CN101542966A

CN101542966A - Information processing device

Info

Publication number: CN101542966A
Application number: CN200780042754.1A
Authority: CN
Inventors: 浅野智之; 草川雅文
Original assignee: Sony Corp
Current assignee: Sony Corp
Priority date: 2006-11-16
Filing date: 2007-10-03
Publication date: 2009-09-23
Anticipated expiration: 2027-10-03
Also published as: CN101542966B; JP2008131076A

Abstract

An information processing device is provided for making it possible to reduce the number of keys for a terminal device to hold and a calculating amount necessary for decoding encrypted data. The information processing device sets up an entirely tree structure comprised of n-leaf nodes, a root node, a plurality of intermediate nodes other than root nodes and leaf nodes, divides the entirely tree structure into a plurality of basic component trees with n<1/y> leaf nodes and classifies it into y classes (y is a divisor of log(n)), so that root nodes of the basic component trees at a lower class are configured to become leaf nodes of thebasic component trees at a higher class. Further, the information processing device allocates a subset of the terminal device to each node of each basic component tree and generates a directional graph in which directional branches to mutually connect coordinate points on coordinate axes are generated.

Description

Information processor

Technical field

The present invention relates to information process unit, terminal unit, information processing method, key generation method and program thereof.

Background technology

Now, the development of the encryption technology relevant with the content distribution on the network etc. causes the interest that people are increasing.The method of distributing the encryption key of enabling decryption of encrypted content especially, safely and effectively causes that people pay close attention to especially.In general, have with effective reception power n (n be 2 or above natural number) recipient at distributor of distribution of encrypted content, and the mechanism that only is present in n recipient's ability enabling decryption of encrypted content in the middle of no a plurality of interceptors on the network is absolutely necessary.Further, become in time, so need to deal with flexibly the mechanism of variation of recipient's set because have the recipient's of effective reception power quantity n.

Further, in machine-processed like this realization, inevitably, aspect the distributor, can produce the processing relevant burden, and aspect the recipient, can produce the relevant processing burdens such as deciphering with the preservation of decruption key and reception, content with generation, preservation and the distribution of encryption key, the encryption of content etc.Really, the burden of encrypting the distribution cost along with the various nearest technical development such as the raising of the communication speed of the raising of the throughput of messaging device, memory capacity etc. and information transmission path corresponding alleviating.But, because the remarkable increase of the client's of content distribution service quantity and must be enough to watch out for the requirement of skilled malice interceptor's encryption technology, increase by encrypting the processing burden that distribution causes to safety thereupon.

Under such environment, as using broadcast channel safely information to be sent to the technology of the optional group of recipients of distributor, people have proposed the scheme such as cancelling scheme and broadcast encryption scheme.An example of broadcast encryption scheme is the encryption key distribution scheme that is disclosed in the following non-patent literature 1, and the feature of this scheme is to use existing hierarchical tree structure that cipher key distribution scheme is made the improvement that key is derived the aspect, path.Specifically, the scheme that this recipient's set is considered to be divided into a plurality of subclass does not add and creates a new subclass in this subclass by will being included in recipient in certain subclass, as the result who repeats this method, create a subclass chain, derive then and the corresponding encryption key of each subclass along this chain.Thereby, can reduce quantity, the amount of calculation of generating solution decryption key and the traffic of key distribution of the key that the recipient preserves.

Non-patent literature 1:Nattapong Attrapadung and Hideki Imai, " Subset Incre-mental Chain Based Broadcast Encryption with Shorter Ciphertext ", The 28thSymposium on Information Theory and Its Application (SITA2005).

Summary of the invention

The problem to be solved in the present invention

According to the encryption key distribution scheme of above-mentioned non-patent literature 1 with have tangible advantage such as comparing with the cipher key distribution scheme the SD scheme (subset difference offshoot program) according to the CD scheme (complete subtree scheme) of prior art.But, from the practical point of view of planning to realize, exist under large numbers of situations of recipient the quantity of the key that the terminal unit on the receiving terminal will be preserved and the still very big problem of amount of calculation in the required terminal unit when using the decruption key deciphering.

The present invention makes in order to solve top problem, therefore, the purpose of this invention is to provide the novelty of the required amount of calculation of the quantity that can reduce the key that terminal unit will preserve and decrypt encrypted data and improve information process unit, terminal unit, information processing method, key generation method and program thereof.

The means of dealing with problems

In order to solve top problem, according to one aspect of the present invention, provide and comprised following information process unit: tree structure is provided with part, be used to dispose the whole binary tree of forming by n leaf node, root node and a plurality of intermediate nodes different, and whole tree is divided into comprises n with root node and leaf node ^1/yThe a plurality of basic subtree of individual leaf node, to form y layer (y is the approximate number of log (n)) hierarchy, so that the root node of the basic subtree of lower floor is consistent with the leaf node of the basic subtree on upper strata, the sets definition of leaf node that will be lower than the node w of whole tree becomes Aw, in the leaf node of basic subtree, will be positioned at the locational leaf node of certain leaf node v left side i and be defined as v ^(-i), be defined as v and will be positioned at the right side locational leaf node of i ⁽⁺ⁱ⁾, two leaf node u and v (v is on the right side of u) about basic subtree will gather (u → v) be defined as { Au, Au ∪ Au ⁽⁺¹⁾..., Au ∪ ... ∪ Av}, and will gather (u ← v) be defined as { Av, Av ∪ Av ⁽¹⁾..., Av ∪ ... ∪ Au}, when in than the low a plurality of leaf nodes of the node v of basic subtree, the leaf node that is positioned at left end is defined by lv ', and the leaf node that is positioned at right-hand member is defined by rv ' time, will gather (l _Root' → r _Root') and set (l _Root' ⁽⁺¹⁾← r _Root') be associated with the root node root of basic subtree on the top layer, will gather (lv ' → rv ' ⁽¹⁾) and set (lv ' ⁽⁺¹⁾← rv ') be associated with the root node v of basic subtree on other layer except top layer, if the intermediate node v of each subtree is positioned at its father node left side, then will gather (lv ' ⁽⁺¹⁾← rv ') be associated with intermediate node v, and if the intermediate node v of each subtree is positioned at its father node right side, then will gather (lv ' → rv ' ⁽¹⁾) be associated with intermediate node v; With the directed graph generating portion, be used at the root node of each basic subtree and each of intermediate node v, generate with the degree of comprising that from left to right increases and on horizontal axis, arrange and be included in set (l _Root' → r _Root') or set (lv ' → rv ' ⁽¹⁾) in the corresponding coordinate points of subclass and the directed graph of the directed edge that connects coordinate points is set and/or on horizontal axis, arranges and be included in set (l with the degree of comprising that increases from right to left _Root' ⁽⁺¹⁾← r _Root') or set (lv ' ⁽⁺¹⁾← rv ') the corresponding coordinate points of the subclass in also is provided with the directed graph of the directed edge that connects coordinate points.

Further, the directed graph generating portion may further include that directed edge is provided with part between subtree, be used to be provided with from the corresponding directed graph of basic subtree of lower floor to the directed edge of the corresponding directed graph of basic subtree on upper strata.

Further, between subtree directed edge be provided with part can be provided with from the corresponding directed graph of basic subtree of lower floor first coordinate points to the corresponding directed graph of basic subtree on upper strata in the directed edge of second coordinate points.

Can comprise and the corresponding subclass of first coordinate points with the corresponding subclass of second coordinate points.

Further, the directed graph generating portion can comprise that reference axis is provided with part and directed edge is provided with part, reference axis is provided with part and can be provided with the degree of comprising that from left to right increases and arranges and be included in set (l at the root node of each basic subtree and each among the intermediate node v _Root' → r _Root') or set (lv ' → rv ' ⁽¹⁾) in first horizontal axis of the corresponding coordinate points of subclass and/or degree of comprising arrange from right to left with increasing and be included in set (l _Root' ⁽⁺¹⁾← r _Root') or set (lv ' ⁽⁺¹⁾Second horizontal axis of the corresponding coordinate points of subclass ← rv '), at least two interim coordinate points and directed edge also are set on the left end of first and second each root of horizontal axis and/or right-hand member in addition altogether are provided with that part can (k be log (n being provided with given integer k ^1/y) approximate number) and calculate and satisfy n ^(x-1)/k*y＜(rv '-lv '+1)≤n ^X/k*yInteger x after, the left end coordinate points that repeatedly is provided with on every first horizontal axis begins to extend to the n of being separated by ^{I/ (k*y)}(directed edge to the right of the coordinate points of i=0～x-1), the right-hand member coordinate points that repeatedly is provided with on every second horizontal axis begins to extend to the n of being separated by ^{I/ (k*y)}(the directed edge left of the coordinate points of i=0～x-1), head is arranged on the interim coordinate points of eliminating on each root of first and second horizontal axis or all directed edges of tail are arranged and the directed edge of each coordinate points on arriving first and second horizontal axis get rid of other directed edge except the longest directed edge.

Information process unit may further include the key generating portion, is used for generating according to directed graph the set key (set key) of encrypted content or content key.

Further, the key generating portion can in response to about with directed graph in the input of intermediate key t (Si) of the corresponding subclass S of certain coordinate points, output with corresponding to the corresponding set key of the subclass Si of this coordinate points k (Si) and coordinate points S1, S2 on the head of the directed edge that tail is arranged on the coordinate points S ..., intermediate key t (S1), the t (S2) of Sk ..., t (Sk).

Further, the key generating portion can in response to about with directed graph in the input of set key k (S) of the corresponding subclass S of certain coordinate points, coordinate points S1, the S2 of output on the head of the directed edge that tail is arranged on the coordinate points S ..., set key k (S1), the k (S2) of Sk ..., k (Sk).

Information process unit may further include encryption section, is used for using in the set secret key encryption perhaps content key.

Information process unit may further include translator unit, is used for the interior perhaps content key that encryption section is encrypted is sent to respectively some or all terminal units that are associated with leaf node 1～n of whole tree.

Information process unit may further include the subclass determining section, be used for when the subclass of leaf node 1～n of whole tree is defined by Si, determine to allow deciphering to use the set (N R) of the terminal unit of the content of gathering key or content key encryption, and determine to satisfy set (N R)={ S1 ∪ S2 ∪ ... the m of ∪ Sm} subclass S1～Sm.

Further, the subclass determining section can determine to make the subclass S1～Sm of the value minimum of m.

Further, the translator unit information that the information of indication set (N R) or indication can be constituted the subclass S1～Sm of set (N R) is sent to terminal unit.

Further, translator unit can use encryption section respectively the interior perhaps content key with the corresponding set secret key encryption of subclass S1～Sm to be sent to terminal unit.

Further, in order to solve top problem, according to another aspect of the present invention, provide and comprised following terminal unit: the key generating portion, be used for generating the set key of deciphering encrypted content or encrypted content key according to directed graph, wherein, directed graph generates as follows: the whole binary tree that configuration is made up of n leaf node, root node and a plurality of intermediate nodes different with root node and leaf node, and whole tree is divided into comprises n ^1/yThe a plurality of basic subtree of individual leaf node, to form y layer (y is the approximate number of log (n)) hierarchy, so that the root node of the basic subtree of lower floor is consistent with the leaf node of the basic subtree on upper strata, the sets definition of leaf node that will be lower than the node w of whole tree becomes Aw, in the leaf node of basic subtree, will be positioned at the locational leaf node of certain leaf node v left side i and be defined as v ^(-i), be defined as v and will be positioned at the right side locational leaf node of i ⁽⁺ⁱ⁾, two leaf node u and v (v is on the right side of u) about basic subtree will gather (u → v) be defined as { Au, Au ∪ Au ⁽⁺¹⁾..., Au ∪ ... ∪ Av}, and will gather (u ← v) be defined as { Av, Av ∪ Av ⁽¹⁾..., Av ∪ ... ∪ Au}, when in than the low a plurality of leaf nodes of the node v of basic subtree, the leaf node that is positioned at left end is defined by lv ', and the leaf node that is positioned at right-hand member is defined by rv ' time, will gather (l _Root' → r _Root') and set (l _Root' ⁽⁺¹⁾← r _Root') be associated with the root node of basic subtree on the top layer, will gather (lv ' → rv ' ⁽¹⁾) and set (lv ' ⁽⁺¹⁾← rv ') be associated with the root node v of basic subtree on other layer except top layer, if the intermediate node v of each subtree is positioned at its father node left side, then will gather (lv ' ⁽⁺¹⁾← rv ') be associated with intermediate node v, if the intermediate node v of each subtree is positioned at its father node right side, then will gather (lv ' → rv ' ⁽¹⁾) be associated with intermediate node v and at the root node of each basic subtree and each among the intermediate node v, generate with the degree of comprising that from left to right increases and on horizontal axis, arranges and be included in set (l _Root' → r _Root') or set (lv ' → rv ' ⁽¹⁾) in the corresponding coordinate points of subclass and the directed graph of the directed edge that connects coordinate points is set and/or on horizontal axis, arranges and be included in set (l with the degree of comprising that increases from right to left _Root' ⁽⁺¹⁾← r _Root') or set (lv ' ⁽⁺¹⁾← rv ') the corresponding coordinate points of the subclass in also is provided with the directed graph of the directed edge that connects coordinate points.

Further, can be provided with from the corresponding directed graph of basic subtree of lower floor to the directed edge of the corresponding directed graph of basic subtree on upper strata.

Further, can be provided with from the corresponding directed graph of basic subtree of lower floor first coordinate points to the corresponding directed graph of basic subtree on upper strata in second coordinate points directed edge and can comprise and the corresponding subclass of first coordinate points with the corresponding subclass of second coordinate points.

Terminal unit may further include decryption portion, is used to set secret key decryption encrypted content or the encrypted content key of using the key generating portion to generate.

Further, the key generating portion can in response to about with directed graph in the input of intermediate key t (Si) of the corresponding subclass S of certain coordinate points, output with corresponding to the corresponding set key of the subclass S of this coordinate points k (Si) and with the corresponding subclass S1 of coordinate points, S2 on the head of the directed edge that tail is arranged on the coordinate points S ..., intermediate key t (S1), the t (S2) of Sk ..., t (Sk).

Further, decryption portion can be used set secret key decryption encrypted content key, and uses decrypted content keys enabling decryption of encrypted content.

Further, terminal unit can comprise receiving unit, be used for set (N R) when the terminal unit of the content of having determined to allow deciphering to use set key or content key encryption, and determined satisfied set (N R)={ S1 ∪ S2 ∪ ... during the m of ∪ Sm} subclass S1～Sm, receive the information that the information of indication set (N R) or indication constitute the subclass S1～Sm of set (N R), wherein, the subclass of leaf node 1～n of whole tree is defined by Si; With the judgement part, be used for judging according to reception information whether terminal unit belongs to the some of subclass S1～Sm, and judge whether allow the enabling decryption of encrypted content according to result of determination.

Terminal unit may further include decryption portion, be used to use the set secret key decryption encrypted content or the encrypted content key of the generation of key generating portion, with when judging that part judges that terminal unit belongs to subclass S1～Sm some, decryption portion can be used set secret key decryption encrypted content or encrypted content key.

Further, in order to solve top problem, according to another aspect of the present invention, the information processing method that comprises the steps is provided: the whole binary tree that configuration is made up of n leaf node, root node and a plurality of intermediate nodes different with root node and leaf node, and whole tree is divided into comprises n ^1/yThe a plurality of basic subtree of individual leaf node is to form y layer (y is the approximate number of log (n)) hierarchy, so that the root node of the basic subtree of lower floor is consistent with the leaf node of the basic subtree on upper strata; The sets definition of leaf node that will be lower than the node w of whole tree becomes Aw, in the leaf node of basic subtree, will be positioned at the locational leaf node of certain leaf node v left side i and be defined as v ^(-i), be defined as v and will be positioned at the right side locational leaf node of i ⁽⁺ⁱ⁾, two leaf node u and v (v is on the right side of u) about basic subtree will gather (u → v) be defined as { Au, Au ∪ Au ⁽⁺¹⁾..., Au ∪ ... ∪ Av}, and will gather (u ← v) be defined as { Av, Av ∪ Av ⁽¹⁾..., Av ∪ ... ∪ Au}, when in than the low a plurality of leaf nodes of the node v of basic subtree, the leaf node that is positioned at left end is defined by lv ', and the leaf node that is positioned at right-hand member is defined by rv ' time, will gather (l _Root' → r _Root') and set (l _Root' ⁽⁺¹⁾← r _Root') be associated with the root node root of basic subtree on the top layer, will gather (lv ' → rv ' ⁽¹⁾) and set (lv ' ⁽⁺¹⁾← rv ') be associated with the root node v of basic subtree on other layer except top layer, if the intermediate node v of each subtree is positioned at its father node left side, then will gather (lv ' ⁽⁺¹⁾← rv ') be associated with intermediate node v, and if the intermediate node v of each subtree is positioned at its father node right side, then will gather (lv ' → rv ' ⁽¹⁾) be associated with intermediate node v; With at the root node of each basic subtree and each among the intermediate node v, generate with the degree of comprising that from left to right increases and on horizontal axis, arrange and be included in set (l _Root' → r _Root') or set (lv ' → rv ' ⁽¹⁾In the corresponding coordinate points of subclass and the directed graph of the directed edge that connects coordinate points is set and/or on horizontal axis, arranges and be included in set (l with the degree of comprising that increases from right to left _Root' ⁽⁺¹⁾← r _Root') or set (lv ' ⁽⁺¹⁾← rv ') the corresponding coordinate points of the subclass in also is provided with the directed graph of the directed edge that connects coordinate points.

Further, in order to solve top problem, according to another aspect of the present invention, the key generation method that generates the set key of deciphering encrypted content or encrypted content key according to directed graph is provided, wherein, directed graph obtains as follows: the whole binary tree that configuration is made up of n leaf node, root node and a plurality of intermediate nodes different with root node and leaf node, and whole tree is divided into comprises n ^1/yThe a plurality of basic subtree of individual leaf node, to form y layer (y is the approximate number of log (n)) hierarchy, so that the root node of the basic subtree of lower floor is consistent with the leaf node of the basic subtree on upper strata, the sets definition of leaf node that will be lower than the node w of whole tree becomes Aw, in the leaf node of basic subtree, will be positioned at the locational leaf node of certain leaf node v left side i and be defined as v ^(-i), be defined as v and will be positioned at the right side locational leaf node of i ⁽⁺ⁱ⁾, two leaf node u and v (v is on the right side of u) about basic subtree will gather (u → v) be defined as { Au, Au ∪ Au ⁽⁺¹⁾..., Au ∪ ... ∪ Av}, and will gather (u ← v) be defined as { Av, Av ∪ Av ⁽¹⁾..., Av ∪ ... ∪ Au}, when in than the low a plurality of leaf nodes of the node v of basic subtree, the leaf node that is positioned at left end is defined by lv ', and the leaf node that is positioned at right-hand member is defined by rv ' time, will gather (l _Root' → r _Root') and set (l _Root' ⁽⁺¹⁾← r _Root') with top layer on the root joint root spot correlation connection of basic subtree, will gather (lv ' → rv ' ⁽¹⁾) and set (lv ' ⁽⁺¹⁾← rv ') be associated with the root node v of basic subtree on other layer except top layer, if the intermediate node v of each subtree is positioned at its father node left side, then will gather (lv ' ⁽⁺¹⁾← rv ') be associated with intermediate node v, if the intermediate node v of each subtree is positioned at its father node right side, then will gather (lv ' → rv ' ⁽¹⁾) be associated with intermediate node v and at the root node of each basic subtree and each among the intermediate node v, generate with the degree of comprising that from left to right increases and on horizontal axis, arranges and be included in set (l _Root' → r _Root') or set (lv ' → rv ' ⁽¹⁾) in the corresponding coordinate points of subclass and the directed graph of the directed edge that connects coordinate points is set and/or on horizontal axis, arranges and be included in set (l with the degree of comprising that increases from right to left _Root' ⁽⁺¹⁾← r _Root') or set (lv ' ⁽⁺¹⁾← rv ') the corresponding coordinate points of the subclass in also is provided with the directed graph of the directed edge that connects coordinate points.

Further, in order to solve top problem, according to another aspect of the present invention, the program of the processing that computer is carried out comprise the steps is provided: the whole binary tree that configuration is made up of n leaf node, root node and a plurality of intermediate nodes different with root node and leaf node, and whole tree is divided into comprises n ^1/yThe a plurality of basic subtree of individual leaf node is to form y layer (y is the approximate number of log (n)) hierarchy, so that the root node of the basic subtree of lower floor is consistent with the leaf node of the basic subtree on upper strata; The sets definition of leaf node that will be lower than the node w of whole tree becomes Aw, in the leaf node of basic subtree, will be positioned at the locational leaf node of certain leaf node v left side i and be defined as v ^(-i), be defined as v and will be positioned at the right side locational leaf node of i ⁽⁺ⁱ⁾, two leaf node u and v (v is on the right side of u) about basic subtree will gather (u → v) be defined as { Au, Au ∪ Au ⁽⁺¹⁾..., Au ∪ ... ∪ Av}, and will gather (u ← v) be defined as { Av, Av ∪ Av ⁽¹⁾..., Av ∪ ... ∪ Au}, when in than the low a plurality of leaf nodes of the node v of basic subtree, the leaf node that is positioned at left end is defined by lv ', and the leaf node that is positioned at right-hand member is defined by rv ' time, will gather (l _Root' → r _Root') and set (l _Root' ⁽⁺¹⁾← r _Root') be associated with the root node root of basic subtree on the top layer, will gather (lv ' → rv ' ⁽¹⁾) and set (lv ' ⁽⁺¹⁾← rv ') be associated with the root node v of basic subtree on other layer except top layer, if the intermediate node v of each subtree is positioned at its father node left side, then will gather (lv ' ⁽⁺¹⁾← rv ') be associated with intermediate node v, and if the intermediate node v of each subtree is positioned at its father node right side, then will gather (lv ' → rv ' ⁽¹⁾) be associated with intermediate node v; With at the root node of each basic subtree and each among the intermediate node v, generate with the degree of comprising that from left to right increases and on horizontal axis, arrange and be included in set (l _Root' → r _Root') or set (lv ' → rv ' ⁽¹⁾) in the corresponding coordinate points of subclass and the directed graph of the directed edge that connects coordinate points is set and/or on horizontal axis, arranges and be included in set (l with the degree of comprising that increases from right to left _Root' ⁽⁺¹⁾← r _Root') or set (lv ' ⁽⁺¹⁾← rv ') the corresponding coordinate points of the subclass in also is provided with the directed graph of the directed edge that connects coordinate points.

Further, in order to solve top problem, according to another aspect of the present invention, provide and made computer carry out the program that generates the step of the set key of deciphering encrypted content or encrypted content key according to directed graph, wherein, directed graph obtains as follows: the whole binary tree that configuration is made up of n leaf node, root node and a plurality of intermediate nodes different with root node and leaf node, and whole tree is divided into comprises n ^1/yThe a plurality of basic subtree of individual leaf node, to form y layer (y is the approximate number of log (n)) hierarchy, so that the root node of the basic subtree of lower floor is consistent with the leaf node of the basic subtree on upper strata, the sets definition of leaf node that will be lower than the node w of whole tree becomes Aw, in the leaf node of basic subtree, will be positioned at the locational leaf node of certain leaf node v left side i and be defined as v ^(-i), be defined as v and will be positioned at the right side locational leaf node of i ⁽⁺ⁱ⁾, two leaf node u and v (v is on the right side of u) about basic subtree will gather (u → v) be defined as { Au, Au ∪ Au ⁽⁺¹⁾..., Au ∪ ... ∪ Av}, and will gather (u ← v) be defined as { Av, Av ∪ Av ⁽¹⁾..., Av ∪ ... ∪ Au}, when in than the low a plurality of leaf nodes of the node v of basic subtree, the leaf node that is positioned at left end is defined by lv ', and the leaf node that is positioned at right-hand member is defined by rv ' time, will gather (l _Root' → r _Root') and set (l _Root' ⁽⁺¹⁾← r _Root') with top layer on the root joint root spot correlation connection of basic subtree, will gather (lv ' → rv ' ⁽¹⁾) and set (lv ' ⁽⁺¹⁾← rv ') be associated with the root node v of basic subtree on other layer except top layer, if the intermediate node v of each subtree is positioned at its father node left side, then will gather (lv ' ⁽⁺¹⁾← rv ') be associated with intermediate node v, if the intermediate node v of each subtree is positioned at its father node right side, then will gather (lv ' → rv ' ⁽¹⁾) be associated with intermediate node v and at the root node of each basic subtree and each among the intermediate node v, generate with the degree of comprising that from left to right increases and on horizontal axis, arranges and be included in set (l _Root' → r _Root') or set (lv ' → rv ' ⁽¹⁾) in the corresponding coordinate points of subclass and the directed graph of the directed edge that connects coordinate points is set and/or on horizontal axis, arranges and be included in set (l with the degree of comprising that increases from right to left _Root' ⁽⁺¹⁾← r _Root') or set (lv ' ⁽⁺¹⁾← rv ') the corresponding coordinate points of the subclass in also is provided with the directed graph of the directed edge that connects coordinate points.

In order to solve top problem, according to one aspect of the present invention, provide and comprised following information process unit: directed graph obtains part, is used to obtain the directed graph of being made up of many directed edges, so that it is consistent with the afterbody of directed graph to constitute the afterbody of the longest directed edge of directed graph; With the key generating portion, the directed graph that is used for obtaining according to directed graph acquisition unit branch generates the set key of encryption or decryption content or content key.

