WO2006025589A1 - Information encryption apparatus and controlling method of the same, computer program and computer readable storage medium - Google Patents

Information encryption apparatus and controlling method of the same, computer program and computer readable storage medium Download PDF

Info

Publication number
WO2006025589A1
WO2006025589A1 PCT/JP2005/016365 JP2005016365W WO2006025589A1 WO 2006025589 A1 WO2006025589 A1 WO 2006025589A1 JP 2005016365 W JP2005016365 W JP 2005016365W WO 2006025589 A1 WO2006025589 A1 WO 2006025589A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
key
contents
node
keys
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2005/016365
Other languages
English (en)
French (fr)
Inventor
Yuji Suga
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Canon Inc
Original Assignee
Canon Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Canon Inc filed Critical Canon Inc
Publication of WO2006025589A1 publication Critical patent/WO2006025589A1/en
Priority to US11/614,556 priority Critical patent/US8000472B2/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
    • H04L9/0836Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key using tree structure or hierarchical structure
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution

Definitions

  • the digital contents delivery service is a service for distributing contents among particular users. It is a matter of course that the service needs a system for preventing the contents from being leaked to entities other than the authorized users.
  • the contents delivery service using a large capacity medium similar mechanisms for controlling access from users are also developed. For such a mechanism, a system is provided for a situation where contents data is encrypted or scrambled to allow only authenticated users who have correct contents information or know descrambling way of contents to decrypt the contents data and to enjoy the authorized contents including a document and image data.
  • Such a contents delivery service has contents providers to deliver contents.
  • the contents providers have to set different access control information for each of the contents and expected to perform encryption with different key on each of the contents, each user and each action of the users (for example, viewing or coping the contents).
  • the contents providers suffer significant loads in managing key information such as generating, holding or delivering a key. To solve this problem, more efficient management methods without degrading the security level have been studied. Some of the conventional management methods will be described below. [Tree structure management method]
  • the tree structure management method is suitable for rejecting a user and is used in offline contents replaying appliances such as a DVD player.
  • key information used for encryption and the encrypted contents are concurrently delivered or stored in a medium so that only an authenticated user can decrypt the encrypted data.
  • the key information has to be delivered in an appropriate combination to each user. Tremendous user key information can be efficiently managed with the tree structure.
  • a typical tree structure management method is a contents delivery model described in the document "Management methods for protecting digital contents” encryption and information security symposium SCIS2001, pp.213-218 (hereinafter called Document 1).
  • Document 1 a tree structure for delivering keys as shown in FIG. 14 is used, with different keys being placed at respective nodes.
  • a user key in the above paper, a key held by a player such as a DVD is considered
  • terminal node leaf node
  • the contents are assumed to be updated frequently and keys are thus placed so as to improve efficiency of key revocation.
  • Key management considered in the hierarchical key management method is the same as that in the tree structure management method in that keys are placed at respective nodes but quite different in that a user is provided with not only a key placed at a terminal node but also keys placed at all the nodes including the root.
  • Documents disclosing this technique include C. H. Lin. "Dynamic key management schemes for access control in a hierarchy" Computer Communications, 20:1381-1385, 1997 (hereinafter called Document 2) and J.- C. Birget, X. Zou, G. Noubir, B. Ramamurthy, "Hierarchy-Based Access Control in Distributed Environments" in the Proceedings of IEEE ICC, June 2001 (hereinafter called Document 3) .
  • the method must have a system for allowing a key for the node n3 to be generated from both a key placed at the node nl and a key placed at the node n2.
  • the abovementioned paper by Birget and others proposes two methods shown below as a method for providing such a system.
  • FIG. 18 shows an example of this method, describing a set of key data to be delivered to each node.
  • the figure shows that key data k5 is included in the parent node of a node, to which ⁇ k5 ⁇ is delivered.
  • the figure also shows that it is the same in the other nodes that parent nodes include key data of their children nodes.
