CN102415049A - Encryption key generation device - Google Patents

Abstract

The invention relates to an encryption key generation device which has resistance against conspiratorial attacks and generates an encryption key having a reduced length and adapted to each scalability layer. In the encryption key generation device (400), a master key (K2,2) captured by an input means (450) is temporarily recorded in a recording means (470). A matrix generation means (462) generates key element matrices (M1 to M3) for keys (eR2, eR1, eR3) into which a key dividing means (461) divides the master key (K2,2). A hashing operation using a one-way hash function is repeated, and the resultant data is assigned to the coordinate components of the key element matrices (M1 to M3) in order to maintain the hierarchy of the scalability (L). Based on the key element matrices (M1 to M3), a key generation means (463) generates partial keys (K1,1 to K2,2) corresponding to the layers of the scalability (R, L). The partial keys (K1,1 to K2,2) are output by an output means (480) to an encoding means (410) or a decoding means (420).

Description

Encryption key generating means

Technical field

The present invention relates to a kind of device that generates encryption key; Be used to the numeral with multiple stratum extensibility is carried out digital coding (encryption) and decoding (remove encrypt), relate in particular to a kind of device that generates the corresponding respectively part key of stratum's data unit in each extensibility (below be called the part key) automatically.

Background technology

In recent years, along with popularizing of the service of the information communication through network, the other side of uncertain quantity is carried out the service that data transmit, for example, the delivery service of image digital codes such as (frame data that comprise dynamic image) also increases gradually.Follow in this, the resist technology of numerical data also need be sought higher function in this network environment (communication system).

Generally speaking, the digital picture that is encoded etc. is that determined quality (distortion factor, resolution, color performance etc.) is decoded when utilizing coding.Yet; Because the variation of the variation of communication path, the variation of communication terminal, signal dispensing etc.; Need seek through the part of the row of will encoding decode and can with the picture decoding of the different quality of determined quality of when coding, that is, and extensibility.Corresponding to the requirement of extensibility, for example among the JPEG 2000 (Joint Photographic Experts Group 2000) as the international standard of image compression, provide a kind of with yardsticks such as resolutions and the extensibility of form a social stratum.In addition, in the different Data Protection technology of this stratum protection quality, be positioned at each data unit of each stratum to each extensibility, general other a part key that uses is decoded.

In addition, as this numerical data resist technology, for example known patent documentation 1-2 and non-patent literature 1-3.

Non-patent literature 1 discloses a kind of technology, for the numerical data with stratum's extensibility, generates the part key corresponding to the data unit of the next stratum through utilizing uni-directional hash (Hash) function from a master key.In addition, non-patent literature 2 discloses a kind of technology of sequence independence of flow data of problem of and non-patent literature 1.Moreover above-mentioned non-patent literature 3 discloses a kind of technology of opposing assault of the problem that improves non-patent literature 1.

In addition, so-called assault is meant through between a plurality of users, sharing the multiple encryption key corresponding to the different rank order of each extensibility, realizes the behavior with the quality reproduced picture higher than the quality that allows in advance.

The prior art document

Patent documentation

Patent documentation 1: Japanese Patent Laid is opened the 2004-312740 communique

Patent documentation 2: Japanese Patent Laid is opened the 2003-204321 communique

Non-patent literature

Non-patent literature 1:Y.Wu, D.Ma, and R.H.Deng, " Progressive protection of JPEG 2000 condestreams. " In Proc.IEEE ICIP, pp.3447-3450,2004

Non-patent literature 2:M.Fuhiyoshi, S.Imaizumi, and H.Kiya; " Encryption of composite multimedia contents for access control, " IEICE Trans.Fundamentals, Vol.E90-A; No.3, pp.590-596, March 2007

Non-patent literature 3: the auspicious son of modern spring, Teng Ji are just bright, the refined people of peace portion, your family's benevolence will, and " encryption method of the stratum of JPEG 2000 coded images of anti-assault " letter is learned SIP seminar, 2006

Inventors etc. inquire into the back in detail to existing data protection technology and find following problem.Promptly; Under the situation of the different numerical data of stratum character ground protection quality; According to every kind of extensibility difference managing cryptographic keys (part key), or, use other part key to encrypt (coding) according to each data unit that is positioned at each stratum about each extensibility.

Particularly; Under the situation of management with other part key that data unit was generated, along with stratum's number increases, not only the number of keys as management object increases; In order to keep hacker's repellence; Must guarantee sufficient key length, along with the stratum in each extensibility increases, it is many that total key length significantly becomes.

On the contrary; Under the situation of a master key generation corresponding to the part key of each data unit, owing to need the only master key of partitioning portion number of keys, like non-patent literature 3; In case when the part key number increases, must shorten the length of the part key that generates respectively.In this case, can't guarantee sufficient hacker's repellence.

Summary of the invention

The present invention accomplishes in order to solve above-mentioned problem; Its purpose is to provide a kind of encryption key generating means; To assault towards numerical data with stratum's extensibility; Generation can guarantee abundant repellence encryption key, and tremendous reduce the key length that corresponding encryption key is distinguished by each extensibility stratum.

Encryption key generating means of the present invention be a kind of applicable to communication system (below; Be called delivery system) device; The delivery service of the numerical data with multiple (>=2) stratum extensibility is provided; To meet be positioned at the most the next stratum among the stratum of the grade of service signed in advance the part key as master key; Generation to this numerical data encode and decode the encryption key that utilized (among each of extensibility, be positioned at stratum than master key be the upper pairing part set of keys of each stratum).Particularly; In the delivery system that this encryption key generating means was suitable for; Except multimedia image delivery system such as the package coding row of the JPEG 2000 of the international standard of using image compression or the video conference system, also comprising provides the communication system that flows the signal delivery service.This encryption key generating means possesses input unit, memory cell, key cutting unit, matrix generation unit, key generation unit, reaches output unit; Is to each extensibility as dispensing with the coding of numerical data and the encryption key that decoding utilized, and generates the part key that is positioned at each upper stratum according to dependency and from master key.Therefore, can carry out access control simultaneously to a plurality of extensibilities in the single coding row.

Particularly, in encryption key generating means of the present invention, input unit is obtained predefined encryption key (part key), and the encryption key of obtaining through this input unit temporarily is stored in memory cell as master key.This master key is to each extensibility, meets among the stratum of the grade of service of being permitted in the communication system (delivery system) that the data distribution service is provided, and is positioned at the most the next part key.In addition, the master key stored from memory cell of key cutting unit generates Split Key.Then, as minimum treat unit, this encryption key generating means generates and the stratum data unit corresponding part key of two kinds of extensibilities being selected among each.That is, the matrix generation unit generates the key salt matrices corresponding with each Split Key that is generated through the key cutting unit.Thereby the key generation unit carries out combining to generate the corresponding part key of each stratum by the composition of the key salt matrices that generates through the matrix generation unit.Moreover output unit exports in the encoding and decoding that carries out numerical data the part key that is generated by the key generation unit in the above-mentioned minimum treat unit to any device, for example coding unit, decoding unit etc. at least.The key salt matrices is each stratum according to a kind of extensibility, based on generating corresponding to the Split Key of each stratum.In addition, each key salt matrices is stipulated each component coordinate according to each stratum's value (being equivalent to rank order) of two kinds of extensibilities, and thus, the data unit and the coordinate of each stratum in each matrix composition and the two kinds of extensibilities are corresponding.In addition, this encryption key generating means is characterised in that: generate corresponding to the part key that is positioned at each upper stratum from unique master key of managing according to dependency.Thereby; Remove when encrypting also identical; Generate corresponding to the part key that is positioned at each upper stratum from the possession from master key; For example, among multimedia delivery service etc., only for the decoding key of the next package among the package group that allowed to disclose be distributed to user's (contractor of signal delivery service).In this case, give with decoding key itself become the master key that the memory cell of this encryption key generating means is stored, be each the most the next stratum corresponding to each extensibility stratum of this master key.

As the master key that is stored unit storage is among each of the 1st and the 2nd extensibility selected as the multiple extensibility that numerical data had of coded object, is positioned at the encryption key that encoding and decoding utilized of the most the next stratum's data unit among the stratum of the grade of service that meets in the delivery system to be permitted.Opposite, will wait the decoding key that obtains to be made as under the situation of master key through dispensing, the stratum of each extensibility that will be corresponding with this master key is made as the most the next stratum respectively.Cut apart this master key by the key cutting unit with stratum's number of the 1st extensibility that sets as the benchmark extensibility among the 1st and the 2nd extensibility, thereby generate the Split Key corresponding with each stratum of the 1st extensibility.

Make respectively the data unit coordinate of each stratum in the key salt matrices that generates and the 1st and the 2nd extensibility corresponding based on Split Key by the matrix generation unit.In addition; In the generation based on a key salt matrices that Split Key generated among the resulting Split Key; To the stratum in pairing the 1st extensibility of this Split Key at least and each pairing coordinate composition of the most the next stratum from the 2nd extensibility to upper stratum, distribute the operational data that hash operations obtained successively through this Split Key that repeats to utilize one-way hash function.Thus, the stratum character of the 2nd extensibility is kept.

Then, the key generation unit is through combining to generate the part key corresponding to the data unit of each stratum in the 1st and the 2nd extensibility by the consistent key key element of coordinate between the key salt matrices that each Split Key generated.That is, the key generation unit generates the part key of data unit of the upper stratum of the stratum that being used to encodes or decode contains master key by each this data unit.According to this structure, the stratum character of the 1st extensibility is also kept.

In addition, in key generating device of the present invention, the preferred key cutting unit selects the few extensibility of the stratum's number among the 1st and the 2nd extensibility as above-mentioned benchmark extensibility.In the case, become and be difficult to receive the influence that a part of extensibility stratum number increases.

In addition; The matrix generation unit; Composition information as the key salt matrices that generates based on a Split Key among the Split Key; To being equivalent to than the stratum in pairing the 1st extensibility of this Split Key is to be positioned at the next stratum and from each coordinate composition of the most the next stratum to the upper stratum of the 2nd extensibility; Distribute and the identical operational data of the resulting successively operational data of stratum that is directed against this Split Key; On the other hand; To being equivalent to than the stratum in pairing the 1st extensibility of this Split Key is to be positioned at upper stratum and to distribute following operational data from all coordinate compositions of the most the next stratum to the upper stratum of said the 2nd extensibility, promptly to the key key element of the upper stratum of the 2nd extensibility among the key key element of this pairing stratum of Split Key, utilize one-way hash function to carry out the resulting operational data of hash operations.

As stated, encryption key generating means of the present invention is different with the existing encryption key generation technique that must prepare a plurality of coding row and master key according to progressive order, does not receive the restriction of the progressive order of coding row.In addition, encryption key generating means of the present invention is to generate the encryption key (part key) corresponding to the stratum of each data unit from the possession from master key, for a plurality of extensibilities in the single coding row, access control simultaneously.Thus, the amount of information of coding row and the encryption key (master key) managed is lowered, can effectively be improved the management of digital code or encryption key, the stability in the signal dispensing by leaps and bounds.

Moreover; Encryption key generating means of the present invention; Numerical data as coded object has under the situation of the extensibility more than three kinds; From this extensibility more than three kinds, select two kinds of extensibilities, to all combinations of two kinds of extensibilities being selected, through carrying out above-mentioned minimum treat unit (key that carries out through matrix generation unit and key generation unit generates action); To each extensibility, generate the pairing part key of each data unit (being used for the coding and the decoding of the pairing data unit of each several part key) of each upper stratum of the stratum of containing master key.

That is, the matrix generation unit to all combinations of two kinds of extensibilities, generates the part key salt matrices of each combination.At this moment, the matrix generation unit also generates stratum's table of all combinations of the stratum's value in the multiple extensibility of expression.This stratum table is according to the combination of stratum's value and coordinates table reveals the part key matrix of the pairing part key of the data unit of each stratum's value in the multiple extensibility as composition.In addition, from then on the kind of this stratum table expression extensibility and the corresponding relation of stratum's value can specific the relation and make up the composition of the part key matrix that is generated to all of extensibility.

So; The key generation unit; To all combinations of the value of the stratum in the stratum table, according to the kind of two stratum's values among the stratum's value that constitutes a combination and extensibility give specific, combine to be directed against two kinds of extensibilities all make up each composition of the part key salt matrices that generated.Like this, each key element of being combined of combination of stratum's value is to keep the composition of the part key salt matrices under this state.Thereby, by the key generation unit through combining each pairing composition according to stratum table from various piece key salt matrices, generate successively with multiple extensibility in the corresponding pairing part key of data unit of each stratum.In addition, output unit exports in the coding that carries out numerical data and the decoding part key that is generated to any device at least, for example, exports coding unit or decoding unit to.

About to the coding with numerical data of stratum's extensibility more than three kinds and the generation of the encryption key that decoding utilized, and compare through the encryption key that above-mentioned encryption key generating means generated, can further improve repellence to assault.

Particularly; Input unit; Be used to obtain encryption key; This encryption key is in each of the extensibility more than three kinds; Meet the encryption key that encoding and decoding utilized that is positioned at the data unit of the most the next stratum in the stratum of the grade of service that communication system permits, the encryption key that memory cell will obtain through input unit is stored (will be through under the situation of the resulting decoding key of dispensing as master key, will corresponding to each stratum of each extensibility of this master key as the most the next stratum) as master key.At this moment, the key cutting unit is also selected the 1st and the 2nd benchmark extensibility from the extensibility more than three kinds.The 1st benchmark extensibility is the extensibility that is used for generating from the master key that memory cell is stored Split Key; The key cutting unit is cut apart master key with stratum's number of the 1st benchmark extensibility, thereby generates the Split Key corresponding to each stratum of the 1st benchmark extensibility.Here, the 2nd benchmark extensibility is the extensibility of computing direction that is used for the hash operations of regulation utilization such as above-mentioned one-way hash function.