Further, in order to solve top problem, according to one aspect of the present invention, provide the information process unit of handling interim directed graph, interim directed graph is for given integer k, according to satisfying n ^(x-1)/k＜(rv-lv+1)≤n ^X/kNatural number x, spread length is n on first to the 4th horizontal axis ^I/k(i=0,1, ..., x-1) many directed edges form, at n leaf node by assigned number 1～n (n is a natural number), in root node and the binary tree that a plurality of intermediate nodes different with root node and leaf node are formed, wherein, in a plurality of leaf nodes lower than certain intermediate node v or certain root node v, the number that is assigned to the leaf node that is positioned at left end is defined as lv, and the number that will be assigned to the leaf node that is positioned at right-hand member is defined as rv, for natural number i and j (i≤j), suppose to gather (i → j) be expressed as { { i}, { i, i+1}, ..., { i, i+1, ..., j-1, j}}, and will gather (i ← j) be expressed as { { j}, { j, j-1}, ..., { j, j-1, ..., i+1, i}}, be provided with and be associated with root node and contain respectively that (subclass in 1 → n) is associated and is arranged in first horizontal axis of the coordinate points on the horizontal axis with the degree of comprising of from left to right increase with being included in set, be provided with and be associated with root node and contain respectively that (subclass in 2 ← n) is associated and is arranged in second horizontal axis of the coordinate points on the horizontal axis with the degree of comprising of increase from right to left with being included in set, for each intermediate node, be provided with and be associated with certain intermediate node v and contain respectively that (subclass among the lv → rv-1) is associated and is arranged in the 3rd horizontal axis of the coordinate points on the horizontal axis with the degree of comprising of from left to right increase with being included in set, and be provided with and be associated with certain intermediate node v and contain respectively that (subclass among the lv+1 ← rv) is associated and is arranged in the 4th horizontal axis of the coordinate points on the horizontal axis with the degree of comprising of increase from right to left with being included in set, comprise that with this information process unit interim directed graph obtains part, is used to obtain interim directed graph; The directed graph generating portion is used for generating directed graph by staying the longer directed edge in the middle of many directed edges that constitute the interim directed graph that interim directed graph acquisition unit branch obtains; With the key generating portion, be used for generating the set key of encrypted content or content key according to directed graph.

Further, in order to solve top problem, according to one aspect of the present invention, provide and comprised following information process unit: tree structure is provided with part, is used for n the leaf node of configuration by assigned number 1～n (n is a natural number), the binary tree that root node and a plurality of intermediate nodes different with root node and leaf node are formed is for natural number i and j (i≤j), to gather (i → j) be defined as { { i}, { i, i+1}, ..., i, i+1 ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, { j, j-1}, ..., { j, j-1, ..., i+1, i}} and in a plurality of leaf nodes lower than certain intermediate node v or certain root node v, the number that is assigned to the leaf node that is positioned at left end is arranged to lv, and the number that will be assigned to the leaf node that is positioned at right-hand member is arranged to rv; Reference axis is provided with part, be used for being provided with and be associated with root node and contain respectively that (1 → n) subclass is associated and is arranged in first horizontal axis of the coordinate points on the horizontal axis with the degree of comprising of from left to right increase with being included in set, be associated with root node and contain respectively that (subclass in 2 ← n) is associated and is arranged in second horizontal axis of the coordinate points on the horizontal axis with the degree of comprising that increases from right to left with being included in set, for each intermediate node, be associated with certain intermediate node v and contain respectively that (subclass among the lv → rv-1) is associated and is arranged in the 3rd horizontal axis of the coordinate points on the horizontal axis with the degree of comprising that from left to right increases with being included in set, with be associated with certain intermediate node v and contain respectively that (subclass among the lv+1 ← rv) is associated and is arranged in the 4th horizontal axis of the coordinate points on the horizontal axis with the degree of comprising that increases from right to left with being included in set, place each on the right side of the coordinate points that is positioned at the 3rd horizontal axis right-hand member be positioned at two interim coordinate points on the left side of coordinate points of the second and the 4th horizontal axis left end, and the coordinate points that will be positioned at the first horizontal axis right-hand member is arranged to the first interim coordinate points and the second interim coordinate points is placed on the right of the first interim coordinate points; With the directed graph generating portion, be used for generating as follows respectively with set (1 → n-1), set (2 ← n), ((directed graph that lv ← rv-1) is relevant: given integer k is set, and n is satisfied in calculating for lv+1 → rv) and set in set ^(x-1)/k＜(rv-lv+1)≤n ^X/kInteger x and among integer i=0～x-1 each, be n by coupling length ^I/kOne or more directed edge to the right, be formed on the directed walk that tail is arranged on the most left coordinate points on the first and the 3rd horizontal axis, be n by coupling length ^I/kOne or more directed edge left, be formed on the directed walk that tail is arranged on the rightest coordinate points on the second and the 4th horizontal axis, eliminating has tail or all directed edges of head is arranged on the interim coordinate points on each root of first to the 4th horizontal axis, and get rid of other directed edge except the longest directed edge the directed edge of each coordinate points on arriving first to the 4th horizontal axis, with by will have on the first interim coordinate points on first horizontal axis length of head be that 1 directed edge adds with set and (in 1 → n-1) the relevant directed graph, generates and gather (1 → n) relevant directed graph.

As mentioned above, use the encryption key distribution scheme of intermediate key and set key and to generate the set key, thereby can not make the quantity of the key that each user preserves to reduce the worst-case value of the required amount of calculation of each user (terminal unit) generating solution decryption key when the enciphered message of deciphering distribution with increasing according to above-mentioned directed graph distribution intermediate key.

Further, information process unit can comprise the key generating portion, is used for generating according to directed graph the set key of encrypted content or content key.

Further, the key generating portion can in response to about with directed graph in the input of intermediate key t (Si) of the corresponding subclass S of certain coordinate points, output with corresponding to the corresponding set key of the subclass S of this coordinate points k (Si) and coordinate points S1, S2 on the head of the directed edge that tail is arranged on the coordinate points S ..., intermediate key t (S1), the t (S2) of Sk ..., t (Sk).

Further, the key generating portion can comprise that initial intermediate key is provided with part, is used for given random number is arranged to and the corresponding intermediate key of the afterbody of each directed graph.

Further, information process unit can comprise encryption section, is used for using in the set secret key encryption perhaps content key.

Further, information process unit can comprise translator unit, is used for the interior perhaps content key that encryption section is encrypted is sent to respectively some or all terminal units that are associated with the leaf node 1～n (n is a natural number) that constitutes given binary tree.

Further, information process unit can comprise the subclass determining section, be used for the subclass of leaf node 1～n is defined by Si, determine to allow deciphering to use the set (N R) of the terminal unit of the content of gathering key or content key encryption, and determine to satisfy set (N R)={ S1 ∪ S2 ∪ ... the m of ∪ Sm} subclass S1～Sm.

Further, information process unit can comprise translator unit, and the information that is used for the information of indication set (N R) or indication are constituted the subclass S1～Sm of set (N R) is sent to terminal unit.

Information process unit may further include decryption portion, is used for using in the set secret key decryption perhaps content key.

Information process unit may further include the receiving unit that is associated with the one or more leaf node 1～n (n is a natural number) that constitute given binary tree, is used to receive the interior perhaps content key that uses the set secret key encryption.

Encrypted content that receiving unit receives or encrypted content key can by with the S set i of the subclass that is defined as leaf node 1～n in one or more information process units deciphering of being associated as the leaf node of the element of the S set that comprises the leaf node that is associated with self.

Further, in order to solve top problem, according to another aspect of the present invention, provide to comprise following terminal unit: the key generating portion is used for the set key according to directed graph generation decryption content or content key.Directed graph generates as follows: configuration is by n the leaf node of assigned number 1～n (n is a natural number), the binary tree that root node and a plurality of intermediate nodes different with root node and leaf node are formed, for natural number i and j (i≤j), to gather (i → j) be defined as { { i}, { i, i+1}, ..., { i, i+1, ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, { j, j-1}, ..., { j, j-1, ..., i+1, i}}, with in a plurality of leaf nodes lower than certain intermediate node v or certain root node v, the number that is assigned to the leaf node that is positioned at left end is arranged to lv, and the number that will be assigned to the leaf node that is positioned at right-hand member is arranged to rv, be provided with and be associated with root node and contain respectively that (subclass in 1 → n) is associated and is arranged in first horizontal axis of the coordinate points on the horizontal axis with the degree of comprising of from left to right increase with being included in set, be associated with root node and contain respectively that (subclass in 2 ← n) is associated and is arranged in second horizontal axis of the coordinate points on the horizontal axis with the degree of comprising that increases from right to left with being included in set, for each intermediate node, be associated with certain intermediate node v and contain respectively that (subclass among the lv → rv-1) is associated and is arranged in the 3rd horizontal axis of the coordinate points on the horizontal axis with the degree of comprising that from left to right increases with being included in set, with be associated with certain intermediate node v and contain respectively that (subclass among the lv+1 ← rv) is associated and is arranged in the 4th horizontal axis of the coordinate points on the horizontal axis with the degree of comprising that increases from right to left with being included in set, place each on the right side of the coordinate points that is positioned at the 3rd horizontal axis right-hand member be positioned at two interim coordinate points on the left side of coordinate points of the second and the 4th horizontal axis left end, the coordinate points that will be positioned at the first horizontal axis right-hand member is arranged to the first interim coordinate points and the second interim coordinate points is placed on the right of the first interim coordinate points, generate as follows respectively and set (1 → n-1), set (2 ← n), ((directed graph that lv ← rv-1) is relevant: given integer k is set, and n is satisfied in calculating for lv+1 → rv) and set in set ^(x-1)/k＜(rv-lv+1)≤n ^X/kInteger x and among integer i=0～x-1 each, be n by coupling length ^I/kOne or more directed edge to the right, be formed on the directed walk that tail is arranged on the most left coordinate points on the first and the 3rd horizontal axis, be n by coupling length ^I/kOne or more directed edge left, be formed on the directed walk that tail is arranged on the rightest coordinate points on the second and the 4th horizontal axis, eliminating has tail or all directed edges of head is arranged on the interim coordinate points on each root of first to the 4th horizontal axis, and get rid of other directed edge except the longest directed edge the directed edge of each coordinate points on arriving first to the 4th horizontal axis, with by will have on the first interim coordinate points on first horizontal axis length of head be that 1 directed edge adds with set and (in 1 → n-1) the relevant directed graph, generates and gather (1 → n) relevant directed graph.

Further, terminal unit can comprise decryption portion, is used for using set secret key decryption encrypted content or encrypted content key.

Further, the key generating portion can in response to about with directed graph in the input of intermediate key t (S) of the corresponding subclass S of certain coordinate points, output with corresponding to the corresponding set key of the subclass S of this coordinate points k (S) and with the corresponding subclass S1 of coordinate points, S2 on the head of the directed edge that tail is arranged on the coordinate points S ..., intermediate key t (S1), the t (S2) of Sk ..., t (Sk).

Further, when the subclass of the leaf node 1～n that sets is defined by Si, and at the set of the terminal unit of the content of having determined to allow deciphering to use set key or content key encryption (N R), determined satisfied set (N R)={ S1 ∪ S2 ∪ ... the m of ∪ Sm} subclass S1～Sm, constitute under the situation of information of subclass S1～Sm of set (N R) with the information that receives indication set (N R) or indication, terminal unit can comprise the judgement part, be used for judging according to reception information whether terminal unit belongs to the some of subclass S1～Sm, and judge whether allow the enabling decryption of encrypted content according to result of determination.

Further, when judging that terminal unit belongs to subclass S1～Sm some, decryption portion can use with terminal unit under the corresponding set secret key decryption of subclass in content key perhaps.

Further, in order to solve top problem, according to another aspect of the present invention, provide the information processing method that comprises the steps: the directed graph obtaining step, be used for obtaining by at the directed graph of forming by many directed edges, stay the central longer directed edge of many directed edges that constitutes interim directed graph and the directed graph that generates; Generate step with key, be used for generating the set key of encryption or decryption content or content key according to the directed graph that obtains by the directed graph obtaining step.

Further, in order to solve top problem, according to another aspect of the present invention, provide the information processing method of handling interim directed graph, interim directed graph is for given integer k, according to satisfying n ^(x-1)/k＜(rv-lv+1)≤n ^X/kNatural number x, spread length is n on first to the 4th horizontal axis ^I/k(i=0,1, ..., x-1) many directed edges form, at n leaf node by assigned number 1～n (n is a natural number), in root node and the binary tree that a plurality of intermediate nodes different with root node and leaf node are formed, wherein, in a plurality of leaf nodes lower than certain intermediate node v or certain root node v, the number that is assigned to the leaf node that is positioned at left end is defined as lv, and the number that will be assigned to the leaf node that is positioned at right-hand member is defined as rv, for natural number i and j (i≤j), suppose to gather (i → j) be expressed as { { i}, { i, i+1}, ..., { i, i+1, .., j-1, j}}, and will gather (i ← j) be expressed as { { j}, { j, j-1}, ..., { j, j-1, ..., i+1, i}}, be provided with and be associated with root node and contain respectively that (subclass in 1 → n) is associated and is arranged in first horizontal axis of the coordinate points on the horizontal axis with the degree of comprising of from left to right increase with being included in set, be provided with and be associated with root node and contain respectively that (subclass in 2 ← n) is associated and is arranged in second horizontal axis of the coordinate points on the horizontal axis with the degree of comprising of increase from right to left with being included in set, for each intermediate node, be provided with and be associated with certain intermediate node v and contain respectively that (subclass among the lv → rv-1) is associated and is arranged in the 3rd horizontal axis of the coordinate points on the horizontal axis with the degree of comprising of from left to right increase with being included in set, and be provided with and be associated with certain intermediate node v and contain respectively that (subclass among the lv+1 ← rv) is associated and is arranged in the 4th horizontal axis of the coordinate points on the horizontal axis with the degree of comprising of increase from right to left with being included in set, comprise interim directed graph obtaining step with this information processing method, be used to obtain interim directed graph; Directed graph generates step, is used for generating directed graph by staying the longer directed edge in the middle of many directed edges that constitute the interim directed graph that interim directed graph acquisition unit branch obtains; Generate step with key, be used for generating the set key of encrypted content or content key according to directed graph.

Further, in order to solve top problem, according to another aspect of the present invention, the information processing method that comprises the steps is provided: tree structure is provided with step, is used for n the leaf node of configuration by assigned number 1～n (n is a natural number), the binary tree that root node and a plurality of intermediate nodes different with root node and leaf node are formed is for natural number i and j (i≤j), to gather (i → j) be defined as { { i}, { i, i+1}, ..., i, i+1 ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, { j, j-1}, ..., { j, j-1, ..., i+1, i}} and in a plurality of leaf nodes lower than certain intermediate node v or certain root node v, the number that is assigned to the leaf node that is positioned at left end is arranged to lv, and the number that will be assigned to the leaf node that is positioned at right-hand member is arranged to rv; Reference axis is provided with step, be used for being provided with and be associated with root node and contain respectively that (1 → n) subclass is associated and is arranged in first horizontal axis of the coordinate points on the horizontal axis with the degree of comprising of from left to right increase with being included in set, be associated with root node and contain respectively that (subclass in 2 ← n) is associated and is arranged in second horizontal axis of the coordinate points on the horizontal axis with the degree of comprising that increases from right to left with being included in set, for each intermediate node, be associated with certain intermediate node v and contain respectively that (subclass among the lv → rv-1) is associated and is arranged in the 3rd horizontal axis of the coordinate points on the horizontal axis with the degree of comprising that from left to right increases with being included in set, with be associated with certain intermediate node v and contain respectively that (subclass among the lv+1 ← rv) is associated and is arranged in the 4th horizontal axis of the coordinate points on the horizontal axis with the degree of comprising that increases from right to left with being included in set, place each on the right side of the coordinate points that is positioned at the 3rd horizontal axis right-hand member be positioned at two interim coordinate points on the left side of coordinate points of the second and the 4th horizontal axis left end, and the coordinate points that will be positioned at the first horizontal axis right-hand member is arranged to the first interim coordinate points and the second interim coordinate points is placed on the right of the first interim coordinate points; Generate step with directed graph, be used for generating as follows respectively with set (1 → n-1), set (2 ← n), ((directed graph that lv ← rv-1) is relevant: given integer k is set, and n is satisfied in calculating for lv+1 → rv) and set in set ^(x-1)/k＜(rv-lv+1)≤n ^X/kInteger x and among integer i=0～x-1 each, be n by coupling length ^I/kOne or more directed edge to the right, be formed on the directed walk that tail is arranged on the most left coordinate points on the first and the 3rd horizontal axis, be n by coupling length ^I/kOne or more directed edge left, be formed on the directed walk that tail is arranged on the rightest coordinate points on the second and the 4th horizontal axis, eliminating has tail or all directed edges of head is arranged on the interim coordinate points on each root of first to the 4th horizontal axis, and get rid of other directed edge except the longest directed edge the directed edge of each coordinate points on arriving first to the 4th horizontal axis, with by will have on the first interim coordinate points on first horizontal axis length of head be that 1 directed edge adds with set and (in 1 → n-1) the relevant directed graph, generates and gather (1 → n) relevant directed graph.

Further, in order to solve top problem, according to another aspect of the present invention, provide the key generation method that comprises the steps: key generates step, is used for generating according to directed graph the set key of decryption content or content key.Directed graph generates as follows: configuration is by n the leaf node of assigned number 1～n (n is a natural number), the binary tree that root node and a plurality of intermediate nodes different with root node and leaf node are formed, for natural number i and j (i≤j), to gather (i → j) be defined as { { i}, { i, i+1}, ..., { i, i+1, ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, { j, j-1}, ..., { j, j-1, ..., i+1, i}}, with in a plurality of leaf nodes lower than certain intermediate node v or certain root node v, the number that is assigned to the leaf node that is positioned at left end is arranged to lv, and the number that will be assigned to the leaf node that is positioned at right-hand member is arranged to rv, be provided with and be associated with root node and contain respectively that (subclass in 1 → n) is associated and is arranged in first horizontal axis of the coordinate points on the horizontal axis with the degree of comprising of from left to right increase with being included in set, be associated with root node and contain respectively that (subclass in 2 ← n) is associated and is arranged in second horizontal axis of the coordinate points on the horizontal axis with the degree of comprising that increases from right to left with being included in set, for each intermediate node, be associated with certain intermediate node v and contain respectively that (subclass among the lv → rv-1) is associated and is arranged in the 3rd horizontal axis of the coordinate points on the horizontal axis with the degree of comprising that from left to right increases with being included in set, with be associated with certain intermediate node v and contain respectively that (subclass among the lv+1 ← rv) is associated and is arranged in the 4th horizontal axis of the coordinate points on the horizontal axis with the degree of comprising that increases from right to left with being included in set, place each on the right side of the coordinate points that is positioned at the 3rd horizontal axis right-hand member be positioned at two interim coordinate points on the left side of coordinate points of the second and the 4th horizontal axis left end, the coordinate points that will be positioned at the first horizontal axis right-hand member is arranged to the first interim coordinate points and the second interim coordinate points is placed on the right of the first interim coordinate points, generate as follows respectively and set (1 → n-1), set (2 ← n), ((directed graph that lv ← rv-1) is relevant: given integer k is set, and n is satisfied in calculating for lv+1 → rv) and set in set ^(x-1)/k＜(rv-lv+1)≤n ^X/kInteger x and among integer i=0～x-1 each, be n by coupling length ^I/kOne or more directed edge to the right, be formed on the directed walk that tail is arranged on the most left coordinate points on the first and the 3rd horizontal axis, be n by coupling length ^I/kOne or more directed edge left, be formed on the directed walk that tail is arranged on the rightest coordinate points on the second and the 4th horizontal axis, eliminating has tail or all directed edges of head is arranged on the interim coordinate points on each root of first to the 4th horizontal axis, and get rid of other directed edge except the longest directed edge the directed edge of each coordinate points on arriving first to the 4th horizontal axis, with by will have on the first interim coordinate points on first horizontal axis length of head be that 1 directed edge adds with set and (in 1 → n-1) the relevant directed graph, generates and gather (1 → n) relevant directed graph.

Further, in order to solve top problem, according to another aspect of the present invention, provide and made the following functional programs of computer realization: tree structure is provided with function, is used for n the leaf node of configuration by assigned number 1～n (n is a natural number), the binary tree that root node and a plurality of intermediate nodes different with root node and leaf node are formed is for natural number i and j (i≤j), to gather (i → j) be defined as { { i}, { i, i+1}, ..., i, i+1 ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, { j, j-1}, ..., { j, j-1, ..., i+1, i}} and in a plurality of leaf nodes lower than certain intermediate node v or certain root node v, the number that is assigned to the leaf node that is positioned at left end is arranged to lv, and the number that will be assigned to the leaf node that is positioned at right-hand member is arranged to rv; Reference axis is provided with function, be used for being provided with and be associated with root node and contain respectively that (1 → n) subclass is associated and is arranged in first horizontal axis of the coordinate points on the horizontal axis with the degree of comprising of from left to right increase with being included in set, be associated with root node and contain respectively that (subclass in 2 ← n) is associated and is arranged in second horizontal axis of the coordinate points on the horizontal axis with the degree of comprising that increases from right to left with being included in set, for each intermediate node, be associated with certain intermediate node v and contain respectively that (subclass among the lv → rv-1) is associated and is arranged in the 3rd horizontal axis of the coordinate points on the horizontal axis with the degree of comprising that from left to right increases with being included in set, with be associated with certain intermediate node v and contain respectively that (subclass among the lv+1 ← rv) is associated and is arranged in the 4th horizontal axis of the coordinate points on the horizontal axis with the degree of comprising that increases from right to left with being included in set, place each on the right side of the coordinate points that is positioned at the 3rd horizontal axis right-hand member be positioned at two interim coordinate points on the left side of coordinate points of the second and the 4th horizontal axis left end, and the coordinate points that will be positioned at the first horizontal axis right-hand member is arranged to the first interim coordinate points and the second interim coordinate points is placed on the right of the first interim coordinate points; With the directed graph systematic function, be used for generating as follows respectively with set (1 → n-1), set (2 ← n), ((directed graph that lv ← rv-1) is relevant: given integer k is set, and n is satisfied in calculating for lv+1 → rv) and set in set ^(x-1)/k＜(rv-lv+1)≤n ^X/kInteger x and among integer i=0～x-1 each, be n by coupling length ^I/kOne or more directed edge to the right, be formed on the directed walk that tail is arranged on the most left coordinate points on the first and the 3rd horizontal axis, be n by coupling length ^I/kOne or more directed edge left, be formed on the directed walk that tail is arranged on the rightest coordinate points on the second and the 4th horizontal axis, eliminating has tail or all directed edges of head is arranged on the interim coordinate points on each root of first to the 4th horizontal axis, and get rid of other directed edge except the longest directed edge the directed edge of each coordinate points on arriving first to the 4th horizontal axis, with by will have on the first interim coordinate points on first horizontal axis length of head be that 1 directed edge adds with set and (in 1 → n-1) the relevant directed graph, generates and gather (1 → n) relevant directed graph.

Further, in order to solve top problem, according to another aspect of the present invention, provide to make the following functional programs of computer realization: the key systematic function is used for the set key according to directed graph generation decryption content or content key.Directed graph generates as follows: configuration is by n the leaf node of assigned number 1～n (n is a natural number), the binary tree that root node and a plurality of intermediate nodes different with root node and leaf node are formed, for natural number i and j (i≤j), to gather (i → j) be defined as { { i}, { i, i+1}, ..., { i, i+1, ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, { j, j-1}, ..., { j, j-1, ..., i+1, i}}, with in a plurality of leaf nodes lower than certain intermediate node v or certain root node v, the number that is assigned to the leaf node that is positioned at left end is arranged to lv, and the number that will be assigned to the leaf node that is positioned at right-hand member is arranged to rv, be provided with and be associated with root node and contain respectively that (subclass in 1 → n) is associated and is arranged in first horizontal axis of the coordinate points on the horizontal axis with the degree of comprising of from left to right increase with being included in set, be associated with root node and contain respectively that (subclass in 2 ← n) is associated and is arranged in second horizontal axis of the coordinate points on the horizontal axis with the degree of comprising that increases from right to left with being included in set, for each intermediate node, be associated with certain intermediate node v and contain respectively that (subclass among the lv → rv-1) is associated and is arranged in the 3rd horizontal axis of the coordinate points on the horizontal axis with the degree of comprising that from left to right increases with being included in set, with be associated with certain intermediate node v and contain respectively that (subclass among the lv+1 ← rv) is associated and is arranged in the 4th horizontal axis of the coordinate points on the horizontal axis with the degree of comprising that increases from right to left with being included in set, place each on the right side of the coordinate points that is positioned at the 3rd horizontal axis right-hand member be positioned at two interim coordinate points on the left side of coordinate points of the second and the 4th horizontal axis left end, the coordinate points that will be positioned at the first horizontal axis right-hand member is arranged to the first interim coordinate points and the second interim coordinate points is placed on the right of the first interim coordinate points, generate as follows respectively and set (1 → n-1), set (2 ← n), ((directed graph that lv ← rv-1) is relevant: given integer k is set, and n is satisfied in calculating for lv+1 → rv) and set in set ^(x-1)/k＜(rv-lv+1)≤n ^X/kInteger x and among integer i=0～x-1 each, be n by coupling length ^I/kOne or more directed edge to the right, be formed on the directed walk that tail is arranged on the most left coordinate points on the first and the 3rd horizontal axis, be n by coupling length ^I/kOne or more directed edge left, be formed on the directed walk that tail is arranged on the rightest coordinate points on the second and the 4th horizontal axis, eliminating has tail or all directed edges of head is arranged on the interim coordinate points on each root of first to the 4th horizontal axis, and get rid of other directed edge except the longest directed edge the directed edge of each coordinate points on arriving first to the 4th horizontal axis, with by will have on the first interim coordinate points on first horizontal axis length of head be that 1 directed edge adds with set and (in 1 → n-1) the relevant directed graph, generates and gather (1 → n) relevant directed graph.

Advantage of the present invention

As mentioned above, according to the present invention, can reduce the quantity and the required amount of calculation of decrypt encrypted data of the key that the terminal unit on the receiving terminal will preserve.