  • [(2) One-way function based keying schemes] This is a method of what proposed by Lin and the others (Document 2) extended. This method uses a one ⁇ way hash function to reduce key information held by each node.
  • the abovementioned rl2 and rl3 are generated to satisfy
  • an image encrypting/ decrypting system for encrypting and sending contents data such as an image configured by a plurality of frame images in a series in chronological order at a contents creating side and decrypting and replaying the sent contents data at a user's side is considered (for example,
  • FIG. 7 is a schematic diagram for illustrating a case where time sequential contents are encrypted for each unit.
  • object contents 701 is encrypted into encrypted contents 702.
  • the contents 701 are divided into parts from Ml to M4, which are encrypted by contents keys 703 (kl) - 706 (k4) respectively resulting in the encrypted data cl - c4.
  • contents keys 703 - 706 may be delivered concurrently with the encrypted contents 702, or may be separately delivered in an asynchronous manner from a license server, which is a third party, different from the deliverer.
  • the creator of the time sequential contents has to determine the minimum unit of the contents to be encrypted by the same key and generate a key for each of the atomic contents separated by the unit.
  • the creator also has to determine the range to be disclosed to the receiver and deliver a key for the range. If the atomic contents are set for a kind of contents by mesh, both the key information to be managed and the key delivery cost will be tremendous.
  • the key management method described in Document 4 encrypts each of the atomic contents with a different key not for the purpose of controlling delivery so that a different range will be shown for each user. In other words, whether the user has a correct key or not depends on whether the user wants to enjoy all the contents or not and the use of different keys does not control partial accessing.
  • a creator of time sequential contents can control delivering the contents in further segmented units by determining the minimum unit of contents to be encrypted with the same key, generating a key for each of the atomic contents separated by the unit and encrypting the contents with the respective keys. If the atomic contents are set by segmented mesh, however, both key information to be managed and key delivery cost is tremendous.
  • the present invention intends to provide a technique for facilitating management of key information even if contents information is divided into some partial contents, which are encrypted with different pieces of key information.
  • the information encrypting apparatus of the present invention includes the configuration below:
  • An information encrypting apparatus for encrypting contents information including partial contents arranged in a sequence along a predetermined axis, including: root key generating means for generating root key information of the contents information; hierarchical structure key generating means for generating i keys of the i th layer based on i-1 keys at an upper i-l th layer and generating key information for the number of the partial contents at a terminal position, wherein the hierarchical structure key generating means generates node keys P (i, 1) and P (i.
  • encrypting means for encrypting each of partial contents by using key information at a terminal layer generated by the hierarchical structure key generating means; and storing means for storing encrypted contents information including partial contents encrypted by the encrypting means, the root key information and information for determining a boundary position for each of partial contents.
  • FIG. 3 is a diagram for illustrating an example of a directed graph representing an access structure
  • FIG. 5 is a flowchart for illustrating a node key generating procedure according to a pruning method
  • FIG. 6 is a diagram for illustrating an example of a node-keys-assigning chart for the example shown in FIG. 3;
  • FIG. 7 is a schematic diagram for illustrating a case where time line contents are encrypted for each unit
  • FIG. 8 is a diagram for illustrating a hierarchy of all the range keys shown in FIG. 7 according to the embodiment;
  • FIG. 9 is a diagram for illustrating a hierarchy of a part of the range keys shown in FIG. 7 according to a second embodiment;
  • FIG. 10 is a diagram representing ranges to be decrypted in contents for range keys restricted in FIG.
  • FIG. 11 is a diagram representing ranges to be decrypted in contents for range keys restricted in FIG.
  • FIG. 12 is a diagram representing a hierarchy of a part of the range keys shown in FIG. 7 according to the third embodiment
  • FIG. 13 is a diagram representing a contents delivery system according to the embodiment
  • FIG. 16 is a conceptual diagram for illustrating an access structure in the hierarchical access control method
  • FIG. 18 is a diagram for illustrating an example of User multiple keying
  • FIG. 19 is a diagram for illustrating One-way function based keying schemes
  • FIG. 20 is a diagram representing a hierarchy of all the range keys for five contents keys according to a fourth embodiment
