Tag generation method in broadcast encryption system

Abstract

A tag generation method for generating tags used in data packets in a broadcast encryption system is provided. The method includes detecting at least one revoked leaf node; setting a node identification (node ID) assigned to at least one node among nodes assigned node IDs at a layer 0 and to which the at least one revoked leaf node is subordinate, to a node path identification (NPID) of the at least one revoked leaf node at the layer 0; generating a tag list in the layer 0 by combining the NPID of each of the at least one revoked leaf nodes at the layer 0 in order of increment of node IDs of the corresponding at least one revoked leaf nodes; and generating a tag list in a lowest layer by repeatedly performing the setting and generation operation down to the lowest layer.

Claims

1. A tag generation method for generating tags used in a broadcast encryption system which has a layered structure and which includes a plurality of node groups each consisting of a predetermined number of nodes, the method comprising: detecting at least one revoked leaf node; setting a node identification (ID) assigned to at least one node among nodes assigned node IDs at a layer 0 and to which the at least one revoked leaf node is subordinate, to a node path identification (NPID) of the at least one revoked leaf node at the layer 0; generating, by a server device, a tag list in the layer 0 by combining the NPID of each of the at least one revoked leaf nodes at the layer 0 in incrementing order of node IDs of the corresponding at least one revoked leaf nodes; and generating a tag list in layers below the layer 0 by performing the setting operation in each layer below the layer 0 and generating a tag list for each layer below the layer 0 by combining the NPID of each of the at least one revoked leaf nodes at each layer below the layer 0 in incrementing order of node IDs of the corresponding at least one revoked leaf nodes; wherein the tag list generated in each layer includes all of the combined NPID's for a single layer, and wherein, for the tag list in each layer, each NPID is combined with a group ID (GID) of a parent node of a node corresponding to the NPID, the plurality of node groups are circular node groups.

2. The tag generation method of claim 1, wherein: the layered structure arranged from a highest layer 0 to a lowest layer N; and the revoked leaf node is in the lowest layer N.

3. The tag generation method of claim 1, wherein a first NPID at each layer is combined with a GID 0.

4. The tag generation method of claim 3, wherein, a second NPID, within a first node group of the plurality of node groups, at each layer is combined with a same GID that is combined with the first NPID.

5. The tag generation method of claim 3, wherein, a second NPID, within a second node group different from a first node group corresponding to the first NPID, at each layer is combined with a GID which is a remainder after adding 1 to the first NPID and dividing by 2.

6. The tag generation method of claim 1, wherein the NPID is combined with a GID of a parent node of a node corresponding to the NPID.

7. The tag generation method of claim 1, wherein the node ID is assigned as a hexadecimal, and each node group of the plurality of node groups comprises 16 nodes.

8. The tag generation method of claim 1, wherein the lowest layer is a layer 15.

9. The tag generation method of claim 1, wherein, when all leaf nodes along lower branches from a certain node in a tree topology are revoked, an NPID of the revoked leaf nodes is substituted by a smallest NPID of the NPIDs.

10. The tag generation method of claim 9, wherein the smallest NPID used for the substitution is combined with a binary GID where 1s as many as a defined number are consecutively arranged.

11. The tag generation method of claim 10, wherein the defined number is a log to a base 2 of a number of nodes in a node group including a node corresponding to the NPID.

12. The tag generation method of claim 1, wherein a combination of NPIDs at each layer with respect to the at least one revoked leaf node is a node ID of the at least one revoked leaf node.

Description

BRIEF DESCRIPTION OF THE DRAWING FIGURES

(1) These and other aspects of the present invention will become more apparent from the following description of exemplary embodiments thereof, with reference to the accompanying drawings, in which:

(2) FIG. 1 is a diagram illustrating assigning keys to nodes in a conventional BE system.

(3) FIG. 2 is a diagram illustrating a layered structure of circular node groups of FIG. 1;

(4) FIG. 3 is a diagram illustrating a layered structure adopting a tag generation method according to an exemplary embodiment of the present invention;

(5) FIG. 4 is a diagram illustrating the revocation of all leaf nodes subordinate to a node at a certain layer according to an exemplary embodiment of the present invention; and

(6) FIG. 5 is a graph illustrating the tag size according to the tag generation method according to an exemplary embodiment of the present invention.

DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENTS OF THE PRESENT INVENTION

(7) Certain exemplary embodiments of the present invention will now be described in greater detail with reference to the accompanying drawings.

(8) In the following description, the same drawing reference numerals are used to refer to the same elements, even in different drawings. The matters defined in the following description, such as detailed construction and element descriptions, are provided as examples to assist in a comprehensive understanding of the invention. Also, well-known functions or constructions are not described in detail, since they would obscure the invention in unnecessary detail.

