CN102415049B - Encryption key generation device - Google Patents

Abstract

The invention relates to an encryption key generation device which has resistance against conspiratorial attacks and generates an encryption key having a reduced length and adapted to each scalability layer. In the encryption key generation device (400), a master key (K2,2) captured by an input means (450) is temporarily recorded in a recording means (470). A matrix generation means (462) generates key element matrices (M1 to M3) for keys (eR2, eR1, eR3) into which a key dividing means (461) divides the master key (K2,2). A hashing operation using a one-way hash function is repeated, and the resultant data is assigned to the coordinate components of the key element matrices (M1 to M3) in order to maintain the hierarchy of the scalability (L). Based on the key element matrices (M1 to M3), a key generation means (463) generates partial keys (K1,1 to K2,2) corresponding to the layers of the scalability (R, L). The partial keys (K1,1 to K2,2) are output by an output means (480) to an encoding means (410) or a decoding means (420).

Description

Encryption key generating means

Technical field

The present invention relates to a kind of device that generates encryption key, be used to carry out data encoding (encryption) and decoding (remove and encrypt) to thering is the numeral of multiple stratum extensibility, relate in particular to the device that a kind of stratum's data unit automatically generating in each extensibility is distinguished corresponding part key (hereinafter referred to as part key).

Background technology

In recent years, along with popularizing of the information communication service by network, the other side of uncertain quantity is carried out to the service of data transmission, for example, the delivery service of the digital codes such as image (frame data that comprise dynamic image) also increases gradually.Follow in this, in this network environment (communication system), the resist technology of numerical data also needs to seek higher function.

Generally speaking, the digital picture being encoded etc. is that while utilizing coding, determined quality (distortion factor, resolution, color performance etc.) is decoded.Yet, due to the variation of communication path, the variation of the variation of communication terminal, signal dispensing etc., need to seek by a part for coding row is decoded can the quality that determined quality is different when from coding image decoding, that is, and extensibility.Corresponding to the requirement of extensibility, for example, in the JPEG 2000 (Joint Photographic Experts Group 2000) as the international standard of image compression, provide a kind of with yardsticks such as resolutions the extensibility of form a social stratum.In addition, in the resist technology for the different data of this stratum quality of protection, be positioned at each data unit of each stratum for each extensibility, general other a part key that uses is decoded.

In addition, as this numerical data resist technology, for example known patent documentation 1-2 and non-patent literature 1-3.

Non-patent literature 1 discloses a kind of technology, for the numerical data with stratum's extensibility, by utilizing uni-directional hash (Hash) function to generate the part key corresponding to the data unit of the next stratum from a master key.In addition, non-patent literature 2 discloses a kind of technology of sequence independence of flow data of problem of and non-patent literature 1.Moreover above-mentioned non-patent literature 3 discloses a kind of technology of opposing assault of the problem that improves non-patent literature 1.

In addition, so-called assault, refers to by share the multiple encryption key corresponding to the different rank order of each extensibility between a plurality of users, realizes the behavior with the high quality reproduced picture of the quality than allowing in advance.

Prior art document

Patent documentation

Patent documentation 1: Japanese Patent Laid-Open 2004-312740 communique

Patent documentation 2: Japanese Patent Laid-Open 2003-204321 communique

Non-patent literature

Non-patent literature 1:Y.Wu, D.Ma, and R.H.Deng, " Progressive protection ofJPEG 2000 condestreams. " In Proc.IEEE ICIP, pp.3447-3450,2004

Non-patent literature 2:M.Fuhiyoshi, S.Imaizumi, and H.Kiya, " Encryption ofcomposite multimedia contents for access control, " IEICE Trans.Fundamentals, Vol.E90-A, No.3, pp.590-596, March 2007

Non-patent literature 3: the auspicious son of modern spring, Teng Ji are just bright, the refined people of peace portion, expensive benevolence will, and " encryption method of the stratum of JPEG 2000 coded images of resistance to assault " letter is learned SIP seminar, 2006

Inventors etc. find following problem after carrying out inquiring in detail for existing Data Protection Technologies.; in the situation that the different numerical data of stratum character ground quality of protection; according to every kind of extensibility difference managing cryptographic keys (part key); or according to be positioned at each data unit of each stratum about each extensibility, use other part key to be encrypted (coding).

Particularly, in the situation of management with other part key that data unit was generated, along with stratum's number increases, not only the number of keys as management object increases, in order to maintain hacker's repellence, must guarantee sufficient key length, along with the stratum in each extensibility increases, it is many that total key length significantly becomes.

On the contrary, by master key, generated in the situation corresponding to the part key of each data unit, due to the needs master key of partitioning portion number of keys only, as non-patent literature 3, once part cipher key number, increase, must shorten the length of the part key generating respectively.In this case, cannot guarantee sufficient hacker's repellence.

Summary of the invention

The present invention completes in order to solve above-mentioned problem, its object is to provide a kind of encryption key generating means, for the assault towards thering is the numerical data of stratum's extensibility, generation can guarantee abundant repellence encryption key, and tremendous reduce the key length that corresponding encryption key is distinguished by each extensibility stratum.

Encryption key generating means of the present invention is a kind of (following applicable to communication system, be called delivery system) device, the delivery service of the numerical data with multiple (>=2) stratum extensibility is provided, among meeting the stratum of the grade of service of signing in advance, be positioned at the part key of the most the next stratum as master key, generation is to this numerical data utilized encryption key (among each of extensibility, be positioned at and compared with the stratum of master key be the upper corresponding part set of cipher key of each stratum) of encoding and decode.Particularly, in the applicable delivery system of this encryption key generating means, except using the multimedia image delivery systems such as package coding row or video conference system of JPEG 2000 of international standard of image compression, also comprise the communication system that flows signal delivery service is provided.This encryption key generating means possesses input unit, memory cell, key cutting unit, matrix generation unit, key generation unit and output unit, as dispensing, with the encryption key that coding and the decoding of numerical data utilizes, be for each extensibility, according to dependency, from master key generation, be positioned at the part key of each upper stratum.Therefore, can carry out access control to a plurality of extensibilities in single coding row simultaneously.

Particularly, in encryption key generating means of the present invention, input unit is obtained predefined encryption key (part key), and the encryption key obtained by this input unit is temporarily stored in memory cell as master key.This master key is for each extensibility, meets among the stratum of the grade of service of permitting in the communication system (delivery system) that data distribution service is provided, and is positioned at the most the next part key.In addition, the master key that key cutting unit is stored from memory cell generates Split Key.Then,, as minimum treat unit, this encryption key generating means generates part key corresponding to the stratum's data unit among each with two kinds of selected extensibilities.That is, matrix generation unit generates the key salt matrices corresponding with each Split Key generating by key cutting unit.Thereby key generation unit carries out generating part key corresponding to each stratum by the composition combination of the key salt matrices generating by matrix generation unit.Moreover output unit exports in the encoding and decoding that carries out numerical data the part key being generated by key generation unit in above-mentioned minimum treat unit at least any device, such as coding unit, decoding unit etc.Key salt matrices is each stratum according to a kind of extensibility, based on being generated corresponding to the Split Key of each stratum.In addition, each key salt matrices is stipulated each component coordinate according to each stratum's value (being equivalent to rank order) of two kinds of extensibilities, and thus, each matrix compositions is corresponding with data unit and the coordinate of each stratum in two kinds of extensibilities.In addition, this encryption key generating means is characterised in that: according to dependency, from unique managed master key, generate corresponding to the part key that is positioned at each upper stratum.Thereby, remove while encrypting also identical, from possession from master key, generate corresponding to the part key that is positioned at each upper stratum, for example, among multimedia delivery service etc., only for the decoding key of the next package among the package group that allowed to disclose be distributed to user's (contractor of signal delivery service).In this case, give with decoding key itself become the master key that the memory cell of this encryption key generating means is stored, the most the next stratum that is each corresponding to each extensibility stratum of this master key.

As the master key that is stored unit storage, be among each of the 1st and the 2nd selected extensibility of the multiple extensibility that has from the numerical data as coded object, meet and be positioned at the encryption key that the encoding and decoding of the most the next stratum's data unit utilizes among the stratum of the grade of service of permitting in delivery system.Contrary, by wait decoding key obtaining to be made as in the situation of master key by dispensing, the stratum of each extensibility corresponding with this master key is made as respectively to the most the next stratum.By key cutting unit, using stratum's number of the 1st extensibility that sets as the benchmark extensibility among the 1st and the 2nd extensibility and cut apart this master key, thereby generate the Split Key corresponding with each stratum of the 1st extensibility.

By matrix generation unit, based on Split Key, made the data unit coordinate of the key salt matrices that generates respectively each stratum in the 1st and the 2nd extensibility corresponding.In addition, in the generation of the key salt matrices that a Split Key based among resulting Split Key generates, to the stratum in corresponding the 1st extensibility of this Split Key at least and each corresponding coordinate composition of the most the next stratum to the upper stratum from the 2nd extensibility, distribute the operational data by repeating to utilize the hash computing of this Split Key of one-way hash function to obtain successively.Thus, the stratum character of the 2nd extensibility is maintained.

Then, key generation unit, by conjunction with the consistent key key element of coordinate between the key salt matrices generating by each Split Key, generates the part key corresponding to the data unit of each stratum in the 1st and the 2nd extensibility.That is the part key of the data unit of the upper stratum of the stratum that, key generation unit contains master key by each this data unit generation for encoding or decoding.According to this structure, the stratum character of the 1st extensibility is also maintained.

In addition,, in key generating device of the present invention, preferred key cutting unit selects extensibility that the stratum's number among the 1st and the 2nd extensibility is few as above-mentioned benchmark extensibility.In the case, become and be difficult to be subject to the impact that a part of extensibility stratum number increases.

In addition, matrix generation unit, the composition information of the key salt matrices generating as a Split Key based among Split Key, to being equivalent to stratum in corresponding the 1st extensibility of this Split Key, be positioned at the next stratum and from each coordinate composition of the most the next stratum to the upper stratum of the 2nd extensibility, distribute and stratum's operational data that resulting operational data is identical successively for this Split Key, on the other hand, to being equivalent to stratum in corresponding the 1st extensibility of this Split Key, being positioned at upper stratum and distributing following operational data from all coordinate compositions of the most the next stratum to the upper stratum of described the 2nd extensibility, for the key key element of the upper stratum of the 2nd extensibility among the key key element of this corresponding stratum of Split Key, utilize one-way hash function to carry out the resulting operational data of hash computing.

As mentioned above, encryption key generating means of the present invention is different from the existing encryption key generation technique that must prepare a plurality of coding row and master key according to progressive order, is not subject to the restriction of the progressive order of coding row.In addition, encryption key generating means of the present invention is to generate the encryption key (part key) corresponding to the stratum of each data unit from possession from master key, for a plurality of extensibilities in single coding row, access control simultaneously.The amount of information of the encryption key (master key) that thus, coding is listed as and manages is lowered, can effectively be improved the management of digital code or encryption key, the stability in signal dispensing by leaps and bounds.

Moreover, encryption key generating means of the present invention, numerical data as coded object has in the situation of three kinds of above extensibilities, extensibility from this more than three kinds, select two kinds of extensibilities, all combinations for two kinds of selected extensibilities, by carrying out above-mentioned minimum treat unit (key being undertaken by matrix generation unit and key generation unit generates action), for each extensibility, the corresponding part key of each data unit (for coding and the decoding of the corresponding data unit of each several part key) of each upper stratum of the stratum that generation contains master key.

That is, matrix generation unit, for all combinations of two kinds of extensibilities, generates the part key salt matrices of each combination.Now, matrix generation unit also generates stratum's table of all combinations that represent the stratum's value in multiple extensibility.This stratum table is according to the combination of stratum's value and coordinates table reveals the corresponding part key of the data unit of each stratum's value in multiple extensibility as the part cipher key matrix of composition.In addition, the corresponding relation that the kind that this stratum table represents extensibility and stratum are worth, can specific from then on relation and the composition of the part cipher key matrix that generates for all combinations of extensibility.

So, key generation unit, for all combinations of the stratum's value in stratum table, according to the kind that forms Liang Ge stratum value among stratum's value of a combination and extensibility, give each composition of part key salt matrices that specific, combination generates for all combinations of two kinds of extensibilities.Like this, the key element of each combination institute combination of stratum's value is the composition that maintains the part key salt matrices under this state.Thereby, by key generation unit, by from various piece key salt matrices according to stratum table and in conjunction with each corresponding composition, generate successively the data unit corresponding part key corresponding with each stratum in multiple extensibility.In addition, output unit exports generated part key to carry out any device at least in the coding of numerical data and decoding to, for example, exports coding unit or decoding unit to.

About to thering is the coding of numerical data and the generation of the encryption key that decoding utilizes of three kinds of above stratum extensibilities, compare with the encryption key generating by above-mentioned encryption key generating means, can further improve the repellence to assault.

Particularly, input unit, be used for obtaining encryption key, this encryption key is in each of more than three kinds extensibilities, meet and in the stratum of the grade of service that communication system permits, be positioned at the encryption key that the encoding and decoding of the data unit of the most the next stratum utilizes, memory cell is stored (using by providing and delivering resulting decoding key in the situation of master key, using each stratum of each extensibility corresponding to this master key as the most the next stratum) using the encryption key of obtaining by input unit as master key.Now, key cutting unit is also selected the 1st and the 2nd benchmark extensibility from more than three kinds extensibilities.The 1st benchmark extensibility is the extensibility that the master key for storing from memory cell generates Split Key, key cutting unit is cut apart master key with stratum's number of the 1st benchmark extensibility, thereby generates the Split Key corresponding to each stratum of the 1st benchmark extensibility.Here, the 2nd benchmark extensibility is for regulation, to utilize the extensibility of computing direction of the hash computing of one-way hash function described above.

