ^(x-1)/k＜(rv-lv+1)≤n ^X/kInteger x, and among integer i=0～x-1 each, be n by coupling length ^I/kOne or more directed edge to the right, be formed on the directed walk that tail is arranged on the most left coordinate points on the first and the 3rd horizontal axis, be n by coupling length ^I/kOne or more directed edge left, be formed on the directed walk that tail is arranged on the rightest coordinate points on the second and the 4th horizontal axis, the interim coordinate points of eliminating on each root of the first to the 4th horizontal axis has tail or all directed edges of head arranged, and get rid of other directed edge except the longest directed edge the directed edge of each coordinate points on arriving the first to the 4th horizontal axis, with be that 1 directed edge adds with set and (in 1 → n-1) the relevant directed graph, generates and gather (1 → n) relevant directed graph by the length that the first interim coordinate points on the first horizontal axis is had head.

Further, in order to solve top problem, according to another aspect of the present invention, the program that makes the following function of computer realization is provided: tree structure arranges function, is used for configuration by n the leaf node of assigned number 1～n (n is natural number), the binary tree that root node and a plurality of intermediate nodes different from root node and leaf node form is for natural number i and j (i≤j), to gather (i → j) be defined as { { i}, { i, i+1}, ..., i, i+1 ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, { j, j-1}, ..., { j, j-1, ..., i+1, i}}, and in a plurality of leaf nodes lower than certain intermediate node v or certain root node v, the number that is assigned to the leaf node that is positioned at left end is arranged to lv, and the number that will be assigned to the leaf node that is positioned at right-hand member is arranged to rv; Reference axis arranges function, be used for to arrange and to be associated with root node and to contain respectively that (1 → n) subset is associated and is arranged in the first horizontal axis of the coordinate points on the horizontal axis with the degree of comprising of from left to right increase with being included in set, be associated with root node and contain respectively that (subset in 2 ← n) is associated and is arranged in the second horizontal axis of the coordinate points on the horizontal axis with the degree of comprising that increases from right to left with being included in set, for each intermediate node, be associated with certain intermediate node v and contain respectively that (subset among the lv → rv-1) is associated and is arranged in the 3rd horizontal axis of the coordinate points on the horizontal axis with the degree of comprising that from left to right increases with being included in set, with be associated with certain intermediate node v and contain respectively that (subset among the lv+1 ← rv) is associated and is arranged in the 4th horizontal axis of the coordinate points on the horizontal axis with the degree of comprising that increases from right to left with being included in set, place each on the right side of the coordinate points that is positioned at the 3rd horizontal axis right-hand member and be positioned at two interim coordinate points on the left side of coordinate points of the second and the 4th horizontal axis left end, and the coordinate points that will be positioned at the first horizontal axis right-hand member is arranged to the first interim coordinate points and the second interim coordinate points is placed on the right of the first interim coordinate points; With the directed graph systematic function, be used for generating as follows respectively with set (1 → n-1), set (2 ← n), ((directed graph that lv ← rv-1) is relevant: given integer k is set, and n is satisfied in calculating for lv+1 → rv) and set in set ^(x-1)/k＜(rv-lv+1)≤n ^X/kInteger x, and among integer i=0～x-1 each, be n by coupling length ^I/kOne or more directed edge to the right, be formed on the directed walk that tail is arranged on the most left coordinate points on the first and the 3rd horizontal axis, be n by coupling length ^I/kOne or more directed edge left, be formed on the directed walk that tail is arranged on the rightest coordinate points on the second and the 4th horizontal axis, the interim coordinate points of eliminating on each root of the first to the 4th horizontal axis has tail or all directed edges of head arranged, and get rid of other directed edge except the longest directed edge the directed edge of each coordinate points on arriving the first to the 4th horizontal axis, with be that 1 directed edge adds with set and (in 1 → n-1) the relevant directed graph, generates and gather (1 → n) relevant directed graph by the length that the first interim coordinate points on the first horizontal axis is had head.

Further, in order to solve top problem, according to another aspect of the present invention, provide the program that makes the following function of computer realization: the key systematic function is used for the set key according to directed graph generation decryption content or content key.Directed graph generates as follows: configuration is by n the leaf node of assigned number 1～n (n is natural number), the binary tree that root node and a plurality of intermediate nodes different from root node and leaf node form, for natural number i and j (i≤j), to gather (i → j) be defined as { { i}, { i, i+1}, ..., { i, i+1, ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, { j, j-1}, ..., { j, j-1, ..., i+1, i}}, with in a plurality of leaf nodes lower than certain intermediate node v or certain root node v, the number that is assigned to the leaf node that is positioned at left end is arranged to lv, and the number that will be assigned to the leaf node that is positioned at right-hand member is arranged to rv, arrange and to be associated with root node and to contain respectively that (subset in 1 → n) is associated and is arranged in the first horizontal axis of the coordinate points on the horizontal axis with the degree of comprising of from left to right increase with being included in set, be associated with root node and contain respectively that (subset in 2 ← n) is associated and is arranged in the second horizontal axis of the coordinate points on the horizontal axis with the degree of comprising that increases from right to left with being included in set, for each intermediate node, be associated with certain intermediate node v and contain respectively that (subset among the lv → rv-1) is associated and is arranged in the 3rd horizontal axis of the coordinate points on the horizontal axis with the degree of comprising that from left to right increases with being included in set, with be associated with certain intermediate node v and contain respectively that (subset among the lv+1 ← rv) is associated and is arranged in the 4th horizontal axis of the coordinate points on the horizontal axis with the degree of comprising that increases from right to left with being included in set, place each on the right side of the coordinate points that is positioned at the 3rd horizontal axis right-hand member and be positioned at two interim coordinate points on the left side of coordinate points of the second and the 4th horizontal axis left end, the coordinate points that will be positioned at the first horizontal axis right-hand member is arranged to the first interim coordinate points and the second interim coordinate points is placed on the right of the first interim coordinate points, generate as follows respectively and set (1 → n-1), set (2 ← n), ((directed graph that lv ← rv-1) is relevant: given integer k is set, and n is satisfied in calculating for lv+1 → rv) and set in set ^(x-1)/k＜(rv-lv+1)≤n ^X/kInteger x, and among integer i=0～x-1 each, be n by coupling length ^I/kOne or more directed edge to the right, be formed on the directed walk that tail is arranged on the most left coordinate points on the first and the 3rd horizontal axis, be n by coupling length ^I/kOne or more directed edge left, be formed on the directed walk that tail is arranged on the rightest coordinate points on the second and the 4th horizontal axis, the interim coordinate points of eliminating on each root of the first to the 4th horizontal axis has tail or all directed edges of head arranged, and get rid of other directed edge except the longest directed edge the directed edge of each coordinate points on arriving the first to the 4th horizontal axis, with be that 1 directed edge adds with set and (in 1 → n-1) the relevant directed graph, generates and gather (1 → n) relevant directed graph by the length that the first interim coordinate points on the first horizontal axis is had head.

Advantage of the present invention

As mentioned above, according to the present invention, can reduce quantity and the required amount of calculation of decrypt encrypted data of the key that the terminal unit on the receiving terminal will preserve.

Description of drawings

Fig. 1 is the key diagram that illustrates according to the encryption key distribution system of one embodiment of the invention;

Fig. 2 is the calcspar that illustrates according to the hardware configuration of the key distribution server of this embodiment and terminal unit;

Fig. 3 is the key diagram that illustrates according to the binary tree structure of basic scheme;

Fig. 4 is the key diagram that illustrates according to the directed graph of basic scheme;

Fig. 5 is the flow chart that illustrates according to the directed graph computational methods of basic scheme;

Fig. 6 is the flow chart that illustrates according to the content key distribution method of basic scheme;

Fig. 7 is the flow chart that illustrates according to the set key generation method of basic scheme;

Fig. 8 is the calcspar that illustrates according to the functional configuration of the key distribution server of first embodiment of the invention and terminal unit;

Fig. 9 is the key diagram that illustrates according to the whole tree structure of the binary tree of this embodiment;

Figure 10 is the key diagram that illustrates according to the directed graph of this embodiment;

Figure 11 illustrates the key diagram that the directed graph of the directed edge between the subtree is set according to this embodiment;

Figure 12 is the flow chart that illustrates according to the content key distribution method of this embodiment;

Figure 13 illustrates basic scheme and according to the comparison diagram of the comparison between the cipher key distribution scheme of this embodiment;

Figure 14 is the key diagram that illustrates according to a kind of application of the encryption key distribution system of this embodiment;

Figure 15 is the key diagram that illustrates according to a kind of application of the encryption key distribution system of this embodiment;

Figure 16 is the calcspar that illustrates according to the configuration of the information process unit of second embodiment of the invention and terminal unit;

Figure 17 is the flow chart that illustrates according to the oriented drawing generating method of this embodiment;

Figure 18 is the key diagram that an example of the directed graph (k=6) according to this embodiment is shown; With

Figure 19 is the key diagram that an example of the directed graph (k=3) according to this embodiment is shown.

Label declaration

5 networks

10 key distribution servers

20 terminal equipments

100 encryption key distribution systems

102 tree structures arrange part

104 reference axis arrange part

106 directed edges arrange part

Directed edge arranges part between 108 subtrees

110 directed graph generating portions

112 initial intermediate key arrange part

114 key generating portions

116 encryption sections

118 translator units

120 subset determining sections

124 receiving units

126 judge part

128 key generating portions

130 decryption portion

202 controllers

204 processing units

206 input/output interfaces

208 safe storage parts

210 main memory portion

212 network interfaces

216 media interfaces

218 information mediums

154 tree structures arrange part

156 reference axis arrange part

160 directed graph generating portions

162 initial intermediate key arrange part

164 key generating portions

166 encryption sections

168 translator units

170 subset determining sections

174 receiving units

176 judge part

178 key generating portions

180 decryption portion

Preferred implementation

Hereinafter, describe with reference to the accompanying drawings embodiments of the invention in detail.Notice that in this specification and accompanying drawing, the element that basically has identical function and configuration represents with same numeral, and the repetitive description thereof will be omitted.

[configuration of encryption key distribution system 100]

Configuration according to the encryption key distribution system 100 of one embodiment of the invention is hereinafter described.Fig. 1 is the key diagram that illustrates according to the configuration of the encryption key distribution system 100 of this embodiment.

With reference to Fig. 1, encryption key distribution system 100 comprises key distribution server 10, a plurality of terminal units 20 that a plurality of user has respectively and the network 5 that is connected key distribution server 10 and terminal unit 20 that is configured to according to an example of the information process unit of this embodiment.

Network 5 is to connect key distribution server 10 and terminal unit 20, in order to allow the communication network of two-way communication or one-way communication.For example, network 5 is by wired or wireless, the common network such as internet, telephone line network, satellite communication network and broadcast channel, the formations such as leased line network such as WAN (wide area network), LAN (local area network (LAN)), IP-VPN (Internet Protocol-VPN (virtual private network)) and WLAN.

Key distribution server 10 is made of computer unit with server capability etc., and it can be sent to external unit with various types of information by network 5.For example, key distribution server 10 can generate encryption key with broadcast encryption scheme, and with encryption key distribution to terminal unit 20.Further, be furnished with as the function that provides such as the content distributing server of the content distribution service of video distribution service and electronic music distribution services according to the key distribution server 10 of this embodiment, it can be with contents distribution to terminal unit 20.Certainly, key distribution server 10 and content distributing server can be configured to separate unit.

For example, content can be such as the video content that is comprised of the moving image such as video, TV programme, video frequency program and chart or rest image, any content-data of audio content, game content, document content, software etc. such as music, speech and radio programming.Video content not only can comprise video data, and can comprise voice data.

Terminal unit 20 is can be by the information process unit of network 5 with the external unit data communication, and it is had by each user.Although terminal unit 20 is made of the computer unit (notebook type or desk-top) such as shown in the figure personal computer (hereinafter referred to as " PC "), but be not limited to this, it can be by the formations such as household information electrical equipment, television broadcasting tuner or decoder such as PDA (personal digital assistant), home video game machine, DVD/HDD (digital versatile disc/hard disk drive) register and television set, as long as it has the communication function by network 5.Further, terminal unit 20 can be such as portable video game player, cellular phone, portable video/audio player, PDA and PHS (personal handhold telephone system is commonly called as Personal Handyphone System) etc., the carry-on portable set of user.

Terminal unit 20 can receive various types of information from key distribution server 10.For example, terminal unit 20 can receive from the content of key distribution server 10 distributions.In contents distribution, key distribution server 10 can be encrypted various types of electronic data and distribute them.For example, key distribution server 10 can generate the content key of encrypted content and distribute it.Content key can be used, for example, and the expressions such as random number (pseudo random number), given character string or sequence that pseudorandom number generator generates.When using content key, key distribution server 10 can pass through given encryption logic encrypted content.Further, key distribution server 10 can be distributed to any terminal unit 20 with content key or the decruption key corresponding with content key.On the other hand, terminal unit 20 can use the content key that receives from key distribution server 10 or the decruption key enabling decryption of encrypted content corresponding with content key.

The pseudorandom number generator that is used for the generating content key is can be by unit or the program of the long interval of the given seed output of input pseudo-random number sequence, and normal operation is such as the logic realization of linear congruential method or its Saite rotation (Mersenne Twister) method of horse.The pseudorandom number generator that can be applicable to this embodiment is not limited to this certainly, and can use other logic to generate pseudo random number, and perhaps, it can be unit or the program that can generate the pseudo-random number sequence that comprises specific information or condition.

Further, according to the key distribution server 10 of this embodiment not only encrypted content but also encrypted content key, and distribute them.Really, encryption and distributing contents have guaranteed lsafety level to a certain degree.But, having user's's (hereinafter referred to as " permitted user ") of the authority of using content adding or deletion in order to deal with neatly license in the middle of a large number of users, encrypted content key and the method for distributing it are more favourable.Under these circumstances, in this embodiment, key distribution server 10 at first generates a plurality of set keys of encryption and decryption content key.As describing in detail later, a plurality of set keys are associated with a plurality of subsets of the permitted user of extracting from a large number of users respectively.Specifically, key distribution server 10 uses the set secret key encryption content key that the set of being arranged to only have permitted user just can decrypted content keys, and encrypted content key is distributed to all users' terminal unit 20.In this configuration, the terminal unit 20 that only has permitted user just can the enabling decryption of encrypted content key, then uses content key enabling decryption of encrypted content, thereby content can be seen.In the situation that the set of permitted user changes, key distribution server 10 can be dealt with this variation by changing the set key that is used for encrypted content key.In order to set up top encryption key distribution logic, be necessary configuring cipher key Distributor 10 etc., in order to realize with the generation of gathering key and distribute relevant algorithm.

Hereinafter, exemplary hardware configuration according to key distribution server 10 and the terminal unit 20 of this embodiment is at first described.Secondly, describe with according to the relevant basic fundamental of the encryption key distribution logic of this embodiment.The 3rd, describe the configuration according to key distribution server 10 and the terminal unit 20 of this embodiment in detail, and specifically describe aspect configuration and effect and the difference of basic fundamental.At last, description is according to the application of the encryption key distribution system of this embodiment.

[hardware configuration of key distribution server 10 and terminal unit 20]

Hereinafter, at first with reference to Fig. 2, the exemplary hardware configuration according to key distribution server 10 and the terminal unit 20 of this embodiment is described.Fig. 2 shows the example that can realize according to the hardware configuration of the function of the key distribution server 10 of this embodiment and terminal unit 20.

Key distribution server 10 and terminal unit 20 comprise, for example, and controller 202, processing unit 204, input/output interface 206, safe storage part 208, main memory portion 210, network interface 212 and media interface 216.

(controller 202)

Controller 202 is connected with other element by bus, and it is mainly used in according to being stored in program in the main memory portion 210 and each part of DCU data control unit.Controller 202 can be made of the processing unit such as CPU (CPU).

(processing unit 204 (key distribution server 10))

The processing unit 204 that is included in the key distribution server 10 can carry out, for example, and the generation of the encryption of content, the encryption of content key, set key and the derivation of gathering the intermediate key of key for generation.Therefore, processing unit 204 can play to generate according to data-oriented (seed etc.) pseudorandom number generator of pseudo random number, and according to given algorithm encrypted content or content key.Given algorithm can be stored in the main memory portion 210 as the readable program of processing unit 204.Further, given information can be stored in main memory portion 210 or the safe storage part 208.Processing unit 204 can be recorded in main memory portion 210 or the safe storage part 208 carrying out the Output rusults of processing above.Processing unit 204 can be made of the processing unit such as CPU, or combines formation with above-mentioned controller 202.

(processing unit 204 (terminal unit 20))

On the other hand, the processing unit 204 that is included in the terminal unit 20 can carry out, for example, and the generation of the deciphering of content, the deciphering of content key, set key and the generation of gathering the intermediate key of key for generation.Therefore, processing unit 204 can play to generate according to data-oriented (seed etc.) pseudorandom number generator of pseudo random number, and according to given algorithm decryption content or content key.Given algorithm can be stored in the main memory portion 210 as the readable program of processing unit 204.Further, given information can be stored in main memory portion 210 or the safe storage part 208.Processing unit 204 can be recorded in main memory portion 210 or the safe storage part 208 carrying out the Output rusults of processing above.Processing unit 204 can be made of the processing unit such as CPU, or combines formation with above-mentioned controller 202.

(input/output interface 206)

Input/output interface 206 mainly is connected the output equipment of result or description with the input equipment of user's input information and is connected with output content.For example, input equipment can be keyboard, mouse, tracking ball, pointer, key plate, touch pad etc., and it can be via wireless or be wiredly connected to input/output interface 206.In some cases, input equipment can be the electronics such as cellular phone or PDA (personal digital assistant) via wired or wireless connection.On the other hand, output equipment can be, for example, such as the display unit of display, such as audio output apparatus of loud speaker etc., it can be via the wired or wireless input/output interface 206 that is connected to.Input-output apparatus can be built in key distribution server 10 or the terminal unit 20 or with them and combine.

Input/output interface 206 is connected with other element by bus, so that it can be sent to main memory portion 210 etc. with the information via input/output interface 206 inputs.On the contrary, input/output interface 206 can will be stored in information in main memory portion 210 grades, output to output equipment via the information of the inputs such as the network interface 212 or result by processing those information acquisitions in processing unit 204 etc.

(safe storage part 208)

Safe storage part 208 is mainly stored safely such as content key, set key and intermediate key, is necessary the information of hiding.Safe storage part 208 can by, for example, such as the magnetic cell of hard disk, the formation such as optical storage unit, magneto-optic memory cell, semiconductor memory cell such as CD.Further, safe storage part 208 can by, for example, the tamperproof memory cell consists of.

(main memory portion 210)

For example, main memory portion 210 can store the encipheror, enabling decryption of encrypted content, content key etc. of the control program, encrypted content, content key etc. of other element of control decrypted program, generate the key generator of set key or intermediate key etc.Further, main memory portion 210 can be temporarily or is for good and all stored from the result of calculation of processing unit 204 outputs, or storage is from the information of the inputs such as input/output interface 206, network interface 212, media interface 216.Main memory portion 210 can by, for example, such as the magnetic cell of hard disk, the formation such as optical storage unit, magneto-optic memory cell, semiconductor memory cell such as CD.Further, safe storage part 208 can combine formation with safe storage part 208.

(network interface 212)

Network interface 212 with, for example, the connections such as another communication unit on the network 5, it is to transmit and receive, for example, such as the information of encrypted content or content key, set key and intermediate key, with the interface arrangement of encrypting relevant parameter information and the information relevant with the set of permitted user.Network interface 212 is connected with other element by bus, in order to can transmit the information that the external unit from the network 5 receives to other element, or the external unit on network 5 transmits the information that other element is preserved.

(media interface 216)

Media interface 216 is the interfaces that read on the information medium 218 with writing information by be attached to interchangeablely, and it is connected with other element by bus.For example, media interface 216 can be from appended information medium 218 reading information, and it is sent to other element, perhaps, in the information writing information media 218 with other element supply.For example, information medium 218 can be such as CD, disk and semiconductor memory be connected portable storage media (interchangeable storage medium), in relative short distance via the medium of information terminal wired or wireless rather than that connect by network 5 etc.

The example that can realize according to the hardware configuration of the function of the key distribution server 10 of this embodiment and terminal unit 20 has above been described.In the top element each can use common hardware to consist of, or can be made of the hardware of the function that is exclusively used in each element.Thereby, when realizing this embodiment, can change hardware configuration in order to suitably used according to technical merit.Further, above-mentioned hardware configuration only is an example, certainly is not limited to this.For example, controller 202 and processing unit 204 can be by the same treatment cell formations, and safe storage part 208 and main memory portion 210 can be made of same memory cell.Further, decide on using, the configuration of removing media interface 216, input/output interface 206 etc. also is feasible.Hereinafter, with the encryption key distribution scheme of describing key distribution server 10 by having above-mentioned hardware configuration and terminal unit 20 in detail and realizing.

[according to the encryption key distribution scheme of basic fundamental]

Before the detailed description that provides according to the encryption key distribution scheme of this embodiment, the technical problem that forms the basis of realizing this embodiment will be described hereinafter.By improving basic fundamental as described below, this embodiment is configured to have prior advantage.Therefore, be the feature of this embodiment with improving relevant technology.Therefore, should be noted that although this embodiment follows the basic conception of technical problem hereinafter described, the marrow of this embodiment should merge in the improvement part, configuration is obviously different, also has notable difference with basic fundamental aspect advantage.