(9) FIG. 3 depicts a layered structure adopting a tag generation method according to an exemplary embodiment of the present invention.

(10) FIG. 3 shows that the layered structure consists of three layers 0, 1 and 2. However, any number of layers may be used. Note that each node group in FIG. 3 may be a circular node group as shown in FIG. 2. To ease the understanding, the circular formation is not illustrated in the drawings.

(11) Referring now to FIG. 3, the layer 0 includes a node group consisting of 16 nodes. The layer 1 has a child node group built up with node groups each consisting of 16 nodes, each node group of layer 1 corresponding to a respective one of the 16 nodes at the layer 0. The node groups of layer 1 are subordinate to the 16 nodes of the layer 0, respectively. In other words, there are 16 node groups each consisting of the 16 nodes at the layer 1, and accordingly, 16.sup.2 nodes are present in total.

(12) At the layer 2, a child node group includes node groups each consisting of 16 nodes for each of the respective 16.sup.2 nodes at the layer 1. In other words, since there are 16.sup.2 node groups each consisting of the 16 nodes are present at the layer 2, 16.sup.3 nodes are present in total. Herein, the 16.sup.3 nodes at the lowest layer 2 are referred to as leaf nodes.

(13) In this exemplary embodiment of the present invention, the layered structure may include 16 layers, that is, layers 0 through 15. In this case, the layer 15 has a child node group built up with node groups each consisting of 16 nodes for the respective 16.sup.15 nodes at the layer 14. That is, there are 16.sup.15 node groups each consisting of 16 nodes at the layer 15, and accordingly, 16.sup.16 nodes, that is, 16.sup.16 leaf nodes are present in total.

(14) Hereafter, how to determine a node identifier (node ID) of a leaf node is described in detail.

(15) In this exemplary embodiment of the present invention, hexadecimals from 0 to F are assigned to the nodes in each node group of FIG. 3 according to an order, as their serial numbers. Provided that the number of nodes in each node group is N, the serial numbers from 0 to N1 are assigned to the nodes in each node group.

(16) In FIG. 3, according to the tag generation method of an exemplary embodiment of the present invention, the node ID of the leaf node is a consecutive arrangement of the serial numbers assigned to the nodes, to which the leaf node is subordinate, at the layers 0 through 15. Hereafter, the serial number at each layer is referred to as a node path identifier (NPID) at each layer with respect to the corresponding leaf node. In conclusion, the arrangement of the NPIDs at the layers is the node ID of the corresponding leaf node.

(17) Table 2 shows the determination of the node ID of the leaf node according to the tag generation method of the present invention.

(18) TABLE-US-00002 TABLE 2 i ii iii iv v vi vii viii ix Layer 0 1 1 1 1 1 8 8 8 8 Layer 1 B B B B B 0 0 0 F Layer 2 1 2 B C D 2 6 B 8

(19) Still referring to FIG. 3, the leaf node indicated by solid circle at the layer 2 denotes the revoked leaf node. Provided that 9 nodes are revoked in total, the node ID of each revoked leaf node is created according to the following scheme. Priority 1: the order from the upper layer to the lower layer. Priority 2: at the same layer, the smaller NPID assigned to the parent node. Priority 3: in the same node group, the smaller NPID of the corresponding node group.

(20) According to the priorities, in case of the node ID of the revoked leaf node i, a NPID 1 is assigned to its parent node at the layer 0 being the highest layer. 1 becomes the NPID of the revoked leaf node i at the layer 0. Next, the NPID B is assigned to the parent node of the node i, at the layer 1. B becomes the NPID of the revoked leaf node i at the layer 1. Lastly, the NPID 1 is assigned to the revoked leaf node i at the layer 2. 1 becomes the NPID of the revoked leaf node i at the layer 2. As such, the node ID of the revoked leaf node is determined to be [1, B, 1].

(21) As for the node ID of the revoked leaf node vi, the parent node of the node vi, at the layer 0 being the highest layer, is assigned a NPID 8. 8 becomes the NPID of the revoked leaf node vi at the layer 0. Next, the parent node of the node vi, at the layer 1, is assigned a NPID 0. 0 becomes the NPID of the revoked leaf node vi at the layer 1. Lastly, an NPID 2 is assigned to the revoked leaf node vi at the layer 2. 2 becomes the NPID of the revoked leaf node vi at the layer 2. As such, the node ID of the revoked leaf node vi is determined to [8, 0, 2].

(22) Table 3 shows the rearrangement in the line writing direction of the determined node IDs of the revoked leaf nodes of Table 2.