In this key generating device, matrix generation unit is for each stratum of other each extensibilities beyond the 1st and the 2nd benchmark extensibility among three kinds of above extensibilities, a succession of computing of every each stratum corresponding to the 1st benchmark extensibility, generates the multidimensional key salt matrices with value institute of the stratum coordinate performance among these three kinds above extensibilities.Therefore, if represent the quantity of extensibility with S, from compared with little and successively with N ₁, N ₂..., N _i-1, N _in counts in the stratum that represents each extensibility _k(k=1,2,3 ..., i-1, i) time, for utilizing the represented total package number of following mathematical expression (1), the multidimensional key salt matrices number generating by this matrix generation unit is represented by following mathematical expression (2).

(mathematical expression 1)

$\underset{i=1}{\overset{S}{\mathrm{\Π}}}{N}_i......\left(1\right)$

(mathematical expression 2)

$\underset{i=1}{\overset{S-1}{\mathrm{\Π}}}{N}_i......\left(2\right)$

Particularly, matrix generation unit, composition information as the multidimensional key salt matrices generating in each, to the stratum in corresponding the 1st benchmark extensibility of a Split Key among the Split Key that at least generated and each corresponding coordinate composition of the most the next stratum to the upper stratum from the 2nd benchmark extensibility, distribute the operational data that obtains successively by repeating to utilize the hash computing of this Split Key of one-way hash function.Thus, in resulting multidimensional key salt matrices, at least maintain the stratum character of the 2nd benchmark extensibility.

Then, key generation unit, for each each stratum of other extensibilities beyond the 1st and the 2nd benchmark extensibility, for the multidimensional key salt matrices often generating corresponding to a succession of computing of each stratum of the 1st benchmark extensibility among each, by the consistent composition of coordinate is bonded to each other, generate the corresponding part key of data unit of each stratum in multiple extensibility.; resulting multidimensional key salt matrices; for each each stratum of other extensibilities beyond the 1st and the 2nd benchmark extensibility; in order to generate each stratum of the 1st benchmark extensibility, the part cipher key matrix from resulting multidimensional key salt matrices to final generation, also maintain the stratum character of the 1st benchmark extensibility.

Here, each stratum for each extensibility except the 1st and the 2nd extensibility, each composition information as the multidimensional key salt matrices often generating corresponding to a succession of computing of each stratum of the 1st benchmark extensibility, to being equivalent to each stratum of more corresponding these other extensibilities and the 1st benchmark extensibility, be positioned at the next stratum and from each coordinate composition of the most the next stratum to the upper stratum of the 2nd extensibility, distribute the identical operational data of operational data that is dispensed to a Split Key of this corresponding the 1st benchmark extensibility stratum with use and obtains successively.On the other hand, to being equivalent to each stratum of more corresponding other extensibilities and the 1st benchmark extensibility, being positioned at upper stratum and distributing following operational data from each all coordinate compositions of the most the next stratum to the upper stratum of the 2nd benchmark extensibility, for the key key element of the upper stratum of the 2nd benchmark extensibility among the key key element of this corresponding stratum of Split Key, utilize the resulting operational data of hash computing of one-way hash function.

Output unit, exports the part key generating by key generation unit in above-mentioned minimum treat unit to carry out any device at least in the coding of numerical data and decoding, such as coding unit, decoding unit etc. to.

In addition, various embodiments of the present invention are become and can be more fully understood by the additional diagram of following detailed description.This embodiment is for the example shown in simple example, and non-limiting example of the present invention.

In addition, further range of application of the present invention becomes clear and definite by following detailed description.Yet, detailed explanation and specific case representation suitable embodiment of the present invention, but only for giving an example.For a person skilled in the art, can learn distortion miscellaneous and the improvement in the scope of the invention from following detailed explanation.

As mentioned above, according to the present invention, owing to utilizing one-way hash function, from possession from master key, generate the part key that is positioned at upper stratum, therefore by the corresponding part key of the rank order specific data unit of institute of each extensibility, cannot be positioned at from the stratum of any extensibility the corresponding part key of upper data unit and generate.Thereby can prevent hacker attacks.In addition, because every two kinds of extensibilities are combined into the extensibility of access control object and generating portion key, can lower the key length of generated part key.

Accompanying drawing explanation

Fig. 1 means the figure that the summary of the delivery system of the numerical data that is suitable for encryption key generating means of the present invention forms.

Fig. 2 means the figure that the middle each several part of the messaging device (delivery server or PC) of a part for the delivery system shown in pie graph 1 forms.

Fig. 3 is the concept map of the data structure of the numerical data for illustrating with multiple stratum extensibility (as the numerical data of the dispensing object of the delivery system shown in Fig. 1).

Fig. 4 is for the concept map of progressive order is described.

Fig. 5 is the figure of each data unit (each package that is equivalent to JPEG 2000) of showing the numerical data of 3 stratum's extensibilities with two kinds and the part key corresponding with this data unit rectangularly.

Fig. 6 is the logic diagram for illustrating that the data distribution of the numerical data delivery system (Fig. 1) of applicable encryption key generating means of the present invention is moved.

Fig. 7 is for the logic diagram of encryption key generating means structure of the present invention is described.

Fig. 8 is for illustrating that the performed encryption key of the 1st embodiment of encryption key generating means of the present invention generates the concept map of action.

Fig. 9 is for illustrating that the matrix generation unit of the encryption key generating means by the 1st embodiment generates the concept map of key salt matrices.

Figure 10 is for illustrating that the performed encryption key of the 2nd embodiment of encryption key generating means of the present invention generates the concept map of action.

Figure 11 is for illustrating that the matrix generation unit of the encryption key generating means by the 2nd embodiment generates the concept map of key salt matrices.

Figure 12 is for illustrating that the performed encryption key of the 3rd embodiment of encryption key generating means of the present invention generates the concept map of action.

Figure 13 is for illustrating that the matrix generation unit of the encryption key generating means by the 3rd embodiment generates the concept map of key salt matrices.

Figure 14 is for illustrating for the concept map with three kinds of generations of the part key of the numerical data of stratum's extensibilities above (performed encryption key generates action as the 4th embodiment of encryption key generating means of the present invention).

Figure 15 means the figure of the coordinate corresponding relation of stratum's table that the matrix generation unit by the encryption key generating means of the 4th embodiment generates and part key salt matrices and part cipher key matrix.

Figure 16 is for the part key salt matrices of matrix generation unit generation of encryption key generating means and the figure of the corresponding relation between the key element of part cipher key matrix by the 4th embodiment is described.

Figure 17 is for illustrating as the three-dimensional matrice of the stereo meter example of each coordinate composition configuration of multidimensional part cipher key matrix and multidimensional part key salt matrices and making the performed encryption key of the 4th embodiment generate the figure that the general encryption key of action generates the assign action of the Split Key in (Figure 14).

Figure 18 generates in the general encryption key generation of action the performed encryption key of the 4th embodiment, uses the three-dimensional matrice pair key key element corresponding with each stratum of extensibility L, R of stereo representation to generate the figure that step explains.

Figure 19 generates in the general encryption key generation of action the performed encryption key of the 4th embodiment, uses the three-dimensional matrice pair key key element corresponding with each stratum of extensibility R, C of stereo representation to generate the figure that step explains.

Figure 20 generates in the general encryption key generation of action the performed encryption key of the 4th embodiment, uses the three-dimensional matrice pair key key element corresponding with each stratum of extensibility L, C of stereo representation to generate the figure that step explains.

Figure 21 is for illustrating that the performed encryption key of the 5th embodiment of encryption key generating means of the present invention generates action, generates the figure of an example of the key cutting unit action of Split Key from master key.

Figure 22 is for illustrating that multidimensional key salt matrices that the matrix generation unit of the encryption key generating means by the 5th embodiment carries out generates the figure of step (generation of the multidimensional key salt matrices group corresponding with the most the next stratum of other extensibilities C beyond benchmark extensibility L, R).

Figure 23 is for illustrating that multidimensional key salt matrices that the matrix generation unit of the encryption key generating means by the 5th embodiment carries out generates the figure of step (with the only generation of multidimensional key salt matrices group corresponding to the stratum of upper 1 stratum of the most the next stratum of other extensibilities C compared with beyond benchmark extensibility L, R).

Figure 24 is for illustrating that multidimensional key salt matrices that the matrix generation unit of the encryption key generating means by the 5th embodiment carries out generates the figure of step (generation of the multidimensional key salt matrices group corresponding with the upper stratum of other extensibilities C beyond benchmark extensibility L, R).

Embodiment

Referring to Fig. 1-Figure 24, describe each embodiment of encryption key generating means of the present invention in detail.In addition, in the explanation of figure by same area with identical element is marked with same numeral and the repetitive description thereof will be omitted.

Encryption key generating means of the present invention generates having the encryption key using when the numerical data of multiple stratum extensibility is encoded and decoded.In addition, in each embodiment, for simply, as the concrete example with the numerical data of stratum's extensibility, the corresponding part key of each package coding row that is JPEG 2000 for the international standard of image compression generates action and is illustrated.In addition, JPEG 2000 can invest priority for the kind of extensibility.In coding row, this sequentially shows as the formation order (progressive order) that data unit is package.As the key element that determines this progressive order, there are layer (L), resolution levels (R), component (C) and position (P) these 4 kinds of extensibilities.

Fig. 1 means the figure that the summary of the delivery system of the numerical data that is suitable for encryption key generating means of the present invention forms.Delivery system shown in Fig. 1 is to provide the delivery service of the numerical data with stratum's extensibility, and except image delivery system or two-way television conference system, also comprises the communication system that flow data delivery service is provided.In addition, this delivery system cording is standby: wired or wireless network 300, be connected with this network 300 respectively such as a plurality of information processing terminals (hereinafter referred to as PC) 200 and delivery servers 100 such as personal computers, PC 200 is to contain mutually by network 300 state of the multi-media bidirectional communication of numerical data with delivery server 100.Delivery server 100 managed storage are useful on the database (hereinafter referred to as D/B) 110 of the pre-prepd multiple numeric data code of delivery service, and this database 110 is as external memory.Between each PC 200 and delivery server 110, signed in advance the contract about the delivery service of numerical data, delivery server 110, once the signal dispensing request of accepting from PC 200, sends the numerical data with the corresponding image quality of the grade of service of signing in advance.

In addition, Fig. 2 represents to form a structure part for above-mentioned delivery system, the messaging device such as delivery server 100 and PC 200.Particularly, in Fig. 2, (a) represent the formation of delivery server 100 or PC 200, (b) represent the logical constitution of the D/B 110 that delivery server 100 is managed.

; as shown in Fig. 2 (a), delivery server 100 or PC 200 possess: by network 300 carry out with the input-output unit (hereinafter referred to as I/O) 210 of the data transmit-receive of other messaging devices, carry out the operational part 220 of various operation programs 231, as the memory 230 of the memory cell of this operation program of storage or data, generate and show the drawing section 250 of data and for carrying out the input-output unit (hereinafter referred to as I/O) 240 of data processing with various ancillary equipment according to the control of operational part 220.In addition, in monitor 251, show the demonstration data that drawing section 250 generates.In addition, D/B 110 external memories such as grade 270 of delivery server 100 being managed, as keyboard 260 and the indicating equipment of input unit, be connected in I/O 240.

It is in D/B 110 that Contract Information Form 110a, key management table 110b and dispensing are previously stored in digital data sets 110c the external memory that delivery server 100 manages.In addition in Contract Information Form 110a, by the operator of PC 200, be that user's (contractor) sets up corresponding with the grade of service of this treaty content of reflection.In key management table 110b, by every user (contractor), the numerical data of storing in D/B 110 (the various digital codes that delivery service is used) is set up corresponding with the part key (master key) for this digital code is encoded.

Fig. 3 is the concept map of the data structure of the numerical data for illustrating with multiple stratum extensibility (for the numerical data of the delivery system shown in Fig. 1 as dispensing object).In addition, Fig. 3 represent using in the extensibility of for example JPEG 2000 when the extensibility of access control object is restricted to only layer (L) and resolution levels (R) the decoding pattern of the package coding row of the JPEG 2000 of (situation of shading image).Particularly, in Fig. 3, N counts in the stratum of layer (extensibility L) _lbe 3, the stratum of resolution levels (extensibility R) counts N _rbe 3.Layer is so-called image quality layer, (the Signal/Noise Ratio: the arithmetic coding data of digital picture signal noise ratio) of the SNR while referring to corresponding to image regeneration.Owing to the higher information of the impact of image quality being more contained in upper layer, therefore by the data to the data supplementing lower layer of upper layer, can periodically make the quality of reproduced picture improve.

In this Fig. 3, P _{i, j}(i=0 ..., N _l-1; J=0 ..., N _r-1; I is stratum's numbering of extensibility L; J is the stratum numbering of extensibility R) represent to have JPEG 2000 packages of image information.If with Q _{l, R}while representing JPEG 2000 coded image of certain quality, in order to obtain Q _{l, R}, the package P that need to surround the frame A of Fig. 3 _{i, j}(i=0 ..., L; J=0 ..., R) all decode.Here, for regular regeneration image, the package P decoding _{i, j}must all remove and encrypt.Thereby, in order to keep stratum character in access control, need to be to package P _{i, j}encrypt individually.

