JP2010041112A - Content encrypting method and decoding method as well as content encrypting apparatus and decoding apparatus for hierarchical multicast distribution - Google Patents

Abstract

Hierarchical multicast distribution that enables control of video quality and resolution for each receiver is realized.
When applying broadcast encryption (decryption) to a hierarchical encoding method such as video data suitable for multicast distribution, the present invention provides a plurality of secret keys required for each image at different stages. A secret key of an upper layer is generated dependently from a secret key (master key) corresponding to the lower layer image using a one-way hash function. In addition, different private keys are owned by different individuals for the same hierarchical image. Further, only the public key of the broadcast cipher and the private secret key corresponding to the lowest layer image are held, and the common key corresponding to each layer is generated from the private secret key by a one-way hash function.
[Selection] Figure 1

Description

  The present invention relates to a content encryption method and decryption method for hierarchical multicast distribution, and a content encryption apparatus and decryption apparatus. More particularly, the present invention relates to broadcast encryption / decryption in a hierarchical encoding system for video data in multicast distribution. The present invention relates to a content encryption method, a decryption method, a content encryption device, and a decryption device for hierarchical multicast delivery.

  Due to its high cost, network distribution of expensive digital content such as digital cinema video requires high security. Currently, each receiver is individually encrypted and then unicasted to each receiver. (FIG. 15).

  In the future, as the number of distribution destinations increases, the demand for multicast distribution is expected to increase gradually (FIG. 16). Currently multicast distribution uses the IP Multicast protocol, and one content is copied by a device in the network such as a router, but all recipients receive the same content. For this reason, if the content is leaked, it is difficult to specify which recipient has leaked. In addition, when the leaked recipient can be identified, the decryption key must be redistributed because all recipients have the same decryption key in order to stop delivery to the subsequent leaker. There is also a problem. In order to solve these problems, by combining a digital watermark method (for example, see Non-Patent Document 1) that enables the identification of a leaker and a broadcast encryption method (for example, see Non-Patent Document 2), There is a multicast distribution method that can substantially stop distribution (for example, see Non-Patent Document 3).

  The broadcast encryption method is used between one sender and a plurality of recipients, and the sender sends the same ciphertext to the entire recipient, but the recipient group specified at the time of encryption can be correctly decrypted. Only. Specifically, when a public key is created from the private keys of all recipients that are permitted to be decrypted and encrypted thereby, only the authorized recipients can decrypt the ciphertext using their individual private keys. FIG. 17 illustrates the difference between the conventional public key cryptosystem and the broadcast cryptosystem. This broadcast cipher is suitable not only for authorized receivers to decrypt ciphertexts using their private keys but also for encrypted video data multicast distribution because only one encrypted data is required. There is an advantage that key management is easy because only one public key is required regardless of the number of users.

On the other hand, with the recent diversification of networks, the bandwidth variation of the transmission path is large for each user, and the resolution of the video receiving terminal is also diversifying. Hierarchical multicast distribution shown in FIG. 18 is suitable for simultaneous video distribution to a plurality of users having different conditions. Considering the application of the broadcast encryption method in such a layered multicast distribution, the broadcast encryption method has only one target encrypted data. Therefore, when it is applied directly, the hierarchy is lost. That is, reception control for each video quality and resolution is impossible, and only the same quality video can be received by all receivers.
R. Parnes and R. Parviainen, "Large scale distributed water-marking of multicast media through encryption, Proc. Of IFIP Communications and Multimedia Security Issues of the New Century, pp. 17-26, 2001 A. Fait and M. Naor, "Broadcast encryption", CRYPTO 1993, LNCS 773, pp. 480-491, 1993 Toshima Kan, Takeshi Inoue, Hitoshi Uematsu, Hirokazu Takahashi, May Nishina, Go Takagi, Shinichi Tsuji, "Multicast delivery method that can identify leakers and stop delivery", 2008 IEICE General Conference, BS-5 -Five.

  However, considering the application of the broadcast encryption method in the above-described conventional hierarchical multicast distribution, the broadcast encryption method has only one target encrypted data. End up. That is, reception control for each video quality and resolution is impossible, and only the same quality video can be received by all receivers.

  The present invention has been made in view of the above points, and a content encryption method and decoding for hierarchical multicast distribution that realizes hierarchical multicast distribution that enables control of video quality and resolution for each receiver. It is an object to provide a method, a content encryption device, and a decryption device.

  FIG. 1 is a diagram for explaining the principle of the present invention.

The present invention (Claim 1) provides content encryption for hierarchical multicast distribution in an encryption device that performs encryption when hierarchically encoded data is simultaneously distributed to a plurality of recipients using hierarchical multicast. A method,
The key generation means generates a public key and a private secret key using broadcast encryption for each layer of the hierarchically encoded data, and the individual private key of each layer of each recipient is determined from the private secret key of the lower layer. A key generation step (step 1) that is subordinately generated using a directional hash function;
The encryption means performs an encryption step (step 2) of encrypting the hierarchically encoded data using the public key created in each hierarchy.

The present invention (Claim 2) is a content decryption method for hierarchical multicast distribution in a decryption device for decrypting encrypted hierarchical encoded data,
When decrypting the layered encoded data encrypted by the method of claim 1,
A receiving means for receiving an authorized private key of the lowest hierarchy (step 3);
A personal secret key generation step (step 4) in which the key generation means subordinately generates an upper level personal secret key using the one-way hash function used at the time of encryption;
A public key decryption step (step 5) in which the public key decryption means decrypts the public key of each layer using the personal secret key generated in the personal secret key generation step (step 4);
The decryption means performs a decryption step (step 6) for decrypting the hierarchized encoded data encrypted using the public key decrypted in the public key decryption step (step 5).

