Optimizing Segment Based Document Protection
             Maciej Gebala and Miroslaw Kutylowski
                Wroclaw University of Technology


We consider documents with restricted access rights,
where segments of the document are encrypted in order to prevent 
unauthorized reading. The access rights to such a document are described by a 
directed acyclic graph; each node describing  a different access rights level. 
It is assumed that a user having the rights corresponding to a node v 
has also all rights corresponding to all nodes w such that there is a directed 
path from v to w in the dag.  Then, to each node v we assign a key K_v and use 
this key to encrypt the segment of the document corresponding to the access 
level v.  Additional data describing the access structure and necessary 
auxiliary information  can be easily incorporated in a XML-based encoding
(such as CEBX  format for web publishing). 

The underlying key management scheme should ensure that a user gets a single 
key corresponding to his access level v and can derive all keys K_w for w=v 
or w being an ancestor of v. 

In this paper we minimize the size of auxiliary keying information stored 
in the XML-structure for tree and sequential  key derivation schemes.