  • FIG. 1 is a block configuration diagram of an information processing unit according to the present invention. All the functions shown in FIG. 1 are not necessary to implement the present invention.
  • an information processing unit 100 includes a modem 118 for a public circuit or the like, a monitor 102 as a display part, a CPU 103, ROM 104, RAM 105, an HD (Hard Disk) 106, a network connecting part 107 for a network, a CD drive 108, an FD (Flexible Disk) drive 109, a DVD (Digital Video Disk or Digital Versatile Disk) drive 110, an interface
  • I/F. 117 for a printer 115
  • an interface (I/F) 111 for a pointing device 112 such as a mouse or a keyboard 113 as an operating part, which are communicatively interconnected via a bus 116.
  • the pointing device 112 and the keyboard 113 are operating parts for a user to input various instructions to the information processing unit 100.
  • Information input through the operating part (operating information) is taken in the information processing unit 100 via the interface 111.
  • Various types of information (character information, image information or the like) in the information processing unit 100 is adapted to be printed out from the printer 115.
  • the monitor 102 displays various types of instructing information for a user or various types of information including character information and image information.
  • the ROM 104 stores a BIOS and a boot program.
  • the RAM 105 is used as a working area for temporally storing processing programs and information on what is to be processed for various processes in the CPU 103.
  • the HD 106 is an exemplary component of a mass storage device, saving an OS, various application program files (including processing programs in the embodiment), a data file, or processing programs for information converting processing or the like, which are transferred to the RAM 105 or the like when the respective processes are performed.
  • the CD drive 108 has functions of reading data stored in a CD (CD-R) as an example of an external memory and writing out data to the CD.
  • the FD (Floppy (registered trademark) (R) disk) drive 109 reads data stored in a FD as an example of an external memory as the CD drive does.
  • the FD drive also has a function of writing various types of data to the FD.
  • the information processing unit 100 may be adapted to install an editing program or a printer driver on the HD 106 and transfer the programs to the RAM 105 if needed, when the programs are stored in external memory such as the CD, the FD and the DVD.
  • the network connecting part 107 is connected to an external network via an interface (I/F) 114.
  • Nodes are divided to fulfill the condition below in the given key delivery graph G in order to generate key generating data.
  • a set of all the nodes is denoted by Node (G)
  • the size of a set of subsets is denoted by N
  • divided subsets are denoted by SubG_l, SubG_2, ...SubG_N.
  • n_a ⁇ n_b or n_a > n_b is held in arbitrary two different nodes n_a and n_b included in SubG_i. That is to say, n_a and n_b have a parent-child relationship, such as one being the child node of the other.
  • the number of divided subsets N is called key delivery order of the key delivery graph G, represented by Ord (G) .
  • Ord (G) assignment of node keys
  • An initial key K_i is calculated for each subset SubG_i (1 ⁇ i ⁇ N) and assigned as a node key for the root node.
  • Node keys are assigned to children nodes subordinate to the root node in the rules shown below: i) Respective nodes are numbered by the numbers associated with N initial keys K_i (1 ⁇ i ⁇ N) . The numbers represent how many times the one-way function is performed on the respective initial keys K_i. "N" meaning "None" may be numbered. If a node is numbered "N" for an initial key K_i, the node has no key associated with the initial key K_i.
  • Nodes included in SubG_i are sorted in descending order according to the parent-child relationship on a directed graph in each set and numbered in ascending order from 0.
  • the numbers are associated with the initial keys K_i.
  • iii) The number associated with the initial key K_j (i ⁇ j) for a node included in SubG_i is "N", if the node is not the ancestor node of nodes included in SubG_j (a subset to the initial key K_j) .
  • the number is the minimum number among what assigned to nodes included in SubG_J as children nodes, if the node is the ancestor node.
  • FIG. 2 is a flowchart of the abovementioned node key assigning process.
  • all the nodes in a set are mutually prime and divided into subsets, which are not empty, ⁇ SubG_i ⁇ ⁇ 1 ⁇ i ⁇ N ⁇ , and initial keys K_i are calculated for respective subsets.
  • the number of nodes included in each of the subsets SubG_i is described as #N (i) .
  • the nodes included in each of the subsets SubG_i are sorted in descending order according to the parent-child relationship on the directed graph, and described as
  • SubG_i ⁇ n (i, 1), n(i, 2) n (i, #N(i))>.
  • the node key for node n (i, j) is what the one-way hash function is performed on an initial key K_k (1 ⁇ k ⁇ N) for predetermined time.