Description of drawings

Fig. 1 is the key diagram that illustrates according to the encryption key distribution system of one embodiment of the invention;

Fig. 2 is the calcspar that illustrates according to the hardware configuration of the key distribution server of this embodiment and terminal unit;

Fig. 3 is the key diagram that illustrates according to the binary tree structure of basic scheme;

Fig. 4 is the key diagram that illustrates according to the directed graph of basic scheme;

Fig. 5 is the flow chart that illustrates according to the directed graph computational methods of basic scheme;

Fig. 6 is the flow chart that illustrates according to the content key distribution method of basic scheme;

Fig. 7 is the flow chart that illustrates according to the set key generation method of basic scheme;

Fig. 8 is the calcspar that illustrates according to the functional configuration of the key distribution server of first embodiment of the invention and terminal unit;

Fig. 9 is the key diagram that illustrates according to the whole tree structure of the binary tree of this embodiment;

Figure 10 is the key diagram that illustrates according to the directed graph of this embodiment;

Figure 11 illustrates the key diagram that the directed graph of the directed edge between the subtree is set according to this embodiment;

Figure 12 is the flow chart that illustrates according to the content key distribution method of this embodiment;

Figure 13 illustrates basic scheme and according to the comparison diagram of the comparison between the cipher key distribution scheme of this embodiment;

Figure 14 is the key diagram that illustrates according to a kind of application of the encryption key distribution system of this embodiment;

Figure 15 is the key diagram that illustrates according to a kind of application of the encryption key distribution system of this embodiment;

Figure 16 is the calcspar that illustrates according to the configuration of the information process unit of second embodiment of the invention and terminal unit;

Figure 17 is the flow chart that illustrates according to the oriented drawing generating method of this embodiment;

Figure 18 is the key diagram that an example of the directed graph (k=6) according to this embodiment is shown; With

Figure 19 is the key diagram that an example of the directed graph (k=3) according to this embodiment is shown.

Label declaration

5 networks

10 key distribution servers

20 terminal equipments

100 encryption key distribution systems

102 tree structures are provided with part

104 reference axis are provided with part

106 directed edges are provided with part

Directed edge is provided with part between 108 subtrees

110 directed graph generating portions

112 initial intermediate key are provided with part

114 key generating portions

116 encryption sections

118 translator units

120 subclass determining sections

124 receiving units

126 judge part

128 key generating portions

130 decryption portion

202 controllers

204 processing units

206 input/output interfaces

208 safe storage parts

210 main memory portion

212 network interfaces

216 media interfaces

218 information mediums

154 tree structures are provided with part

156 reference axis are provided with part

160 directed graph generating portions

162 initial intermediate key are provided with part

164 key generating portions

166 encryption sections

168 translator units

170 subclass determining sections

174 receiving units

176 judge part

178 key generating portions

180 decryption portion

Preferred implementation

Hereinafter, describe embodiments of the invention with reference to the accompanying drawings in detail.Notice that in this specification and accompanying drawing, the element that has identical function and configuration is basically represented with same numeral, and the repetitive description thereof will be omitted.

[configuration of encryption key distribution system 100]

Configuration according to the encryption key distribution system 100 of one embodiment of the invention is hereinafter described.Fig. 1 is the key diagram that illustrates according to the configuration of the encryption key distribution system 100 of this embodiment.

With reference to Fig. 1, encryption key distribution system 100 comprises key distribution server 10, a plurality of terminal units 20 that a plurality of user has respectively and the network 5 that is connected key distribution server 10 and terminal unit 20 that is configured to according to an example of the information process unit of this embodiment.

Network 5 is to connect key distribution server 10 and terminal unit 20, so that allow the communication network of two-way communication or one-way communication.For example, network 5 is by wired or wireless, the common network such as internet, telephone line network, satellite communication network and broadcast channel, the formations such as leased line network such as WAN (wide area network), LAN (local area network (LAN)), IP-VPN (Internet Protocol-VPN (virtual private network)) and WLAN.

Key distribution server 10 is made of computer unit with server capability etc., and it can be sent to external unit with various types of information by network 5.For example, key distribution server 10 can generate encryption key with broadcast encryption scheme, and gives terminal unit 20 with encryption key distribution.Further, be furnished with as the function that provides such as the content distributing server of the content distribution service of video distribution service and electronic music distribution services according to the key distribution server 10 of this embodiment, it can be distributed to content terminal unit 20.Certainly, key distribution server 10 and content distributing server can be configured to separate unit.

For example, content can be such as the video content of being made up of moving image such as video, TV programme, video frequency program and chart or rest image, any content-data of audio content, game content, document content, software etc. such as music, speech and radio programming.Video content not only can comprise video data, and can comprise voice data.

Terminal unit 20 is can be by the information process unit of network 5 with the external unit data communication, and it is had by each user.Although terminal unit 20 is made of the computer unit (notebook type or desk-top) such as shown in the figure personal computer (hereinafter referred to as " PC "), but be not limited to this, it can be by the formations such as family expenses information appliance, television broadcasting tuner or decoder such as PDA (personal digital assistant), home video game machine, DVD/HDD (digital versatile disc/hard disk drive) register and television set, as long as it has the communication function by network 5.Further, terminal unit 20 can be such as portable video game player, cellular phone, portable video/audio player, PDA and PHS (personal handhold telephone system is commonly called as Personal Handyphone System) etc., the carry-on portable set of user.

Terminal unit 20 can receive various types of information from key distribution server 10.For example, terminal unit 20 can receive from the content of key distribution server 10 distributions.In the content distribution, key distribution server 10 can be encrypted various types of electronic data and distribute them.For example, key distribution server 10 can generate the content key of encrypted content and distribute it.Content key can be used, for example, and the expressions such as random number (pseudo random number), given character string or sequence that pseudorandom number generator generates.When using content key, key distribution server 10 can pass through given encryption logic encrypted content.Further, key distribution server 10 can be distributed to any terminal unit 20 with content key or with the corresponding decruption key of content key.On the other hand, terminal unit 20 can use the content key that receives from key distribution server 10 or with the corresponding decruption key enabling decryption of encrypted of content key content.

The pseudorandom number generator that is used to generate content key is can be by the given seed output of the input long unit or the program of pseudo-random number sequence at interval, the general logic realization of using such as linear congruential method or its Saite rotation (Mersenne Twister) method of horse.The pseudorandom number generator that can be applicable to this embodiment is not limited to this certainly, and can use other logic to generate pseudo random number, and perhaps, it can be the unit or the program that can generate the pseudo-random number sequence that comprises specific information or condition.

Further, according to the key distribution server 10 of this embodiment not only encrypted content but also encrypted content key, and distribute them.Really, encryption and distributing contents have guaranteed lsafety level to a certain degree.But in order to deal with adding or the deletion that permission in the middle of a large number of users has user's (hereinafter referred to as " permitted user ") of the authority of using content neatly, encrypted content key and the method for distributing it are more favourable.Under these circumstances, in this embodiment, key distribution server 10 at first generates a plurality of set keys of encryption and decryption content key.As describing in detail later, a plurality of set keys are associated with a plurality of subclass of the permitted user of extracting from a large number of users respectively.Specifically, key distribution server 10 uses the set secret key encryption content key that the set of being arranged to have only permitted user just can decrypted content keys, and encrypted content key is distributed to all users' terminal unit 20.In this configuration, the terminal unit 20 that has only permitted user just can the enabling decryption of encrypted content key, uses content key enabling decryption of encrypted content then, thereby content can be seen.Under the situation that the set of permitted user changes, key distribution server 10 can be dealt with this variation by the set key that change is used for encrypted content key.In order to set up top encryption key distribution logic, be necessary configuring cipher key Distributor 10 etc., so that realize with the generation of gathering key and distribute relevant algorithm.

Hereinafter, exemplary hardware configuration according to key distribution server 10 and the terminal unit 20 of this embodiment is at first described.Secondly, describe with according to the relevant basic fundamental of the encryption key distribution logic of this embodiment.The 3rd, describe in detail according to the configuration of the key distribution server 10 of this embodiment and terminal unit 20 and specifically describe aspect configuration and the effect and the difference of basic fundamental.At last, description is according to the application of the encryption key distribution system of this embodiment.

[hardware configuration of key distribution server 10 and terminal unit 20]

Hereinafter, at first with reference to Fig. 2, the exemplary hardware configuration according to key distribution server 10 and the terminal unit 20 of this embodiment is described.Fig. 2 shows the example that can realize according to the hardware configuration of the function of the key distribution server 10 of this embodiment and terminal unit 20.

Key distribution server 10 and terminal unit 20 comprise, for example, and controller 202, processing unit 204, input/output interface 206, safe storage part 208, main memory portion 210, network interface 212 and media interface 216.

(controller 202)

Controller 202 is connected with other element by bus, and it is mainly used in according to being stored in program in the main memory portion 210 and each part of DCU data control unit.Controller 202 can be made of the processing unit such as CPU (CPU).

(processing unit 204 (key distribution server 10))

The processing unit 204 that is included in the key distribution server 10 can carry out, and for example, the generation of the encryption of content, the encryption of content key, set key and being used to generates the derivation of the intermediate key of set key.Therefore, processing unit 204 can play to generate according to given data (seed etc.) pseudorandom number generator of pseudo random number, and according to given algorithm encrypted content or content key.Given algorithm can be stored in the main memory portion 210 as the readable program of processing unit 204.Further, can be in main memory portion 210 or safe storage part 208 with given information stores.The output outcome record that processing unit 204 can be handled execution above is in main memory portion 210 or safe storage part 208.Processing unit 204 can be made of the processing unit such as CPU, or combines formation with above-mentioned controller 202.

(processing unit 204 (terminal unit 20))

On the other hand, the processing unit 204 that is included in the terminal unit 20 can carry out, and for example, the generation of the deciphering of content, the deciphering of content key, set key and being used to generates the generation of the intermediate key of set key.Therefore, processing unit 204 can play to generate according to given data (seed etc.) pseudorandom number generator of pseudo random number, and according to given algorithm decryption content or content key.Given algorithm can be stored in the main memory portion 210 as the readable program of processing unit 204.Further, can be in main memory portion 210 or safe storage part 208 with given information stores.The output outcome record that processing unit 204 can be handled execution above is in main memory portion 210 or safe storage part 208.Processing unit 204 can be made of the processing unit such as CPU, or combines formation with above-mentioned controller 202.

(input/output interface 206)

Input/output interface 206 mainly is connected with input equipment and the result of output content or the output equipment of description of user's input information.For example, input equipment can be keyboard, mouse, tracking ball, pointer, key plate, touch pad etc., and it can be via wireless or be wiredly connected to input/output interface 206.In some cases, input equipment can be the electronics such as cellular phone or PDA (personal digital assistant) via wired or wireless connection.On the other hand, output equipment can be, for example, such as the display unit of display, such as audio output apparatus of loud speaker etc., it can be via the wired or wireless input/output interface 206 that is connected to.Input-output apparatus can be built in key distribution server 10 or the terminal unit 20 or with them and combine.

Input/output interface 206 is connected with other element by bus, so that it can be sent to main memory portion 210 etc. with the information via input/output interface 206 inputs.On the contrary, input/output interface 206 can will be stored in information in main memory portion 210 grades, output to output equipment via the information of inputs such as the network interface 212 or result by handling those information acquisitions in processing unit 204 etc.

(safe storage part 208)

Safe storage part 208 is mainly stored safely such as content key, set key and intermediate key, is necessary the information of hiding.Safe storage part 208 can by, for example, such as the magnetic cell of hard disk, formation such as optical storage unit, magneto-optic memory cell, semiconductor memory cell such as CD.Further, safe storage part 208 can by, for example, the tamperproof memory cell constitutes.

(main memory portion 210)

For example, main memory portion 210 can store the encipheror, enabling decryption of encrypted content, content key etc. of the control program, encrypted content, content key etc. of other element of control decrypted program, generate the key generator of set key or intermediate key etc.Further, main memory portion 210 can be temporarily or is for good and all stored from the result of calculation of processing unit 204 outputs, or storage is from the information of inputs such as input/output interface 206, network interface 212, media interface 216.Main memory portion 210 can by, for example, such as the magnetic cell of hard disk, formation such as optical storage unit, magneto-optic memory cell, semiconductor memory cell such as CD.Further, safe storage part 208 can combine formation with safe storage part 208.

(network interface 212)

Network interface 212 with, for example, connections such as another communication unit on the network 5, it is to transmit and receive, for example, such as the information of encrypted content or content key, set key and intermediate key, with the interface arrangement of encrypting relevant parameter information and the information relevant with the set of permitted user.Network interface 212 is connected with other element by bus, so that can transmit the information that the external unit from the network 5 receives to other element, or the external unit on network 5 transmits the information that other element is preserved.

(media interface 216)

Media interface 216 is the interfaces that read on the information medium 218 with writing information by be attached to interchangeablely, and it is connected with other element by bus.For example, media interface 216 can read information from appended information medium 218, and it is sent to other element, perhaps, and in the information writing information medium 218 with other element supply.For example, information medium 218 can be such as CD, disk and semiconductor memory portable storage media (interchangeable storage medium), in relative short distance via the medium of information terminal wired or wireless rather than that be connected by network 5 etc.

The example that can realize according to the hardware configuration of the function of the key distribution server 10 of this embodiment and terminal unit 20 has above been described.In the top element each can use common hardware to constitute, or can be made of the hardware of the function that is exclusively used in each element.Thereby, when realizing this embodiment, can change hardware configuration so that suitably used according to technical merit.Further, above-mentioned hardware configuration only is an example, is not limited to this certainly.For example, controller 202 and processing unit 204 can be made of and safe storage part 208 and main memory portion 210 can be made of same memory cell the same treatment unit.Further, decide on using, the configuration of removing media interface 216, input/output interface 206 etc. also is feasible.Hereinafter, the encryption key distribution scheme that key distribution server 10 by having above-mentioned hardware configuration and terminal unit 20 are realized will be described in detail.

[according to the encryption key distribution scheme of basic fundamental]

Before the detailed description that provides according to the encryption key distribution scheme of this embodiment, the technical problem that forms the basis of realizing this embodiment will be described hereinafter.By improving basic fundamental as described below, this embodiment is configured to have prior advantage.Therefore, be the feature of this embodiment with improving relevant technology.Therefore, should be noted that although this embodiment follows the basic design of technical problem hereinafter described, the marrow of this embodiment should merge in the improvement part, configuration is obviously different, also has notable difference with basic fundamental aspect advantage.

To be called basic scheme according to the encryption key distribution scheme of hereinafter described basic fundamental.This basic scheme will be divided into a plurality of subclass to the set of the user's of its distributing contents terminal unit, then the set secret key encryption content key by being assigned to each subclass and distribute it.This basic scheme provides to solve and has relevantly selected which subclass, how to generate the set key and the problem of distribution set key how, so that a kind of means of the required amount of calculation of quantity, each user's generating solution decryption key of the traffic of minimizing encryption key distribution, decruption key that each user will preserve etc.Hereinafter this basic scheme is described with reference to Fig. 3～7.

(setting of tree structure)

In this basic scheme, the set of distributing the terminal unit (user) of target as content is considered to be divided into a plurality of subclass.Hereinafter the mode that is divided into subclass according to this basic scheme is described with reference to Fig. 3.Although it is a kind of incessantly certainly to be divided into the mode of subclass, in this basic scheme, uses and use binary tree to be divided into the mode of subclass.Say that schematically this basic scheme is assigned to each node that forms binary tree with given subclass after the position relation of having considered between the node, thereby, as describing in detail later, synthetically select user's subclass with given combination.The special case of the binary tree that the advantage of system of selection can be by as shown in Figure 3 obtains clearer understanding like this.Hereinafter the method that makes up binary tree is described with reference to Fig. 3.

At first, will be as follows with the sets definition in being described below.

The set N={1 of-all terminal units (user), 2 .., n} (n is 2 power)

For natural number i and j (i≤j):

-[i，j]＝{i，i+1，i+2，...，j}，

-(i→i)＝(i←i)＝{{i}}，

-(i→j)＝{{i}，{i，i+1}，...，{i，i+1，...，j}}

＝{[i，i]，[i，i+1]，[i，i+2]，...，[i，j]}

-(i←j)＝{[j}，{j，j-1}，...，{j，j-1，...，i}}

＝{[j，j]，[j-1，j]，[j-2，j]，...，[i，j]}。

Hereinafter, the node that will be positioned at binary tree (BT) bottom is called leaf node, and the node that will be positioned at the top is called root node, and will be called intermediate node at the node between root node and the leaf node.Leaf node is corresponding to each terminal unit.Further, for convenience of description, suppose that hereinafter terminal unit and user are one to one, and in some cases, " terminal unit " that is associated with leaf node indicated with word " user ".The quantity that Fig. 3 shows the leaf node of BT is the example of n=64.

At first, be that the mode of n (=64) is created BT with the quantity of leaf node.Then, begin to turn right with

number

1,2 from left end ..., n is assigned to each leaf node.

Then, the index lv and the rv of the subclass that will be assigned to certain intermediate node v regulated in definition.In the middle of than the low leaf node of certain intermediate node v, the number that is assigned to lobus sinister node is defined as lv, and the number that will be assigned to lobus dexter node is defined as rv.Notice that v can be the sequence number that is assigned to each intermediate node.Therefore, intermediate node v indication index is the intermediate node of the BT of v.

Then, the intermediate node of BT defines by they being categorized into two set.In the middle of the intermediate node of BT, the sets definition that will be positioned at the intermediate node in father node left side becomes BTL, and the sets definition that will be positioned at the intermediate node on father node right side becomes BTR.Set membership indication BT as referred to herein goes up the hierarchical relational of the node that connects, and refer to father node and be positioned at the upper strata, and child node is positioned at the relation of lower floor.

The subclass of user's set that further, will be associated with each leaf node is associated with the root node of BT.At first, will gather (1 → n) and set (2 ← n) are associated with root node.Because the lower floor at root node is connecting all leaf nodes, so root node is represented by the set that synthetically or selectively comprises those leaf nodes.Specifically, will gather (1 → 64) and the set (2 ← 64) be associated with the root node of Fig. 3.For example, consider set (1 → 64).Set (1 → 64) comprise subclass [1,1] as its element, [1,2] ..., [1,64].For example, in order to represent all users (leaf node), can use subclass [1,64], it is included in wherein as the element of set (1 → 64).Further, in order to represent all other users except number is 16 user, can use subclass [1,15] and [17,64], they are respectively as set (1 → 64) with gather (2 ← 64) and be included in wherein.Like this, can represent to be positioned at the combination of the leaf node (user) of root node lower floor by the subclass of the set that is associated.

Then, the subclass with the user is associated with the intermediate node of BT.At first, will gather (lv+1 ← rv) be associated with the intermediate node v that belongs to above-mentioned set B TL.On the other hand, will gather (lv → rv-1) be associated with the intermediate node v that belongs to above-mentioned set B TR.Certainly, those set are associated with all intermediate node v of BT.With reference to Fig. 3, near those set of indication each intermediate node.For example, about with the intermediate node that is associated of set (2 ← 4), exists respectively with set (2 ← 2) and gather two intermediate nodes that (3 → 3) are associated in the lower floor of intermediate node, and number is that 1～4 leaf node further is connected with them.When expression except number be 3 that except the combination of those leaf nodes the time, can be by one group of subclass { [1,1] [2,2], [4,4] } or { [1,2], [4,4] } expression.Though subclass [1,1] and [1,2] are the elements of the set (1 → 64) that is associated with root node, subclass [2,2] and [4,4] are respectively the elements of set (2 ← 2) and (2 ← 4).

Like this, this basic scheme uses binary tree BT to define the subclass of user's set.This method can be represented user's subclass with various combinations.The complete or collected works that are made of those subclass are called aggregation system (set system) Φ, and are defined as following expression formula (1).Therefore, the binary tree by top method structure has been represented on following expression formula (1) mathematics ground.

[expression formula 1]

Φ = \underset{v &Element; BTL}{\cup} (lv + 1 &LeftArrow; rv) \cup \underset{v &Element; BTR}{\cup} (lv &RightArrow; rv - 1) \cup (1 &RightArrow; n) \cup (2 &LeftArrow; n) \cdot \cdot \cdot (1)

The method of the binary tree of configuration adjustment subclass has above been described.The basic design of this basic scheme is the set key that each subclass is provided with encrypted content key, uses each set secret key encryption content key, and it is distributed to all users.By defining subclass as described above, a kind of means of sorted users combination have been regulated at least.Hereinafter, will the algorithm that use those subclass to generate the set key be described.

(oriented map generalization)

Hereinafter the method that representative generates the directed graph of the algorithm of gathering key that generates is described with reference to Fig. 4.But, before this, hereinafter at first describe the set key of encrypted content key and generate relation between the intermediate key of set key.

As sketching above, this basic scheme is used for generating the set key with specific pseudo-random number generator PRSG (pseudo-random sequence generator).When input when the corresponding intermediate key t of certain subclass S0 (S0), PRSG output and the corresponding set key of subclass S0 k (S0) and with about subclass S1, the S2 of subclass S0 ..., the corresponding intermediate key t of Sk (S1), t (S2) ..., t (Sk).S set 0 and S1, S2 ..., yes constitutes subclass some of aggregation system Φ for Sk.Therefore, PRSG is the key generation unit.The feature of this basic scheme is the logic of regulating the relation between the input and output of PRSG.Hereinafter describe to regulate S set 0 and S set 1, S2 ..., the directed graph of the relation between the Sk.

The symbol definition that will be used for following description is as follows:

-with the corresponding intermediate key of subclass Si: t (Si)

-with the corresponding set key of subclass Si: k (Si)

-content key: mek

-pseudorandom number generator: PRSG

(noticing that the input of t (S0) is expressed as PRSG (t (S0)))

On the other hand, will be expressed as from the output of PRSG

t(S1)||...||t(Sk)||k(S0)←PRSG(t(S0))

-directed graph: H

(notice that (the corresponding directed graph of i ← j) is expressed as H (i ← j)) with set

-directed edge: E

-directed walk: V

At first, determine parameter k (k is a natural number).For simplicity, hypothesis is k|log (n) (hereinafter, the truth of a matter of log is 2) in this example.Because parameter k finally influences the quantity and the required amount of calculation of generation set key of the intermediate key of terminal unit 20 preservations, so should suitably be provided with according to situation.In Fig. 4, for example, k=6 is set.

Then, the ad hoc fashion of drawing directed graph is hereinafter described.At first, by illustration (the lv → rv-1) with the corresponding directed graph H of intermediate node v that belongs to BTR is described.

(S1) be provided with and make up the directed graph H (horizontal axis of lv → rv-1).On horizontal axis, (the subclass Si of the element of lv → rv-1) is designated as coordinate points will to form set.The subclass Si that forms coordinate points arranges in the from left to right increasing mode of degree of comprising.For example, directed graph H (5 → 7)=H ({ [5,5], [5,6], [5,7] }) is got example of work, reference axis contains three coordinate points that begin to have specified successively subclass [5,5], [5,6], [5,7] from the left side.

If on first horizontal axis to the right the vertical line at the starting point place of directed graph H be x, the then intersection point of directed graph H and vertical line y representative [x, y], and if on second horizontal axis left the vertical line at the starting point place of directed graph H be z, the then intersection point of directed graph H and vertical line y representative [y, z].

After this, will be placed on the left side of coordinate points the most left on the reference axis as the interim coordinate points of starting point, and be arranged to starting point, and will be placed on the right side of coordinate points the rightest on the reference axis, and be arranged to terminal point as the interim coordinate points of terminal point.In the reference axis that is provided with like this, the length L v from the interim coordinate points (starting point) of left end to the interim coordinate points (terminal point) of right-hand member is Lv=rv-lv+1.

(S2) be provided with and make up the directed graph H (directed edge of lv → rv-1).

(S2-1) n is satisfied in calculating ^(x-1)/k＜Lv≤n ^X/kInteger x.Integer x satisfies 1≤x≤k.

(S2-2) carry out following operation by changing from 0 to x-1 counting i.From the starting point of horizontal axis left end, repeat to be provided with and extend to and this coordinate points n of being separated by ^I/k(directed edge to the right of the coordinate points of i=0～x-1) (jumps to and this coordinate points n of being separated by ^I/kCoordinate points), arrive the terminal point of horizontal axis right-hand member or the head overstep of end point of the next directed edge that is provided with up to the head of directed edge.

(S3) deletion afterbody or head all directed edges on interim coordinate points.

(S4) if there are many directed edges that arrive certain coordinate points, then only stay the longest directed edge, and deletion all other directed edges except that the longest directed edge.

Step on carried out (S1)～(S4) afterwards, directed graph H (lv → rv-1) just finished.For example, with reference to the 3rd layer of directed graph H (33 → 63) that is positioned at the right side that as an example the top from Fig. 4 is counted, the essence of directed graph H (33 → 63) is by as ogive curve and the line group that is connected with an end of ogive curve and forms along the directed edge of the straight line of horizontal direction extension.Further, curve and the straight line of formation directed graph H (33 → 63) are directed edges.The end points and the intersection point between the vertical line of directed edge are coordinate points.Although be not clearly shown that horizontal axis in Fig. 4, horizontal axis is made up of one group of intersection point between the end points of vertical line and directed edge.Further, on directed graph H (33 → 63), described hollow arrow, the direction of its indication directed edge.Specifically, its indication form directed graph H (33 → 63) all directed edges all to the right.

So that (mode that lv → rv-1) is identical, the directed graph H that is associated with the intermediate node v that belongs to BTL is set, and (lv+1 ← rv) and the directed graph H that is associated with root node (1 → n) and H (2 ← n) with directed graph H.Notice that ((during 2 ← n) reference axis, the mode increasing from right to left with degree of comprising is arranged in subclass Si on the horizontal axis, so that the direction of directed edge left for lv+1 ← rv) and H when directed graph H is set.Further, (generate directed graph H (1 → n) in 1 → n-1) by directed edge E ([1, n-1], [1, n]) being added directed graph H.On the other hand, by (method of lv+1 ← rv) identical is provided with directed graph H (2 ← n) with directed graph H.

Hereinafter the directed graph H (1 → 64) of Fig. 4 is got and make an example supplemental instruction is provided.At first, in the horizontal axis of directed graph H (1 → 64), the most left coordinate points (with the intersection point of vertical line 1) be [1,1]=1}, and right adjacent coordinate points (with the intersection point of vertical line 2) be [1,2]=1,2}, and further right adjacent coordinate points be [1,3]=1,2,3}.Further, just in time each above the directed graph or below arrow indication form the direction of all directed edges of directed graph H.For example, directed graph H (1 → 64) contains from coordinate points [1,1] to the directed edge of [1,2] and extends to two directed edges of [1,3] and [1,4] from coordinate points [1,2].Further, the bullet that is depicted in Fig. 4 bottom begin from the left side to indicate respectively directed graph H (2 → 2), H (3 → 3) ..., H (63 → 63).

The method of configuration directed graph H has above been described.Fig. 4 shows by draw result with intermediate node and the corresponding directed graph H of root node of BT of said method.This example is the situation of n=64 and k=6.The logic of using directed graph H to generate the set key is hereinafter described.