In above-mentioned JPEG 2000, progressive order has these 5 kinds of LRCP, RLCP, RPCL, PCRL and CPRL, from the key element of each beginning, starts preferential successively.Fig. 4 is a concept map, the progressive order of the priority while representing the JPEG 2000 package coding row shown in Fig. 3 to decode for illustrating.Especially, in Fig. 4, be (a) that decoding order is to make extensibility L (layer) for the progressive order of prepreerence LRCP, be (b) decoding order is the progressive order that makes the prepreerence RLCP of extensibility R (resolution levels).

Encryption key generating means of the present invention, based on management and the relevant fail safe of dispensing and the easy viewpoint of generative nature, reduce key length, and generate to assault have repellence encryption key.When generating each encryption key of above-mentioned JPEG 2000 packages, this encryption key generating means, due to using each package as by extensibility each rank order and specific matrix compositions operates, therefore can be regardless of the progressive order of JPEG 2000.Enumerate an example, Fig. 5 (a) represents by the rank order of extensibility L (layer) and the rank order of extensibility R (resolution levels) and the package P that matrixing shows _{l, R}(L:0 (upper), 1,2 (the most the next); R:0 (upper), 1,2 (the most the next)).In addition, Fig. 5 (b) represents and the package P of Fig. 5 (a) _{l, R}the part key K of corresponding matrixing performance _{l, R}(L:0,1,2; R:0,1,2).

Here, so-called assault, refers to due to 2 above improper shared encryption keys of user, thereby can regenerate with the higher image quality of regular image quality than being allowed.Particularly, JPEG 2000 coded images of take are example, consider to be only allowed to user that upper layer (layer 0) discloses, be only allowed to the user that upper resolution levels (resolution levels 0) discloses and be combined.In this case, if by package P _{i, j}corresponding encryption key is made as K _{i, j}, one of them user can by with 3 package P _{0, j}the encryption key K that (j=0,1,2) is corresponding _{0, j}(j=0,1,2), another user can by with 3 package P _{i, 0}the encryption key K that (i=0,1,2) is corresponding _{i, 0}(i=0,1,2) obtains with the key qualification of regular permission respectively.In the inadequate situation of the repellence of assault, thereby these users can combine the encryption key K that wrongful generation is not both allowed to _2.2, K _2.1, K _1.2, and K _1.1.The practiced encryption key of encryption key generating means of the present invention generates action, as illustrated in following each embodiment, encryption key (part key) for certain package, the package that is not positioned at the stratum more upper than this package from least one extensibility generates, but from extensibility arbitrarily, is positioned at therewith package coordination or than the package generation of its next stratum.Therefore the encryption key, being generated by encryption key generating means of the present invention has repellence to assault.

Then, use the data distribution action in the numerical data delivery system shown in Fig. 6 key diagram 3.In addition, Fig. 6 is the logic diagram for illustrating that the signal dispensing of the numerical data delivery system (Fig. 1) of applicable encryption key generating means of the present invention is moved.In addition, delivery server 100, PC 200 have the structure shown in Fig. 2 (a).

As shown in Figure 6, PC 200 has carried out after signal dispensing request to delivery server 100, and the data distribution service of 100 couples of PC 200 of delivery server starts to carry out.Once accept the dispensing request from PC200, first delivery server 100 carries out request analysis.In this request analysis, send user's the authentication formality of this dispensing request, determining of the data of required dispensing and determining etc. of the grade of service.

In delivery server 100, once ending request is resolved, from D/B 110, read the data of ask dispensing, and read the corresponding master key of these data (for generating the part key of encryption key, this encryption key is for read data are encoded).Encryption key generating means 400 (encryption key generating means of the present invention) input master key, utilizes master key to generate the part key (being positioned at part key corresponding to upper stratum difference more upper than the corresponding stratum of master key) of coding use.The part key generating like this exports coding unit 410 to from encryption key generating means 400.On the other hand, the data that coding unit 410 inputs are read from D/B 110, for each package that forms these data, utilization is encoded with the corresponding part key of package to be encoded from the part key of encryption key generating means 400 outputs, generates thus coded data (the coding row of package group to be provided and delivered).Then, delivery server 100 is distributed to PC 200 (dispensing request source) by network 300 by the coded data generating together with master key, and this master key is for generating the part key that coding utilizes.In addition, concrete data encoding is to carry out by the control part 220 in delivery server 100 (Fig. 2 (a)).That is,, by pre-stored program 231 in control part 220 execute stores 230, this control part 220 is moved as coding unit 410.

PC 200 obtains via next coded data and the master key of network 300 dispensing by I/O 210, and is temporarily stored in memory 230.The master key that encryption key generating means 400 in PC 200 (encryption key generating means of the present invention) input store 230 is stored, and utilize this master key to generate the part key (be positioned at the stratum more upper upper stratum more corresponding than master key and distinguish corresponding decoding key) of decoding use.In addition, encryption key generating means 400 exports generated decoding key to decoding unit 420.Decoding unit 420, the coded data that input is read from memory 230, for each package being encoded, utilizes corresponding decoding key the decoding key of exporting from encryption key generating means 400 to decode, thus generating solution code data.In addition, concrete data decode is that control part 220 (Fig. 2 (a)) by PC 200 is carried out.That is,, by pre-stored program 231 in control part 220 execute stores 230, this control part 220 moves as decoding unit 420.

Encryption key generating means of the present invention is applicable to the situation of the delivery system of Fig. 1, is equivalent to the encryption key generating means 400 in Fig. 6, particularly, possesses the structure shown in Fig. 7.Fig. 7 is for the logic diagram of the structure of encryption key generating means of the present invention is described.

; as shown in Figure 7, encryption key generating means 400 possesses: for obtain master key input unit 450, utilize the arithmetic element 460 of master key generating portion key, for the memory cell 470 of the operation result of temporary transient storage master key exclusive disjunction unit 460 and for the part key of the consistent stratum with the signed grade of service of the part key with generated being exported to the output unit 480 of coding unit 410 or decoding unit 420.Arithmetic element 460 consists of with key generation unit 463 key cutting unit 461, matrix generation unit 462.

When above-mentioned logical construction is applicable to the hardware configuration shown in Fig. 2 (a), the function of I/O 210 performance input units 450 and output unit 480.The function of memory 230 performance memory cell 470.The function of control part 220 performance arithmetic elements 460.In addition, by pre-stored program 231 in control part 220 execute stores 230, it is respectively as key cutting unit 461, matrix generation unit 462, key generation unit 463 and move.

(the 1st embodiment)

Below, illustrate that encryption key performed in the 1st embodiment of encryption key generating means of the present invention generates action.In addition, the encryption key generating means of the 1st embodiment has the structure shown in Fig. 7, more specifically by the hardware configuration shown in Fig. 2 (a), is realized.In the 1st embodiment, the extensibility as access control object is made as to extensibility L (layer) and extensibility R (resolution levels), and N is counted in the stratum of extensibility L _lbe made as 3, N is counted in the stratum of extensibility R _rbe made as 3.Now, the package of extensibility L, R Zhong Ge stratum is made to 3 * 3 matrix compositions P _{i, j}(i=0,1,2; J=0,1,2) process.In addition, Fig. 8 is concept map, for illustrating that the performed encryption key of the 1st embodiment of encryption key generating means of the present invention generates action (action of the arithmetic element 460 shown in Fig. 7).In addition, Fig. 9 is for the generation of the key salt matrices that the matrix generation unit 462 of the encryption key generating means of the 1st embodiment carries out is described.

Master key be by input unit 450 by D/B110 or network 300 and the part key of being provided and delivered, and be temporarily stored in memory cell 470.That is, master key is the corresponding part key of the most the next package of being managed in advance by memory cell 470, in the example of Fig. 8, is extensibility L, R to be all positioned to the package P of the most the next stratum _2,2corresponding encryption key K _2,2.This master key K _2,2n counts in the stratum that is divided into extensibility L by key cutting unit 461 _lcount N with the stratum of extensibility R _ramong minimum value (=min (N _l, N _r)).

In the 1st embodiment, due to N _l=N _r=3, key cutting unit 461 can be selected extensibility L, any in R, but select extensibility R as benchmark extensibility as an example.Now, key cutting unit 461 is cut apart master key K with minimum stratum number 3 (stratum's number of extensibility R) _2,2, can obtain Split Key e thus _r2, e _r1, e _r0.This Split Key e _r2, e _r1, e _r0be the root key (for generate the key of each matrix compositions) corresponding with each stratum of extensibility R, and matrix generation unit 462 generate key salt matrices M1-M3 according to each stratum of this extensibility R.

As shown in Figure 9, by corresponding root key, be Split Key e _r2, e _r1, e _r0generate successively key salt matrices M1-M3 each matrix compositions in each.

First, in key salt matrices M1, by Split Key e _r2being dispensed to (2,2) composition usings as matrix corresponding to rank order 2 (the most the next stratum) with extensibility R.In addition, in figure, the upside additional letter R2 of matrix compositions e represents the rank order of the extensibility R (benchmark extensibility) corresponding with this key salt matrices M1, and the component coordinate of the additional numeral key salt matrices M1 of downside.Below, in the 1st embodiment, the composition scale of key salt matrices M1 is shown to e ^r2(i, j) (i=0,1,2; J=0,1,2).

By repeating to utilize one-way hash function H ^*split Key e _r2hash computing, the operational data obtaining is successively dispensed to Split Key e _r2stratum in corresponding extensibility R (rank order=2) is coordinate ingredient e corresponding to remaining stratum's difference in extensibility L ^r2(1,2), e ^r2(0,2).That is, by H ^*(e ^r2(2,2)) operational data be dispensed to e ^r2(1,2), by H ^{* 2}(e ^r2(2,2)) operational data be dispensed to ingredient e ^r2(0,2).By such matrix operation, operate, for the rank order 2 of extensibility R, the stratum character of extensibility L is held.In addition, in this manual, by one-way hash function H ^*n (n=2,3 ...) inferior operation table is shown H ^{* n}.

On the other hand, in key salt matrices M1, will be to ingredient e ^r2(0,2) further utilizes one-way hash function H ^*carry out the resulting operational data H of hash computing ^*(e ^r2(0,2)) (=H ^{* 3}(e ^r2(2,2))) to be dispensed to all be the ingredient e of upper stratum compared with the rank order of extensibility R 2 ^r2(i, j) (i=0,1,2; J=0,1).Value corresponding to package that operational data is now is-1 (in fact not existing) with stratum's number of extensibility L.

The key salt matrices M1 generating as above-mentioned makes for package P under the state of stratum character that keeps unchangeably extensibility L _{i, 2}the access control of (i=0,1,2) is effective.

In key salt matrices M2, by Split Key e _r1being dispensed to (2,1) composition usings as matrix corresponding to rank order 1 with extensibility R.Below, in the 1st embodiment, the composition scale of key salt matrices M2 is shown to e ^r1(i, j) (i=0,1,2; J=0,1,2).

By H ^*(e ^r1(2,1)) operational data be dispensed to Split Key e _r1the stratum of corresponding extensibility R (rank order=1) is coordinate ingredient e corresponding to residue stratum difference in extensibility L ^r1(1,1), and by H ^{* 2}(e ^r1(2,1)) operational data be dispensed to ingredient e ^r1(0,1).By this matrix operation, operate, for the rank order 1 of extensibility R, keep the stratum character of extensibility L.

On the other hand, in key salt matrices M2, will be to ingredient e ^r1(0,1) further utilizes one-way hash function H ^*carry out the resulting operational data H of hash computing ^*(e ^r1(0,1)) (=H ^{* 3}(e ^r1(2,1))) to be dispensed to all be the ingredient e of upper stratum compared with the rank order of extensibility R 1 ^r1(i, 0) (i=0,1,2).Value corresponding to package that operational data is now is-1 (in fact not existing) with stratum's number of extensibility L.

On the other hand, in key salt matrices M2, any and ingredient e ^r1it is the ingredient e of the next stratum that the identical value in (i, 1) (i=0,1,2) is assigned to respectively compared with the rank order of extensibility R 1 ^r1(i, 2) (i=0,1,2).In addition, temporarily will be by copying ingredient e ^r1the ingredient e of the value of (2,1) ^r1(2,2) utilize the resulting value of hash computing of one-way hash function to be dispensed to ingredient e successively ^r1(i, 2) (i=0,1) is also equivalent.Among Fig. 9 waits, " CP " refers to copy.

The key salt matrices M2 generating as above-mentioned is under the state of stratum character that keeps extensibility L, makes package P _{i, 1}the access control of (i=0,1,2) is effective.

Same, in key salt matrices M3, by Split Key e _r0being dispensed to (2,0) composition usings as matrix corresponding to the rank order 0 with extensibility R (upper stratum).Below, in the 1st embodiment, the composition scale of key salt matrices M3 is shown to e ^r0(i, j) (i=0,1,2; J=0,1,2).

