廣播加密機制可解決目前數位內容保護與授權的問題，但於現有廣播的應用環境中，業者提供的資訊過多，且大部分訂閱用戶對於數位內容的需求不同，業者忽視用戶真正的需求卻要求繳交全額的費用，顯然不符合消費者主權的原則。所以針對目前環境發生的問題，本篇論文提出一個新的廣播加密機制以實現訂閱用戶依不同需求的數位內容繳交相對費用之方法。於本方法中，廣播者將數位資訊依內容分級授權，劃分為不同等級的資訊粗細度，訂閱用戶可依自己的需求選擇訂購某個權限等級，並支付相對於該權限所需的費用，隨後即可透過廣播獲得購買的數位內容。本篇論文提出的方法具有下述幾個特點：(1) 訂閱用戶只需負擔相對於數位內容等級的費用；(2) 動態地更新訂閱用戶時，廣播者無需重新分配解密金鑰給原始訂閱用戶；(3) 金鑰長度只需192 位元就可達到與RSA金鑰長度為1024 位元相同安全度；(4) 訂閱用戶只需儲存一把解密金鑰；(5) 廣播資料量與訂閱用戶總人數無關；(6) 使用雙線性映射函數的特性簡化複雜且難解的問題並有效率的解決；(7) 滿足安全性：解密金鑰的不可偽造性(unforgeability)、交談金鑰的不可偽造性、交談金鑰的連續性(continuity)、數位內容的前推安全(forward secrecy)與後推安全(backward secrecy)等安全性。

Broadcast encryption scheme can solve the prevent problems of digital content protection and authorization. In existing broadcast applied environment, digital content providers provide too many information, and most of subscribers need different digital content. Providers ignore real requirements of subscribers, but subscribers need to pay all charge. It does not conform to the consumer sovereign rights. So we aim at these problems which occurred, and provide a new broadcast encryption scheme which realizing the different charge model by different digital content. In this method, broadcaster classifies authorization by digital content and different level by information granularity. Subscribers can order some authorized level. They need to pay charge merely to the authorization which they subscribed. After paying the charge, subscribers can obtain digital content through broadcasting. This paper possesses several characteristics as following : (1) Subscribers only pay charge for level of information granularity; (2) When dynamically updating subscribers, broadcaster does not need redistribute decrypted keys for original subscribers; (3) Key size 192 bits can achieve secure level as same as key size 1024 bits of RSA; (4) Subscribers store only one key; (5) Broadcast data size has no relationship with number of subscribers; (6) Because of characteristics of bilinear mapping can make complex and hard problems to be simplified and have effective solution; (7) This paper satisfies the requirements of unforgeability of decrypted key, unforgeability of session key, continuity of session key, forward secrecy and backward secrecy of digital content.

[AMM99] J. Anzai, N. Matsuzaki, and T. Matsumoto, “A Quick Group Key Distribution Scheme with Entity Revocation”, Advances in Cryptology -- Asiacrypt’99, Springer-Verlag, 1999, pp. 333-347.
[ASW99] M. Abdalla, Y. Shavitt, and A. Wool, “Towards Making Broadcast Encryption Practical”, FC’99, pp. 140-157.
[BC94] C. Blundo and A. Cresti, “Space Requirements for Broadcast Encryption”, Advanced in Cryptology -- Eurocrypt’94, Springer-Verlag, 1995, pp. 287-298.
[Ber91] S. Berkovits, “How to Broadcast a Secret”, Advanced in Cryptology -- Eurocrypt’91, Springer-Verlag, 1991,
pp. 535-541.
[BF99] D. Boneh and M. Franklin, “An Efficient Public Key Traitor Tracing Scheme”, Advances in Cryptology -- Crypto'99, Springer-Verlag, 1999, pp. 338-357.
[BF01] D. Boneh, and M. Franklin, “Identity-based encryption from the Weil pairing”, Advances in Cryptology -- CRYPTO 2001, Springer-Verlag, 2001, pp. 213-229.
[BGLS02] D. Boneh, G, Gentry, B. Lynn, and H. Shacham, “Aggregate and Verifiably Encrypted Signatures from Bilinear Maps”, Cryptology ePring Archive, Report 2002/175.