To be called basic scheme according to the encryption key distribution scheme of hereinafter described basic fundamental.This basic scheme will be divided into a plurality of subsets to the set of the user's of its distributing contents terminal unit, then the set secret key encryption content key by being assigned to every subset and distribute it.This basic scheme provides to solve and has relevantly selected which subset, how to generate set key and the problem of distribution set key how, so that a kind of means of the required amount of calculation of quantity, each user's generating solution decryption key of the traffic of minimizing encryption key distribution, decruption key that each user will preserve etc.Hereinafter with reference to Fig. 3～7 this basic scheme is described.

(setting of tree structure)

In this basic scheme, be considered to be divided into a plurality of subsets as the set of the terminal unit (user) of contents distribution target.Hereinafter with reference to Fig. 3 the mode that is divided into subset according to this basic scheme is described.Although it is certainly incessantly a kind of to be divided into the mode of subset, in this basic scheme, use the mode of using binary tree to be divided into subset.Say that schematically this basic scheme is assigned to each node that forms binary tree with given subset after the position relationship of having considered between the node, thereby, as describing in detail later, synthetically select user's subset with given combination.The special case of the binary tree that the advantage of system of selection can be by as shown in Figure 3 like this obtains clearer understanding.Hereinafter with reference to Fig. 3 the method that makes up binary tree is described.

At first, will be as follows with the sets definition in being described below.

The set N={1 of-all terminal units (user), 2 ..., n} (n is 2 power)

For natural number i and j (i≤j):

-[i，j]＝{i，i+1，i+2，...，j}，

-(i→i)＝(i←i)＝{{i}}，

-(i→j)＝{{i}，{i，i+1}，...，{i，i+1，...，j}}

＝{[i，i]，[i，i+1]，[i，i+2]，...，[i，j]}

-(i←j)＝{{j}，{j，j-1}，...，{j，j-1，...，i}}

＝{[j，j]，[j-1，j]，[j-2，j]，...，[i，j]}。

Hereinafter, the node that will be positioned at binary tree (BT) bottom is called leaf node, and the node that will be positioned at the top is called root node, and the node between root node and leaf node is called intermediate node.Leaf node is corresponding to each terminal unit.Further, for convenience of description, suppose that hereinafter terminal unit and user are one to one, and in some cases, " terminal unit " that is associated with leaf node indicated with word " user ".The quantity that Fig. 3 shows the leaf node of BT is the example of n=64.

At first, be that the mode of n (=64) creates BT with the quantity of leaf node.Then, begin to turn right with

number

1,2 from left end ..., n is assigned to each leaf node.

Then, index lv and the rv of the subset that will be assigned to certain intermediate node v regulated in definition.In the middle of than the low leaf node of certain intermediate node v, the number that is assigned to lobus sinister node is defined as lv, and the number that will be assigned to lobus dexter node is defined as rv.Notice that v can be the sequence number that is assigned to each intermediate node.Therefore, intermediate node v indication index is the intermediate node of the BT of v.

Then, the intermediate node of BT defines by they being categorized into two set.In the middle of the intermediate node of BT, the sets definition that will be positioned at the intermediate node in father node left side becomes BTL, and the sets definition that will be positioned at the intermediate node on father node right side becomes BTR.The hierarchical relational of the upper node that connects of set membership indication BT as referred to herein refers to father node and be positioned at the upper strata, and child node is positioned at the relation of lower floor.

The subset of user's set that further, will be associated with each leaf node is associated with the root node of BT.At first, will gather (1 → n) and set (2 ← n) are associated with root node.Because the lower floor at root node is connecting all leaf nodes, so root node is by synthetically or selectively comprising the set expression of those leaf nodes.Specifically, will gather (1 → 64) and the set (2 ← 64) be associated with the root node of Fig. 3.For example, consider set (1 → 64).Set (1 → 64) comprise subset [1,1] as its element, [1,2] ..., [1,64].For example, in order to represent all users (leaf node), can use subset [1,64], it is included in wherein as the element of set (1 → 64).Further, in order to represent all other users except number is 16 user, can use subset [1,15] and [17,64], they are respectively as set (1 → 64) with gather (2 ← 64) and be included in wherein.Like this, can represent to be positioned at by the subset of the set that is associated the combination of the leaf node (user) of root node lower floor.

Then, the subset with the user is associated with the intermediate node of BT.At first, will gather (lv+1 ← rv) be associated with the intermediate node v that belongs to above-mentioned set B TL.On the other hand, will gather (lv → rv-1) be associated with the intermediate node v that belongs to above-mentioned set B TR.Certainly, those set are associated with all intermediate node v of BT.With reference to Fig. 3, near those set of indication each intermediate node.For example, about the intermediate node that is associated with set (2 ← 4), exist respectively with set (2 ← 2) and gather two intermediate nodes that (3 → 3) are associated in the lower floor of intermediate node, and number is that 1～4 leaf node further is connected with them.When expression except number be 3 that except the combination of those leaf nodes the time, can be by one group of subset { [1,1] [2,2], [4,4] } or { [1,2], [4,4] } expression.Although subset [1,1] and [1,2] are the elements of the set (1 → 64) that is associated with root node, subset [2,2] and [4,4] are respectively the elements of set (2 ← 2) and (2 ← 4).

Like this, this basic scheme uses binary tree BT to define the subset of user's set.This method can represent with various combinations user's subset.The complete or collected works that are made of those subsets are called aggregation system (set system) Φ, and are defined as following expression formula (1).Therefore, following expression formula (1) mathematics ground has represented the binary tree by top method structure.

[expression formula 1]

Φ = \underset{v &Element; BTL}{\cup} (lv + 1 &LeftArrow; rv) \cup \underset{v &Element; BTR}{\cup} (lv &RightArrow; rv - 1) \cup (1 &RightArrow; n) \cup (2 &LeftArrow; n) \cdot \cdot \cdot (1)

The method of the binary tree of configuration adjustment subset has above been described.The basic conception of this basic scheme is the set key that each subset is arranged encrypted content key, uses each set secret key encryption content key, and it is distributed to all users.By defining as described above subset, a kind of means of sorted users combination have been regulated at least.Hereinafter, will the algorithm that use those subsets to generate the set key be described.

(oriented map generalization)

Hereinafter with reference to Fig. 4 the method that representative generates the directed graph of the algorithm of gathering key that generates is described.But, before this, hereinafter at first describe the set key of encrypted content key and generate relation between the intermediate key of set key.

As sketching above, this basic scheme is used for generating the set key with specific pseudo-random number generator PRSG (pseudo-random sequence generator).When the input intermediate key t (S0) corresponding with certain subset S0, PRSG export the set key k (S0) corresponding with subset S0 and with about subset S1, the S2 of subset S0 ..., corresponding intermediate key t (S1), the t (S2) of Sk ..., t (Sk).S set 0 and S1, S2 ..., yes consists of subset some of aggregation system Φ for Sk.Therefore, PRSG is the key generation unit.The feature of this basic scheme is the logic of regulating the relation between the input and output of PRSG.Hereinafter describe to regulate S set 0 and S set 1, S2 ..., the directed graph of the relation between the Sk.

Will be as follows for the symbol definition of following description:

-the intermediate key corresponding with subset Si: t (Si)

-set the key corresponding with subset Si: k (Si)

-content key: mek

-pseudorandom number generator: PRSG

(noticing that the input table of t (S0) is reached PRSG (t (S0)))

On the other hand, will be expressed as from the output of PRSG

t(S1)||...||t(Sk)||k(S0)←PRSG(t(S0))

-directed graph: H

(notice that (the corresponding directed graph of i ← j) is expressed as H (i ← j)) with set

-directed edge: E

-directed walk: V

At first, determine parameter k (k is natural number).For simplicity, hypothesis is k|log (n) (hereinafter, the truth of a matter of log is 2) in this example.Because parameter k finally affects quantity and the required amount of calculation of generation set key of the intermediate key of terminal unit 20 preservations, so should suitably arrange according to situation.In Fig. 4, for example, k=6 is set.

Then, the ad hoc fashion that draws directed graph is hereinafter described.At first, by illustration the directed graph H corresponding with the intermediate node v that belongs to BTR (lv → rv-1) is described.

(S1) arrange and make up the directed graph H (horizontal axis of lv → rv-1).On horizontal axis, (the subset Si of the element of lv → rv-1) is designated as coordinate points will to form set.The subset Si that forms coordinate points with degree of comprising from left to right increasing mode arrange.For example, directed graph H (5 → 7)=H ({ [5,5], [5,6], [5,7] }) is got example of work, reference axis contains three coordinate points that begin to have specified successively subset [5,5], [5,6], [5,7] from the left side.

If on the first horizontal axis to the right the vertical line at the starting point place of directed graph H be x, the then intersection point of directed graph H and vertical line y representative [x, y], and if on the second horizontal axis left the vertical line at the starting point place of directed graph H be z, the then intersection point of directed graph H and vertical line y representative [y, z].

After this, will be placed on as the interim coordinate points of starting point the left side of coordinate points the most left on the reference axis, and be arranged to starting point, and will be placed on as the interim coordinate points of terminal point the right side of coordinate points the rightest on the reference axis, and be arranged to terminal point.In the reference axis that arranges like this, the length L v from the interim coordinate points (starting point) of left end to the interim coordinate points (terminal point) of right-hand member is Lv=rv-lv+1.

(S2) arrange and make up the directed graph H (directed edge of lv → rv-1).

(S2-1) n is satisfied in calculating ^(x-1)/k＜Lv≤n ^X/kInteger x.Integer x satisfies 1≤x≤k.

(S2-2) carry out following operation by changing from 0 to x-1 counting i.From the starting point of horizontal axis left end, repeat to arrange and extend to and this coordinate points n of being separated by ^I/k(directed edge to the right of the coordinate points of i=0～x-1) (jumps to and this coordinate points n of being separated by ^I/kCoordinate points), until the head of directed edge arrives the terminal point of horizontal axis right-hand member, or the head overstep of end point of the next directed edge that arranges.

(S3) deletion afterbody or head all directed edges on interim coordinate points.

(S4) if there are many directed edges that arrive certain coordinate points, then only stay the longest directed edge, and deletion all other directed edges except the longest directed edge.

Step on carried out (S1)～(S4) afterwards, directed graph H (lv → rv-1) just finished.For example, with reference to the 3rd layer of directed graph H (33 → 63) that is positioned at the right side that as an example the top from Fig. 4 is counted, the essence of directed graph H (33 → 63) is by as ogive curve and the line group that is connected with an end of ogive curve and forms along the directed edge of the straight line of horizontal direction extension.Further, curve and the straight line of formation directed graph H (33 → 63) are directed edges.End points and the intersection point between the vertical line of directed edge are coordinate points.Although be not clearly shown that horizontal axis in Fig. 4, horizontal axis is comprised of one group of intersection point between the end points of vertical line and directed edge.Further, on directed graph H (33 → 63), described hollow arrow, the direction of its indication directed edge.Specifically, its indication form directed graph H (33 → 63) all directed edges all to the right.

So that (mode that lv → rv-1) is identical, the directed graph H that is associated with the intermediate node v that belongs to BTL is set, and (lv+1 ← rv) and the directed graph H that is associated with root node (1 → n) and H (2 ← n) with directed graph H.Note, when arrange directed graph H (lv+1 ← rv) and H (and during 2 ← n) reference axis, with degree of comprising from right to left increasing mode subset Si is arranged on the horizontal axis so that the direction of directed edge is left.Further, (generate directed graph H (1 → n) in 1 → n-1) by directed edge E ([1, n-1], [1, n]) being added directed graph H.On the other hand, by (method of lv+1 ← rv) identical arranges directed graph H (2 ← n) with directed graph H.

Hereinafter the directed graph H (1 → 64) of Fig. 4 is got and make an example supplemental instruction is provided.At first, in the horizontal axis of directed graph H (1 → 64), the most left coordinate points (with the intersection point of vertical line 1) is [1,1]={ 1}, right neighbour's coordinate points (with the intersection point of vertical line 2) is [1,2]={ 1,2}, and further right neighbour's coordinate points is [1,3]={ 1,2,3}.Further, just in time each above the directed graph or below arrow indication form the direction of all directed edges of directed graph H.For example, directed graph H (1 → 64) contains from coordinate points [1,1] to the directed edge of [1,2] and extends to two directed edges of [1,3] and [Isosorbide-5-Nitrae] from coordinate points [1,2].Further, the bullet that is depicted in Fig. 4 bottom begin from the left side to indicate respectively directed graph H (2 → 2), H (3 → 3) ..., H (63 → 63).

The method of configuration directed graph H has above been described.Fig. 4 shows the result who draws the directed graph H corresponding with the intermediate node of BT and root node by said method.This example is the situation of n=64 and k=6.The logic of using directed graph H to generate the set key is hereinafter described.

(generation of set key)

As previously mentioned, this basic scheme is used set key k (Si) the encrypted content key mek that is assigned to the every subset Si that consists of top aggregation system Φ and is distributed it.Therefore, each coordinate points of above-mentioned directed graph H is corresponding to the subset Si that is comprised of one or more users, and will gather key k (Si) and be assigned to it.Further, intermediate key t (Si) also is assigned to above-mentioned every subset Si, and is used for generating set key k (Si).

By the way, because the number of repetition in the processing of step (S2-2) is x when above-mentioned directed graph H generates, 1≤x≤k wherein is so k bar directed edge is derived from each coordinate points of directed graph H at most.As the subset of the coordinate points of the destination that is derived from of certain coordinate points (subset S0) or a more than directed edge by with certain coordinate points near order (by the length order of directed edge) be respectively S1, S2 ..., Sk.Note, if be derived from the quantity of the directed edge of coordinate points (subset S0) be q (q＜k), with Sq+1, Sq+2 ..., Sk is used as dummy argument and treats, and in fact do not use them.

This basic scheme is used λ position input of response and is exported the above-mentioned PRSG of (k+1) λ position output.If input the intermediate node t (S0) corresponding with certain coordinate points (subset S0), then coordinate points on the head of the directed edge on certain coordinate points of PRSG output and afterbody (subset S1, S2 ..., Sk) corresponding intermediate key t (S1), t (S2) ..., the set key k (S0) of t (Sk) and subset S0.Therefore, t (S1) || ... || t (Sk) || k (S0) ← PRSG (t (S0)).By the output of PRSG being delimited into each from λ of left side position, obtain intermediate key t (S1), t (S2) ..., t (Sk) and gather key k (S0).

For example, directed graph H (1 → 64) and concern coordinate points (subset S0)=[1 with reference to Fig. 4,8] (the 8th coordinate points of counting from left end), article four, directed edge is derived from coordinate points S0, their head is at S1=[1,9], S2=[1,10], S3=[1,12] and S4=[1,16].Therefore, if with among intermediate key t (S0) the input PRSG, can obtain k (S0), t (S1), t (S2), t (S3) and t (S4).Further, if in t (S4) the input PRSG that obtains, then can obtain and S11=[1,17], S12=[1,18], S13=[1,20], S14=[1,24] and S15=[1,32] corresponding k (S4) and t (S11), t (S12), t (S13), t (S14) and t (S15).Like this, can calculate a plurality of set key k (Si) by reusing PRSG.

From top example, can easily infer, for certain intermediate key, by reuse PRSG can derive with from the accessible coordinate points of oriented side chain of extending corresponding to the coordinate points of certain intermediate key corresponding intermediate key and set key.So each user only need preserve minimum the intermediate key that can derive all intermediate key corresponding with the subset that comprises this user.On the other hand, at least preserve the intermediate key corresponding with the initial coordinate point of each directed graph H if generate the key distribution server of the set key of encrypted content key, then by using PRSG to repeat to process, can derive the set key corresponding with other coordinate points of directed graph.

Therefore, in case set up key distribution system, just for the initial coordinate point (root) of each the directed graph H in the key distribution server, for example λ position random number is arranged to intermediate key to the manager of key distribution system.The initial coordinate point (root) of directed graph H is that directed edge is derived from but the coordinate points that do not have directed edge to arrive.For example, the initial coordinate point of the directed graph H (1 → 64) among Fig. 4 is the coordinate points [1,1] of horizontal axis left end.

Intermediate key is used for improving the purpose of fail safe.Reduce the treating capacity that the set key generates and not special requirement is paid close attention in the situation of fail safe at needs, it is feasible not using intermediate key ground directly to calculate another set key from certain set key.For example, in upper example, the output during with the set key k (S0) of subset S0 input PRSG can be k (S1), k (S2), k (S3) and the k (S4) as the set key of each subset S1～S4.

The above has described the method that generates the set key.Above-mentioned set key generation method not only is used in the key generation server of content key transmission end, and is used in the terminal unit of receiving terminal.

(distribution of intermediate key)

The distribution of the terminal unit of intermediate key from the key distribution server to each user is hereinafter described.As sketching previously, a plurality of intermediate key that are necessary to derive the set key corresponding with all subsets of the terminal unit that comprises the user offer each user's terminal unit.Certainly, should avoid providing the intermediate key that can derive the set key corresponding with the subset of the terminal unit that does not comprise the user, best, with regard to the efficient of memory capacity, make the minimum number of the intermediate key that provides.

Accordingly, the distributor of intermediate key extracts subset under the terminal unit contain user u (hereinafter be also referred to as " subset under the user u " or " subset that comprises user u) as all directed graph H of an element.Then, if user u is included in the subset corresponding with the initial coordinate point (root) of directed graph H, distributor only will be put the terminal unit that corresponding intermediate key offers user u with initial coordinate.On the other hand, if user u belongs to certain subset corresponding with the coordinate points of the initial coordinate point that is different from directed graph H, distributor is found out such subset S0, be that user u is included among the subset S0, but be not included among the subset p arent (S0) as the father and mother of subset S0, and the intermediate key t (S0) of subset S0 offered the terminal unit of user u.In other words, if in directed graph H, there are different from initial coordinate point and corresponding with the subset that comprises user u a plurality of coordinate points, distributor extracts such coordinate points S0 from those coordinate points, be that user u is not included in and arrives corresponding among the corresponding subset p arent (S0) of the afterbody of the directed edge of the coordinate points of subset S0, and the intermediate key t (S0) of coordinate points (S0) offered the terminal unit of user u.If there are a plurality of such coordinate points S0, provide the intermediate key t (S0) of each coordinate points.The set membership of coordinate points determines that by directed edge the coordinate points of directed edge afterbody is as the father and mother of head coordinate points, and the coordinate points of directed edge head is as the children of afterbody coordinate points.Hereinafter, the coordinate points parent (S0) that arrives on the afterbody of directed edge of certain coordinate points S0 is called father's coordinate points.If certain coordinate points S0 is the starting point of directed graph H, then there is not father's coordinate points, and if not the starting point of directed graph H, then only has father's coordinate points.In some cases, in a directed graph H, may have a plurality of such coordinate points, namely user u is included in the corresponding with it subset, but user u is not included in the subset corresponding with its father's coordinate points.

Hereinafter specifically describe the distribution method of intermediate key with reference to the example of Fig. 4.

(example 1) considers to be distributed to user 1 intermediate key.At first, contain subset under the user 1 as the result of the directed graph H of element as search, only find directed graph H (1 → 64).User 1 belongs to the subset [1,1] as the initial coordinate point of directed graph H (1 → 64).Therefore, only intermediate key t ([1,1]) is offered user 1.

(example 2) considers to be distributed to user 3 intermediate key.At first, contain subset under the user 3 as the result of the directed graph H of element as search, find directed graph H (1 → 64), H (2 ← 64), H (2 ← 32), H (2 ← 16), H (2 ← 8), H (2 ← 4) and H (3 ← 3).Observe directed graph H (1 → 64), user 3 does not belong to the subset [1,1] on the initial coordinate point, but belong to the 3rd and subsequently the subset [1,3] on the coordinate points, [Isosorbide-5-Nitrae] ..., [1,64].In the middle of those coordinate points, father's coordinate points does not comprise that user 3 coordinate points only has [1,3] and [Isosorbide-5-Nitrae].Specifically, user 3 is not included in the coordinate points [1,2] as the father's coordinate points parent ([1,3]) that comprises user 3 coordinate points [1,3] and [Isosorbide-5-Nitrae] and parent ([Isosorbide-5-Nitrae]).Therefore, t ([1,3]) and t ([Isosorbide-5-Nitrae]) are offered user 3 as the intermediate key corresponding with directed graph H (1 → 64).Equally, select corresponding intermediate key and provide it to user 3 for other directed graph H (2 ← 64), H (2 ← 32), H (2 ← 16), H (2 ← 8), H (2 ← 4) and H (3 ← 3).Therefore, eight intermediate key offer user 3 altogether.

Below with reference to Fig. 5 short summary once until intermediate key is distributed to the processing of each user's terminal unit.Fig. 5 illustrates the flow chart of distributing the handling process of intermediate key according to system made in the key distribution server.