In this key generating device; The matrix generation unit is to each stratum of other each extensibilities beyond the 1st and the 2nd benchmark extensibility among the extensibility more than three kinds; Whenever corresponding to a succession of computing of each stratum of the 1st benchmark extensibility, generate multidimensional key salt matrices with this value of stratum among extensibility institute coordinate performance more than three kinds.Therefore, if represent the quantity of extensibility, from less and successively with N with S ₁, N ₂..., N _I-1, N _iN counts in the stratum that representes each extensibility _k(k=1,2,3 ..., i-1 in the time of i), for utilizing the represented total package number of following mathematical expression (1), is represented by following mathematical expression (2) through the multidimensional key salt matrices number that this matrix generation unit is generated.

(mathematical expression 1)

$\underset{i=1}{\overset{S}{\mathrm{\Π}}}{N}_i......\left(1\right)$

(mathematical expression 2)

$\underset{i=1}{\overset{S-1}{\mathrm{\Π}}}{N}_i......\left(2\right)$

Particularly; The matrix generation unit; As the composition information of the multidimensional key salt matrices that generates in each; To the stratum in pairing the 1st benchmark extensibility of a Split Key among the Split Key that is generated at least and each pairing coordinate composition of the most the next stratum to the upper stratum from the 2nd benchmark extensibility, distribute the hash operations of this Split Key through repeating to utilize one-way hash function and the operational data that obtains successively.Thus, in resulting multidimensional key salt matrices, keep the stratum character of the 2nd benchmark extensibility at least.

Then; The key generation unit; To each each stratum of other extensibilities beyond the 1st and the 2nd benchmark extensibility; For whenever among each, being bonded to each other, generate the pairing part key of data unit of each stratum in the multiple extensibility through the composition that coordinate is consistent corresponding to the multidimensional key salt matrices that a succession of computing generated of each stratum of the 1st benchmark extensibility.Promptly; Resulting multidimensional key salt matrices; To each each stratum of other extensibilities beyond the 1st and the 2nd benchmark extensibility; In order to generate each stratum of the 1st benchmark extensibility, from resulting multidimensional key salt matrices to the final part key matrix that generates, also keep the stratum character of the 1st benchmark extensibility.

Here; Each stratum to each extensibility except the 1st and the 2nd extensibility; As whenever corresponding to each composition information of the multidimensional key salt matrices that a succession of computing generated of each stratum of the 1st benchmark extensibility; Be positioned at the next stratum and from each coordinate composition of the most the next stratum to the upper stratum of the 2nd extensibility to being equivalent to each stratum of more pairing these other extensibilities and the 1st benchmark extensibility, distribute the identical operational data of operational data that is dispensed to a Split Key of this pairing the 1st benchmark extensibility stratum with use and obtains successively.On the other hand; Be positioned at upper stratum and distribute following operational data being equivalent to each stratum of more pairing other extensibilities and the 1st benchmark extensibility from each all coordinate compositions of the most the next stratum to the upper stratum of the 2nd benchmark extensibility, promptly to the key key element of the upper stratum of the 2nd benchmark extensibility among the key key element of this pairing stratum of Split Key, utilize the resulting operational data of hash operations of one-way hash function.

Output unit exports in the coding that carries out numerical data and the decoding part key that generates through the key generation unit in the above-mentioned minimum treat unit to any device, for example coding unit, decoding unit etc. at least.

In addition, various embodiments of the present invention become and can more make much of through the following diagram that detailed description added.This embodiment is for the example shown in the simple example, and non-limiting example of the present invention.

In addition, further range of application of the present invention becomes clear and definite through following detailed description.Yet detailed explanation and specific example are represented suitable embodiment of the present invention, but only are used for for example.For a person skilled in the art, can learn distortion miscellaneous and improvement in the scope of the invention from following detailed explanation.

As stated; According to the present invention; Generate the part key that is positioned at upper stratum owing to utilize one-way hash function from the possession from master key; Therefore by the rank order of each extensibility the specific pairing part key of a data unit, can't be positioned at the pairing part key of upper data unit from the stratum of any extensibility and generate.Thereby can prevent hacker attacks.In addition, the extensibility that is combined into access control object owing to per two kinds of extensibilities generates the part key, can lower the key length of the part key that is generated.

Description of drawings

Fig. 1 is the figure that the summary of the delivery system of the expression numerical data that is suitable for encryption key generating means of the present invention constitutes.

Fig. 2 is the figure that the middle each several part of messaging device (delivery server or PC) of the part of expression formation delivery system shown in Figure 1 constitutes.

Fig. 3 is the concept map that is used for explaining the data structure of numerical data with multiple stratum extensibility (as the numerical data of the dispensing object of delivery system shown in Figure 1).

Fig. 4 is the concept map that is used to explain progressive order.

Fig. 5 is the figure of each data unit (each package that is equivalent to JPEG 2000) that shows the numerical data of 3 stratum's extensibilities with two kinds and the part key corresponding with this data unit rectangularly.

Fig. 6 is the logic diagram that is used for explaining the data distribution action of the numerical data delivery system (Fig. 1) that is suitable for encryption key generating means of the present invention.

Fig. 7 is the logic diagram that is used to explain encryption key generating means structure of the present invention.

Fig. 8 is used for explaining that the performed encryption key of the 1st embodiment of encryption key generating means of the present invention generates the concept map of action.

Fig. 9 is used to explain that the matrix generation unit of the encryption key generating means through the 1st embodiment generates the concept map of key salt matrices.

Figure 10 is used for explaining that the performed encryption key of the 2nd embodiment of encryption key generating means of the present invention generates the concept map of action.

Figure 11 is used to explain that the matrix generation unit of the encryption key generating means through the 2nd embodiment generates the concept map of key salt matrices.

Figure 12 is used to explain that the performed encryption key of the 3rd embodiment of encryption key generating means of the present invention generates the concept map of action.

Figure 13 is used to explain that the matrix generation unit of the encryption key generating means through the 3rd embodiment generates the concept map of key salt matrices.

Figure 14 is the concept map that is used to explain the generation (performed encryption key generates action as the 4th embodiment of encryption key generating means of the present invention) to the part key of the numerical data with stratum's extensibility more than three kinds.

Figure 15 is stratum's table of being generated of the matrix generation unit of the encryption key generating means of expression through the 4th embodiment, and the figure of the coordinate corresponding relation of part key salt matrices and part key matrix.

Figure 16 is the figure that is used to explain the corresponding relation between the key element of part key salt matrices that the matrix generation unit of the encryption key generating means through the 4th embodiment generates and part key matrix.

Figure 17 is used for explaining as the three-dimensional matrice of the stereo representation example of each coordinate composition configuration of multidimensional part key matrix and multidimensional part key salt matrices and makes the performed encryption key of the 4th embodiment generate the figure that the general encryption key of action generates the assign action of the Split Key in (Figure 14).

Figure 18 generates in the general encryption key generation of action the performed encryption key of the 4th embodiment, uses the three-dimensional matrice pair key key element corresponding with each stratum of extensibility L, R of stereo representation to generate the figure that step is done explanation.

Figure 19 generates in the general encryption key generation of action the performed encryption key of the 4th embodiment, uses the three-dimensional matrice pair key key element corresponding with each stratum of extensibility R, C of stereo representation to generate the figure that step is done explanation.

Figure 20 generates in the general encryption key generation of action the performed encryption key of the 4th embodiment, uses the three-dimensional matrice pair key key element corresponding with each stratum of extensibility L, C of stereo representation to generate the figure that step is done explanation.

Figure 21 is used for explaining that the performed encryption key of the 5th embodiment of encryption key generating means of the present invention generates action, generates the figure of an example of the key cutting unit action of Split Key from master key.

Figure 22 is used to explain that multidimensional key salt matrices that the matrix generation unit of the encryption key generating means through the 5th embodiment carries out generates the figure of step (generation of the multidimensional key salt matrices group corresponding with the most the next stratum of other extensibilities C beyond benchmark extensibility L, the R).

Figure 23 is used to explain that multidimensional key salt matrices that the matrix generation unit of the encryption key generating means through the 5th embodiment carries out generates the figure of step (with the generation of the multidimensional key salt matrices group corresponding than the stratum of only upper 1 stratum of the most the next stratum of other extensibilities C beyond benchmark extensibility L, the R).

Figure 24 is used to explain that multidimensional key salt matrices that the matrix generation unit of the encryption key generating means through the 5th embodiment carries out generates the figure of step (generation of the multidimensional key salt matrices group corresponding with the upper stratum of other extensibilities C beyond benchmark extensibility L, the R).

Embodiment

Following each embodiment that specifies encryption key generating means of the present invention with reference to Fig. 1-Figure 24.In addition, in the explanation of figure same area and identical element be marked with same numeral and omit the explanation of repetition.

Employed encryption key when encryption key generating means generation of the present invention is encoded and decoded the numerical data with multiple stratum extensibility.In addition, in each embodiment,,, be that the pairing part key of each package coding row of JPEG 2000 generates action and explains for the international standard of image compression as the concrete example of numerical data with stratum's extensibility for simply.In addition, JPEG 2000 can invest priority to the kind of extensibility.This shows as the formation order (progressive order) that data unit is a package in proper order in the coding row.As the key element of this progressive order of decision, layer (L), resolution levels (R), component (C) and position (P) these 4 kinds of extensibilities are arranged.

Fig. 1 is the figure that the summary of the delivery system of the expression numerical data that is suitable for encryption key generating means of the present invention constitutes.Delivery system shown in Figure 1 provides the delivery service of the numerical data with stratum's extensibility, and except image delivery system or the two-way television conference system, also comprises the communication system that the flow data delivery service is provided.In addition; This delivery system cording is equipped with: wired or wireless network 300, a plurality of information processing terminals such as for example personal computer (below be called PC) 200 and the delivery server 100 that are connected with this network 300 respectively, PC 200 and delivery server 100 are the states that can contain the multi-media bidirectional communication of numerical data through network 300 mutually.Delivery server 100 managed storage are useful on the database (below be called D/B) 110 of the pre-prepd multiple numeric data code of delivery service, and this database 110 is as external memory.Between each PC 200 and delivery server 110, signed contract in advance about the delivery service of numerical data; When in a single day delivery server 110 is accepted from the signal dispensing request of PC 200, the numerical data of the pairing image quality of the grade of service of then sending and signing in advance.

In addition, Fig. 2 representes to constitute the structure part of above-mentioned delivery system, messaging device such as delivery server 100 and PC 200.Particularly, among Fig. 2, (a) formation of expression delivery server 100 or PC 200, (b) logical constitution of the D/B 110 that managed of expression delivery server 100.

Promptly; Shown in Fig. 2 (a), delivery server 100 or PC 200 possess: carry out with the input-output unit of the data transmit-receive of other messaging devices (below be called I/O) 210, carry out the operational part 220 of various operation programs 231, the input-output unit (below be called I/O) 240 that generates the drawing section 250 of video data and be used for carrying out with various ancillary equipment data processing as the memory 230 of the memory cell of this operation program of storage or data, according to the control of operational part 220 through network 300.In addition, show the video data that drawing section 250 is generated in the monitor 251.In addition, the D/B that delivery server 100 managed 110 external memories such as grade 270, be connected in I/O 240 as the keyboard 260 and the indicating equipment of input unit.

It is among the D/B 110 that Contract Information Form 110a, key management table 110b and dispensing are stored in the external memory that delivery server 100 managed in advance with digital data sets 110c.In addition, in Contract Information Form 110a, be that user's (contractor) sets up corresponding with the grade of service of this treaty content of reflection with the operator of PC 200.In key management table 110b,, set up corresponding with the part key (master key) that is used for this digital code is encoded institute's stored numbers data among the D/B 110 (the various digital codes that delivery service is used) by every user (contractor).

Fig. 3 is the concept map that is used for explaining the data structure of the numerical data (for delivery system shown in Figure 1 numerical data as the dispensing object) with multiple stratum extensibility.In addition, Fig. 3 representes the decoding pattern of the package coding row of the JPEG 2000 of (situation of shading image) when being restricted to only layer (L) and resolution levels (R) as the extensibility of access control object in the extensibility of for example JPEG 2000.Particularly, among Fig. 3, N counts in the stratum of layer (extensibility L) _LBe 3, the stratum of resolution levels (extensibility R) counts N _RBe 3.Layer is so-called image quality layer, (the Signal/Noise Ratio: the arithmetic coding data of digital picture signal noise ratio) of the SNR when referring to corresponding to image regeneration.Because the high more information of the influence of image quality is contained in the upper layer more, therefore pass through data to the data supplementing lower layer of upper layer, the quality of reproduced picture is improved.

Among this Fig. 3, P _{I, j}(i=0 ..., N _L-1; J=0 ..., N _R-1; I is stratum's numbering of extensibility L; J is the stratum numbering of extensibility R) JPEG 2000 packages of expression with image information.If with Q _{L, R}When representing JPEG 2000 coded images of certain quality, in order to obtain Q _{L, R}, the package P that need be surrounded to the frame A of Fig. 3 _{I, j}(i=0 ..., L; J=0 ..., R) all decode.Here, for the regular regeneration image, the package P that is decoded _{I, j}Must all remove and encrypt.Thereby, in order in access control, to keep stratum character, need be to package P _{I, j}Carry out individual, encrypted.

