Abstract: A tag generation method for generating tags used in data packets in a broadcast encryption system is provided. The method includes detecting at least one revoked leaf node; setting a node identification (node ID) assigned to at least one node among nodes assigned node IDs at a layer 0 and to which the at least one revoked leaf node is subordinate, to a node path identification (NPID) of the at least one revoked leaf node at the layer 0; generating a tag list in the layer 0 by combining the NPID of each of the at least one revoked leaf nodes at the layer 0 in order of increment of node IDs of the corresponding at least one revoked leaf nodes; and generating a tag list in a lowest layer by repeatedly performing the setting and generation operation down to the lowest layer.

Abstract: A broadcast encryption method and a broadcast decryption method. The broadcast encryption method includes generating a message encryption key using a public key and a secret key generated by using a Strong Diffie-Hellman tuple; encrypting a message by the message encryption key; and generating a message header using a sum of a plurality of Strong Diffie-Hellman tuples corresponding to an authorized user group. Accordingly, a transmission amount and a storage amount can be reduced when a broadcast encryption message is transmitted.

Abstract: A method and system for updating time information of a digital rights management (DRM) includes a time server transmitting a time information message to a consumer electronics (CE) device, the CE device transmitting the time information message to a digital rights management DRM device when the CE device receives the time information message from the time server, and the DRM device updating a present time of the DRM device based on the time information message when the DRM device successfully performs authentication with respect to the time information message which has been transmitted from the CE device.

Abstract: A tag generation method for generating tags used in data packets in a broadcast encryption system is provided. The method includes detecting at least one revoked leaf node; setting a node identification (node ID) assigned to at least one node among nodes assigned node IDs at a layer 0 and to which the at least one revoked leaf node is subordinate, to a node path identification (NPID) of the at least one revoked leaf node at the layer 0; generating a tag list in the layer 0 by combining the NPID of each of the at least one revoked leaf nodes at the layer 0 in order of increment of node IDs of the corresponding at least one revoked leaf nodes; and generating a tag list in a lowest layer by repeatedly performing the setting and generation operation down to the lowest layer.

Abstract: A method for authorizing an off-line image device to play contents in use of a recording medium, including recording an encrypted key on a recording medium; recording contents on the recording medium using the encrypted key; and recording information as to a play right to play the contents recorded on the recording medium. Thus, the off-line image device can be authorized to play contents in use of the recording medium. As a result, the off-line image device can play contents that are recorded on the recording medium and must be authorized to play the contents.

Abstract: A user key allocation method for broadcast encryption is provided. The user key allocation method includes generating a plurality of subsets by dividing one group including a plurality of nodes to sub-groups and allocating key sets with respect to the subsets, respectively. The nodes included in the subset may be odd nodes and even nodes of the nodes of the group. The nodes are arranged so that privileged nodes are consecutive or there is only one privileged node. Accordingly, it is possible to reduce the data size transmitted from the server to the nodes by constituting one or more subsets from the nodes consecutively arranged and providing key sets with respect to the subsets.

Abstract: A method and an apparatus are provided for generating an encryption key for broadcast encryption. The method of generating the encryption key for the broadcast encryption includes generating a first encryption key with respect to all nodes, configured in a plurality of depths, from a root node to a plurality of leaf nodes, and generating a second encryption key with respect to each intermediate node between the root node and the plurality of leaf nodes, wherein the generation of the second encryption key comprises generating any one of first and second keys using the first encryption key depending on whether a first child node, connected to a sibling node of the intermediate node, is on a left path or a right path of the intermediate node.

Abstract: A tag generation method for generating tags used in data packets in a broadcast encryption system is provided. The method includes detecting at least one revoked leaf node; setting a node identification (node ID) assigned to at least one node among nodes assigned node IDs at a layer 0 and to which the at least one revoked leaf node is subordinate, to a node path identification (NPID) of the at least one revoked leaf node at the layer 0; generating a tag list in the layer 0 by combining the NPID of each of the at least one revoked leaf nodes at the layer 0 in order of increment of node IDs of the corresponding at least one revoked leaf nodes; and generating a tag list in a lowest layer by repeatedly performing the setting and generation operation down to the lowest layer.

Abstract: A tag generation method for generating tags used in data packets in a broadcast encryption system is provided. The method includes detecting at least one revoked leaf node; setting a node identification (node ID) assigned to at least one node among nodes assigned node IDs at a layer 0 and to which the at least one revoked leaf node is subordinate, to a node path identification (NPID) of the at least one revoked leaf node at the layer 0; generating a tag list in the layer 0 by combining the NPID of each of the at least one revoked leaf nodes at the layer 0 in order of increment of node IDs of the corresponding at least one revoked leaf nodes; and generating a tag list in a lowest layer by repeatedly performing the setting and generation operation down to the lowest layer.

Abstract: A tag generation method for generating tags used in data packets in a broadcast encryption system is provided. The method includes detecting at least one revoked leaf node; setting a node identification (node ID) assigned to at least one node among nodes assigned node IDs at a layer 0 and to which the at least one revoked leaf node is subordinate, to a node path identification (NPID) of the at least one revoked leaf node at the layer 0; generating a tag list in the layer 0 by combining the NPID of each of the at least one revoked leaf nodes at the layer 0 in order of increment of node IDs of the corresponding at least one revoked leaf nodes; and generating a tag list in a lowest layer by repeatedly performing the setting and generation operation down to the lowest layer.