As shown in Figure 5, the key distribution server of key distribution system parameters etc. at first.For example, the key distribution server is determined user's quantity n, set key and the figure place λ of intermediate key, the Pseudo-Random Number of given parameters k, PRSG etc., and to all users' terminal unit announce they (S102).Then, the key distribution server is divided into given subset with user's set, then determine and announce with and the aggregation system Φ (referring to top expression formula (1)) of set representations (S104).Then, the directed edge T (S106) of directed graph H and each directed graph of formation H is determined and announced to the key distribution server.Further, the key distribution server is determined the intermediate key (S108) corresponding with each subset that consists of aggregation system Φ.After this, the key distribution server is distributed the terminal unit 20 of necessary intermediate key to each user, so that each user can derive the set key (S110) corresponding with the subset that comprises the user.

The distribution method of intermediate key has above been described.If the distribution method above using, the terminal unit of then distributing each permitted user generates minimum required intermediate key of set key, thereby can reduce the memory capacity of intermediate key in the traffic between key distribution server and the terminal unit and each user's the terminal unit.

(distribution of content key)

The method of key distribution server distribution of encrypted content key mek is hereinafter described.At first, the key distribution server uses the set secret key encryption content key mek that can only be generated by the terminal unit 20 of permitted user.Specifically, the set R of the definite user's that will get rid of of key distribution server (hereinafter referred to as " getting rid of the user ") terminal unit, then the set R (hereinafter referred to as " getting rid of user's set (R) ") by from the set N of terminal unit 1～n of all users, excluding the terminal unit of getting rid of the user, determine permitted user terminal unit set N R (hereinafter referred to as " set of permitted user (N R) ").Then, use the subset Si that from the subset that consists of aggregation system Φ, selects (i=1,2 ..., m) and the set (N R) of set representations permitted user=S1 ∪ S2 ∪ ... ∪ Sm.Although there are a large amount of combinations of subset Si, select the subset Si of the value minimum of m.After selecting by this way subset Si, the key distribution server uses set key k (Si) the encrypted content key mek corresponding with every subset Si.Specifically, content key mek gathered key k (S1), k (S2) ..., k (Sm) encrypts, and becomes m encrypted content key mek.Then, m encrypted content key mek is distributed to terminal unit 1～n of all users.At this moment, also will indicate the distribution of information of the information of set (N R) of permitted user or indication m subset Si to terminal unit 1～n of all users.

Below with reference to Fig. 6 short summary handling process of distribution of encrypted content key mek once.Fig. 6 is the flow chart that the handling process of distributing contents key is shown.

As shown in Figure 6, the key distribution server at first determine to be got rid of user's set (R), and the user's that secures permission set (N R) (S112).Then, the key distribution server so that the mode of the value minimum of m from the subset that consists of aggregation system Φ, select to contain N R union m subset Si (i=1,2 ..., m) (S114).Then, the key distribution server uses corresponding with selected subset Si respectively set key k (Si) encrypted content key mek (S116).Further, the key distribution server will be indicated the information of the set (N R) of permitted user or each subset Si and terminal unit 1～n (S118) that m encrypted content key mek is distributed to all users.

Encryption method and the distribution method of content key mek have above been described.If the encryption method above using just can be selected subset Si effectively, be that minimum necessity is individual in order to make the quantity of set key.Because from then on use minimum necessity set secret key encryption content key mek, encrypt required amount of calculation so can save, and reduced the quantity of the encrypted content key that will distribute, thereby reduced the traffic.

(deciphering of content key)

The decryption processing of encrypted content key in each user's the terminal unit is hereinafter described.Decryption processing is such, and terminal unit obtains content key mek according to the set of the indication permitted user that receives from the key distribution server (N R) or information and m ciphertext of m subset Si.

Terminal unit receives the information of set (N R) of encrypted content key and indication permitted user or the information of indication m subset Si from the key distribution server.Further, terminal unit is analyzed this information, and judges whether it belongs to the some of m subset Si.If terminal unit does not belong to certain subset, it just finishes decryption processing, because it is the terminal unit of getting rid of the user.On the other hand, if terminal unit is found out the subset Si under it, it just uses above-mentioned PRSG to derive the set key k (Si) corresponding with subset Si.The configuration of PRSG as hereinbefore.

In this step, if intermediate key t (Si) that in advance will be corresponding with top subset Si when system made offers terminal unit from the key distribution server, and pre-save it, then by will intermediate key t (Si) deriving the set key k (Si) corresponding with top subset Si among the input PRSG.On the other hand, if terminal unit is not preserved relevant intermediate key t (Si), terminal unit can be by repeatedly will deriving desired set key k (Si) among the intermediate key input PRSG that preserve.Further, terminal unit uses set key k (Si) the enabling decryption of encrypted content key mek that derives like this.

Specifically describe the derivation of above-mentioned set key k (Si) in the terminal unit below with reference to the example of Fig. 4.In user 3 terminal unit, suppose that " 1,8 " are chosen as its affiliated subset.As mentioned above, the intermediate key of the in store subset of user 3 terminal unit [Isosorbide-5-Nitrae].With reference to the directed graph H (1 → 64) of Fig. 4, the directed edge that extends to coordinate points [1,8] from coordinate points [Isosorbide-5-Nitrae] is set, in the middle of the directed edge on the coordinate points [Isosorbide-5-Nitrae], this directed edge has the 3rd short length (skip distance) at afterbody.Therefore, in the middle of the output when the intermediate key t ([Isosorbide-5-Nitrae]) with subset [Isosorbide-5-Nitrae] inputs PRSG, the 3rd a λ bit position of counting from the top is the intermediate key t ([1,8]) of subset [1,8].Terminal unit extracts intermediate key t ([1,8]) from the output of PRSG, again it is inputted among the PRSG, and extract a last λ bit position, thereby obtain desired set key k ([1,8]).

Equally, in user 1 terminal unit, suppose that " 1,8 " is chosen as its affiliated subset.The intermediate key of the in store subset of user 1 terminal unit [1,1].Under these circumstances, terminal unit 20 can be by from subset [1,1] intermediate key t ([1, the λ bit position that extraction is counted from the top in the middle of the output when 1]) inputting PRSG is (corresponding to intermediate key t ([1,2])), then from intermediate key t ([1, the 2nd λ bit position that extraction is counted from the top in the middle of the output when 2]) inputting PRSG is (corresponding to intermediate key t ([1,4])), further from intermediate key t ([1, the 3rd λ bit position that extraction is counted from the top in the middle of the output when 4]) inputting PRSG is (corresponding to intermediate key t ([1,8])), at last from intermediate key t ([1, extract decline in the middle of the output when 8]) inputting PRSG (corresponding to set key k ([1,8])), obtain desired set key k ([1,8]).

Sum up the handling process of enabling decryption of encrypted content key mek in each user's terminal unit below with reference to Fig. 7.Fig. 7 is the flow chart that the key that is illustrated in decrypted content keys in each user's the terminal unit generates handling process.

As shown in Figure 7, each user's terminal unit at first from the key distribution server receive m encrypted content key mek and indication permitted user set (N R) information or indicate m subset Si (i=1,2 ..., m) information (S120).Then, terminal unit is according to the subset Si (S122) of this information search under it, and judges whether it belongs to m subset Si some (step S124).

As a result, if terminal unit is found out the subset Si under it, PRSG derived the set key k (Si) corresponding with subset Si (S126) above it just used.The configuration of PRSG as hereinbefore.If the intermediate key t (Si) that the key distribution server in advance will be corresponding with subset Si when setting up offers terminal unit, and preserves it, then it just can derive set key k (Si) by using once PRSG.On the other hand, if terminal unit is not preserved relevant intermediate key t (Si), it can derive desired set key k (Si) by repeatedly using PRSG.After this, terminal unit uses set key k (Si) the enabling decryption of encrypted content key mek (S128) that derives like this.

On the other hand, if terminal unit judges that in step S124 it does not belong to the some of subset Si, then terminal unit shows and output: " it is excluded outside the terminal unit that allows accessed content (namely; it is to get rid of the user) " (S130), and the decryption processing of end content key.

The decryption method of content key in the terminal unit has above been described.Above decrypt scheme be use to generate intermediate key and gather the PRSG of key and according to the information and executing of relevant directed graph H.Therefore, information and the PRSG about directed graph also is absolutely necessary in each user's terminal unit.But, use the method for PRSG can make the minimum number of the intermediate key that each user's terminal unit will preserve.

Encryption key distribution scheme according to the basic fundamental of this embodiment has above been described.By using basic scheme, the quantity of the intermediate key that each user's terminal unit will be preserved is O (k*log (n)), and the required amount of calculation (number of operations of PRSG) of generation set key is no more than (2k-1) * (n ^1/k-1).But shown in Figure 13 as hereinafter described (A), the quantity that has an intermediate key that each user's terminal unit will preserve according to the encryption key distribution scheme of basic fundamental is very large problem still.

Further, the decisive factor of the required amount of calculation of terminal unit depends on the number of times that moves PRSG in order to derive desired intermediate key during enabling decryption of encrypted content key mek.Worst-case value with among the directed graph H from initial coordinate point (root) to farthest quantity (that is, the number of skips) expression of the directed edge of last coordinate points (leaf that does not have directed edge to be derived from).In example as shown in Figure 4, for the initial coordinate point [1,1] from directed graph H (1 → 64) arrives last coordinate points [1,64], be necessary to pass 11 directed edges (carrying out 11 times jumps), this means operation PRSG nearly 11 times.Therefore, exist the number of run of PRSG a lot of according to the encryption key distribution scheme of basic fundamental, therefore, derive another very large problem of amount of calculation of intermediate key.

The＜the first embodiment 〉

The present inventor conducts extensive research in order to solve top problem, has developed the encryption key distribution scheme according to the embodiment of the invention (the first embodiment) as described below.The large binary tree BT that will represent all users' terminal unit according to the encryption key distribution scheme of this embodiment is divided into a plurality of little basic subtrees, creating hierarchy, and the key deriving method of top basic scheme is used for each basic subtree and directed edge between the basic subtree is set.The quantity that can either reduce like this intermediate key that terminal unit 20 preserves can reduce again the amount of calculation in the terminal unit 20.Hereinafter, key distribution server 10 and the functional configuration of terminal unit 20 and the feature and advantage of this encryption key distribution scheme that realize according to the encryption key distribution scheme of this embodiment will be described in detail.

[configuration of key distribution server 10]

Hereinafter with reference to the functional configuration of Fig. 8 detailed description according to the key distribution server 10 of this embodiment.Fig. 8 is the calcspar that illustrates according to the functional configuration of the key distribution server 10 of this embodiment and terminal unit 20.

As shown in Figure 8, key distribution server 10 comprises that tree structure arranges part 102, reference axis and part 104, directed edge are set arrange that directed edge arranges part 108 between part 106, subtree, initial intermediate key arranges part 112, key generating portion 114, encryption section 116, translator unit 118 and subset determining section 120.Reference axis arranges part 104, directed edge and directed edge is set between part 106 and subtree part 108 is set consists of the directed graph generating portions.Further, tree structure arranges part 102 and directed graph generating portion 110 and is referred to as the key formation logic and makes up piece.Equally, initial intermediate key arranges part 112 and key generating portion 114 and is referred to as key and generates piece.

Hereinafter describe and consist of the element that the key formation logic makes up piece.The key formation logic makes up piece and carries out the processing corresponding with (setting of tree structure) and (oriented map generalization) in above-mentioned [description of basic fundamental].

(tree structure arranges part 102)

Tree structure arranges part 102 and is divided into a plurality of basic subtrees by the whole tree BT that will contain n the leaf node of specifying the number 1～n (n is natural number) corresponding with the individual terminal unit of n (n is 2 power) 20 and disposes y layer hierarchy.Like this, the feature of this embodiment is to arrange at tree structure to dispose the tree structure that separates into basic subtree in the part 102.Although for convenience of description, the total n of terminal unit 20 is described as 2 power, but be not limited to such example, for example, if the sum of terminal unit 20 is not 2 power, can dispose the whole tree that contains above n (n is 2 power) leaf node of the sum of terminal unit 20.

The parameter in being used in foregoing basic fundamental, this embodiment also uses the parameter y of the number of plies of the whole tree of indication BT.Note, y|log (n), that is, y is the approximate number of log (n).Then, tree structure arranges part 102 and uses and contain n ^1/yThe whole tree BT of the binary tree structure of all terminal units of the basic subtree layering representative of consumer of individual leaf node.

Whole tree BT has the binary tree BT (referring to Fig. 3) that is equivalent to foregoing basic fundamental, highly is the complete binary tree structure of log (n).Whole tree BT is by the n that is assigned to terminal unit 20 leaf node, at the root node on whole top of setting BT be different from root node and a plurality of intermediate key of leaf node form.On the other hand, to have highly be (the complete binary tree structure of (log (n))/y) to basic subtree.Basic subtree is by n ^1/yIndividual leaf node, at the root node on the top of basic subtree be different from root node and a plurality of intermediate key of leaf node form.

Tree structure arranges part 102 and at first creates whole tree so that the quantity n of leaf node is greater than the sum of terminal unit 20, and from left end begin to turn right with

number

1,2 ..., n is assigned to each leaf node.

Further, tree structure arranges part 102 top whole tree BT is divided into a plurality of basic subtrees, with formation y layer hierarchy, and makes up by this way basic subtree, even the root node of the basic subtree of lower floor is consistent with the leaf node of the subtree on upper strata, thereby make up whole tree BT.

Figure 9 illustrates the special case of such hierarchical tree structure.In the example of Fig. 9, the quantity of terminal unit 20 is arranged to n=64, and parameter y is arranged to y=2.As shown in Figure 9, whole tree BT (highly be 6 and the quantity of leaf node be 64) is divided into nine basic subtrees with Two-tier hierarchy (highly be 3 and the quantity of leaf node be 8).The quantity of the basic subtree on upper strata is 1, and the quantity of the basic subtree of lower floor is 8.The root node of the basic subtree on upper strata is identical with the root node of whole tree BT, and the quantity of the leaf node of the basic subtree on upper strata is 8, that is, a, b, c ..., h.Leaf node a, the b of the root node of the basic subtree of each of lower floor and the basic subtree on upper strata, c ..., h is consistent, and the leaf node of each basic subtree of lower floor be as the part of the leaf node 1～64 of above-mentioned whole tree BT eight leaf nodes (for example, 1～8,9～16,17～24 ..., 57～64).

Like this, symbol among Fig. 9 " a, b, c ..., h " root node of the leaf node of basic subtree on indication upper strata and the basic subtree of lower floor, and indication is positioned at the set of leaf node of the lower floor of root node: Aa}, Ab}, Ac} ..., { Ah}.For example, " a " indication set the Aa}=

subset

1,2 ..., 8}, and " b " indication set the Ab}=subset 9 ..., 16}.

The leaf node of the basic subtree on the low layer corresponds respectively to terminal unit 20.Further, suppose in the following description, terminal unit 20 and user are one to one, and in some cases, indicate with word " user " with " terminal unit 20 " that leaf node 1～n (leaf node of the basic subtree of each on the bottom) of whole tree BT is associated.Although Fig. 9 shows the example that the quantity of the leaf node of BT is n=64 and y=2, be not limited to such example, the value of n can look like n=4 (=2 ²), 8 (=2 ³), 16 (=2 ⁴), 32 (=2 ⁵), 128 (=2 ⁷) ... like that, be any power of 2.Further, except the example of as shown in the figure y=2, a minute layer parameter y also can arrange arbitrarily, as long as it is the approximate number of log (n).

Further, tree structure arranges part 102 after the position relationship of having considered between the node, the set of leaf node 1～n that combination is corresponding with user's terminal unit 20 and each node that forms the whole BT of tree that as above consists of, that is, root node and the leaf node of each basic subtree are associated.Like this, tree structure arranges part 102 and also plays set associative part.Hereinafter describe the association of set in detail.

Will be as follows with set and symbol definition in the following description.

N: the set of all terminal units 20 (user) 1,2 ..., n};

Aw: be positioned at the set of the leaf node in the lower floor of node w of whole tree BT.That Aw only indicates those leaf nodes (that is, the set of node w) in the situation (node w is the situation of the leaf node of the basic subtree on the bottom) of leaf node of whole tree BT at node w.Those leaf nodes are referred to as " belonging to the set of the leaf node of Aw ";

Pw: the leaf node that is positioned at the set leftmost side of the leaf node that belongs to Aw;

Qw: the leaf node that is positioned at the set rightmost side of the leaf node that belongs to Aw;

[pw，qw]：{pw，pw+1，pw+2，...qw-1，qw}；

v ^(-i): the leaf node that is positioned at locational each the basic subtree of left side i of certain leaf node v;

v ⁽⁺ⁱ⁾: the leaf node that is positioned at locational each the basic subtree of right side i of certain leaf node v;

About two leaf node u of basic subtree, v (v is on the right side of u):

Set (u → v)={ Au, Au ∪ Au ⁽⁺¹⁾..., Au ∪ ... ∪ Av}

＝{[pu，qu]，[pu，qu ⁽⁺¹⁾]，...，[pu，qv ^(-1)]，[pu，qv]}；

Set (u ← v): { Av, Av ∪ Av ⁽¹⁾..., Av ∪ ... ∪ Au}

Lv ': be positioned at the leaf node on the left end of a plurality of leaf nodes in the lower floor of node v (root node or intermediate node) of basic subtree;

Rv ': be positioned at the leaf node on the right-hand member of a plurality of leaf nodes in the lower floor of node v (root node or intermediate node) of basic subtree;

A: from the set of the root node of basic subtree, get rid of the set of the root node of whole tree;

BTL: be positioned at the set of the intermediate node of the basic subtree on the left side of father node;

BTR: be positioned at the set of the intermediate node of the basic subtree on the right side of father node;

Set membership as referred to herein is indicated the hierarchical relational of the node that connects on the basic subtree, refer to father node and be positioned at the upper strata, and child node is positioned at the relation of lower floor.

When using as defined above set and symbol, tree structure arranges part 102 after the position relationship of having considered between the node, the set of leaf node 1～n that combination is corresponding with terminal unit 20 and whole each node of setting BT of the layering that as above consists of, that is, the root node of each basic subtree and leaf node are associated.

Specifically, tree structure arranges part 102 and will gather (l _Root' → r _Root') and set (l _Root' ⁽⁺¹⁾← r _Root') be associated with the root node (corresponding to the root node of whole tree BT) of the basic subtree of top layer.In the example in Fig. 9, will gather that ((b ← h) is associated with the root node of the basic subtree on upper strata for a → h) and set.

Further, for the intermediate node of the basic subtree on different from the bottom layers, if the intermediate node v of each basic subtree is positioned at its father node left side, tree structure arrange part 102 will gather (lv ' ⁽⁺¹⁾← rv ') is associated with intermediate node v; On the other hand, if be positioned at its father node right side, tree structure arrange part 102 will gather (lv ' → rv ' ⁽¹⁾) be associated with intermediate node v.In the example of Fig. 9, will gather (b ← d), set (e → g), set (b ← b), set (c → c), set (f ← f) and gather that (g → g) is associated with six intermediate node v of the basic subtree on upper strata respectively.For example because symbol e, f and g indicate respectively subset 30 ..., 40}, subset 41 ..., 48} and subset 49 ..., 56}, thus set (e → g) indicate those subsets Ae, Ae ∪ Af, Ae ∪ Af ∪ Ag}={{30 ..., 40}, 33 ..., 48}, 33 ..., the set of 56}}.

Like this, in this embodiment, subset be not leaf node 1～n take whole tree as unit, but be associated with the node of basic subtree take the leaf node a～h of the basic subtree on upper strata as unit.Although the example of Fig. 9 is Two-tier hierarchy, therefore the basic subtree that does not have the intermediate layer, if but hierarchy contain, for example, three layers or more multi-layered, then subset is associated with the node of the basic subtree in intermediate layer take the leaf node of the basic subtree in intermediate layer as unit.

Further, tree structure arrange part 102 will gather (lv ' → rv ' ⁽¹⁾) and set (lv ' ⁽⁺¹⁾← rv ') is associated with the root node v of basic subtree on the layer that is different from top layer.In the example of Fig. 9, with root node a, the b of eight basic subtrees of two set and lower floor, c ..., among the h each is associated.For example, will gather (2 ← 8) and the set (1 → 7) be associated with root node a.Like this, two set are associated with each root node of basic subtree, and not only are associated with the root node of whole tree.

Further, if the intermediate node v of the basic subtree of each of bottom is positioned at its father node left side, tree structure arrange part 102 will gather (lv ' ⁽⁺¹⁾← rv ') be associated with intermediate node v, and if be positioned at its father node right side, tree structure arrange part 102 will gather (lv ' → rv ' ⁽¹⁾) be associated with intermediate node v.For example, each intermediate node that will gather the basic subtree on lower floor's left end of (2 ← 4), set (5 → 7) and set (2 → 2) etc. and Fig. 9 is associated.

As mentioned above, in the encryption key distribution scheme according to this embodiment, use the subset of the binary tree BT definition user set that separates into a plurality of basic subtrees.This method can represent with various combinations user's subset.The complete or collected works that are comprised of those subsets are called aggregation system ψ, and are defined as following expression formula (2).Therefore, following expression formula (2) mathematics ground has represented the whole tree BT by the binary tree structure of top method structure.

