Title of Invention	A METHOD FOR GROUP KEY GENERATION
Abstract	METHOD AND APPARATUS FOR GROUP KEY GENERATION A key generation system is disclosed that provides for the generation of privileged group keys based on the input of a privileged group. The system performing the key generation has stored component keys corresponding to every possible subset X of the unitary set, where subsets X have k or fewer members. The privileged group key is generated for the privileged set by passing ordered component keys of subsets X that do not contain members of the privileged set to a pseudo random function

Title of Invention

A METHOD FOR GROUP KEY GENERATION

Abstract

METHOD AND APPARATUS FOR GROUP KEY GENERATION A key generation system is disclosed that provides for the generation of privileged group keys based on the input of a privileged group. The system performing the key generation has stored component keys corresponding to every possible subset X of the unitary set, where subsets X have k or fewer members. The privileged group key is generated for the privileged set by passing ordered component keys of subsets X that do not contain members of the privileged set to a pseudo random function

Full Text	SUMMARY OF THE INVENTION I 00031 One aspect of the disclosed invention provides a group key generation method jor a set of authorized users' receivers. The method provides a component key for each possible snVtset X of receivers with fewer than k memhers, where k is a predefined constant. An injeclive ordering function places the subsets X in a particuhir order. For the subset of authorized receivers, the subsets X that do not contain members of the privileged subset are tietcrmincd. The component keys associated with each such subset X are identilled. A pscudo random function that takes as inputs the component keys associated with subsets disjoint irom the privileged set with a size less than k, in the order defined by the injectivc ordering lunction, and outputs a group key. 10004] Another aspect of the disclosed invention provides a receiver with a tamper resistant environment that performs group key generation. Ihe tamper resistant environment stores a plurality of component keys and a device II). l-or each de\'ice. there is ;U least one stored component key corresponding to each possible subset X of whicli the de\ice is not a member, wherein the subsets X describe every set (>f receivers with Icwcr than k members. I Tpon the receipt of a privileged group dellnition, the receiver's tamper resistant hardware determines if the receiver is a member of the privileged group. If so, logic in the tamper resistant environment determines the subsets X of size less than k that do not contain members of the privileged group, these groups are ordered as determined by an injeclive ordering function. The component keys associated with the ordered groups are applied as parameters for a pseudo random function in the order dictated by the ordering function, the output of the pseudo random function is the privileged group key. overtss and on-demand programming. To facilitate this variety, content providers typically encrypt some or all of their content and only allow authorized receivers to decrypt content corresponding to the services the user purchased. I i)i) I 2 I Consistent with the encryption system, the content providers 10 spill employ hardware anti software to encrypt at least some of the transmitted content and receivers 15 will have hardware and software to decrypt content. The receivers' hardware could be embodied in a wide variety of devices, for example, a television set top box, a mobile terminal or a general-purpose computer. 'To maintain the security of the encryption scheme, the receivers' hardware and/or software will inchile a tamper-resistant environment 16 that contains the information and logic required to participate in the encryption system, 'fhe tamper-resistant envirt>nment 16 helps to ensure that users attempting to defeat the encryption system do not have access to the system's secrets. The tamper-resistant environment 16 can be embodied via any of the Systems and methods known in the art. [0013] Management of the encrytion/decryption system, however. raises a number of difficulties. One particular problem is the management and distribution of secret keys and algorithms used to practice the system. As the number of system receivers or the number of discrete encryption events becomes large key management becomes daiinting. (00 1 4] Ihe disclosed systems and methods provide for the efficient and secure generation and distribution of the keys recjuired to encrypt and decrypt content. The disclosed systems and methods allow both the content provider and authorized receivers' tampcr-rcsistant environment 16 to generate matching keys from a set of shared secret information and logic. Moreover, the disclosed system allows the content provider and the receivers' tamper-resistant environment 16 to generate matching group keys for a subset of authorized users. The defmition [0041] Furthermore, since numerous modifincations and variations will reavlily been to those skilled in the art, it is not desired that the present invention be limited to the exact instruction and operation illustrated and described herein. Accordingly, all suitable modifications and equivalents that may he resorted to are intended to fall within the scope at the claims. CLAIMS 1 - A group key generation method comprising: for a set oi receivers, provide a component key for each possible subset X ol receivers with fewer than k members, where k is a predetined constant; define an iterative ordering function that orders the subsets X; for a subset of privileged receivers, determine which subsets X do nt)l eoniam members of the privileged subset and identify the component keys associated with each such subset X; defme a pseudo random function that takes an arbitrary number of component keys as inputs and outputs a group key; and use the component keys ;isst>eiated with subsets oi X of size less than k not containing members of" the privik\ucd subset as inputs ti> the pseudv) raiulom luneih-n. wherein the component keys are applied to the sendo random function in the order given by the iterative ordering function and the output of the pseudo random tunction is d privileged receiver specific group key. 2. The method of cIaim 1 further comprising: an additional iterative ordering function that assigns component keys to each subset X. 3. The method of claim 1 wherein, the method is performed by the receiver: and wherein the receiver only performs the method if it is a member of the jirixilcged subset. 4. The method of claim 1, wherein the pseudo random function is based on Al.S-XCBC-MAC. 5. The method of claim 1, wherein the psendo random function is based on HMAC_SHA1. 6. The method of claim 1, wherein in the pscudo random function lakesan an additional salt parameter. 7. A receiver comprising: a tamper resistant environment, comprising storage and logic; a plurality of component keys and a device ID stored in the tamper resistant environment, wherein there is at least one component key corresponding to each possible subset X of which the receiver is no! a member, wherein the subsets X describe c\'cr\ :;cl of receivers with fewer than k members: wherein upon the receipt of a privileged group definition, logic in the lamjKi resistant environment determines the subsets X that do not ccMilain members of the privileged group, each such group is ordered as determined by am injective ordering function, the component keys associated with the ordered groups are used as paramelers for a pscudo random function and applied in the order dictated by the ordering function; and wherein the output of the pscudo random function is a privileged group key. 8. The receiver of claim 7, wherein the pscudo random function is based o\\ A1:S- XCBC-MAC. 9. The receiver of claim 7, wherein the pscudo random iunction is based on HMAC SHAl. 10. The receiver of claim 7, wherein in the pseudo random function takes an additional salt parameter. 11. A program product providing group key generation comprising: a computer readable medium; program code stored in the computer readable medium that defines an iterative ordering function that orders subsets X, where subsets X are subsets of the set tit all receivers having less than a pre-determined number of members; program code stored in the computer readable medium that upon receipt ol a group definition determines which subsets X do not contain any members of within the group definition and identifies a component key associated with each such subset X; program code stored in the computer readable medium comprising a pseutlo random function that takes an arbitrary number of component keys as inputs and outputs a group key; and program code stored in the computer readable medium that uses the comi^onent keys associated with subsets of X that do not contain members within the group defmition as inputs to the pseudo random function, wherein the component keys are applied to the pseudo random function in the order given by the iterative ordering function and the output of the pseudo random function is a privileged receiver SPECIFIC group key.