Abstract: A method and a system for managing a key of a home device in a broadcast encryption system are provided. A hierarchical structure of a group set comprising a plurality of nodes corresponding to the home server and a plurality of nodes corresponding to the home device is formed. A key set to be allotted to the node set is generated. The node group is allowed to correspond to the key set to generate key-node corresponding information according to a request of the home server.

Abstract: A network capable of communicating with foreign networks and having a plurality of devices capable of mutually communicating with one another and a domain setup method thereof. The network includes at least one main remote controller for, out of the devices, setting up authorization to use the respective devices belonging to at least one main domain having at least one of the devices; and at least one subsidiary remote controller for receiving authentication for authorization to use the respective device belonging to a domain having the respective devices authorized to at least one user by the respective main remote controllers. Thus, the present network enables each user to efficiently administer whether to use the home devices as well as enables the home devices authorized to each user to be set up in one domain in order to keep security and privacy from foreign domains.

Abstract: A radio frequency system and a password management method applied to a storage device of the radio frequency system are provided, in which a first access password is stored for deciding whether to permit access to information and a first changed password. The first changed password, a second access password, and a second changed password are received, and the first access password is changed to the second access password, and the first changed password is changed to the second changed password. Accordingly, information access authority in the storage device and a password change authority can be exclusively transferred according to the transfer of management of the storage device, and information leakage caused by a previous manager's password leakage or a third person's password leakage can be prevented.

Abstract: A security device and a head end of a conditional access system (CAS), and a method for controlling illegal use of the conditional access system, capable of minimizing the number of entitlement management messages (EMMs) to be distributed from a head end to a user are provided. Update keys encrypted with user keys and channel management keys encrypted with the update keys are utilized.

Abstract: A security method using an electronic signature, which improves the performance of an electronic signature authentication by generating and verifying an electronic signature using a mediator, and acquires a forward security in an electronic signature generation and verification by adding a forward secure signature of semi-trusted party (SEM) to a partial signature value generated based on a secret key piece of the SEM. A public key and an optional secret key composed of two kinds of pieces are generated by a certificate authority in response to a request from a user terminal device. The secret key pieces are issued to the user terminal device and a semi-trusted party not to be overlapped with each other. A first signature piece generated from the issued pieces of the private key is transmitted to the user terminal device from the semi-trusted party when a certificate of the user terminal device is still valid.

Abstract: A radio frequency identification (RFID) tag encryption method and system using a broadcast encryption (BE) scheme are provided by encrypting an ID of an RFID tag, storing the encrypted ID in a server and the RFID tag, and storing information relating to a reader authorized to read out the RFID tag in the server so that the reader can read out the RFID tag by decrypting the encrypted ID based on the encrypted ID information read from the RFID tag and the reader information. When readers read out ID data from the RFID tag, a privileged reader can read the data. Thus, it is possible to block unintended information leakage to the readers. In addition, user usability can be enhanced since an attacker cannot perform an access lock on the RFID tag.

Abstract: A radio frequency identification (RFID) tag, an RFID privacy protection system, and an RFID privacy protection method are provided. The RFID privacy protection method includes a pseudo identification (ID) used to authenticate the RFID reader and a key used to generate the pseudo ID are received; if the pseudo ID is received in response to an information request signal for reading information of the RFID tag comprising the pseudo ID, the key is transmitted; and if a pseudo ID generated using the key is equal to the pseudo ID received in response to the information request signal, an RFID of the RFID tag to read the information of the RFID tag is received.

Abstract: A radio frequency identification (RFID) tag encryption method and system using a broadcast encryption (BE) scheme are provided by encrypting an ID of an RFID tag, storing the encrypted ID in a server and the RFID tag, and storing information relating to a reader authorized to read out the RFID tag in the server so that the reader can read out the RFID tag by decrypting the encrypted ID based on the encrypted ID information read from the RFID tag and the reader information. When readers read out ID data from the RFID tag, a privileged reader can read the data. Thus, it is possible to block unintended information leakage to the readers. In addition, user usability can be enhanced since an attacker cannot perform an access lock on the RFID tag.

Abstract: A mutual exclusion method and DRM device is provided. The mutual exclusion method includes receiving an instruction associated with a predetermined stored file from the CE device, checking whether a performing instruction being performed associated with the predetermined stored file exists, and generating a collision error message informing that a collision error has occurred due to the inputted instruction when the performing instruction being performed associated with the predetermined stored file exists.

Abstract: A radio frequency identification (RFID) tag encryption method and system using a broadcast encryption (BE) scheme are provided by encrypting an ID of an RFID tag, storing the encrypted ID in a server and the RFID tag, and storing information relating to a reader authorized to read out the RFID tag in the server so that the reader can read out the RFID tag by decrypting the encrypted ID based on the encrypted ID information read from the RFID tag and the reader information. When readers read out ID data from the RFID tag, a privileged reader can read the data. Thus, it is possible to block unintended information leakage to the readers. In addition, user usability can be enhanced since an attacker cannot perform an access lock on the RFID tag.