(generation of set key)

As previously mentioned, this basic scheme is used set key k (Si) the encrypted content key mek that is assigned to each the subclass Si that constitutes top aggregation system Φ and is distributed it.Therefore, each coordinate points of above-mentioned directed graph H is corresponding to the subclass Si that is made up of one or more users, and will gather key k (Si) and be assigned to it.Further, intermediate key t (Si) also is assigned to each above-mentioned subclass Si, and is used for generating set key k (Si).

By the way, because the number of repetition in the processing of step (S2-2) is x when above-mentioned directed graph H generates, 1≤x≤k wherein is so k bar directed edge is derived from each coordinate points of directed graph H at most.As the subclass of the coordinate points of the destination that is derived from of certain coordinate points (subclass S0) or a more than directed edge by with certain coordinate points near order (by the length order of directed edge) be respectively S1, S2 ..., Sk.Note, if be derived from the quantity of the directed edge of coordinate points (subclass S0) be q (q＜k), with Sq+1, Sq+2 ..., Sk is used as dummy argument and treats, and in fact do not use them.

This basic scheme is used λ position input of response and is exported the above-mentioned PRSG of (k+1) λ position output.If input and the corresponding intermediate node t of certain coordinate points (subclass S0) (S0), then coordinate points on the head of the directed edge on certain coordinate points of PRSG output and afterbody (subclass S1, S2 ..., Sk) corresponding intermediate key t (S1), t (S2) ..., the set key k (S0) of t (Sk) and subclass S0.Therefore, t (S1) || ... || t (Sk) || k (S0) ← PRSG (t (S0)).By the output of PRSG being delimited into each all from λ of left side position, obtain intermediate key t (S1), t (S2) ..., t (Sk) and gather key k (S0).

For example, with reference to the directed graph H (1 → 64) of Fig. 4 with pay close attention to coordinate points (subclass S0)=[1,8] (the 8th coordinate points of counting from left end), article four, directed edge is derived from coordinate points S0, and their head is at S1=[1,9], S2=[1,10], S3=[1,12] and S4=[1,16] on.Therefore, if, can obtain k (S0), t (S1), t (S2), t (S3) and t (S4) with among intermediate key t (S0) the input PRSG.Further, if, then can obtain and S11=[1 with among t (S4) the input PRSG that obtains, 17], S12=[1,18], S13=[1,20], S14=[1,24] and S15=[1,32] corresponding k (S4) and t (S11), t (S12), t (S13), t (S14) and t (S15).Like this, can calculate a plurality of set key k (Si) by reusing PRSG.

From top example, can easily infer,, can derive and corresponding intermediate key of the accessible coordinate points of oriented side chain and set key from extending corresponding to the coordinate points of certain intermediate key by reusing PRSG for certain intermediate key.So each user only need preserve minimum the intermediate key that can derive and comprise this user's corresponding all intermediate key of subclass.On the other hand, if preserving at least with the initial coordinate of each directed graph H, the key distribution server of the set key of generation encrypted content key puts corresponding intermediate key, then, can derive and the corresponding set key of other coordinate points of directed graph by using PRSG to repeat to handle.

Therefore, in case set up key distribution system, just at the initial coordinate point (root) of each the directed graph H in the key distribution server, for example λ position random number is arranged to intermediate key to the manager of key distribution system.The initial coordinate point (root) of directed graph H is that directed edge is derived from but the coordinate points that do not have directed edge to arrive.For example, the initial coordinate point of the directed graph H (1 → 64) among Fig. 4 is the coordinate points [1,1] of horizontal axis left end.

Intermediate key is used to improve the purpose of fail safe.Reduce the treating capacity that the set key generates and not special requirement is paid close attention under the situation of fail safe at needs, it is feasible not using intermediate key ground directly to calculate another set key from certain set key.For example, in last example, the output during with the set key k (S0) of subclass S0 input PRSG can be k (S1), k (S2), k (S3) and the k (S4) as the set key of each subclass S1～S4.

The method that generates the set key has been described above.The key that above-mentioned set key generation method not only is used in the content key transmission end generates in the server, and is used in the terminal unit of receiving terminal.

(distribution of intermediate key)

The distribution of the terminal unit of intermediate key from the key distribution server to each user is hereinafter described.As sketching previously, be necessary to derive the terminal unit that offers each user with a plurality of intermediate key of the corresponding set key of all subclass of the terminal unit that comprises the user.Certainly, should avoid providing the intermediate key of the corresponding set key of subclass that can derive with the terminal unit that does not comprise the user, best, with regard to the efficient of memory capacity, make the minimum number of the intermediate key that provides.

In view of the above, the distributor of intermediate key extracts subclass under the terminal unit contain user u (hereinafter be also referred to as " subclass under the user u " or " subclass that comprises user u) all directed graph H as an element.Then, if user u is included in the corresponding subclass of initial coordinate point (root) with directed graph H, distributor only will be put the terminal unit that corresponding intermediate key offers user u with initial coordinate.On the other hand, if user u belongs to and corresponding certain subclass of coordinate points that is different from the initial coordinate point of directed graph H, distributor is found out such subclass S0, be that user u is included among the subclass S0, but be not included among the subset p arent (S0) as the father and mother of subclass S0, and the intermediate key t (S0) of subclass S0 offered the terminal unit of user u.In other words, if in directed graph H, exist different with initial coordinate point and with the corresponding a plurality of coordinate points of the subclass that comprises user u, distributor extracts such coordinate points S0 from those coordinate points, be that user u is not included in and arrives among the corresponding subset p arent of afterbody (S0) corresponding to the directed edge of the coordinate points of subclass S0, and the intermediate key t (S0) of coordinate points (S0) offered the terminal unit of user u.If there are a plurality of such coordinate points S0, provide the intermediate key t (S0) of each coordinate points.The set membership of coordinate points determines that by directed edge the coordinate points of directed edge afterbody is as the father and mother of head coordinate points, and the coordinate points of directed edge head is as the children of afterbody coordinate points.Hereinafter, the coordinate points parent (S0) that arrives on the afterbody of directed edge of certain coordinate points S0 is called father's coordinate points.If certain coordinate points S0 is the starting point of directed graph H, then there is not father's coordinate points, and, then only has father's coordinate points if not the starting point of directed graph H.In some cases, in a directed graph H, may have a plurality of such coordinate points, promptly user u is included in the corresponding with it subclass, but user u is not included in the corresponding subclass of father's coordinate points with it.

Hereinafter specifically describe the distribution method of intermediate key with reference to the example of Fig. 4.

(example 1) considers to be distributed to user 1 intermediate key.At first, contain subclass under the user 1 as the result of the directed graph H of element, only find directed graph H (1 → 64) as search.User 1 belongs to the subclass [1,1] as the initial coordinate point of directed graph H (1 → 64).Therefore, only intermediate key t ([1,1]) is offered user 1.

(example 2) considers to be distributed to user 3 intermediate key.At first, contain subclass under the user 3 as the result of the directed graph H of element, find directed graph H (1 → 64), H (2 ← 64), H (2 ← 32), H (2 ← 16), H (2 ← 8), H (2 ← 4) and H (3 ← 3) as search.Observe directed graph H (1 → 64), user 3 does not belong to the subclass [1,1] on the initial coordinate point, but belong to the 3rd and subsequently the subclass [1,3] on the coordinate points, [1,4] ..., [1,64].In the middle of those coordinate points, father's coordinate points does not comprise that user 3 coordinate points has only [1,3] and [1,4].Specifically, user 3 is not included in the coordinate points [1,2] as father's coordinate points parent ([1,3]) that comprises user 3 coordinate points [1,3] and [1,4] and parent ([1,4]).Therefore, t ([1,3]) and t ([1,4]) are offered user's 3 conducts and the corresponding intermediate key of directed graph H (1 → 64).Equally, select corresponding intermediate key and provide it to user 3 for other directed graph H (2 ← 64), H (2 ← 32), H (2 ← 16), H (2 ← 8), H (2 ← 4) and H (3 ← 3).Therefore, eight intermediate key offer user 3 altogether.

Below with reference to Fig. 5 short summary processing till the terminal unit that intermediate key is distributed to each user once.Fig. 5 illustrates the flow chart that is based upon the handling process of distribution intermediate key in the key distribution server according to system.

As shown in Figure 5, the key distribution server of key distribution system at first is provided with parameter etc.For example, the key distribution server is determined number of users n, set key and the figure place λ of intermediate key, the pseudo random number generating algorithm of given parameter k, PRSG etc., and to all users' terminal unit announce they (S102).Then, the key distribution server is divided into given subclass with user's set, determine then and announce with and the aggregation system Φ (referring to top expression formula (1)) of set representations (S104).Then, the directed edge T (S106) of directed graph H and each directed graph of formation H is determined and announced to the key distribution server.Further, the key distribution server is determined and the corresponding intermediate key of each subclass (S108) that constitutes aggregation system Φ.After this, the key distribution server is distributed the terminal unit 20 of necessary intermediate key to each user, so that each user can derive and the corresponding set key of subclass (S110) that comprises the user.

The distribution method of intermediate key has above been described.If the distribution method above using, the terminal unit of then distributing each permitted user generates minimum required intermediate key of set key, thereby can reduce the memory capacity of intermediate key in the traffic between key distribution server and the terminal unit and each user's the terminal unit.

(distribution of content key)

The method of key distribution server distribution of encrypted content key mek is hereinafter described.At first, the key distribution server uses the set secret key encryption content key mek that can only be generated by the terminal unit 20 of permitted user.Specifically, the set R of the definite user's that will get rid of of key distribution server (hereinafter referred to as " getting rid of the user ") terminal unit, set R (hereinafter referred to as " getting rid of user's set (R) ") by from the set N of terminal unit 1～n of all users, excluding the terminal unit of getting rid of the user then, determine permitted user terminal unit set N R (hereinafter referred to as " set of permitted user (N R) ").Then, use the subclass Si that from the subclass that constitutes aggregation system Φ, selects (i=1,2 ..., m) and set (N the R)=S1 ∪ S2 ∪ of set representations permitted user ... ∪ Sm.Although there are a large amount of combinations of subclass Si, select the subclass Si of the value minimum of m.After selecting subclass Si by this way, the key distribution server uses and each subclass Si corresponding set key k (Si) encrypted content key mek.Specifically, content key mek gathered key k (S1), k (S2) ..., k (Sm) encrypts, and becomes m encrypted content key mek.Then, m encrypted content key mek is distributed to terminal unit 1～n of all users.At this moment, also will indicate the distribution of information of the information of set (N R) of permitted user or m subclass Si of indication to terminal unit 1～n of all users.

Below with reference to Fig. 6 short summary handling process of distribution of encrypted content key mek once.Fig. 6 is the flow chart that the handling process of distributing contents key is shown.

As shown in Figure 6, the key distribution server at first determine to be got rid of user's set (R), and the user's that secures permission set (N R) (S112).Then, the key distribution server so that the mode of the value minimum of m from the subclass that constitutes aggregation system Φ, select to contain the union of N R m subclass Si (i=1,2 ..., m) (S114).Then, the key distribution server uses respectively and the corresponding set key of selected subclass Si k (Si) encrypted content key mek (S116).Further, the key distribution server will be indicated the information of the set (N R) of permitted user or each subclass Si and terminal unit 1～n (S118) that m encrypted content key mek is distributed to all users.

Encryption method and the distribution method of content key mek have above been described.If the encryption method above using just can be selected subclass Si effectively, be that minimum necessity is individual so that make the quantity of set key.Because from then on use minimum necessity set secret key encryption content key mek, encrypt required amount of calculation so can save, and reduced the quantity of the encrypted content key that will distribute, thereby reduced the traffic.

(deciphering of content key)

The decryption processing of encrypted content key in each user's the terminal unit is hereinafter described.Decryption processing is such, and terminal unit obtains content key mek according to the set (N R) of the indication permitted user that receives from the key distribution server or information and m ciphertext of m subclass Si.

Terminal unit receives the information of the encrypted content key and the set (N R) of indication permitted user or the information of m subclass Si of indication from the key distribution server.Further, terminal unit is analyzed this information, and judges whether it belongs to the some of m subclass Si.If terminal unit does not belong to certain subclass, it just finishes decryption processing, because it is a terminal unit of getting rid of the user.On the other hand, if terminal unit is found out the subclass Si under it, it just uses above-mentioned PRSG to derive and the corresponding set key of subclass Si k (Si).The configuration of PRSG as hereinbefore.

In this step, if will offer terminal unit from the key distribution server with the corresponding intermediate key t of top subclass Si (Si) in advance when setting up in system, and preserve it in advance, then by will deriving and the corresponding set key of top subclass Si k (Si) among intermediate key t (Si) the input PRSG.On the other hand, if terminal unit is not preserved relevant intermediate key t (Si), terminal unit can be by repeatedly will deriving desired set key k (Si) among the intermediate key input PRSG that preserve.Further, terminal unit uses set key k (Si) the enabling decryption of encrypted content key mek that derives like this.

Specifically describe the derivation of above-mentioned set key k (Si) in the terminal unit below with reference to the example of Fig. 4.In user 3 terminal unit, suppose that " 1,8 " are chosen as its affiliated subclass.As mentioned above, the intermediate key of the in store subclass of user 3 terminal unit [1,4].With reference to the directed graph H (1 → 64) of Fig. 4, the directed edge that extends to coordinate points [1,8] from coordinate points [1,4] is set, in the middle of the directed edge on the coordinate points [1,4], this directed edge has the 3rd short length (skip distance) at afterbody.Therefore, in the middle of the output when the intermediate key t ([1,4]) with subclass [1,4] imports PRSG, the 3rd a λ bit position of counting from the top is the intermediate key t ([1,8]) of subclass [1,8].Terminal unit extracts intermediate key t ([1,8]) from the output of PRSG, once more it is imported among the PRSG, and extract a last λ bit position, thereby obtain desired set key k ([1,8]).

Equally, in user 1 terminal unit, suppose that " 1,8 " is chosen as its affiliated subclass.The intermediate key of the in store subclass of user 1 terminal unit [1,1].Under these circumstances, terminal unit 20 can be by from subclass [1,1] intermediate key t ([1, the λ bit position that extraction is counted from the top in the middle of the output when 1]) importing PRSG is (corresponding to intermediate key t ([1,2])), then from intermediate key t ([1, the 2nd λ bit position that extraction is counted from the top in the middle of the output when 2]) importing PRSG is (corresponding to intermediate key t ([1,4])), further from intermediate key t ([1,4]) extract the 3rd λ bit position (corresponding to intermediate key t ([1,8])) counted from the top and in the middle of the output of input during PRSG at last from intermediate key t ([1, extract decline in the middle of the output when 8]) importing PRSG (corresponding to set key k ([1,8])), obtain desired set key k ([1,8]).

Sum up the handling process of enabling decryption of encrypted content key mek in each user's terminal unit below with reference to Fig. 7.Fig. 7 is the flow chart that the key that is illustrated in decrypted content keys in each user's the terminal unit generates handling process.

As shown in Figure 7, each user's terminal unit at first from the key distribution server receive m encrypted content key mek and indication permitted user set (N R) information or indicate m subclass Si (i=1,2 ..., m) information (S120).Then, terminal unit is according to the subclass Si (S122) of this information search under it, and judges whether it belongs to m subclass Si some (step S124).

As a result, if terminal unit is found out the subclass Si under it, above it just uses PRSG derive with the corresponding set key of subclass Si k (Si) (S126).The configuration of PRSG as hereinbefore.If the key distribution server will offer terminal unit with the corresponding intermediate key t of subclass Si (Si) in advance when setting up, and preserve it, then it just can derive set key k (Si) by using PRSG once.On the other hand, if terminal unit is not preserved relevant intermediate key t (Si), it can derive desired set key k (Si) by repeatedly using PRSG.After this, terminal unit uses set key k (Si) the enabling decryption of encrypted content key mek (S128) that derives like this.

On the other hand, if terminal unit judges that in step S124 it does not belong to the some of subclass Si, then terminal unit shows and output: " it is excluded outside the terminal unit that allows accessed content (that is, it is to get rid of the user) " (S130) and finishes the decryption processing of content key.

The decryption method of content key in the terminal unit has above been described.Above decrypt scheme be to use the PRSG that generates intermediate key and gather key and according to the information and executing of relevant directed graph H.Therefore, information and the PRSG about directed graph also is absolutely necessary in each user's terminal unit.But, use the method for PRSG can make the minimum number of the intermediate key that each user's terminal unit will preserve.

Encryption key distribution scheme according to the basic fundamental of this embodiment has above been described.By using basic scheme, the quantity of the intermediate key that each user's terminal unit will be preserved is that O (k*log (n)) and the required amount of calculation (number of operations of PRSG) of generation set key are no more than (2k-1) * (n ^1/k-1).But, shown in Figure 13 as hereinafter described (A), have the still very big problem of quantity of the intermediate key that each user's terminal unit will preserve according to the encryption key distribution scheme of basic fundamental.

Further, the decisive factor of the required amount of calculation of terminal unit depends on the number of times that moves PRSG in order to derive desired intermediate key during enabling decryption of encrypted content key mek.Worst-case value with among the directed graph H from initial coordinate point (root) to quantity (that is the number of skips) expression of the directed edge of last coordinate points (leaf that does not have directed edge to be derived from) farthest.In example as shown in Figure 4, for the initial coordinate point [1,1] from directed graph H (1 → 64) arrives last coordinate points [1,64], be necessary to pass 11 directed edges (carrying out 11 times jumps), this means operation PRSG nearly 11 times.Therefore, exist the number of run of PRSG a lot, therefore, derive another very big problem of amount of calculation of intermediate key according to the encryption key distribution scheme of basic fundamental.

＜the first embodiment 〉

The present inventor has carried out extensive studies in order to solve top problem, has developed the encryption key distribution scheme according to the embodiment of the invention (first embodiment) as described below.To represent the big binary tree BT of all users' terminal unit to be divided into a plurality of little basic subtrees according to the encryption key distribution scheme of this embodiment, creating hierarchy, and the key deriving method of top basic scheme is used for each basic subtree and directed edge between the basic subtree is set.The quantity that can either reduce the intermediate key that terminal unit 20 preserves like this can reduce the amount of calculation in the terminal unit 20 again.Hereinafter, key distribution server 10 and the functional configuration of terminal unit 20 and the feature and advantage of this encryption key distribution scheme that realize according to the encryption key distribution scheme of this embodiment will be described in detail.

[configuration of key distribution server 10]

Hereinafter with reference to the functional configuration of Fig. 8 detailed description according to the key distribution server 10 of this embodiment.Fig. 8 is the calcspar that illustrates according to the functional configuration of the key distribution server 10 of this embodiment and terminal unit 20.

As shown in Figure 8, key distribution server 10 comprises that tree structure is provided with part 102, reference axis and part 104, directed edge are set are provided with that directed edge is provided with part 108 between part 106, subtree, initial intermediate key is provided with part 112, key generating portion 114, encryption section 116, translator unit 118 and subclass determining section 120.Reference axis is provided with part 104, directed edge and directed edge is set between part 106 and subtree part 108 is set constitutes the directed graph generating portions.Further, tree structure is provided with part 102 and directed graph generating portion 110 and is referred to as the key formation logic and makes up piece.Equally, initial intermediate key is provided with part 112 and key generating portion 114 and is referred to as key and generates piece.

Hereinafter describe and constitute the element that the key formation logic makes up piece.The key formation logic make up piece carry out with above-mentioned [description of basic fundamental] in (setting of tree structure) and (oriented map generalization) corresponding processing.

(tree structure is provided with part 102)

Tree structure is provided with part 102 and is divided into a plurality of basic subtrees and disposes y layer hierarchy by containing the whole tree BT that specifies with n the leaf node of the individual terminal unit 20 corresponding number 1～n (n is a natural number) of n (n is 2 power).Like this, the feature of this embodiment is to be provided with at tree structure to dispose the tree structure that separates into basic subtree in the part 102.Although for convenience of description, the total n of terminal unit 20 is described as 2 power, but is not limited to such example, for example, if the sum of terminal unit 20 is not 2 power, can dispose the whole tree that contains above n (n is 2 power) leaf node of the sum of terminal unit 20.

The parameter in being used in foregoing basic fundamental, this embodiment also uses the parameter y of the number of plies of the whole tree of indication BT.Note, y|log (n), that is, y is the approximate number of log (n).Then, tree structure is provided with part 102 and uses and contain n ^1/yThe whole tree BT of the binary tree structure of all terminal units of the basic subtree layering representative of consumer of individual leaf node.

Whole tree BT has the binary tree BT (referring to Fig. 3) that is equivalent to foregoing basic fundamental, highly is the complete binary tree structure of log (n).Whole tree BT is by the n that is assigned to terminal unit 20 leaf node, at the root node on whole top of setting BT be different from root node and a plurality of intermediate key of leaf node are formed.On the other hand, to have highly be (the complete binary tree structure of (log (n))/y) to basic subtree.Basic subtree is by n ^1/yIndividual leaf node, at the root node on the top of basic subtree be different from root node and a plurality of intermediate key of leaf node are formed.

Tree structure is provided with part 102 and at first creates whole tree so that the quantity n of leaf node is greater than the sum of terminal unit 20, and from left end begin to turn right with

number

1,2 ..., n is assigned to each leaf node.

Further, tree structure is provided with part 102 top whole tree BT is divided into a plurality of basic subtrees, with formation y layer hierarchy, and makes up basic subtree by this way, even the root node of the basic subtree of lower floor is consistent with the leaf node of the subtree on upper strata, thereby make up whole tree BT.

Figure 9 illustrates the special case of such hierarchical tree structure.In the example of Fig. 9, the quantity of terminal unit 20 is arranged to n=64, and parameter y is arranged to y=2.As shown in Figure 9, whole tree BT (highly be 6 and the quantity of leaf node be 64) is divided into nine basic subtrees with Two-tier hierarchy (highly be 3 and the quantity of leaf node be 8).The quantity of the basic subtree on upper strata is 1, and the quantity of the basic subtree of lower floor is 8.The root node of the basic subtree on upper strata is identical with the root node of whole tree BT, and the quantity of the leaf node of the basic subtree on upper strata is 8, that is, a, b, c ..., h.Leaf node a, the b of the root node of the basic subtree of each of lower floor and the basic subtree on upper strata, c ..., the h unanimity, and the leaf node of each basic subtree of lower floor be as the part of the leaf node 1～64 of above-mentioned whole tree BT eight leaf nodes (for example, 1～8,9～16,17～24 ..., 57～64).

Like this, symbol among Fig. 9 " a, b, c ..., h " root node of the leaf node of basic subtree on indication upper strata and the basic subtree of lower floor, and indication is positioned at the set of leaf node of the lower floor of root node: Aa}, Ab}, Ac} ..., { Ah}.For example, " a " indication set the Aa}=

subclass

1,2 ..., 8}, and " b " indication set the Ab}=subclass 9 ..., 16}.

The leaf node of the basic subtree on the low layer corresponds respectively to terminal unit 20.Further, suppose in the following description, terminal unit 20 and user are one to one, and in some cases, indicate with word " user " with " terminal unit 20 " that leaf node 1～n (leaf node of the basic subtree of each on the bottom) of whole tree BT is associated.Although Fig. 9 shows the example that the quantity of the leaf node of BT is n=64 and y=2, be not limited to such example, the value of n can look like n=4 (=2 ²), 8 (=2 ³), 16 (=2 ⁴), 32 (=2 ⁵), 128 (=2 ⁷) ... like that, be any power of 2.Further, except the example of as shown in the figure y=2, divide layer parameter y also can be provided with arbitrarily, as long as it is the approximate number of log (n).

Further, tree structure is provided with part 102 after the position relation of having considered between the node, with the set and each node of forming the whole tree BT that as above constitute of combination with terminal unit 20 corresponding leaf node 1～n of user, that is, the root node and the leaf node of each basic subtree are associated.Like this, tree structure is provided with part 102 and also plays set associative part.Hereinafter describe the association of set in detail.

Will be as follows with set and symbol definition in the following description.

N: the set of all terminal units 20 (user) 1,2 ..., n};

Aw: be positioned at the set of the leaf node in the lower floor of node w of whole tree BT.Be that Aw only indicates those leaf nodes (that is the set of node w) under the situation (node w is the situation of the leaf node of the basic subtree on the bottom) of leaf node of whole tree BT at node w.Those leaf nodes are referred to as " belonging to the set of the leaf node of Aw ";

Pw: the leaf node that is positioned at the set leftmost side of the leaf node that belongs to Aw;

Qw: the leaf node that is positioned at the set rightmost side of the leaf node that belongs to Aw;

[pw，qw]：{pw，pw+1，pw+2，...qw-1，qw}；

v ^(-i): the leaf node that is positioned at locational each the basic subtree of left side i of certain leaf node v;

v ⁽⁺ⁱ⁾: the leaf node that is positioned at locational each the basic subtree of right side i of certain leaf node v;

About two leaf node u of basic subtree, v (v is on the right side of u):

Set (u → v)={ Au, Au ∪ Au ⁽⁺¹⁾..., Au ∪ ... ∪ Av}

＝{[pu，qu]，[pu，qu ⁽⁺¹⁾]，...，[pu，qv ^(-1)]，[pu，qv]}；

Set (u ← v): { Av, Av ∪ Av ⁽¹⁾..., Av ∪ ... ∪ Au}

Lv ': be positioned at the leaf node on the left end of a plurality of leaf nodes in the lower floor of node v (root node or intermediate node) of basic subtree;

Rv ': be positioned at the leaf node on the right-hand member of a plurality of leaf nodes in the lower floor of node v (root node or intermediate node) of basic subtree;

A: from the set of the root node of basic subtree, get rid of the set of the root node of whole tree;

BTL: be positioned at the set of the intermediate node of the basic subtree on the left side of father node;

BTR: be positioned at the set of the intermediate node of the basic subtree on the right side of father node;

Set membership as referred to herein is indicated the hierarchical relational of the node that connects on the basic subtree, refer to father node and be positioned at the upper strata, and child node is positioned at the relation of lower floor.

When using set as defined above and symbol, tree structure is provided with part 102 after the position relation of having considered between the node, with combination and the set of terminal unit 20 corresponding leaf node 1～n each node with the whole tree of the layering that as above constitutes BT, that is, the root node of each basic subtree and leaf node are associated.