Among the above-mentioned JPEG 2000, progressive order has these 5 kinds of LRCP, RLCP, RPCL, PCRL and CPRL, begins preferential successively from the key element of each beginning.Fig. 4 is a concept map, is used to explain the progressive order of the priority when expression is decoded to JPEG shown in Figure 3 2000 packages coding row.Especially, in Fig. 4, be that decoding order is to make extensibility L (layer) be the progressive order of prepreerence LRCP (a), (b) be decoding order is the progressive order that makes the prepreerence RLCP of extensibility R (resolution levels).

Encryption key generating means of the present invention, based on management and the relevant fail safe of dispensing and the viewpoint of easy generative nature, reduce key length, and generate to assault have repellence encryption key.When generating each encryption key of above-mentioned JPEG 2000 packages, this encryption key generating means since with each package as the operation that becomes to assign to by each rank order and specific matrix of extensibility, so can be regardless of the progressive order of JPEG 2000.Enumerate an example, Fig. 5 (a) representes the package P of the matrixing performance by the rank order of the rank order of extensibility L (layer) and extensibility R (resolution levels) _{L, R}(L:0 (upper), 1,2 (the most the next); R:0 (upper), 1,2 (the most the next)).In addition, the package P of Fig. 5 (b) expression and Fig. 5 (a) _{L, R}The part key K of corresponding matrixing performance _{L, R}(L:0,1,2; R:0,1,2).

Here, so-called assault is meant owing to the improper shared encryption key of user more than 2, thereby can be to regenerate than the higher image quality of regular image quality that is allowed.Particularly, be example with JPEG 2000 coded images, consider only to be allowed to user that upper layer (layer 0) discloses, the user that upper resolution levels (resolution levels 0) discloses is linked together with only being allowed to.In this case, if with package P _{I, j}Pairing encryption key is made as K _{I, j}, one of them user can with 3 package P _{0, j}The encryption key K that (j=0,1,2) is corresponding _{0, j}(j=0,1,2), another user can with 3 package P _{I, 0}The encryption key K that (i=0,1,2) is corresponding _{I, 0}(i=0,1,2) obtains with the key qualification of regular permission respectively.Under the inadequate situation of the repellence of assault, thereby these users can unite the encryption key K that wrongful generation both is not allowed to _2.2, K _2.1, K _1.2, and K _1.1The practiced encryption key of encryption key generating means of the present invention generates action; As following each embodiment is illustrated; Encryption key (part key) for certain package; The package that from least one extensibility, is not positioned at the stratum more upper than this package generates, but from extensibility arbitrarily, is positioned at package coordination therewith or than the package generation of its next stratum.Therefore, by the encryption key that encryption key generating means of the present invention generated assault had repellence.

Then, use Fig. 6 that the data distribution action in the numerical data delivery system shown in Figure 3 is described.In addition, Fig. 6 is the logic diagram that is used for explaining the signal dispensing action of the numerical data delivery system (Fig. 1) that is suitable for encryption key generating means of the present invention.In addition, delivery server 100, PC 200 have the structure shown in Fig. 2 (a).

As shown in Figure 6, PC 200 is after delivery server 100 has carried out signal dispensing request, and the data distribution service of 100 couples of PC 200 of delivery server begins to carry out.In case accept the dispensing request from PC200, delivery server 100 at first carries out request analysis.In this request analysis, send the confirming of data and the confirming etc. of the grade of service of the authentication formality of this dispensing requesting users, required dispensing.

In the delivery server 100; In case ending request is resolved; Then read the data of dispensing of asking, and read the pairing master key of these data (be used to generate the part key of encryption key, this encryption key is to be used for the data of being read are encoded) from D/B 110.Encryption key generating means 400 (encryption key generating means of the present invention) input master key utilizes master key to generate the part key (being positioned at the upper stratum respectively corresponding part key more upper than the pairing stratum of master key) of coding usefulness.The part key that generates like this exports coding unit 410 to from encryption key generating means 400.On the other hand; The data that coding unit 410 inputs are read from D/B 110; For each package that constitutes these data; Utilization is encoded with the pairing part key of package to be encoded from the part key of encryption key generating means 400 outputs, generates coded data (the coding row of package group to be provided and delivered) thus.Then, delivery server 100 will be distributed to PC 200 (dispensing request source) with the coded data that master key generates through network 300, and this master key is used to generate the part key that coding utilizes.In addition, concrete digital coding is to carry out through the control part in the delivery server 100 220 (Fig. 2 (a)).That is,, this control part 220 is moved as coding unit 410 through program stored 231 in advance in control part 220 execute stores 230.

PC 200 obtains via next coded data and the master key of network 300 dispensings through I/O 210, and temporarily is stored in the memory 230.The master key that encryption key generating means 400 among the PC 200 (encryption key generating means of the present invention) input store 230 is stored, and utilize this master key to generate the part key (be positioned at the stratum more upper upper stratum more corresponding and distinguish corresponding decoding key) of decoding usefulness than master key.In addition, encryption key generating means 400 exports the decoding key that is generated to decoding unit 420.Decoding unit 420, the coded data that input is read from memory 230, for each package that is encoded, utilization pairing decoding key from the decoding key that encryption key generating means 400 is exported is decoded, thus the generating solution code data.In addition, concrete data decode is that control part 220 (Fig. 2 (a)) through PC 200 is carried out.That is, through program stored 231 in advance in control part 220 execute stores 230, this control part 220 moves as decoding unit 420.

Encryption key generating means of the present invention is applicable to the situation of the delivery system of Fig. 1, is equivalent to the encryption key generating means 400 among Fig. 6, particularly, possesses structure shown in Figure 7.Fig. 7 is the logic diagram that is used to explain the structure of encryption key generating means of the present invention.

Promptly; As shown in Figure 7, encryption key generating means 400 possesses: be used for obtaining master key input unit 450, utilize master key generate the part key arithmetic element 460, be used for temporarily storing memory cell 470 and the output unit 480 that is used for the part key with the part key consistent stratum with the grade of service of being signed that is generated is exported to coding unit 410 or decoding unit 420 of the operation result of master key exclusive disjunction unit 460.Arithmetic element 460 is made up of with key generation unit 463 key cutting unit 461, matrix generation unit 462.

When above-mentioned logical construction is applicable to the hardware configuration shown in Fig. 2 (a), the function of I/O 210 performance input units 450 and output unit 480.The function of memory 230 performance memory cell 470.The function of control part 220 performance arithmetic elements 460.In addition, through program stored 231 in advance in control part 220 execute stores 230, it is respectively as key cutting unit 461, matrix generation unit 462, key generation unit 463 and move.

(the 1st embodiment)

Below, explain that encryption key performed among the 1st embodiment of encryption key generating means of the present invention generates action.In addition, the encryption key generating means of the 1st embodiment has structure shown in Figure 7, is more specifically realized by the hardware configuration shown in Fig. 2 (a).Among the 1st embodiment, will be made as extensibility L (layer) and extensibility R (resolution levels), and N will be counted in the stratum of extensibility L as the extensibility of access control object _LBe made as 3, N is counted in the stratum of extensibility R _RBe made as 3.At this moment, the package of each stratum among extensibility L, the R is made 3 * 3 matrix composition P _{I, j}(i=0,1,2; J=0,1,2) handle.In addition, Fig. 8 is a concept map, is used to explain that the performed encryption key of the 1st embodiment of encryption key generating means of the present invention generates action (action of arithmetic element 460 shown in Figure 7).In addition, Fig. 9 is the generation that is used to explain the key salt matrices that the matrix generation unit 462 of the encryption key generating means of the 1st embodiment carries out.

Master key be by input unit 450 through D/B110 or network 300 and the part key of being provided and delivered, and temporarily be stored in the memory cell 470.That is, master key is by 470 pairing part keys of managing in advance of the most the next package of memory cell, in the example of Fig. 8, is the package P that extensibility L, R all is positioned at the most the next stratum _2,2Pairing encryption key K _2,2This master key K _2,2N counts in the stratum that is divided into extensibility L by key cutting unit 461 _LCount N with the stratum of extensibility R _RAmong minimum value (=min (N _L, N _R)).

Among the 1st embodiment, because N _L=N _R=3, key cutting unit 461 can be selected extensibility L, any among the R, but select extensibility R as the benchmark extensibility as an example.At this moment, key cutting unit 461 is cut apart master key K with several 3 (the stratum's numbers of extensibility R) of minimum stratum _2,2, can obtain Split Key e thus _R2, e _R1, e _R0This Split Key e _R2, e _R1, e _R0Be the root key (be used to generate the key of each matrix composition) corresponding, and matrix generation unit 462 is according to each generation key salt matrices M1-M3 of stratum of this extensibility R with each stratum of extensibility R.

As shown in Figure 9, be Split Key e by pairing root key _R2, e _R1, e _R0Generate key salt matrices M1-M3 each matrix composition in each successively.

At first, among the key salt matrices M1, with Split Key e _R2Be dispensed to (2,2) composition with as with the corresponding matrix of rank order 2 (the most the next stratum) of extensibility R.In addition, among the figure, the upside additional letter R2 of matrix ingredient e representes the rank order of the extensibility R (benchmark extensibility) corresponding with this key salt matrices M1, and the component coordinate of the numeral key salt matrices M1 that downside adds.Below, in the 1st embodiment, the composition scale of key salt matrices M1 is shown e ^R2(i, j) (i=0,1,2; J=0,1,2).

Through repeating to utilize one-way hash function H ^*Split Key e _R2Hash operations, the operational data that obtains successively is dispensed to Split Key e _R2Stratum among the pairing extensibility R (rank order=2) is the corresponding respectively coordinate ingredient e of remaining stratum among the extensibility L ^R2(1,2), e ^R2(0,2).That is, with H ^*(e ^R2(2,2)) operational data be dispensed to e ^R2(1,2) is with H ^{* 2}(e ^R2(2,2)) operational data be dispensed to ingredient e ^R2(0,2).Through such matrix operation operation, to the rank order 2 of extensibility R, the stratum character of extensibility L is held.In addition, in this manual, with one-way hash function H ^*N (n=2,3 ...) inferior operation table is shown H ^{* n}

On the other hand, in key salt matrices M1, will be to ingredient e ^R2(0,2) further utilizes one-way hash function H ^*Carry out the resulting operational data H of hash operations ^*(e ^R2(0,2)) (=H ^{* 3}(e ^R2(2,2))) be dispensed to all rank orders 2 and be the ingredient e of upper stratum than extensibility R ^R2(i, j) (i=0,1,2; J=0,1).The operational data of this moment is and stratum's number of extensibility L corresponding value of package for-1 (in fact not existing).

Make for package P under the state of the stratum character that keeps extensibility L unchangeably like the above-mentioned key salt matrices M1 that generates _{I, 2}The access control of (i=0,1,2) is effective.

In key salt matrices M2, with Split Key e _R1Be dispensed to (2,1) composition with as the matrix corresponding with the rank order of extensibility R 1.Below, in the 1st embodiment, the composition scale of key salt matrices M2 is shown e ^R1(i, j) (i=0,1,2; J=0,1,2).

With H ^*(e ^R1(2,1)) operational data be dispensed to Split Key e _R1The stratum of pairing extensibility R (rank order=1) is the corresponding respectively coordinate ingredient e of residue stratum among the extensibility L ^R1(1,1), and with H ^{* 2}(e ^R1(2,1)) operational data be dispensed to ingredient e ^R1(0,1).Through this matrix operation operation, keep the stratum character of extensibility L for the rank order 1 of extensibility R.

On the other hand, in key salt matrices M2, will be to ingredient e ^R1(0,1) further utilizes one-way hash function H ^*Carry out the resulting operational data H of hash operations ^*(e ^R1(0,1)) (=H ^{* 3}(e ^R1(2,1))) be dispensed to all rank orders 1 and be the ingredient e of upper stratum than extensibility R ^R1(i, 0) (i=0,1,2).The operational data of this moment is and stratum's number of extensibility L corresponding value of package for-1 (in fact not existing).

On the other hand, in key salt matrices M2, any and ingredient e ^R1The rank order 1 that the identical value in (i, 1) (i=0,1,2) is assigned to respectively than extensibility R is the ingredient e of the next stratum ^R1(i, 2) (i=0,1,2).In addition, temporarily will be through to duplicating ingredient e ^R1The ingredient e of the value of (2,1) ^R1(2,2) utilize the resulting value of the hash operations of one-way hash function to be dispensed to ingredient e successively ^R1(i, 2) (i=0,1) also is an equivalent.Among Fig. 9 waited, " CP " referred to duplicate.

Like the above-mentioned key salt matrices M2 that generates is under the state of the stratum character that keeps extensibility L, makes package P _{I, 1}The access control of (i=0,1,2) is effective.

Same, in key salt matrices M3, with Split Key e _R0Be dispensed to (2,0) composition with as with the corresponding matrix of rank order 0 (upper stratum) of extensibility R.Below, in the 1st embodiment, the composition scale of key salt matrices M3 is shown e ^R0(i, j) (i=0,1,2; J=0,1,2).