The present invention (Claim 3) provides content encryption for hierarchical multicast distribution in an encryption apparatus that performs encryption when hierarchically encoded data is simultaneously distributed to a plurality of recipients using hierarchical multicast. A method,
The key generation means generates a public key and a private secret key using broadcast encryption for each layer of the hierarchically encoded data, and the individual private key of each layer of each recipient is determined from the private secret key of the lower layer. A key generation step that enables a plurality of recipients to share an upper-layer private secret key by subordinately using a directional hash function; and
The encryption means performs an encryption step of encrypting the hierarchically encoded data using a public key created in each hierarchy.

The present invention (Claim 4) is a content decryption method for hierarchical multicast distribution in a decryption device for decrypting encrypted hierarchical encoded data,
When decrypting the layered encoded data encrypted by the method of claim 3,
Receiving means for receiving an authorized private key of the lowest hierarchy,
A personal secret key generation step in which the key generation means subordinately generates an upper level personal secret key using the one-way hash function used at the time of encryption;
A public key decryption step, wherein the public key decryption means decrypts the public key of each layer using the personal secret key generated in the personal secret key generation step;
The decryption means performs a decryption step of decrypting the hierarchized encoded data encrypted using the public key decrypted in the public key decryption step.

The present invention (Claim 5) provides content encryption for hierarchical multicast distribution in an encryption apparatus that performs encryption when hierarchically encoded data is simultaneously distributed to a plurality of recipients using hierarchical multicast. A method,
When performing hybrid encryption of encryption using broadcast encryption and encryption using common key encryption,
In broadcast encryption, the key generation means generates a public key and a private secret key using broadcast encryption for each layer of hierarchically encoded data, and each recipient's private secret key has a plurality of layers that are permitted to be accessed. A key generation step for creating only the private secret key of the lowest layer,
The encryption means encrypts the common key of the common key cipher of the corresponding layer with the created public key of each layer, and converts the common key of each layer of the common key cipher from the common key of the lowest layer to the one-way hash function And an encryption step of encrypting the hierarchically encoded data using a public key created in each hierarchy.

The present invention (Claim 6) is a content decryption method for hierarchical multicast distribution in a decryption device for decrypting encrypted hierarchical encoded data,
When decrypting the layered encoded data encrypted by the method of claim 5,
Receiving means for receiving an authorized private key of the lowest hierarchy,
A public key decryption step in which the public key decryption means decrypts the public key of the corresponding hierarchy using the received personal private key;
A common key decryption step in which the common key decryption means decrypts the common key of the corresponding layer common key cipher using the decrypted public key;
A common key generating step, wherein the common key generating means generates a subordinate key using a one-way hash function used when encrypting the upper layer common key;
The decrypting means performs a decrypting step of decrypting the hierarchized encoded data encrypted using the common key decrypted in the public key decrypting step.

The present invention (Claim 7) provides content encryption for hierarchical multicast distribution in an encryption apparatus that performs encryption when hierarchically encoded data is simultaneously distributed to a plurality of recipients using hierarchical multicast. A method,
When encrypting hierarchically encoded data using existing broadcast encryption and common key encryption consisting of three algorithms of key generation, encryption, and decryption,
Apply broadcast encryption to each layer,
The personal secret key generating means generates only the lowest level private secret key among the plurality of hierarchies permitted to access;
A step of generating a common key for each layer of the common key cryptography in a subordinate manner using a one-way hash function from the common key of the lowest layer when the common key generating means receives the common key of the common key encryption method; ,
The encryption means encrypts the hierarchically encoded data using the common key and outputs it as a broadcast encryption message.

The present invention (Claim 8) is a content decryption method for hierarchical multicast distribution in a decryption device for decrypting encrypted hierarchical encoded data,
When decrypting the layered encoded data encrypted by the method of claim 7,
Receiving means for receiving an authorized private key of the lowest hierarchy,
A public key decryption step in which the public key decryption means decrypts the public key of the corresponding hierarchy using the received personal private key;
A common key decryption step in which the common key decryption means decrypts the common key of the corresponding layer common key cipher using the decrypted public key;
A common key generating step, wherein the common key generating means generates a subordinate key using a one-way hash function used when encrypting the upper layer common key;
The decrypting means performs a decrypting step of decrypting the hierarchized encoded data encrypted using the common key decrypted in the public key decrypting step.

  FIG. 2 is a principle configuration diagram of the present invention.

The present invention (Claim 9) is a content encryption apparatus for hierarchical multicast distribution that performs encryption when simultaneously distributing hierarchically encoded data to a plurality of recipients using hierarchical multicast.
A public key and a private secret key are generated using broadcast encryption for each layer of hierarchically encoded data, and a private secret key for each layer of each recipient uses a one-way hash function from the private secret key of the lower layer. And key generation means 110 that is generated in a dependent manner,
And encryption means 140 for encrypting hierarchically encoded data using a public key created in each hierarchy.

The present invention (Claim 10) is a content decryption device for hierarchical multicast delivery for decrypting encrypted hierarchical encoded data,
When decrypting the hierarchically encoded data encrypted by the encryption device according to claim 9,
Receiving means 240 for receiving the authorized personal secret key of the lowest hierarchy, 240;
Personal secret key generation means 210 that subordinately generates an upper level personal secret key using the one-way hash function used at the time of encryption;
A public key decryption unit 220 that decrypts the public key of each layer using the personal secret key generated by the personal secret key generation unit 210;
And decryption means 230 for decrypting the hierarchically encoded data encrypted using the public key decrypted by the public key decryption means 220.