By H ^*(e ^r0(2,0)) operational data be dispensed to Split Key e _r0the stratum of corresponding extensibility R (rank order=0) is coordinate ingredient e corresponding to residue stratum difference in extensibility L ^r0(1,0), by H ^{* 2}(e ^r0(2,0)) operational data be dispensed to ingredient e ^r0(0,0).By this matrix operation, operate, for the rank order 0 of extensibility R, keep the stratum character of extensibility L.

On the other hand, in key salt matrices M3, owing to not existing for upper stratum compared with the rank order of extensibility R 0, so not to ingredient e ^r0(0,0) carries out further hash computing.

On the other hand, in key salt matrices M3, by any and ingredient e ^r0it is the ingredient e of the next stratum that the identical value in (i, 0) (i=0,1,2) is respectively allocated to compared with the rank order of extensibility R 0 ^r0(i, j) (i=0,1,2; J=1,2).In addition, temporarily will be by copying ingredient e ^r0each ingredient e of the value of (2,0) ^r0(2,2), e ^r0(2,1) utilize the resulting value of hash computing of one-way hash function to be dispensed to ingredient e successively ^r0(i, j) (i=0,1,2; J=1,2) be also equivalent.

In this case, the key salt matrices M3 generating, under the state of stratum character that keeps unchangeably extensibility L, makes package P _{i, 0}the access control of (i=0,1,2) is effective.

Then, key generation unit 463 is in conjunction with the consistent composition of coordinate between the key salt matrices M1-M3 being generated by matrix generation unit 462 as mentioned above, generating portion cipher key matrix MP1.That is, each one-tenth of part cipher key matrix MP1 is divided into and each package P _{i, j}(i=0,1,2; J=0,1,2) corresponding part key K _{i, j}(i=0,1,2; J=0,1,2).So by one of them each stratum of extensibility R (resolution levels), keep the stratum character of another extensibility L (layer) and generating portion key all keeps stratum character in resolution levels or in layer.In addition, output unit 480 is by the part key K being generated by key generation unit 463 as mentioned above _{i, j}(i=0,1,2; J=0,1,2) export coding unit 410 to.In addition, coding unit 410 is by corresponding part key K _{i, j}(i=0,1,2; J=0,1,2) to each package P _{i, j}(i=0,1,2; J=0,1,2) encode.In this way, the package of encrypted JPEG 2000 coding row as the coded data for the treatment of to provide and deliver by network 300 and with master key K _2,2be distributed to together PC 200.

(the 2nd embodiment)

The performed encryption key generation action of the 2nd embodiment of encryption key generating means of the present invention then, is described.In addition, the encryption key generating means of the 2nd embodiment is also identical with the 1st embodiment has a structure shown in Fig. 7, more specifically by the hardware configuration shown in Fig. 2 (a), is achieved.In the 2nd embodiment, the extensibility as access control object is made as to extensibility L (layer) and extensibility R (resolution levels), N is counted in the stratum of extensibility L _lbe made as 3, N is counted in the stratum of extensibility R _rbe made as 2.Now, the package of each stratum in extensibility L, R is the matrix compositions P as 3 * 2 _{i, j}(i=0,1,2; J=0,1) and process.In addition, Figure 10 is for illustrating that the performed encryption key of the 2nd embodiment of encryption key generating means of the present invention generates the concept map of action (action of the arithmetic element 460 shown in Fig. 7).In addition, Figure 11 is for illustrating that the matrix generation unit 462 of the encryption key generating means by the 2nd embodiment generates the concept map of key salt matrices.

Master key is the part key of providing and delivering by D/B 110 or network 300 via input unit 450, and is temporarily stored in memory cell 470.That is, master key is the corresponding part key of the most the next package of being managed in advance by memory cell 470, is for extensibility L, R, to be all positioned at the package P of the most the next stratum in the example of Figure 10 _2,1corresponding encryption key K _2,1.This master key K _2,1that N counts in the stratum that is divided into extensibility L by key cutting unit 461 _lcount N with the stratum of extensibility R _rin minimum value (=min (N _l, N _r)).That is, key cutting unit 461 is cut apart master key K with stratum's number (minimum stratum number 2) of extensibility R _2,1, obtain thus Split Key e _r1, e _r0.This Split Key e _r1, e _r0be the root key corresponding with each stratum of extensibility R, matrix generation unit 462 generates key salt matrices M1, M2 by each stratum of this extensibility R.

Each matrix compositions in key salt matrices M1, M2 is according to corresponding root key, to be Split Key e as shown in figure 11 _r1, e _r0generate successively.

First, in key salt matrices M1, by Split Key e _r1be dispensed to the corresponding matrix of rank order 1 (the most the next stratum) that (2,1) composition is usingd as extensibility R.In addition, the upside additional letter R1 of the matrix compositions e in figure represents the rank order of the extensibility R (benchmark extensibility) corresponding with this key salt matrices M1, and downside additional character means the component coordinate of key salt matrices M1.Below, in the 2nd embodiment, the composition scale of key salt matrices M1 is shown to e ^r1(i, j) (i=0,1,2; J=0,1).

Will be by repeating to utilize one-way hash function H ^*split Key e _r1hash computing and the operational data that obtains is successively dispensed to Split Key e _r1the stratum of corresponding extensibility R (rank order=1) is that corresponding coordinate ingredient e is distinguished by the residue stratum in extensibility L ^r1(1,1), e ^r2(0,1).That is, by H ^*(e ^r1(2,1)) operational data be dispensed to ingredient e ^r1(1,1), by H ^{* 2}(e ^r1(2,1)) operational data be dispensed to ingredient e ^r1(0,1).By matrix operation so, operate, for the rank order 1 of extensibility R, keep the stratum character of extensibility L.

On the other hand, in key salt matrices M1, will be to ingredient e ^r1(0,1) further utilizes one-way hash function H ^*carry out the resulting operational data H of hash computing ^*(e ^r1(0,1)) (=H ^{* 3}(e ^r1(2,1))) to be dispensed to compared with the rank order of extensibility R 1 be all the components e of upper stratum ^r1(i, 0) (i=0,1,2).Operational data is now the corresponding value of package that stratum's number of extensibility L is-1 (in fact not existing).

If the key salt matrices M1 of above-mentioned generation is under the state of stratum character that keeps unchangeably extensibility L, make package P _{i, 1}the access control of (i=0,1,2) is effective.

In key salt matrices M2, by Split Key e _r0being dispensed to (2,0) composition usings as matrix corresponding to the rank order 0 with extensibility R (upper stratum).Below, in the 2nd embodiment, the composition scale of key salt matrices M2 is shown to e ^r0(i, j) (i=0,1,2; J=0,1).

By H ^*(e ^r0(2,0)) operational data be dispensed to Split Key e _r0stratum in corresponding extensibility R (rank order=0) is that corresponding coordinate ingredient e is distinguished by the residue stratum in extensibility L ^r0(1,0), and by H ^{* 2}(e ^r0(2,0)) operational data be dispensed to ingredient e ^r0(0,0).By matrix operation so, operate, for the rank order 0 of extensibility R, keep the stratum character of extensibility L.

On the other hand, in key salt matrices M2, owing to not existing for upper stratum compared with the rank order of extensibility R 0, therefore not further to ingredient e ^r0(0,0) carries out hash computing.

On the other hand, in key salt matrices M2, by any and ingredient e ^r0it is the ingredient e of the next stratum that the identical value in (i, 0) (i=0,1,2) is respectively allocated to compared with the rank order of extensibility R 0 ^r0(i, 1) (i=0,1,2).In addition, temporarily will be by copying ingredient e ^r0the ingredient e of the value of (2,0) ^r0(2,1) utilize the resulting value of hash computing of one-way hash function to be dispensed to ingredient e successively ^r0(i, 1) (i=0,1,2) is also equivalent.In addition,, in Figure 11, CP represents replication actions.

In this case, the key salt matrices M2 generating, under the state of stratum character that keeps unchangeably extensibility L, makes package P _{i, 0}the access control of (i=0,1,2) is effective.In addition,, in Figure 11 etc., " CP " refers to copy.

Then, key generation unit 463 is in conjunction with the consistent composition of coordinate, thus generating portion cipher key matrix MP2 between the key salt matrices M1, the M2 that are generated by matrix generation unit 462 as mentioned above.That is, each one-tenth of part cipher key matrix MP2 is divided into and each package P _{i, j}(i=0,1,2; J=0,1) corresponding part key K _{i, j}(i=0,1,2; J=0,1).Like this, by by the stratum of the extensibility R of one of them (resolution levels), keep another extensibility L (layer) stratum character and generating portion key all keeps stratum character in resolution levels or in layer.In addition, output unit 480 is by the part key K being generated by key generation unit 463 as mentioned above _{i, j}(i=0,1,2; J=0,1) export coding unit 410 to.In addition, coding unit 410 utilizes corresponding part key K _{i, j}(i=0,1,2; J=0,1) to each package P _{i, j}(i=0,1,2; J=0,1) encode.The coding row of the package of like this, encrypted JPEG 2000 as the coded data for the treatment of to provide and deliver by network 300 and with master key K _2,1be distributed to together PC 200.

(the 3rd embodiment)

The performed encryption key generation action of the 3rd embodiment of encryption key generating means of the present invention is described below.In addition, the encryption key generating means of the 3rd embodiment is also identical with the 1st embodiment has a structure shown in Fig. 7, more specifically, by the hardware configuration shown in Fig. 2 (a), is achieved.In the 3rd embodiment, the extensibility as access control object is made as to extensibility L (layer) and extensibility R (resolution levels), N is counted in the stratum of extensibility L _lbe made as 4, N is counted in the stratum of extensibility R _rbe made as 3.Now, the package of each stratum in extensibility L, R is the matrix compositions P as 4 * 3 _{i, j}(i=0,1,2; J=0,1,2,3) and processed.In addition, Figure 12 is for illustrating that the performed encryption key of the 3rd embodiment of encryption key generating means of the present invention generates the concept map of action (action of the arithmetic element 460 shown in Fig. 7).In addition, Figure 13 is the concept map that is generated key salt matrices by the matrix generation unit 462 of the encryption key generating means of the 3rd embodiment for illustrating.

Master key is the part key of providing and delivering by D/B 110 or network 300 via input unit 45, and it is temporarily stored in memory cell 470.That is, master key is the corresponding part key of the most the next package of being managed in advance by memory cell 470, is for extensibility L, R, to be all the package P that is positioned at the most the next stratum in the example of Figure 12 _3,2corresponding encryption key K _3,2.This master key K _3,2n counts in the stratum that is divided into extensibility L by key cutting unit 461 _lcount N with the stratum of extensibility R _rin minimum value (=min (N _l, N _r)).That is, key cutting unit 461 is cut apart master key K with stratum's number (minimum stratum number 3) of extensibility R _3,2, obtain thus Split Key e _r2, e _r1, e _r0.This Split Key e _r2, e _r1, e _r0be the root key corresponding with each stratum of extensibility R, matrix generation unit 462 generates key salt matrices M1-M3 by each stratum of this extensibility R.

By corresponding root key, be Split Key e _r2, e _r1, e _r0generate successively as shown in figure 13 each matrix compositions of key salt matrices M1-M3.

First, in key salt matrices M1, by Split Key e _r2be dispensed to the matrix that (3,2) composition is usingd as the rank order 2 (the most the next stratum) corresponding to extensibility R.In addition, the upside additional letter R2 of the matrix compositions e in figure represents and the rank order of the corresponding extensibility R of this key salt matrices M1 (benchmark extensibility), and downside additional character represents the component coordinate of key salt matrices M1.Below, in the 3rd embodiment, the composition scale of key salt matrices M1 is shown to e ^r2(i, j) (i=0,1,2,3; J=0,1,2).

Will be by repeating to utilize one-way hash function H ^*split Key e _r2hash computing and the operational data that obtains is successively dispensed to Split Key e _r2stratum in corresponding extensibility R (rank order=2) is coordinate ingredient e corresponding to residue stratum difference in extensibility L ^r2(2,2), e ^r2(1,2), e ^r2(0,2).That is, by H ^*(e ^r2(3,2)) operational data be dispensed to ingredient e ^r2(2,2), by H ^{* 2}(e ^r2(3,2)) operational data be dispensed to ingredient e ^r2(1,2), by H ^{* 3}(e ^r2(3,2)) operational data be dispensed to ingredient e ^r2(0,2).By such matrix operation, operate, for the rank order 2 of extensibility R, can keep the stratum character of extendibility L.

On the other hand, in key salt matrices M1, will be to ingredient e ^r2(0,2) further utilizes one-way hash function H ^*carry out the resulting operational data H of hash computing ^*(e ^r2(0,2)) (=H ^{* 4}(e ^r2(3,2))) to be dispensed to compared with the rank order of extensibility R 2 be all the components e of upper stratum ^r2(i, j) (i=0,1,2; J=0,1).Operational data is now the corresponding value of package that stratum's number of extensibility L is-1 (in fact not existing).

If the key salt matrices M1 of above-mentioned generation is under the state of stratum character that keeps unchangeably extensibility L, make package P _{i, 2}the access control of (i=0,1,2,3) is effective.

In key salt matrices M2, by Split Key e _r1being dispensed to (3,1) composition usings as matrix corresponding to the rank order 1 with extensibility R.Below, in the 3rd embodiment, the composition scale of key salt matrices M2 is shown to e ^r1(i, j) (i=0,1,2,3; J=0,1,2).