With H ^*(e ^R0(2,0)) operational data be dispensed to Split Key e _R0The stratum of pairing extensibility R (rank order=0) is the corresponding respectively coordinate ingredient e of residue stratum among the extensibility L ^R0(1,0) is with H ^{* 2}(e ^R0(2,0)) operational data be dispensed to ingredient e ^R0(0,0).Through this matrix operation operation, keep the stratum character of extensibility L for the rank order 0 of extensibility R.

On the other hand, in key salt matrices M3, owing to do not exist for upper stratum than the rank order of extensibility R 0, so not to ingredient e ^R0Further hash operations is carried out in (0,0).

On the other hand, in key salt matrices M3, with any and ingredient e ^R0The rank order 0 that the identical value in (i, 0) (i=0,1,2) is respectively allocated to than extensibility R is the ingredient e of the next stratum ^R0(i, j) (i=0,1,2; J=1,2).In addition, temporarily will be through to duplicating ingredient e ^R0Each ingredient e of the value of (2,0) ^R0(2,2), e ^R0(2,1) utilize the resulting value of the hash operations of one-way hash function to be dispensed to ingredient e successively ^R0(i, j) (i=0,1,2; J=1,2) also be equivalent.

In this case, the key salt matrices M3 that is generated makes package P under the state of the stratum character that keeps extensibility L unchangeably _{I, 0}The access control of (i=0,1,2) is effective.

Then, the consistent composition of coordinate between the key salt matrices M1-M3 that key generation unit 463 combines as stated to be generated by matrix generation unit 462 generates part key matrix MP1.That is, each one-tenth of part key matrix MP1 is divided into and each package P _{I, j}(i=0,1,2; J=0,1,2) corresponding part key K _{I, j}(i=0,1,2; J=0,1,2).So the stratum character of each maintenance another extensibility L of stratum (layer) of extensibility R (resolution levels) through one of them generates the part key, in resolution levels or in layer, all keeps stratum character.In addition, output unit 480 is with the part key K that is generated by key generation unit 463 as stated _{I, j}(i=0,1,2; J=0,1,2) exports coding unit 410 to.In addition, coding unit 410 is through pairing part key K _{I, j}(i=0,1,2; J=0,1,2) to each package P _{I, j}(i=0,1,2; J=0,1,2) encode.In this way, the package of encrypted JPEG 2000 coding row as the coded data of treating to provide and deliver through network 300 and with master key K _2,2Be distributed to PC 200 together.

(the 2nd embodiment)

The performed encryption key generation action of the 2nd embodiment of encryption key generating means of the present invention then, is described.In addition, the encryption key generating means of the 2nd embodiment is also identical with the 1st embodiment to have structure shown in Figure 7, more specifically is achieved by the hardware configuration shown in Fig. 2 (a).Among the 2nd embodiment, will be made as extensibility L (layer) and extensibility R (resolution levels), N will be counted in the stratum of extensibility L as the extensibility of access control object _LBe made as 3, N is counted in the stratum of extensibility R _RBe made as 2.At this moment, the package of each stratum among extensibility L, the R is the matrix composition P as 3 * 2 _{I, j}(i=0,1,2; J=0,1) and handle.In addition, Figure 10 is used for explaining that the performed encryption key of the 2nd embodiment of encryption key generating means of the present invention generates the concept map of action (action of arithmetic element 460 shown in Figure 7).In addition, Figure 11 is used to explain that the matrix generation unit 462 of the encryption key generating means through the 2nd embodiment generates the concept map of key salt matrices.

Master key is the part key of being provided and delivered through D/B 110 or network 300 via input unit 450, and temporarily is stored in the memory cell 470.That is, master key is by 470 pairing part keys of managing in advance of the most the next package of memory cell, in the example of Figure 10 is being the package P that for extensibility L, R, all is positioned at the most the next stratum _2,1Pairing encryption key K _2,1This master key K _2,1Be to count N by the stratum that key cutting unit 461 is divided into extensibility L _LCount N with the stratum of extensibility R _RIn minimum value (=min (N _L, N _R)).That is, key cutting unit 461 is cut apart master key K with stratum's number (minimum stratum several 2) of extensibility R _2,1, obtain Split Key e thus _R1, e _R0This Split Key e _R1, e _R0Be the root key corresponding with each stratum of extensibility R, matrix generation unit 462 generates key salt matrices M1, M2 by each stratum of this extensibility R.

Each matrix composition among key salt matrices M1, the M2 be shown in figure 11 be Split Key e according to pairing root key _R1, e _R0Generate successively.

At first, in key salt matrices M1, with Split Key e _R1Be dispensed to (2,1) composition with the pairing matrix of rank order 1 (the most the next stratum) as extensibility R.In addition, the upside additional letter R1 of the matrix ingredient e among the figure representes the rank order of the extensibility R (benchmark extensibility) corresponding with this key salt matrices M1, and the downside additional character is the component coordinate of expression key salt matrices M1.Below, in the 2nd embodiment, the composition scale of key salt matrices M1 is shown e ^R1(i, j) (i=0,1,2; J=0,1).

Will be through repeating to utilize one-way hash function H ^*Split Key e _R1Hash operations and the operational data that obtains successively is dispensed to Split Key e _R1The stratum of pairing extensibility R (rank order=1) is that corresponding coordinate ingredient e is distinguished by the residue stratum among the extensibility L ^R1(1,1), e ^R2(0,1).That is, with H ^*(e ^R1(2,1)) operational data be dispensed to ingredient e ^R1(1,1) is with H ^{* 2}(e ^R1(2,1)) operational data be dispensed to ingredient e ^R1(0,1).Through so matrix operation operation, keep the stratum character of extensibility L for the rank order 1 of extensibility R.

On the other hand, in key salt matrices M1, will be to ingredient e ^R1(0,1) further utilizes one-way hash function H ^*Carry out the resulting operational data H of hash operations ^*(e ^R1(0,1)) (=H ^{* 3}(e ^R1(2,1))) rank order 1 that is dispensed to than extensibility R is all the components e of upper stratum ^R1(i, 0) (i=0,1,2).The operational data of this moment is the package pairing value of stratum's number of extensibility L for-1 (in fact not existing).

, under the state of the stratum character that keeps extensibility L unchangeably, make like the key salt matrices M1 of above-mentioned generation package P _{I, 1}The access control of (i=0,1,2) is effective.

In key salt matrices M2, with Split Key e _R0Be dispensed to (2,0) composition with as with the corresponding matrix of rank order 0 (upper stratum) of extensibility R.Below, in the 2nd embodiment, the composition scale of key salt matrices M2 is shown e ^R0(i, j) (i=0,1,2; J=0,1).

With H ^*(e ^R0(2,0)) operational data be dispensed to Split Key e _R0Stratum among the pairing extensibility R (rank order=0) is that corresponding coordinate ingredient e is distinguished by the residue stratum among the extensibility L ^R0(1,0), and with H ^{* 2}(e ^R0(2,0)) operational data be dispensed to ingredient e ^R0(0,0).Through so matrix operation operation, keep the stratum character of extensibility L for the rank order 0 of extensibility R.

On the other hand, in key salt matrices M2, owing to do not exist for upper stratum than the rank order of extensibility R 0, so not further to ingredient e ^R0Hash operations is carried out in (0,0).

On the other hand, in key salt matrices M2, with any and ingredient e ^R0The rank order 0 that the identical value in (i, 0) (i=0,1,2) is respectively allocated to than extensibility R is the ingredient e of the next stratum ^R0(i, 1) (i=0,1,2).In addition, temporarily will be through to duplicating ingredient e ^R0The ingredient e of the value of (2,0) ^R0(2,1) utilize the resulting value of the hash operations of one-way hash function to be dispensed to ingredient e successively ^R0(i, 1) (i=0,1,2) also is an equivalent.In addition, in Figure 11, CP representes replication actions.

In this case, the key salt matrices M2 that is generated makes package P under the state of the stratum character that keeps extensibility L unchangeably _{I, 0}The access control of (i=0,1,2) is effective.In addition, in Figure 11 etc., " CP " refers to duplicate.

Then, the consistent composition of coordinate between the key salt matrices M1 that 463 combinations of key generation unit are generated by matrix generation unit 462 as stated, the M2 generates part key matrix MP2 thus.That is, each one-tenth of part key matrix MP2 is divided into and each package P _{I, j}(i=0,1,2; J=0,1) corresponding part key K _{I, j}(i=0,1,2; J=0,1).Like this, keep the stratum character of another extensibility L (layer) to generate the part key, in resolution levels or in layer, all keep stratum character through the stratum of extensibility R (resolution levels) by one of them.In addition, output unit 480 is with the part key K that generated by key generation unit 463 as stated _{I, j}(i=0,1,2; J=0,1) exports coding unit 410 to.In addition, coding unit 410 utilizes pairing part key K _{I, j}(i=0,1,2; J=0,1) to each package P _{I, j}(i=0,1,2; J=0,1) encode.The coding of the package of like this, encrypted JPEG 2000 row are as treating through the coded data of network 300 dispensings and master key K _2,1Be distributed to PC 200 together.

(the 3rd embodiment)

Below, explain that the performed encryption key of the 3rd embodiment of encryption key generating means of the present invention generates action.In addition, the encryption key generating means of the 3rd embodiment is also identical with the 1st embodiment to have structure shown in Figure 7, more specifically, is achieved by the hardware configuration shown in Fig. 2 (a).Among the 3rd embodiment, will be made as extensibility L (layer) and extensibility R (resolution levels), N will be counted in the stratum of extensibility L as the extensibility of access control object _LBe made as 4, N is counted in the stratum of extensibility R _RBe made as 3.At this moment, the package of each stratum among extensibility L, the R is the matrix composition P as 4 * 3 _{I, j}(i=0,1,2; J=0,1,2,3) and handle.In addition, Figure 12 is used for explaining that the performed encryption key of the 3rd embodiment of encryption key generating means of the present invention generates the concept map of action (action of arithmetic element 460 shown in Figure 7).In addition, Figure 13 is used to explain that the matrix generation unit 462 by the encryption key generating means of the 3rd embodiment generates the concept map of key salt matrices.

Master key is that it temporarily is stored in the memory cell 470 via the part key of input unit 45 through D/B 110 or network 300 dispensings.That is, master key is the pairing part key of being managed in advance by memory cell 470 of the most the next package, is being for extensibility L, R, to be all the package P that is positioned at the most the next stratum in the example of Figure 12 _3,2Pairing encryption key K _3,2This master key K _3,2N counts in the stratum that is divided into extensibility L by key cutting unit 461 _LCount N with the stratum of extensibility R _RIn minimum value (=min (N _L, N _R)).That is, key cutting unit 461 is cut apart master key K with stratum's number (minimum stratum several 3) of extensibility R _3,2, obtain Split Key e thus _R2, e _R1, e _R0This Split Key e _R2, e _R1, e _R0Be the root key corresponding with each stratum of extensibility R, matrix generation unit 462 generates key salt matrices M1-M3 by each stratum of this extensibility R.

By pairing root key is Split Key e _R2, e _R1, e _R0Each matrix composition that generates key salt matrices M1-M3 successively shown in figure 13.

At first, in key salt matrices M1, with Split Key e _R2Be dispensed to (3,2) composition with as matrix corresponding to the rank order 2 (the most the next stratum) of extensibility R.In addition, the upside additional letter R2 of the matrix ingredient e among the figure representes and the rank order of the pairing extensibility R of this key salt matrices M1 (benchmark extensibility) that the downside additional character is represented the component coordinate of key salt matrices M1.Below, the composition scale with key salt matrices M1 among the 3rd embodiment is shown e ^R2(i, j) (i=0,1,2,3; J=0,1,2).

Will be through repeating to utilize one-way hash function H ^*Split Key e _R2Hash operations and the operational data that obtains successively is dispensed to Split Key e _R2Stratum among the pairing extensibility R (rank order=2) is the corresponding respectively coordinate ingredient e of residue stratum among the extensibility L ^R2(2,2), e ^R2(1,2), e ^R2(0,2).That is, with H ^*(e ^R2(3,2)) operational data be dispensed to ingredient e ^R2(2,2) are with H ^{* 2}(e ^R2(3,2)) operational data be dispensed to ingredient e ^R2(1,2) is with H ^{* 3}(e ^R2(3,2)) operational data be dispensed to ingredient e ^R2(0,2).Through such matrix operation operation, can keep the stratum character of extendibility L for the rank order 2 of extensibility R.

On the other hand, in key salt matrices M1, will be to ingredient e ^R2(0,2) further utilizes one-way hash function H ^*Carry out the resulting operational data H of hash operations ^*(e ^R2(0,2)) (=H ^{* 4}(e ^R2(3,2))) rank order 2 that is dispensed to than extensibility R is all the components e of upper stratum ^R2(i, j) (i=0,1,2; J=0,1).The operational data of this moment is the package pairing value of stratum's number of extensibility L for-1 (in fact not existing).

, under the state of the stratum character that keeps extensibility L unchangeably, make like the key salt matrices M1 of above-mentioned generation package P _{I, 2}The access control of (i=0,1,2,3) is effective.

In key salt matrices M2, with Split Key e _R1Be dispensed to (3,1) composition with as with extensibility R in the corresponding matrix of rank order 1.Below, in the 3rd embodiment, the composition scale of key salt matrices M2 is shown e ^R1(i, j) (i=0,1,2,3; J=0,1,2).