The present invention (Claim 11) is a content encryption apparatus for hierarchical multicast distribution that performs encryption when simultaneously distributing hierarchically encoded data to a plurality of recipients using hierarchical multicast.
A public key and a private secret key are generated using broadcast encryption for each layer of hierarchically encoded data, and a private secret key for each layer of each recipient uses a one-way hash function from the private secret key of the lower layer. And a key generation means that enables the generated higher-layer private secret key to be shared among a plurality of recipients by generating them in a subordinate manner,
Encryption means for encrypting the hierarchically encoded data using a public key created in each hierarchy.

The present invention (Claim 12) is a content decryption device for hierarchical multicast delivery for decrypting encrypted hierarchical encoded data,
When decrypting the layered encoded data encrypted by the encryption device according to claim 11,
Receiving means for receiving the authorized private key of the lowest hierarchy,
A personal secret key generating means for subordinately generating an upper level personal secret key using the one-way hash function used at the time of encryption;
Public key decryption means for decrypting the public key of each layer using the personal secret key generated by the personal secret key generation means;
And decryption means for decrypting the hierarchically encoded data encrypted using the public key decrypted by the public key decryption means.

The present invention (Claim 13) is a content encryption apparatus for hierarchical multicast distribution that performs encryption when simultaneously distributing hierarchically encoded data to a plurality of recipients using hierarchical multicast.
When performing hybrid encryption of encryption using broadcast encryption and encryption using common key encryption,
In broadcast encryption, a public key and a private secret key are generated using broadcast encryption for each layer of hierarchically encoded data, and each recipient's private secret key is the lowest layer among the multiple layers permitted to access. A key generation means for creating only the personal secret key of
The common key of the corresponding layer common key cipher is encrypted with the public key of each layer created, and the common key of each layer of the common key cipher is layer encoded using the one-way hash function from the common key of the lowest layer Encryption means for encrypting data using a public key created at each layer.

The present invention (Claim 14) is a content decryption device for hierarchical multicast delivery for decrypting encrypted hierarchical encoded data,
When decrypting the hierarchically encoded data encrypted by the encryption device according to claim 13,
Receiving means for receiving the authorized private key of the lowest hierarchy,
Public key decryption means for decrypting the public key of the corresponding hierarchy using the received private private key;
A common key decryption means for decrypting the common key of the corresponding layer common key cipher using the decrypted public key;
A common key generating means for subordinately generating an upper layer common key using the one-way hash function used at the time of encryption;
And decryption means for decrypting the hierarchically encoded data encrypted using the common key decrypted by the public key decryption means.

  As described above, according to the present invention, when applying broadcast encryption (decryption) to a hierarchical encoding method such as video data suitable for multicast distribution, a plurality of secret keys required for each image at different stages are used. Thus, by generating a secret key for the upper layer from the secret key (master key) corresponding to the lower layer image using a one-way hash function, only the authorized receiver can store the layered video data. The ciphertext can be decrypted using each individual private key. Further, it is possible to easily stop only the distribution of an arbitrary recipient.

  When such a hierarchical multicast encryption is realized, for example, in live pay distribution for a sporting event, when there is an access control that distributes a video of a quality according to the amount to the user, and when there is fraud, or distribution due to time viewing restrictions It can be stopped.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

  First, hierarchical coding as a base in the hierarchical multicast encryption of the present invention will be described.

  Video data distributed by multicast represented by Non-Patent Document 3 mentioned above needs to be compressed and encoded below a certain band by H.264 / AVC system or MPEG2 system so that it can be transmitted in a certain transmission band. Thus, once encoded video data, the video quality cannot be changed even if the transmission band fluctuates. Also, the resolution is fixed, and in order to change the resolution in accordance with the receiving terminal, it is necessary to perform image enlargement / reduction processing after decoding once. However, with the diversification of networks in recent years, the bandwidth fluctuation of transmission paths is large, and video data capable of transmitting video with quality suitable for multiple bands is required, and video receiving terminals are also NTSC level. Diversified from resolution to sizes such as HD (High Definition) and SHD (Super High Definition).

  Against this background, hierarchical coding schemes such as JPEG2000 and SVC (Scalable Video Coding) that can cope with changes in video quality and video terminal resolution have been standardized. In the hierarchical encoding method, the encoder only encodes once, and there is no need to recreate the compressed data according to the compression encoding rate or individual resolution, and a decoded image of various resolutions and quality can be obtained from a single compressed file. There is a feature that can be obtained.

Here, JPEG2000 will be described as an example. FIG. 3 shows a system configuration diagram of the JPEG2000 encoder. In JPEG2000, wavelet transform is used because it is easy to maintain image quality at a low bit rate and realize resolution scalability. The wavelet filter of the wavelet transform unit 10 includes a lossless filter for supporting lossless and lossy unified coding, and a lossy filter for realizing a higher rate, dis, and rate characteristics than lossy coding. Yes. The division method is limited to Mallet division in which the image is band-divided into four subbands by performing one-dimensional wavelet transform independently in the vertical and horizontal directions of the image, and the lowest frequency band is recursively divided into four bands. By dividing D times, it is possible to divide an image having a spatial resolution of 1/2 ^D with respect to the original image. This processing is performed in the horizontal direction and the vertical direction, respectively. On the decoding side, decoding is performed sequentially from the low frequency side. By decoding ^U times, an image having a spatial resolution of 2 ^U / 2 ^D = 1/2 ⁿ times the original image can be restored. In the wavelet transform, images with different resolutions can be easily obtained in the process of sequentially decoding from low to wide.