Full Text

SUMMARY OF THE INVENTION
I 00031 One aspect of the disclosed invention provides a group key generation method jor
a set of authorized users' receivers. The method provides a component key for each possible snVtset X of receivers with fewer than k memhers, where k is a predefined constant. An injeclive ordering function places the subsets X in a particuhir order. For the subset of authorized receivers, the subsets X that do not contain members of the privileged subset are tietcrmincd. The component keys associated with each such subset X are identilled. A pscudo random function that takes as inputs the component keys associated with subsets disjoint irom the privileged set with a size less than k, in the order defined by the injectivc ordering lunction, and outputs a group key.
10004] Another aspect of the disclosed invention provides a receiver with a tamper
resistant environment that performs group key generation. Ihe tamper resistant environment stores a plurality of component keys and a device II). l-or each de\'ice. there is ;U least one stored component key corresponding to each possible subset X of whicli the de\ice is not a member, wherein the subsets X describe every set (>f receivers with Icwcr than k members. I Tpon the receipt of a privileged group dellnition, the receiver's tamper resistant hardware determines if the receiver is a member of the privileged group. If so, logic in the tamper resistant environment determines the subsets X of size less than k that do not contain members of the privileged group, these groups are ordered as determined by an injeclive ordering function. The component keys associated with the ordered groups are applied as parameters for a pseudo random function in the order dictated by the ordering function, the output of the pseudo random function is the privileged group key.

overtss and on-demand programming. To facilitate this variety, content providers typically encrypt some or all of their content and only allow authorized receivers to decrypt content corresponding to the services the user purchased.
I i)i) I 2 I Consistent with the encryption system, the content providers 10 spill employ
hardware anti software to encrypt at least some of the transmitted content and receivers 15 will have hardware and software to decrypt content. The receivers' hardware could be embodied in a wide variety of devices, for example, a television set top box, a mobile terminal or a general-purpose computer. 'To maintain the security of the encryption scheme, the receivers' hardware and/or software will inchile a tamper-resistant environment 16 that contains the information and logic required to participate in the encryption system, 'fhe tamper-resistant envirt>nment 16 helps to ensure that users attempting to defeat the encryption system do not have access to the system's secrets. The tamper-resistant environment 16 can be embodied via any of the Systems and methods known in the art.
[0013] Management of the encrytion/decryption system, however. raises a number of
difficulties. One particular problem is the management and distribution of secret keys and algorithms used to practice the system. As the number of system receivers or the number of discrete encryption events becomes large key management becomes daiinting.
(00 1 4] Ihe disclosed systems and methods provide for the efficient and secure
generation and distribution of the keys recjuired to encrypt and decrypt content. The disclosed systems and methods allow both the content provider and authorized receivers' tampcr-rcsistant environment 16 to generate matching keys from a set of shared secret information and logic. Moreover, the disclosed system allows the content provider and the receivers' tamper-resistant environment 16 to generate matching group keys for a subset of authorized users. The defmition

[0041] Furthermore, since numerous modifincations and variations will reavlily been to
those skilled in the art, it is not desired that the present invention be limited to the exact instruction and operation illustrated and described herein. Accordingly, all suitable modifications and equivalents that may he resorted to are intended to fall within the scope at the claims.

