1. Field of the Invention
The present invention broadly relates to digital content protection and, more particularly, to an apparatus for and a method of efficiently encrypting and/or decrypting digital content according to a broadcast encryption scheme.
2. Description of the Related Art
Recently, the transmission of digital contents using a variety of communication media including the Internet, ground wave, cable, and satellites and sales and rental of digital contents using high capacity recording media have rapidly increased. Accordingly, digital rights management (DRM) that is a solution to protect copyright of digital contents has been emerging as an important issue. Among technologies related to the DRM, research on a broadcast encryption scheme, (by which widely distributed digital contents are protected by encrypting the digital contents broadcast by using recording media, such as a CD, a DVD and the Internet), has been actively conducted.
FIG. 1 illustrates the conventional broadcast encryption scheme.
Referring to FIG. 1, the conventional broadcast encryption scheme uses a 2-stepped encryption process, in which digital content is encrypted by using a content key and the content key used for the encryption is encrypted by using a revocation key. Generally, digital content encrypted by using a content key CK is expressed as E(CK, Content), and the content key encrypted by using a revocation key {Ki} is expressed as {E(Ki, CK)}. Here, the curly brackets { } indicate that the revocation key {Ki} is a key set formed with a plurality of Ki's.
Also, in order to decrypt the content encrypted according to the conventional broadcast encryption scheme, a 2-stepped decryption process should be performed in which the encrypted content key is decrypted by using a revocation key and the encrypted content is decrypted by using the obtained content key.
The revocation key described above is allocated to each of devices to which the broadcast encryption scheme is applied, and among these devices, a device that cannot be protected any more by the broadcast encryption scheme due to exposure of the revocation key or to other reasons is revoked. Thus, revoked device cannot decrypt a digital content complying with the broadcast encryption scheme by using a revocation key that the revoked device has.
FIG. 2 illustrates an example of a tree used in the conventional broadcast encryption scheme.
Referring to FIG. 2, one parent node has two child nodes in the tree shown in FIG. 2 and the tree is a binary 4-level tree formed with 4 levels. Also, one key is allocated to each of the nodes of the tree.
The top node among the nodes of the tree is referred to as a root node, and a node at the bottom is referred to as a leaf node. According to the conventional broadcast encryption scheme, each of the devices corresponds to one of the leaf nodes and keys {Ki} of nodes, positioned on a path from a respective leaf node of the respective device to the root node, are allocated to the device.
For example, in case of key set allocation of a device 1, keys of nodes positioned on the path from the leaf node corresponding to the device 1 to the root node are K1, K2, K4, and K8 and these keys are allocated to the device 1.
If all devices are not revoked, a content server performing broadcast encryption encrypts a content key by using only the key K1 of the root node, and a device performing decryption corresponding to the broadcast encryption decrypts the encrypted content key by using only the key K1 of the root node. Also, if only devices 1 and 2 are revoked among the devices, the content server performing broadcast encryption encrypts a content key by using revocation keys K3 and K5, and a device performing decryption corresponding to the broadcast encryption decrypts the encrypted key by using the revocation keys K3 and K5.
However, according to the conventional broadcast encryption scheme, the content server performing broadcast encryption should encrypt a content key by always using a revocation key, and the device performing decryption corresponding to the broadcast encryption should decrypt the encrypted content by always using the revocation key. In other words, a revocation key is used whether a revoked device is present or not. Accordingly, this increases the computational load on the content server and the device to which the conventional broadcast encryption scheme is applied.