Next, the wavelet coefficients are quantized by the quantizing unit 11 as necessary, and encoded by an EBCOT (Embedded Block Coding with Optimized Truncation) algorithm 20. In the EBCOT algorithm 20, the code block dividing unit 12 divides each subband into square blocks called code blocks (for example, 64 × 64). These code blocks are encoded independently. In each code block, coefficient bit modeling based on the wavelet coefficient bit plane is performed, and all the bit planes from the MSB to the LSB are decomposed into two coding passes according to the context. Next, the arithmetic coding unit 14 performs arithmetic coding on the embedded code string generated by the coefficient bit modeling unit 13. The overall bit rate control is performed by discarding a part of each arithmetic coding generated for each code block. Moreover, it is grouped into units called layers as required. Finally, the header generated by the packet generator 15 is a JPEG2000 bit stream. In JPEG2000, a code is configured with three coding passes as a minimum unit, and a priority in each pass unit can be assigned to control a temporal priority at the time of decoding or to control a truncation code amount. As a priority,
-L: Layer based on SNR-R: Spatial resolution-P: Position-C: There are four types of colors, and there are five types of scalability depending on how these are preferentially arranged. LRCP with the highest priority on layers is the default. When it is desired to give priority to the spatial resolution, it can be realized by the RLCP data structure as shown in FIG. It is possible to control to sequentially increase the resolution from a low resolution image to a high resolution image. A hierarchical multicast as shown in FIG. 18 is suitable for simultaneous distribution of video data to a plurality of users using such a hierarchical encoding method. For example, in the case of the RLCP data structure as shown in FIG. 4, in the hierarchical multicast of FIG. 18, distribution is performed with layer 1 = R0, layer 2 = R1, and layer 3 = R2.

[Conventional encryption in hierarchical coding]
Various studies have also been conducted on encryption for hierarchical coding schemes. For example, reference 1 “Y. Wu, D. Ma and RH Deng,“ Flexible access control to JPEG2000 image codestreams, ”IEEE Trans. On Multimedia, vol. 9, no. 6, pp. 1314-1324, Oct. 2007”. , Reference 2 “Katsutoshi Ando, Hitoshi Kiya,“ Encryption method of JPEG2000 coded image using layer structure ”, Theory of Science (A), vol. J85-A, no.10, pp.1091-1099, Oct. .2002 ”, Reference 3“ A. Haggag, M. Ghoneim, J. Lu, and T. Yahagi, “Progressive encryption and controlled access scheme for JPEG2000 encloded images,” in Proc. IEEE ISPACS, pp. 895-898, 2006. And so on.

  In JPEG2000, a security specification called JPSEC was standardized as Part8. JPSEC is targeted at services that require security such as confidentiality, authenticity, and integrity, but it only specifies the syntax that describes how image data is protected, and encryption and signatures are only required. The actual security algorithm is a flexible framework that does not specify. A number of JPEC-compliant encryption methods have been proposed. However, the research is not limited to these JPEC-compliant schemes, and research on cryptographic schemes in conventional hierarchical coding basically assumes one-to-one access. Therefore, unicast distribution is used for transmission over the network. However, for simultaneous distribution to multiple users, unicast distribution is performed for the number of users, and the transmission bandwidth increases significantly (number of users). .

[Broadcast cipher]
In consideration of the above problems, the present invention considers hierarchical multicast encryption using broadcast encryption. First, the algorithm of broadcast encryption will be briefly described. Let n be the total number of recipients, s be the number of recipients permitted to be decrypted, and r be the number of recipients not allowed to be decrypted (ie, s + r = n). In the simplest method, that is, when the broadcast cipher is realized by encrypting with the public key of each individual recipient, the size of the public key of the entire recipient is O (n), and the size of the private key of the individual recipient Is O (1), and the ciphertext size is O (s). Therefore, reducing the public key size and the ciphertext size is important for realizing efficient broadcast encryption. In 2005, a broadcast encryption scheme with a ciphertext size of O (1) was proposed by Boneh, Gentry, and Waters, and attracted the attention of many researchers toward practical use (Reference 4 “D. Boneh, C. Gentry and B. Waters, “Collusion resistant broadcast encryption with short ciphertexts and private keys,” CRYPTO '05, pp. 258-275, 2005 ”). The broadcast cipher in Reference 4 is composed of three algorithms: key generation, encryption, and decryption. A natural number from 1 to n is assigned to each recipient as an ID. That is, the total recipients are 1, 2,. Each recipient d _1, d 2 as a private secret key, _..., owns d _n, the public key and PK, sender S⊂ a set of recipients for decoding {1,2, ..., n}.

Key generation: The total number n of recipients is input, and the public key PK and private secret key d _i (i = 1, 2,..., N) are output.

  Encryption: A message M, a public key PK, and a set S of recipients permitted to be decrypted are input, and a ciphertext C and a header Hdr are output.

Decryption: Ciphertext C, header Hdr, recipient ID _i , personal secret key d _i , public key PK, and set S of recipients permitted to decrypt are input, and message M is output.

  As described above, Document 4 has been introduced as an example of the broadcast cipher. However, in the following embodiments, when referring to the broadcast cipher, it is not limited to the broadcast cipher of Document 4 unless otherwise specified.

[Hierarchical multicast encryption using broadcast encryption]
The broadcast cipher is suitable not only for the authorized receivers but also for decrypting the ciphertext using the personal secret key, and for the multicast distribution of video data since only one encrypted data is required. However, as shown in FIG. 5, when applied directly to JPEG2000 encoded data, the broadcast encryption has only one target encrypted data, and thus the hierarchical nature of hierarchical encoding is lost. That is, access control for each layer is impossible, and only video of the same quality can be distributed to all receivers.

  As one simple method for performing encryption while maintaining the hierarchy, a method of directly applying broadcast encryption to each layer data as shown in FIG. 6 is conceivable. In this example, the spatial resolution is preferentially given scalability, the receiver of R0 receives the 1/4 resolution image {R0, R1}, receives the 1/2 resolution image, and {R0, R1, R2}. The recipient can decode the full resolution image. In this example, the number of recipients is assumed to be five, and the recipient who can decrypt the full resolution image is one owner of the private secret key (A, A ′, A ″), and the half resolution image is Receivable recipients are the private secret key (B, B ') and private secret key (C, C') owners, respectively, and recipients capable of decrypting 1/4 resolution images are private secret key D and private secret, respectively. It becomes two owners of the key E. However, as can be seen in this example, the receiver needs the private secret key as many as the number of layers permitted to access, which is not preferable from the viewpoint of key management and delivery. .