[expression formula 2]

Ψ = \underset{v &Element; BTL \cup A}{\cup} ({lv}^{' (+ 1)} &LeftArrow; {rv}^{'}) \cup \underset{v &Element; BTR \cup A}{\cup} ({lv}^{'} &RightArrow; {rv}^{' (- 1)}) \cup ({l_{root}}^{'} &RightArrow; {r_{root}}^{'}) \cup ({l_{root}}^{' (+ 1)} &LeftArrow; {r_{root}}^{'})) \cdot \cdot \cdot (2)

The method of binary tree of subset that part 102 configuration adjustment users' terminal unit 20 is set by the tree structure according to this embodiment has above been described.Basic conception according to the encryption key distribution scheme of this embodiment is the set key that each subset is arranged encrypted content key, uses each set secret key encryption content, and it is distributed to all users.By defining as described above subset, a kind of means of sorted users combination have been regulated at least.Hereinafter, will the algorithm that use those subsets to create directed graph and generate the set key according to directed graph be described.

Directed graph generating portion 110 creates to correspond respectively to tree structure the set (l that the node of the whole tree of the layering BT of part 102 configurations is associated is set _Root' → r _Root'), the set (lv ' → rv ' ⁽¹⁾), the set (l _Root' ⁽⁺¹⁾← r _Root') and set (lv ' ⁽⁺¹⁾← rv ') directed graph H '.Directed graph H ' by be arranged in order in the increasing mode of the degree of comprising of subset be included in those set in the horizontal axis of the corresponding coordinate points of subset form with the directed edge of coordinate points on being connected horizontal axis.

Directed graph generating portion 110 comprise that the reference axis of the horizontal axis that each directed graph H ' is set arranges part 104, directed edge that the directed edge on the horizontal axis of each directed graph H ' is set arranges part 106 and arrange in addition from the corresponding directed graph H ' of different basic subtrees between the subtree of directed edge between directed edge part 108 is set.The parts of directed graph generating portion 110 are hereinafter described.

(reference axis arranges part 104)

Reference axis arrange part 104 arrange degree of comprising from left to right increasing mode arrange and be included in the set (l that is associated with the root node of the basic subtree of top layer _Root' → r _Root') in the first horizontal axis (for example, H ' among Figure 10 (a → h) reference axis) of the corresponding coordinate points of each subset.Further, reference axis arrange part 104 arrange degree of comprising from left to right increasing mode arrange be included in the set that is associated with the intermediate node v of the root node v of the basic subtree of other layer except top layer or each basic subtree (lv ' → rv ' ⁽¹⁾) in the first horizontal axis (for example, H ' among Figure 10 (reference axis of e → g), H ' (1 → 7), H ' (5 → 7) etc.) of the corresponding coordinate points of each subset.

Reference axis arrange part 104 further arrange with degree of comprising from right to left increasing mode arrange and be included in the set (l that is associated with the root node of the basic subtree of top layer _Root' ⁽⁺¹⁾← r _Root') in the second horizontal axis (for example, H ' among Figure 10 (b ← h) reference axis) of the corresponding coordinate points of each subset.Further, reference axis arrange part 104 arrange degree of comprising from right to left increasing mode arrange be included in the set that is associated with the intermediate node v of the root node v of the basic subtree of other layer except top layer or each basic subtree (lv ' ⁽⁺¹⁾The second horizontal axis of the coordinate points that each subset ← rv ') is corresponding (for example, H ' among Figure 10 (reference axis of b ← d), H ' (2 ← 8), H ' (2 ← 4) etc.).

As mentioned above, reference axis arranges part 104 and arranges and make up the reference axis that the corresponding directed graph H ' of each node of the basic subtree that part 102 disposes is set with tree structure.The first horizontal axis is reference axis to the right, and the second horizontal axis is reference axis left.Because the first and second horizontal axis are to arrange for the root node of each basic subtree and intermediate node v, so be provided with several reference axis.

Further, reference axis arranges part 104 two interim coordinate points also is set on the left end of each root and/or the right-hand member in the first and second horizontal axis in addition altogether at least.In this embodiment, for example, in addition respectively on the left side of the left end coordinate points of first and second each root of horizontal axis and the right side of right-hand member coordinate points an interim coordinate points is set.Under these circumstances, the interim coordinate points that is arranged on the first horizontal axis left end is used as starting point when directed edge is set, and the interim coordinate points that is arranged on the first horizontal axis right-hand member is used as terminal point when directed edge is set.On the other hand, the interim coordinate points that is arranged on the second horizontal axis left end is used as terminal point when directed edge is set, and the interim coordinate points that is arranged on the second horizontal axis right-hand member is used as starting point when directed edge is set.The technology that interim coordinate points is set is not limited to top example, for example, can at least two interim coordinate points be set at one of the left end of the first and second horizontal axis or right-hand member.

(directed edge arranges part 106)

Directed edge arranges part 106 to have in reference axis the function that the directed edge that forms directed graph I is set between the coordinate points that part 104 arranges is set.

Specifically, directed edge arranges part 106 given integer k (wherein, k|log (n at first is set ^1/y); So k is log (n ^1/y) approximate number), and calculate and to satisfy n ^(x-1)/k*y＜(rv '-lv '+1)≤n ^X/k*yInteger x.

Further, for the directed graph I with above-mentioned first horizontal axis, directed edge arranges part 106 repeatedly to carry out beginning to extend to the n of being separated by from the interim coordinate points (starting point) of every the first horizontal axis left end ^{I/ (k*y)}(the setting of the directed edge to the right of the coordinate points of i=0～x-1).Further, for the directed graph I with above-mentioned second horizontal axis, directed edge arranges part 106 repeatedly to carry out beginning to extend to the n of being separated by from the interim coordinate points of every the second horizontal axis right-hand member ^{I/ (k*y)}(the setting of the directed edge left of the coordinate points of i=0～x-1).

Then, for the first and second horizontal axis, directed edge arranges part 106 and gets rid of afterbodys or head and be positioned at all directed edges on the interim coordinate points on reference axis left end and the right-hand member at each.Further, directed edge arranges other directed edge of getting rid of the directed edge of each coordinate points of part 106 on arriving the first and second horizontal axis except the longest directed edge.Like this, directed edge arranges part 106 and just is provided with many directed edges as the chain of connection coordinate point in the every horizontal axis of each the directed graph I that is associated with root node and the intermediate node v of each basic subtree.

Except the quantity of leaf node is n ^1/yOutside, it is basically identical with the technology that generates directed graph H according to aforesaid basic fundamental with the technology that directed edge arranges part 106 generation directed graph I that the above arranges part 104 by the reference axis according to this embodiment.A special case is hereinafter described.As an example of the technology that generates directed graph I, the directed graph I (l that is associated with the root node (root node of whole tree BT) of the basic subtree of as shown in Figure 9 top layer will be described hereinafter _Root' → r _Root')=the directed graph I (example of a → h).

The same with aforesaid basic fundamental, by create with set (lv ' → rv ' ⁽¹⁾) (a → g) then adds after this directed edge E ([a, g], [a, h]) and creates directed graph I as the figure to the right that is associated with root node (a → h) for corresponding directed graph I.Therefore, at first following establishment directed graph I (a → h).

(S10) at first, by reference axis part 104 is set configuration directed graph I (the first horizontal axis of a → g) is set.On the first horizontal axis, will (the subset Si of the element of a → g) be designated as coordinate points as set.With degree of comprising from left to right increasing mode arrange the subset Si that forms coordinate points.For example, directed graph I (a → h)=H ([a, a], [a, b] ..., [a, g] }) in, reference axis contain begin from the left side successively specified subset [a, a], [a, b] ..., seven coordinate points of [a, g].After this, the left side that reference axis arranges part 104 the most left coordinate points on reference axis arranges the interim coordinate points that is used as starting point, so that as starting point, and the right side of the rightest coordinate points arranges the interim coordinate points that is used as terminal point on reference axis, so that as terminal point.In the reference axis that arranges like this, the length L v from the interim coordinate points (starting point) of left end to the interim coordinate points (terminal point) of right-hand member is Lv=rv '-lv '+1=h-a+1=8.

(S20) by directed edge part 106 being set arranges and forms the directed graph I (directed edge of a → g).

(S20-1) n is satisfied in calculating ^(x-1)/k*y＜(h-a+1)≤n ^X/k*yInteger x.Integer x satisfies 1≤x≤k.

(S20-2) carry out following operation by changing from 0 to x-1 counting i.Since the starting point of the first horizontal axis left end (interim coordinate points), repeat setting and extend to and this coordinate points n of being separated by ^{I/ (k*y)}(directed edge to the right of the coordinate points of i=0～x-1) (jumps to and this coordinate points n of being separated by ^{I/ (k*y)}Coordinate points), until the head of directed edge arrives the terminal point (interim coordinate points) of horizontal axis right-hand member, or the head overstep of end point of the next directed edge that arranges.

(S30) deletion afterbody or head all directed edges on the interim coordinate points on the first horizontal axis two ends.

(S40) if there are many directed edges that arrive certain coordinate points, then only stay the longest directed edge, and deletion all other directed edges except the longest directed edge.

If the step (S10)～(S40) above having carried out, then directed graph H (a → g) just finished.(among a → g), finish directed graph H (a → h) by directed edge E ([a, g], [a, h]) being added directed graph H.For example, with reference to figure directed graph H (a → h) as shown in figure 10, arrange and subset [a, a] (shown in square frame " a "), subset [a, b] (shown in square frame " b ") ..., the corresponding coordinate points of subset [a, h] (shown in square frame " h ") and the straight line directed edge that is connected those coordinate points or the crooked directed edge of arch.Although be not represented for clarity horizontal axis in Figure 10, horizontal axis is comprised of one group of intersection point between the end points of coordinate points and directed edge.Further, (described hollow arrow to the right above a → h), the direction of its indication directed edge at directed graph I.Specifically, its indication forms directed graph H (all directed edges of a → h) all to the right.Therefore, at directed graph H (among a → h), from subset [a, a] coordinate points a begin to arrange and arrive subset [a, b] one of coordinate points b directed edge to the right, arrive subset [a and begin to arrange from the coordinate points b of subset [a, b], c] coordinate points c and two of the coordinate points d of subset [a, d] directed edges to the right.

So that (mode that a → g) is identical generates the directed graph I (l that is associated with the root node of the basic subtree of top layer with directed graph H _Root' ⁽⁺¹⁾← r _Root') and the directed graph I that is associated with the intermediate node of the root node of other basic subtree or basic subtree (lv ' → rv ' ⁽¹⁾) and directed graph I (lv ' ⁽⁺¹⁾← rv ').Note, when arrange directed graph I (lv ' → rv ' ⁽¹⁾) and directed graph I (lv ' ⁽⁺¹⁾During ← rv ') reference axis, on the second horizontal axis with degree of comprising from right to left increasing mode arrange subset Si so that the direction that makes directed edge is left.

So just generated directed graph I.Figure 10 represents the aggregation system ψ as shown in Figure 9 that uses directed graph I.Figure 10 shows the situation of y=2 and k=3.

((b ← h) is the directed graph I that is associated with the root node of the basic subtree of top layer to directed graph I as shown in figure 10 for a → h) and I.Further, directed graph I (b ← d) and I (e → g) is the directed graph I that is associated with the upper strata intermediate node of the basic subtree of top layer, and directed graph I ((((g → g) is the directed graph I that is associated with lower floor's intermediate node of the basic subtree of top layer for f ← f) and I for c → c), I for b ← b), I.

Further, directed graph I (1 → 7) and I (2 ← 8), directed graph I (9 → 15) and I (10 ← 16) ... and directed graph I (57 → 63) and I (58 ← 64) are the directed graph I that is associated with the root node v of eight basic subtrees of lower floor respectively.Directed graph I (2 ← 4), I (5 → 7) ..., I (58 ← 60), I (61 → 63) they are the directed graph I that is associated with the upper strata intermediate node v of eight basic subtrees of lower floor respectively.Further, with directed graph I (2 ← 2), the I (3 → 3) of a coordinate points (bullet) indication ..., I (62 ← 62), I (63 → 63) they are the directed graph I that is associated with the intermediate node v of lower floor of eight basic subtrees of lower floor respectively.

As shown in figure 10, by whole tree BT being divided and separating into a plurality of basic subtrees and generate corresponding with it directed graph I, the length of each directed graph I can be shortened, and quantity and the length (number of times of jump and distance) of directed edge among each directed graph I can be reduced and shorten.Thereby, can reduce the quantity of the key that terminal unit 20 will preserve and the amount of calculation of terminal unit 20.

(directed edge arranges part 108 between subtree)

Between subtree as shown in Figure 8 directed edge arrange part 108 also in the whole tree of layering BT, arrange in addition from the directed graph I corresponding with the basic subtree of lower floor to the directed edge of the corresponding directed graph I of the basic subtree on upper strata.Specifically, directed edge (for example arranges first coordinate points of part 108 settings from the directed graph I corresponding with the basic subtree of lower floor between subtree, the subset [1 of directed graph I (1 → 7) among Figure 11,7] coordinate points) the second coordinate points in the directed graph I corresponding with the basic subtree on upper strata (for example, the directed edge of directed graph I among Figure 11 (coordinate points of the subset [a, a] of a → h)).The subset (for example, [a, a]) that is represented by the second coordinate points comprises the subset corresponding with the first coordinate points (for example, [1,7]).

Figure 11 show the mode that has inclusion relation with subset Si from the corresponding directed graph I of different basic subtrees between directed graph I in the situation of directed edge is set.

As shown in Figure 10 and Figure 11, with square frame " a " indication the second coordinate points subset [a, a]=1,2 ..., and 8} comprise

subset

1,2 ..., 7} that is to say, subset [a, a] is the superset of subset [1,7].Therefore, between subtree directed edge arrange part 108 also arrange in addition from directed graph I (1 → 7) subset [1,7] corresponding coordinate points (the first coordinate points) to the directed graph I (directed edge of the coordinate points (the second coordinate points) that the subset [a, a] among a → h) is corresponding.

Equally, between subtree directed edge arrange part 108 also arrange in addition from directed graph I (58 ← 64) subset [64,58] corresponding coordinate points (the first coordinate points) to the directed graph I (directed edge of the coordinate points (the second coordinate points) that the subset [h, h] among the b ← h) is corresponding.Further, between subtree directed edge arrange part 108 also arrange in addition from directed graph I (26 ← 32) subset [32,26] corresponding coordinate points (the first coordinate points) to the directed graph I (subset [d among the b ← d), d] directed edge of corresponding coordinate points (the second coordinate points), and also arrange in addition from directed graph I (33 → 39) subset [33,39] corresponding coordinate points (the first coordinate points) to the directed graph I (directed edge of the coordinate points (the second coordinate points) that the subset [e, e] among the e → g) is corresponding.Further, between subtree directed edge arrange part 108 also arrange in addition from directed graph I (10 ← 16), I (17 → 23), I (42 ← 48), subset [16 among the I (49 → 55), 10], [17,23], [48,42], [49,55] corresponding coordinate points (the first coordinate points) to comprise above the directed graph I (10 ← 16) of subset, I (17 → 23), I (42 ← 48), subset [b among the I (49 → 55), b], [c, c], [f, f], the directed edge of the coordinate points (the second coordinate points) that [g, g] is corresponding.Like this, by directed edge is set in addition, can further reduce the quantity of the intermediate key that terminal unit 20 will preserve between directed graph I.For example, by the subset [1 of other setting from directed graph I (1 → 7), 7] to the directed graph I (subset [a of a → h), a] directed edge, number is that 1～7 terminal unit 20 need not to preserve subset [a, a] etc. intermediate key, (for example, intermediate key t ([1 for the intermediate key that can self preserve by input, 7])), derive eight subsets [a, a], [a, b] ..., [a, h] intermediate key t ([a, a]), t ([a, b]) ..., t ([a, h]).Thereby reduced the quantity of the intermediate key t (S) of those terminal units 20 preservations.Be added in the quantity that directed edge between other basic subtree also helps to reduce the intermediate key t (S) that terminal unit 20 preserves.

The parts of the key formation logic structure piece in the key distribution server 10 have above been described.With reference to Fig. 8, except the key formation logic made up piece, key distribution server 10 comprised that further comprising the key that initial intermediate key arranges part 112 and key generating portion 114 generates piece, encryption section 116, translator unit 118 and subset determining section 120.

(initial intermediate key arranges part 112)

Initial intermediate key arranges part 112 for each directed graph I corresponding with each node of basic subtree, generates the intermediate key corresponding with the initial coordinate point of directed graph I.In containing the directed graph I of the first horizontal axis to the right the initial coordinate point be positioned at left end coordinate points (for example, subset [1 among the directed graph I (1 → 7), 1] coordinate points), and in containing the directed graph I of the second horizontal axis left it be positioned at right-hand member coordinate points (for example, the coordinate points of subset [64,64] among the directed graph I (58 ← 64)).Initial intermediate key is the intermediate key t (S) of initial coordinate point.If obtain initial intermediate key, can use, for example, pseudorandom number generator PRSG derives the intermediate key that is included in other coordinate points among the directed graph I successively according to the directed graph I corresponding with initial intermediate key.Initial intermediate key arranges part 112 and can use pseudorandom number generator PRSG generation random number and random number is arranged to intermediate key, maybe given numerical value can be arranged to intermediate key.

(key generating portion 114)

Key generating portion 114 generates the set key k (Si) of encrypted content key according to the directed graph I that above-mentioned directed graph generating portion 110 generates for every subset Si corresponding with the coordinate points among the directed graph I.Specifically, when the intermediate key t (S0) of the input subset S corresponding with certain coordinate points among the directed graph I, the set key k (S0) that 114 outputs of key generating portion are corresponding with subset S0 and with afterbody the directed edge on the coordinate points S on corresponding subset S1, the S2 of coordinate points ..., intermediate key t (S1), the t (S2) of Sk ..., t (Sk).Therefore, for certain the bar directed edge that forms directed graph I, in case input the given intermediate key t (S0) corresponding with the afterbody indication coordinate points of directed edge, key generating portion 114 just the output set key k (S0) corresponding with the coordinate points of the afterbody indication of this directed edge and with from the afterbody extension of this directed edge all at least corresponding intermediate key t (S1), the t (S2) of the head of k bar directed edge ..., t (Sk).

For example, key generating portion 114 is by forming according to the pseudorandom number generator (PRSG) of basic fundamental and the control section of control PRSG.As the PRSG of key generating portion 114, for example, can use λ position of response to input and export (k+1) λ position and export, in order to generate the above-mentioned PRSG of set key k (Si).When the input intermediate key t (S0) corresponding with certain coordinate points (subset S0), PRSG output and afterbody the directed edge on certain coordinate points on coordinate points (subset S1, S2 ..., Sk) corresponding intermediate key t (S1), t (S2) ..., the set key k (S0) of t (Sk) and subset S0.Therefore, t (S1) || ... || t (Sk) || k (S0) ← PRSG (t (S0)).By the output of PRSG being delimited into each from λ of left side position, obtain intermediate key t (S1), t (S2) ..., t (Sk) and gather key k (S0).

(encryption section 116)

Encryption section 116 uses set key k (Si) to encrypt the content key mek that is used for encrypted content.Although the quantity of content key mek is one, the quantity of set key k (Si) is identical with the quantity of the subset Si that consists of aggregation system ψ.Encryption section 116 uses the corresponding set secret key encryption content key of subset of selecting with following subset determining section 120 from all subsets that consist of aggregation system ψ.Therefore, encryption section 116 generates the encrypted content key mek corresponding with each set key k (Si).Therefore, if the quantity of selected subset is m, generate m encrypted content key mek.Alternately, encryption section 116 can encrypted content.For example, encryption section 116 can use content key mek encrypted content, maybe can use each set key k (Si) encrypted content.Using the configuration of set key k (Si) encrypted content is the alternative example of this embodiment.

(translator unit 118)

Translator unit 118 sends various types of information to each terminal unit 20 by network 5.For example, translator unit 118 uses the content key mek of each set key k (Si) encryption to send all terminal units 20 that are associated with leaf node 1～n of whole tree BT to encryption section 116.Alternately, translator unit 118 can will use the content of each set key k (Si) encryption, rather than encrypted content key mek sends terminal unit 20 to.

Further, translator unit 118 is distributed to each terminal unit 20 with intermediate key t (S0) when setting up.For example, translator unit 118 can be distributed to each terminal unit 20 with the intermediate key t (Si) of the subset Si under the terminal unit 20 with reference to directed graph I.At this moment, translator unit 118 can be distributed minimum necessity intermediate key t, so that each terminal unit 20 can be derived the intermediate key of all the subset Si under it.Specifically, translator unit 118 can extract the subset Si under the terminal unit 20 from the subset that consists of aggregation system ψ, from the coordinate points of the directed graph I corresponding with extracting subset Si, select such coordinate points, be that terminal unit 20 is not included among the subset Sj corresponding with the afterbody of the directed edge that arrives this coordinate points, and intermediate key t (Sj) that only will be corresponding with selected coordinate points is distributed to terminal unit 20.But, if as the initial coordinate point of the subset Si under the terminal unit 20 of the distribution destination of intermediate key t (Si) corresponding to directed graph I, translator unit 118 can only will be put corresponding intermediate key t (Si) with initial coordinate and be distributed to distribution destination user.