Specifically, tree structure is provided with part 102 and will gathers (l _Root' → r _Root') and set (l _Root' ⁽⁺¹⁾← r _Root') be associated with the root node (corresponding to the root node of whole tree BT) of the basic subtree of top layer.In the example in Fig. 9, will gather that ((b ← h) is associated with the root node of the basic subtree on upper strata for a → h) and set.

Further, for the intermediate node of the basic subtree on different with the bottom layers, if the intermediate node v of each basic subtree is positioned at its father node left side, tree structure be provided with part 102 will gather (lv ' ⁽⁺¹⁾← rv ') is associated with intermediate node v; On the other hand, if be positioned at its father node right side, tree structure be provided with part 102 will gather (lv ' → rv ' ⁽¹⁾) be associated with intermediate node v.In the example of Fig. 9, will gather (b ← d), set (e → g), set (b ← b), set (c → c), set (f ← f) and gather that (g → g) is associated with six intermediate node v of the basic subtree on upper strata respectively.For example because symbol e, f and g indicate respectively subclass 30 ..., 40}, subclass 41 ..., 48} and subclass 49 ..., 56}, thus set (e → g) indicate those subclass Ae, Ae ∪ Af, Ae ∪ Af ∪ Ag}={{30 ..., 40}, 33 ..., 48}, 33 ..., the set of 56}}.

Like this, in this embodiment, subclass is not that the leaf node 1～n with whole tree is a unit, but is that unit is associated with the node of basic subtree with the leaf node a～h of the basic subtree on upper strata.Although the example of Fig. 9 is a Two-tier hierarchy, therefore the basic subtree that does not have the intermediate layer, if but hierarchy contain, for example, three layers or more multi-layered, then subclass is that unit is associated with the node of the basic subtree in intermediate layer with the leaf node of the basic subtree in intermediate layer.

Further, tree structure be provided with part 102 will gather (lv ' → rv ' ⁽¹⁾) and set (lv ' ⁽⁺¹⁾← rv ') is associated with the root node v of basic subtree on the layer that is different from top layer.In the example of Fig. 9, with root node a, the b of eight basic subtrees of two set and lower floor, c ..., among the h each is associated.For example, will gather (2 ← 8) and the set (1 → 7) be associated with root node a.Like this, two set are associated with each root node of basic subtree, and not only are associated with the root node of whole tree.

Further, if the intermediate node v of the basic subtree of each of bottom is positioned at its father node left side, tree structure be provided with part 102 will gather (lv ' ⁽⁺¹⁾← rv ') be associated with intermediate node v, and if be positioned at its father node right side, tree structure be provided with part 102 will gather (lv ' → rv ' ⁽¹⁾) be associated with intermediate node v.For example, each intermediate node that will gather the basic subtree on lower floor's left end of (2 ← 4), set (5 → 7) and set (2 → 2) etc. and Fig. 9 is associated.

As mentioned above, in encryption key distribution scheme, use the subclass of the binary tree BT definition user set that separates into a plurality of basic subtrees according to this embodiment.This method can be represented user's subclass with various combinations.The complete or collected works that are made up of those subclass are called aggregation system Ψ, and are defined as following expression formula (2).Therefore, the whole tree BT by the binary tree structure of top method structure has been represented on following expression formula (2) mathematics ground.

[expression formula 2]

Ψ = \underset{v &Element; BTL \cup A}{\cup} ({lv}^{'}^{(+ 1)} &LeftArrow; {rv}^{'}) \cup \underset{v &Element; BTR \cup A}{\cup} ({lv}^{'} &RightArrow; {rv}^{'}^{(- 1)}) \cup ({l_{root}}^{'} &RightArrow; {r_{root}}^{'}) \cup ({l_{root}}^{'}^{(+ 1)} &LeftArrow; {r_{root}}^{'}) \cdot \cdot \cdot (2)

The method of binary tree of subclass that part 102 configuration adjustment users' terminal unit 20 is set by the tree structure according to this embodiment has above been described.Basic design according to the encryption key distribution scheme of this embodiment is the set key that each subclass is provided with encrypted content key, uses each set secret key encryption content, and it is distributed to all users.By defining subclass as described above, a kind of means of sorted users combination have been regulated at least.Hereinafter, use the algorithm that those subclass are created directed graph and key is gathered in generation according to directed graph with describing.

Directed graph generating portion 110 is created to correspond respectively to tree structure the set (l that the node of the whole tree of the layering BT of part 102 configurations is associated is set _Root' → r _Root'), the set (lv ' → rv ' ⁽¹⁾), the set (l _Root' ⁽⁺¹⁾← r _Root') and set (lv ' ⁽⁺¹⁾← rv ') directed graph H '.Directed graph H ' by be arranged in order in the increasing mode of the degree of comprising of subclass be included in those set in the horizontal axis of the corresponding coordinate points of subclass form with the directed edge of coordinate points on being connected horizontal axis.

Directed graph generating portion 110 comprise that the reference axis of the horizontal axis that each directed graph H ' is set is provided with part 104, directed edge that the directed edge on the horizontal axis of each directed graph H ' is set is provided with part 106 and be provided with in addition with the corresponding directed graph H ' of different basic subtrees between the subtree of directed edge between directed edge part 108 is set.The parts of directed graph generating portion 110 are hereinafter described.

(reference axis is provided with part 104)

Reference axis is provided with part 104 and is provided with in the from left to right increasing mode of degree of comprising and arranges and be included in the set (l that is associated with the root node of the basic subtree of top layer _Root' → r _Root') in first horizontal axis (for example, the H ' among Figure 10 (a → h) reference axis) of the corresponding coordinate points of each subclass.Further, reference axis be provided with part 104 be provided with the from left to right increasing mode of degree of comprising arrange be included in the set that is associated with the intermediate node v of the root node v of the basic subtree of other layer except top layer or each basic subtree (lv ' → rv ' ⁽¹⁾) in first horizontal axis (for example, the H ' among Figure 10 (reference axis of e → g), H ' (1 → 7), H ' (5 → 7) etc.) of the corresponding coordinate points of each subclass.

Reference axis is provided with part 104 and further is provided with in the increasing from right to left mode of degree of comprising and arranges and be included in the set (l that is associated with the root node of the basic subtree of top layer _Root' ⁽⁺¹⁾← r _Root') in second horizontal axis (for example, the H ' among Figure 10 (b ← h) reference axis) of the corresponding coordinate points of each subclass.Further, reference axis be provided with part 104 be provided with the increasing from right to left mode of degree of comprising arrange be included in the set that is associated with the intermediate node v of the root node v of the basic subtree of other layer except top layer or each basic subtree (lv ' ⁽⁺¹⁾Second horizontal axis of the corresponding coordinate points of each subclass ← rv ') (for example, the H ' among Figure 10 (reference axis of b ← d), H ' (2 ← 8), H ' (2 ← 4) etc.).

As mentioned above, reference axis is provided with part 104 and is provided with and makes up the reference axis of the corresponding directed graph H ' of each node that the basic subtree of part 102 configurations is set with tree structure.First horizontal axis is a reference axis to the right, and second horizontal axis is a reference axis left.Because first and second horizontal axis are to be provided with at the root node of each basic subtree and intermediate node v, so be provided with several reference axis.

Further, reference axis is provided with part 104 two interim coordinate points also is set on the left end of each root and/or the right-hand member in first and second horizontal axis in addition altogether at least.In this embodiment, for example, on the left side of the left end coordinate points of first and second each root of horizontal axis and on the right side of right-hand member coordinate points an interim coordinate points is being set respectively in addition.Under these circumstances, the interim coordinate points that is arranged on the first horizontal axis left end is used as starting point when directed edge is set, and the interim coordinate points that is arranged on the first horizontal axis right-hand member is used as terminal point when directed edge is set.On the other hand, the interim coordinate points that is arranged on the second horizontal axis left end is used as terminal point when directed edge is set, and the interim coordinate points that is arranged on the second horizontal axis right-hand member is used as starting point when directed edge is set.The technology that interim coordinate points is set is not limited to top example, for example, at least two interim coordinate points can be set on one of the left end of first and second horizontal axis or right-hand member.

(directed edge is provided with part 106)

Directed edge is provided with part 106 to have in reference axis the function that the directed edge that forms directed graph I is set between the coordinate points that part 104 is provided with is set.

Specifically, directed edge is provided with part 106 given integer k (wherein, k|log (n at first is set ^1/y); So k is log (n ^1/y) approximate number), and calculate and to satisfy n ^(x-1)/k*y＜(rv '-lv '+1)≤n ^X/k*yInteger x.

Further, for the directed graph I with above-mentioned first horizontal axis, directed edge is provided with part 106 repeatedly to carry out beginning to extend to the n of being separated by from the interim coordinate points (starting point) of every first horizontal axis left end ^{I/ (k*y)}(the setting of the directed edge to the right of the coordinate points of i=0～x-1).Further, for the directed graph I with above-mentioned second horizontal axis, directed edge is provided with part 106 repeatedly to carry out beginning to extend to the n of being separated by from the interim coordinate points of every second horizontal axis right-hand member ^{I/ (k*y)}(the setting of the directed edge left of the coordinate points of i=0～x-1).

Then, for first and second horizontal axis, directed edge is provided with part 106 and gets rid of afterbodys or head and be positioned at all directed edges on the interim coordinate points on reference axis left end and the right-hand member at each.Further, directed edge is provided with other directed edge of getting rid of the directed edge of each coordinate points of part 106 on arriving first and second horizontal axis except the longest directed edge.Like this, directed edge is provided with part 106 and just is provided with as many directed edges that are connected the chain of coordinate points on the every horizontal axis of each the directed graph I that is associated with the root node of each basic subtree and intermediate node v.

Except the quantity of leaf node is n ^1/yOutside, it is identical with the technology that generates directed graph H according to aforesaid basic fundamental basically with the technology that directed edge is provided with part 106 generation directed graph I by the reference axis according to this embodiment part 104 to be set above.A special case is hereinafter described.As an example of the technology that generates directed graph I, the directed graph I (l that is associated with the root node (root node of whole tree BT) of the basic subtree of as shown in Figure 9 top layer will be described hereinafter _Root' → r _Root')=the directed graph I (example of a → h).

The same with aforesaid basic fundamental, by create with set (lv ' → rv ' ⁽¹⁾) (a → g) adds after this directed edge E ([a, g], [a, h]) and creates directed graph I as the figure to the right that is associated with root node (a → h) corresponding directed graph I then.Therefore, at first following establishment directed graph I (a → h).

(S10) at first, by reference axis part 104 is set configuration directed graph I (first horizontal axis of a → g) is set.On first horizontal axis, will (the subclass Si of the element of a → g) be designated as coordinate points as set.Arrange the subclass Si that forms coordinate points in the from left to right increasing mode of degree of comprising.For example, directed graph I (a → h)=H ([a, a], [a, b] ..., [a, g] }) in, reference axis contain begin from the left side successively specified subset [a, a], [a, b] ..., seven coordinate points of [a, g].After this, the left side that reference axis is provided with part 104 the most left coordinate points on reference axis is provided with the interim coordinate points as starting point, so as starting point and on reference axis the right side of the rightest coordinate points interim coordinate points as terminal point is set so that as terminal point.In the reference axis that is provided with like this, the length L v from the interim coordinate points (starting point) of left end to the interim coordinate points (terminal point) of right-hand member is Lv=rv '-lv '+1=h-a+1=8.

(S20) by directed edge part 106 being set is provided with and forms the directed graph I (directed edge of a → g).

(S20-1) n is satisfied in calculating ^(x-1)/k*y＜(h-a+1)≤n ^X/k*yInteger x.Integer x satisfies 1≤x≤k.

(S20-2) carry out following operation by changing from 0 to x-1 counting i.Since the starting point of the first horizontal axis left end (interim coordinate points), repeat setting and extend to and this coordinate points n of being separated by ^{I/ (k*y)}(directed edge to the right of the coordinate points of i=0～x-1) (jumps to and this coordinate points n of being separated by ^{I/ (k*y)}Coordinate points), arrive the terminal point (interim coordinate points) of horizontal axis right-hand member or the head overstep of end point of the next directed edge that is provided with up to the head of directed edge.

(S30) deletion afterbody or head all directed edges on the interim coordinate points on the first horizontal axis two ends.

(S40) if there are many directed edges that arrive certain coordinate points, then only stay the longest directed edge, and deletion all other directed edges except that the longest directed edge.

If the step (S10)～(S40) above having carried out, then directed graph H (a → g) just finished.(among a → g), finish directed graph H (a → h) by directed edge E ([a, g], [a, h]) being added directed graph H.For example, with reference to figure directed graph H (a → h) as shown in figure 10, be provided with and subclass [a, a] (shown in square frame " a "), subclass [a, b] (shown in square frame " b ") ..., the corresponding coordinate points of subclass [a, h] (shown in square frame " h ") and the straight line directed edge that is connected those coordinate points or the crooked directed edge of arch.Although be not represented for clarity horizontal axis in Figure 10, horizontal axis is made up of one group of intersection point between the end points of coordinate points and directed edge.Further, (described hollow arrow to the right above a → h), the direction of its indication directed edge at directed graph I.Specifically, its indication forms directed graph H (all directed edges of a → h) all to the right.Therefore, at directed graph H (among a → h), from subclass [a, a] coordinate points a begin to be provided with and arrive subclass [a, b] one of coordinate points b directed edge to the right, arrive subclass [a and begin to be provided with from the coordinate points b of subclass [a, b], c] coordinate points c and two of the coordinate points d of subclass [a, d] directed edges to the right.

So that (mode that a → g) is identical generates the directed graph I (l that is associated with the root node of the basic subtree of top layer with directed graph H _Root' ⁽⁺¹⁾← r _Root') and the directed graph I that is associated with the intermediate node of the root node of other basic subtree or basic subtree (lv ' → rv ' ⁽¹⁾) and directed graph I (lv ' ⁽⁺¹⁾← rv ').Note, when be provided with directed graph I (lv ' → rv ' ⁽¹⁾) and directed graph I (lv ' ⁽⁺¹⁾During ← rv ') reference axis, on second horizontal axis, arrange subclass Si, so that the direction that makes directed edge left in the increasing from right to left mode of degree of comprising.

So just generated directed graph I.Figure 10 represents the aggregation system Ψ as shown in Figure 9 that uses directed graph I.Figure 10 shows the situation of y=2 and k=3.

((b ← h) is the directed graph I that is associated with the root node of the basic subtree of top layer to directed graph I as shown in figure 10 for a → h) and I.Further, ((e → g) is that ((((g → g) is the directed graph I that is associated with lower floor's intermediate node of the basic subtree of top layer for f ← f) and I for c → c), I for b ← b), I for the directed graph I that is associated with the upper strata intermediate node of the basic subtree of top layer and directed graph I to directed graph I for b ← d) and I.

Further, directed graph I (1 → 7) and I (2 ← 8), directed graph I (9 → 15) and I (10 ← 16) ... and directed graph I (57 → 63) and I (58 ← 64) are the directed graph I that is associated with the root node v of eight basic subtrees of lower floor respectively.Directed graph I (2 ← 4), I (5 → 7) ..., I (58 ← 60), I (61 → 63) they are the directed graph I that is associated with the upper strata intermediate node v of eight basic subtrees of lower floor respectively.Further, with directed graph I (2 ← 2), the I (3 → 3) of a coordinate points (bullet) indication ..., I (62 ← 62), I (63 → 63) they are the directed graph I that is associated with the intermediate node v of lower floor of eight basic subtrees of lower floor respectively.

As shown in figure 10, by whole tree BT being divided and separates into a plurality of basic subtrees and generating corresponding with it directed graph I, the length of each directed graph I can be shortened, and the quantity and the length (number of times of jump and distance) of directed edge among each directed graph I can be reduced and shorten.Thereby, can reduce the quantity of the key that terminal unit 20 will preserve and the amount of calculation of terminal unit 20.

(directed edge is provided with part 108 between subtree)

Between subtree as shown in Figure 8 directed edge be provided with part 108 also in the whole tree of layering BT, be provided with in addition from the corresponding directed graph I of the basic subtree of lower floor to the directed edge of the corresponding directed graph I of basic subtree on upper strata.Specifically, between subtree directed edge be provided with part 108 be provided with from the corresponding directed graph I of the basic subtree of lower floor first coordinate points (for example, the subclass [1 of directed graph I (1 → 7) among Figure 11,7] coordinate points) to the corresponding directed graph I of the basic subtree on upper strata in second coordinate points (for example, the directed edge of directed graph I among Figure 11 (coordinate points of the subclass [a, a] of a → h)).The subclass of being represented by second coordinate points (for example, [a, a]) comprises and the corresponding subclass of first coordinate points (for example, [1,7]).

Figure 11 show the mode that has inclusion relation with subclass Si with the corresponding directed graph I of different basic subtrees between directed graph I under the situation of directed edge is set.

As shown in Figure 10 and Figure 11, with square frame " a " indication second coordinate points subclass [a, a]=1,2 ..., and 8} comprise

subclass

1,2 ..., 7} that is to say, subclass [a, a] is the superset of subclass [1,7].Therefore, between subtree directed edge be provided with part 108 also be provided with in addition from directed graph I (1 → 7) subclass [1,7] corresponding coordinate points (first coordinate points) to the directed graph I (directed edge of the corresponding coordinate points of subclass [a, a] (second coordinate points) among a → h).

Equally, between subtree directed edge be provided with part 108 also be provided with in addition from directed graph I (58 ← 64) subclass [64,58] corresponding coordinate points (first coordinate points) to the directed graph I (directed edge of the corresponding coordinate points of subclass [h, h] (second coordinate points) among the b ← h).Further, between subtree directed edge be provided with part 108 also be provided with in addition from directed graph I (26 ← 32) subclass [32,26] corresponding coordinate points (first coordinate points) to the directed graph I (subclass [d among the b ← d), d] directed edge of corresponding coordinate points (second coordinate points), and also be provided with in addition from directed graph I (33 → 39) subclass [33,39] corresponding coordinate points (first coordinate points) to the directed graph I (directed edge of the corresponding coordinate points of subclass [e, e] (second coordinate points) among the e → g).Further, between subtree directed edge be provided with part 108 also be provided with in addition from directed graph I (10 ← 16), I (17 → 23), I (42 ← 48), I (49 → 55) subclass [16,10], [17,23], [48,42], [49,55] corresponding coordinate points (first coordinate points) to comprise above directed graph I (10 ← 16), I (17 → 23), the subclass [b among I (42 ← 48), the I (49 → 55) of subclass, b], [c, c], [f, f], the directed edge of [g, g] corresponding coordinate points (second coordinate points).

Like this, by directed edge is set in addition, can further reduce the quantity of the intermediate key that terminal unit 20 will preserve between directed graph I.For example, by other setting from the subclass [1,7] of directed graph I (1 → 7) to directed graph I the (subclass [a of a → h), a] directed edge, number is the intermediate key that 1～7 terminal unit 20 need not to preserve subclass [a, a] etc., can be by the intermediate key (for example, intermediate key t ([1,7])) of input self preservation, derive eight subclass [a, a], [a, b] ..., [a, h] intermediate key t ([a, a]), t ([a, b]) ..., t ([a, h]).Thereby reduced the quantity of the intermediate key t (S) of those terminal units 20 preservations.Be added in the quantity that directed edge between other basic subtree also helps to reduce the intermediate key t (S) that terminal unit 20 preserves.

The parts of the key formation logic structure piece in the key distribution server 10 have above been described.With reference to Fig. 8, except the key formation logic made up piece, key distribution server 10 comprised that further comprising the key that initial intermediate key is provided with part 112 and key generating portion 114 generates piece, encryption section 116, translator unit 118 and subclass determining section 120.

(initial intermediate key is provided with part 112)

Initial intermediate key be provided with part 112 at corresponding each the directed graph I of each node of basic subtree, generate with the initial coordinate of directed graph I and put corresponding intermediate key.In containing the directed graph I of first horizontal axis to the right the initial coordinate point be positioned at left end coordinate points (for example, subclass [1 among the directed graph I (1 → 7), 1] coordinate points), and in containing the directed graph I of second horizontal axis left it be positioned at right-hand member coordinate points (for example, the coordinate points of subclass [64,64] among the directed graph I (58 ← 64)).Initial intermediate key is the intermediate key t (S) of initial coordinate point.If obtain initial intermediate key, can use, for example, pseudorandom number generator PRSG is according to deriving the intermediate key that is included in other coordinate points among the directed graph I successively with the corresponding directed graph I of initial intermediate key.Initial intermediate key is provided with part 112 and can uses pseudorandom number generator PRSG generation random number and random number is arranged to intermediate key, maybe given numerical value can be arranged to intermediate key.

(key generating portion 114)

The directed graph I that key generating portion 114 generates according to above-mentioned directed graph generating portion 110, for directed graph I in corresponding each the subclass Si of coordinate points generate the set key k (Si) of encrypted content key.Specifically, when the intermediate key t (S0) of the corresponding subclass S of certain coordinate points among input and the directed graph I, 114 outputs of key generating portion and the corresponding set key of subclass S0 k (S0) and with coordinate points corresponding subclass S1, the S2 of afterbody on the head of the directed edge on the coordinate points S ..., intermediate key t (S1), the t (S2) of Sk ..., t (Sk).Therefore, for certain the bar directed edge that forms directed graph I, in case the input and the corresponding given intermediate key t of afterbody indication coordinate points (S0) of directed edge, key generating portion 114 just output and the afterbody indication of this directed edge the corresponding set key of coordinate points k (S0) and extend with afterbody from this directed edge all at least k bar directed edge the corresponding intermediate key t of head (S1), t (S2) ..., t (Sk).

For example, key generating portion 114 is by forming according to the pseudorandom number generator (PRSG) of basic fundamental and the control section of control PRSG.As the PRSG of key generating portion 114, for example, can use λ position of response to import and export (k+1) λ position and export, so that generate the above-mentioned PRSG of set key k (Si).When input when the corresponding intermediate key t of certain coordinate points (subclass S0) (S0), coordinate points on the head of the directed edge on certain coordinate points of PRSG output and afterbody (subclass S1, S2 ..., Sk) corresponding intermediate key t (S1), t (S2) ..., the set key k (S0) of t (Sk) and subclass S0.Therefore, t (S1) || ... || t (Sk) || k (S0) ← PRSG (t (S0)).By the output of PRSG being delimited into each all from λ of left side position, obtain intermediate key t (S1), t (S2) ..., t (Sk) and gather key k (S0).

(encryption section 116)

Encryption section 116 uses set key k (Si) to be used for the content key mek of encrypted content.Although the quantity of content key mek is one, the quantity of set key k (Si) is identical with the quantity of the subclass Si that constitutes aggregation system Ψ.Encryption section 116 uses the corresponding set secret key encryption of the subclass content key of selecting with following subclass determining section 120 from all subclass that constitute aggregation system Ψ.Therefore, encryption section 116 generates the corresponding encrypted content key mek with each set key k (Si).Therefore, if the quantity of selected subclass is m, generate m encrypted content key mek.Alternately, encryption section 116 can encrypted content.For example, encryption section 116 can use content key mek encrypted content, maybe can use each set key k (Si) encrypted content.Using the configuration of set key k (Si) encrypted content is the alternative example of this embodiment.

(translator unit 118)

Translator unit 118 sends various types of information to each terminal unit 20 by network 5.For example, translator unit 118 uses the content key mek of each set key k (Si) encryption to send all terminal units 20 that are associated with leaf node 1～n of whole tree BT to encryption section 116.Alternately, translator unit 118 can will use the content of each set key k (Si) encryption, rather than encrypted content key mek sends terminal unit 20 to.

Further, translator unit 118 is distributed to each terminal unit 20 with intermediate key t (S0) when setting up.For example, translator unit 118 can be distributed to each terminal unit 20 with the intermediate key t (Si) of the subclass Si under the terminal unit 20 with reference to directed graph I.At this moment, translator unit 118 can be distributed minimum necessity intermediate key t, so that each terminal unit 20 can be derived the intermediate key of all the subclass Si under it.Specifically, translator unit 118 can extract the subclass Si under the terminal unit 20 from the subclass that constitutes aggregation system Ψ, from with the coordinate points of extracting the corresponding directed graph I of subclass Si select such coordinate points, be among the corresponding subclass Sj of afterbody of terminal unit 20 directed edge that is not included in and arrives this coordinate points, and only will be distributed to terminal unit 20 with the corresponding intermediate key t of selected coordinate points (Sj).But, if as the initial coordinate point of the subclass Si under the terminal unit 20 of the distribution destination of intermediate key t (Si) corresponding to directed graph I, translator unit 118 can only will be put corresponding intermediate key t (Si) with initial coordinate and be distributed to distribution destination user.

Further, translator unit 118 with the information relevant with aggregation system Ψ (for example can also rise, information about n, λ, k, y, PRSG etc.) be distributed to the effect of the directed graph distribution of information part of each terminal unit 20 with the information relevant (for example, a plurality of directed graph I of generation such as directed graph generating portion 110) with directed graph I.Specifically, in case input, for example, each intermediate key t (Si), translator unit 118 just can be according to directed graph I, the relevant information of key schedule (for example, key generator) of the PRSG of distribution and output given intermediate key t (Si) and set key k (Si).

The distribution of 118 couples of middle key t of translator unit (Si) can be used and that the different communication channel that is used for distributing contents, carries out before distributing contents.For example, the intermediate key t of each terminal unit 20 (Si) can and be recorded on the recording medium from key distribution server 10 output, and the intermediate key t (Si) of each terminal unit 20 that reads from recording medium records in each terminal unit 20 can make terminal unit 20 the manufacturing shop of terminal unit 20 time.

(subclass determining section 120)

Subclass determining section 120 determines ban use of the set (R) (hereinafter referred to as " getting rid of user's set (R) ") of set key k (Si) decrypted content keys mek or terminal unit 20 content, that will get rid of, and user's set (R) is got rid of in deletion from the set (N) of all terminal units 20 of leaf node 1～n of being assigned to whole tree BT, thereby determines to allow to use the set (N R) (hereinafter referred to as " set of permitted user (N R) ") of the terminal unit 20 of gathering key k (Si) decrypted content keys mek or content.Further, subclass determining section 120 determines to satisfy set (N R)={ the S1 ∪ S2 ∪ ... the m of ∪ Sm} (m is a natural number) subclass S1～Sm is minimum value so that make m of permitted user.

