FIELD: radio engineering, communication.
SUBSTANCE: invention relates to broadcast encryption and specifically to a method of managing authorisation rules in a data broadcasting system. Disclosed is a method of enforcing rules for accessing a broadcast product, received by receivers, which is realised by a control centre. Access is provided by a product key and the management centre manages a set of Boolean positive and negative attributes at receivers, which comprises steps of: associating one positive Boolean attribute with a receiver entitled to the attribute and loading a state therein; associating one negative Boolean attribute with a receiver not entitled to the attribute and loading a state therein; defining a second broadcast encryption scheme for the negative Boolean attributes and associating with each negative Boolean attribute corresponding decryption key material; expressing access conditions for a product as a Boolean expression by combining one positive Boolean attribute and one negative Boolean attribute by Boolean conjunction or disjunction; generating a cryptogram for transmission to a receiver by encrypting the access key with the two combined broadcast encryption schemes according to said Boolean expression.
EFFECT: reducing requirements for receiver security means to enforce access conditions defined in key messages, and handle complex access conditions based on the characteristic and properties of the receiving device or user.
5 cl, 1 dwg