By H ^*(e ^r1(3,1)) operational data be dispensed to Split Key e _r1stratum in corresponding extensibility R (rank order=1)) be coordinate ingredient e corresponding to residue stratum difference in extensibility L ^r1(2,1), by H ^{* 2}(e ^r1(3,1)) operational data be dispensed to ingredient e ^r1(1,1), by H ^{* 3}(e ^r1(3,1)) operational data be dispensed to ingredient e ^r1(0,1).By such matrix operation, operate, for the rank order 1 of extensibility R, keep the stratum character of extendibility L.

On the other hand, in key salt matrices M2, will be to ingredient e ^r1(0,1) further utilizes one-way hash function H ^*carry out the resulting operational data H of hash computing ^*(e ^r1(0,1)) (=H ^{* 4}(e ^r1(3,1))) to be dispensed to compared with the rank order of extensibility R 1 be all the components e of upper stratum ^r1(i, 0) (i=0,1,2,3).Operational data is now the corresponding value of package that stratum's number of extensibility L is-1 (in fact not existing).

On the other hand, in key salt matrices M2, by any and ingredient e ^r1it is the ingredient e of the next stratum that the identical value in (i, 0) (i=0,1,2,3) is respectively allocated to compared with the rank order of extensibility R 1 ^r1(i, 2) (i=0,1,2,3).In addition, temporarily will be to copying ingredient e ^r1the ingredient e of the value of (3,1) ^r1(3,2) utilize the resulting value of hash computing of one-way hash function to be dispensed to ingredient e successively ^r1(i, 2) (i=0,1,2) is also equivalent.In addition,, in Figure 13 etc., " CP " refers to copy.

The key salt matrices M2 generating as above-mentioned, under the state of stratum character that keeps unchangeably extensibility L, makes package P _{i, 1}the access control of (i=0,1,2,3) is effective.

Same, in key salt matrices M3, by Split Key e _r0being dispensed to (3,0) composition usings as matrix corresponding to the rank order 0 with extensibility R (upper stratum).Below, in the 3rd embodiment, the composition scale of key salt matrices M3 is shown to e ^r0(i, j) (i=0,1,2,3; J=0,1,2).

By H ^*(e ^r0(3,0)) operational data be dispensed to Split Key e _r0stratum in corresponding extensibility R (rank order=0) is coordinate ingredient e corresponding to residue stratum difference in extensibility L ^r0(2,0), by H ^{* 2}(e ^r0(3,0)) operational data be dispensed to ingredient e ^r0(1,0), by H ^{* 3}(e ^r0(3,0)) operational data be dispensed to ingredient e ^r0(0,0).By such matrix operation, operate, for the rank order 0 of extensibility R, can keep the stratum character of extendibility L.

On the other hand, in key salt matrices M3, owing to not existing for upper stratum compared with the rank order of extensibility R 0, not to ingredient e ^r0(0,0) further carries out hash computing.

On the other hand, in key salt matrices M3, by any and ingredient e ^r0it is the ingredient e of the next stratum that the identical value in (i, 0) (i=0,1,2,3) is respectively allocated to compared with the rank order of extensibility R 0 ^r0(i, j) (i=0,1,2,3; J=1,2).In addition, temporarily will be by copying ingredient e ^r0each ingredient e of the value of (3,0) ^r0(3,2), e ^r0(3,1) utilize the resulting value of hash computing of one-way hash function to be dispensed to ingredient e successively ^r0(i, j) (i=0,1,2,3; J=1,2) be also equivalent.In addition,, in Figure 13, CP represents replication actions.

In this case, the key salt matrices M3 being generated by matrix generation unit 462, under the state of stratum character that keeps unchangeably extensibility L, makes package P _{i, 0}the access control of (i=0,1,2,3) is effective.

Then, key generating device 463 is in conjunction with the consistent composition of coordinate, thus generating portion cipher key matrix MP3 between the key salt matrices M1-M3 being generated by matrix generation unit 462 as mentioned above.That is, each one-tenth of part cipher key matrix MP3 is divided into and each package P _{i, j}(i=0,1,2,3; J=0,1,2) corresponding part key K _{i, j}(i=0,1,2,3; J=0,1,2).Like this, each stratum of one of them extensibility R (resolution levels) keeps the stratum character of another extensibility L (layer) and generating portion key, and no matter in resolution levels or in layer, stratum character is all held thus.In addition, output unit 480 by as the above-mentioned part key K being generated by key generation unit 463 _i.j(i=0,1,2,3; J=0,1,2) export coding unit 410 to.In addition, coding unit 410 is with corresponding part key K _i.j(i=0,1,2,3; J=0,1,2) to each package P _{i, j}(i=0,1,2,3; J=0,1,2) encode.Like this, the package coding row of encrypted JPEG 2000 as the coded data for the treatment of to provide and deliver by network 300 and with master key K _3.2be distributed to together PC 200.

(assault repellence evaluation)

Then, the repellence to assault of the encryption key generating for the key generating device by above-mentioned 1-the 3rd embodiment forming (the part key corresponding to package of Yu Ge stratum), evaluates.

First, this evaluation is to count N to having stratum _lextensibility L and stratum count N _rjPEG 2000 data of extensibility R (resolution levels) situation of encoding be prerequisite.

Package P with JPEG 2000 _{i, j}(i=0,1 ..., N _l-1; J=0,1 ..., N _r-1) corresponding part key K _{i, j}by the most the next package P _{nL-1, NR-1}corresponding part key K _{nL-1, NR-1}as master key, from possession, generate one-way hash function H ^*.In addition, upper with the next concept of stratum is identical with Fig. 3.That is, part key K _{i, j}, in extensibility L, R any, all must from compared with package P _{i, j}stratum be the next or with the package P of all stratum of its coordination _{a1, b1}(a1=i, i+1 ... N _l-1; B1=j, j+1 ... N _r-1) corresponding part key K _{a1, b1}from possession, generate.With this understanding, for can not be due to assault wrongful among extensibility L, R aspect any all compared with package P _{i, j}package P for upper stratum _{a2, b2}(a2=0,1 ... i-1; B2=0,1 ... j-1) corresponding part key K _{a2, b2}generating portion key K _{i, j}, therefore form this part key K _{i, j}the key element of at least a portion be necessary for and part key K _{a2, b2}the corresponding key element of package for the next stratum.

For example, suppose N _r< N _l.J (0≤j≤the N of stratum with extensibility R _r-1) all package P _{i, j}(i=0,1 ..., N _l-1) be the part key K of object _{i, j}key element e ^r1 _{i, j}, be in the key element computing of key salt matrices Mj, from the key element e as root key _rj, by utilizing one-way hash function H ^*hash computing H ^{* (NL-1-i)}(e _ri) and generate from possession.Now, with all package P of the next b1 of stratum (< j) of extensibility R _{i, b1}(i=0,1 ..., N _l-1) be the part key K of object _{i, b1}key element e ^rj _{i, b1}in, the hash operation values H of the upper stratum in key salt matrices Mj ^{* (NL-1-i)}(e _rj) will be directly by reflection (being replicated).On the other hand, hash operation values H ^{* NL}(e _rj) be distributed in all package P with the upper stratum b2 in extensibility R (> j) _{i, b2}(i=0,1 ..., N _l-1) be the part key K of object _{i, b2}key element e ^rj _{i, b2}in.

Therefore, on the one hand at least a portion of key element of part key that forms the next stratum, the part key of upper stratum reflected, on the other hand, in the key element of part key that forms upper stratum, the key element of the part key of the next stratum is not reflected.That is, in the part key generating by encryption key generating means of the present invention, from the part key of upper stratum, do not generate the part key of the next stratum, thus, can obtain the repellence to assault.

(encryption key of removing in encrypting generates)

Then, for removing to encrypt in (decoding), by encryption key generating means generation encryption key of the present invention (the part key corresponding with each permitted package), be illustrated.Above-mentioned encryption key generates in action (action of the arithmetic element 460 shown in Fig. 7), according to dependency, from the master key of unique management, generates respectively the part key that is positioned at upper stratum.When removing encryption,, decoding in Fig. 7 in PC 200 is processed, same, also from possession from master key, generate the part key that is positioned at upper stratum, only the most the next corresponding decoding key of package (master key) being allowed in disclosed package group is distributed to user (PC 200).

Particularly, at N _l=N _rin=3 situation, as shown in Figure 3, at the shading image Q of request extensibility L (layer) and extensibility R (resolution levels) scope _{l, R}(0≤L≤N _l, 0≤R≤N _r) PC 200 sides in, by the package coding row P of JPEG 2000 _{l, R}as the most the next package (be arranged in extensibility L, R each the package of the most the next stratum), allow disclosing of image, the key K that input unit 450 receives this package _{l, R}(0≤L≤2,0≤R≤2).In addition the key K receiving by input unit 450, _{l, R}(0≤L≤2,0≤R≤2) are temporarily stored in memory cell 470.In Fig. 3, user, be allowed to received code image Q _{l, R}situation under, this encryption key generating means 400 is utilized and this coded image Q _{l, R}corresponding key K _{l, R}as master key, generate by frame A ((N _l-R+1) * (N _r-L+1)) the corresponding releasing encryption key of each package P (decoding key) surrounding.In addition, in this case, and from key K _{l, R}the Split Key e generating ^r2, e ^r1, e ^r0corresponding key salt matrices M1-M3 also becomes (N _l-R+1) * (N _r-L+1) matrix.

In the following description, for user in Fig. 3, be allowed to received code image Q _1,1situation be illustrated.In this case, the key in this encryption key generating means 400 generates a part that is equivalent to Fig. 9, utilizes and this coded image Q _1,1corresponding key K _1,1, generate each package P being surrounded by frame A _1,0, P _0,1, P _0,0corresponding releasing encryption key (decoding key).

Therefore, in PC 200 sides, the part key K of first memory cell 470 being stored _1,1as master key, key cutting unit 461 is cut apart (3 cut apart) with stratum's number of extensibility R, generates 3 Split Key e ^r2, e ^r1, e ^r0.

Then, matrix generation unit 462 generates key salt matrices by 3 stratum of extensibility R.Here, 3 Split Key e ^r2, e ^r1, e ^r0among, the stratum of corresponding extensibility R is compared with master key K _1,1corresponding stratum is that the next Split Key is that the rank order of another extensibility L becomes-1 hash operational data.Thereby, in this case, allocate the value identical with the corresponding part key of all the components of key salt matrices in advance.

First, in the generation of the key salt matrices M1 of the stratum 2 corresponding 2 * 2 of extensibility R, part key e ^r2it is the hash operational data that the stratum that is equivalent to extensibility L is-1.That is, due to the Split Key e of extensibility R ^r2corresponding stratum (rank order: 2) be positioned at compared with master key K _1,1the stratum of corresponding extensibility R (rank order: be 1) the next, this Split Key e ^r2value be that the rank order of extensibility L is the hash operation values of-1 o'clock.In this case, distribute and Split Key e ^r2identical value (rank order of extensibility L is-1) is to Split Key e ^r2all matrix compositions e of corresponding 2 * 2 key salt matrices M1 ^r2(0,1), e ^r2(1,1), e ^r2(0,0), e ^r2in (1,0).

Then, in the generation of corresponding 2 * 2 key salt matrices M2 of the stratum 1 of extensibility R, first by Split Key e ^r1value be dispensed to e ^r1(1,1) composition.To utilize one-way hash function H ^*the operational data H of hash computing ^*(e ^r1(1,1)) stratum that is dispensed to extensibility L is positioned at upper ingredient e ^r1(0,1).In addition, the operational data H that is-1 by the rank order of extensibility L ^{* 2}(e ^r2(1,1)) be dispensed to the Split Key e compared with extensibility R ^r1corresponding stratum (rank order: 1) be upper stratum's (rank order: 0) corresponding each ingredient e ^r1(1,0), e ^r1(0,0).Contrary, due to the Split Key e compared with extensibility R ^r1corresponding stratum (rank order: 1) be the next stratum's (rank order: 2) do not exist, so do not carry out hash computing.

On the other hand, in the generation of corresponding 2 * 2 key salt matrices M3 of the stratum 0 of extensibility R, compared with the Split Key e of extensibility R ^r0corresponding stratum (rank order: 0) be upper stratum's (rank order :-1) do not exist.Therefore, first by Split Key e ^r0value be dispensed to e ^r0(1,0) composition.To utilize one-way hash function H ^*the operational data H of hash computing ^*(e ^r1(1,0)) stratum that is dispensed to extensibility L is positioned at upper ingredient e ^r0(0,0).Contrary, at the Split Key e compared with extensibility R ^r0corresponding stratum (rank order: 0) be the next stratum's (rank order: 1), copy ingredient e ^r0the value of (1,0) is to e ^r0(1,1) composition, and carry out successively hash computing based on this value of copying.That is, will utilize one-way hash function H ^*the operational data H of hash computing ^*(e ^r0(1,1)) stratum that is dispensed to extensibility L is positioned at upper ingredient e ^r0(0,1).

Key generation unit 463 is in conjunction with the consistent composition of coordinate between the key salt matrices M1-M3 of each stratum corresponding 2 * 2 of the extensibility R being generated by matrix generation unit 462 as mentioned above, thus from master key K _1,1generate and package P _1,0, P _0,1, P _0,0corresponding decoding key K _1,0, K _0,1, K _0,0.

As mentioned above, the part key corresponding with certain package is not positioned at the upper package of this package and generates from least one extensibility, but from any extensibility, is positioned at coordination or the next package generation.Therefore, assault is had to repellence.