With H ^*(e ^R1(3,1)) operational data be dispensed to Split Key e _R1Stratum among the pairing extensibility R (rank order=1)) is the coordinate ingredient e of the residue stratum difference correspondence among the extensibility L ^R1(2,1) are with H ^{* 2}(e ^R1(3,1)) operational data be dispensed to ingredient e ^R1(1,1) is with H ^{* 3}(e ^R1(3,1)) operational data be dispensed to ingredient e ^R1(0,1).Matrix operation operation through such for the rank order 1 of extensibility R, keeps the stratum character of extendibility L.

On the other hand, in key salt matrices M2, will be to ingredient e ^R1(0,1) further utilizes one-way hash function H ^*Carry out the resulting operational data H of hash operations ^*(e ^R1(0,1)) (=H ^{* 4}(e ^R1(3,1))) rank order 1 that is dispensed to than extensibility R is all the components e of upper stratum ^R1(i, 0) (i=0,1,2,3).The operational data of this moment is the package pairing value of stratum's number of extensibility L for-1 (in fact not existing).

On the other hand, in key salt matrices M2, with any and ingredient e ^R1The rank order 1 that the identical value in (i, 0) (i=0,1,2,3) is respectively allocated to than extensibility R is the ingredient e of the next stratum ^R1(i, 2) (i=0,1,2,3).In addition, temporarily will be to duplicating ingredient e ^R1The ingredient e of the value of (3,1) ^R1(3,2) utilize the resulting value of the hash operations of one-way hash function to be dispensed to ingredient e successively ^R1(i, 2) (i=0,1,2) also is an equivalent.In addition, in Figure 13 etc., " CP " refers to duplicate.

, under the state of the stratum character that keeps extensibility L unchangeably, make like the above-mentioned key salt matrices M2 that generates package P _{I, 1}The access control of (i=0,1,2,3) is effective.

Same, in key salt matrices M3, with Split Key e _R0Be dispensed to (3,0) composition with as with the corresponding matrix of rank order 0 (upper stratum) of extensibility R.Below, in the 3rd embodiment, the composition scale of key salt matrices M3 is shown e ^R0(i, j) (i=0,1,2,3; J=0,1,2).

With H ^*(e ^R0(3,0)) operational data be dispensed to Split Key e _R0Stratum among the pairing extensibility R (rank order=0) is the corresponding respectively coordinate ingredient e of residue stratum among the extensibility L ^R0(2,0) are with H ^{* 2}(e ^R0(3,0)) operational data be dispensed to ingredient e ^R0(1,0) is with H ^{* 3}(e ^R0(3,0)) operational data be dispensed to ingredient e ^R0(0,0).Matrix operation operation through such for the rank order 0 of extensibility R, can keep the stratum character of extendibility L.

On the other hand, in key salt matrices M3, owing to do not exist for upper stratum than the rank order of extensibility R 0, not to ingredient e ^R0Hash operations is further carried out in (0,0).

On the other hand, in key salt matrices M3, with any and ingredient e ^R0The rank order 0 that the identical value in (i, 0) (i=0,1,2,3) is respectively allocated to than extensibility R is the ingredient e of the next stratum ^R0(i, j) (i=0,1,2,3; J=1,2).In addition, temporarily will be through to duplicating ingredient e ^R0Each ingredient e of the value of (3,0) ^R0(3,2), e ^R0(3,1) utilize the resulting value of the hash operations of one-way hash function to be dispensed to ingredient e successively ^R0(i, j) (i=0,1,2,3; J=1,2) also be equivalent.In addition, in Figure 13, CP representes replication actions.

In this case, the key salt matrices M3 that is generated by matrix generation unit 462 makes package P under the state of the stratum character that keeps extensibility L unchangeably _{I, 0}The access control of (i=0,1,2,3) is effective.

Then, the consistent composition of coordinate between the key salt matrices M1-M3 that key generating device 463 combines as stated to be generated by matrix generation unit 462 generates part key matrix MP3 thus.That is, each one-tenth of part key matrix MP3 is divided into and each package P _{I, j}(i=0,1,2,3; J=0,1,2) corresponding part key K _{I, j}(i=0,1,2,3; J=0,1,2).Like this, each stratum of one of them extensibility R (resolution levels) keeps the stratum character of another extensibility L (layer) and generates the part key, and no matter in resolution levels or in layer, stratum character all is held thus.In addition, output unit 480 will be like the above-mentioned part key K that is generated by key generation unit 463 _I.j(i=0,1,2,3; J=0,1,2) exports coding unit 410 to.In addition, coding unit 410 is with pairing part key K _I.j(i=0,1,2,3; J=0,1,2) to each package P _{I, j}(i=0,1,2,3; J=0,1,2) encode.Like this, the package of encrypted JPEG 2000 coding row are as treating through the coded data of network 300 dispensings and master key K _3.2Be distributed to PC 200 together.

(assault repellence evaluation)

Then, to repellence, estimate assault by the encryption key that key generating device generated (the part key corresponding) of above-mentioned 1-the 3rd embodiment that constitutes with the package of each stratum.

At first, this evaluation is to count N to having stratum _LExtensibility L and stratum count N _RJPEG 2000 data of extensibility R (resolution levels) situation of encoding be prerequisite.

Package P with JPEG 2000 _{I, j}(i=0,1 ..., N _L-1; J=0,1 ..., N _R-1) the part key K of correspondence _{I, j}Be with the most the next package P _{NL-1, NR-1}Pairing part key K _{NL-1, NR-1}As master key, generate one-way hash function H from the possession ^*In addition, upper with the next notion of stratum is identical with Fig. 3.That is part key K, _{I, j}, among extensibility L, the R any, all must from than package P _{I, j}Stratum be the next or with the package P of all stratum of its coordination _{A1, b1}(a1=i, i+1 ... N _L-1B1=j, j+1 ... N _R-1) pairing part key K _{A1, b1}Generate from the possession.With this understanding, for can not be wrongful owing to assault among extensibility L, R aspect any all than package P _{I, j}Package P for upper stratum _{A2, b2}(a2=0,1 ... i-1; B2=0,1 ... j-1) pairing part key K _{A2, b2}Generate the part key K _{I, j}, therefore constitute this part key K _{I, j}The key element of at least a portion be necessary for than the part key K _{A2, b2}Be the pairing key element of the package of the next stratum.

For example, suppose N _R＜N _LThe j of stratum (0≤j≤N with extensibility R _R-1) all package P _{I, j}(i=0,1 ..., N _L-1) is the part key K of object _{I, j}Key element e ^R1 _{I, j}, be in the key element computing of key salt matrices Mj, from key element e as root key _Rj, through utilizing one-way hash function H ^*Hash operations H ^{* (NL-1-i)}(e _Ri) and generate from the possession.At this moment, with the next b1 of stratum of extensibility R (＜j) all package P _{I, b1}(i=0,1 ..., N _L-1) is the part key K of object _{I, b1}Key element e ^Rj _{I, b1}In, the hash operations value H of the upper stratum among the key salt matrices Mj ^{* (NL-1-i)}(e _Rj) will be directly by reflection (being replicated).On the other hand, hash operations value H ^{* NL}(e _Rj) be distributed in (＞j) all package P with the upper stratum b2 among the extensibility R _{I, b2}(i=0,1 ..., N _L-1) is the part key K of object _{I, b2}Key element e ^Rj _{I, b2}In.

Therefore, one side is at least a portion of the key element of the part key that constitutes the next stratum, and the part key of upper stratum is reflected that on the other hand, in the key element of the part key that constitutes upper stratum, the key element of the part key of the next stratum is not reflected.That is, in the part key that encryption key generating means of the present invention generated, do not generate the part key of the next stratum, thus, can obtain repellence assault from the part key of upper stratum.

(encryption key of removing in encrypting generates)

Then, explain through encryption key generating means generation encryption key of the present invention (the part key corresponding) for removing to encrypt in (decoding) with each package of being permitted.Above-mentioned encryption key generates in the action (action of arithmetic element 460 shown in Figure 7), generates the part key that is positioned at upper stratum according to dependency respectively from the master key of unique management.When removing encryption; That is, the decoding processing among Fig. 7 among the PC 200, same; Also generate the part key that is positioned at upper stratum from the possession from master key, the most the next pairing decoding key of package (master key) that only will be allowed in the disclosed package group is distributed to user (PC 200).

Particularly, at N _L=N _RUnder=3 the situation, as shown in Figure 3, at the shading image Q of request extensibility L (layer) and extensibility R (resolution levels) scope _{L, R}(0≤L≤N _L, 0≤R≤N _R) PC 200 sides in, with the package of JPEG 2000 coding row P _{L, R}Allow disclosing of image, the key K that input unit 450 receives this package as the most the next package (be arranged in extensibility L, R each the package of the most the next stratum) _{L, R}(0≤L≤2,0≤R≤2).In addition, the key K that receives through input unit 450 _{L, R}(0≤L≤2,0≤R≤2) temporarily are stored in the memory cell 470.Among Fig. 3, be allowed to received code image Q the user _{L, R}Situation under, this encryption key generating means 400 is utilized and this coded image Q _{L, R}Corresponding key K _{L, R}As master key, generate by frame A ((N _L-R+1) * (N _R-L+1)) the pairing releasing encryption key of each package P (decoding key) that surrounds.In addition, in this case, and from key K _{L, R}The Split Key e that is generated ^R2, e ^R1, e ^R0Corresponding key salt matrices M1-M3 also becomes (N _L-R+1) * (N _R-L+1) matrix.

In following explanation, be allowed to received code image Q for user among Fig. 3 _1,1Situation explain.In this case, the key in this encryption key generating means 400 generates a part that is equivalent to Fig. 9, utilizes and this coded image Q _1,1Corresponding key K _1,1, generate each the package P that is surrounded by frame A _1,0, P _0,1, P _0,0Pairing releasing encryption key (decoding key).

Therefore, in PC 200 sides, the part key K of at first memory cell 470 being stored _1,1As master key, key cutting unit 461 is cut apart (3 cut apart) with stratum's number of extensibility R, generates 3 Split Key e ^R2, e ^R1, e ^R0

Then, matrix generation unit 462 generates the key salt matrices by 3 stratum of extensibility R.Here, 3 Split Key e ^R2, e ^R1, e ^R0Among, the stratum of pairing extensibility R is than master key K _1,1Pairing stratum is that the next Split Key is that the rank order of another extensibility L becomes-1 hash operations data.Thereby, in this case, allocate in advance and the identical value of the pairing part key of all the components of key salt matrices.

At first, in the generation of the key salt matrices M1 of the stratum 2 pairing 2 * 2 of extensibility R, part key e ^R2Being the stratum that is equivalent to extensibility L is-1 hash operations data.That is, because the Split Key e of extensibility R ^R2Pairing stratum (rank order: 2) be positioned at than master key K _1,1The stratum of pairing extensibility R (rank order: be the next 1), this Split Key e ^R2Value be that the rank order of extensibility L is-1 o'clock hash operations value.In this case, distribute and Split Key e ^R2Identical value (rank order of extensibility L is-1) is to Split Key e ^R2All matrix ingredient e of pairing 2 * 2 key salt matrices M1 ^R2(0,1), e ^R2(1,1), e ^R2(0,0), e ^R2In (1,0).

Then, in the generation of 1 pairing 2 * 2 key salt matrices M2 of stratum of extensibility R, at first with Split Key e ^R1Value be dispensed to e ^R1(1,1) composition.To utilize one-way hash function H ^*The operational data H of hash operations ^*(e ^R1(1,1)) stratum that is dispensed to extensibility L is positioned at upper ingredient e ^R1(0,1).In addition, with the rank order of extensibility L be-1 operational data H ^{* 2}(e ^R2(1,1)) be dispensed to Split Key e than extensibility R ^R1Pairing stratum (rank order: 1) be upper stratum's (rank order: 0) pairing each ingredient e ^R1(1,0), e ^R1(0,0).Opposite, owing to Split Key e than extensibility R ^R1Pairing stratum (rank order: 1) be the next stratum's (rank order: 2) do not exist, so do not carry out hash operations.

On the other hand, in the generation of 0 pairing 2 * 2 key salt matrices M3 of stratum of extensibility R, than the Split Key e of extensibility R ^R0Pairing stratum (rank order: 0) be upper stratum's (rank order :-1) do not exist.Therefore, at first with Split Key e ^R0Value be dispensed to e ^R0(1,0) composition.To utilize one-way hash function H ^*The operational data H of hash operations ^*(e ^R1(1,0)) stratum that is dispensed to extensibility L is positioned at upper ingredient e ^R0(0,0).Opposite, at Split Key e than extensibility R ^R0Pairing stratum (rank order: 0) be the next stratum's (rank order: 1), duplicate ingredient e ^R0The value of (1,0) is to e ^R0(1,1) composition, and carry out hash operations successively based on this value of duplicating.That is, will utilize one-way hash function H ^*The operational data H of hash operations ^*(e ^R0(1,1)) stratum that is dispensed to extensibility L is positioned at upper ingredient e ^R0(0,1).

The consistent composition of coordinate between the key salt matrices M1-M3 of each stratum pairing 2 * 2 of the extensibility R that key generation unit 463 combines as stated to be generated by matrix generation unit 462 is thus from master key K _1,1Generate and package P _1,0, P _0,1, P _0,0Corresponding decoding key K _1,0, K _0,1, K _0,0

As stated, the part key corresponding with certain package is not positioned at the upper package of this package and generates from least one extensibility, but from any extensibility, is positioned at coordination or the next package generation.Therefore, assault had repellence.