Further, translator unit 118 with the information relevant with aggregation system ψ (for example can also rise, information about n, λ, k, y, PRSG etc.) be distributed to the effect of the directed graph distribution of information part of each terminal unit 20 with the information relevant with directed graph I (for example, a plurality of directed graph I of the generation such as directed graph generating portion 110).Specifically, in case input, for example, each intermediate key t (Si), translator unit 118 just can be according to directed graph I, the information that distribution is relevant with the key schedule (for example, key generator) of the PRSG of output given intermediate key t (Si) and set key k (Si).

That different communication channel of distributing contents can be used and be used for to the distribution of 118 couples of middle key t of translator unit (Si), carried out before distributing contents.For example, the intermediate key t of each terminal unit 20 (Si) can and be recorded on the recording medium from key distribution server 10 output, and the intermediate key t (Si) of each terminal unit 20 that reads from recording medium is recorded in each terminal unit 20 can make terminal unit 20 the manufacturing shop of terminal unit 20 time.

(subset determining section 120)

Subset determining section 120 determines to ban use of set key k (Si) decrypted content keys mek or content, the set (R) of the terminal unit 20 of getting rid of (hereinafter referred to as " getting rid of user's set (R) "), and user's set (R) is got rid of in deletion from the set (N) of all terminal units 20 of leaf node 1～n of being assigned to whole tree BT, thereby determines to allow to use the set (N R) (hereinafter referred to as " set of permitted user (N R) ") of the terminal unit 20 of gathering key k (Si) decrypted content keys mek or content.Further, subset determining section 120 determines to satisfy the set (N R) of permitted user={ S1 ∪ S2 ∪ ... the m of ∪ Sm} (m is natural number) subset S1～Sm is minimum value in order to make m.

Subset determining section 120 can be comprised of the permitted user set determining section of the set of determining permitted user (N R) and the permitted user subset determining section of one group of subset Si of determining to consist of the set (N R) of permitted user.Minimum by subset Si being specified to the value that makes m, can reduce intermediate key t (Sm) and the quantity of gathering key k (Sm) that will preserve and generate the required amount of calculation of those keys.

Subset determining section 120 with top mode determined to satisfy the set (N R) of permitted user=S1 ∪ S2 ∪ ... the subset of ∪ Sm} (S1, S2 ..., Sm) afterwards, translator unit 118 will identify the license terminal identification information of the terminal unit 20 that allows decrypted content keys mek etc. and send each terminal unit 20 to.For example, the subset that the license terminal identification information can be the information of the set (N R) of indication permitted user, information that user's set (R) is got rid of in indication, indication consists of the set (N R) of permitted user (S1, S2 ..., Sm) information, indication be used for of encrypted content key mek or the information of a more than set key k (Si) etc.According to the license terminal identification information, terminal unit 20 can judge whether it is excluded.

Further, encryption section 116 use the subset determined with subset determining section 120 (S1, S2 ..., Sm) corresponding set secret key encryption content key mek, and send encrypted content key mek to each terminal unit 20.

Configuration according to the key distribution server 10 of the preferred embodiment of the present invention has above been described.As mentioned above, the feature of this configuration mainly is the configuration that the key formation logic makes up piece.Especially, this embodiment has that directed edge arranges the feature that part 108 configurations contain the hierarchy of basic subtree between the subtree of the directed graph I that generate to determine the key formation logic.According to directed edge between the subtree of this embodiment part 108 is set and generates the quantity that can reduce the intermediate key t (Si) that each terminal unit 20 will preserve, but can not make each terminal unit 20 of user generate the key formation logic (directed graph) that the required amount of calculation of set key k (Si) increases.Therefore, can save each terminal unit 20 and preserve the required memory capacity of intermediate key t (Si), and reduce the distribution cost that intermediate key t (Si) is distributed to terminal unit 20.

The functional configuration of the parts of key distribution server 10 has above been described.Although come in this embodiment the parts of configuring cipher key Distributor 10 by the program that realizes surface function is installed in key distribution server 10, be not limited to such example, some or all of parts can be made of specialized hardware.Program can be stored in such as in the computer-readable storage medium of portable storage media and offer key distribution server 10, maybe can be sent to key distribution server 10 from external unit by the communication channel such as network 5.

[configuration of terminal unit 20]

Hereinafter with reference to the functional configuration of Fig. 8 description according to the terminal unit 20 of this embodiment.Fig. 8 is the calcspar that illustrates according to the functional configuration of the terminal unit 20 of this embodiment.

As shown in Figure 8, terminal unit 20 comprises receiving unit 124, judges part 126, key generating portion 128 and decryption portion 130.Terminal unit 20 is assigned to the some of leaf node 1～n on the whole tree bottom.

(receiving unit 124)

Receiving unit 124 receives various types of information that the translator unit 118 from be included in key distribution server 10 transmits by network 5.For example, receiving unit 124 receives the content of encrypting by content key mek or each set key k (Si) from key distribution server 10, content key mek by each set key k (Si) encryption, given one or a more than intermediate key t (Si), the information relevant with aggregation system ψ or directed graph I, above-mentioned license terminal identification information (for example, the information of the set (N R) of indication permitted user, indication consists of the subset (S1 of the set (N R) of permitted user, S2, ..., Sm) information etc.) etc.

Further, receiving unit 124 can be from a plurality of information sources collection information, and not only receive information from single information source.For example, receiving unit 124 can be from a plurality of information sources of connecting by network 5 wired or wirelessly (for example, key distribution server 10) or not pass through the middle obtaining information of information source (for example, the information medium as optical disc unit, disk cell and portable terminal unit) that network 5 ground directly or indirectly connect.Because receiving unit 124 certainly can be from another terminal unit 20 reception information, so can be configured to and belong to, for example, other terminal unit 20 of identical distribution destination group is shared the information of directed graph I.Under these circumstances, identical distribution destination group refer to authorize into from, for example, with one group of a plurality of terminal unit 20 of spectators user's group of the content of some corresponding same or a plurality of key distribution servers 10 distributions of leaf node 1～n of above-mentioned whole tree BT.As previously mentioned, can in advance intermediate key be offered terminal unit 20, and be preserved by terminal unit 20.

(judging part 126)

When receiving unit 124 receives license during terminal identification information, judge that part 126 judges according to the license terminal identification information that receives whether terminal unit 20 belongs to the some of subset S1 in the set (N R) that is included in permitted user～Sm.The license terminal identification information is the information of the information of the set (N R) of indication permitted user, the subset S1 that indication consists of set (N R)～Sm etc.According to result of determination, judge that part 26 further determines whether permission terminal unit 20 enabling decryption of encrypted contents.

Therefore, 20 of terminal units are preserved the intermediate key t (Si) of the generation set key k (Si) corresponding with the subset Si under it.Thereby, be necessary the information according to the subset S1 that consists of set (N R) from the information of the set of the indication permitted user of key distribution server 10 (N R) or indication～Sm, judge in advance whether subset Si under the terminal unit 20 are included among the subset S1 that consists of set (N R)～Sm.This judgement is made by judgement part 126.For example, except above-mentioned information, the information that receives from key distribution server 10 that is used for judging can also be one or the information of a more than set key k (Sj) that indication is used for encrypted content key mek.

License terminal identification information etc. is to distribute from key distribution server 10 simultaneously in advance or with content key mek, and received part 124 receives.If judging subset Si under the terminal unit 20 is not included among the subset S1 of the set that consists of permitted user (N R)～Sm, stop the decryption processing of content key mek, because can not carry out from the intermediate key t (Si) that terminal unit 20 is preserved, generating the processing of set key k (Si).On the contrary, be included among subset S1 under the terminal unit 20～Sm if judge subset Si under the terminal unit 20, the key generating portion 128 of terminal unit 20 is used PRSG to generate from the intermediate key t (Si) that self preserves to gather key k (Si).

(key generating portion 128)

The information of the directed graph I that key generating portion 128 bases receive from key distribution server 10 etc. generates the set key of deciphering encrypted content or content key mek.The information of the directed graph I that key generating portion 128 bases receive from key distribution server 10 etc. is the set key k (Si) that the every subset Si corresponding with the coordinate points in the directed graph I generates encrypted content key mek.Specifically, when the intermediate key t (S0) of the input subset S corresponding with certain coordinate points among the directed graph I, the set key k (S0) that 128 outputs of key generating portion are corresponding with subset S0 and with afterbody every directed edge on the coordinate points S on corresponding subset S1, the S2 of coordinate points ..., intermediate key t (S1), the t (S2) of Sk ..., t (Sk).Key generating portion 128 has the functional configuration identical with the key generating portion 114 of above-mentioned key distribution server 10 basically, therefore omits the detailed description to it.

(decryption portion 130)

Decryption portion 130 is used set key k (Si) decrypted content keys mek.Specifically, decryption portion 130 from the corresponding subset Si of set key k (Si) extract as an element and be included in wherein subset Sii and use set key k (Sii) the decrypted content keys mek corresponding with subset Sii.

The functional configuration of the parts of terminal unit 20 has above been described.Although come in this embodiment the parts of configurating terminal unit 20 by the program that realizes surface function is installed in terminal unit 20, be not limited to such example, some or all of parts can be made of specialized hardware.Program can be stored in such as in the computer-readable storage medium of portable storage media and offer terminal unit 20, maybe can be sent to terminal unit 20 from external unit by the communication channel such as network 5.

As mentioned above, the terminal unit 20 according to this embodiment can generate desired set key k (Si) according to the particular key formation logic (directed graph I) that the directed graph generating portion 110 that is included in the above-mentioned key distribution server 10 generates.Therefore, terminal unit 20 can be reduced to the set key k (Si) that generate to be used for decrypted content keys mek etc. and the quantity of the intermediate key t (Si) that preserves.Further, because because the layering result of above-mentioned whole tree BT is provided with the directed edge among the directed graph I effectively, so can reduce the amount of calculation that key generating portion 128 generates set key k (Si).

[operation of key distribution server 10 and terminal unit 20]

(distribution of intermediate key)

The operation that intermediate key is distributed to each user's terminal unit 20 from key distribution server 10 hereinafter will be described.As mentioned above, for the adding of dealing with neatly a large amount of eliminating users and permitted user/deletion, be necessary to derive with a plurality of intermediate key t (Si) that terminal unit 20 is included in the corresponding set key k (Si) of wherein all subset Si and offer each terminal unit 20.Certainly, should avoid providing and to derive the intermediate key t (Si) that is not included in the corresponding set key k (Si) of wherein subset Si with terminal unit 20, best, with regard to the efficient of terminal unit 20 memory capacity, make the intermediate key t minimum number of (Si) that provides.

Therefore, when the foundation according to key distribution system 100 is distributed to terminal unit 20 with intermediate key t (Si) from key distribution server 10, extract the subset Si contain under each terminal unit 20 as all directed graph I of element.Then, if terminal unit 20 is included among the subset Si corresponding with the initial coordinate point (root) of directed graph I, only will put corresponding intermediate key t (Si) with initial coordinate offers terminal unit 20.On the other hand, if terminal unit 20 belongs to the some of the subset Si corresponding with the coordinate points of the initial coordinate point that is different from directed graph I, find out such subset S0, be that terminal unit 20 is included among the subset S0, but be not included among the subset p arent (S0) as the father and mother of subset S0, and the intermediate key t (S0) of subset S0 is offered terminal unit 20.If there are a plurality of such subset S0, provide the intermediate key t (S0) of each subset.The set membership of subset Si determines that by directed edge the coordinate points of directed edge afterbody is as the father and mother of head coordinate points, and the coordinate points of directed edge head is as the children of afterbody coordinate points.Hereinafter, the coordinate points parent (S0) that arrives on the afterbody of directed edge of certain coordinate points S0 is called father's coordinate points.If certain coordinate points S0 is the starting point of directed graph H, then there is not father's coordinate points, and if not the starting point of directed graph H, then only has father's coordinate points.In some cases, in a directed graph H, may have a plurality of such coordinate points, namely user u is included in the corresponding with it subset, but user u is not included in the subset corresponding with its father's coordinate points.

Hereinafter specifically describe the distribution method of intermediate key with reference to the example of Figure 11.

(example 1) consideration is distributed to the intermediate key t (Si) of user 1 terminal unit 20.At first, contain subset Si under the user 1 as the result of the directed graph I of element as search, find directed graph I (1 → 7) and directed graph I (a → h).User 1 terminal unit 20 belongs to the subset [1,1] as the initial coordinate point of directed graph I (1 → 7).Therefore, intermediate key t ([1,1]) is offered user 1.

Although user 1 terminal unit 20 belongs to the directed graph I (subset [a of a → h), a], but (a → h) is provided with directed edge figure because from directed graph I (1 → 7) to directed graph I, if so preserved intermediate key t ([1,1]), user 1 terminal unit 20 can be derived intermediate key t ([a, a]) according to directed edge between directed graph I (1 → 7) and figure.Therefore, there is no need intermediate key t ([a, a]) is offered user 1 terminal unit 20.So the intermediate key that user 1 terminal unit 20 is preserved is intermediate key t ([1,1]).

The same with user 1 terminal unit 20, for directed graph I (1 → 7), with subset [1,7]=1,2 ..., the intermediate key that the intermediate key of 7} maybe can use PRSG to derive the intermediate key of subset [1,7] offers user 1～7 terminal unit 20.In this case, because as mentioned above, (a → h) is provided with directed edge figure from directed graph I (1 → 7) to directed graph I, so user 1～7 terminal unit 20 can be applied to PRSG and derive intermediate key t ([a, a]) by the intermediate key with subset [1,7], and further from middle key t ([a, a]) the middle intermediate key t ([a, *]) of derivation (noticing that * is the some of b～h).Therefore, there is no need that (a → intermediate key h) offers user 1～7 terminal unit 20 with directed graph I.

(example 2) followed, and consideration is distributed to the intermediate key of user 12 terminal unit 20.At first, contain subset Si under user 12 the terminal unit 20 as search as the result of the directed graph I of element, find directed graph I (a → h), I (b ← h), I (b ← d), I (b ← b), I (9 ← 15), I (10 ← 16) and I (10 ← 12).Observe directed graph H (10 → 16), user 12 terminal unit 20 does not belong to the subset [16,16] on the initial coordinate point, but belongs to the 5th and subset [16,12], [16,11], [16,10] on the coordinate points subsequently.In the middle of those coordinate points, do not comprise that on their father's coordinate points user 12 coordinate points only has [16,12] and [16,11].Specifically, user 12 is not included in the coordinate points [16,13] as the father's coordinate points parent ([16,12]) that comprises user 12 coordinate points [16,12] and [16,11] and parent ([16,11]).Therefore, t ([16,12]) and t ([16,11]) are offered user 12 as the intermediate key corresponding with directed graph H (10 ← 16).

Equally, (((b ← d), I (9 ← 15) and I (10 ← 12) select corresponding intermediate key, and provide it to user 12 for b ← h), I for a → h), I for other directed graph I.But, (b ← b) is provided with directed edge figure because from I (10 ← 16) to I, so user 12 terminal unit 20 can use top intermediate key t ([16,13]) derive intermediate key t ([b, b]), thereby there is no need intermediate key t ([b, b]) is offered user 12 terminal unit 20.Therefore, seven intermediate key offer user 12 altogether.

Below with reference to Figure 12 short summary once until intermediate key is distributed to the processing of each user's terminal unit.Figure 12 illustrates according to this embodiment, distributes the flow chart of the handling process of intermediate key in key distribution server 10 according to system made.

As shown in figure 12, the key distribution server 10 of key distribution system 100 at first arranges various parameter etc.For example, key distribution server 10 determines to be assigned to the parameter y, the Pseudo-Random Number of given parameters k, PRSG etc. of quantity of layering of figure place λ, the whole tree of indication BT of quantity n (user's quantity), set key and intermediate key of leaf node of the whole tree BT of terminal unit 20, and to all users' terminal unit 20 announce they (S202).Like this, except parameter n, λ, k and the PRSG algorithm announced in above-mentioned basic scheme, this embodiment also determines and has announced the parameter y of the quantity of the layering of indicating whole tree BT.

Then, the set that key distribution server 10 will be assigned to the terminal unit 20 of leaf node is divided into given subset Si, determines to use the also aggregation system ψ (referring to top expression formula (2)) of set representations, and announces aggregation system ψ (S204).

Then, key distribution server 10 generates above-mentioned a plurality of directed graph I, determines the structure T that the set by those directed graphs I forms, and announces the structure T (S206) of a plurality of directed graph I.Further, key distribution server 10 is determined the intermediate key (S208) corresponding with the every subset that consists of aggregation system ψ.After this, key distribution server 10 uses the PRSG of definite intermediate key and key generating portion 114 to derive the intermediate key corresponding with other coordinate points, and distribute the terminal unit 20 of necessary intermediate key to each user, in order to derive the set key (S210) corresponding with all subsets that comprise each terminal unit 20.Then, terminal unit 20 receives the information of relevant intermediate key etc. from key distribution server 10, and safely it is stored in the safe storage part 208.

The distribution method to middle key when setting up according to this embodiment has above been described.If the distribution method above using, the terminal unit of then distributing each permitted user generates minimum required intermediate key of set key, thereby can reduce the memory capacity of intermediate key in the traffic between key distribution server 10 and the terminal unit 20 and each user's the terminal unit 20.

(distribution of content key)

Hereinafter short summary is once according to the handling process of this embodiment distribution of encrypted content key mek in key distribution server 10.Because basically identical with content distribution method according to aforementioned basic fundamental according to the method for this embodiment distributing contents key, describe so refer back to Fig. 6.

As shown in Figure 6, in the distributing contents key, according to the key distribution server 10 of this embodiment at first determine to get rid of the user set (R) thus the user's that secures permission set (N R) (S112).Then, key distribution server 10 from the subset that consists of aggregation system ψ, selects to contain the union of (N R) m subset Si (i=1,2 ..., m), in order to make the value minimum (S114) of m.Then, key distribution server 10 uses m corresponding with selected subset Si respectively set key k (Si) encrypted content key mek (S116).Further, key distribution server 10 will be indicated the information of the set (N R) of permitted user or its subset Si and the terminal unit 20 (S118) that m encrypted content key mek is distributed to all users.

Encryption method and distribution method according to content key mek in the key distribution server 10 of this embodiment have above been described.If the encryption method above using just can be selected subset Si effectively, be that minimum necessity is individual in order to make the quantity of set key.Because from then on use minimum necessity (m) set secret key encryption content key mek, encrypt required amount of calculation so can save, and reduced the quantity of the encrypted content key that will distribute, thereby reduced the traffic.

(deciphering of content key)

Handling process according to this embodiment enabling decryption of encrypted content key in each user's terminal unit 20 is hereinafter described.Because basically identical with content key decryption method according to aforementioned basic fundamental according to the method for this embodiment decrypted content keys, describe so refer back to Fig. 7.

As shown in Figure 7, each user's terminal unit 20 at first from key distribution server 10 receive m encrypted content key mek and such as the information of the set of indication permitted user (N R) or indicate m subset Si (i=1,2 ..., m) the license terminal identification information (S120) of information.Then, terminal unit 20 is according to the subset Si (S122) of this license terminal identification information search under it, and judges whether it belongs to m subset Si some (step S124).

The result, if terminal unit 20 is found out the subset Si under it, it uses the PRSG of above-mentioned key generating portion 128 to derive the set key k (Si) corresponding with subset Si (S126) just according to intermediate key and the directed graph I of key distribution server 10 Provision in advances.The configuration of PRSG as hereinbefore.If intermediate key t (Si) that in advance will be corresponding with subset Si offers terminal unit 20 from key distribution server 10, and terminal unit 20 preserves it, and then it just can gather key k (Si) by using once PRSG to derive.On the other hand, if terminal unit 20 is not preserved intermediate key t (Si), it can derive desired set key k (Si) by repeatedly using PRSG.After this, terminal unit 20 uses set key k (Si) the enabling decryption of encrypted content key mek that derives like this, thereby can enabling decryption of encrypted content (S128).

On the other hand, if terminal unit 20 judges that in step S124 it does not belong to the some of subset Si, then terminal unit 20 shows and output: " it is excluded outside the terminal unit 20 that allows accessed content (namely; it is to get rid of the user) " (S130), and the decryption processing of end content key mek.

Because aforesaid content key decryption processing according to this embodiment is not only by separating into the directed edge that basic subtree has suitably disposed directed graph I with whole tree BT, and be provided with directed edge between figure, so compare with aforesaid basic fundamental, can in terminal unit 20, reduce the amount of calculation of using PRSG to obtain intermediate key and set key.

[advantage of the present invention]

Above-detailed according to the key distribution system 100 of this embodiment.In this embodiment, the aggregation system ψ that will be comprised of the subset of terminal unit 20 is altered to top expression formula (2) expression, thereby compares with aforesaid basic fundamental, has improved directed graph I.This embodiment will specify the whole large tree BT of all terminal units 20 to be divided into little basic subtree to it, in order to it is separated into the y layer, with the key deriving method that in each basic subtree, uses according to basic fundamental, and further from the corresponding subset of different basic subtrees between the directed edge of directed graph I is set, and use the key deriving method that uses pseudorandom number generator PRSG.