[First Embodiment]
In the following, in describing each embodiment, JPEG2000 is taken as an example of hierarchical coding as in the previous examples. It can be applied to any hierarchical encoding. The number of recipients, the number of layers, the JPEG2000 scalability order, the range of access permission of each recipient, etc. are all the same as in the example of FIG.

  FIG. 7 shows the configuration of the hierarchical multicast encryption apparatus according to the first embodiment of the present invention. The encryption apparatus 100 shown in FIG. 1 includes a personal secret key generation unit 110 that generates a personal secret key from a plurality of personal secret keys of a receiver, a personal secret key storage unit 120 that stores the generated personal secret key, and a personal secret. A public key generation unit 130 that generates a public key from all personal secret keys stored in the key storage unit 120, an encryption unit 140 that performs broadcast encryption of layered encoded data using the public key, and the created public A public key memory 150 for storing a key, and a transmission unit 160 for transmitting encrypted data and a personal secret key of the lowest layer to a decryption device.

  In the present embodiment, access to a plurality of permitted hierarchies is possible with only one personal secret key regardless of the number of hierarchies permitted to be accessed. In order to realize this, the personal secret key generation unit 110 uses a one-way hash function from the personal secret key of the lower layer, from the personal secret key of the lower layer, among the plurality of personal secret keys possessed by the same receiver. Create dependent (concatenated). For example, as shown in FIG. 8, with respect to the owner of the private secret key (A, A ′, A ″), A ′ is created from A, and A ″ is created from A ′. Therefore, this recipient only needs to possess the private secret key A, and the remaining private secret keys (A ′, A ″) are automatically created. Similarly, the private secret keys (B, B ′). And the private secret key (C, C ′) need only own the private secret key B and the private secret key C. The public key generation unit 130 uses the hash code for each layer by broadcast encryption. A public key is created from all the private secret keys of each hierarchy including the private secret key created dependently by the function, and is stored in the public key memory 150. The encryption unit 140 is the public key stored in the public key memory 150. The JPEG2000 data of each layer is encrypted using a key.For the encryption of JPEG2000 data using a public key, see, for example, Reference 5 “Reiko Nakazaki, Osamu Watanabe, Hitoshi Kiya,“ JPEG2000 using public key cryptography and lower High-speed encryption method of compatible images ", electronic information Communication Engineers Technical Report .ITS2003-64, pp.7-12, it is possible to use the prior art, such as Feb. 2004 ".

  The transmission unit 160 transmits the encrypted data and the personal secret key of the lowest layer to the receiver (decryption device). However, the private secret key of the lowest hierarchy is transmitted separately from the encrypted data using a public key cryptosystem or the like separately from the encrypted data. The transmission method is not particularly limited as long as the private secret key is transmitted by the broadcast encryption method.

  FIG. 9 shows the configuration of the decoding apparatus according to the first embodiment of the present invention. The decryption apparatus 200 shown in the figure includes a personal secret key generation unit 210, a public key decryption unit 220, and a decryption unit 230.

  At the time of decryption, the decryption device 200 of each recipient receives the lowest-order personal secret key permitted from the encryption device 100, and the personal secret key generation unit 210 uses the one-way hash function used at the time of encryption. The personal secret key of the higher hierarchy is generated in a subordinate manner, and temporarily stored in a memory (not shown). The public key decryption unit 220 decrypts the public key using the private secret key of each layer stored in the memory (not shown), and the decryption unit 230 decrypts the JPEG2000 data.

  In the present embodiment, an example in which the JPEG2000 data of each layer is directly encrypted using the created public key has been described. However, a hybrid encryption with a common key encryption method may be used for the broadcast encryption. At that time, JPEG2000 data is encrypted by the common key method, and the common key of the common key method is encrypted by the public key of the broadcast encryption.

[Second Embodiment]
The encryption device and the decryption device in the present embodiment are the same as those in the first embodiment.

  In the first embodiment described above, access to a plurality of permitted hierarchies is possible with only one personal secret key regardless of the number of hierarchies permitted to access, but the total number of personal secret keys is , Increase compared to the number of recipients. In the example of FIG. 8, the total number of personal secret keys is 9 for 5 recipients. The same applies to the example of FIG.

  In order to solve this problem, in the present embodiment, as shown in FIG. 10, it is possible to share an upper-layer private secret key that is subordinately created by a hash function among recipients. For example, in the example of FIG. 10, only the personal secret key A is sent to the recipient who wants to decrypt the three layers R0, R1, and R2. At that time, the private secret key B and the private secret key D are automatically generated inside the decryption apparatus using a hash function. Further, only the private secret key B is sent to the recipient who wants to decrypt the two layers R0 and R1. At that time, the private secret key D is automatically generated inside the decryptor using a hash function. As a result, these two recipients share the private secret key B and the private secret key D. That is, each individual owns a different secret key. For this reason, the private secret key storage unit 120 shown in FIG.

  In this way, by permitting sharing of private secret keys in higher layers, the total number of private secret keys becomes the same as the number of recipients, and the amount of computation associated with key generation, encryption, and decryption of broadcast encryption is reduced. be able to. The public key creation method and the encryption of JPEG2000 data of each layer using the public key are the same as in the first embodiment.

  The configuration of the decoding apparatus in this embodiment is the same as that in the first embodiment. At the time of decryption, each recipient receives the authorized lowest layer private secret key, and subordinately generates an upper layer private secret key using the one-way hash function used at the time of encryption. The public key is decrypted using the generated private secret key of each layer, and JPEG2000 data is decrypted.