(23) TABLE-US-00003 TABLE 3 Layer 0 Layer 1 Layer 2 1 1 1 1 1 8 8 8 8 B B B B B 0 0 0 F 1 2 B C D 2 6 B 8

(24) However, in practice, when transmitting the tag information to the leaf node, a group ID (GID) is appended to the NPID. Table 4 shows the combination of the GID according to an exemplary embodiment of the present invention.

(25) TABLE-US-00004 TABLE 4 Layer 0 Layer 1 Layer 2 GID 0 0 0 0 0 0 0 0 0 1 1 1 1 1 8 8 8 8 B B B B B 0 0 0 F NPID 1 1 1 1 1 8 8 8 8 B B B B B 0 0 0 F 1 2 B C D 2 6 B 8

(26) In Table 4, the GID combined with the NPID at each layer becomes the NPID of the parent node of the node at each layer corresponding to the revoked leaf node. Note that the GID at the layer 0 is 0 because the node corresponding to the revoked leaf node, at the layer 0, has no parent node.

(27) That is, the NPID is combined with the GID that is the NPID of the parent node of the node corresponding to the NPID.

(28) Table 5 shows tag tables transmitted to the leaf nodes when the GIDs are combined as shown in Table 4.

(29) TABLE-US-00005 TABLE 5 Tag 01 01 01 01 01 08 08 08 08 Layer 0 table 1B 1B 1B 1B 1B 80 80 80 8F Layer 1 B1 B2 BB BC BD 02 06 0B F8 Layer 2

(30) Table 6 shows the combination of the GID according to an alternative embodiment of the present invention.

(31) TABLE-US-00006 TABLE 6 Layer 0 Layer 1 Layer 2 GID 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 0 0 0 0 0 1 1 1 0 NPID 1 1 1 1 1 8 8 8 8 B B B B B 0 0 0 F 1 2 B C D 2 6 B 8

(32) In Table 6, the first NPID at each layer is combined with the GID 0. The NPID from the second NPID at each layer is combined with the same GID as the GID of the previous NPID within the same node group as the previous NPID.

(33) By contrast, in the different node group from the previous NPID, the NPID after the second NPID at each layer is combined with the GID that is the remainder after adding 1 to the previous NPID and dividing it by 2. More specifically, in case that the NPID from the second NPID at each layer is in the different node group from the previous NPID, the previous GID 1 becomes 0 and the previous GID 0 becomes 1.

(34) Table 7 shows tag tables transmitted to the respective leaf nodes according to the GID combination method as shown in Table 6.

(35) TABLE-US-00007 TABLE 7 Tag 01 01 01 01 01 08 08 08 08 Layer 0 table 0B 0B 0B 0B 0B 10 10 10 1F Layer 1 01 02 0B 0C 0D 12 16 1B 08 Layer 2

(36) In this exemplary embodiment of the present invention, it can be assumed that all leaf nodes subordinate to a node at the specific layer are fully revoked.

(37) FIG. 4 depicts the full revocation of all leaf nodes subordinate to a node at the specific layer according to an exemplary embodiment of the present invention.

(38) In FIG. 4, the layered structure consists of three layers 0, 1 and 2. However, this is only an example, and the layered structure may have any number of layers. As shown in FIG. 4, the layer 0 includes a node group consisting of 4 nodes. The layer 1 has a child node group built up with node groups each consisting of 4 nodes for the 4 nodes at the layer 0, respectively. In other words, since there are 4 node groups each consisting of the 4 nodes at the layer 1, 4.sup.2 nodes are present in total.

(39) At the layer 2, a child node group is built up with node groups each consisting of 4 nodes for the 4.sup.2 nodes at the layer 1, respectively. In other words, since there are 4.sup.2 node groups each consisting of the 4 nodes at the layer 2, 4.sup.3 nodes are present in total. Herein, the 4.sup.3 nodes at the lowest layer 2 are referred to as leaf nodes.

(40) In this exemplary embodiment of the present invention, the layered structure may include 16 layers of layers 0 through 15. Accordingly, there would be 16 nodes in each node group. In this case, the layer 15 has a child node group built up with node groups each consisting of 16 nodes for the respective 16.sup.15 nodes at the layer 14. That is, there are 16.sup.15 node groups each consisting of 16 nodes at the layer 15, and accordingly, 16.sup.16 nodes, that is, 16.sup.16 leaf nodes are present in total.

(41) Still referring to FIG. 4, as one can see, all leaf nodes subordinate to the second node in the node group at the layer 0 are revoked, and one of the leaf nodes subordinate to the fourth node in the node group at the layer 0 is revoked.

(42) Table 8 shows the node ID of the revoked leaf nodes in accordance with Table 2.

(43) TABLE-US-00008 TABLE 8 Leaf node a b c d e f g h i j k l m n o p q Layer 0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 3 Layer 1 0 0 0 0 1 1 1 1 2 2 2 2 3 3 3 3 1 Layer 2 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 3

(44) In reference to FIG. 4 and Table 8, the parent nodes of the revoked nodes are in the same group at the layer 1. These parent nodes at the layer 1 have the common parent node at the layer 0.

(45) In this exemplary embodiment of the present invention, the node IDs of the revoked leaf nodes a through p are substituted by the node ID of the revoked leaf node a. The substituted node IDs are shown in Table 9.

(46) TABLE-US-00009 TABLE 9 Leaf node a~p q Layer 0 1 3 Layer 1 0 1 Layer 2 0 3

(47) In event that all leaf nodes, which are subordinate to lower branches from a specific node, are revoked in the layered structure, the NPID of the revoked leaf nodes is substituted by the smallest NPID among the NPIDs of the revoked leaf nodes at the respective layers.

(48) Table 10 show the GID combination method in FIG. 4.

(49) TABLE-US-00010 TABLE 10 Layer 0 Layer 1 Layer 2 GID 0 0 1111(2) 0 1111(2) 0 NPID 1 3 0 1 0 3

(50) Referring to Tables 8, 9 and 10, the node ID [1, 0, 0] which substitutes the node IDs of the revoked leaf nodes a through p, (hereafter, referred to as a representative node ID) consists of the NPIDs [1], [0] and [0]. Among them, while the NPID [1] at the layer 0 was the duplicate NPID of the revoked leaf nodes a through p, the NPIDs [0] and [0] at the layers 1 and 2 substitute for the NPIDs [0], [1], [2] and [3] of the leaf nodes a through p at the layers 1 and 2, respectively.

(51) Of the NPIDs constituting the representative node ID, the NPID [1] at the layer 0 has no substituting NPID. Thus, the substitution is not indicated. Instead, in the manner as shown in Table 6, the NPID [1] is combined with the GID 0 as the first NPID at the layer.

(52) Of the NPIDs constituting the representative node ID, the NPIDs [0] and [0] at the layers 1 and 2, respectively, substitute for the NPIDs [0], [1], [2] and [3] of the leaf nodes a through p. To represent this substitution, a binary GID in which 1s as many as a certain number are consecutively arranged, for example, 11, . . . , 11.sub.(2), is combined.

(53) In this embodiment of the present invention, the cipher of the GID may be determined according to the number of types of the substituted NPIDs. When four types of the NPIDs are substituted as shown in FIG. 4, the GID is 11.sub.(2). On the other hand, provided that the node group consists of 16 nodes, the GID is 1111.sub.(2).

(54) It can be said that the cipher of the GID is log.sub.2 t wherein t is the number of nodes in the node group to which the node corresponding to the NPID of the representative node ID belongs.

(55) In Table 10, aside from the NPIDs constituting the representative node ID, the GID of other NPID is determined as shown in Table 6.

(56) Specifically, within the same node group as the previous NPID, the NPID at the layer is combined with the same GID as combined to the previous NPID.

(57) By contrast, in the different node group from the previous NPID, the NPID from the NPID at the layer is combined with the GID that is the remainder after adding 1 to the previous NPID and dividing it by 2.

(58) Table 11 shows tag tables transmitted to the leaf nodes when the GID is combined in the manner as shown in Table 10.

(59) TABLE-US-00011 TABLE 11 Tag table 01 03 Layer 0 11 (2) 0 01 Layer 1 11 (2) 0 03 Layer 2

(60) FIG. 5 is a graph comparing the tag size between the tag generation method according to an exemplary embodiment of the present invention and the conventional tag generation method as disclosed in U.S. Published Patent Application No. 20020147906.

(61) As shown in FIG. 5, it is apparent that the tag size 100 of an exemplary embodiment of present invention is much smaller than the tag size 200 of the above literature. In case that only one leaf node is revoked, the method according to an exemplary embodiment of present invention can reduce the tag size by about 65 times than the above literature. In case of 16 revoked leaf nodes, the method according to an exemplary embodiment of the present invention can reduce the tag size by about 61 times that of the above literature.

(62) In addition, as for 256 revoked leaf nodes, the tag size is reduced by about 57 times, and as for 65,536 revoked leaf nodes, the tag size is reduced by about 49 times. As for 4.2 billion revoked leaf nodes, the tag size is reduced by about 32 times.

(63) As set forth above, exemplary embodiments of the present invention can drastically reduce the transmission overhead at the server in the BE system owing to the reduced tag size.

(64) Although a few exemplary embodiments of the present invention have been shown and described, it would be appreciated by those skilled in the art that changes may be made in these exemplary embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the claims and their equivalents.