CLAIMS
1 - A group key generation method comprising:
for a set oi receivers, provide a component key for each possible subset X ol receivers with fewer than k members, where k is a predetined constant;
define an iterative ordering function that orders the subsets X;
for a subset of privileged receivers, determine which subsets X do nt)l eoniam members of the privileged subset and identify the component keys associated with each such subset X;
defme a pseudo random function that takes an arbitrary number of component keys as inputs and outputs a group key; and
use the component keys ;isst>eiated with subsets oi X of size less than k not containing members of" the privik\ucd subset as inputs ti> the pseudv) raiulom luneih-n. wherein the component keys are applied to the sendo random function in the order given by the iterative ordering function and the output of the pseudo random tunction is d privileged receiver specific group key.
2. The method of cIaim 1 further comprising:
an additional iterative ordering function that assigns component keys to each subset X.
3. The method of claim 1 wherein, the method is performed by the receiver: and wherein the receiver only performs the method if it is a member of the jirixilcged subset.
4. The method of claim 1, wherein the pseudo random function is based on Al.S-XCBC-MAC.

5. The method of claim 1, wherein the psendo random function is based on
HMAC_SHA1.
6. The method of claim 1, wherein in the pscudo random function lakesan
an additional salt parameter.
7. A receiver comprising:
a tamper resistant environment, comprising storage and logic;
a plurality of component keys and a device ID stored in the tamper resistant environment, wherein there is at least one component key corresponding to each possible subset X of which the receiver is no! a member, wherein the subsets X describe c\'cr\ :;cl of receivers with fewer than k members:
wherein upon the receipt of a privileged group definition, logic in the lamjKi resistant environment determines the subsets X that do not ccMilain members of the privileged group, each such group is ordered as determined by am injective ordering function, the component keys associated with the ordered groups are used as paramelers for a pscudo random function and applied in the order dictated by the ordering function; and
wherein the output of the pscudo random function is a privileged group key.
8. The receiver of claim 7, wherein the pscudo random function is based o\\ A1:S-
XCBC-MAC.
9. The receiver of claim 7, wherein the pscudo random iunction is based on HMAC SHAl.
10. The receiver of claim 7, wherein in the pseudo random function takes an
additional salt parameter.

11. A program product providing group key generation comprising:
a computer readable medium;
program code stored in the computer readable medium that defines an iterative ordering function that orders subsets X, where subsets X are subsets of the set tit all receivers having less than a pre-determined number of members;
program code stored in the computer readable medium that upon receipt ol a group definition determines which subsets X do not contain any members of within the group definition and identifies a component key associated with each such subset X;
program code stored in the computer readable medium comprising a pseutlo random function that takes an arbitrary number of component keys as inputs and outputs a group key; and
program code stored in the computer readable medium that uses the comi^onent keys associated with subsets of X that do not contain members within the group defmition as inputs to the pseudo random function, wherein the component keys are applied to the pseudo random function in the order given by the iterative ordering function and the output of the pseudo random function is a privileged receiver SPECIFIC group key.

Documents:

http://ipindiaonline.gov.in/patentsearch/GrantedSearch/viewdoc.aspx?id=pZIn/aOW+J2XTDUKRZi5RA==&loc=egcICQiyoj82NGgGrC5ChA==

« Previous Patent

Next Patent »

Patent Number

268782

Indian Patent Application Number

4711/CHENP/2007

PG Journal Number

38/2015

Publication Date

18-Sep-2015

Grant Date

16-Sep-2015

Date of Filing

23-Oct-2007

Name of Patentee

NOKIA CORPORATION

Applicant Address

KEILALAHDENTIE 4, FIN-02150 ESPOO, FINLAND

Inventors:

#	Inventor's Name	Inventor's Address
1	TARKKALA LAURI	TIKLINKUJA 8B4, FI-02660 ESPOO, FINLAND

PCT International Classification Number

H04L 9/08

PCT International Application Number

PCT/IB2006/000992

PCT International Filing date

2006-04-24

PCT Conventions:

#	PCT Application Number	Date of Convention	Priority Country
1	60/674,959	2005-04-25	U.S.A.