  • the predetermined time is described as h (i, j, k) .
  • Step S201 is a loop for a variable i varying from 1 to N
  • step S202 is a loop for a variable j varying from 1 to N
  • step S203 is a loop for a variable k varying from 1 to #N (i) .
  • node keys as shown in FIG. 4 are configured for the directed graph shown in FIG. 3.
  • a vector of each node shown in FIG. 4 represents how many times the hash function is performed on four initial keys x, y, z and t.
  • a cell described as [2, 2, N, N] is assumed to hold H (H (x) ) and H (H (y) ) as node keys.
  • N refers to "None", meaning that the node has no information on initial keys z and t. If a hash operation is to be performed for n times thereafter, it is briefly described as H"n ( ) .
  • the root key deliverer safely delivers a key for each node to an entity at each node.
  • the deliverer discloses a key delivery graph and delivers data for identifying the delivered key's location on the graph to each entity.
  • a pruning method is known. [Outline of pruning method]
  • each node key is represented by m vector(s), which describe node key information for each node represent the size of node division ⁇ SubG__i ⁇ (1 ⁇ i ⁇ m). It represents how many times the hash function is performed on an initial key as mentioned above.
  • the directed graph G is divided so that sub-graphs fulfill the conditions below:
  • M (G) can be represented as the same as the conventional node-keys-assignment chart, though, it is different in that the size of a vector varies for each sub-graph and a label for indicating a node associating the upper node and the lower node ⁇ is required.
  • FIG. 6 If this method is applied to the directed graph described in FIG. 3, FIG. 6 is obtained.
  • the initial key is less by one than that of FIG. 4, and both the calculation cost and the communication cost is reduced.
  • Kl and K2 described in FIG. 6 are not given as the actual key derived from the initial key. They are generated only from key information possessed by a node of [2, 2, 2] and a node of [N, N, 0], respectively.
  • Kl may be H(ET2(x)
  • K2 H(z
  • " refers to a coupling of pieces of data.
  • FIG. 7 is a schematic diagram for illustrating a case where time sequential contents are encrypted for each unit. It shows an example of contents to be managed divided into four of Ml, M2, M3 and M4. Contents to be managed are encrypted by using contents keys kl, k2, k3 and k4 for each of• atomic contents.
  • a range key k (i, j) (where i ⁇ j), which allows only adjoining atomic contents to be decrypted will be considered.
  • the range key k (i, j) is a key for allowing kj to be generated from contents key ki for atomic contents from Mi to Mj.
  • FIG. 8 is a diagram for illustrating a hierarchy of all the range keys shown in FIG. 7.
  • the nodes represented by circles at the bottom are contents keys.
  • the contents key Ki can be considered the same as the range key K(i, i) .
  • Each node represented as a triangle is a range key, which can generate a range key and a contents key at the lower node position.
  • the range key placed at the root is K(I, 4), which can decrypt all the four atomic contents.
  • FIG. 13 shows a delivery system in the embodiment.
  • a first deliverer 1301 delivers encrypted contents 1303 in the abovementipned configuration and a range key 1304 for decrypting the contents 1303 to a first receiver 1302.
  • the range key 1304 may be delivered separately from a third party such as a license server and not from the first deliverer 1301.
  • the first receiver 1302 can decrypt a part of the encrypted contents 1303 with the range key 1304.
  • the first receiver 1302 can re-deliver the contents. That is to say, the first receiver 1302 plays a role of the second deliverer and delivers the same encrypted contents 1306 to a second receiver 1305.
  • the deliverer can calculate and send, another range key 1307 placed below the range key 1304.
  • the range key 1304 is K(I,3) in FIG. 8 and another range key 1304 below is K (1, 2) in FIG. 8.
  • the first receiver 1302 can obtain contents Ml, M2 and M3.
  • the first receiver 1302 forms the range key 1307 so as to decrypt only Ml and M2, i.e., calculates K(I,2), and re-delivers it to the second receiver 1303.
  • the receiver can re-deliver the contents by restricting the range the receiver is allowed to disclose. This means that a contents receiver also plays a role of a contents deliverer.
  • the contents receiver also has a function of reforming a key at his own discretion.
  • FIG. 23 shows a procedure of application programs for encryption (stored in the HD drive 106) in an embodiment.
  • a file to be encrypted is designated.
  • the file can be designated with a file name with a path for the corresponding moving image file input from a keyboard, or with a file name designated on a dialog window for file designation in a manner of being traced back from a drive and a directory to the object file.
  • a dividing position of the designated contents i.e., an encrypting unit is input.
  • a method of inputting a dividing position may be a method of designating a boundary position of a moving image by time or a method of designating the position by chapter, if chapters are set.