[BKLS02] P. S. L. M. Barreto, H. Y. Kim, B. Lynn, and M. Scott, “Efficient algorithms for pairing-based cryptosystems”, Advances in Cryptology -- CRYPTO 2002, Springer-Verlag, 2002, pp. 354-368.
[BLS01] D. Boneh, B. Lynn, and H. Shacham, “Short Signatures from the Weil Pairing,” Advances in Cryptology -- Asiacrypt'2001, Springer-Verlag, 2002, pp. 514-532.
[BP98] D. V. Bailey and C. Paar, “Optimal extension fields for fast
arithmetic in public-key algorithms”, Crypto’98, pp.472-485.
[BP01] D. V. Bailey and C. Paar, “Efficient arithmetic in finite field extensions with applications in elliptic curve cryptigraph”, J. Cryptology, Vol. 14, No. 3, 2001, pp.153-176.
[Ca02] C. Castelluccia, “How to convert any ID-based Signature Scheme into a Group Signature Scheme”, Cryptology ePrint Archive, Report 2002/116.
[CC02] J. C. Cha, and J. H. Cheon, “An Identity-based signature from gap Diffie-Hellman groups”, International Workshop on Practice and Theory in Public Key Cryptography (PKC 2003), Springer-Verlag, 2003, pp.18-30.
[CFN94] B. Chor, A. Fiat, and M. Naor, “Tracing Traitors”, Advances in Cryptology -- Crypto’94, Springer-Verlag, 1994, pp. 257-270.
[EJMHB02] M. Ernst, M. Jung, F. Madlener, S. Huss and R. Blümel, “A Reconfigurable System on Chip Implementation for Elliptic Curve Cryptography over GF(2n)”, Cryptographic Hardware and Embedded Systems -- CHES 2002.
[FM00] Y. Futa and A. Miyaji, “Efficient Construction of Elliptic Curves over Optimal Extension Field”, IPSJ Trans., Vol. 41, No.8, 2000, pp.2092-2101.
[FN93] A. Fiat and M. Naor, “Broadcast Encryption”, Advances in
Cryptology -- Crypto’93, Springer-Verlag, 1994, pp. 480-491.
[FSGKC01] D. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kuhn and R. Chandramouli, “Proposed NIST Standard for Role-BasedAccess Control”, ACM Transactions on Information and System Security, Vol. 4, No. 3, August 2001, 224–274.
[FT99] A. Fiat and T. Tassa, “Dynamic Traitor Tracing”, Advances in Cryptology -- Crypto’99, Springer-Verlag, 1999, pp. 354-371.
[GBKP01] J. Guajardo, R. Blumel, R. Krieger, and C. Paar, “Efficient Implementation of Elliptic Curve Cryptosystems on the TIM SP430x33x Family of microcontrollers”, PKC 2001.
[GLV01] R. Gallant, R. Lambert and S. Vanstone, “Faster Point Multiplication on Elliptic Curves with Efficient Enddomorphism”, Proc. Crypto’2001, pp. 190-200.
[H02a] F. Hess, “Efficient identity based signature schemes based on pairings,” Proceedings of the 9th Workshop on Selected Areas in Cryptography -- SAC 2002, LNCS 2595, Springer-Verlag, 2002, pp. 310-324.
[H02b] F. Hess, “A note on the Tate pairing of curves over finite fields”, 2002, manuscript available at http://www.math.tu-berlin.de/~hess/.
[HS02] D. Halevy and A. Shamir, “The LSD Broadcast Encryption Scheme”, Advances in Cryptology -- Crypto’2002, Springer-Verlag, 2002, pp. 47-60.
[J00] A. Joux, “A One-round Protocol for Tripartite Diffie-Hellman”, Algorithm Number Theory Symposium - ANTS-IV, Springer-Verlag, 2000, pp. 385- 394.
[KD98] K. Kurosawa and Y. Desmedt, “Optimum Traitor Tracing and Asymmetric Schemes”, Advanced in Cryptology -- Eurocrypt’98, Springer-Verlag, 1998, pp. 145-157.
