View Single Post
Old 18th February 2007, 05:08   #14  |  Link
xyz987
Registered User
 
Join Date: Dec 2006
Posts: 142
EDIT: I have rewritten this message. Prior version of this message was not an accurate explanation.

Here is a little explanation with numbered nodes. This is a master tree:

Code:

                       1
                      /  \
                     /    \
                    /      \
                   /        \
                  /          \
                 /            \
                /              \
               /                \
              /                  \
             2                    3
            / \                  / \
           /   \                /   \
          /     \              /     \
         /       \            /       \
        4        5          6         7
       / \       / \       / \        / \
      /   \     /   \     /   \      /   \
     8     9   10    11   12   13   14   15
A master tree is just a tree that complies this rules:

- Any lower key can be derived from higher keys through a one-way function.

- Its keys are used (directly or indirectly) to encrypt or decrypt content

- Its keys can be derived from Device Keys

First of all, what kind of keys are master tree keys?. Posibilities are Title Keys, Volume Keys, Media Keys, Processing Keys, Device Keys or "any other kind of keys" (just to be systematic). Any master tree key is used sometimes to encrypt Media Keys, so it must be a Device Key or a Processing Key. Also it can be used to derive a lower master tree key, and this derived key is used sometimes to encrypt a Media Key. Processing Keys do not comply these conditions, the only kind of key that comply this are Device Keys. So master tree keys are Device Keys.

Player 9 will receive Device Keys 8,5,3. This set of keys is chosen because they can derive any Device Key except the keys from the leaf to the root of master tree. There is no way to derive keys 1,2,4,9 from keys 3,5,8.

If you want to revoke the set of keys player 9 has, i.e. the set of Device Keys that contains key 8 (and only that set), you simply encrypt Media Key with key 9. As stated above the set of keys player 9 has received (8,5,3) can not derive key 9, so player 9 can not decrypt the content.

Last edited by xyz987; 19th February 2007 at 20:34.
xyz987 is offline   Reply With Quote