(the 4th embodiment)

Figure 14 is a concept map, and the encryption key of carrying out as the 4th embodiment of encryption key generating means of the present invention generates action, and the generation of part key of the numerical data of the stratum's extensibility that has more than three kinds is described.In addition, Figure 15 is the figure of the coordinate corresponding relation of stratum table 11a, part key salt matrices MPa-MPc and part key matrix MP4 during the part key of expression Figure 14 generates.Figure 16 is the figure that is used for explaining corresponding relation between the key element of part key salt matrices MPa-MPc that the part key of Figure 14 generates and part key matrix MP4.The encryption key generating means of the 4th embodiment is also identical with the 1st embodiment, has structure shown in Figure 7, more specifically, is achieved by the hardware configuration shown in Fig. 2 (a).

Extensibility at access control object is under the situation more than three kinds, considers at first above-mentioned key genesis sequence (action of key cutting unit 461, matrix generation unit 462, key generation unit 463) is repeated combination as minimum treat unit to two kinds of extensibilities.At this moment, be made as N as if extensibility number with access control object _SThe time, the number of repetition of minimum treat unit becomes _NSC ₂(=(N _S(N _S-1))/2).

In the example shown in Figure 14; As three kinds of extensibilities, generate the pairing encryption key of each package in the numerical data with the C (component) of the R (resolution levels) of the L (layer) with 3 stratum, 2 stratum and 3 stratum by the encryption key generating means of the 4th embodiment 400.In the case, to part key salt matrices MPb (the composition K of the combination of extensibility R, L ^RL(0,0)-composition K ^RL(2,1)), to part key salt matrices MPc (the composition K of the combination of extensibility R, C ^RC(0,0)-composition K ^RC(2,1)), with part key salt matrices MPa (the composition K of the combination that is directed against extensibility L, C ^LC(0,0)-composition K ^LC(2,2)) be through generating successively with the above-mentioned identical calculation step of 1-the 3rd embodiment.

At this moment, shown in figure 15, matrix generation unit 462 also generates the table 11a of stratum of stratum's all combinations of value among expression extensibility L, R, the C.The table 11a of this stratum is the stratum's value group according to each combination, with the part key matrix MP4 coordinatograph performance of the pairing part key of the data unit of each stratum among extensibility L, R, the C as composition.In addition, the table 11a of this stratum representes the kind of extensibility and the relation of stratum's value, and can make up the composition of the part key salt matrices MPa-MPc that is generated by definite all that are directed against extensibility of this relation.That is, matrix generation unit 462 generate with the table 11a of stratum in all of stratum's value make up pairing part key key element table 11b.

The cited key combinations of part key key element table 11b that is generated like this, stratum's value combination of showing 11a with the stratum of each component coordinate of representing part key matrix MP4 is corresponding.Each composition K of part key salt matrices MP4 _{L, R, C}(L=0,1,2; R=0,1; C=0,1,2) shown in Figure 16 (a), through combining the key key element K of the combination among the component part key key element table 11b ^RL _{R, L}, K ^RC _{R, C}, K ^LC _{L, C}And obtain.Thereby; Show all combinations of 11a to the stratum of each component coordinate of representing part key salt matrices MP4; Each key key element (with reference to Figure 16 (b)) through combining to make up among the pairing part key key element table 11b with one can obtain part key salt matrices MP4.

Like this; Each composition of the part key matrix MP4 that generates through matrix generation unit 462 is to have the pairing encryption key of each package in the numerical data of C (component) of R (resolution levels) and 3 stratum of L (layer), 2 stratum of 3 stratum as extensibility.That is, each composition of part key salt matrices MP4 be utilize its component coordinate of expression extensibility stratum's value the specific pairing part key of package.

In addition, even the extensibility of access control object is the situation more than three kinds, still can be identical with the situation of two kinds of extensibilities, have the repellence of assault.

The performed encryption key of the encryption key generating means of above-mentioned the 4th embodiment generates action; Use two-dimensional matrix to show with 1-the 3rd embodiment identically and explain, still following the state description of three-dimensional is moved the general encryption key generation of the 4th embodiment to use the three-dimensional matrice performance.In addition, in the following explanation,, N is counted in the stratum of this extensibility L (layer) to the extensibility L that becomes access control object, R, C _LBe made as 6, N is counted in the stratum of extensibility R (degree of dissociation grade) _RBe made as 4, N is counted in the stratum of extensibility C (component) _CBe made as 3.At this moment, the package of each stratum among extensibility L, R, the C shown in Figure 17 (a), the matrix composition P as 6 * 4 * 3 _{I, j, k}(i=0,1,2,3,4,5; J=0,1,2,3; K=0,1,2) handle.In addition, Figure 17 (a) is the stereo representation (three-dimensional key salt matrices is also identical) of each the coordinate composition configuration among the three-dimensional portion key matrix QM.

Shown in Figure 17 (a), each the pairing coordinate composition K of the most the next stratum of extensibility L, R, C _5,3,2Become master key.In addition, coordinate composition K _0,0,0It is each the pairing coordinate composition of upper stratum of extensibility L, R, C.

According to the performed encryption key of the encryption key generating means of above-mentioned the 4th embodiment generate that action generates as the situation of 6 * 4 * 3 the three-dimensional portion key salt matrices QM of Figure 17 (a) under, at first with subcomponent key K _5,3,2Only cut apart the number of repetition of carrying out minimum treat unit with two kinds of extensibilities relevantly _NSC ₂, generate the master key K that each minimum treat unit uses _RL, K _RC, K _LCHere, master key K _RLIt is the master key that the key relevant with extensibility L, R generates usefulness.In addition, master key K _RCBe and extensibility R, master key that C is relevant.In addition, master key K _LCIt is the master key that the key relevant with extensibility L, C generates usefulness.(with reference to Figure 17 (b)).

Figure 18 is the figure that makes each stratum pairing key key element generation step that the general encryption key of the performed action of the 4th embodiment generates in the action, the three-dimensional matrice of use stereo display is explained extensibility L, R.In addition, in the minimum treat unit relevant with extensibility L, R, the benchmark extensibility is made as R, and cuts apart master key K through the stratum several 4 with this extensibility R _RLCan obtain 4 Split Key e ^RL _R3, e ^RL _R2, e ^RL _R1, e ^RL _R0(with reference to Figure 17 (b)).

At first, with Split Key e ^RL _R3Be dispensed to the coordinate composition P of three-dimensional matrice _5,3,2After (the oblique line part among Figure 18 (a)), utilize the Split Key e of one-way hash function H successively towards upper stratum from the most the next stratum of extensibility L ^RL _R3Hash operations.That is, the resulting operational data of the pairing coordinate composition of hash operations (among Figure 18 (a), being positioned at all the components with solid line institute area surrounded) is carried out in distribution at every turn.At this moment, with operational data H ^{* 5}(e ^RL _R3) be dispensed in the coordinate composition corresponding with the upper stratum of extensibility L.On the other hand, will be through operational data H to the pairing coordinate composition of upper stratum that is distributed in extensibility L ^{* 5}(e ^RL _R3) further utilize the resulting operational data H of hash operations of one-way hash function H ^{* 6}(e ^RL _R3) be dispensed to the coordinate composition P that is assigned with operational data _{L=0-5, R=3, C=2}Each coordinate composition in addition (being positioned at all the components among Figure 18 (a)) with dotted line institute area surrounded.According to above computing, generate three-dimensional key salt matrices QM _RL1

Then, with Split Key e ^RL _R2Be dispensed to the coordinate composition P of three-dimensional matrice _5,2,2When (the oblique line part among Figure 18 (b)), this Split Key e ^RL _R2Temporarily duplicated (CP) to coordinate composition P _5,3,2And, to stratum 3 and the stratum 2 of extensibility R, utilize the Split Key e of one-way hash function H successively towards upper stratum from the most the next stratum of extensibility L ^RL _R2Hash operations.That is, resulting operational data is dispensed to carries out the pairing coordinate composition of hash operations (being positioned at all the components that is surrounded with solid line among Figure 18 (b)) at every turn.At this moment, with operational data H ^{* 5}(e ^RL _R2) be dispensed to the coordinate composition corresponding with the upper stratum of extensibility L.On the other hand, will be through operational data H to the pairing coordinate composition of upper stratum that is distributed in extensibility L ^{* 5}(e ^RL _R2) further utilize the resulting operational data H of hash operations of one-way hash function H ^{* 6}(e ^RL _R2) be dispensed to the coordinate composition P that is assigned with operational data _{L=0-5, R=2-3, C=2}Each coordinate composition in addition (among Figure 18 (b), being positioned at all the components that is surrounded with dotted line).According to above computing, generate three-dimensional key salt matrices QM _RL2

With above-mentioned same, through Split Key e ^RL _R1(as with the coordinate composition P shown in the oblique line _5,1,2And distribute) hash operations, also generate the three-dimensional key salt matrices QM shown in Figure 18 (c) _RL3In addition, among Figure 18 (c), H representes hash operations, and CP refers to the replication actions of the operational data between the coordinate composition.Moreover, shown in Figure 18 (d), through Split Key e ^RL _R0(as with the coordinate composition P shown in the oblique line _5,0,2And distribute) hash operations, also generate three-dimensional key salt matrices QM _RL4

Then, Figure 19 is the figure that makes the key key element generation step that the general encryption key of the practiced action of the 4th embodiment generates in the action, the three-dimensional matrice explanation of use stereo display is corresponding with each stratum of extensibility R, C.In addition, in the minimum treat unit relevant with extensibility R, C, benchmark extensibility system is made as R, cuts apart master key K through the stratum several 4 with this extensibility R _RC, can obtain 4 Split Key e ^RC _R3, e ^RC _R2, e ^RC _R1, e ^RC _R0(with reference to Figure 17 (b)).

With Split Key e ^RC _R3Be dispensed to the coordinate composition P of three-dimensional matrice _5,3,2After (the oblique line part among Figure 19 (a)), utilize the Split Key e of one-way hash function H successively towards upper stratum from the most the next stratum of extensibility C ^RC _R3Hash operations.That is, resulting operational data is dispensed to carries out the pairing coordinate composition of hash operations (among Figure 19 (a)) at every turn with all the components that solid line was surrounded.At this moment, with operational data H ^{* 2}(e ^RC _R3) be dispensed to the coordinate composition corresponding with the upper stratum of extensibility C.On the other hand, will be through operational data H to the pairing coordinate composition of upper stratum that is distributed in extensibility C ^{* 2}(e ^RC _R3) further utilize the resulting operational data H of hash operations of one-way hash function H ^{* 3}(e ^RC _R3) be dispensed to the coordinate composition P that is assigned with operational data _{L=5, R=3, C=0-2}Each coordinate composition in addition (among Figure 19 (a), being positioned at all the components that is surrounded with dotted line).Generate three-dimensional key salt matrices QM through above computing _RC1

Three-dimensional key salt matrices QM shown in Figure 19 (b) _RC2Generate through repeating following manner: the stratum 2 than benchmark extensibility R is the Split Key e of the next stratum ^RC _R2(as with the coordinate composition P shown in the oblique line _5,2,2And distribute) replication actions and (utilize the Split Key e of one-way hash function H from the most the next stratum of extensibility C towards the hash operations of upper stratum ^RC _R2Hash operations).Same, the three-dimensional key salt matrices QM shown in Figure 19 (c) _RC3Also generate through repeating following manner: the stratum 1 than benchmark extensibility R is the Split Key e of the next stratum ^RC _R1(as with the coordinate composition P shown in the oblique line _5,1,2And distribute) replication actions and (utilize the Split Key e of one-way hash function H from the most the next stratum of extensibility C towards the hash operations of upper stratum ^RC _R1Hash operations).Moreover, the three-dimensional key salt matrices QM shown in Figure 19 (d) _RC4Also generate through repeating following manner: the stratum 0 (upper stratum) than benchmark extensibility R is the Split Key e of the next stratum ^RC _R0(as with the coordinate composition P shown in the oblique line _5,0,2And distribute) replication actions and (utilize the Split Key e of one-way hash function H from the most the next stratum of extensibility C towards the hash operations of upper stratum ^RC _R0Hash operations).

Figure 20 makes the practiced encryption key of the 4th embodiment generate the figure that the general encryption key of action generates in the action, uses the three-dimensional matrice explanation of the stereo display key key element generation step corresponding with each stratum of extensibility L, C.In addition, with extensibility L, the relevant minimum treat unit of C, the benchmark extensibility is made as C, cuts apart master key K through the stratum several 3 with this extensibility C _LC, can obtain 3 Split Key e ^LC _C2, e ^LC _C1, e ^LC _C0(with reference to Figure 17 (b)).