  However, there is a demerit caused by permitting sharing of the private secret key in the upper layer. If you want to stop delivery to a recipient, for example, if you want to stop delivery of a personal private key A to a user, you need to stop using the private private key B and the private private key D as well as the private private key A Therefore, it is necessary to distribute a new personal secret key to recipients who are originally permitted to use the personal secret key B and the personal secret key D.

  In the present embodiment, as in the first embodiment, the example in which the JPEG2000 data of each layer is directly encrypted using the created public key has been described. However, the broadcast cipher is referred to as a common key cryptosystem. The hybrid cipher may be used. At that time, JPEG2000 data is encrypted by the common key method, and the common key of the common key method is encrypted by the public key of the broadcast encryption.

[Third Embodiment]
This embodiment is a hybrid system of broadcast encryption and common key encryption. Unlike the second embodiment, the total number of personal secret keys and the number of recipients are kept the same, unlike the second embodiment. Therefore, when it is desired to stop the distribution to a certain recipient, it is possible to suspend the use of only the individual private key of the recipient, and it is not necessary to distribute a new private secret key to other recipients.

  FIG. 11 shows the configuration of the encryption device according to the third embodiment of the present invention. The encryption device 300 shown in the figure includes a private secret key generation unit 310, a public key generation unit 320, a common key generation unit 330, and an encryption unit 340.

  FIG. 12 is an example of JPEG2000 encryption for hierarchical multicast distribution in the third embodiment of the present invention. In the broadcast encryption, the public key generation unit 320 and the private secret key generation unit 310 create a public key and a private secret key for each layer and store them in a memory (not shown). The total number of personal secret keys is the same as the number of recipients. In addition, only the private secret key of the lowest layer among the plurality of layers each permitted to access is required. At this time, there is no dependency relationship between the private secret keys A, B, C, D, and E in the respective layers as in the first embodiment and the second embodiment.

  On the other hand, the common key for each layer of the common key cryptosystem is generated subordinately from the lowest layer common key using a one-way hash function. The common key of these layers is encrypted with the public key of each layer created by broadcast encryption.

  FIG. 13 shows the configuration of the decoding apparatus according to the third embodiment of the present invention. The decryption apparatus 400 shown in the figure includes a public key decryption unit 410, a common key decryption / generation unit 420, and a decryption unit 430.

  At the time of decryption, each decryption device 400 receives the permitted lowest layer private secret key in the public key decryption unit 410, decrypts the public key of the corresponding hierarchy using the received private secret key, and (Not shown).

  Next, the common key decryption / generation unit 420 decrypts the common key of the corresponding layer common key cipher using the decrypted public key, and the common key of the upper layer is the one-way hash function used at the time of encryption. Is generated in a dependent manner. The decryption unit 430 decrypts the encrypted data using the generated common key.

[Fourth Embodiment]
FIG. 14 shows an example of a hierarchical multicast cipher using the broadcast cipher of Document 4. The number of multicast layers is L, and each multicast layer is defined as ML _j (j = 1,..., L). The data structure of JPEG2000 is determined in advance and assigned to each multicast layer. Total number of _{recipients, n = n 1 + n 2} , ..., and _{n L,} where _{n j} is _ML 1, ..., representing the maximum number of received access to the ML _j is permitted. The private key d ₁ ^(j) , ..., _dnj ^(j) and the public key PK ^(j) are assigned to the multicast hierarchy ML _j . A set of recipients that the sender is permitted to decrypt ^{S (j) ⊆ {1,} ..., n j} and. The algorithm is as follows.

1. Common key encryption:
The multicast hierarchy ML _j (j = 1,..., L) is encrypted by a common key encryption method such as AES. At that time, the common key CK ^(j) of each layer is generated by the following equation.

CK ^(j-1) = H (CK ^(j) ), j = L, ..., 2 (1)
However, H (•) represents a one-way hash function.

2. Broadcast cipher key generation:
In each multicast layer j = 1,..., L, the broadcast cipher generates n _j private secret keys d ₁ ^(j) ,..., D _nj ^(j) and a public key PK ^(j) .

3. Broadcast cipher encryption:
At each layer, the message (common key (CK ^(j) ), public key PK ^(j) , set of recipients S ^(j) ⊆ {1,..., N _j }) that is permitted to be decrypted is used as input, ^(j) and K ^(j) } are output.

4). Broadcast cipher decryption:
In each layer, a set of recipients S ^(j) ⊆ {1,..., N _j }, a recipient ID _i ∈ {1,..., N _j }, private secret key d _i ^(j) , header Hdr ^(j) and public key PK ^(j) are input and a message (common key CK ^(j) ) is output.

5). Decrypt common key cryptography:
From the common key CK ^(j) , the higher-level common keys CK ⁽¹⁾ ,..., CK ^(j−1) are generated dependently from the common key CK ^(j) . Common key CK ^(1), ..., with CK ^(j), multicast hierarchy _{ML j (j = 1, ...} , L) decodes the.

  Also, the operation of each component of the encryption device and the decryption device in each embodiment is constructed as a program and installed in a computer used as the encryption device or the decryption device, or distributed through a network. It is possible to make it.

  Further, the constructed program can be stored in a portable storage medium such as a hard disk, a flexible disk, or a CD-ROM, and can be installed or distributed in a computer.

  The present invention is not limited to the above-described embodiment, and various modifications and applications can be made within the scope of the claims.

  In the case of hierarchical multicast distribution, if reception control for each video quality and resolution is possible, for example, in a live pay distribution of a plurality of users such as sports events, a video of quality according to the amount is given to the user. Distribution and suspension are possible.

