How It Works
Each compliant device is given a set of secret Device Keys when manufactured. The actual number of keys may be different in different media types. These Device Keys, referred to as Kdi (i=0,1,…,n-1), are provided by AACS LA. The set of Device Keys may either be unique per device, or used commonly by multiple devices.
A device shall treat its Device Keys as highly confidential.
The MKB is encrypted in a subset difference tree approach. In order to decrypt it, a device must know the right Processing Key (P) which is available via the subset-difference tree process.
Essentially, the set of Device Keys are arranged in a tree such that any given Device Key can be used to find lower level Processing keys. The processing keys at higher position in the tree than the given set of Device Keys are not reachable.
A given set of Device Keys give access to a given set of Processing keys, it is to say to a given set of decodable MKB.
This way, to revoke a given device key, the MKB needs only be encrypted with a Processing Key which is not reachable by its Device Keys set.
Read more about this topic: Device Keys
Famous quotes containing the word works:
“Again we mistook a little rocky islet seen through the “drisk,” with some taller bare trunks or stumps on it, for the steamer with its smoke-pipes, but as it had not changed its position after half an hour, we were undeceived. So much do the works of man resemble the works of nature. A moose might mistake a steamer for a floating isle, and not be scared till he heard its puffing or its whistle.”
—Henry David Thoreau (1817–1862)