(the 4th embodiment)

Figure 14 is a concept map, and the encryption key of carrying out as the 4th embodiment of encryption key generating means of the present invention generates action, and the generation of the part key of the numerical data with three kinds of stratum's extensibilities above be described.In addition, Figure 15 means the figure of the coordinate corresponding relation of stratum table 11a, the part key salt matrices MPa-MPc of the part key of Figure 14 in generating and part cipher key matrix MP4.Figure 16 is for the figure of corresponding relation between the key element of part key salt matrices MPa-MPc that the part key of Figure 14 generates and part cipher key matrix MP4 is described.The encryption key generating means of the 4th embodiment is also identical with the 1st embodiment, has the structure shown in Fig. 7, more specifically, by the hardware configuration shown in Fig. 2 (a), is achieved.

In the situation that the extensibility of access control object is more than three kinds, considers first, using above-mentioned key genesis sequence (action of key cutting unit 461, matrix generation unit 462, key generation unit 463) as minimum treat unit, two kinds of extensibilities are repeated to combination.Now, if the extensibility number of access control object is made as to N _stime, the number of repetition of minimum treat unit becomes _nSc ₂(=(N _s(N _s-1))/2).

In example shown in Figure 14, as three kinds of extensibilities, by the encryption key generating means 400 of the 4th embodiment, generated and the corresponding encryption key of each package having in the numerical data of C (component) of the L (layer) of 3 stratum, the R (resolution levels) of 2 stratum and 3 stratum.In the case, for part key salt matrices MPb (the composition K of the combination of extensibility R, L ^rL(0,0)-composition K ^rL(2,1)), for part key salt matrices MPc (the composition K of the combination of extensibility R, C ^rC(0,0)-composition K ^rC(2,1)), with part key salt matrices MPa (the composition K of combination for extensibility L, C ^lC(0,0)-composition K ^lC(2,2)) by the calculation step identical with above-mentioned 1-the 3rd embodiment, generated successively.

Now, as shown in figure 15, matrix generation unit 462 also generates the table 11a of stratum that the stratum representing in extensibility L, R, C is worth all combinations.The table 11a of this stratum, is the stratum's value group according to each combination, the part cipher key matrix MP4 coordinatograph performance using the corresponding part key of the data unit of each stratum in extensibility L, R, C as composition.In addition, the table 11a of this stratum represents the kind of extensibility and the relation of stratum's value, and can be by the composition of the definite part key salt matrices MPa-MPc generating for all combinations of extensibility of this relation.That is, matrix generation unit 462 generates the corresponding part key of all combinations key element table 11b that shows the stratum's value in 11a with stratum.

The cited cipher key combinations of part key key element table 11b that generated like this, stratum's value combination of showing 11a with the stratum that represents each component coordinate of part cipher key matrix MP4 is corresponding.Each composition K of part key salt matrices MP4 _{l, R, C}(L=0,1,2; R=0,1; C=0,1,2) as shown in Figure 16 (a), by the key key element K in conjunction with the combination of one in component part key key element table 11b ^rL _{r, L}, K ^rC _{r, C}, K ^lC _{l, C}and obtain.Thereby, for the stratum that represents each component coordinate of part key salt matrices MP4, show all combinations of 11a, by in conjunction with the corresponding part key of combination key element table 11b in each key key element (with reference to Figure 16 (b)), can obtain part key salt matrices MP4.

Like this, each composition of the part cipher key matrix MP4 generating by matrix generation unit 462 is to have the corresponding encryption key of each package in the numerical data of C (component) of the L (layer) of 3 stratum, the R (resolution levels) of 2 stratum and 3 stratum as extensibility.That is, each composition of part key salt matrices MP4 is the specific corresponding part key of package of value institute of stratum that utilizes the extensibility that represents its component coordinate.

In addition, even if the extensibility of access control object is three kinds of above situations, still can be identical with the situation of two kinds of extensibilities, there is the repellence of assault.

The performed encryption key of encryption key generating means of above-mentioned the 4th embodiment generates action, with two-dimensional matrix, show to be explained in the same manner with 1-the 3rd embodiment, still following to use three-dimensional matrice performance, the state description of three-dimensional is moved the general encryption key generation of the 4th embodiment.In addition,, in the following description, for extensibility L, the R, the C that become access control object, N is counted in the stratum of this extensibility L (layer) _lbe made as 6, N is counted in the stratum of extensibility R (degree of dissociation grade) _rbe made as 4, N is counted in the stratum of extensibility C (component) _cbe made as 3.Now, the package of each stratum in extensibility L, R, C as shown in Figure 17 (a), the matrix compositions P as 6 * 4 * 3 _{i, j, k}(i=0,1,2,3,4,5; J=0,1,2,3; K=0,1,2) processed.In addition, Figure 17 (a) is the stereo representation (three-dimensional key salt matrices is also identical) of each coordinate composition configuration in three-dimensional portion cipher key matrix QM.

As shown in Figure 17 (a), each the corresponding coordinate composition K of the most the next stratum of extensibility L, R, C _5,3,2become master key.In addition, coordinate composition K _0,0,0it is each the corresponding coordinate composition of upper stratum of extensibility L, R, C.

According to the performed encryption key of the encryption key generating means of above-mentioned the 4th embodiment generate that action generates as the situation of 6 * 4 * 3 of Figure 17 (a) three-dimensional portion key salt matrices QM under, the subcomponent key K of general first _5,3,2only cut apart the number of repetition of carrying out minimum treat unit relevantly with two kinds of extensibilities _nSc ₂, generate the master key K that each minimum treat unit uses _rL, K _rC, K _lC.Here, master key K _rLit is the master key that the key relevant to extensibility L, R generates use.In addition, master key K _rCthe master key relevant to extensibility R, C.In addition, master key K _lCit is the master key that the key relevant to extensibility L, C generates use.(with reference to Figure 17 (b)).

Figure 18 is the figure that makes each stratum corresponding key key element generation step that the general encryption key of the performed action of the 4th embodiment generates in action, the three-dimensional matrice of use stereo display illustrates extensibility L, R.In addition, in the minimum treat unit relevant to extensibility L, R, benchmark extensibility is made as R, and by cutting apart master key K with stratum's number 4 of this extensibility R _rLcan obtain 4 Split Key e ^rL _r3, e ^rL _r2, e ^rL _r1, e ^rL _r0(with reference to Figure 17 (b)).

First, by Split Key e ^rL _r3be dispensed to the coordinate composition P of three-dimensional matrice _5,3,2after (the oblique line part in Figure 18 (a)), from the most the next stratum of extensibility L, towards upper stratum, utilize successively the Split Key e of one-way hash function H ^rL _r3hash computing.That is, distribute and carry out the resulting operational data of the corresponding coordinate composition of hash computing (in Figure 18 (a), being positioned at all the components in the region being surrounded with solid line) at every turn.Now, by operational data H ^{* 5}(e ^rL _r3) be dispensed in the coordinate composition corresponding with the upper stratum of extensibility L.On the other hand, by by being distributed in the operational data H of the corresponding coordinate composition of upper stratum of extensibility L ^{* 5}(e ^rL _r3) further utilize the resulting operational data H of hash computing of one-way hash function H ^{* 6}(e ^rL _r3) be dispensed to the coordinate composition P that is assigned with operational data _{l=0-5, R=3, C=2}each coordinate composition in addition (being positioned at all the components in the region being surrounded with dotted line in Figure 18 (a)).According to above computing, generating three-dimensional key salt matrices QM _rL1.

Then, by Split Key e ^rL _r2be dispensed to the coordinate composition P of three-dimensional matrice _5,2,2when (the oblique line part in Figure 18 (b)), this Split Key e ^rL _r2temporarily copied (CP) to coordinate composition P _5,3,2.And, for stratum 3 and the stratum 2 of extensibility R, from the most the next stratum of extensibility L, towards upper stratum, utilize successively the Split Key e of one-way hash function H ^rL _r2hash computing.That is, resulting operational data is dispensed to and carries out the corresponding coordinate composition of hash computing (being positioned at all the components being surrounded with solid line in Figure 18 (b)) at every turn.Now, by operational data H ^{* 5}(e ^rL _r2) be dispensed to the coordinate composition corresponding with the upper stratum of extensibility L.On the other hand, by by being distributed in the operational data H of the corresponding coordinate composition of upper stratum of extensibility L ^{* 5}(e ^rL _r2) further utilize the resulting operational data H of hash computing of one-way hash function H ^{* 6}(e ^rL _r2) be dispensed to the coordinate composition P that is assigned with operational data _{l=0-5, R=2-3, c=2}each coordinate composition in addition (in Figure 18 (b), being positioned at all the components being surrounded with dotted line).According to above computing, generating three-dimensional key salt matrices QM _rL2.

With above-mentioned same, by Split Key e ^rL _r1(as the coordinate composition P with shown in oblique line _5,1,2and distributed) hash computing, also generate the three-dimensional key salt matrices QM shown in Figure 18 (c) _rL3.In addition, in Figure 18 (c), H represents hash computing, and CP refers to the replication actions of the operational data between coordinate composition.Moreover, as shown in Figure 18 (d), by Split Key e ^rL _r0(as the coordinate composition P with shown in oblique line _5,0,2and distributed) hash computing, also generating three-dimensional key salt matrices QM _rL4.

Then, Figure 19 is the figure that makes the key key element generation step that the general encryption key of the practiced action of the 4th embodiment generates in action, the three-dimensional matrice of use stereo display illustrates and each stratum of extensibility R, C is corresponding.In addition,, in the minimum treat unit relevant with extensibility R, C, benchmark extensibility system is made as R, by cutting apart master key K with stratum's number 4 of this extensibility R _rC, can obtain 4 Split Key e ^rC _r3, e ^rC _r2, e ^rC _r1, e ^rC _r0(with reference to Figure 17 (b)).

By Split Key e ^rC _r3be dispensed to the coordinate composition P of three-dimensional matrice _5,3,2after (the oblique line part in Figure 19 (a)), from the most the next stratum of extensibility C, towards upper stratum, utilize successively the Split Key e of one-way hash function H ^rC _r3hash computing.That is, resulting operational data is dispensed to and carries out the corresponding coordinate composition of hash computing (in Figure 19 (a), with all the components that solid line was surrounded) at every turn.Now, by operational data H ^{* 2}(e ^rC _r3) be dispensed to the coordinate composition corresponding with the upper stratum of extensibility C.On the other hand, by by being distributed in the operational data H of the corresponding coordinate composition of upper stratum of extensibility C ^{* 2}(e ^rC _r3) further utilize the resulting operational data H of hash computing of one-way hash function H ^{* 3}(e ^rC _r3) be dispensed to the coordinate composition P that is assigned with operational data _{l=5, R=3, C=0-2}each coordinate composition in addition (in Figure 19 (a), being positioned at all the components being surrounded with dotted line).By above computing generating three-dimensional key salt matrices QM _rC1.

Three-dimensional key salt matrices QM shown in Figure 19 (b) _rC2by repeating following manner, generate: compared with the stratum 2 of benchmark extensibility R, be the Split Key e of the next stratum ^rC _r2(as the coordinate composition P with shown in oblique line _5,2,2and distributed) replication actions and from the most the next stratum of extensibility C, towards the hash computing of upper stratum, (utilize the Split Key e of one-way hash function H ^rC _r2hash computing).Same, the three-dimensional key salt matrices QM shown in Figure 19 (c) _rC3also by repeating following manner, generate: compared with the stratum 1 of benchmark extensibility R, be the Split Key e of the next stratum ^rC _r1(as the coordinate composition P with shown in oblique line _5,1,2and distributed) replication actions and from the most the next stratum of extensibility C, towards the hash computing of upper stratum, (utilize the Split Key e of one-way hash function H ^rC _r1hash computing).Moreover, the three-dimensional key salt matrices QM shown in Figure 19 (d) _rC4also by repeating following manner, generate: compared with the stratum 0 of benchmark extensibility R (upper stratum), be the Split Key e of the next stratum ^rC _r0(as the coordinate composition P with shown in oblique line _5,0,2and distributed) replication actions and from the most the next stratum of extensibility C, towards the hash computing of upper stratum, (utilize the Split Key e of one-way hash function H ^rC _r0hash computing).

Figure 20 makes the practiced encryption key of the 4th embodiment generate the figure that the general encryption key of action generates in action, uses key key element generation step corresponding to the three-dimensional matrice explanation of stereo display and each stratum of extensibility L, C.In addition, the minimum treat unit relevant with extensibility L, C, benchmark extensibility is made as C, by cutting apart master key K with stratum's number 3 of this extensibility C _lC, can obtain 3 Split Key e ^lC _c2, e ^lC _c1, e ^lC _c0(with reference to Figure 17 (b)).

By Split Key e ^lC _c2be dispensed to the coordinate composition P of three-dimensional matrice _5,3,2after (the oblique line part in Figure 20 (a)), from the most the next stratum of extensibility L, towards upper stratum, utilize successively the Split Key e of one-way hash function H ^lC _c2hash computing.That is, resulting operational data is dispensed to and carries out the corresponding coordinate composition of hash computing (in Figure 20 (a), being positioned at all the components being surrounded with solid line) at every turn.Now, by operational data H ^{* 5}(e ^lC _c2) be dispensed to the coordinate composition corresponding with the upper stratum of extensibility L.On the other hand, by by being distributed in the operational data H of the corresponding coordinate composition of upper stratum of extensibility L ^{* 5}(e ^lC _c2) further utilize the resulting operational data H of hash computing of one-way hash function H ^{* 6}(e ^lC _c2) be dispensed to the coordinate composition P that is assigned with operational data _{l=0-5, R=3, C=2}each coordinate composition in addition (in Figure 20 (a), being positioned at all the components being surrounded with dotted line).By above computing, generating three-dimensional key salt matrices QM _lC1.