Subclass determining section 120 can be made up of the permitted user set determining section of the set of determining permitted user (N R) and the permitted user subclass determining section of one group of subclass Si of determining to constitute the set (N R) of permitted user.By subclass Si being specified to the value minimum that makes m, can reducing intermediate key t (Sm) and the quantity of gathering key k (Sm) that to preserve and generating the required amount of calculation of those keys.

Subclass determining section 120 with top mode determined to satisfy the set (N R) of permitted user=S1 ∪ S2 ∪ ... the subclass of ∪ Sm} (S1, S2 ..., Sm) afterwards, translator unit 118 will identify the permission terminal identification information of the terminal unit 20 that allows decrypted content keys mek etc. and send each terminal unit 20 to.For example, the subclass that the permission terminal identification information can be the information of the set (N R) of indication permitted user, information that user's set (R) is got rid of in indication, indication constitutes the set (N R) of permitted user (S1, S2 ..., Sm) information, indication be used for of encrypted content key mek or the information of a more than set key k (Si) etc.According to the permission terminal identification information, terminal unit 20 can judge whether it is excluded.

Further, encryption section 116 use the subclass determined with subclass determining section 120 (S1, S2 ..., Sm) corresponding set secret key encryption content key mek, and send encrypted content key mek to each terminal unit 20.

Configuration according to the key distribution server 10 of the preferred embodiment of the present invention has above been described.As mentioned above, the feature of this configuration mainly is the configuration that the key formation logic makes up piece.Especially, this embodiment has that directed edge is provided with the feature that part 108 configurations contain the hierarchy of basic subtree between the subtree of the directed graph I that generates decision key formation logic.According to directed edge between the subtree of this embodiment part 108 is set and generates the quantity that can reduce the intermediate key t (Si) that each terminal unit 20 will preserve, but can not make each terminal unit 20 of user generate the key formation logic (directed graph) that the required amount of calculation of set key k (Si) increases.Therefore, can save each terminal unit 20 preserves the required memory capacity of intermediate key t (Si) and reduces the distribution cost that intermediate key t (Si) is distributed to terminal unit 20.

The functions of components configuration of key distribution server 10 has above been described.Although come the parts of configuring cipher key Distributor 10 in this embodiment by functional programs above installation realizes in key distribution server 10, be not limited to such example, some or all of parts can be made of specialized hardware.Program can be stored in such as in the computer-readable storage medium of portable storage media and offer key distribution server 10, maybe can be sent to key distribution server 10 from external unit by the communication channel such as network 5.

[configuration of terminal unit 20]

Hereinafter with reference to the functional configuration of Fig. 8 description according to the terminal unit 20 of this embodiment.Fig. 8 is the calcspar that illustrates according to the functional configuration of the terminal unit 20 of this embodiment.

As shown in Figure 8, terminal unit 20 comprises receiving unit 124, judges part 126, key generating portion 128 and decryption portion 130.Terminal unit 20 is assigned to the some of leaf node 1～n on the whole tree bottom.

(receiving unit 124)

Receiving unit 124 receives various types of information that the translator unit 118 from be included in key distribution server 10 transmits by network 5.For example, receiving unit 124 from key distribution server 10 receive the content of encrypting by content key mek or each set key k (Si), the subclass of the set of the information of content key mek of encrypting by each set key k (Si), given one or a more than intermediate key t (Si), the information relevant, above-mentioned permission terminal identification information (for example, the set of indication permitted user (N R), indication formation permitted user (N R) with aggregation system Ψ or directed graph I (S1, S2 ..., Sm) information etc.) etc.

Further, receiving unit 124 can be from a plurality of information sources acquisition of information, and not only receive information from single information source.For example, receiving unit 124 can be from a plurality of information sources of connecting by network 5 wired or wirelessly (for example, key distribution server 10) or not obtain information in the information source (for example, the information medium as optical disc unit, disk cell and portable terminal unit) by the direct or indirect connection in network 5 ground.Because receiving unit 124 is certainly from another terminal unit 20 reception information, so can be configured to and belong to, for example, other terminal unit 20 of identical distribution destination group is shared the information of directed graph I.Under these circumstances, identical distribution destination group refer to authorize from, for example, with one group of a plurality of terminal unit 20 of spectators user's group of the content of some corresponding same or a plurality of key distribution servers 10 distributions of leaf node 1～n of above-mentioned whole tree BT.As previously mentioned, can in advance intermediate key be offered terminal unit 20, and preserve by terminal unit 20.

(judging part 126)

When receiving unit 124 receives permission during terminal identification information, judge that part 126 judges according to the permission terminal identification information that receives whether terminal unit 20 belongs to the some of subclass S1～Sm in the set (N R) that is included in permitted user.The permission terminal identification information is the information of the set (N R) of indication permitted user, the information that indication constitutes the subclass S1～Sm that gathers (N R) etc.According to result of determination, judge whether part 26 further judgements allow terminal unit 20 enabling decryption of encrypted contents.

Therefore, 20 of terminal units are preserved the intermediate key t (Si) that generates with its affiliated corresponding set key of subclass Si k (Si).Thereby, be necessary information, judge in advance whether subclass Si under the terminal unit 20 are included among the subclass S1～Sm that constitutes set (N R) according to the subclass S1～Sm that constitutes set (N R) from the information of the set of the indication permitted user of key distribution server 10 (N R) or indication.This judgement is made by judgement part 126.For example, except above-mentioned information, the information that receives from key distribution server 10 that is used to judge can also be one or the information of a more than set key k (Sj) that indication is used for encrypted content key mek.

Permission terminal identification information etc. is to distribute from key distribution server 10 simultaneously in advance or with content key mek, and is received part 124 receptions.If judging subclass Si under the terminal unit 20 is not included among the subclass S1～Sm of the set that constitutes permitted user (N R), stop the decryption processing of content key mek, because can not carry out from the intermediate key t (Si) that terminal unit 20 is preserved, generating the processing of set key k (Si).On the contrary, be included among subclass S1～Sm under the terminal unit 20 if judge subclass Si under the terminal unit 20, the key generating portion 128 of terminal unit 20 is used PRSG to generate from the intermediate key t (Si) that self preserves to gather key k (Si).

(key generating portion 128)

The information of the directed graph I that key generating portion 128 bases receive from key distribution server 10 etc. generates the set key of deciphering encrypted content or content key mek.Key generating portion 128 is according to the information of the directed graph I that receives from key distribution server 10 etc., for directed graph I in corresponding each the subclass Si of coordinate points generate the set key k (Si) of encrypted content key mek.Specifically, when the intermediate key t (S0) of the corresponding subclass S of certain coordinate points among input and the directed graph I, 128 outputs of key generating portion and the corresponding set key of subclass S0 k (S0) and with coordinate points corresponding subclass S1, the S2 of afterbody on the head of every directed edge on the coordinate points S ..., intermediate key t (S1), the t (S2) of Sk ..., t (Sk).Key generating portion 128 has the key generating portion 114 identical functions configuration with above-mentioned key distribution server 10 basically, therefore omits the detailed description to it.

(decryption portion 130)

Decryption portion 130 is used set key k (Si) decrypted content keys mek.Specifically, decryption portion 130 from set key k (Si) corresponding subclass Si extract as an element and be included in wherein subclass Sii and use and the corresponding set key of subclass Sii k (Sii) decrypted content keys mek.

The functions of components configuration of terminal unit 20 has above been described.Although come the parts of configurating terminal unit 20 in this embodiment by functional programs above installation realizes in terminal unit 20, be not limited to such example, some or all of parts can be made of specialized hardware.Program can be stored in such as in the computer-readable storage medium of portable storage media and offer terminal unit 20, maybe can be sent to terminal unit 20 from external unit by the communication channel such as network 5.

As mentioned above, the terminal unit 20 according to this embodiment can generate desired set key k (Si) according to the particular key formation logic (directed graph I) that the directed graph generating portion 110 that is included in the above-mentioned key distribution server 10 generates.Therefore, terminal unit 20 can be reduced to and generate the set key k (Si) be used for decrypted content keys mek etc. and the quantity of the intermediate key t (Si) that preserves.Further, because because the layering result of above-mentioned whole tree BT is provided with the directed edge among the directed graph I effectively, so can reduce the amount of calculation that key generating portion 128 generates set key k (Si).

[operation of key distribution server 10 and terminal unit 20]

(distribution of intermediate key)

The operation that intermediate key is distributed to each user's terminal unit 20 from key distribution server 10 hereinafter will be described.As mentioned above, in order to deal with the adding/deletion of a large amount of eliminating users and permitted user neatly, be necessary to derive a plurality of intermediate key t (Si) that are included in all subclass Si corresponding set key k (Si) wherein with terminal unit 20 and offer each terminal unit 20.Certainly, should avoid providing and to derive the intermediate key t (Si) that is not included in the corresponding set key of subclass Si k (Si) wherein with terminal unit 20, best, with regard to the efficient of terminal unit 20 memory capacity, make intermediate key t is provided the minimum number of (Si).

Therefore, when according to the foundation of key distribution system 100 with intermediate key t (Si) when key distribution server 10 is distributed to terminal unit 20, extract the subclass Si that contains under each terminal unit 20 all directed graph I as element.Then, if terminal unit 20 is included among the corresponding subclass Si of initial coordinate point (root) with directed graph I, only will put corresponding intermediate key t (Si) with initial coordinate offers terminal unit 20.On the other hand, if terminal unit 20 belongs to the corresponding subclass Si of coordinate points some with the initial coordinate point that is different from directed graph I, find out such subclass S0, be that terminal unit 20 is included among the subclass S0, but be not included among the subset p arent (S0) as the father and mother of subclass S0, and the intermediate key t (S0) of subclass S0 is offered terminal unit 20.If there are a plurality of such subclass S0, provide the intermediate key t (S0) of each subclass.The set membership of subclass Si determines that by directed edge the coordinate points of directed edge afterbody is as the father and mother of head coordinate points, and the coordinate points of directed edge head is as the children of afterbody coordinate points.Hereinafter, the coordinate points parent (S0) that arrives on the afterbody of directed edge of certain coordinate points S0 is called father's coordinate points.If certain coordinate points S0 is the starting point of directed graph H, then there is not father's coordinate points, and, then only has father's coordinate points if not the starting point of directed graph H.In some cases, in a directed graph H, may have a plurality of such coordinate points, promptly user u is included in the corresponding with it subclass, but user u is not included in the corresponding subclass of father's coordinate points with it.

Hereinafter specifically describe the distribution method of intermediate key with reference to the example of Figure 11.

(example 1) consideration is distributed to the intermediate key t (Si) of user 1 terminal unit 20.At first, contain subclass Si under the user 1 as the result of the directed graph I of element, find directed graph I (1 → 7) and directed graph I (a → h) as search.User 1 terminal unit 20 belongs to the subclass [1,1] as the initial coordinate point of directed graph I (1 → 7).Therefore, intermediate key t ([1,1]) is offered user 1.

Though user 1 terminal unit 20 belongs to the directed graph I (subclass [a of a → h), a], but (a → h) is provided with directed edge figure because from directed graph I (1 → 7) to directed graph I, if so preserved intermediate key t ([1,1]), user 1 terminal unit 20 can be derived intermediate key t ([a, a]) according to directed edge between directed graph I (1 → 7) and figure.Therefore, there is no need intermediate key t ([a, a]) is offered user 1 terminal unit 20.So the intermediate key that user 1 terminal unit 20 is preserved is intermediate key t ([1,1]).

The same with user 1 terminal unit 20, for directed graph I (1 → 7), with subclass [1,7]=1,2 ..., the intermediate key that the intermediate key of 7} maybe can use PRSG to derive the intermediate key of subclass [1,7] offers user 1～7 terminal unit 20.In this case, because as mentioned above, (a → h) is provided with directed edge figure from directed graph I (1 → 7) to directed graph I, so user 1～7 terminal unit 20 can be applied to PRSG and derive intermediate key t ([a, a]) by the intermediate key with subclass [1,7], and further from middle key t ([a, a]) the middle intermediate key t ([a, *]) of derivation (noticing that * is the some of b～h).Therefore, there is no need that (a → intermediate key h) offers user 1～7 terminal unit 20 with directed graph I.

(example 2) followed, and consideration is distributed to the intermediate key of user 12 terminal unit 20.At first, contain subclass Si under user 12 the terminal unit 20 as search, find directed graph I (a → h), I (b ← h), I (b ← d), I (b ← b), I (9 ← 15), I (10 ← 16) and I (10 ← 12) as the result of the directed graph I of element.Observe directed graph H (10 → 16), user 12 terminal unit 20 does not belong to the subclass [16,16] on the initial coordinate point, but belongs to the 5th and subclass [16,12], [16,11], [16,10] on the coordinate points subsequently.In the middle of those coordinate points, do not comprise that on their father's coordinate points user 12 coordinate points has only [16,12] and [16,11].Specifically, user 12 is not included in the coordinate points [16,13] as father's coordinate points parent ([16,12]) that comprises user 12 coordinate points [16,12] and [16,11] and parent ([16,11]).Therefore, t ([16,12]) and t ([16,11]) are offered user's 12 conducts and the corresponding intermediate key of directed graph H (10 ← 16).

Equally, (((b ← d), I (9 ← 15) and I (10 ← 12) select corresponding intermediate key, and provide it to user 12 for b ← h), I for a → h), I for other directed graph I.But, (b ← b) is provided with directed edge figure because from I (10 ← 16) to I, so user 12 terminal unit 20 can use top intermediate key t ([16,13]) derive intermediate key t ([b, b]), thereby there is no need intermediate key t ([b, b]) is offered user 12 terminal unit 20.Therefore, seven intermediate key offer user 12 altogether.

Below with reference to Figure 12 short summary once up to the processing that intermediate key is distributed to each user's terminal unit.Figure 12 illustrates according to this embodiment, is based upon the flow chart of the handling process of distribution intermediate key in the key distribution server 10 according to system.

As shown in figure 12, the key distribution server 10 of key distribution system 100 at first is provided with various parameter etc.For example, key distribution server 10 determines to be assigned to the parameter y, the pseudo random number generating algorithm of given parameter k, PRSG etc. of quantity of layering of figure place λ, the whole tree of indication BT of quantity n (number of users), set key and intermediate key of leaf node of the whole tree BT of terminal unit 20, and to all users' terminal unit 20 announce they (S202).Like this, except parameter n, λ, k and the PRSG algorithm announced in above-mentioned basic scheme, this embodiment also determines and has announced the parameter y of the quantity of the layering of indicating whole tree BT.

Then, the set that key distribution server 10 will be assigned to the terminal unit 20 of leaf node is divided into given subclass Si, determines to use the also aggregation system Ψ (referring to top expression formula (2)) of set representations, and announces aggregation system Ψ (S204).

Then, key distribution server 10 generates above-mentioned a plurality of directed graph I, determines the structure T that is made up of the set of those directed graphs I, and announces the structure T (S206) of a plurality of directed graph I.Further, key distribution server 10 is determined and the corresponding intermediate key of each subclass (S208) that constitutes aggregation system Ψ.After this, key distribution server 10 uses the PRSG of definite intermediate key and key generating portion 114 to derive and the corresponding intermediate key of other coordinate points, and distribute the terminal unit 20 of necessary intermediate key to each user, so that derive and the corresponding set keys of all subclass (S210) that comprise each terminal unit 20.Then, terminal unit 20 receives the information of relevant intermediate key etc. from key distribution server 10, and safely it is stored in the safe storage part 208.

The distribution method to middle key when setting up according to this embodiment has above been described.If the distribution method above using, the terminal unit of then distributing each permitted user generates minimum required intermediate key of set key, thereby can reduce the memory capacity of intermediate key in the traffic between key distribution server 10 and the terminal unit 20 and each user's the terminal unit 20.

(distribution of content key)

Hereinafter short summary is once according to the handling process of this embodiment distribution of encrypted content key mek in key distribution server 10.Because identical with content distribution method basically, describe so refer back to Fig. 6 according to aforementioned basic fundamental according to the method for this embodiment distributing contents key.

As shown in Figure 6, in the distributing contents key, according to the key distribution server 10 of this embodiment at first determine to get rid of the user set (R) thus the user's that secures permission set (N R) (S112).Then, key distribution server 10 from the subclass that constitutes aggregation system Ψ, select to contain the union of (N R) m subclass Si (i=1,2 ..., m), so that make the value minimum (S114) of m.Then, key distribution server 10 uses respectively and gathers key k (Si) encrypted content key mek (S116) with the corresponding m of selected subclass Si.Further, key distribution server 10 will be indicated the information of the set (N R) of permitted user or its subclass Si and the terminal unit 20 (S118) that m encrypted content key mek is distributed to all users.

Encryption method and distribution method according to content key mek in the key distribution server 10 of this embodiment have above been described.If the encryption method above using just can be selected subclass Si effectively, be that minimum necessity is individual so that make the quantity of set key.Because from then on use minimum necessity (m) set secret key encryption content key mek, encrypt required amount of calculation so can save, and reduced the quantity of the encrypted content key that will distribute, thereby reduced the traffic.

(deciphering of content key)

Handling process according to this embodiment enabling decryption of encrypted content key in each user's terminal unit 20 is hereinafter described.Because identical with content key decryption method basically, describe so refer back to Fig. 7 according to aforementioned basic fundamental according to the method for this embodiment decrypted content keys.

As shown in Figure 7, each user's terminal unit 20 at first from key distribution server 10 receive m encrypted content key mek and such as the information of the set (N R) of indication permitted user or indicate m subclass Si (i=1,2 ..., m) the permission terminal identification information (S120) of information.Then, terminal unit 20 is according to the subclass Si (S122) of this permission terminal identification information search under it, and judges whether it belongs to m subclass Si some (step S124).

The result, if terminal unit 20 is found out the subclass Si under it, intermediate key and directed graph I that it just provides in advance according to key distribution server 10, use the PRSG of above-mentioned key generating portion 128 derive with the corresponding set key of subclass Si k (Si) (S126).The configuration of PRSG as hereinbefore.If will offer terminal unit 20 from key distribution server 10 with the corresponding intermediate key t of subclass Si (Si) in advance, and terminal unit 20 preserves it, and then it just can gather key k (Si) by using PRSG to derive once.On the other hand, if terminal unit 20 is not preserved intermediate key t (Si), it can derive desired set key k (Si) by repeatedly using PRSG.After this, terminal unit 20 uses set key k (Si) the enabling decryption of encrypted content key mek that derives like this, thereby can enabling decryption of encrypted content (S128).

On the other hand, if terminal unit 20 judges that in step S124 it does not belong to the some of subclass Si, then terminal unit 20 shows and output: " it is excluded outside the terminal unit 20 that allows accessed content (promptly; it is to get rid of the user) " (S130), and the decryption processing of end content key mek.

Because aforesaid content key decryption processing according to this embodiment is not only by separating into the directed edge that basic subtree has suitably disposed directed graph I with whole tree BT, and be provided with directed edge between figure, so compare with aforesaid basic fundamental, can in terminal unit 20, reduce the amount of calculation of using PRSG to obtain intermediate key and set key.

[advantage of the present invention]

Above-detailed according to the key distribution system 100 of this embodiment.In this embodiment, will be altered to by the aggregation system Ψ that the subclass of terminal unit 20 is formed with top expression formula (2) expression, thereby compare, improve directed graph I with aforesaid basic fundamental.This embodiment will specify the whole big tree BT of all terminal units 20 to be divided into little basic subtree to it, so that it is separated into the y layer, with the key deriving method that in each basic subtree, uses according to basic fundamental, and further with the corresponding subclass of different basic subtrees between the directed edge of directed graph I is set and use uses the key deriving method of pseudorandom number generator PRSG.

This configuration can reduce the quantity of the intermediate key that each user's terminal unit 20 will preserve and reduce the amount of calculation of the required terminal unit 20 of key derivation.The quantity of the intermediate key that terminal unit 20 will be preserved exists the amount of calculation of the required terminal unit 20 of the location association of k*log (n) and key derivation to have k*logn ^(1/k)Location association.Because this embodiment is by being divided into n with whole big tree BT ^(1/y)The little basic subtree of individual leaf node is come Ψ of configuration set system and directed graph I so that reduce the quantity n of the leaf node of tree structure, so can reduce the quantity and the required amount of calculation of key derivation of the key that terminal unit 20 will preserve.

Hereinafter with reference to Figure 13 according to the cipher key distribution scheme of aforementioned basic fundamental with the quantity of the intermediate key that comparison terminal unit 20 will be preserved between according to the cipher key distribution scheme of this embodiment.Figure 13 (A) is the form of the quantity (n=64 as shown in Figure 4 and the situation of k=6) that is illustrated in the intermediate key that will preserve according to each terminal unit in the cipher key distribution scheme of aforementioned basic fundamental, and Figure 13 (B) is the form of the quantity (situation of n=64 as shown in figure 11, y=2 and k=3) that is illustrated in the intermediate key that will preserve according to each terminal unit 20 in the cipher key distribution scheme of this embodiment.

As shown in figure 13, when relatively according to the cipher key distribution scheme of this embodiment with according to the cipher key distribution scheme of basic fundamental, though the quantity of intermediate key t is identical between two kinds of schemes in the terminal unit 20 of

user

1 and 64, promptly, 1 and 2, but the quantity of key is less than in the cipher key distribution scheme according to basic fundamental in the cipher key distribution scheme according to this embodiment in other user's 2～63 terminal unit 20.Further, though the sum of the key that all terminal units 20 will be preserved in according to the cipher key distribution scheme of basic fundamental is 705, be 400 in cipher key distribution scheme according to this embodiment.Further, though the average cipher key number of each terminal unit 20 is about 11.02 in according to the cipher key distribution scheme of basic fundamental, be 6.25 in cipher key distribution scheme according to this embodiment.Like this, cipher key distribution scheme according to this embodiment is compared with the cipher key distribution scheme according to basic fundamental, the quantity of key can be reduced to about 56.7%, the quantity of the key that each terminal unit 20 will preserve significantly be reduced, and alleviated the storage burden of terminal unit 20.

Then, the amount of calculation of the required terminal unit 20 of decrypted content keys mek in terminal unit 20 is done following research.The worst-case value of amount of calculation is with representing from initial coordinate point (root) to the quantity (that is the number of skips when, directed edge being set) of the directed edge of last coordinate points (leaf of directed edge) farthest in the directed graph.In the cipher key distribution scheme shown in the example of Fig. 4 according to basic fundamental, for the initial coordinate point [1,1] from directed graph H (1 → 64) arrives last coordinate points [1,64], be necessary to pass 11 directed edges (carrying out 11 times jumps), this means operation PRSG nearly 11 times.

On the other hand, in the cipher key distribution scheme shown in the example of Figure 11 according to this embodiment, at directed graph H (1 → 7) and H (among a → h) from initial coordinate point [1,1] coordinate points [1 to the end, h] farthest, and the quantity of required directed edge (that is, number of skips) is 10, less than according to 11 in the cipher key distribution scheme of basic fundamental.Like this, compare with cipher key distribution scheme, can reduce the amount of calculation in each required terminal unit 20 of deciphering isochronograoph calculation key according to basic fundamental according to the cipher key distribution scheme of this embodiment.

In cipher key distribution scheme according to basic fundamental, if make the value of parameter k less, can reduce the quantity of the key that each terminal unit 20 will preserve,, and only keep short directed edge (short distance jump) because in Fig. 4, deleted long directed edge (long distance is jumped); But this has caused among each directed graph H from initial coordinate puts the problem that the amount of calculation the terminal unit 20 of the quantity representative of the directed edge of coordinate points to the end increases.

As mentioned above, in cipher key distribution scheme according to this embodiment, even the quantity of terminal unit 20 (recipient) is very big, the amount of calculation in the time of also can reducing the quantity of the key that terminal unit 20 will preserve and use the encryption key deciphering in the required terminal unit.

[application of encryption key distribution system 100]

The application of above-mentioned encryption key distribution system 100 is hereinafter described.

(using 1)

At first, as using 1, figure 14 illustrates the configuration of broadcast encryption system 300.

Figure 14 is the calcspar that the configuration of the broadcast encryption system that uses broadcasting satellite is shown.In broadcast encryption system 300, enciphered data (so-called ciphertext) is sent to receiver 310 by broadcast channel.Broadcast channel in the broadcast encryption system 300 is, for example, and the satellite broadcasting distribution channels.The data that transmit as ciphertext are to comprise, for example, and the content of encryption key, voice data, video data, text data etc.Broadcasting trust centre 304 in the satellite television broadcasting radio station 302 is sent to broadcasting satellite 306 with data.Broadcasting trust centre 304 selects to be used for the encryption of encrypted secret key or control example such as data and the distribution of data.Broadcasting satellite 306 broadcast datas.The receiver 310 that is installed in the dwelling house 308 comprises for example satellite broadcast reception converter, and receives the data of being broadcasted.A plurality of other receivers 310 also can receive the data of broadcasting.Like this, broadcasting trust centre 304 can send data to each receiver 310 in the receiver group of being made up of receiver 310.As described later, broadcasting trust centre 304 is to have only the mode broadcast encryption data of authorizing receiver 310 could decipher broadcast data.Although Figure 14 shows the broadcast system that uses broadcasting satellite 306, also can use other broadcast channel, such as closed-circuit television and computer network.

Configuration as the broadcast encryption system 300 of a kind of application of encryption key distribution system 100 has above been described.Following short summary once with the relation of encryption key distribution system 100, broadcasting trust centre 304 corresponding to key distribution server 10 (according to information process unit of the present invention) and receiver 310 corresponding to terminal unit 20 (according to terminal unit of the present invention).Broadcasting satellite 306 is as the media of the network that connects them.

(using 2)

Then, as using 2, figure 15 illustrates the configuration of broadcast encryption system 400.

