How It Works
Each compliant device is given a set of secret Device Keys when manufactured. The actual number of keys may be different in different media types. These Device Keys, referred to as Kdi (i=0,1,…,n-1), are provided by AACS LA. The set of Device Keys may either be unique per device, or used commonly by multiple devices.
A device shall treat its Device Keys as highly confidential.
The MKB is encrypted in a subset difference tree approach. In order to decrypt it, a device must know the right Processing Key (P) which is available via the subset-difference tree process.
Essentially, the set of Device Keys are arranged in a tree such that any given Device Key can be used to find lower level Processing keys. The processing keys at higher position in the tree than the given set of Device Keys are not reachable.
A given set of Device Keys give access to a given set of Processing keys, it is to say to a given set of decodable MKB.
This way, to revoke a given device key, the MKB needs only be encrypted with a Processing Key which is not reachable by its Device Keys set.
Read more about this topic: Device Keys
Famous quotes containing the word works:
“He never works and never bathes, and yet he appears well fed always.... Well, what does he live on then?”
—Edward T. Lowe, and Frank Strayer. Sauer (William V. Mong)