This configuration can reduce the quantity of the intermediate key that each user's terminal unit 20 will preserve, and reduces the amount of calculation of the required terminal unit 20 of key derivation.There is the location association of k*log (n) in the quantity of the intermediate key that terminal unit 20 will be preserved, and there is k*logn in the amount of calculation of the required terminal unit 20 of key derivation ^(1/k)) location association.Because this embodiment is by being divided into n with whole large tree BT ^(1/y)The little basic subtree of individual leaf node is come the ψ of configuration set system and directed graph I in order to reduce the quantity n of the leaf node of tree structure, so can reduce quantity and the required amount of calculation of key derivation of the key that terminal unit 20 will preserve.

Hereinafter with reference to Figure 13 according to the cipher key distribution scheme of aforementioned basic fundamental with the quantity of the intermediate key that comparison terminal unit 20 will be preserved between according to the cipher key distribution scheme of this embodiment.Figure 13 (A) is the form of the quantity (n=64 as shown in Figure 4 and the situation of k=6) that is illustrated in the intermediate key that will preserve according to each terminal unit in the cipher key distribution scheme of aforementioned basic fundamental, and Figure 13 (B) is the form of the quantity (situation of n=64 as shown in figure 11, y=2 and k=3) that is illustrated in the intermediate key that will preserve according to each terminal unit 20 in the cipher key distribution scheme of this embodiment.

As shown in figure 13, when relatively according to the cipher key distribution scheme of this embodiment with according to the cipher key distribution scheme of basic fundamental, although the quantity of intermediate key t is identical between two schemes in the terminal unit 20 of

user

1 and 64, namely, 1 and 2, but the quantity of key is less than in the cipher key distribution scheme according to basic fundamental in the cipher key distribution scheme according to this embodiment in other user's 2～63 terminal unit 20.Further, although the sum of the key that all terminal units 20 will be preserved in according to the cipher key distribution scheme of basic fundamental is 705, be 400 in the cipher key distribution scheme according to this embodiment.Further, although the average cipher key number of each terminal unit 20 is about 11.02 in according to the cipher key distribution scheme of basic fundamental, be 6.25 in the cipher key distribution scheme according to this embodiment.Like this, cipher key distribution scheme according to this embodiment is compared with the cipher key distribution scheme according to basic fundamental, the quantity of key can be reduced to about 56.7%, the quantity of the key that each terminal unit 20 will preserve significantly be reduced, and alleviated the storage burden of terminal unit 20.

Then, the amount of calculation of the required terminal unit 20 of decrypted content keys mek in terminal unit 20 is done following research.The worst-case value of amount of calculation is used in the directed graph from initial coordinate point (root) to farthest quantity (that is the number of skips when, the directed edge being set) expression of the directed edge of last coordinate points (leaf of directed edge).In the cipher key distribution scheme according to basic fundamental shown in the example of Fig. 4, for the initial coordinate point [1,1] from directed graph H (1 → 64) arrives last coordinate points [1,64], be necessary to pass 11 directed edges (carrying out 11 times jumps), this means operation PRSG nearly 11 times.

On the other hand, in the cipher key distribution scheme according to this embodiment shown in the example of Figure 11, at directed graph H (1 → 7) and H (among a → h) from initial coordinate point [1,1] to last coordinate points [1, h] farthest, and the quantity of required directed edge (that is, number of skips) is 10, less than according to 11 in the cipher key distribution scheme of basic fundamental.Like this, compare with the cipher key distribution scheme according to basic fundamental according to the cipher key distribution scheme of this embodiment, can reduce the amount of calculation in each required terminal unit 20 of deciphering isochronograoph calculation key.

In the cipher key distribution scheme according to basic fundamental, if make the value of parameter k less, can reduce the quantity of the key that each terminal unit 20 will preserve, because in Fig. 4, deleted long directed edge (long distance is jumped), and only keep short directed edge (short distance jump); But this has caused the problem that the amount of calculation the terminal unit 20 of the quantity representative from the initial coordinate point to the directed edge of last coordinate points among each directed graph H increases.

As mentioned above, in the cipher key distribution scheme according to this embodiment, even the quantity of terminal unit 20 (recipient) is very large, the amount of calculation in the time of also can reducing the quantity of the key that terminal unit 20 will preserve and use the encryption key deciphering in the required terminal unit.

[application of encryption key distribution system 100]

The application of above-mentioned encryption key distribution system 100 is hereinafter described.

(using 1)

At first, as using 1, figure 14 illustrates the configuration of broadcast encryption system 300.

Figure 14 is the calcspar that the configuration of the broadcast encryption system that uses broadcasting satellite is shown.In broadcast encryption system 300, by broadcast channel enciphered data (so-called ciphertext) is sent to receiver 310.Broadcast channel in the broadcast encryption system 300 is, for example, and the satellite broadcasting distribution channels.The data that transmit as ciphertext are to comprise, for example, and the content of encryption key, voice data, video data, text data etc.Broadcasting trust centre 304 in the satellite television broadcasting radio station 302 is sent to broadcasting satellite 306 with data.Broadcasting trust centre 304 selects to be used for key or the encryption of control example such as data and the distribution of data of encryption.Broadcasting satellite 306 broadcast datas.The receiver 310 that is installed in the dwelling house 308 comprises for example satellite broadcast reception converter, and receives the data of broadcasting.A plurality of other receivers 310 also can receive the data of broadcasting.Like this, broadcasting trust centre 304 can send data to each receiver 310 in the receiver group that is comprised of receiver 310.As described later, broadcasting trust centre 304 is to only have the mode broadcast encryption data of authorizing receiver 310 could decipher broadcast data.Although Figure 14 shows the broadcast system that uses broadcasting satellite 306, also can use other broadcast channel, such as closed-circuit television and computer network.

Configuration as the broadcast encryption system 300 of a kind of application of encryption key distribution system 100 has above been described.Following short summary once with the relation of encryption key distribution system 100, broadcasting trust centre 304 is corresponding to key distribution server 10 (according to information process unit of the present invention), and receiver 310 is corresponding to terminal unit 20 (according to terminal unit of the present invention).Broadcasting satellite 306 is as the medium of the network that connects them.

(using 2)

Then, as using 2, figure 15 illustrates the configuration of broadcast encryption system 400.

Figure 15 is the calcspar of configuration that the broadcast encryption system 400 of usage data media is shown.In broadcast encryption system 400, broadcast channel is the distribution of data storage medium.Broadcasting trust centre 404 in the media manufacturer 402 such as read-only medium (for example stores data in, CD-ROM, DVD-ROM etc.) and can rewrite in every event data media of medium 406 of medium (for example, CD-RW, DVD-RW etc.) and so on.In read-only medium, broadcasting trust centre 404 recording of encrypted content key and encrypted contents are in order to only have authorized user ability data decryption and access encrypted content (for example, sound, video, text etc.).On the other hand, can rewrite in the medium, broadcasting trust centre 404 recording of encrypted content keys are in order to only have the authority record unit could be with respective data record in recording medium.Media manufacturer 402 is sent to distribution agent such as retail shop etc. with medium 406.Distribution agent 408 offers receiver 414 in the dwelling house 412 with medium 410.For example, distribution agent 408 is sold to the someone with medium 410, and this people takes medium 410 in the dwelling house 412, and medium 410 is inserted in the receiver 414.For example, receiver 414 can be such as CD Player, DVD player and computer, reads and play the unit that is recorded in the data in the medium 410.As another special case, receiver 414 can be the dish unit that can record data to medium 410 neutralizations reading out data from medium 410, such as the DVD-RW driver.Broadcasting trust centre 404 is to only have the mode enciphered data of authorizing receiver 414 ability decrypt encrypted data.

Configuration as the broadcast encryption system 400 of a kind of application of encryption key distribution system 100 has above been described.Following short summary once with the relation of encryption key distribution system 100, broadcasting trust centre 404 is corresponding to key distribution server 10 (according to information process unit of the present invention), and receiver 414 is corresponding to terminal unit 20 (according to terminal unit of the present invention).Further, replace the network that connects them, exist the medium 406 and 410 of being distributed by distribution agent 408 as medium.

Although the above describes the preferred embodiments of the present invention with reference to the accompanying drawings, the present invention is not limited to this certainly.For the person of ordinary skill of the art, apparent, make various changes and modification with can not departing from claims scope, therefore, this means that these changes and modification are also contained within the technical scope of the present invention.

For example, arrange at above-mentioned tree structure and to have supposed branch more and more wider tree structure from the top to the bottom in the part 102, but be not limited to this, tree structure can be such, be branch along any direction, for example, from bottom to top, more and more wider from the left side to the right side and from the right side to the left side.Under these circumstances, be necessary to change the definition of the subset that is associated with each intermediate node in order to adapt to it.But this change is to rotate simply by above-mentioned tree structure the tree structure that part 102 arranges is set, and under any circumstance all means identical.Further, although above-mentioned directed edge arranges between part 106 and subtree directed edge and part 108 is set by arranging from left to right or reference axis from right to left makes up directed graph I ' and I, the direction of reference axis can be on the contrary or change over non-horizontal direction, such as any direction of vertical direction.Therefore, although in the superincumbent description for convenience's sake according to vertical direction or horizontal direction defined parameters, but the general knowledge according to common people or those of ordinary skills, even with tree structure or directed graph rotation or reverse, changed vertical and horizontal relationship, also meaned to be included within the constructed scope.

Further, although in the above-described embodiments, as shown in Figure 9, the whole tree BT of the quantity n=64 of leaf node is separated into y=2 layer, but the present invention is not limited to this, the parameter y of the indication layering number of plies can be arranged to any natural number, and whole tree can be separated into three layers or more multi-layered.For example, the whole tree BT of n=64 can be divided into and highly be 2 and contain the basic subtree of four leaf nodes, in order to it is separated into y=3 layer.Under these circumstances, can dispose by this way tree structure, namely, whole tree BT is divided into four basic subtrees in a basic subtree, intermediate layer of top layer and 16 basic subtrees of bottom, make the root node of basic subtree in intermediate layer consistent with the leaf node of the basic subtree of top layer, consistent with the leaf node of the basic subtree in intermediate layer with the root node of the basic subtree that makes bottom.

Further, by directed edge between subtree the example that technology that part 108 is arranged on the directed edge that arranges between the directed graph I of different basic subtrees is not limited to Figure 11 is set, it all is feasible that various designs change.Although with regard to the quantity that reduces key, the directed edge that is arranged in such a way between the subtree is preferred, namely, the subset of the directed graph in the basic subtree of lower floor is included in the subset of the directed graph I in the basic subtree on upper strata, but be not limited to this, can directed edge irrespectively be set with inclusion relation.

The＜the second embodiment 〉

Encryption key distribution scheme according to second embodiment of the invention is hereinafter described.Contain the directed graph of longer directed edge according to the encryption key distribution scheme of this embodiment by generation, can reduce amount of calculation required in the terminal unit 20.Hereinafter, key distribution server 10 and the functional configuration of terminal unit 20 and the feature and advantage of this encryption key distribution scheme that realize according to the encryption key distribution scheme of this embodiment will be described in detail.

[configuration of key distribution server 10]

At first, hereinafter with reference to the configuration of Figure 16 detailed description according to the key distribution server 10 of this embodiment.Figure 16 is the calcspar that illustrates according to the configuration of the key distribution server 10 of this embodiment and terminal unit 20.

As shown in figure 16, key distribution server 10 comprises that tree structure arranges part 154, reference axis and part 156, directed graph generating portion 160, initial intermediate key is set part 162, key generating portion 164, encryption section 166, translator unit 168 and subset determining section 170 are set.Especially, tree structure arranges part 154, part 156 is set reference axis and directed graph generating portion 160 is referred to as key formation logic structure piece.Equally, initial intermediate key arranges part 162 and key generating portion 164 and is referred to as key and generates piece.

(tree structure arranges part 154)

Tree structure arranges the binary tree that part 154 configuration is comprised of n leaf node, root node and a plurality of intermediate key t (S0) different from root node and leaf node of assigned number 1～n (n is natural number), and in the middle of a plurality of leaf nodes in the lower floor that is positioned at certain intermediate node v or root node v, the number that will be positioned at the leaf node of left end is arranged to lv, and the number that will be positioned at the leaf node of right-hand member is arranged to rv.Further, tree structure arrange part 154 will gather (1 → n) and the set (2 ← n) are assigned to root node, if certain intermediate node v is positioned at its father node left side, to gather then that (lv+1 ← rv) is assigned to this intermediate node, if and intermediate node v is positioned at its father node right side, will gather then that (lv → rv-1) is assigned to this intermediate node.

As mentioned above, tree structure arranges part 154 and has the configuration that can make up m layer tree structure, for example, supposes the situation (binary tree) of m=2, it can make up with according to the identical tree structure of the binary tree structure of basic scheme (Fig. 3).Therefore, the implication with each node of the binary tree structure that makes up according to aforementioned basic scheme is identical basically by tree structure the implication of each node of the tree structure that part 154 makes up to be set.Although for convenience of description, binary tree structure is hereinafter only described, be not limited to this.

(reference axis arranges part 156)

Reference axis arrange part 156 be arranged on the horizontal axis with degree of comprising from left to right increasing mode arrange and be included in set (first horizontal axis corresponding with root node of the coordinate points that the subset in 1 → n) is associated.Then, reference axis arrange part 156 be arranged on the horizontal axis with degree of comprising from right to left increasing mode arrange and be included in set (second horizontal axis corresponding with root node of the coordinate points that the subset in 2 ← n) is associated.Then, for each intermediate node, reference axis arrange part 156 be arranged on the horizontal axis with degree of comprising from left to right increasing mode arrange and be included in set (three horizontal axis corresponding with certain intermediate node v of the coordinate points that the subset among the lv → rv-1) is associated.Further, reference axis arrange part 156 be arranged on the horizontal axis with degree of comprising from right to left increasing mode arrange and be included in set (four horizontal axis corresponding with certain intermediate node v of the coordinate points that the subset among the lv+1 ← rv) is associated.After this, reference axis arranges part 156 and places each on the right side of the coordinate points that is positioned at the 3rd horizontal axis right-hand member and be positioned at two interim coordinate points on the left side of coordinate points of the second and the 4th horizontal axis left end, the coordinate points that will be positioned at the first horizontal axis right-hand member is arranged to the first interim coordinate points, and the second interim coordinate points is placed on the right of the first interim coordinate points.

As mentioned above, reference axis arranges part 156 and arranges and make up the reference axis that the corresponding directed graph H of each node of the tree structure that part 154 disposes is set with tree structure.The first horizontal axis indication with gather (1 → n) corresponding reference axis, the second horizontal axis indication with gather (2 ← n) corresponding reference axis, the 3rd horizontal axis indication and set (reference axis that lv → rv-1) is corresponding, with the indication of the 4th horizontal axis with gather (the reference axis that lv+1 ← rv) is corresponding.Because the 3rd horizontal axis and the 4th horizontal axis arrange for each intermediate node v, so be provided with respectively several reference axis.Specifically, be provided with quantity three horizontal axis and four horizontal axis identical with the quantity of intermediate node.

(directed graph generating portion 160)

Directed graph generating portion 160 arranges given integer k and n is satisfied in calculating ^(x-1)/k＜(rv-lv+1)≤n ^X/kInteger x.Then, among integer i=0～x-1 each, directed graph generating portion 160 is n by coupling length ^I/kOne or more directed edge to the right, form the directed walk of afterbody on the most left coordinate points on the first and the 3rd horizontal axis, and be n by coupling length further ^I/kOne or more directed edge left, form the directed walk of afterbody on the rightest coordinate points on the second and the 4th horizontal axis.Then, for each root of the first to the 4th horizontal axis, directed graph generating portion 160 is got rid of afterbody or head all directed edges on each interim coordinate points.Further, get rid of other directed edge except the longest directed edge the directed edge of each coordinate points of directed graph generating portion 160 on arriving the first to the 4th horizontal axis, thus generate respectively with set (1 → n-1), set (2 ← n), set (lv+1 → rv) the and gather (directed graph that lv ← rv-1) is relevant.After this, directed graph generating portion 160 is that 1 directed edge adds with set and (in 1 → n-1) the relevant directed graph, thereby generates and gather (1 → n) relevant directed graph with the length on the first interim coordinate points of head on the first horizontal axis.

As mentioned above, directed graph generating portion 160 is by generating directed graph with the similar method of basic scheme.But, to compare with the directed graph of basic scheme, directed graph generating portion 160 can generate the directed graph that is comprised of longer directed edge.As described later, this has reduced each user derives the required amount of calculation of set key.Hereinafter describe the handling process of the processing of being undertaken by directed graph generating portion 160 in detail with reference to Figure 17.Figure 17 illustrates the flow chart that directed graph generating portion 160 generates the handling process of directed graph.

With reference to Figure 17, directed graph generating portion 160 generates directed graph by step as described below.Hereinafter describe to generate by illustration and gather (the corresponding directed graph I of lv+1 → the rv) (method of lv+1 → rv).

(step 1; S140) directed graph generating portion 160 by with degree of comprising from left to right increasing mode arrange them and will be included in set (subset among the lv+1 → rv) is placed on the horizontal linear (horizontal axis).Speak by the book, directed graph generating portion 160 will as set (lv+1 → rv) subset of element is assigned to each coordinate points on the horizontal axis, and with the degree of comprising of specified subset towards the right side increasing mode place coordinate points.Then, directed graph obtains two interim coordinate points of right side placement of part 160 the rightest coordinate points on horizontal axis.Lv=rv-lv+1 from the most left coordinate points to the length L v of right interim coordinate points on the reference axis.At this moment, directed graph generating portion 160 is calculated and is satisfied n ^(x-1)/k＜Lv≤n ^X/kInteger x (1≤x≤k).

(step 2; S142) directed graph generating portion 160 is arranged to counting with integer value i, and makes counting i change to x-1 ground from 0 and carry out following operation.From the starting point of horizontal axis left end, directed graph generating portion 160 repeats to arrange and extends to and this coordinate points n of being separated by ^I/kThe directed edge to the right of coordinate points (jump to and this coordinate points n of being separated by ^I/kCoordinate points), until the head of directed edge arrives the interim coordinate points in horizontal axis right-hand member or its left side, or the head of the next directed edge that arranges surpasses till interim coordinate points some.

(step 3; S144) directed graph generating portion 160 deletion from the directed edge that top (step 2) creates arrives all directed edges of interim coordinate points.

(step 4; S146) if there are many directed edges that arrive certain coordinate points, directed graph generating portion 160 deletions all other directed edges except the longest directed edge.

By top process, directed graph generating portion 160 can generate the directed graph that is comprised of the long directed edge of comparing with basic scheme.Further, for all intermediate nodes and the root node that consist of tree structure, directed graph generating portion 160 is by (method of lv → rv-1) identical generates directed graph with top directed graph I.For example, directed graph generating portion 160 generates the directed graph I corresponding with certain intermediate node v (lv+1 ← rv), and the further generation directed graph I corresponding with root node (1 → n) and I (2 ← n).((2 ← n) is to form in the horizontal axis of arranging coordinate points towards " left-hand " increasing mode with the degree of comprising that is included in the subset among each figure to directed graph I for lv+1 ← rv) and I.Therefore, opposite by the coordinate points queueing discipline on the horizontal axis of top (step 1) setting.Further, ((two interim coordinate points of 2 ← n) are placed on the left side of coordinate points the most left on the horizontal axis for lv+1 ← rv) and I to form directed graph I.(generate directed graph I (1 → n) in 1 → n-1) by directed edge E ([1, n-1], [1, n]) being added directed graph I.

By using above-mentioned oriented drawing generating method, generate directed graph I as shown in figure 18.The directed graph I that Figure 18 forms when showing according to the complete binary tree parameters k=6 of the quantity n=64 of as shown in Figure 3 leaf node.

At first, the directed graph H (Fig. 4) that relatively generates according to basic scheme and draw according to the directed graph I (Figure 18) of this embodiment, directed graph I comprises longer directed edge.When making the comparison of relevant the longest directed walk V ([1,1], [1,64]), although directed graph H is comprised of 11 directed edges, directed graph I only is comprised of 6 directed edges.Therefore, can affirm that directed graph generating portion 160 generates the required amount of calculation of set key and reduced.Equally, figure 19 illustrates at parameter k and be configured to directed graph I in the situation of k=3.

Hereinafter the appraisal procedure of the quantity of the required set key of each user is assessed in concise and to the point description for each directed graph.At first, for the intermediate key of selecting each user to preserve, be necessary to extract the affiliated directed graph of user u.Specifically, from the intermediate node that consists of tree structure, extract all intermediate nodes that the leaf node u corresponding with user u is included in the leaf node that is arranged in lower floor, and select the directed graph corresponding with those intermediate nodes.Because all leaf nodes all are present in the lower floor of root node, so certainly select the directed graph corresponding with root node.Classify by layer if comprise the tree structure of n leaf node, have a root layer, leaf layer and log (n)-1 intermediate level of nodes.As shown in Figure 3, only have one to comprise that the subgroup corresponding with certain user u is as the directed graph I of element in each intermediate level of nodes.Therefore, existence comprises that minimum log (n)+1 directed graph of two directed graphs that are associated with root node is as target.

Further, for each directed graph, the maximum quantity of the intermediate key that the user will preserve is determined by the maximum quantity that its afterbody is positioned at a directed edge on the coordinate points.Therefore, each coordinate points for certain directed graph, counting is since the quantity of the directed edge of a coordinate points, and when extracting the coordinate points of number maximum, the quantity of the directed edge of its afterbody on this coordinate points equals the maximum quantity of the intermediate key that the user will preserve.At least for directed graph, the user need not to preserve the intermediate key above maximum quantity.Further, understand easily, according to the directed graph formation logic, the quantity of the directed edge of its afterbody on each coordinate points can not surpass parameter k.