Figure 15 is the calcspar that the configuration of the broadcast encryption system 400 that uses data medium is shown.In broadcast encryption system 400, broadcast channel is the distribution of data storage medium.Broadcasting trust centre 404 in the medium manufacturer 402 with storage such as read-only medium (for example, CD-ROM, DVD-ROM etc.) with can rewrite in every event data medium of medium 406 of medium (for example, CD-RW, DVD-RW etc.) and so on.In read-only medium, broadcasting trust centre 404 recording of encrypted content key and encrypted contents are so that have only authorized user ability data decryption and visit encrypted content (for example, sound, video, text etc.).On the other hand, can rewrite in the medium, broadcasting trust centre 404 recording of encrypted content keys are so that have only the authority record unit could be with respective data record in recording medium.Medium manufacturer 402 is sent to distribution agent such as retail shop etc. with medium 406.Distribution agent 408 offers receiver 414 in the dwelling house 412 with medium 410.For example, distribution agent 408 is sold to the someone with medium 410, and this people takes medium 410 in the dwelling house 412, and medium 410 is inserted in the receiver 414.For example, receiver 414 can be such as CD Player, DVD player and computer, reads and play the unit that is recorded in the data in the medium 410.As another special case, receiver 414 can be can be with the dish unit of data record to medium 410 neutralizations reading of data from medium 410, as the DVD-RW driver.Broadcasting trust centre 404 is to have only the mode enciphered data of authorizing receiver 414 ability decrypt encrypted data.

Configuration as the broadcast encryption system 400 of a kind of application of encryption key distribution system 100 has above been described.Following short summary once with the relation of encryption key distribution system 100, broadcasting trust centre 404 corresponding to key distribution server 10 (according to information process unit of the present invention) and receiver 414 corresponding to terminal unit 20 (according to terminal unit of the present invention).Further, replace the network that connects them, exist the medium 406 and 410 of distributing as media by distribution agent 408.

Although describe the preferred embodiments of the present invention above with reference to the accompanying drawings, the present invention is not limited to this certainly.For the person of ordinary skill of the art, apparent, make various changes and modification with can not departing from claims scope, therefore, this means that these changes and modification are also contained within the technical scope of the present invention.

For example, be provided with at above-mentioned tree structure and supposed branch more and more wideer tree structure from the top to the bottom in the part 102, but be not limited to this, tree structure can be such, be branch along any direction, for example, from bottom to top, more and more wideer from the left side to the right side and from the right side to the left side.Under these circumstances, be necessary to change the definition of the subclass that is associated with each intermediate node so that adapt to it.But this change is to rotate simply by above-mentioned tree structure the tree structure that part 102 is provided with is set, and under any circumstance all means identical.Further, although above-mentioned directed edge is provided with between part 106 and subtree directed edge and part 108 is set by being provided with from left to right or reference axis from right to left makes up directed graph I ' and I, the direction of reference axis can be on the contrary or change over non-horizontal direction, such as any direction of vertical direction.Therefore, although in the superincumbent description for convenience's sake according to vertical direction or horizontal direction defined parameters, but general knowledge according to common people or those of ordinary skills, even with tree structure or directed graph rotation or reverse, changed vertical and horizontal relationship, also meaned to be included within the constructed scope.

Further, although in the above-described embodiments, as shown in Figure 9, the whole tree BT of the quantity n=64 of leaf node is separated into y=2 layer, but the present invention is not limited to this, the parameter y of the indication layering number of plies can be arranged to any natural number and whole tree can be separated into three layers or more multi-layered.For example, the whole tree BT of n=64 can be divided into and highly be 2 and contain the basic subtree of four leaf nodes, so that it is separated into y=3 layer.Under these circumstances, can dispose tree structure by this way, promptly, whole tree BT is divided into four basic subtrees in a basic subtree, intermediate layer of top layer and 16 basic subtrees of bottom, make the root node of basic subtree in intermediate layer consistent with the leaf node of the basic subtree of top layer, consistent with the root node of the basic subtree that makes bottom with the leaf node of the basic subtree in intermediate layer.

Further, by directed edge between subtree the example that technology that part 108 is arranged on the directed edge that is provided with between the directed graph I of different basic subtrees is not limited to Figure 11 is set, it all is feasible that various designs change.Although with regard to the quantity that reduces key, the directed edge that is arranged in such a way between the subtree is preferred, promptly, the subclass of the directed graph in the basic subtree of lower floor is included in the subclass of the directed graph I in the basic subtree on upper strata, but be not limited to this, can directed edge irrespectively be set with inclusion relation.

＜the second embodiment 〉

Encryption key distribution scheme according to second embodiment of the invention is hereinafter described.Contain the directed graph of longer directed edge according to the encryption key distribution scheme of this embodiment by generation, can reduce amount of calculation required in the terminal unit 20.Hereinafter, key distribution server 10 and the functional configuration of terminal unit 20 and the feature and advantage of this encryption key distribution scheme that realize according to the encryption key distribution scheme of this embodiment will be described in detail.

[configuration of key distribution server 10]

At first, hereinafter with reference to of the configuration of Figure 16 detailed description according to the key distribution server 10 of this embodiment.Figure 16 is the calcspar that illustrates according to the configuration of the key distribution server 10 of this embodiment and terminal unit 20.

As shown in figure 16, key distribution server 10 comprises that tree structure is provided with part 154, reference axis and part 156, directed graph generating portion 160, initial intermediate key is set part 162, key generating portion 164, encryption section 166, translator unit 168 and subclass determining section 170 are set.Especially, tree structure is provided with part 154, part 156 is set reference axis and directed graph generating portion 160 is referred to as key formation logic structure piece.Equally, initial intermediate key is provided with part 162 and key generating portion 164 and is referred to as key and generates piece.

(tree structure is provided with part 154)

Tree structure is provided with the binary tree that part 154 configuration is made up of n leaf node, root node and a plurality of intermediate key t (S0) different with root node and leaf node of assigned number 1～n (n is a natural number), and in the middle of a plurality of leaf nodes in the lower floor that is positioned at certain intermediate node v or root node v, the number that will be positioned at the leaf node of left end is arranged to lv, and the number that will be positioned at the leaf node of right-hand member is arranged to rv.Further, tree structure be provided with part 154 will gather (1 → n) and the set (2 ← n) are assigned to root node, if certain intermediate node v is positioned at its father node left side, to gather then that (lv+1 ← rv) is assigned to this intermediate node, if and intermediate node v is positioned at its father node right side, will gather then that (lv → rv-1) is assigned to this intermediate node.

As mentioned above, tree structure is provided with part 154 and has the configuration that can make up m layer tree structure, for example, supposes the situation (binary tree) of m=2, and it can make up and the identical tree structure of binary tree structure according to basic scheme (Fig. 3).Therefore, the implication with each node of the binary tree structure that makes up according to aforementioned basic scheme is identical basically by tree structure the implication of each node of the tree structure that part 154 makes up to be set.Although for convenience of description, binary tree structure is hereinafter only described, be not limited to this.

(reference axis is provided with part 156)

Reference axis be provided with part 156 be arranged on the horizontal axis with the from left to right increasing mode of degree of comprising arrange be included in set (coordinate points that the subclass in 1 → n) is associated with corresponding first horizontal axis of root node.Then, reference axis be provided with part 156 be arranged on the horizontal axis with the increasing from right to left mode of degree of comprising arrange be included in set (coordinate points that the subclass in 2 ← n) is associated with corresponding second horizontal axis of root node.Then, for each intermediate node, reference axis be provided with part 156 be arranged on the horizontal axis with the from left to right increasing mode of degree of comprising arrange be included in set (coordinate points that the subclass among the lv → rv-1) is associated with corresponding the 3rd horizontal axis of certain intermediate node v.Further, reference axis be provided with part 156 be arranged on the horizontal axis with the increasing from right to left mode of degree of comprising arrange be included in set (coordinate points that the subclass among the lv+1 ← rv) is associated with corresponding the 4th horizontal axis of certain intermediate node v.After this, reference axis is provided with part 156 and places each on the right side of the coordinate points that is positioned at the 3rd horizontal axis right-hand member be positioned at two interim coordinate points on the left side of coordinate points of the second and the 4th horizontal axis left end, the coordinate points that will be positioned at the first horizontal axis right-hand member is arranged to the first interim coordinate points, and the second interim coordinate points is placed on the right of the first interim coordinate points.

As mentioned above, reference axis is provided with part 156 and is provided with and makes up the reference axis of the corresponding directed graph H of each node that the tree structure of part 154 configurations is set with tree structure.Indication of first horizontal axis and set (1 → n) corresponding reference axis, indication of second horizontal axis and set (2 ← n) corresponding reference axis, the 3rd horizontal axis indication and set (corresponding reference axis of lv → rv-1) and the indication of the 4th horizontal axis and set (the corresponding reference axis of lv+1 ← rv).Because the 3rd horizontal axis and the 4th horizontal axis are provided with at each intermediate node v, so be provided with several reference axis respectively.Specifically, be provided with quantity three horizontal axis and four horizontal axis identical with the quantity of intermediate node.

(directed graph generating portion 160)

Directed graph generating portion 160 is provided with given integer k and n is satisfied in calculating ^(x-1)/k＜(rv-lv+1)≤n ^X/kInteger x.Then, among integer i=0～x-1 each, directed graph generating portion 160 is n by coupling length ^I/kOne or more directed edge to the right, form the directed walk of afterbody on the most left coordinate points on the first and the 3rd horizontal axis, and be n further by coupling length ^I/kOne or more directed edge left, form the directed walk of afterbody on the rightest coordinate points on the second and the 4th horizontal axis.Then, for each root of first to the 4th horizontal axis, directed graph generating portion 160 is got rid of afterbody or head all directed edges on each interim coordinate points.Further, get rid of other directed edge except the longest directed edge the directed edge of each coordinate points of directed graph generating portion 160 on arriving first to the 4th horizontal axis, thus generate respectively with set (1 → n-1), set (2 ← n), set (lv+1 → rv) the and gather (directed graph that lv ← rv-1) is relevant.After this, directed graph generating portion 160 is that 1 directed edge adds with set and (in 1 → n-1) the relevant directed graph, thereby generates and gather (1 → n) relevant directed graph with the length on the first interim coordinate points of head on first horizontal axis.

As mentioned above, directed graph generating portion 160 is by generating directed graph with the similar method of basic scheme.But, to compare with the directed graph of basic scheme, directed graph generating portion 160 can generate the directed graph of being made up of longer directed edge.As described later, this has reduced each user derives the required amount of calculation of set key.Hereinafter describe the handling process of the processing of being undertaken by directed graph generating portion 160 in detail with reference to Figure 17.Figure 17 illustrates the flow chart that directed graph generating portion 160 generates the handling process of directed graph.

With reference to Figure 17, directed graph generating portion 160 generates directed graph by step as described below.Hereinafter describe to generate and set (the corresponding directed graph I of lv+1 → the rv) (method of lv+1 → rv) by illustration.

(step 1; S140) directed graph generating portion 160 will be included in set (subclass among the lv+1 → rv) will be placed on the horizontal linear (horizontal axis) by arrange them in the from left to right increasing mode of degree of comprising.Speak by the book, directed graph generating portion 160 will as set (lv+1 → rv) subclass of element is assigned to each coordinate points on the horizontal axis, and with the degree of comprising of specified subset towards the right side increasing mode place coordinate points.Then, directed graph obtains two interim coordinate points of right side placement of part 160 the rightest coordinate points on horizontal axis.Be Lv=rv-lv+1 from the most left coordinate points to the length L v of right interim coordinate points on the reference axis.At this moment, directed graph generating portion 160 is calculated and is satisfied n ^(x-1)/k＜Lv≤n ^X/kInteger x (1≤x≤k).

(step 2; S142) directed graph generating portion 160 is arranged to counting with integer value i, and makes counting i change to x-1 ground from 0 and carry out following operation.From the starting point of horizontal axis left end, directed graph generating portion 160 repeats to be provided with and extends to and this coordinate points n of being separated by ^I/kThe directed edge to the right of coordinate points (jump to and this coordinate points n of being separated by ^I/kCoordinate points), arrive the interim coordinate points in horizontal axis right-hand member or its left side up to the head of directed edge, or the head of the next directed edge that is provided with surpasses till interim coordinate points some.

(step 3; S144) directed graph generating portion 160 deletion from the directed edge that top (step 2) created arrives all directed edges of interim coordinate points.

(step 4; S146) if there are many directed edges that arrive certain coordinate points, directed graph generating portion 160 deletions all other directed edges except that the longest directed edge.

By top process, directed graph generating portion 160 can generate the directed graph of being made up of the long directed edge of comparing with basic scheme.Further, for all intermediate nodes and the root node that constitute tree structure, directed graph generating portion 160 is by (method of lv → rv-1) identical generates directed graph with top directed graph I.For example, directed graph generating portion 160 generates the (lv+1 ← rv), and further generating and the corresponding directed graph I of root node (1 → n) and I (2 ← n) with the corresponding directed graph I of certain intermediate node v.((2 ← n) is to form on the horizontal axis of arranging coordinate points with the degree of comprising that is included in the subclass among each figure towards " left-hand " increasing mode to directed graph I for lv+1 ← rv) and I.Therefore, (the coordinate points queueing discipline on the horizontal axis that step 1) is provided with is opposite by top.Further, ((two interim coordinate points of 2 ← n) are placed on the left side of coordinate points the most left on the horizontal axis for lv+1 ← rv) and I to form directed graph I.(generate directed graph I (1 → n) in 1 → n-1) by directed edge E ([1, n-1], [1, n]) being added directed graph I.

By using above-mentioned oriented drawing generating method, generate directed graph I as shown in figure 18.Figure 18 shows the directed graph I that forms when complete binary tree according to the quantity n=64 of as shown in Figure 3 leaf node is provided with parameter k=6.

At first, the directed graph H (Fig. 4) that generates according to basic scheme and draw relatively according to the directed graph I (Figure 18) of this embodiment, directed graph I comprises longer directed edge.When making the comparison of relevant the longest directed walk V ([1,1], [1,64]), though directed graph H is made up of 11 directed edges, directed graph I only is made up of 6 directed edges.Therefore, can affirm that directed graph generating portion 160 generates the required amount of calculation of set key and reduced.Equally, figure 19 illustrates at parameter k and be configured to directed graph I under the situation of k=3.

The hereinafter concise and to the point appraisal procedure of assessing the quantity of the required set key of each user at each directed graph of describing.At first, for the intermediate key of selecting each user to preserve, be necessary to extract the affiliated directed graph of user u.Specifically, from the intermediate node that constitutes tree structure, extract all intermediate nodes that are included in the leaf node that is arranged in lower floor with the corresponding leaf node u of user u, and select and the corresponding directed graph of those intermediate nodes.Because all leaf nodes all are present in the lower floor of root node, so select and the corresponding directed graph of root node certainly.Classify by layer if comprise the tree structure of n leaf node, have a root layer, leaf layer and log (n)-1 intermediate level of nodes.As shown in Figure 3, on each intermediate level of nodes, have only one to comprise and the directed graph I of the corresponding son group of certain user u as element.Therefore, existence comprises that minimum log (n)+1 directed graph of two directed graphs that are associated with root node is as target.

Further, for each directed graph, the maximum quantity of the intermediate key that the user will preserve is positioned at the maximum quantity decision of a directed edge on the coordinate points by its afterbody.Therefore, each coordinate points for certain directed graph, counting is since the quantity of the directed edge of a coordinate points, and when extracting the coordinate points of number maximum, the quantity of the directed edge of its afterbody on this coordinate points equals the maximum quantity of the intermediate key that the user will preserve.At least for directed graph, the user need not to preserve the intermediate key above maximum quantity.Further, understand easily, according to the directed graph formation logic, the quantity of the directed edge of its afterbody on each coordinate points can not surpass parameter k.

As a result, the quantity of the intermediate key that will preserve of user can not surpass k* (log (n)+1) at most.Because number of users is enough big, the upper limit of number of keys is generally by O (k*log (n)) assessment.But this assessed value is actually too high assessment, if relevant, for example, the situation of basic scheme calculates assessed value more specifically, and the upper limit of number of keys represents by following expression formula (3).In the cipher key distribution scheme according to this embodiment, the assessment models of number of keys also is following expression formula (3), and the quantity of the intermediate key that the user will preserve does not change.

[expression formula 3]

Σ_{x = 1}^{k - 1} x (\frac{\log n}{k}) + k (\frac{\log n}{k} - 1) + 2 k = \frac{k + 1}{2} \log n + k \cdot \cdot \cdot (3)

On the other hand, each user generates the length that the directed walk that constitutes directed graph is depended in the assessment of gathering the required amount of calculation of key.Specifically, along with the quantity minimizing of the directed edge that forms every directed walk, each user's amount of calculation also reduces.For example, under the situation according to the directed graph H of basic scheme, the longest directed walk is directed graph H (1 → n) directed walk V ([1,1], [1, n]).This directed walk comprises (2*k-1) * (n ^1/k-1) bar directed edge.On the other hand, under the situation according to the directed graph I of this embodiment, the longest directed walk is that (1 → n) directed walk V ([1,1], [1, n]), this directed walk comprises (k* (n to directed graph I ^1/k-1) bar directed edge.Therefore, compare with basic scheme, the amount of calculation that this embodiment can be required with each terminal unit of user reduces only about half of.

The logic that the quantity increase ground that generates the intermediate key that can not make each user's preservation can reduce to generate the directed graph of the worst-case value of gathering the required amount of calculation of key has above been described.The structure of above-mentioned key formation logic (directed graph) mainly makes up piece by the key formation logic that constitutes key distribution server 10 and implements.But in order to carry out encryption key distribution according to top key formation logic, other element also is necessary.Therefore, hereinafter refer back to Figure 16 and describe other element.

Refer back to Figure 16, except above-mentioned key formation logic made up piece, key distribution server 10 comprised that also initial intermediate key is provided with part 162, key generating portion 164, encryption section 166, translator unit 168 and subclass determining section 170.

(initial intermediate key is provided with part 162)

Initial intermediate key be provided with part 162 at corresponding each directed graph I of each intermediate node of tree, generate with the initial coordinate of directed graph I and put corresponding intermediate key.For example, initial intermediate key is provided with part 162 and can uses pseudorandom number generator to generate random number, and random number is arranged to and corresponding each intermediate key of top initial coordinate point (root), maybe given numerical value can be arranged to each intermediate key.

(key generating portion 164)

For certain the bar directed edge that constitutes directed graph I, when input is assigned to the given intermediate key of coordinate points of afterbody indication of directed edge, the corresponding intermediate key of head of the corresponding set key of coordinate points of 164 outputs of key generating portion and the afterbody indication of directed edge and all directed edges of extending with afterbody from this directed edge.Therefore, key generating portion 164 is corresponding to the PRSG of basic scheme.But key generating portion 164 is with the difference of the PRSG of basic scheme, the directed graph I output intermediate key that it generates according to directed graph generating portion 160.If key generating portion 164 is expressed as identical with PRSG, when input during with the corresponding intermediate key t of certain coordinate points S0 (S0) of directed graph I, the corresponding intermediate key t of head (S1), the t (S2) of its output and the directed edge of afterbody on this coordinate points (corresponding to subclass S0) ..., t (Sm) and set key k (S0).Note the quantity of the directed edge of m indication afterbody on certain coordinate points S0.

(encryption section 166)

Encryption section 166 uses the set secret key encryption to be used for content key.Although the quantity of content key is one, the quantity of set key is identical with the quantity of the subclass that constitutes aggregation system Φ.Therefore, encryption section 166 uses the corresponding set secret key encryption content key of all subclass that constitute aggregation system Φ.Therefore, encryption section 166 generates and the corresponding encrypted content key of each set key.So, be m if constitute the quantity of the subclass of aggregation system Φ, generate m encrypted content key.Alternately, encryption section 166 can encrypted content.For example, encryption section 166 can use the content key encryption content, maybe can use each set secret key encryption content.Using the configuration of set secret key encryption content is the alternative example of this embodiment.

(translator unit 168)

The content key that translator unit 168 is encrypted encryption section 166 sends to and corresponding all users of leaf node.Further, translator unit 168 can send intermediate key to each user with reference to above-mentioned directed graph I.At this moment, translator unit 168 can be distributed minimum necessity intermediate key, so as each user can derive with it under the corresponding intermediate key of subclass.Specifically, translator unit 168 can extract the affiliated subclass of distribution destination user of intermediate key from the subclass that constitutes aggregation system Φ (referring to top expression formula (1)), from with the coordinate points of extracting the corresponding directed graph I of subclass select such coordinate points, promptly distribute in the corresponding subclass of afterbody of the directed edge that the destination user was not included in and arrived this coordinate points, and only will be distributed to distribution destination user with the corresponding intermediate key of selected coordinate points.But, if the subclass under the distribution destination user of intermediate key corresponding to the initial coordinate point of directed graph I, translator unit 168 can only will be put corresponding intermediate key with initial coordinate and be distributed to distribution destination user.Further, translator unit 168 can also play the distribution of information of directed graph I is given each user's directed graph distribution of information part.Specifically, in case import each intermediate key, translator unit 168 just can be according to directed graph I, distribution and key schedule (for example, key generator) the relevant information of the given intermediate key of output with the PRSG of set key.

(subclass determining section 170)

The 170 definite set (R) that should forbid the eliminating user of decryption content or content key of subclass determining section, and by use from the corresponding subclass of the coordinate points of directed graph I the union of the given subclass selected from all users' set (N), delete eliminating user's set (R), the set (N R) of definition permitted user is then so that constitute one group of subclass that the mode of minimum number of subclass of the set (N R) of permitted user determines to constitute the set of permitted user (N R).Subclass determining section 170 can be made up of the permitted user set determining section of the set of determining permitted user (N R) and the permitted user subclass determining section of one group of subclass of determining to constitute the set (N R) of permitted user.

Determined to constitute set (the N R={S1 ∪ S2 ∪ ... ∪ Sm} of permitted user in top mode in subclass determining section 170; M is a natural number) subclass (S1, S2 ..., Sm) afterwards, translator unit 168 will indicate the set (N R) of permitted user or constitute the subclass of the set of permitted user (N R) (S1, S2 ..., Sm) distribution of information give each user.Further, encryption section 166 use the subclass determined with subclass determining section 170 (S1, S2 ..., Sm) content key perhaps in the corresponding set secret key encryption, and translator unit 168 sends encrypted content or content key to each user.

Configuration according to the key distribution server 10 of the preferred embodiment of the present invention has above been described.As mentioned above, the feature of this configuration mainly is the configuration that the key formation logic makes up piece.Especially, this embodiment has feature aspect the configuration of the directed graph generating portion 160 of the directed graph I that generates decision key formation logic.Can generate according to the directed graph generating portion 160 of this embodiment and can reduce each terminal unit and generate the required amount of calculation of set key, but the key formation logic (directed graph) that the quantity of the key that each user's terminal unit will preserve is increased.

[configuration of terminal unit 20]

Hereinafter with reference to the configuration of Figure 16 description according to the terminal unit 20 of this embodiment.Figure 16 is the calcspar that the configuration of terminal unit 20 is shown.

With reference to Figure 16, terminal unit 20 comprises receiving unit 174, judges part 176, key generating portion 178 and decryption portion 180.Terminal unit 20 is corresponding to above-mentioned user.

(receiving unit 174)

Receiving unit 174 receives the information that the translator unit 168 from be included in key distribution server 10 transmits.For example, receiving unit 174 receives the content, encrypted content key, given intermediate key, the information relevant with directed graph I, the information relevant with permitted user etc. of distribution from key distribution server 10.Further, receiving unit 174 can be from a plurality of information sources acquisition of information, and not only receive information from single information source.For example, receiving unit 174 can be from a plurality of information sources of connecting by wired or wireless network (for example, key distribution server 10) or not obtain information in the information source (for example, the information medium as optical disc unit, disk cell and portable terminal unit) by the direct or indirect connection in network ground.Because receiving unit 174 is certainly from another terminal unit 20 reception information, so can be configured to and belong to, for example, other terminal unit 20 of identical distribution destination group is shared the information of directed graph I.Under these circumstances, identical distribution destination group refer to authorize from a group corresponding to the spectators user of the content of the user's of the leaf node of above-mentioned tree structure corresponding same or a plurality of key distribution servers 10 distributions of set.

(judging part 176)

Judging whether part 176 is judged as element is included in and gathers in the corresponding subclass of key some.Because 20 of terminal units preserve generate with its under the intermediate key of the corresponding set key of subclass, so be necessary to judge in advance according to the information that relevant key distribution server 10 is used for the set key of encrypted content or content key whether subclass under it is included in and gathers the corresponding subclass of key.Such judgement is made by judgement part 176.About the information of set key with identical or different moment of content key from 10 distributions of key distribution server, and be received part 174 and receive.If judge with the affiliated corresponding set key of subclass not to be included in the set key that is used for encrypting, the processing ground that terminal unit 20 does not use the intermediate key of self preserving to generate the set key finishes the decryption processing of content key.On the contrary, if find and the corresponding set key of affiliated subclass, terminal unit 20 uses the intermediate key of self preserving and uses PRSG to generate the set key.

(key generating portion 178)

For certain directed edge that constitutes directed graph I, when input is assigned to the given intermediate key of coordinate points of afterbody indication of directed edge, the corresponding intermediate key of head of the corresponding set key of coordinate points of 178 outputs of key generating portion and the afterbody indication of directed edge and all directed edges of extending with afterbody from this directed edge.Therefore, key generating portion 178 is corresponding to the key generating portion 164 that is included in the key distribution server 10.If key generating portion 178 is expressed as PRSG, if input and the corresponding intermediate key t of certain coordinate points S0 (S0) of directed graph I, the corresponding intermediate key t of head (S1), the t (S2) of its output and the directed edge of afterbody on coordinate points S0 ..., t (Sk) and set key k (S0).Note the quantity of the directed edge of m indication afterbody on coordinate points S0.The information of directed graph I can obtain from key distribution server 10, maybe can be stored in the storage area (not shown) that is included in the terminal unit 20.

(decryption portion 180)

Decryption portion 180 is used set secret key decryption content key.Specifically, decryption portion 180 from set key corresponding subclass extract as an element be included in wherein subclass and use and the corresponding set key of subclass) decryption content or content key.

Configuration according to the terminal unit 20 of this embodiment has above been described.As mentioned above, terminal unit 20 can generate desired set key according to the particular key formation logic (directed graph I) that the directed graph generating portion 160 that is included in the above-mentioned key distribution server 10 generates.Therefore, terminal unit 20 can reduce the required amount of calculation of set key that generation is used for decrypted content keys.