With Split Key e ^LC _C2Be dispensed to the coordinate composition P of three-dimensional matrice _5,3,2After (the oblique line part among Figure 20 (a)), utilize the Split Key e of one-way hash function H successively towards upper stratum from the most the next stratum of extensibility L ^LC _C2Hash operations.That is, resulting operational data is dispensed to carries out the pairing coordinate composition of hash operations (among Figure 20 (a), being positioned at all the components that is surrounded with solid line) at every turn.At this moment, with operational data H ^{* 5}(e ^LC _C2) be dispensed to the coordinate composition corresponding with the upper stratum of extensibility L.On the other hand, will be through operational data H to the pairing coordinate composition of upper stratum that is distributed in extensibility L ^{* 5}(e ^LC _C2) further utilize the resulting operational data H of hash operations of one-way hash function H ^{* 6}(e ^LC _C2) be dispensed to the coordinate composition P that is assigned with operational data _{L=0-5, R=3, C=2}Each coordinate composition in addition (among Figure 20 (a), being positioned at all the components that is surrounded with dotted line).Through above computing, generate three-dimensional key salt matrices QM _LC1

Three-dimensional key salt matrices QM shown in Figure 20 (b) _LC2Generate through repeating following manner: the stratum 1 than benchmark extensibility C is the Split Key e of the next stratum ^LC _C1(as with the coordinate composition P shown in the oblique line _5,3,1And distribute) replication actions, and (utilize the Split Key e of one-way hash function H towards the hash operations of upper stratum from the most the next stratum of extensibility L ^LC _C1Hash operations).Same, the three-dimensional key salt matrices QM shown in Figure 20 (c) _LC3Also generate through repeating following manner: the stratum 0 (upper stratum) than benchmark extensibility C is the Split Key e of the next stratum ^LC _C0(as with the coordinate composition P shown in the oblique line _5,3,0And distribute) replication actions, and (utilize the Split Key e of one-way hash function H towards the hash operations of upper stratum from the most the next stratum of extensibility L ^LC _C0Hash operations).

To through repeating above Figure 18 that hash operations generated-three-dimensional key salt matrices QM shown in Figure 20 _RL1-QM _RL4, QM _RC1-QM _RC4, QM _LC1-QM _LC3, be bonded to each other through coordinate composition unanimity, can obtain according to making the general encryption key of the practiced action of the 4th embodiment generate the part key matrix QM of action.

(the 5th embodiment)

Since utilize the practiced encryption key of the encryption key generating means of above-mentioned the 4th embodiment generate action with the part key genesis sequence relevant with two kinds extensibility at the most as minimum treat unit; When so in case stratum's number of each extensibility increases gradually; Resulting part key can't prevent the above assault of 3 people (in the multidimensional part key matrix like three-dimensional portion key matrix QM of Figure 17 (a), having a plurality of coordinate compositions with same section key).Therefore, the encryption key generating means of the 5th embodiment be generate to the assault more than 3 people also have abundant repellence encryption key.With reference to the three-dimensional portion key matrix QM shown in Figure 17 (a) encryption key generating means of the 5th embodiment is described, and with regard to the extensibility L that becomes access control object, R, C, N is counted in the stratum of this extensibility L (layer) _LBe made as 6, N is counted in the stratum of this extensibility R (resolution levels) _RBe made as 4, N is counted in the stratum of extensibility C (component) _CBe made as 3.At this moment, the package of each stratum among extensibility L, R, the C is the matrix composition P as 6 * 4 * 3 _{I, j, k}(i=0,1,2,3,4,5; J=0,1,2,3; K=0,1,2) handle.In addition, the master key prepared system shown in Figure 17 (a), each the pairing coordinate composition K of the most the next stratum of extensibility L, R, C _5,3,2Become master key (coordinate composition K _0.0.0Be and each the corresponding coordinate composition of upper stratum of extensibility L, R, C).In addition, the encryption key generating means of the 5th embodiment is also identical with the 1st embodiment, has structure shown in Figure 7, more specifically, is achieved through the hardware configuration shown in Fig. 2 (a).In addition, master key is stored in this memory cell 470 through input unit 450 in advance.

At first, practiced encryption key generates in the action in the encryption key generating means of the 5th embodiment, and key cutting unit 461 is shown in figure 21, and two kinds of extensibilities among the extensibility more than three kinds are pre-set in the benchmark extensibility.In the example shown in Figure 21, extensibility L, R have been set in the benchmark extensibility.Especially, benchmark extensibility R (the 1st benchmark extensibility) is to be used for by master key K _5,3,2Generate the extensibility of Split Key.Key cutting unit 461 generates 4 Split Key e corresponding to each stratum of benchmark extensibility R through cutting apart master key with the stratum of extensibility R several 4 ^RL _R3, e ^RL _R2, e ^RL _R1, e ^RL _R0On the other hand, benchmark extensibility L is the extensibility of computing direction that is used for the hash operations of regulation utilization such as above-mentioned one-way hash function.In addition, Figure 21 is that the practiced encryption key of the 5th embodiment that is used for explaining in encryption key generating means of the present invention generates action, generates the figure of an example of the action (key cutting unit 461 actions shown in Figure 7) of Split Key from master key.

The matrix generation unit 462 of the encryption key generating means of the 5th embodiment is to except benchmark extensibility L, each stratum of benchmark extensibility C R, and every a succession of hash operations generation corresponding with each stratum of benchmark extensibility R is worth with the stratum among the extensibility L more than three kinds, R, the C and three-dimensional key matrix (with reference to Figure 17 (a)) that coordinatograph shows.Therefore, among this embodiment, to three kinds of extensibility L, R, C (stratum's number of L: 6; Stratum's number of R: 4; Stratum's number of C: 3), utilize above-mentioned mathematical expression (1) give with total package number be 72, and utilize above-mentioned mathematical expression (2) give with the generation number of three-dimensional key salt matrices be 12.

In addition, Figure 22-Figure 24 is used to explain that three-dimensional key salt matrices that the matrix generation unit 462 of the encryption key generating means through the 5th embodiment carries out generates the figure of step.Especially; Figure 22 representes the most the next stratum (stratum 2) to other benchmark extensibilities C beyond benchmark extensibility L, the R, is dispensed to the three-dimensional key salt matrices QM that predetermined coordinate becomes branch to generate through carrying out the resulting operational data of hash operations successively towards upper stratum from the most the next stratum of extensibility L _1-1, QM _2-1, QM _3-1, QM _4-1Figure 23 representes to be dispensed to the three-dimensional key salt matrices QM that predetermined coordinate becomes branch to generate to than more upper stratum (stratum 1) of 1 stratum only of the most the next stratum of other benchmark extensibilities C beyond the benchmark extensibility L, R through carrying out the resulting operational data of hash operations successively towards upper stratum from the most the next stratum of extensibility L _1-2, QM _2-2, QM _3-2, QM _4-2Figure 24 representes the upper stratum (stratum 0) to the benchmark extensibility C beyond benchmark extensibility L, the R, is dispensed to the three-dimensional key salt matrices QM that predetermined coordinate becomes branch to generate through carrying out the resulting operational data of hash operations successively towards upper stratum from the most the next stratum of extensibility L _1-3, QM _2-3, QM _3-3, QM _4-3

At first, Figure 22 (a) expression utilizes the pairing Split Key e of the most the next stratum with benchmark extensibility R to the most the next stratum 2 of the extensibility C beyond benchmark extensibility L, the R ^RL _R3The three-dimensional key salt matrices QM that is generated _1-1

With Split Key e ^RL _R3Be dispensed to the coordinate composition P of three-dimensional matrice _5,3,2When (the oblique line part among Figure 22 (a)), utilize the Split Key e of one-way hash function H successively from the most the next stratum of extensibility L and towards upper stratum ^RL _R3Hash operations.That is, resulting operational data is dispensed to carries out the pairing coordinate composition of hash operations (among Figure 22 (a), being positioned at all the components that is surrounded with solid line) at every turn.At this moment, with operational data H ^{* 5}(e ^RL _R3) be dispensed to the coordinate composition corresponding with the upper stratum of extensibility L.On the other hand, will be through to being distributed in the operational data H of the coordinate composition corresponding with the upper stratum of extensibility L ^{* 5}(e ^RL _R3) further utilize the resulting operational data H of hash operations of one-way hash function H ^{* 6}(e ^RL _R3) be allocated in the coordinate composition P that is assigned with operational data _{L=0-5, R=3, C=2}Each coordinate composition in addition (among Figure 20 (a), being positioned at all the components that is surrounded with dotted line).According to above computing, generate three-dimensional key salt matrices QM _1-1

Figure 22 (b) expression utilizes the corresponding Split Key e of stratum 2 (the most the next stratum is more upper stratum of 1 stratum only) with benchmark extensibility R to the most the next stratum 2 of the extensibility C beyond benchmark extensibility L, the R ^RL _R2The three-dimensional key salt matrices QM that is generated _2-1

This three-dimensional key salt matrices QM _2-1Generation in, with Split Key e ^RL _R2Be dispensed to the coordinate composition P of three-dimensional matrice _5,2,2(the oblique line part among Figure 22 (b)).At this moment, Split Key e ^RL _R2Temporarily be copied to coordinate composition P _5,3,2And, to stratum 3 and the stratum 2 of extensibility R, utilize the Split Key e of one-way hash function H successively from the most the next stratum of extensibility L and towards upper stratum ^RL _R2Hash operations.That is, resulting operational data is dispensed to carries out the pairing coordinate composition of hash operations (among Figure 22 (b), being positioned at all the components that is surrounded with solid line) at every turn.At this moment, with operational data H ^{* 5}(e ^RL _R2) be dispensed to the coordinate composition corresponding with the upper stratum of extensibility L.On the other hand, will be through to being assigned with the operational data H of the coordinate composition corresponding with the upper stratum of extensibility L ^{* 5}(e ^RL _R2) further utilize the resulting operational data H of hash operations of one-way hash function H ^{* 6}(e ^RL _R2) be dispensed to the coordinate composition P that is assigned with operational data _{L=0-5, R=2-3, C=2}Each coordinate composition in addition (among Figure 22 (b), being positioned at all the components that is surrounded with dotted line).According to above computing, generate three-dimensional key salt matrices QM _2-1

In addition, the three-dimensional key salt matrices QM shown in Figure 22 (c) _3-1Also with the above-mentioned three-dimensional key salt matrices QM of generation _1-1, QM _2-1Identical, through repeating to be the Split Key e of the next stratum than the stratum 1 of benchmark extensibility R ^RL _R1(as with the coordinate composition P shown in the oblique line _5,1,2And distribute) replication actions, and (utilize the Split Key e of one-way hash function H towards the hash operations of upper stratum from the most the next stratum of extensibility L ^RL _R1Hash operations) and generate.Same, the three-dimensional key salt matrices QM shown in Figure 22 (d) _4-1Also through repeating to be the Split Key e of the next stratum than the stratum 0 (upper stratum) of benchmark extensibility C ^RL _R0(as with the coordinate composition P shown in the oblique line _5,0,2And distribute) replication actions, and (utilize the Split Key e of one-way hash function H towards the hash operations of upper stratum from the most the next stratum of extensibility L ^RL _R0Hash operations) and generate.

Then, Figure 23 (a) expression utilizes the corresponding Split Key e of the most the next stratum with benchmark extensibility R to the stratum 1 (the most the next stratum only 1 stratum is upper stratum) of the extensibility C beyond benchmark extensibility L, the R ^RL _R3The three-dimensional key salt matrices QM that is generated _1-2

With Split Key e ^RL _R3Be dispensed to the coordinate composition P of three-dimensional matrice _5,3,2When (the oblique line part among Figure 23 (a)), this Split Key e ^RL _R3Temporarily duplicated (CP) to coordinate composition P _5,3,1And, to each stratum 2 (the most the next stratum) and the stratum 1 (the most the next stratum only 1 stratum is upper stratum) of extensibility C, utilize the Split Key e of one-way hash function H successively from the most the next stratum of extensibility L and towards upper stratum ^RL _R3Hash operations.That is, resulting operational data is dispensed to carries out the pairing coordinate composition of hash operations (among Figure 23 (a), being positioned at all the components that is surrounded with solid line) at every turn.At this moment, with operational data H ^{* 5}(e ^RL _R3) be dispensed to the coordinate composition corresponding with the upper stratum of extensibility L.On the other hand, will be through to being assigned with the operational data H of the coordinate composition corresponding with the upper stratum of extensibility L ^{* 5}(e ^RL _R3) further utilize the resulting operational data H of hash operations of one-way hash function H ^{* 6}(e ^RL _R3) be dispensed to the coordinate composition P that is assigned with operational data _{L=0-5, R=3, C=2-3}Each coordinate composition in addition (among Figure 23 (a), being positioned at all the components that is surrounded with dotted line).According to above computing, generate three-dimensional key salt matrices QM _1-2

Figure 23 (b) expression utilizes the corresponding Split Key e of stratum 2 (the most the next stratum is more upper stratum of 1 stratum only) with benchmark extensibility R to the stratum 1 of the extensibility C beyond benchmark extensibility L, the R ^RL _R2The three-dimensional key salt matrices QM that is generated _2-2

This three-dimensional key salt matrices QM _2-2Generation in, with Split Key e ^RL _R2Be dispensed to the coordinate composition P of three-dimensional matrice _5,2,1(the oblique line part among Figure 23 (b)).At this moment, Split Key e ^RL _R2Temporarily be replicated (CP) to coordinate composition P _{5,2～3,1～2}And, to stratum 3 and the stratum 2 of extensibility R that is stratum 2 and the stratum 1 of extensibility C, utilize the Split Key e of one-way hash function H successively from the most the next stratum of extensibility L and towards upper stratum ^RL _R2Hash operations.That is, resulting operational data is dispensed to the coordinate composition (among Figure 23 (b), being positioned at all the components that is surrounded with solid line) that at every turn carries out the hash operations correspondence.At this moment, with operational data H ^{* 5}(e ^RL _R2) be dispensed to the coordinate composition corresponding with the upper stratum of extensibility L.On the other hand, will be through to being assigned with the operational data H of the coordinate composition corresponding with the upper stratum of extensibility L ^{* 5}(e ^RL _R2) further utilize the resulting operational data H of hash operations of one-way hash function H ^{* 6}(e ^RL _R2) be dispensed to the coordinate composition P that is assigned with operational data _{L=0-5, R=2-3, C=1-2}Each coordinate composition in addition (among Figure 23 (b), being positioned at all the components that is surrounded with dotted line).According to above computing, generate three-dimensional key salt matrices QM _2-2

In addition, the three-dimensional key salt matrices QM shown in Figure 23 (c) _3-2Also be same as and generate above-mentioned three-dimensional key salt matrices QM _1-2, QM _2-2, through repeating to be each Split Key e of the next stratum for the next stratum and than the stratum 1 of benchmark extensibility R than the stratum of benchmark extensibility C 1 ^RL _R1(as with the coordinate composition P shown in the oblique line _5,1,1And distribute) replication actions, and (utilize the Split Key e of one-way hash function H towards the hash operations of upper stratum from the most the next stratum of extensibility L ^RL _R1Hash operations) and generate.Same, the three-dimensional key salt matrices QM shown in Figure 23 (d) _4-2Also through repeating to be the Split Key e of the next stratum for the next stratum and than the stratum 0 (upper stratum) of benchmark extensibility R than the stratum of benchmark extensibility C 1 ^RL _R0(as with the coordinate composition P shown in the oblique line _5,0,1And distribute) replication actions, and (utilize the Split Key e of one-way hash function H towards the hash operations of upper stratum from the most the next stratum of extensibility L ^RL _R0Hash operations) and generate.