It is a figure for demonstrating the principle of this invention. It is a principle block diagram of this invention. It is a system configuration | structure figure of a JPEG2000 encoder. This is a JPEG2000 RLCP data structure. This is a direct application example 1 of broadcast encryption. This is a second example of direct application of broadcast encryption. 1 is a configuration diagram of a hierarchical multicast encryption apparatus according to a first embodiment of the present invention. FIG. It is JPEG2000 encryption (public key cryptosystem) for hierarchical multicast delivery in the first embodiment of the present invention. It is a block diagram of the hierarchical multicast decoding apparatus in the 1st Embodiment of this invention. It is JPEG2000 encryption (public key cryptosystem) for the hierarchical multicast delivery in the 2nd Embodiment of this invention. It is a block diagram of the encryption apparatus in the 3rd Embodiment of this invention. It is an example (hybrid encryption system) of JPEG2000 encryption for the hierarchical multicast delivery in the 3rd Embodiment of this invention. It is a block diagram of the decoding apparatus in the 3rd Embodiment of this invention. It is a figure which shows the encryption for hierarchical multicast delivery using the broadcast encryption of the literature 4. It is a figure which shows unicast delivery. It is a figure which shows multicast delivery. It is a figure which shows the conventional public key encryption system and broadcast encryption system. It is a figure which shows hierarchical multicast.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 Wavelet transformation part 11 Quantization part 12 Code block division part 13 Coefficient bit modeling part 14 Arithmetic coding part 15 Packet generation part 20 EBCOT
DESCRIPTION OF SYMBOLS 100 Encryption apparatus 110 Key generation means, personal secret key generation part 120 Personal secret key storage part 130 Public key generation part 140 Encryption means, encryption part 150 Public key memory 160 Transmission part 200 Decryption apparatus 210 Key generation means, personal secret Key generation unit 220 Public key decryption unit, public key decryption unit 230 Decryption unit, decryption unit 240 reception unit, reception unit 300 Encryption device 310 Personal secret key generation unit 320 Public key generation unit 330 Common key generation unit 340 Encryption unit 350 Transmission unit 400 Decryption device 410 Public key decryption unit 420 Common key decryption / generation unit 430 Decryption unit 440 Reception unit

Claims (14)