For example, be provided with at above-mentioned tree structure and supposed branch more and more wideer tree structure from the top to the bottom in the part 154, but be not limited to this, tree structure can be such, be branch along any direction, for example, from bottom to top, more and more wideer from the left side to the right side and from the right side to the left side.Under these circumstances, be necessary to change the definition of the subclass that is associated with each intermediate node so that adapt to it.But this change is to rotate the tree structure that part 154 configurations are set by above-mentioned tree structure simply, under any circumstance all means identical.Further, although directed graph generating portion 160 is by being provided with from left to right or reference axis from right to left makes up directed graph I ' and I, reverse change also is feasible about making.Specifically, although in the superincumbent description for convenience's sake according to vertical direction or horizontal direction defined parameters, but general knowledge according to common people or those of ordinary skills, even with tree structure or directed graph I rotation or reverse, changed vertical and horizontal relationship, also meaned to be included within the constructed scope.Further, can comprise according to the information process unit of this embodiment and to obtain that for example, given directed graph or the information relevant with directed graph are so that generate the part of obtaining of set key according to the directed graph that obtains.

Claims

1. information process unit comprises:

Tree structure is provided with part, is used for

The whole binary tree that configuration is made up of n leaf node, root node and a plurality of intermediate nodes different with root node and leaf node, and whole tree is divided into comprises n ^1/yThe a plurality of basic subtree of individual leaf node, to form y layer hierarchy, so that the root node of the basic subtree of lower floor is consistent with the leaf node of the basic subtree on upper strata, wherein y is the approximate number of log (n),

The sets definition of leaf node that will be lower than the node w of whole tree becomes Aw,

In the leaf node of basic subtree, will be positioned at the locational leaf node of certain leaf node v left side i and be defined as v ^(-i), be defined as v and will be positioned at the right side locational leaf node of i ⁽⁺ⁱ⁾,

About two the leaf node u and the v of basic subtree, wherein v will gather (u → v) be defined as { Au, Au ∪ Au on the right side of u ⁽⁺¹⁾..., Au ∪ ... ∪ Av}, and will gather (u ← v) be defined as { Av, Av ∪ Av ⁽¹⁾..., Av ∪ ... ∪ Au},

When the location than the low a plurality of leaf nodes of the node v of basic subtree in, the leaf node that is positioned at left end is defined by lv ', and the leaf node that is positioned at right-hand member is defined by rv ' time,

To gather (l _Root' → r _Root') and set (l _Root' ⁽⁺¹⁾← r _Root') be associated with the root node root of basic subtree on the top layer,

To gather (lv ' → rv ' ⁽¹⁾) and set (lv ' ⁽⁺¹⁾← rv ') be associated with the root node v of basic subtree on other layer except top layer,

If the intermediate node v of each subtree is positioned at its father node left side, then will gather (lv ' ⁽⁺¹⁾← rv ') be associated with intermediate node v and

If the intermediate node v of each subtree is positioned at its father node right side, then will gather (lv ' → rv ' ⁽¹⁾) be associated with intermediate node v; With

The directed graph generating portion is used at the root node of each basic subtree and each of intermediate node v, generates with the degree of comprising that from left to right increases and arrange and be included in set (l on horizontal axis _Root' → r _Root') or set (lv ' → rv ' ⁽¹⁾) in the corresponding coordinate points of subclass and the directed graph of the directed edge that connects coordinate points is set and/or on horizontal axis, arranges and be included in set (l with the degree of comprising that increases from right to left _Root' ⁽⁺¹⁾← r _Root') or set (lv ' ⁽⁺¹⁾← rv ') the corresponding coordinate points of the subclass in also is provided with the directed graph of the directed edge that connects coordinate points.

2. according to the described information process unit of claim 1, wherein,

The directed graph generating portion comprises that further directed edge is provided with part between subtree, be used to be provided with from the corresponding directed graph of basic subtree of lower floor to the directed edge of the corresponding directed graph of basic subtree on upper strata.

3. according to the described information process unit of claim 2, wherein,

Between subtree directed edge be provided with the part setting from the corresponding directed graph of basic subtree of lower floor first coordinate points to the corresponding directed graph of basic subtree on upper strata in second coordinate points directed edge and

Comprise and the corresponding subclass of first coordinate points with the corresponding subclass of second coordinate points.

4. according to the described information process unit of claim 1, wherein,

The directed graph generating portion comprises that reference axis is provided with part and directed edge is provided with part,

Reference axis is provided with part at the root node of each basic subtree and each among the intermediate node v, is provided with the degree of comprising that from left to right increases and arranges and be included in set (l _Root' → r _Root') or set (lv ' → rv ' ⁽¹⁾) in the corresponding coordinate points of subclass first horizontal axis and/or arrange and be included in set (l with the degree of comprising that increases from right to left _Root' ⁽⁺¹⁾← r _Root') or set (lv ' ⁽⁺¹⁾Second horizontal axis of the corresponding coordinate points of subclass ← rv '), also on the left end of first and second each root of horizontal axis and/or right-hand member, be provided with altogether in addition at least two interim coordinate points and

Directed edge is provided with part, and (k is log (n being provided with given integer k ^1/y) approximate number) and calculate and satisfy n ^(x-1)/k*y＜(rv '-lv '+1)≤n ^X/k*yInteger x after,

The left end coordinate points that repeatedly is provided with on every first horizontal axis begins to extend to the n of being separated by ^{I/ (k*y)}(directed edge to the right of the coordinate points of i=0～x-1),

The right-hand member coordinate points that repeatedly is provided with on every second horizontal axis begins to extend to the n of being separated by ^{I/ (k*y)}(directed edge left of the coordinate points of i=0～x-1),

Eliminating on the interim coordinate points on each root of first and second horizontal axis, have the head or have tail all directed edges and

Get rid of other directed edge except the longest directed edge the directed edge of each coordinate points on arriving first and second horizontal axis.

5. according to the described information process unit of claim 1, further comprise:

The key generating portion is used for the set key according to directed graph generation encrypted content or content key.

6. according to the described information process unit of claim 5, wherein,

In response to about with directed graph in the input of intermediate key t (Si) of the corresponding subclass S of certain coordinate points, the output of key generating portion with corresponding to the corresponding set key of the subclass Si of this coordinate points k (Si) and about coordinate points S1, S2 on the head of the directed edge that tail is arranged on the coordinate points S ..., intermediate key t (S1), the t (S2) of Sk ..., t (Sk).

7. according to the described information process unit of claim 5, wherein,

In response to about with directed graph in the input of set key k (S) of the corresponding subclass S of certain coordinate points, coordinate points S1, the S2 of key generating portion output on the head of the directed edge that tail is arranged on the coordinate points S ..., set key k (S1), the k (S2) of Sk ..., k (Sk).

8. according to the described information process unit of claim 5, further comprise:

Encryption section is used for using in the set secret key encryption perhaps content key.

9. according to the described information process unit of claim 8, further comprise:

Translator unit is used for the interior perhaps content key that encryption section is encrypted is sent to respectively some or all terminal units that are associated with leaf node 1～n of whole tree.

10. according to the described information process unit of claim 1, further comprise:

The subclass determining section, be used for when the subclass of leaf node 1～n of whole tree is defined by Si, determine to allow deciphering to use the set (N R) of the terminal unit of the content of gathering key or content key encryption, and determine to satisfy set (N R)={ S1 ∪ S2 ∪ ... the m of ∪ Sm} subclass S1～Sm.

11. according to the described information process unit of claim 10, wherein,

The subclass determining section determines to make the subclass S1～Sm of the value minimum of m.

12. according to the described information process unit of claim 10, wherein,

The information that translator unit will indicate the information of set (N R) or indication to constitute the subclass S1～Sm of set (N R) is sent to terminal unit.

13. according to the described information process unit of claim 9, wherein,

Translator unit uses respectively the interior perhaps content key with the corresponding set secret key encryption of subclass S1～Sm to be sent to terminal unit encryption section.

14. a terminal unit comprises:

The key generating portion is used for generating the set key of deciphering encrypted content or encrypted content key according to directed graph, and wherein, directed graph generates as follows:

To gather (l _Root' → r _Root') and set (l _Root' ⁽⁺¹⁾← r _Root') be associated with the root node of basic subtree on the top layer,

If the intermediate node v of each subtree is positioned at its father node left side, then will gather (lv ' ⁽⁺¹⁾← rv ') be associated with intermediate node v,

If the intermediate node v of each subtree is positioned at its father node right side, then will gather (lv ' → rv ' ⁽¹⁾) be associated with intermediate node v and

At the root node of each basic subtree and each among the intermediate node v, generate with the degree of comprising that from left to right increases and on horizontal axis, arrange and be included in set (l _Root' → r _Root') or set (lv ' → rv ' ⁽¹⁾) in the corresponding coordinate points of subclass and the directed graph of the directed edge that connects coordinate points is set and/or on horizontal axis, arranges and be included in set (l with the degree of comprising that increases from right to left _Root' ⁽⁺¹⁾← r _Root') or set (lv ' ⁽⁺¹⁾← rv ') the corresponding coordinate points of the subclass in also is provided with the directed graph of the directed edge that connects coordinate points.

15. according to the described terminal unit of claim 14, wherein,

Setting from the corresponding directed graph of basic subtree of lower floor to the directed edge of the corresponding directed graph of basic subtree on upper strata.

16. according to the described terminal unit of claim 15, wherein,

Setting from the corresponding directed graph of basic subtree of lower floor first coordinate points to the corresponding directed graph of basic subtree on upper strata in second coordinate points directed edge and

17., further comprise according to the described terminal unit of claim 14:

Decryption portion is used to set secret key decryption encrypted content or the encrypted content key of using the key generating portion to generate.

18. according to the described terminal unit of claim 14, wherein,

In response to about with directed graph in the input of intermediate key t (Si) of the corresponding subclass S of certain coordinate points, the output of key generating portion with corresponding to the corresponding set key of the subclass S of this coordinate points k (Si) and with the corresponding subclass S1 of coordinate points, S2 on the head of the directed edge that tail is arranged on the coordinate points S ..., intermediate key t (S1), the t (S2) of Sk ..., t (Sk).

19. according to the described terminal unit of claim 14, wherein,

20. according to the described terminal unit of claim 17, wherein,

Decryption portion is used set secret key decryption encrypted content key, and uses decrypted content keys enabling decryption of encrypted content.

21., comprise according to the described terminal unit of claim 14:

Receiving unit, be used for set (N R) when the terminal unit of the content of having determined to allow deciphering to use set key or content key encryption, and determined satisfied set (N R)={ S1 ∪ S2 ∪ ... during the m of ∪ Sm} subclass S1～Sm, receive the information that the information of indication set (N R) or indication constitute the subclass S1～Sm of set (N R), wherein, the subclass of leaf node 1～n of whole tree is defined by Si; With

Judge part, be used for judging according to reception information whether terminal unit belongs to the some of subclass S1～Sm, and judge whether allow the enabling decryption of encrypted content according to result of determination.

22., further comprise according to the described terminal unit of claim 21:

Decryption portion, the set secret key decryption encrypted content or the encrypted content key that are used to use the key generating portion to generate,

Wherein, when judging that part judges that terminal unit belongs to subclass S1～Sm some, decryption portion is used set secret key decryption encrypted content or encrypted content key.

23. an information processing method comprises following steps:

The whole binary tree that configuration is made up of n leaf node, root node and a plurality of intermediate nodes different with root node and leaf node, and whole tree is divided into comprises n ^1/yThe a plurality of basic subtree of individual leaf node, to form y layer hierarchy, so that the root node of the basic subtree of lower floor is consistent with the leaf node of the basic subtree on upper strata, wherein y is the approximate number of log (n);

When in than the low a plurality of leaf nodes of the node v of basic subtree, the leaf node that is positioned at left end is defined by lv ', and the leaf node that is positioned at right-hand member is defined by rv ' time,

To gather (l _Root' → r _Root') and set (l _Root' (+1) ← r _Root') be associated with the root node root of basic subtree on the top layer,

24. the key generation method according to the set key of directed graph generation deciphering encrypted content or encrypted content key, wherein, directed graph obtains as follows:

Two leaf node u and v (v is on the right side of u) about basic subtree will gather (u → v) be defined as { Au, Au ∪ Au ⁽⁺¹⁾..., Au ∪ ... ∪ Av}, and will gather (u ← v) be defined as { Av, Av ∪ Av ⁽¹⁾..., Av ∪ ... ∪ Au},

To gather (l _Root' → r _Root') and set (l _Root' (+1) ← r _Root') with top layer on the root joint root spot correlation connection of basic subtree,

25. program that makes computer carry out the processing that comprises following steps:

26. one kind makes computer carry out the program that generates the step of the set key of deciphering encrypted content or encrypted content key according to directed graph, wherein, directed graph obtains as follows:

To gather (l _Root' → r _Root') and set (l _Root' ⁽⁺¹⁾← r _Root') with top layer on the root joint root spot correlation connection of basic subtree,

At the root node of each basic subtree and each among the intermediate node v, generate with the degree of comprising that from left to right increases and on horizontal axis, arrange and be included in set (l _Root' → r _Root') or set (lv ' → rv ' ⁽¹⁾⁾In the corresponding coordinate points of subclass and the directed graph of the directed edge that connects coordinate points is set and/or on horizontal axis, arranges and be included in set (l with the degree of comprising that increases from right to left _Root' ⁽⁺¹⁾← r _Root') or set (lv ' ⁽⁺¹⁾← rv ') the corresponding coordinate points of the subclass in also is provided with the directed graph of the directed edge that connects coordinate points.

27. an information process unit comprises:

Directed graph obtains part, is used to obtain the directed graph of being made up of many directed edges, so that it is consistent with the afterbody of directed graph to constitute the afterbody of the longest directed edge of directed graph; With

The key generating portion, the directed graph that is used for obtaining according to directed graph acquisition unit branch generates the set key of encryption or decryption content or content key.

28. according to the described information process unit of claim 27, wherein,

In response to about with directed graph in the input of intermediate key t (Si) of the corresponding subclass S of certain coordinate points, the output of key generating portion with corresponding to the corresponding set key of the subclass S of this coordinate points k (S) and coordinate points S1, S2 on the head of the directed edge that tail is arranged on the coordinate points S ..., intermediate key t (S1), the t (S2) of Sk ..., t (Sk).

29. according to the described information process unit of claim 27, wherein,

30., further comprise according to the described information process unit of claim 27:

Initial intermediate key is provided with part, is used for given random number is arranged to and the corresponding intermediate key of the afterbody of each directed graph.

31., further comprise according to the described information process unit of claim 27:

32., further comprise according to the described information process unit of claim 31:

Translator unit is used for the interior perhaps content key that encryption section is encrypted is sent to respectively some or all terminal units that are associated with the leaf node 1～n that constitutes given binary tree, and wherein n is a natural number.

33., further comprise according to the described information process unit of claim 32:

The subclass determining section, be used for the subset definition of leaf node 1～n is become Si, determine to allow deciphering to use the set (N R) of the terminal unit of the content of gathering key or content key encryption, and determine to satisfy set (N R)={ S1 ∪ S2 ∪ ... the m of ∪ Sm} subclass S1～Sm.

34. according to the described information process unit of claim 33, wherein,

35. according to the described information process unit of claim 32, wherein,

36., further comprise according to the described information process unit of claim 27:

Decryption portion is used for using in the set secret key decryption perhaps content key.

37., further comprise according to the described information process unit of claim 36:

With the receiving unit that the one or more leaf node 1～n that constitute given binary tree are associated, be used to receive the interior perhaps content key that uses the set secret key encryption, wherein n is a natural number.

38. according to the described information process unit of claim 37, wherein,

39. an information process unit comprises:

Directed graph obtains part, is used for obtaining by at the interim directed graph of being made up of many directed edges, stays the central longer directed edge of many directed edges that constitutes interim directed graph and the directed graph that generates; With

40. an information process unit of handling interim directed graph, interim directed graph is for given integer k, according to satisfying n ^(x-1)/k＜(rv-lv+1)≤n ^X/kNatural number x, spread length is n on first to the 4th horizontal axis ^I/k(i=0,1 ..., x-1) many directed edges form,

In by n the leaf node of assigned number 1～n (n is a natural number), root node and binary tree that a plurality of intermediate nodes different with root node and leaf node are formed, wherein, in a plurality of leaf nodes lower than certain intermediate node v or certain root node v, the number that is assigned to the leaf node that is positioned at left end is defined as lv, and the number that will be assigned to the leaf node that is positioned at right-hand member is defined as rv

For natural number i and j (i≤j), suppose to gather (i → j) be expressed as i}, and i, i+1} ..., i, i+1 ..., j-1, j}}, and will gather (i ← j) be expressed as j}, j, j-1} ..., j, j-1 ..., i+1, i}},

Be provided be associated with root node and contain respectively be included in set (subclass in 1 → n) is associated and is arranged in first horizontal axis of the coordinate points on the horizontal axis with the degree of comprising of from left to right increase,

Be provided be associated with root node and contain respectively be included in set (subclass in 2 ← n) is associated and is arranged in second horizontal axis of the coordinate points on the horizontal axis with the degree of comprising of increase from right to left,

For each intermediate node,

Be provided be associated with certain intermediate node v and contain respectively be included in set (subclass among the lv → rv-1) be associated and with the degree of comprising of from left to right increase be arranged in the coordinate points on the horizontal axis the 3rd horizontal axis and

Be provided be associated with certain intermediate node v and contain respectively be included in set (subclass among the lv+1 ← rv) is associated and is arranged in the 4th horizontal axis of the coordinate points on the horizontal axis with the degree of comprising of increase from right to left,

This information process unit comprises:

Interim directed graph obtains part, is used to obtain interim directed graph;

The directed graph generating portion is used for generating directed graph by staying the longer directed edge in the middle of many directed edges that constitute the interim directed graph that interim directed graph acquisition unit branch obtains; With

41. an information process unit comprises:

Tree structure is provided with part, is used for n the leaf node of configuration by assigned number 1～n (n is a natural number), the binary tree that root node and a plurality of intermediate nodes different with root node and leaf node are formed is for natural number i and j (i≤j), to gather (i → j) be defined as { { i}, { i, i+1}, ..., { i, i+1, ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, j, j-1} ..., { j, j-1 ..., i+1, i}}, with in a plurality of leaf nodes lower, the number that is assigned to the leaf node that is positioned at left end is arranged to lv, and the number that will be assigned to the leaf node that is positioned at right-hand member is arranged to rv than certain intermediate node v or certain root node v;

Reference axis is provided with part, is used for

Be associated with root node and contain respectively be included in set (subclass in 2 ← n) is associated and is arranged in second horizontal axis of the coordinate points on the horizontal axis with the degree of comprising that increases from right to left,

For each intermediate node,

Be associated with certain intermediate node v and contain respectively be included in set (subclass among the lv → rv-1) be associated and with the degree of comprising that from left to right increases be arranged in the coordinate points on the horizontal axis the 3rd horizontal axis and

Be associated with certain intermediate node v and contain respectively be included in set (subclass among the lv+1 ← rv) is associated and is arranged in the 4th horizontal axis of the coordinate points on the horizontal axis with the degree of comprising that increases from right to left,

Place each on the right side of the coordinate points that is positioned at the 3rd horizontal axis right-hand member be positioned at two interim coordinate points on the left side of coordinate points of the second and the 4th horizontal axis left end, and

The coordinate points that will be positioned at the first horizontal axis right-hand member is arranged to the first interim coordinate points and the second interim coordinate points is placed on the right of the first interim coordinate points; With

The directed graph generating portion is used for

Generate as follows respectively with set (1 → n-1), set (2 ← n), set (lv+1 → rv) and gather (directed graph that lv ← rv-1) is relevant:

Given integer k is set,

N is satisfied in calculating ^(x-1)/k＜(rv-lv+1)≤n ^X/kInteger x and

For among integer i=0～x-1 each,

By coupling length is n ^I/kOne or more directed edge to the right, be formed on the directed walk that tail is arranged on the most left coordinate points on the first and the 3rd horizontal axis,

By coupling length is n ^I/kOne or more directed edge left, be formed on the directed walk that tail is arranged on the rightest coordinate points on the second and the 4th horizontal axis,

Eliminating has tail or all directed edges of head is arranged on the interim coordinate points on each root of first to the 4th horizontal axis, and

Get rid of the directed edge of each coordinate points on arriving first to the 4th horizontal axis except the longest directed edge other directed edge and

By will have on the first interim coordinate points on first horizontal axis length of head be that 1 directed edge adds with set and (in 1 → n-1) the relevant directed graph, generates and gather (1 → n) relevant directed graph.

42., comprise according to the described information process unit of claim 41:

43. according to the described information process unit of claim 42, wherein,

In response to about with directed graph in the input of intermediate key t (S) of the corresponding subclass S of certain coordinate points, the output of key generating portion with corresponding to the corresponding set key of the subclass S of this coordinate points k (S) and coordinate points S1, S2 on the head of the directed edge that tail is arranged on the coordinate points S ..., intermediate key t (S1), the t (S2) of Sk ..., t (Sk).

44. according to the described information process unit of claim 42, wherein,

45. a terminal unit comprises:

The key generating portion is used for the set key according to directed graph generation decryption content or content key, and wherein, directed graph generates as follows:

Configuration is by n the leaf node of assigned number 1～n (n is a natural number), the binary tree that root node and a plurality of intermediate nodes different with root node and leaf node are formed is for natural number i and j (i≤j), will gather (i → j) be defined as { { i}, i, i+1} ..., i, i+1 ..., j-1, j}, and will gather (i ← j) be defined as { { j}, { j, j-1} ..., { j, j-1, ..., i+1, i}}, with in a plurality of leaf nodes lower than certain intermediate node v or certain root node v, the number that is assigned to the leaf node that is positioned at left end is arranged to lv, and the number that will be assigned to the leaf node that is positioned at right-hand member is arranged to rv

For each intermediate node,

Place each on the right side of the coordinate points that is positioned at the 3rd horizontal axis right-hand member be positioned at two interim coordinate points on the left side of coordinate points of the second and the 4th horizontal axis left end,

The coordinate points that will be positioned at the first horizontal axis right-hand member is arranged to the first interim coordinate points and the second interim coordinate points is placed on the right of the first interim coordinate points,

Given integer k is set,

N is satisfied in calculating ^(x-1)/k＜(rv-lv+1)≤n ^X/kInteger x and

For among integer i=0～x-1 each,

46., further comprise according to the described terminal unit of claim 45:

Decryption portion is used for using set secret key decryption encrypted content or encrypted content key.

47. according to the described terminal unit of claim 45, wherein,

In response to about with directed graph in the input of intermediate key t (S) of the corresponding subclass S of certain coordinate points, the output of key generating portion with corresponding to the corresponding set key of the subclass S of this coordinate points k (S) and with the corresponding subclass S1 of coordinate points, S2 on the head of the directed edge that tail is arranged on the coordinate points S ..., intermediate key t (S1), the t (S2) of Sk ..., t (Sk).

48. according to the described terminal unit of claim 45, wherein,

49. according to the described terminal unit of claim 46, wherein,

50. according to the described terminal unit of claim 45, wherein,

Be defined by in the subclass of leaf node 1～n of tree under the situation of Si and

When the set of the terminal unit of the content of having determined to allow deciphering to use set key or content key encryption (N R), determine to satisfy set (N R)={ S1 ∪ S2 ∪ ... the m of ∪ Sm} subclass S1～Sm, and receive the information of indication set (N R) or indication constitute set (N R) subclass S1～Sm information and

Terminal unit comprises the judgement part, is used for judging according to reception information whether terminal unit belongs to the some of subclass S1～Sm, and judges whether allow the enabling decryption of encrypted content according to result of determination.

51. according to the described terminal unit of claim 49, wherein,

When judging that terminal unit belongs to subclass S1～Sm some, decryption portion use with terminal unit under the corresponding set secret key decryption of subclass in content key perhaps.

52. an information processing method comprises:

The directed graph obtaining step is used for obtaining by at the directed graph of being made up of many directed edges, stays the central longer directed edge of many directed edges that constitutes interim directed graph and the directed graph that generates; With

Key generates step, and the directed graph that is used for obtaining according to directed graph acquisition unit branch generates the set key of encryption or decryption content or content key.

53. an information processing method of handling interim directed graph, interim directed graph is for given integer k, according to satisfying n ^(x-1)/k＜(rv-lv+1)≤n ^X/kNatural number x, spread length is n on first to the 4th horizontal axis ^I/k(i=0,1 ..., x-1) many directed edges form,

For natural number i and j (i≤j), suppose to gather (i → j) be expressed as i}, and i, i+1} ..., i, i+1 ..., j-1, j}, and will gather (i ← j) be expressed as j}, j, j-1} ..., j, j-1 ..., i+1, i}},

For each intermediate node,

This information processing method comprises:

Interim directed graph obtaining step is used to obtain interim directed graph;

Directed graph generates step, is used for generating directed graph by staying the longer directed edge in the middle of many directed edges that constitute the interim directed graph that interim directed graph acquisition unit branch obtains; With

Key generates step, is used for generating according to directed graph the set key of encrypted content or content key.

54. an information processing method comprises:

Tree structure is provided with step, is used for

Configuration is by n the leaf node of assigned number 1～n (n is a natural number), the binary tree that root node and a plurality of intermediate nodes different with root node and leaf node are formed is for natural number i and j (i≤j), will gather (i → j) be defined as { { i}, i, i+1} ..., i, i+1 ..., j-1, j}, and will gather (i ← j) be defined as { { j}, { j, j-1}, ..., { j, j-1, ..., i+1, i}} and in a plurality of leaf nodes lower than certain intermediate node v or certain root node v, the number that is assigned to the leaf node that is positioned at left end is arranged to lv, and the number that will be assigned to the leaf node that is positioned at right-hand member is arranged to rv;

Reference axis is provided with step, is used for

For each intermediate node,

Directed graph generates step, is used for

Given integer k is set,

N is satisfied in calculating ^(x-1)/k＜(rv-lv+1)≤n ^X/kInteger x and

For among integer i=0～x-1 each,

55. a key generation method comprises:

Key generates step, is used for generating according to directed graph the set key of decryption content or content key, and wherein, directed graph generates as follows:

For each intermediate node,

Given integer k is set,

N is satisfied in calculating ^(x-1)/k＜(rv-lv+1)≤n ^X/kInteger x and

For among integer i=0～x-1 each,