  • the number of divisions for dividing the contents into equal parts may be input, when the contents are divided by the same time length.
  • the number of encrypting units set can be determined when the dividing position of the moving image file (contents) to be encrypted is designated, the number of units is set as L. Data between dividing positions are called partial contents here.
  • step S2305 1 is substituted into an initial variable i.
  • the variable i is for indicating both partial contents to be encrypted and a key to be used.
  • i th partial contents are encrypted with a key Ki. If relationship i ⁇ L is satisfied, or it is determined that partial contents remains to be encrypted at step S2307, the variable i is incremented by 1 at step S2308 and the process of step S2306 is performed.
  • step S2309 where encrypted contents (here, an encrypted moving image file) , a root key and dividing information indicating a dividing position of the encrypted contents (equal to dividing number) is stored in the HDD 106.
  • encrypted contents here, an encrypted moving image file
  • a root key and dividing information indicating a dividing position of the encrypted contents is stored in the HDD 106.
  • delivery of encrypted contents will be described. As described above, although delivery of encrypted contents is desirably performed at a server intended for that purpose, the embodiment is described as the device of the first deliverer functions as a delivering device Web server, FTP server.
  • the flowchart of FIG. 24 shows a procedure to be included in a server program.
  • step S2401 whether contents are requested via a network or not is determined at step S2401. If contents are requested, the process proceeds to step S2402, where authentication is performed. Then, at step S2403, the range of the object contents (a start position and an end position of sequential partial contents) to be permitted for decryption is determined based on the authentication.
  • the process proceeds to step S2405, where decrypting related information is generated.
  • the decrypting related information may be what shown in FIG. 25. That is to say, it may be the parent key information generated at step S2404, the number of children keys indicating how many pieces of children key information are generated from the parent key, the contents dividing information (described at FIG. 23) and information indicating the decrypting range.
  • step S2406 the generated decrypting related information and the encrypted contents information are sent to the terminal of the requesting first receiver.
  • the encrypted contents information may be sent separately or delivered independently through the Internet. Thus, at step S2406, only the decrypting related information may be sent.
  • the terminal of the first receiver can determine not only how many times the children keys should be generated from the received parent key information but also which partial contents of the encrypted contents the generated children keys are corresponding to. Therefore, the first receiver can decrypt and replay the objective partial contents.
  • the contents to be encrypted may be audio data or a document file.
  • pages forming the document may be considered as partial contents for processing. In such a case, however, a file structure of the document file may be disclosed.
  • a typical document file is a PDF file.
  • a data row forming the contents to be delivered is divided at desired positions and each of the partial contents between the dividing positions are encrypted with keys derived from the root key.
  • the deliverer side has to manage only one key. This facilitates the key management and also allows generating key information for decrypting only the range of desired sequential partial contents at the deliverer side.
  • the receiver side of the encrypted contents also has to manage only one piece of key information.
  • Range keys which can be configured in any range, have been described in the above embodiment. In the present embodiment, a method for reducing key management cost by restricting the range keys will be described.
  • This embodiment can reduce the total number of contents keys and reduce management cost by previously determining a range of contents to be managed in this manner and configuring mesh for dividing contents by unit different from general units.
  • the computer program can be generally executed when a computer readable storage medium such as a CD- ROM is set in a computer and copied or installed in the system, the computer readable storage medium can be included in the present invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
PCT/JP2005/016365 2004-09-01 2005-08-31 Information encryption apparatus and controlling method of the same, computer program and computer readable storage medium Ceased WO2006025589A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US11/614,556 US8000472B2 (en) 2004-09-01 2006-12-21 Information encryption apparatus and controlling method of the same, computer program and computer readable storage medium