A content encryption method for hierarchical multicast distribution in an encryption device that performs encryption when simultaneously distributing hierarchically encoded data to a plurality of recipients using hierarchical multicast,
Key generation means generates a public key and a private secret key using broadcast encryption for each layer of the hierarchically encoded data, and the individual private key of each layer of each recipient is obtained from the private secret key of the lower layer. A key generation step that is subordinately generated using a one-way hash function;
An encryption unit performs an encryption step of encrypting the hierarchically encoded data using the public key created in each hierarchy.
A content encryption method for hierarchical multicast delivery. A content decryption method for hierarchical multicast delivery in a decryption device for decrypting encrypted hierarchical encoded data, comprising:
When decrypting the layered encoded data encrypted by the method of claim 1,
Receiving means for receiving an authorized private key of the lowest hierarchy,
A personal secret key generation step in which the key generation means subordinately generates an upper level personal secret key using the one-way hash function used at the time of encryption;
A public key decryption step, wherein a public key decryption unit decrypts a public key of each layer using the personal secret key generated in the personal secret key generation step;
A decrypting step for decrypting the encrypted hierarchically encoded data using the public key decrypted in the public key decrypting step;
A content decoding method for hierarchical multicast delivery, characterized in that: A content encryption method for hierarchical multicast distribution in an encryption device that performs encryption when simultaneously distributing hierarchically encoded data to a plurality of recipients using hierarchical multicast,
Key generation means generates a public key and a private secret key using broadcast encryption for each layer of the hierarchically encoded data, and the individual private key of each layer of each recipient is obtained from the private secret key of the lower layer. A key generation step that is subordinately generated using a one-way hash function;
An encryption means for encrypting the hierarchically encoded data using the public key created in each hierarchy; and
A content encryption method for hierarchical multicast delivery, characterized in that: A content decryption method for hierarchical multicast delivery in a decryption device for decrypting encrypted hierarchical encoded data, comprising:
When decrypting the layered encoded data encrypted by the method of claim 3,
Receiving means for receiving an authorized private key of the lowest hierarchy,
A personal secret key generation step in which the key generation means subordinately generates an upper level personal secret key using the one-way hash function used at the time of encryption;
A public key decryption step, wherein a public key decryption unit decrypts a public key of each layer using the personal secret key generated in the personal secret key generation step;
A decrypting step for decrypting the encrypted hierarchically encoded data using the public key decrypted in the public key decrypting step;
A content decoding method for hierarchical multicast delivery, characterized in that: A content encryption method for hierarchical multicast distribution in an encryption device that performs encryption when simultaneously distributing hierarchically encoded data to a plurality of recipients using hierarchical multicast,
When performing hybrid encryption of encryption using broadcast encryption and encryption using common key encryption,
In the broadcast encryption, key generation means generates a public key and a private secret key using broadcast encryption for each layer of the layered encoded data, and each recipient's private secret key is permitted to access A key generation step of creating only the private secret key of the lowest layer in the hierarchy; and
The encryption means encrypts the common key of the common key cipher of the corresponding layer with the created public key of each layer, and converts the common key of each layer of the common key cipher from the common key of the lowest layer to the one-way hash function And a step of encrypting the hierarchically encoded data by using the public key created in each layer, and a content encryption method for hierarchical multicast distribution. A content decryption method for hierarchical multicast delivery in a decryption device for decrypting encrypted hierarchical encoded data, comprising:
When decrypting the layered encoded data encrypted by the method of claim 5,
Receiving means for receiving an authorized private key of the lowest hierarchy,
A public key decrypting step, wherein the public key decrypting means decrypts the public key of the corresponding hierarchy using the received private secret key;
A common key decryption step in which the common key decryption means decrypts the common key of the corresponding layer common key cipher using the decrypted public key;
A common key generating step, wherein the common key generating means generates a subordinate key using a one-way hash function used when encrypting the upper layer common key;
A decrypting step for decrypting the encrypted layered encoded data using the common key decrypted in the public key decrypting step;
A content decoding method for hierarchical multicast delivery, characterized in that: A content encryption method for hierarchical multicast distribution in an encryption device that performs encryption when simultaneously distributing hierarchically encoded data to a plurality of recipients using hierarchical multicast,
When encrypting the hierarchically encoded data using existing broadcast encryption and common key encryption consisting of three algorithms of key generation, encryption, and decryption,
Apply broadcast encryption to each layer,
The personal secret key generating means generates only the lowest level private secret key among the plurality of hierarchies permitted to access;
A step of generating a common key for each layer of the common key cryptography in a subordinate manner using a one-way hash function from the common key of the lowest layer when the common key generating means receives the common key of the common key encryption method; ,
A content encryption method for hierarchical multicast distribution, wherein an encryption unit encrypts the hierarchically encoded data using the common key and outputs the encrypted encrypted message as a broadcast encryption message. A content decryption method for hierarchical multicast delivery in a decryption device for decrypting encrypted hierarchical encoded data, comprising:
When decrypting the layered encoded data encrypted by the method of claim 7,
Receiving means for receiving an authorized private key of the lowest hierarchy,
A public key decryption step in which the public key decryption means decrypts the public key of the corresponding hierarchy using the received personal private key;
A common key decryption step in which the common key decryption means decrypts the common key of the corresponding layer common key cipher using the decrypted public key;
A common key generating step, wherein the common key generating means generates a subordinate key using a one-way hash function used when encrypting the upper layer common key;
A decrypting step for decrypting the encrypted layered encoded data using the common key decrypted in the public key decrypting step;
A content decoding method for hierarchical multicast delivery, characterized in that: A content encryption device for hierarchical multicast distribution that performs encryption when simultaneously distributing hierarchically encoded data to a plurality of recipients using hierarchical multicast,
A public key and a private secret key are generated using broadcast encryption for each layer of the layered encoded data, and a private secret key of each layer of each recipient is obtained by using a one-way hash function from the private secret key of the lower layer. A key generation means that generates subordinately using,
An encryption means for encrypting the hierarchically encoded data using the public key created in each hierarchy;
A content encryption apparatus for hierarchical multicast distribution, comprising: A content decrypting device for hierarchical multicast delivery for decrypting encrypted hierarchical encoded data,
When decrypting the hierarchically encoded data encrypted by the encryption device according to claim 9,
Receiving means for receiving the authorized private key of the lowest hierarchy,
A personal secret key generating means for subordinately generating an upper level personal secret key using the one-way hash function used at the time of encryption;
Public key decryption means for decrypting the public key of each layer using the personal secret key generated by the personal secret key generation means;
Decryption means for decrypting the encrypted hierarchically encoded data using the public key decrypted by the public key decryption means;
A content decoding apparatus for hierarchical multicast delivery, comprising: A content encryption device for hierarchical multicast distribution that performs encryption when simultaneously distributing hierarchically encoded data to a plurality of recipients using hierarchical multicast,
A public key and a private secret key are generated using broadcast encryption for each layer of the layered encoded data, and a private secret key of each layer of each recipient is obtained by using a one-way hash function from the private secret key of the lower layer. A key generation means that generates subordinately using,
An encryption means for encrypting the hierarchically encoded data using the public key created in each hierarchy;
A content encryption apparatus for hierarchical multicast distribution, comprising: A content decrypting device for hierarchical multicast delivery for decrypting encrypted hierarchical encoded data,
When decrypting the layered encoded data encrypted by the encryption device according to claim 11,
Receiving means for receiving the authorized private key of the lowest hierarchy,
A personal secret key generating means for subordinately generating an upper level personal secret key using the one-way hash function used at the time of encryption;
Public key decryption means for decrypting the public key of each layer using the personal secret key generated by the personal secret key generation means;
Decryption means for decrypting the encrypted hierarchically encoded data using the public key decrypted by the public key decryption means;
A content decoding apparatus for hierarchical multicast delivery, comprising: A content encryption device for hierarchical multicast distribution that performs encryption when simultaneously distributing hierarchically encoded data to a plurality of recipients using hierarchical multicast,
When performing hybrid encryption of encryption using broadcast encryption and encryption using common key encryption,
In the broadcast encryption, a public key and a private secret key are generated using broadcast encryption for each layer of the hierarchically encoded data, and each recipient's private secret key is the highest in a plurality of layers permitted to access. A key generation means for creating only a lower-layer private secret key;
The common key of the corresponding layer common key cipher is encrypted with the created public key of each layer, and the common key of each layer of the common key cipher is obtained from the common key of the lowest layer using the one-way hash function. Encryption means for encrypting encrypted data using the public key created in each hierarchy;
A content encryption apparatus for hierarchical multicast distribution, comprising: A content decrypting device for hierarchical multicast delivery for decrypting encrypted hierarchical encoded data,
When decrypting the hierarchically encoded data encrypted by the encryption device according to claim 13,
Receiving means for receiving the authorized private key of the lowest hierarchy,
Public key decryption means for decrypting the public key of the corresponding hierarchy using the received personal secret key;
A common key decryption means for decrypting the common key of the corresponding layer common key cipher using the decrypted public key;
A common key generating means for subordinately generating an upper layer common key using the one-way hash function used at the time of encryption;
Decryption means for decrypting the encrypted hierarchically encoded data using the common key decrypted by the public key decryption means;
A content decoding apparatus for hierarchical multicast delivery, comprising:

Images