[KYDB98] K. Kurosawa, T. Yoshida, Y. Desmedt, and M. Burmester, “Some Bounds and a Construction for Secure Broadcast Encryption”, Advances in Cryptology -- Asiacrypt’98, Springer-Verlag, 1998, pp. 420-433.
[LQ03] B. Libert, and J.-J. Quisquater, “New identity based signcryption schemes based on pairings”, IACR Cryptology ePrint Archive, Report 2003/023.
[LS98] M. Luby and J. Staddon, “Combinatorial Bounds for Broadcast Encryption”, Advanced in Cryptology -- Eurocrypt’98, Springer-Verlag, 1998, pp. 512-526.
[LWH02] C. Y. Lin, T. C. Wu, and J. J. Hwang, “Multi-proxy Signature Schemes for Partial Delegation with Cheater Identification”, Proceedings of the Second International Workshop for Asian Public Key Infrastructure(IWAP 2002), pp. 147-152.
[MOV93] A. J. Menezes, T. Okamoto, and S. A. Vanstone, “Reducing Elliptic Curve Logarithms to a Finite Field”, IEEE Transactions on Information Theory, Vol. 39, 1993,
pp. 1639-1646.
[MOVW88] R. C. Mullin, I. M. Onyszchuk, S. A. Vanstone, and R. M. Wilson, “Optimal normal bases in GF(pm)”, Discrete Applied Math, vol.22, pp.149-161, Elsevier Science Publishers/North-Holland, 1988.
[MSL03] Y. Mu, W. Susilo, Y. X. Lin, “Identity-Based Broadcasting”, Progress in Cryptology -- INDOCRYPT 2003, pp. 177-190.
[NNL01] D. Naor, M. Naor and J. Lotspiech, “Revocation and Tracing Schemes for Stateless Receivers”, Cryptology ePring Archive, Report 2001/059.
[NP98] M. Naor and B. Pinkas, “Threshold Traitor Tracing”, Advances in Cryptology -- Crypto’98, Springer-Verlag, 1998, pp. 502-517.
[NP00] M. Naor and B. Pinkas, “Efficient Trace and Revoke Schemes”, FC 2000, pp. 1-20.
[P02] K. G. Paterson, “ID-based Signatures from Pairings on Elliptic Curves”, Electronics Letters, Vol. 38, No. 18, 2002,
pp. 1025-1026.
[Pfi96] B. Pfitzmann, “Trials of Traced Traitors”, Informational Hiding, Springer-Verlag, 1996, pp. 49-64.
[S96] R. Sandhu, “Authentication , Access Control, and Audit”, ACM Computing Surveys, Vol. 28, No. 1, 1996.
[S03] P. Stros, “Uniform approach to manadatory security of event management systems”, Security and Protection of Information 2003.
[SOK00] R. Sakai, K. Ohgishi, and M. Kasahara, “Cryptosystems Based on Pairing”, 2000 Symposium on Cryptography and Information Security (SCIS2000), Okinawa, Japan, Jan. 26-28, 2000.
[SW00b] R. Safavi-Naini and Y. Wang, “Sequential Traitor Tracing”, Advances in Cryptology -- Crypto'2000, Springer-Verlag, 2000, pp. 316-332.
[SW98b] D. R. Stinson and R. Wei, “Combinatorial Properties and Constructions of Traceability Schemes and Frameproof Codes”, SIAM J. Discrete Mathematics, Vol. 11, No. 1, 1998, pp. 41-53.
[SW03] R. Safavi-Naini and Y. Wang, “Sequential Traitor Tracing”, IEEE Transactions on Information Theory, Vol. 49, No. 5,
pp. 1319-1326, May 2003.
[WGL98] C. K. Wong, M. Gouda, and S. Lam, “Secure Group Communications Using Key Graphs”, Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication, 1998.
[WHA99] D. Wallner, E. Harder, and R. Agee, “Key Management for Multicast: Issues and Architectures”, RFC 2627, 1999.
[ZK02] F. Zhang and K. Kim, “ID-based Blind Signature and Ring Signature from Pairings”, Advances in Cryptology -- Asiacrypt'2002, Springer-Verlag, 2002, pp. 533-547.