Three-dimensional key salt matrices QM shown in Figure 20 (b) _lC2by repeating following manner, generate: compared with the stratum 1 of benchmark extensibility C, be the Split Key e of the next stratum ^lC _c1(as the coordinate composition P with shown in oblique line _5,3,1and distributed) replication actions and from the most the next stratum of extensibility L, towards the hash computing of upper stratum, (utilize the Split Key e of one-way hash function H ^lC _c1hash computing).Same, the three-dimensional key salt matrices QM shown in Figure 20 (c) _lC3also by repeating following manner, generate: compared with the stratum 0 of benchmark extensibility C (upper stratum), be the Split Key e of the next stratum ^lC _c0(as the coordinate composition P with shown in oblique line _5,3,0and distributed) replication actions and from the most the next stratum of extensibility L and (utilize the Split Key e of one-way hash function H towards the hash computing of upper stratum ^lC _c0hash computing).

For by repeating the three-dimensional key salt matrices QM shown in Figure 18-Figure 20 that above hash computing generates _rL1-QM _rL4, QM _rC1-QM _rC4, QM _lC1-QM _lC3, by consistent coordinate composition is bonded to each other, can obtain according to making the general encryption key of the practiced action of the 4th embodiment generate the part cipher key matrix QM of action.

(the 5th embodiment)

Owing to utilizing the practiced encryption key of the encryption key generating means of above-mentioned the 4th embodiment to generate action using the part key genesis sequence relevant with the extensibility of two kinds at the most as minimum treat unit, so the stratum's number once each extensibility increases gradually, resulting part key cannot prevent more than 3 people assault (Figure 17 (a) as in the multidimensional part cipher key matrix of three-dimensional portion cipher key matrix QM, have a plurality of coordinate compositions with same section key).Therefore, the encryption key generating means of the 5th embodiment be generate to assaults more than 3 people also have abundant repellence encryption key.With reference to the encryption key generating means of three-dimensional portion cipher key matrix QM explanation the 5th embodiment shown in Figure 17 (a), and with regard to becoming extensibility L, R, the C of access control object, N is counted in the stratum of this extensibility L (layer) _lbe made as 6, N is counted in the stratum of this extensibility R (resolution levels) _rbe made as 4, N is counted in the stratum of extensibility C (component) _cbe made as 3.Now, the package of each stratum in extensibility L, R, C is the matrix compositions P as 6 * 4 * 3 _{i, j, k}(i=0,1,2,3,4,5; J=0,1,2,3; K=0,1,2) processed.In addition, the master key prepared system as shown in Figure 17 (a), each the corresponding coordinate composition K of the most the next stratum of extensibility L, R, C _5,3,2become master key (coordinate composition K _0.0.0the coordinate composition corresponding with each upper stratum of extensibility L, R, C).In addition, the encryption key generating means of the 5th embodiment is also identical with the 1st embodiment, has the structure shown in Fig. 7, more specifically, by the hardware configuration shown in Fig. 2 (a), is achieved.In addition, master key is stored in this memory cell 470 by input unit 450 in advance.

First, in the encryption key generating means of the 5th embodiment, practiced encryption key generates in action, and key cutting unit 461 as shown in figure 21, is pre-set in two kinds of extensibilities among three kinds of above extensibilities in benchmark extensibility.In example shown in Figure 21, extensibility L, R have been set in benchmark extensibility.Especially, benchmark extensibility R (the 1st benchmark extensibility) is for by master key K _5,3,2generate the extensibility of Split Key.Key cutting unit 461 is cut apart master key by the stratum's number 4 with extensibility R, generates 4 Split Key e corresponding to each stratum of benchmark extensibility R ^rL _r3, e ^rL _r2, e ^rL _r1, e ^rL _r0.On the other hand, benchmark extensibility L utilizes the extensibility of computing direction of the hash computing of one-way hash function described above for regulation.In addition, Figure 21 is that the practiced encryption key of the 5th embodiment for illustrating in encryption key generating means of the present invention generates action, generates the figure of an example of the action (key cutting unit 461 actions shown in Fig. 7) of Split Key from master key.

The matrix generation unit 462 of the encryption key generating means of the 5th embodiment is each stratum for the benchmark extensibility C except benchmark extensibility L, R, and often a succession of hash computing generation corresponding with each stratum of benchmark extensibility R is worth and the three-dimensional cipher key matrix (with reference to Figure 17 (a)) of coordinatograph performance with three kinds of above extensibility L, R, the stratum in C.Therefore, in this embodiment, for three kinds of extensibility L, R, C (stratum's number of L: 6; Stratum's number of R: 4; Stratum's number of C: 3), utilize above-mentioned mathematical expression (1) give with total package number be 72, and utilize above-mentioned mathematical expression (2) give with the generation number of three-dimensional key salt matrices be 12.

In addition, Figure 22-Figure 24 is for illustrating that three-dimensional key salt matrices that the matrix generation unit 462 of the encryption key generating means by the 5th embodiment carries out generates the figure of step.Especially, Figure 22 represents, for the most the next stratum (stratum 2) of other benchmark extensibilities C beyond benchmark extensibility L, R, by the most the next stratum from extensibility L is carried out to the resulting operational data of hash computing successively towards upper stratum, to be dispensed to the three-dimensional key salt matrices QM that predetermined coordinate composition generates _1-1, QM _2-1, QM _3-1, QM _4-1.Figure 23 represents the more upper stratum (stratum 1) of 1 stratum only for the most the next stratum of other benchmark extensibilities C compared with beyond benchmark extensibility L, R, by the most the next stratum from extensibility L is carried out to the resulting operational data of hash computing successively towards upper stratum, is dispensed to the three-dimensional key salt matrices QM that predetermined coordinate composition generates _1-2, QM _2-2, QM _3-2, QM _4-2.Figure 24 represents, for the upper stratum (stratum 0) of the benchmark extensibility C beyond benchmark extensibility L, R, by the most the next stratum from extensibility L is carried out to the resulting operational data of hash computing successively towards upper stratum, to be dispensed to the three-dimensional key salt matrices QM that predetermined coordinate composition generates _1-3, QM _2-3, QM _3-3, QM _4-3.

First, Figure 22 (a) represents the most the next stratum 2 for the extensibility C beyond benchmark extensibility L, R, utilizes the corresponding Split Key e of the most the next stratum with benchmark extensibility R ^rL _r3the three-dimensional key salt matrices QM generating _1-1.

By Split Key e ^rL _r3be dispensed to the coordinate composition P of three-dimensional matrice _5,3,2when (the oblique line part in Figure 22 (a)), from the most the next stratum of extensibility L and utilize successively the Split Key e of one-way hash function H towards upper stratum ^rL _r3hash computing.That is, resulting operational data is dispensed to and carries out the corresponding coordinate composition of hash computing (in Figure 22 (a), being positioned at all the components being surrounded with solid line) at every turn.Now, by operational data H ^{* 5}(e ^rL _r3) be dispensed to the coordinate composition corresponding with the upper stratum of extensibility L.On the other hand, by by being distributed in the operational data H of the coordinate composition corresponding with the upper stratum of extensibility L ^{* 5}(e ^rL _r3) further utilize the resulting operational data H of hash computing of one-way hash function H ^{* 6}(e ^rL _r3) be allocated in the coordinate composition P that is assigned with operational data _{l=0-5, R=3, C=2}each coordinate composition in addition (in Figure 20 (a), being positioned at all the components being surrounded with dotted line).According to above computing, generating three-dimensional key salt matrices QM _1-1.

Figure 22 (b) represents the most the next stratum 2 for the extensibility C beyond benchmark extensibility L, R, utilizes the Split Key e corresponding with the stratum 2 of benchmark extensibility R (the most the next stratum is more upper stratum of 1 stratum only) ^rL _r2the three-dimensional key salt matrices QM generating _2-1.

This three-dimensional key salt matrices QM _2-1generation in, by Split Key e ^rL _r2be dispensed to the coordinate composition P of three-dimensional matrice _5,2,2(the oblique line part in Figure 22 (b)).Now, Split Key e ^rL _r2temporarily be copied to coordinate composition P _5,3,2.And, for stratum 3 and the stratum 2 of extensibility R, from the most the next stratum of extensibility L and utilize successively the Split Key e of one-way hash function H towards upper stratum ^rL _r2hash computing.That is, resulting operational data is dispensed to and carries out the corresponding coordinate composition of hash computing (in Figure 22 (b), being positioned at all the components being surrounded with solid line) at every turn.Now, by operational data H ^{* 5}(e ^rL _r2) be dispensed to the coordinate composition corresponding with the upper stratum of extensibility L.On the other hand, by by being assigned with the operational data H of the coordinate composition corresponding with the upper stratum of extensibility L ^{* 5}(e ^rL _r2) further utilize the resulting operational data H of hash computing of one-way hash function H ^{* 6}(e ^rL _r2) be dispensed to the coordinate composition P that is assigned with operational data _{l=0-5, R=2-3, C=2}each coordinate composition in addition (in Figure 22 (b), being positioned at all the components being surrounded with dotted line).According to above computing, generating three-dimensional key salt matrices QM _2-1.

In addition the three-dimensional key salt matrices QM shown in Figure 22 (c), _3-1also with the above-mentioned three-dimensional key salt matrices QM of generation _1-1, QM _2-1identical, by repeating compared with the stratum 1 of benchmark extensibility R, be the Split Key e of the next stratum ^rL _r1(as the coordinate composition P with shown in oblique line _5,1,2and distributed) replication actions and from the most the next stratum of extensibility L and (utilize the Split Key e of one-way hash function H towards the hash computing of upper stratum ^rL _r1hash computing) and generate.Same, the three-dimensional key salt matrices QM shown in Figure 22 (d) _4-1also by repeating compared with the stratum 0 of benchmark extensibility C (upper stratum), be the Split Key e of the next stratum ^rL _r0(as the coordinate composition P with shown in oblique line _5,0,2and distributed) replication actions and from the most the next stratum of extensibility L and (utilize the Split Key e of one-way hash function H towards the hash computing of upper stratum ^rL _r0hash computing) and generate.

Then, Figure 23 (a) represents the stratum 1 (the most the next stratum only 1 stratum is upper stratum) to the extensibility C beyond benchmark extensibility L, R, utilizes the Split Key e corresponding with the most the next stratum of benchmark extensibility R ^rL _r3the three-dimensional key salt matrices QM generating _1-2.

By Split Key e ^rL _r3be dispensed to the coordinate composition P of three-dimensional matrice _5,3,2when (the oblique line part in Figure 23 (a)), this Split Key e ^rL _r3temporarily copied (CP) to coordinate composition P _5,3,1.And, for each stratum 2 (the most the next stratum) and the stratum 1 (the most the next stratum only 1 stratum is upper stratum) of extensibility C, from the most the next stratum of extensibility L and utilize successively the Split Key e of one-way hash function H towards upper stratum ^rL _r3hash computing.That is, resulting operational data is dispensed to and carries out the corresponding coordinate composition of hash computing (in Figure 23 (a), being positioned at all the components being surrounded with solid line) at every turn.Now, by operational data H ^{* 5}(e ^rL _r3) be dispensed to the coordinate composition corresponding with the upper stratum of extensibility L.On the other hand, by by being assigned with the operational data H of the coordinate composition corresponding with the upper stratum of extensibility L ^{* 5}(e ^rL _r3) further utilize the resulting operational data H of hash computing of one-way hash function H ^{* 6}(e ^rL _r3) be dispensed to the coordinate composition P that is assigned with operational data _{l=0-5, R=3, C=2-3}each coordinate composition in addition (in Figure 23 (a), being positioned at all the components being surrounded with dotted line).According to above computing, generating three-dimensional key salt matrices QM _1-2.

Figure 23 (b) represents the stratum 1 for the extensibility C beyond benchmark extensibility L, R, utilizes the Split Key e corresponding with the stratum 2 of benchmark extensibility R (the most the next stratum is more upper stratum of 1 stratum only) ^rL _r2the three-dimensional key salt matrices QM generating _2-2.

This three-dimensional key salt matrices QM _2-2generation in, by Split Key e ^rL _r2be dispensed to the coordinate composition P of three-dimensional matrice _5,2,1(the oblique line part in Figure 23 (b)).Now, Split Key e ^rL _r2temporarily be replicated (CP) to coordinate composition P _{5,2～3,1～2}.And, for the stratum 3 and the stratum 2 that are the stratum 2 of extensibility C and the extensibility R of stratum 1, from the most the next stratum of extensibility L and utilize successively the Split Key e of one-way hash function H towards upper stratum ^rL _r2hash computing.That is, resulting operational data is dispensed to and carries out coordinate composition corresponding to hash computing (in Figure 23 (b), being positioned at all the components being surrounded with solid line) at every turn.Now, by operational data H ^{* 5}(e ^rL _r2) be dispensed to the coordinate composition corresponding with the upper stratum of extensibility L.On the other hand, by by being assigned with the operational data H of the coordinate composition corresponding with the upper stratum of extensibility L ^{* 5}(e ^rL _r2) further utilize the resulting operational data H of hash computing of one-way hash function H ^{* 6}(e ^rL _r2) be dispensed to the coordinate composition P that is assigned with operational data _{l=0-5, R=2-3, c=1-2}each coordinate composition in addition (in Figure 23 (b), being positioned at all the components being surrounded with dotted line).According to above computing, generating three-dimensional key salt matrices QM _2-2.