As a result, the quantity of the intermediate key that will preserve of user can not surpass at most k* (log (n)+1).Because user's quantity is enough large, the upper limit of number of keys is generally by O (k*log (n)) assessment.But this assessed value is actually too high assessment, if relevant, for example, the situation of basic scheme calculates more specifically assessed value, and the upper limit of number of keys represents by following expression formula (3).In the cipher key distribution scheme according to this embodiment, the assessment models of number of keys also is following expression formula (3), and the quantity of the intermediate key that the user will preserve does not change.

[expression formula 3]

Σ_{x = 1}^{k - 1} x (\frac{\log n}{k}) + k (\frac{\log n}{k} - 1) + 2 k = \frac{k + 1}{2} \log n + k \cdot \cdot \cdot (3)

On the other hand, each user generates the length that the directed walk that consists of directed graph is depended in the assessment of gathering the required amount of calculation of key.Specifically, along with the quantity minimizing of the directed edge that forms every directed walk, each user's amount of calculation also reduces.For example, in the situation according to the directed graph H of basic scheme, the longest directed walk is directed graph H (1 → n) directed walk V ([1,1], [1, n]).This directed walk comprises (2*k-1) * (n ^1/k-1) bar directed edge.On the other hand, in the situation according to the directed graph I of this embodiment, the longest directed walk is that (1 → n) directed walk V ([1,1], [1, n]), this directed walk comprises (k* (n to directed graph I ^1/k-1) bar directed edge.Therefore, compare with basic scheme, the amount of calculation that this embodiment can be required with each terminal unit of user reduces only about half of.

The logic that the quantity increase ground that generates the intermediate key that can not make each user's preservation can reduce to generate the directed graph of the worst-case value of gathering the required amount of calculation of key has above been described.The structure of above-mentioned key formation logic (directed graph) mainly makes up piece by the key formation logic that consists of key distribution server 10 and implements.But in order to be encrypted key distribution according to top key formation logic, other element also is necessary.Therefore, hereinafter refer back to Figure 16 and describe other element.

Refer back to Figure 16, except above-mentioned key formation logic made up piece, key distribution server 10 comprised that also initial intermediate key arranges part 162, key generating portion 164, encryption section 166, translator unit 168 and subset determining section 170.

(initial intermediate key arranges part 162)

Initial intermediate key arranges part 162 for each directed graph I corresponding with each intermediate node of tree, generates the intermediate key corresponding with the initial coordinate point of directed graph I.For example, initial intermediate key arranges part 162 and can use pseudorandom number generator to generate random number, and random number is arranged to each intermediate key corresponding with top initial coordinate point (root), maybe given numerical value can be arranged to each intermediate key.

(key generating portion 164)

For certain the bar directed edge that consists of directed graph I, when input is assigned to the given intermediate key of coordinate points of afterbody indication of directed edge, the set key that 164 outputs of key generating portion are corresponding with the coordinate points of the afterbody indication of directed edge and with from the corresponding intermediate key of the head of all directed edges of the afterbody extension of this directed edge.Therefore, key generating portion 164 is corresponding to the PRSG of basic scheme.But key generating portion 164 is with the difference of the PRSG of basic scheme, the directed graph I output intermediate key that it generates according to directed graph generating portion 160.If key generating portion 164 is expressed as identical with PRSG, when the input intermediate key t (S0) corresponding with certain coordinate points S0 of directed graph I, its output intermediate key t (S1), t (S2) corresponding with the head of the directed edge of afterbody on this coordinate points (corresponding to subset S0) ..., t (Sm) and gather key k (S0).Note the quantity of the directed edge of m indication afterbody on certain coordinate points S0.

(encryption section 166)

Encryption section 166 uses the set secret key encryption to be used for content key.Although the quantity of content key is one, the quantity of set key is identical with the quantity of the subset that consists of aggregation system Φ.Therefore, encryption section 166 uses the corresponding set secret key encryption content key of all subsets that consist of aggregation system Φ.Therefore, encryption section 166 generates the encrypted content key corresponding with each set key.So, be m if consist of the quantity of the subset of aggregation system Φ, generate m encrypted content key.Alternately, encryption section 166 can encrypted content.For example, encryption section 166 can use the content key encryption content, maybe can use each set secret key encryption content.Using the configuration of set secret key encryption content is the alternative example of this embodiment.

(translator unit 168)

The content key that translator unit 168 is encrypted encryption section 166 sends all users corresponding with leaf node to.Further, translator unit 168 can send intermediate key to each user with reference to above-mentioned directed graph I.At this moment, translator unit 168 can be distributed minimum necessity intermediate key, so as each user can derive with it under the corresponding intermediate key of subset.Specifically, translator unit 168 can extract the affiliated subset of distribution destination user of intermediate key from the subset that consists of aggregation system Φ (referring to top expression formula (1)), from the coordinate points of the directed graph I corresponding with extracting subset, select such coordinate points, namely distribute the destination user and be not included in the subset corresponding with the afterbody of the directed edge that arrives this coordinate points, and only the intermediate key corresponding with selected coordinate points is distributed to distribution destination user.But, if the subset under the distribution destination user of intermediate key corresponding to the initial coordinate point of directed graph I, translator unit 168 can only will be put corresponding intermediate key with initial coordinate and be distributed to distribution destination user.Further, translator unit 168 can also play a part the distribution of information of the directed graph I directed graph distribution of information part to each user.Specifically, in case input each intermediate key, translator unit 168 just can be according to directed graph I, the information that distribution is relevant with the key schedule (for example, key generator) of the PRSG of the given intermediate key of output and set key.

(subset determining section 170)

The 170 definite set (R) that should forbid the eliminating user of decryption content or content key of subset determining section, and from all users' set (N), delete the set (R) of getting rid of the user by the union of using the given subset of from the subset corresponding with the coordinate points of directed graph I, selecting, the set (N R) of definition permitted user is then so that consist of one group of subset that the mode of minimum number of subset of the set (N R) of permitted user determines to consist of the set of permitted user (N R).Subset determining section 170 can be comprised of the permitted user set determining section of the set of determining permitted user (N R) and the permitted user subset determining section of one group of subset of determining to consist of the set (N R) of permitted user.

Determined to consist of set (the N R={S1 ∪ S2 ∪ ... ∪ Sm} of permitted user in top mode in subset determining section 170; M is natural number) subset (S1, S2 ..., Sm) afterwards, translator unit 168 will indicate the set (N R) of permitted user or consist of the subset of the set of permitted user (N R) (S1, S2 ..., Sm) distribution of information give each user.Further, encryption section 166 use the subset determined with subset determining section 170 (S1, S2 ..., Sm) content key perhaps in the corresponding set secret key encryption, and translator unit 168 sends encrypted content or content key to each user.

Configuration according to the key distribution server 10 of the preferred embodiment of the present invention has above been described.As mentioned above, the feature of this configuration mainly is the configuration that the key formation logic makes up piece.Especially, this embodiment has feature aspect the configuration of the directed graph generating portion 160 that generates the directed graph I that determines the key formation logic.Can generate according to the directed graph generating portion 160 of this embodiment and can reduce each terminal unit and generate the required amount of calculation of set key, but the key formation logic (directed graph) that the quantity of the key that each user's terminal unit will preserve is increased.

[configuration of terminal unit 20]

Hereinafter with reference to the configuration of Figure 16 description according to the terminal unit 20 of this embodiment.Figure 16 is the calcspar that the configuration of terminal unit 20 is shown.

With reference to Figure 16, terminal unit 20 comprises receiving unit 174, judges part 176, key generating portion 178 and decryption portion 180.Terminal unit 20 is corresponding to above-mentioned user.

(receiving unit 174)

Receiving unit 174 receives the information that the translator unit 168 from be included in key distribution server 10 transmits.For example, receiving unit 174 receives the content, encrypted content key, given intermediate key, the information relevant with directed graph I, the information relevant with permitted user etc. of distribution from key distribution server 10.Further, receiving unit 174 can be from a plurality of information sources collection information, and not only receive information from single information source.For example, receiving unit 174 can be from a plurality of information sources by wired or wireless network connection (for example, key distribution server 10) or not pass through the middle obtaining information of information source (for example, the information medium as optical disc unit, disk cell and portable terminal unit) that network ground directly or indirectly connects.Because receiving unit 174 certainly can be from another terminal unit 20 reception information, so can be configured to and belong to, for example, other terminal unit 20 of identical distribution destination group is shared the information of directed graph I.Under these circumstances, identical distribution destination group refer to authorize into from a group corresponding to the spectators user of the content of corresponding same or a plurality of key distribution servers 10 distributions of the user's of the leaf node of above-mentioned tree structure set.

(judging part 176)

Judging that part 176 determines whether as element is included in the subset corresponding with gathering key some.Because 20 of terminal units are preserved the intermediate key of the generation set key corresponding with the subset under it, so be necessary to judge in advance according to the information that relevant key distribution server 10 is used for the set key of encrypted content or content key whether the subset under it is included in the subset corresponding with gathering key.Such judgement is made by judgement part 176.About the information of set key with identical or different moment of content key from 10 distributions of key distribution server, and received part 174 receives.Be not included in for the set key of encrypting if judge the set key corresponding with affiliated subset, the processing ground that terminal unit 20 does not use the intermediate key of self preserving to generate the set key finishes the decryption processing of content key.On the contrary, if find the set key corresponding with affiliated subset, terminal unit 20 uses the intermediate key of self preserving and uses PRSG to generate the set key.

(key generating portion 178)

For certain directed edge that consists of directed graph I, when input is assigned to the given intermediate key of coordinate points of afterbody indication of directed edge, the set key that 178 outputs of key generating portion are corresponding with the coordinate points of the afterbody indication of directed edge and with from the corresponding intermediate key of the head of all directed edges of the afterbody extension of this directed edge.Therefore, key generating portion 178 is corresponding to the key generating portion 164 that is included in the key distribution server 10.If key generating portion 178 is expressed as PRSG, if input the intermediate key t (S0) corresponding with certain coordinate points S0 of directed graph I, its output intermediate key t (S1), the t (S2) corresponding with the head of the directed edge of afterbody on coordinate points S0 ..., t (Sk) and gather key k (S0).Note the quantity of the directed edge of m indication afterbody on coordinate points S0.The information of directed graph I can obtain from key distribution server 10, maybe can be stored in the storage area (not shown) that is included in the terminal unit 20.

(decryption portion 180)

Decryption portion 180 is used set secret key decryption content key.Specifically, decryption portion 180 from the corresponding subset of set key extract as an element be included in wherein subset and the use set key corresponding with subset) decryption content or content key.

Configuration according to the terminal unit 20 of this embodiment has above been described.As mentioned above, terminal unit 20 can generate desired set key according to the particular key formation logic (directed graph I) that the directed graph generating portion 160 that is included in the above-mentioned key distribution server 10 generates.Therefore, terminal unit 20 can reduce the required amount of calculation of set key that generates for decrypted content keys.

For example, arrange at above-mentioned tree structure and to have supposed branch more and more wider tree structure from the top to the bottom in the part 154, but be not limited to this, tree structure can be such, be branch along any direction, for example, from bottom to top, more and more wider from the left side to the right side and from the right side to the left side.Under these circumstances, be necessary to change the definition of the subset that is associated with each intermediate node in order to adapt to it.But this change is to rotate simply the tree structure that part 154 configurations are set by above-mentioned tree structure, under any circumstance all means identical.Further, although directed graph generating portion 160 is by arranging from left to right or reference axis from right to left makes up directed graph I ' and I, reverse change also is feasible about making.Specifically, although in the superincumbent description for convenience's sake according to vertical direction or horizontal direction defined parameters, but the general knowledge according to common people or those of ordinary skills, even with tree structure or directed graph I rotation or reverse, changed vertical and horizontal relationship, also meaned to be included within the constructed scope.Further, can comprise according to the information process unit of this embodiment and to obtain that for example, given directed graph or the information relevant with directed graph are in order to generate the part of obtaining of set key according to the directed graph that obtains.

Claims

1. information process unit comprises:

Tree structure arranges part, is used for

The whole binary tree that configuration is comprised of n leaf node, root node and several intermediate nodes different from root node and leaf node, and whole tree is divided into comprises n ^1/yThe basic subtree of several of individual leaf node forms y layer hierarchy, so that the root node of the basic subtree of lower floor is consistent with the leaf node of the basic subtree on upper strata, wherein y is the approximate number of log (n),

The sets definition of leaf node that will be lower than the node w of whole tree becomes Aw,

In the leaf node of basic subtree, the leaf node that will be positioned on certain leaf node v left side i is defined as v ^(-i)Be defined as v with the leaf node that will be positioned on the i of right side ⁽⁺ⁱ⁾,

Two leaf node u and v about basic subtree will gather (u → v) be defined as { Au, Au ∪ Au ⁽⁺¹⁾..., Au ∪ ... ∪ Av}, and will gather (u ← v) be defined as { Av, Av ∪ Av ⁽¹⁾..., Av ∪ ... ∪ Au}, wherein v is on the right side of u,

When in than several low leaf nodes of the node v of basic subtree, the leaf node that is positioned at left end is defined by lv ' and is defined by rv ' time with the leaf node that is positioned at right-hand member,

To gather (l _Root' → r _Root') and set (l _Root' ⁽⁺¹⁾← r _Oot') be associated with the root node root of basic subtree on the top layer,

To gather (lv ' → rv ' ⁽¹⁾) and set (lv ' ⁽⁺¹⁾← rv ') be associated with the root node v of basic subtree on other layer except top layer,

If the intermediate node of each subtree is positioned at its parent node left side, will gather (lv ' ⁽⁺¹⁾← rv ') be associated with intermediate node v, and

If the intermediate node of each subtree is positioned at its parent node right side, will gather (lv ' → rv ' ⁽¹⁾) be associated with intermediate node v; With

The directed graph generating portion is used for for separately the root node root of basic subtree and each of root node v and intermediate node v, generates degree of comprising and arranges and be included in set (l in horizontal axis with from left to right increasing _Root' → r _Root') or set (lv ' → rv ' ⁽¹⁾) in the corresponding coordinate points of subset and directed graph and/or the degree of comprising that the oriented branch of connection coordinate point is set arrange and be included in set (l in horizontal axis with increasing from right to left _Root' ⁽⁺¹⁾← r _Root') or set (lv ' ⁽⁺¹⁾← rv ') coordinate points that the subset in is corresponding and the directed graph of the oriented branch that connection coordinate point is set;

The key generating portion, be used for generating according to directed graph the key that arranges of encrypted content or content key, wherein, when inputting the intermediate key t (Si) of the subset S corresponding with certain coordinate points in the directed graph, the output of described key generating portion with corresponding to the corresponding set key k (Si) of the subset Si of coordinate points and with afterbody the directed edge on the coordinate points S on the corresponding subset S1 of coordinate points, S2, ..., the intermediate key t of Sk (S1), t (S2), ..., t (Sk).

2. according to information process unit claimed in claim 1, wherein,

The directed graph generating portion comprises that further oriented branch arranges part between subtree, be used for arranging from the directed graph corresponding with the basic subtree of lower floor to the oriented branch of the corresponding directed graph of the basic subtree on upper strata.

3. according to information process unit claimed in claim 2, wherein,

Between subtree oriented branch arrange first coordinate points of part setting from the directed graph corresponding with the basic subtree of lower floor to the corresponding directed graph of the basic subtree on upper strata in the oriented branch of the second coordinate points, and

The subset corresponding with the second coordinate points comprises the subset corresponding with the first coordinate points.

4. according to information process unit claimed in claim 1, wherein,

The directed graph generating portion comprises that reference axis arranges part and oriented branch arranges part,

Reference axis arranges part for separately the root node root of basic subtree and each of root node v and intermediate node v, degree of comprising is set from left to right arranges and be included in with increasing set (l _Root' → r _Root') or set (lv ' → rv ' ⁽¹⁾) in the first horizontal axis of the corresponding coordinate points of subset and/or degree of comprising arrange from right to left with increasing and be included in set (l _Root' ⁽⁺¹⁾← r _Root') or set (lv ' ⁽⁺¹⁾The second horizontal axis of the coordinate points that the subset ← rv ') is corresponding also arranges at least two interim coordinate points in addition altogether on the left end of first and second each root of horizontal axis and/or right-hand member, and

Oriented branch arranges part and satisfies n being provided with given integer k and calculating ^(x-1)/k*y＜(rv '-lv '+1)≤n ^X/k*yInteger x after, wherein k is log (n ^1/y) approximate number,

The left end coordinate points that repeatedly arranges on every the first horizontal axis begins to extend to the n of being separated by ^{I/ (k*y)}The oriented branch to the right of coordinate points, i=0～x-1 wherein,

The right-hand member coordinate points that repeatedly arranges on every the second horizontal axis begins to extend to the n of being separated by ^{I/ (k*y)}The oriented branch left of coordinate points, i=0～x-1 wherein,

The interim coordinate points of eliminating on each root of the first and second horizontal axis has head or all oriented branches of tail arranged, and

Get rid of other the oriented branch except the longest oriented branch the oriented branch of each coordinate points on arriving the first and second horizontal axis.

5. according to information process unit claimed in claim 1, wherein,

Respond the input of the intermediate key t (Si) of the subset S corresponding with certain coordinate points in the directed graph, key generating portion output with corresponding to the subset Si of this coordinate points corresponding key k (Si) is set and have at coordinate points S tail oriented branch on coordinate points S1, S2 ..., intermediate key t (S1), the t (S2) of Sk ..., t (Sk).

6. according to information process unit claimed in claim 1, wherein,

Respond the input that key k (S) is set of the subset S corresponding with certain coordinate points in the directed graph, key generating portion output have at coordinate points S coordinate points S1, S2 on the head of oriented branch of tail ..., Sk arrange key k (S1), k (S2) ..., k (Sk).

7. according to information process unit claimed in claim 1, further comprise:

Encryption section be used for to use perhaps content key is set in the secret key encryption.

8. according to information process unit claimed in claim 7, further comprise:

Transmitting portion is used for the interior perhaps content key that encryption section is encrypted is sent to respectively some or all terminal units that are associated with leaf node 1～n of whole tree.

9. according to information process unit claimed in claim 1, further comprise:

The subset determining section, be used for when the subset of leaf node 1～n of whole tree is defined by Si, determine to allow deciphering to use the set (N R) of the terminal unit of the interior perhaps content key that secret key encryption is set, and determine to satisfy set (N R)={ S1 ∪ S2 ∪ ... m subset S1～Sm of ∪ Sm}.

10. according to information process unit claimed in claim 9, wherein,

The subset determining section determines to make the subset S1 of the value minimum of m～Sm.

11. according to information process unit claimed in claim 9, wherein,

The information that transmitting portion will indicate the information of set (N R) or indication to consist of the subset S1 of set (N R)～Sm sends to terminal unit.

12. according to information process unit claimed in claim 8, wherein,

Transmitting portion uses corresponding with the subset S1～Sm respectively interior perhaps content key that secret key encryption is set to send to terminal unit encryption section.

13. a terminal unit comprises:

The key generating portion is used for generating the key that arranges of deciphering encrypted content or encrypted content key according to directed graph, and wherein, directed graph generates as follows:

Two leaf node u and v about basic subtree will gather (u → v) be defined as { Au, Au ∪ Au ⁽⁺¹⁾, Au ∪ Au ⁽⁺¹⁾∪ Au ⁽⁺²⁾..., Au ∪ Au ⁽⁺¹⁾... Av ⁽¹⁾, Au ∪ Au ⁽⁺¹⁾... Av ⁽¹⁾∪ Av}, and will gather (u ← v) be defined as { Av, Av ∪ Av ⁽¹⁾, Av ∪ Av ⁽¹⁾∪ Av ⁽²⁾..., A ∪ Av ⁽¹⁾... Au ⁽⁺¹⁾, Av ∪ Av ⁽¹⁾... Au ⁽⁺¹⁾∪ Au}, wherein v is on the right side of u,

To gather (l _Root' → r _Root') and set (l _Root' ⁽⁺¹⁾← r _Root') be associated with the root node of basic subtree on the top layer,

If the intermediate node v of each subtree is positioned at its parent node left side, will gather (lv ' ⁽⁺¹⁾← rv ') be associated with intermediate node v,

If the intermediate node v of each subtree is positioned at its parent node right side, will gather (l v ' → rv ' ⁽¹⁾) be associated with intermediate node v, and

For separately the root node root of basic subtree and each of root node v and intermediate node v, generate degree of comprising and arrange and be included in set (l in horizontal axis with from left to right increasing _Root' → r _Root') or set (lv ' → rv ' ⁽¹⁾) in the corresponding coordinate points of subset and directed graph and/or the degree of comprising that the oriented branch of connection coordinate point is set arrange and be included in set (l in horizontal axis with increasing from right to left _Root' ⁽⁺¹⁾← r _Root') or set (lv ' ⁽⁺¹⁾← rv ') coordinate points that the subset in is corresponding and the directed graph of the oriented branch that connection coordinate point is set; And

When inputting the intermediate key t (Si) of the subset S corresponding with certain coordinate points in the directed graph, the output of described key generating portion with corresponding to the corresponding set key k (Si) of the subset Si of coordinate points and with afterbody the directed edge on the coordinate points S on the corresponding subset S1 of coordinate points, S2, ..., the intermediate key t of Sk (S1), t (S2) ..., t (Sk).

14. according to the described terminal unit of claim 13, wherein,

Setting from the directed graph corresponding with the basic subtree of lower floor to the oriented branch of the corresponding directed graph of the basic subtree on upper strata.

15. according to the described terminal unit of claim 14, wherein,

First coordinate points of setting from the directed graph corresponding with the basic subtree of lower floor to the corresponding directed graph of the basic subtree on upper strata in the oriented branch of the second coordinate points, and

16. according to the described terminal unit of claim 13, further comprise:

Decryption portion, that be used for to use that the key generating portion generates arranges secret key decryption encrypted content or encrypted content key.

17. according to the described terminal unit of claim 13, wherein,

Respond the input of the intermediate key t (Si) of the subset S corresponding with certain coordinate points in the directed graph, key generating portion output with corresponding to the subset Si of this coordinate points corresponding arrange key k (Si) and with the oriented branch that tail is arranged at coordinate points S on corresponding subset S1, the S2 of coordinate points ..., intermediate key t (S1), the t (S2) of Sk ..., t (Sk).

18. according to the described terminal unit of claim 13, wherein,

19. according to the described terminal unit of claim 16, wherein,

Decryption portion is used the secret key decryption encrypted content key is set, and uses decrypted content keys enabling decryption of encrypted content.

20. according to the described terminal unit of claim 13, comprise:

Receiving unit, be used for when having determined to allow deciphering to use the set (N R) of the terminal unit of the interior perhaps content key that secret key encryption is set, with determined satisfied set (N R)={ S1 ∪ S2 ∪ ... during the m subset S1 of ∪ Sm}～Sm, receive the information of the subset S1 that the information of indication set (N R) or indication consist of set (N R)～Sm, wherein, the subset of leaf node 1～n of whole tree is defined by Si; With

Judge part, be used for judging according to reception information whether terminal unit belongs to the some of subset S1～Sm, and determine whether permission enabling decryption of encrypted content according to result of determination.

21. according to the described terminal unit of claim 20, further comprise:

Decryption portion, that be used for to use that the key generating portion generates arranges secret key decryption encrypted content or encrypted content key,

Wherein, when judging that part judges that terminal unit belongs to subset S1～Sm some, decryption portion is used secret key decryption encrypted content or encrypted content key is set.

22. an information processing method comprises:

The whole binary tree that configuration is comprised of n leaf node, root node and several intermediate nodes different from root node and leaf node, and whole tree is divided into comprises n ^1/yThe basic subtree of several of individual leaf node forms y layer hierarchy, so that the root node of the basic subtree of the lower floor step consistent with the leaf node of the basic subtree on upper strata, wherein y is the approximate number of log (n);

The sets definition of leaf node that will be lower than the node w of whole tree becomes the step of Aw,

To gather (l _Root' → r _Root') and set (l _Root' ⁽⁺¹⁾← r _Root') be associated with the root node root of basic subtree on the top layer,

If the intermediate node of each subtree is positioned at its parent node right side, will gather (lv ' → rv ' ⁽¹⁾) be associated with intermediate node v;

For separately the root node root of basic subtree and each of root node v and intermediate node v, generate degree of comprising and arrange and be included in set (l in horizontal axis with from left to right increasing _Root' → r _Root') or set (lv ' → rv ' ⁽¹⁾) in the corresponding coordinate points of subset and directed graph and/or the degree of comprising that the oriented branch of connection coordinate point is set arrange and be included in set (l in horizontal axis with increasing from right to left _Root' ⁽⁺¹⁾← r _Root') or set (lv ' ⁽⁺¹⁾← rv ') coordinate points that the subset in is corresponding and the step of the directed graph of the oriented branch that connection coordinate point is set; With

Be used for generating according to directed graph the step that key is set of encrypted content or content key, wherein, when inputting the intermediate key t (Si) of the subset S corresponding with certain coordinate points in the directed graph, output with corresponding to the corresponding set key k (Si) of the subset Si of coordinate points and with afterbody the directed edge on the coordinate points S on the corresponding subset S1 of coordinate points, S2 ..., the intermediate key t of Sk (S1), t (S2) ..., t (Sk).

23. the key generation method that key is set according to directed graph generation deciphering encrypted content or encrypted content key, wherein, directed graph obtains as follows:

To gather (l _Root' → r _Root') and set (l _Root' ⁽⁺¹⁾← r _Oot') be associated with the root node of basic subtree on the top layer,

If the intermediate node v of each subtree is positioned at its parent node right side, will gather (lv ' → rv ' ⁽¹⁾) be associated with intermediate node v, and

When inputting the intermediate key t (Si) of the subset S corresponding with certain coordinate points in the directed graph, output with corresponding to the corresponding set key k (Si) of the subset Si of coordinate points and with afterbody the directed edge on the coordinate points S on the corresponding subset S1 of coordinate points, S2, ..., the intermediate key t of Sk (S1), t (S2) ..., t (Sk).

24. an information process unit comprises:

Directed graph obtains part, is used for obtaining the directed graph that is comprised of several oriented branches as claimed in claim 1, so that it is consistent with the afterbody of directed graph to consist of an afterbody of the longest oriented of directed graph; With

The key generating portion is used for dividing the directed graph that obtains to generate the key that arranges of encryption or decryption content or content key according to the directed graph acquisition unit;

Wherein, when inputting the intermediate key t (Si) of the subset S corresponding with certain coordinate points in the directed graph, the output of described key generating portion with corresponding to the corresponding set key k (Si) of the subset Si of coordinate points and with afterbody the directed edge on the coordinate points S on the corresponding subset S1 of coordinate points, S2, ..., the intermediate key t of Sk (S1), t (S2), ..., t (Sk).

25. according to the described information process unit of claim 24, wherein,

Respond the input of the intermediate key t (Si) of the subset S corresponding with certain coordinate points in the directed graph, key generating portion output with corresponding to the subset S of this coordinate points corresponding key k (S) is set and have at coordinate points S tail oriented branch on coordinate points S1, S2 ..., intermediate key t (S1), the t (S2) of Sk ..., t (Sk).

26. according to the described information process unit of claim 24, wherein,

27. according to the described information process unit of claim 24, further comprise:

Initial intermediate key arranges part, is used for given random number is arranged to the intermediate key corresponding with the afterbody of each directed graph.

28. according to the described information process unit of claim 24, further comprise:

29. according to the described information process unit of claim 28, further comprise:

Transmitting portion is used for the interior perhaps content key that encryption section is encrypted is sent to respectively some or all terminal units that are associated with the leaf node 1～n that consists of given binary tree, and wherein n is natural number.

30. according to the described information process unit of claim 29, further comprise:

The subset determining section, be used for the subset of leaf node 1～n is defined by Si, determine to allow deciphering to use the set (N R) of the terminal unit of the interior perhaps content key that secret key encryption is set, and determine to satisfy set (N R)={ S1 ∪ S2 ∪ ... m subset S1～Sm of ∪ Sm}.

31. according to the described information process unit of claim 30, wherein,

32. according to the described information process unit of claim 29, wherein,

33. according to the described information process unit of claim 24, further comprise:

Decryption portion be used for to be used perhaps content key is set in the secret key decryption.

34. according to the described information process unit of claim 33, further comprise:

The receiving unit that is associated with the one or more leaf node 1～n that consist of given binary tree is used for receiving and uses the interior perhaps content key that secret key encryption is set, and wherein n is natural number.

35. according to the described information process unit of claim 34, wherein,

36. an information process unit of processing interim directed graph, interim directed graph is for given integer k, according to satisfying n ^(x-1)/k(rv-lv+1)≤n ^X/kNatural number x, spread length is n on the first to the 4th horizontal axis ^I/kSeveral oriented branches form, wherein i=0,1 ..., x-1,

In the binary tree that n leaf node, root node and several intermediate nodes different from root node and leaf node by assigned number 1～n form, wherein, in several leaf nodes lower than certain intermediate node v or certain root node v, the number that is assigned to the leaf node that is positioned at left end is defined as lv, and the number that will be assigned to the leaf node that is positioned at right-hand member is defined as rv, wherein n is natural number

For natural number i and j, wherein i≤j supposes to gather (i → j) be expressed as { { i}, { i, i+1}, { i, i+1, i+2} ..., i, i+1 ..., j-1}, and i, i+1 ..., j-1, j}}, and will gather (i ← j) be expressed as { { j}, { j, j-1}, { j, j-1, j-2}, ..., j, j-1 ..., i+1}, { j, j-1 ..., i+1, i}}

Arrange be associated with root node and contain respectively be included in set (subset in 1 → n) is associated and degree of comprising is arranged in the first horizontal axis of the coordinate points on the horizontal axis with from left to right increasing,

Arrange be associated with root node and contain respectively be included in set (subset in 2 ← n) is associated and degree of comprising is arranged in the second horizontal axis of the coordinate points on the horizontal axis with increasing from right to left,

For each intermediate node,

Arrange be associated with certain intermediate node v and contain respectively be included in set (subset among the lv → rv-1) is associated and degree of comprising is arranged in the 3rd horizontal axis of the coordinate points on the horizontal axis with from left to right increasing, and

Arrange be associated with certain intermediate node v and contain respectively be included in set (subset among the lv+1 ← rv) is associated and degree of comprising is arranged in the 4th horizontal axis of the coordinate points on the horizontal axis with increasing from right to left,

This information process unit comprises:

Interim directed graph obtains part, is used for obtaining interim directed graph;

The directed graph generating portion is used for consisting of the central long oriented branch of several oriented branches that interim directed graph acquisition unit is divided the interim directed graph that obtains by staying, and generates directed graph; With

The key generating portion is used for the key that arranges according to directed graph generation encrypted content or content key;

Wherein, when inputting the intermediate key t (Si) corresponding with certain coordinate points Si of directed graph, the output of described key generating portion and afterbody with coordinate points corresponding to subset Si on the corresponding intermediate key t (S1) of the head of directed edge, t (S2), ..., t (Sm).

37. an information process unit comprises:

Directed graph obtains part, be used for obtaining by at the interim directed graph that is formed by several oriented branches, stay in the middle of several oriented branches that consist of interim directed graph the directed graph that generates of long oriented branch, wherein, described interim directed graph is interim directed graph as claimed in claim 36, and described long oriented branch is such as the longer oriented branch of the oriented branch in the directed graph claimed in claim 1; With

38. an information process unit comprises:

Tree structure arranges part, is used for configuration by n the leaf node of assigned number 1～n, the binary tree that root node and different from root node and leaf node several intermediate nodes form, wherein n is natural number, for natural number i and j (i≤j), will gather (i → j) be defined as { { i}, { i, i+1} ..., { i, i+1 ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, { j, j-1}, ..., { j, j-1, ..., i+1, i}}, and in several leaf nodes lower than certain intermediate node v or certain root node v, the number that is assigned to the leaf node that is positioned at left end is arranged to lv, and the number that will be assigned to the leaf node that is positioned at right-hand member is arranged to rv;

Reference axis arranges part, is used for

Arrange be associated with root node and contain respectively be included in set (subset among the l → n) is associated and degree of comprising is arranged in the first horizontal axis of the coordinate points on the horizontal axis with from left to right increasing,

Be associated with root node and contain respectively be included in set (subset in 2 ← n) is associated and degree of comprising is arranged in the second horizontal axis of the coordinate points on the horizontal axis with increasing from right to left,

For each intermediate node,

Be associated with certain intermediate node v and contain respectively be included in set (subset among the lv → rv-1) is associated and degree of comprising is arranged in the 3rd horizontal axis of the coordinate points on the horizontal axis with from left to right increasing, and

Be associated with certain intermediate node v and contain respectively be included in set (subset among the lv+1 ← rv) is associated and degree of comprising is arranged in the 4th horizontal axis of the coordinate points on the horizontal axis with increasing from right to left,

Place each on the right side of the coordinate points that is positioned at the 3rd horizontal axis right-hand member and be positioned at two interim coordinate points on the left side of coordinate points of the second and the 4th horizontal axis left end, and

The coordinate points that will be positioned at the first horizontal axis right-hand member is arranged to the first interim coordinate points and the second interim coordinate points is placed on the right of the first interim coordinate points; With

The directed graph generating portion is used for

Generate as follows respectively with set (1 → n-1), set (2 ← n), set (lv+1 → rv) and gather (directed graph that lv ← rv-1) is relevant:

Given integer k is set,

N is satisfied in calculating ^(x-1)/k＜(rv-lv+1)≤n ^X/kNatural number, and

For each of integer i=0～x-1,

Be n by coupling length ^I/kOne or several oriented branch to the right, be formed on the directed walk that tail is arranged on the most left coordinate points on the first and the 3rd horizontal axis,

Be n by coupling length ^I/kOne or several oriented branch left, be formed on the directed walk that tail is arranged on the rightest coordinate points on the second and the 4th horizontal axis,

The interim reference axis of eliminating on each root of the first to the 4th horizontal axis has tail or all oriented branches of head arranged, and

Get rid of other the oriented branch except the longest oriented branch the oriented branch of each coordinate points on arriving the first to the 4th horizontal axis, and

Be that 1 oriented branch adds with set and (in 1 → n-1) the relevant directed graph, generates and gather (1 → n) relevant directed graph by the length that the first interim coordinate points on the first horizontal axis is had head; With

Wherein, when inputting the intermediate key t (Si) of the subset S corresponding with certain coordinate points in the directed graph, the output of described key generating portion with corresponding to the corresponding set key k (Si) of the subset Si of coordinate points and with afterbody the directed edge on the coordinate points S on the corresponding subset S1 of coordinate points, S2, ..., the intermediate key t of Sk (S 1), t (S2), ..., t (Sk).

39. according to the described information process unit of claim 38, wherein,

40. according to the described information process unit of claim 38, wherein,

41. a terminal unit comprises:

The key generating portion is used for the key that arranges according to directed graph generation decryption content or content key, and wherein, directed graph generates as follows:

Configuration is by n the leaf node of assigned number 1～n, the binary tree that root node and different from root node and leaf node several intermediate nodes form, wherein n is natural number, for natural number i and j (i≤j), will gather (i → j) be defined as { { i}, { i, i+1}, { i, i+1, i+2} ..., { i, i+1, ..., j-1}, { i, i+1 ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, { j, j-1}, { j, j-1, j-2} ..., { j, j-1 ..., i+1}, j, j-1 ..., i+1, i}}, and in several leaf nodes lower than certain intermediate node v or certain root node v, the number that is assigned to the leaf node that is positioned at left end is arranged to l v, and the number that will be assigned to the leaf node that is positioned at right-hand member is arranged to rv

For each intermediate node,

Be associated with certain intermediate node v and contain respectively be included in set (subset among the l v+1 ← rv) is associated and degree of comprising is arranged in the 4th horizontal axis of the coordinate points on the horizontal axis with increasing from right to left,

Place each on the right side of the coordinate points that is positioned at the 3rd horizontal axis right-hand member and be positioned at two interim coordinate points on the left side of coordinate points of the second and the 4th horizontal axis left end,

The coordinate points that will be positioned at the first horizontal axis right-hand member is arranged to the first interim coordinate points and the second interim coordinate points is placed on the right of the first interim coordinate points,

Given integer k is set,

N is satisfied in calculating ^(x-1)/k＜(rv-lv+1)≤n ^X/kNatural number, and

For each of integer i=0～x-1,

Be that 1 oriented branch adds with set and (in 1 → n-1) the relevant directed graph, generates and gather (1 → n) relevant directed graph by the length that the first interim coordinate points on the first horizontal axis is had head;

42. according to the described terminal unit of claim 41, further comprise:

Decryption portion is used for using secret key decryption encrypted content or encrypted content key are set.

43. according to the described terminal unit of claim 41, wherein,

Respond the input of the intermediate key t (Si) of the subset S corresponding with certain coordinate points in the directed graph, key generating portion output with corresponding to the subset S of this coordinate points corresponding arrange key k (S) and with the oriented branch that tail is arranged at coordinate points S on corresponding subset S1, the S2 of coordinate points ..., intermediate key t (S1), the t (S2) of Sk ..., t (Sk).

44. according to the described terminal unit of claim 41, wherein,

45. according to the described terminal unit of claim 42, wherein,

46. according to the described terminal unit of claim 41, wherein,

Subset at the leaf node 1～n that sets is defined by in the situation of S i, and

When having determined to allow to decipher the set (N R) of the terminal unit that uses the interior perhaps content key that secret key encryption is set, determine to satisfy set (N R)={ S1 ∪ S2 ∪ ... m subset S1～Sm of ∪ Sm}, and receive the information of the subset S1 that the information of indication set (N R) or indication consist of set (N R)～Sm, and

Terminal unit comprises the judgement part, is used for judging according to reception information whether terminal unit belongs to the some of subset S1～Sm, and determines whether permission enabling decryption of encrypted content according to result of determination.

47. according to the described terminal unit of claim 45, wherein,

When judging that terminal unit belongs to subset S1～Sm some, decryption portion is used corresponding with the affiliated subset of the terminal unit perhaps content key that arranges in the secret key decryption.

48. an information processing method of processing interim directed graph, interim directed graph is for given integer k, according to satisfying n ^(x-1)/k＜(rv-lv+1)≤n ^X/kNatural number x, spread length is n on the first to the 4th horizontal axis ^I/kSeveral oriented branches form, wherein i=0,1 ..., x-1,

For natural number i and j (i≤j), suppose to gather (i → j) be expressed as { { i}, { i, i+1}, { i, i+1, i+2} ..., and i, i+1 ..., j-1}, i, i+1 ..., j-1, j}}, and will gather (i ← j) be expressed as { { j}, j, j-1}, j, j-1, j-2} ..., j, j-1 ..., i+1}, { j, j-1 ..., i+1, i}}

For each intermediate node,

This information processing method comprises:

Interim directed graph obtaining step is used for obtaining interim directed graph;

Directed graph generates step, is used for consisting of the central long oriented branch of several oriented branches that interim directed graph acquisition unit is divided the interim directed graph that obtains by staying, and generates directed graph; With

Key generates step, is used for generating according to directed graph the key that arranges of encrypted content or content key;

Wherein, when the input intermediate key t (Si) corresponding with certain coordinate points Si of directed graph, export with afterbody with coordinate points corresponding to subset Si on the corresponding intermediate key t (S1) of the head of directed edge, t (S2), ..., t (Sm).

49. an information processing method comprises:

The directed graph obtaining step, be used for obtaining by at the directed graph that is formed by several oriented branches, stay central long oriented the directed graph that generates of several oriented branches that consists of interim directed graph, wherein, described directed graph is directed graph as claimed in claim 48, and described long oriented branch is the oriented branch longer than the oriented branch in the directed graph as claimed in claim 1; With

Key generates step, is used for dividing the directed graph that obtains to generate the key that arranges of encryption or decryption content or content key according to the directed graph acquisition unit;

50. an information processing method comprises:

The tree structure setting steps is used for

Configuration is by n the leaf node of assigned number 1～n, the binary tree that root node and different from root node and leaf node several intermediate nodes form, wherein n is natural number, for natural number i and j (i≤j), will gather (i → j) be defined as { { i}, { i, i+1}, { i, i+1, i+2} ..., { i, i+1 ..., j-1}, i, i+1 ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, { j, j-1}, { j, j-1, j-2} ..., j, j-1 ..., i+1}, { j, j-1, ..., i+1, i}}, with in several leaf nodes lower than certain intermediate node v or certain root node v, the number that is assigned to the leaf node that is positioned at left end is arranged to lv, and the number that will be assigned to the leaf node that is positioned at right-hand member is arranged to rv;

The reference axis setting steps is used for

For each intermediate node,

Directed graph generates step, is used for

Given integer k is set,

N is satisfied in calculating ^(x-1)/k＜(rv-lv+1)≤n ^X/kNatural number, and

For each of integer i=0～x-1,

Be that 1 oriented branch adds with set and (in 1 → n-1) the relevant directed graph, generates and gather (1 → n) relevant directed graph by the length that the first interim coordinate points on the first horizontal axis is had head; And

51. a key generation method comprises:

Key generates step, is used for generating according to directed graph the key that arranges of decryption content or content key, and wherein, directed graph generates as follows:

Configuration is by n the leaf node of assigned number 1～n, the binary tree that root node and different from root node and leaf node several intermediate nodes form, wherein n is natural number, for natural number i and j (i≤j), will gather (i → j) be defined as { { i}, { i, i+1}, { i, i+1, i+2} ..., { i, i+1, ..., j-1}, { i, i+1 ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, { j, j-1}, { j, j-1, j-2} ..., { j, j-1 ..., i+1}, j, j-1 ..., i+1, i}}, and in several leaf nodes lower than certain intermediate node v or certain root node v, the number that is assigned to the leaf node that is positioned at left end is arranged to lv, and the number that will be assigned to the leaf node that is positioned at right-hand member is arranged to rv

For each intermediate node,

Given integer k is set,

N is satisfied in calculating ^(x-1)/k＜(rv-lv+1)≤n ^X/kNatural number, and

For each of integer i=0～x-1,