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2004-254681 2004-09-01
JP2004254681A JP4632413B2 (ja) 2004-09-01 2004-09-01 情報暗号化装置及び情報配信装置並びにそれらの制御方法、並びに、コンピュータプログラム及びコンピュータ可読記憶媒体

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US11/614,556 Continuation US8000472B2 (en) 2004-09-01 2006-12-21 Information encryption apparatus and controlling method of the same, computer program and computer readable storage medium

Publications (1)

Publication Number Publication Date
WO2006025589A1 true WO2006025589A1 (en) 2006-03-09

Family

ID=36000221

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2005/016365 Ceased WO2006025589A1 (en) 2004-09-01 2005-08-31 Information encryption apparatus and controlling method of the same, computer program and computer readable storage medium

Country Status (3)

Country Link
US (1) US8000472B2 (enExample)
JP (1) JP4632413B2 (enExample)
WO (1) WO2006025589A1 (enExample)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101641904B (zh) * 2007-03-20 2012-10-03 索尼株式会社 密钥提供系统、终端设备和信息处理方法

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100923805B1 (ko) * 2001-03-29 2009-10-27 파나소닉 주식회사 데이터를 암호화하여 데이터를 보호하는 데이터 보호시스템
US9313248B2 (en) * 2006-04-13 2016-04-12 Johnny Stuart Epstein Method and apparatus for delivering encoded content
US8261091B2 (en) * 2006-12-21 2012-09-04 Spansion Llc Solid-state memory-based generation and handling of security authentication tokens
JP2008236377A (ja) * 2007-03-20 2008-10-02 Sony Corp 鍵提供システム、鍵提供装置、端末装置、鍵提供方法、及び鍵生成方法
JP5270894B2 (ja) * 2007-10-01 2013-08-21 キヤノン株式会社 情報処理装置及びその制御方法、情報処理システム、プログラム
JP5286748B2 (ja) * 2007-11-09 2013-09-11 ソニー株式会社 情報処理装置、鍵設定方法、及びプログラム
JP5152319B2 (ja) * 2008-02-27 2013-02-27 日本電気株式会社 データ記録装置、該データ記録装置に用いられるデータ記録方法及びデータ記録制御プログラム
JP5043786B2 (ja) * 2008-09-10 2012-10-10 Kddi株式会社 アクセス制御システム、アクセス制御方法
US9451452B2 (en) * 2009-06-29 2016-09-20 Motorola Solutions, Inc. Method of triggering a key delivery from a mesh key distributor
US8254580B2 (en) * 2009-09-30 2012-08-28 Telefonaktiebolaget L M Ericsson (Publ) Key distribution in a hierarchy of nodes
US9712460B1 (en) * 2013-08-26 2017-07-18 F5 Networks, Inc. Matching port pick for RSS disaggregation hashing
US9703981B1 (en) * 2013-11-04 2017-07-11 Mobile Iron, Inc. Mobile device data encryption
JP6100922B2 (ja) * 2013-12-26 2017-03-22 株式会社東芝 通信制御装置、通信制御方法、プログラムおよび通信システム
WO2016067471A1 (ja) * 2014-10-31 2016-05-06 株式会社東芝 通信制御装置、通信制御方法およびプログラム
WO2016147303A1 (ja) * 2015-03-16 2016-09-22 株式会社東芝 管理装置、プログラム、システム、機器および方法
EP3442160A1 (en) * 2017-08-07 2019-02-13 Siemens Aktiengesellschaft Pruning of authentication trees
JP2020068437A (ja) * 2018-10-23 2020-04-30 株式会社アメニディ アクセス管理装置、及びプログラム

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002080448A1 (en) * 2001-03-29 2002-10-10 Sony Corporation Information processing apparatus
JP2004120008A (ja) * 2002-09-20 2004-04-15 Pioneer Electronic Corp 鍵管理システム
JP2004140667A (ja) * 2002-10-18 2004-05-13 Canon Inc 情報処理方法

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100215586B1 (ko) * 1992-11-09 1999-08-16 모리시타 요이찌 다이제스트 화상 자동생성 장치 및 다이제스트 화상 자동생성 방법
US5483598A (en) * 1993-07-01 1996-01-09 Digital Equipment Corp., Patent Law Group Message encryption using a hash function
US5708717A (en) * 1995-11-29 1998-01-13 Alasia; Alfred Digital anti-counterfeiting software method and apparatus
JPH1198487A (ja) * 1997-09-24 1999-04-09 Mitsubishi Electric Corp 画像符号化装置及び画像復号化装置
US6598161B1 (en) * 1999-08-09 2003-07-22 International Business Machines Corporation Methods, systems and computer program products for multi-level encryption
JP2002156905A (ja) 2000-11-20 2002-05-31 Nippon Telegr & Teleph Corp <Ntt> 映像暗号化方法、装置、プログラム記録媒体および映像再生方法、装置、プログラム記録媒体
US7043024B1 (en) * 2001-04-18 2006-05-09 Mcafee, Inc. System and method for key distribution in a hierarchical tree
US7136840B2 (en) * 2001-04-20 2006-11-14 Intertrust Technologies Corp. Systems and methods for conducting transactions and communications using a trusted third party
JP4471337B2 (ja) * 2002-08-01 2010-06-02 キヤノン株式会社 画像処理装置及び方法、並びにコンピュータプログラム及びコンピュータ可読記憶媒体
KR100940202B1 (ko) * 2002-08-29 2010-02-10 삼성전자주식회사 일방향 함수를 사용하여 계층적으로 암호화하는 장치 및방법
US7512811B2 (en) 2003-01-14 2009-03-31 Canon Kabushiki Kaisha Encryption/decryption method for data limited in value range, apparatus and program therefor
JP2004297778A (ja) * 2003-03-07 2004-10-21 Canon Inc 画像データ暗号化方法及び装置、並びにコンピュータプログラム及びコンピュータ可読記憶媒体
US7313814B2 (en) * 2003-04-01 2007-12-25 Microsoft Corporation Scalable, error resilient DRM for scalable media
US20070033430A1 (en) * 2003-05-05 2007-02-08 Gene Itkis Data storage distribution and retrieval
WO2005018136A1 (ja) 2003-07-11 2005-02-24 Canon Kabushiki Kaisha 鍵情報処理方法及びその装置、並びにプログラム
JP4993674B2 (ja) 2005-09-09 2012-08-08 キヤノン株式会社 情報処理装置、検証処理装置及びそれらの制御方法、コンピュータプログラム及び記憶媒体
JP2007081482A (ja) 2005-09-09 2007-03-29 Canon Inc 端末認証方法及びその装置、プログラム