Moreover Figure 24 (a) expression utilizes the corresponding Split Key e of stratum 3 (the most the next stratum) with benchmark extensibility R to the stratum 0 (upper stratum) of the extensibility C beyond benchmark extensibility L, the R ^RL _R3The three-dimensional key salt matrices QM that is generated _1-3

With Split Key e ^RL _R3Be dispensed to the coordinate composition P of three-dimensional matrice _5,3,0When (the oblique line part among Figure 24 (a)), this Split Key e ^RL _R3Temporarily duplicated (CP) to coordinate composition P _{5,3, C=1,2}And; To each of the stratum 3 (upper stratum) of stratum 2 (the most the next the stratum)-stratum 0 (upper stratum) of extensibility C and benchmark extensibility R, utilize the Split Key e of one-way hash function H successively from the most the next stratum of extensibility L and towards upper stratum ^RL _R3Hash operations.That is, resulting operational data is dispensed to carries out the pairing coordinate composition of hash operations (among Figure 24 (a), being positioned at all the components that is surrounded with solid line) at every turn.At this moment, with operational data H ^{* 5}(e ^RL _R3) be dispensed to the coordinate composition corresponding with the upper stratum of extensibility L.On the other hand, will be through to being assigned with the operational data H of the coordinate composition corresponding with the upper stratum of extensibility L ^{* 5}(e ^RL _R3) further utilize the resulting operational data H of hash operations of one-way hash function H ^{* 6}(e ^RL _R3) be dispensed to the coordinate composition P that is assigned with operational data _{L=0-5, R=3, C =0-2}Each coordinate composition in addition (among Figure 24 (a), being positioned at all the components that is surrounded with dotted line).According to above computing, generate three-dimensional key salt matrices QM _1-3

Figure 24 (b) expression utilizes the corresponding Split Key e of stratum 2 (the most the next stratum is more upper stratum of 1 stratum only) with benchmark extensibility R to the stratum 0 (upper stratum) of the extensibility C beyond benchmark extensibility L, the R ^RL _R2The three-dimensional key salt matrices QM that is generated _2-3

This three-dimensional key salt matrices QM _2-3Generation in, with Split Key e ^RL _R2Be dispensed to the coordinate composition P of three-dimensional matrice _5,2,0(the oblique line part among Figure 24 (b)).At this moment, Split Key e ^RL _R2Temporarily be replicated (CP) to coordinate composition P _5,2-3,0-2And; To each of the stratum 3 of stratum 2 (upper the stratum)-stratum 0 (the most the next stratum) of extensibility C and extensibility R and stratum 2, utilize the Split Key e of one-way hash function H successively from the most the next stratum of extensibility L and towards upper stratum ^RL _R2Hash operations.That is, resulting operational data is dispensed to carries out the pairing coordinate composition of hash operations (among Figure 24 (b), being positioned at all the components that is surrounded with solid line) at every turn.At this moment, with operational data H ^{* 5}(e ^RL _R2) be dispensed to the coordinate composition corresponding with the upper stratum of extensibility L.On the other hand, will be through to being assigned with the operational data H of the coordinate composition corresponding with the upper stratum of extensibility L ^{* 5}(e ^RL _R2) further utilize the resulting operational data H of hash operations of one-way hash function H ^{* 6}(e ^RL _R2) be dispensed to the coordinate composition P that is assigned with operational data _{L=0-5, R=2-3, C=0-2}Each coordinate composition in addition (among Figure 24 (b), being positioned at all the components that is surrounded with dotted line).According to above computing, generate three-dimensional key salt matrices QM _2-3

In addition, the three-dimensional key salt matrices QM shown in Figure 24 (c) _3-3Also be same as above-mentioned three-dimensional key salt matrices QM _1-3, QM _2-3Generation, through repeating than the stratum 0 (upper stratum) of benchmark extensibility C for the next stratum and than each the Split Key e of the stratum 1 of benchmark extensibility R for the next stratum ^RL _R1(as with the coordinate composition P shown in the oblique line _5,1,0And distribute) replication actions, and (utilize the Split Key e of one-way hash function H towards the hash operations of upper stratum from the most the next stratum of extensibility L ^RL _R1Hash operations) and generate.Same, the three-dimensional key salt matrices QM shown in Figure 24 (d) _4-3Also through repeating to be the Split Key e of the next stratum for the next stratum and than the stratum 0 (upper stratum) of benchmark extensibility R than the stratum 0 (upper stratum) of benchmark extensibility C ^RL _R0(as with the coordinate composition P shown in the oblique line _5,0,0And distribute) replication actions, and (utilize the Split Key e of one-way hash function H towards the hash operations of upper stratum from the most the next stratum of extensibility L ^RL _R0Hash operations) and generate.

Like upper type, to repeat Figure 22-three-dimensional key salt matrices QM shown in Figure 24 that hash operations generates through matrix generation unit 462 _1-1-QM _4-1, QM _1-2-QM _4-2, QM _1-3-QM _4-3, coordinate composition each is consistent through key generation unit 463 is bonded to each other, and can obtain three-dimensional portion key salt matrices QM.Output unit 480 will export coding unit 410 to through the three-dimensional portion key that key generation unit 463 is generated.

Can clearly learn and can the present invention be carried out distortion miscellaneous by above explanation of the present invention.Such distortion does not break away from thought of the present invention and scope, is contained in the scope of claim for natural improvement for a person skilled in the art.

Claims (6)

1. encryption key generating means; Be applicable to the communication system of the delivery service that numerical data is provided; And be used to generate the encryption key that is utilized when this numerical data carried out encoding and decoding; Said numerical data has stratum's extensibility of multiple (>=2), and said encryption key generating means is characterised in that to possess:

Input unit; Be used to obtain encryption key; This encryption key is each of the 1st and the 2nd extensibility of selecting from said multiple extensibility, meets the encryption key that encoding and decoding utilized that is positioned at the data unit of the most the next stratum in the stratum of the grade of service that said communication system permits;

Memory cell will be stored as master key by the encryption key that said input unit is obtained;

The key cutting unit; Through cutting apart the said master key of reading from said memory cell, generate Split Key corresponding to each stratum of said the 1st extensibility with the stratum's number that is set at the 1st extensibility of benchmark extensibility in the said the 1st and the 2nd extensibility;

The matrix generation unit; When generating the key salt matrices that coordinate shows with stratum's value of the said the 1st and the 2nd extensibility for the stratum of each said the 1st extensibility; For the key salt matrices that generates based on a Split Key among the said Split Key that generates by said key cutting unit; To the stratum in pairing the 1st extensibility of a said at least Split Key and in said the 2nd extensibility from the respectively corresponding coordinate composition of the most the next stratum to upper stratum, distribute through the recycling one-way hash function and carry out the hash operations of a said Split Key and the operational data that obtains successively;

The key generation unit through the consistent key key element of coordinate between the said key salt matrices that combines to be generated by said matrix generation unit, generates the pairing part key of data unit of each stratum in the said the 1st and the 2nd extensibility; And

Output unit will export any the device at least in the encoding and decoding that carries out said numerical data to through the part key that said key generation unit generates.

2. encryption key generating means according to claim 1, wherein, said key cutting unit selects the few extensibility of the said the 1st and the 2nd extensibility scala media number of plies as said benchmark extensibility.

3. encryption key generating means according to claim 1 and 2; Wherein, Said matrix generation unit; Composition information as the key salt matrices that generates based on a Split Key among the said Split Key; To being equivalent to than the stratum in pairing the 1st extensibility of this Split Key is to be positioned at the next stratum and from each coordinate composition of the most the next stratum to the upper stratum of said the 2nd extensibility; Distribute and the identical operational data of the resulting successively operational data of stratum that is directed against this Split Key; On the other hand; To being equivalent to than the stratum in pairing the 1st extensibility of this Split Key is to be positioned at upper stratum and to distribute following operational data from all coordinate compositions of the most the next stratum to the upper stratum of said the 2nd extensibility, promptly to the key key element of the upper stratum of said the 2nd extensibility among the key key element of this pairing stratum of Split Key, utilize one-way hash function to carry out the resulting operational data of hash operations.

4. according to each described encryption key generating means among the claim 1-3; Wherein, Said matrix generation unit; All combinations to two kinds of extensibilities can selecting from said multiple extensibility; Generation is with the stratum in these two kinds of extensibilities value and the part key salt matrices of coordinate performance, and generates stratum's table of all combinations of the stratum's value in the said multiple extensibility of expression, and this stratum's table is according to the stratum's value that is made up and coordinate shows with the part key matrix of the pairing part key of the data unit of each stratum in the said multiple extensibility as composition;

Said key generation unit; All combinations to the stratum's value in the said stratum table; Kind according to two stratum's values among the stratum's value that constitutes a combination and extensibility thereof confirms, be directed against each composition of said part key salt matrices that all combinations of two kinds of extensibilities generate through combination, generates the part key as the composition of said part key matrix successively.

5. encryption key generating means; Be applicable to the communication system of the delivery service that numerical data is provided; And be used to generate the encryption key that is utilized when this numerical data carried out encoding and decoding; Said numerical data has stratum's extensibility of multiple (>=3), and said encryption key generating means is characterised in that to possess:

Input unit; Be used to obtain encryption key; This encryption key is in each of said multiple extensibility, meets the encryption key that encoding and decoding utilized that is positioned at the data unit of the most the next stratum in the stratum of the grade of service that said communication system permits;

Memory cell will be stored as master key by the encryption key that said input unit is obtained;

The key cutting unit; Through cutting apart the said master key of reading from said memory cell, generate Split Key corresponding to each stratum of said the 1st benchmark extensibility with stratum's number of the 1st benchmark extensibility in the 1st and the 2nd benchmark extensibility of from said multiple extensibility, selecting;

The matrix generation unit; Each stratum to other each extensibilities beyond the said the 1st and the 2nd benchmark extensibility among the said multiple extensibility; Whenever corresponding to a succession of computing of each stratum of said the 1st benchmark extensibility; Generation is the multidimensional key salt matrices of coordinate performance with the value of the stratum in the said multiple extensibility; For each of resulting multidimensional key salt matrices; To the stratum in pairing the 1st benchmark extensibility of a Split Key among the said Split Key that generates by said key cutting unit at least and each pairing coordinate composition of the most the next stratum to the upper stratum from said the 2nd benchmark extensibility, distribute through the recycling one-way hash function and carry out the hash operations of this Split Key and the operational data that obtains successively;

The key generation unit; Each stratum to said other each extensibilities; Whenever corresponding to a succession of computing of each stratum of said the 1st benchmark extensibility; Each the consistent composition of coordinate of the said multidimensional key salt matrices that generated by said matrix generation unit of being bonded to each other generates the pairing part key of data unit of each stratum in the said multiple extensibility thus; And

Output unit will export any the device at least in the encoding and decoding that carries out said numerical data to through the part key that said key generation unit generates.

6. encryption key generating means according to claim 5; Wherein, Said matrix generation unit; Each stratum to said other each extensibilities; As whenever corresponding to each composition information of the said multidimensional key salt matrices that a succession of computing generated of each stratum of said the 1st benchmark extensibility; Be positioned at the next stratum and from each coordinate composition of the most the next stratum to the upper stratum of said the 2nd benchmark extensibility to being equivalent to each each stratum of more pairing said other extensibilities and said the 1st benchmark extensibility; Distribute the identical operational data of operational data that the Split Key that stratum distributed of this 1st corresponding benchmark extensibility is obtained successively with use; On the other hand; Be positioned at upper stratum and distribute following operational data being equivalent to each stratum of more pairing said other extensibilities and said the 1st benchmark extensibility from each all coordinate compositions of the most the next stratum to the upper stratum of said the 2nd benchmark extensibility, promptly to the key key element of the upper stratum of said the 2nd benchmark extensibility among the key key element of this pairing stratum of Split Key, utilize one-way hash function to carry out the resulting operational data of hash operations.

Images