In addition the three-dimensional key salt matrices QM shown in Figure 23 (c), _3-2also be same as and generate above-mentioned three-dimensional key salt matrices QM _1-2, QM _2-2, by repeating compared with the stratum of benchmark extensibility C 1 as the next stratum and being each Split Key e of the next stratum compared with the stratum of benchmark extensibility R 1 ^rL _r1(as the coordinate composition P with shown in oblique line _5,1,1and distributed) replication actions and from the most the next stratum of extensibility L and (utilize the Split Key e of one-way hash function H towards the hash computing of upper stratum ^rL _r1hash computing) and generate.Same, the three-dimensional key salt matrices QM shown in Figure 23 (d) _4-2also by repeating compared with the stratum of benchmark extensibility C 1 as the next stratum and being the Split Key e of the next stratum compared with the stratum 0 of benchmark extensibility R (upper stratum) ^rL _r0(as the coordinate composition P with shown in oblique line _5,0,1and distributed) replication actions and from the most the next stratum of extensibility L and (utilize the Split Key e of one-way hash function H towards the hash computing of upper stratum ^rL _r0hash computing) and generate.

Moreover Figure 24 (a) represents, for the stratum 0 (upper stratum) of the extensibility C beyond benchmark extensibility L, R, to utilize the Split Key e corresponding with the stratum 3 (the most the next stratum) of benchmark extensibility R ^rL _r3the three-dimensional key salt matrices QM generating _1-3.

By Split Key e ^rL _r3be dispensed to the coordinate composition P of three-dimensional matrice _5,3,0when (the oblique line part in Figure 24 (a)), this Split Key e ^rL _r3temporarily copied (CP) to coordinate composition P _{5,3, C=1,2}.And, for each of-stratum 0 of stratum 2 (the most the next stratum) (upper stratum) of extensibility C and the stratum 3 (upper stratum) of benchmark extensibility R, from the most the next stratum of extensibility L and utilize successively the Split Key e of one-way hash function H towards upper stratum ^rL _r3hash computing.That is, resulting operational data is dispensed to and carries out the corresponding coordinate composition of hash computing (in Figure 24 (a), being positioned at all the components being surrounded with solid line) at every turn.Now, by operational data H ^{* 5}(e ^rL _r3) be dispensed to the coordinate composition corresponding with the upper stratum of extensibility L.On the other hand, by by being assigned with the operational data H of the coordinate composition corresponding with the upper stratum of extensibility L ^{* 5}(e ^rL _r3) further utilize the resulting operational data H of hash computing of one-way hash function H ^{* 6}(e ^rL _r3) be dispensed to the coordinate composition P that is assigned with operational data _{l=0-5, R=3, C =0-2}each coordinate composition in addition (in Figure 24 (a), being positioned at all the components being surrounded with dotted line).According to above computing, generating three-dimensional key salt matrices QM _1-3.

Figure 24 (b) represents the stratum 0 (upper stratum) for the extensibility C beyond benchmark extensibility L, R, utilizes the Split Key e corresponding with the stratum 2 of benchmark extensibility R (the most the next stratum is more upper stratum of 1 stratum only) ^rL _r2the three-dimensional key salt matrices QM generating _2-3.

This three-dimensional key salt matrices QM _2-3generation in, by Split Key e ^rL _r2be dispensed to the coordinate composition P of three-dimensional matrice _5,2,0(the oblique line part in Figure 24 (b)).Now, Split Key e ^rL _r2temporarily be replicated (CP) to coordinate composition P _5,2-3,0-2.And, for each of (upper the stratum)-stratum 0 of stratum 2 (the most the next stratum) of extensibility C and the stratum 3 of extensibility R and stratum 2, from the most the next stratum of extensibility L and utilize successively the Split Key e of one-way hash function H towards upper stratum ^rL _r2hash computing.That is, resulting operational data is dispensed to and carries out the corresponding coordinate composition of hash computing (in Figure 24 (b), being positioned at all the components being surrounded with solid line) at every turn.Now, by operational data H ^{* 5}(e ^rL _r2) be dispensed to the coordinate composition corresponding with the upper stratum of extensibility L.On the other hand, by by being assigned with the operational data H of the coordinate composition corresponding with the upper stratum of extensibility L ^{* 5}(e ^rL _r2) further utilize the resulting operational data H of hash computing of one-way hash function H ^{* 6}(e ^rL _r2) be dispensed to the coordinate composition P that is assigned with operational data _{l=0-5, R=2-3, C=0-2}each coordinate composition in addition (in Figure 24 (b), being positioned at all the components being surrounded with dotted line).According to above computing, generating three-dimensional key salt matrices QM _2-3.

In addition the three-dimensional key salt matrices QM shown in Figure 24 (c), _3-3also be same as above-mentioned three-dimensional key salt matrices QM _1-3, QM _2-3generation, by repeating compared with the stratum 0 of benchmark extensibility C (upper stratum), be the next stratum and each the Split Key e that is the next stratum compared with the stratum of benchmark extensibility R 1 ^rL _r1(as the coordinate composition P with shown in oblique line _5,1,0and distributed) replication actions and from the most the next stratum of extensibility L and (utilize the Split Key e of one-way hash function H towards the hash computing of upper stratum ^rL _r1hash computing) and generate.Same, the three-dimensional key salt matrices QM shown in Figure 24 (d) _4-3also by repeating compared with the stratum 0 of benchmark extensibility C (upper stratum), be the next stratum and be the Split Key e of the next stratum compared with the stratum 0 of benchmark extensibility R (upper stratum) ^rL _r0(as the coordinate composition P with shown in oblique line _5,0,0and distributed) replication actions and from the most the next stratum of extensibility L and (utilize the Split Key e of one-way hash function H towards the hash computing of upper stratum ^rL _r0hash computing) and generate.

As upper type, for repeat the three-dimensional key salt matrices QM shown in Figure 22-Figure 24 that hash computing generates by matrix generation unit 462 _1-1-QM _4-1, QM _1-2-QM _4-2, QM _1-3-QM _4-3, by key generation unit 463, each consistent coordinate composition is bonded to each other, can obtain three-dimensional portion key salt matrices QM.Output unit 480 exports the three-dimensional portion key generating by key generation unit 463 to coding unit 410.

By above explanation of the present invention, can clearly learn and the present invention can be carried out to distortion miscellaneous.Such distortion does not depart from thought of the present invention and scope, is contained in the scope of claim for a person skilled in the art for natural improvement.

Claims (6)

1. an encryption key generating means, be applicable to provide the communication system of the delivery service of numerical data, and for generating the encryption key utilizing when this numerical data is carried out to encoding and decoding, described numerical data has stratum's extensibility of at least two kinds, described encryption key generating means is characterised in that to possess:

Input unit, be used for obtaining encryption key, this encryption key is each of the 1st and the 2nd extensibility of selecting from described multiple stratum's extensibility, meets and in the stratum of the grade of service that described communication system permits, is positioned at the encryption key that the encoding and decoding of the data unit of the most the next stratum utilizes;

Memory cell, stores the encryption key of being obtained by described input unit as master key;

Key cutting unit, by cutting apart to be set as stratum's number of the 1st extensibility of benchmark extensibility in the described the 1st and the 2nd extensibility the described master key of reading from described memory cell, generate the Split Key corresponding to each stratum of described the 1st extensibility;

Matrix generation unit, while generating for the stratum of the 1st extensibility described in each the key salt matrices that coordinate shows with stratum's value of the described the 1st and the 2nd extensibility, the key salt matrices generating for a Split Key among the described Split Key based on being generated by described key cutting unit, to the stratum in corresponding the 1st extensibility of an at least described Split Key and in described the 2nd extensibility from the most the next stratum to upper stratum corresponding coordinate composition respectively, distribution is carried out the hash computing of a described Split Key and the operational data that obtains successively by recycling one-way hash function,

Key generation unit, by the consistent key key element of coordinate between the described key salt matrices in conjunction with being generated by described matrix generation unit, generates the corresponding part key of data unit of each stratum in the described the 1st and the 2nd extensibility; And

Output unit, exports the part key generating by described key generation unit at least any device in the encoding and decoding that carries out described numerical data.

2. encryption key generating means according to claim 1, wherein, described key cutting unit selects extensibility that the described the 1st and the 2nd extensibility scala media number of plies is few as described benchmark extensibility.

3. encryption key generating means according to claim 1 and 2, wherein, described matrix generation unit, the composition information of the key salt matrices generating as a Split Key based among described Split Key, to being equivalent to stratum in corresponding the 1st extensibility of this Split Key, be positioned at the next stratum and from each coordinate composition of the most the next stratum to the upper stratum of described the 2nd extensibility, distribute and stratum's operational data that resulting operational data is identical successively for this Split Key, on the other hand, to being equivalent to stratum in corresponding the 1st extensibility of this Split Key, being positioned at upper stratum and distributing following operational data from all coordinate compositions of the most the next stratum to the upper stratum of described the 2nd extensibility, the i.e. key key element of the upper stratum of described the 2nd extensibility among the key key element for this corresponding stratum of Split Key, utilize one-way hash function to carry out the resulting operational data of hash computing.

4. encryption key generating means according to claim 1 and 2, wherein, described matrix generation unit, all combinations for two kinds of extensibilities can selecting from described multiple stratum's extensibility, generation is the part key salt matrices of coordinate performance with the stratum's value in these two kinds of extensibilities, and generate stratum's table of all combinations of the stratum's value representing in described multiple stratum's extensibility, this stratum table according to combined stratum's value and the corresponding part key of data unit of each stratum that coordinate performance is usingd in described multiple stratum's extensibility as the part cipher key matrix of composition,

Described key generation unit, all combinations for the stratum's value in described stratum table, each composition of the described part key salt matrices of being determined, generating for all combinations of two kinds of extensibilities by combination according to the kind that forms Liang Ge stratum value among stratum's value of a combination and extensibility thereof, generates the part key as the composition of described part cipher key matrix successively.

5. an encryption key generating means, be applicable to provide the communication system of the delivery service of numerical data, and for generating the encryption key utilizing when this numerical data is carried out to encoding and decoding, described numerical data has stratum's extensibility of at least three kinds, described encryption key generating means is characterised in that to possess:

Input unit, be used for obtaining encryption key, this encryption key is in each of described multiple stratum's extensibility, meets and in the stratum of the grade of service that described communication system permits, is positioned at the encryption key that the encoding and decoding of the data unit of the most the next stratum utilizes;

Memory cell, stores the encryption key of being obtained by described input unit as master key;

Key cutting unit, stratum's number by the 1st benchmark extensibility in the 1st and the 2nd benchmark extensibility to select from described multiple stratum's extensibility is cut apart the described master key of reading from described memory cell, generates the Split Key corresponding to each stratum of described the 1st benchmark extensibility;

Matrix generation unit, for each stratum separately of other extensibilities beyond the described the 1st and the 2nd benchmark extensibility among described multiple stratum's extensibility, a succession of computing of every each stratum corresponding to described the 1st benchmark extensibility, generation is the multidimensional key salt matrices of coordinate performance with the stratum's value in described multiple stratum's extensibility, for each of resulting multidimensional key salt matrices, to the stratum in corresponding the 1st benchmark extensibility of a Split Key among the described Split Key at least being generated by described key cutting unit and each corresponding coordinate composition of the most the next stratum to the upper stratum from described the 2nd benchmark extensibility, distribution is carried out the hash computing of this Split Key and the operational data that obtains successively by recycling one-way hash function,

Key generation unit, for described other extensibilities each stratum separately, a succession of computing of every each stratum corresponding to described the 1st benchmark extensibility, each the consistent composition of coordinate of the described multidimensional key salt matrices that generated by described matrix generation unit of being bonded to each other, generates the corresponding part key of data unit of each stratum in described multiple stratum's extensibility thus; And

Output unit, exports the part key generating by described key generation unit at least any device in the encoding and decoding that carries out described numerical data.

6. encryption key generating means according to claim 5, wherein, described matrix generation unit, for described other extensibilities each stratum separately, each composition information as the described multidimensional key salt matrices often generating corresponding to a succession of computing of each stratum of described the 1st benchmark extensibility, to being equivalent to each each stratum of more corresponding described other extensibilities and described the 1st benchmark extensibility, be positioned at the next stratum and from each coordinate composition of the most the next stratum to the upper stratum of described the 2nd benchmark extensibility, distribute the identical operational data of the operational data obtaining successively with using the Split Key that the stratum of this 1st corresponding benchmark extensibility is distributed, on the other hand, to being equivalent to each stratum of more corresponding described other extensibilities and described the 1st benchmark extensibility, being positioned at upper stratum and distributing following operational data from each all coordinate compositions of the most the next stratum to the upper stratum of described the 2nd benchmark extensibility, for the key key element of the upper stratum of described the 2nd benchmark extensibility among the key key element of this corresponding stratum of Split Key, utilize one-way hash function to carry out the resulting operational data of hash computing.