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002080448A1 (en) * 2001-03-29 2002-10-10 Sony Corporation Information processing apparatus
JP2004120008A (ja) * 2002-09-20 2004-04-15 Pioneer Electronic Corp 鍵管理システム
JP2004140667A (ja) * 2002-10-18 2004-05-13 Canon Inc 情報処理方法

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101641904B (zh) * 2007-03-20 2012-10-03 索尼株式会社 密钥提供系统、终端设备和信息处理方法

Also Published As

Publication number Publication date
US8000472B2 (en) 2011-08-16
JP2006074392A (ja) 2006-03-16
JP4632413B2 (ja) 2011-02-16
US20080152133A1 (en) 2008-06-26

Similar Documents

Publication Publication Date Title
US8000472B2 (en) Information encryption apparatus and controlling method of the same, computer program and computer readable storage medium
Chang et al. Cryptographic key assignment scheme for access control in a hierarchy
Naidu et al. Design and implementation of cryptcloud system for securing files in cloud
US7340054B2 (en) Information processing method, decrypting method, information processing apparatus, and computer program
CN1846396B (zh) 密钥信息处理方法及其设备
US20050210014A1 (en) Information-processing method, decryption method, information-processing apparatus and computer program
CN108111540A (zh) 一种云存储中支持数据共享的分层访问控制系统及方法
CN116488814A (zh) 一种基于fpga的数据加密的安全计算方法
CN113194089A (zh) 一种支持属性撤销的密文策略基于属性加密方法
Kuo et al. Cryptographic key assignment scheme for dynamic access control in a user hierarchy
EP2086161A1 (en) Information processing device
Hui-Min et al. A cryptographic implementation for dynamic access control in a user hierarchy
US20060015514A1 (en) Information processing method and information processing apparatus
US8229121B2 (en) Method of tracing device keys for broadcast encryption
KR20100003093A (ko) 암호문 크기를 줄이기 위한 공개키 기반의 검색가능암호문생성 방법과, 그에 따른 공개키 기반의 데이터 검색 방법
KR101951545B1 (ko) 와일드 카드를 포함하는 키 발급, 암호화 및 복호화 방법
CN114282922B (zh) 一种基于冷钱包的区块链交易处理方法及装置
CN117395048A (zh) 一种防止用户密钥串通的基于文件层次属性的加密方法
Kumar Advanced RSA cryptographic algorithm for improving data security
JP2005109753A (ja) 鍵情報処理方法及びその装置、並びにプログラム
Chang A flexible hierarchical access control mechanism enforcing extension policies
Xun et al. Substitution box design based on improved sine cosine algorithm
JP4664008B2 (ja) アクセス権管理システム、アクセス権管理装置、アクセス権管理方法、端末用プログラム、及びアクセス権管理プログラム
Vinnarasi et al. Advancing Data Security in Cloud Computing: Introducing Secured Layered Technique for Data Security Approach (SLT-DSA), A Multi-Layered Security Framework
CN116032467B (zh) 基于拉格朗日秘钥分存的文档加密方法及解密方法

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase