Apparatus and method for securing a distributed network

US 20040019805A1
Filed: 07/25/2002
Published: 01/29/2004
Est. Priority Date: 07/25/2002
Status: Abandoned Application

First Claim

Patent Images

1. An apparatus for secure data handling in a network, the apparatus comprising:

a secure agent for combining a plurality of keys sourced from at least two key-sets for performing a cryptographic operation on the data sourced from at least two communication units.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus and method for secure data handling in a distributed network is implemented by a secure agent connected by a secure channel to a primary communication unit, secondary communication unit, and clients. The primary communication unit and secondary communication units are connected to separate key-stores having keys. A method using distributed keys for encryption and decryption is disclosed. Another method utilizes multiple-time keys.

Citations

47 Claims

1. An apparatus for secure data handling in a network, the apparatus comprising:
- a secure agent for combining a plurality of keys sourced from at least two key-sets for performing a cryptographic operation on the data sourced from at least two communication units.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The apparatus of claim 1 wherein said cryptographic operation is selected from a group consisting of a encryption operation and decryption operation.
  - 3. The apparatus of claim 1 wherein said two communication units associated with at least two key-stores.
  - 4. The apparatus of claim 3 wherein said at least two key-stores storing at least two key-sets.
  - 5. The apparatus of claim 3 wherein said two communication units are associated with said at least two key-stores by a secure communication channel.
  - 6. The apparatus of claim 1 wherein said secure agent being connected to said at least two communication units and at least one client by a secure communication channel, said secure agent performing all principal encryption and decryption tasks.
  - 7. The apparatus of claim 6 wherein said at least one client includes a media output device selected from a group consisting of theatre projection systems, computer connected output devices, portable projection systems, televisions, personal audio-visual systems, audio output devices, and video output devices.
  - 8. The apparatus of claim 1 wherein said secure agent discarding said keys after performing said cryptographic operation.
  - 9. The apparatus of claim 1 wherein said secure agent having minimal hardware components.
  - 10. The apparatus of claim 1 wherein said secure agent including at least one program module for performing the encryption and decryption tasks.
  - 11. The apparatus of claim 1 wherein said secure agent having at least one dedicated circuit element for performing the encryption and decryption tasks having secret keys.
  - 12. The apparatus of claim 1 wherein said at least two communication units comprising a first communication unit functioning as a main content source and at least one second communication unit functioning as a proxy communication unit.
  - 13. The apparatus of claim 1 wherein said secure agent comprises a plurality of initiation codes stored in an encrypted form in at least one hardware component.
  - 14. The apparatus of claim 1 further comprising:
    - at least two key-stores associated with said two communication units, said at least two key-stores storing at least two key-sets; and
      
      a secure channel connecting said communication units with said key-stores, said secure agent being connected to said communication units and at least one client by said secure channel, said secure agent performing all principal encryption and decryption tasks.

15. A method of encryption for secure data handling implemented over a network, the method comprising the steps of:
- generating at least one encryption key corresponding to at least one data-block using a combination of at least two keys selected from at least two key-sets; and
  
  encrypting said data-block with said encryption key to generate an encrypted data-block.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
- - 16. The method of claim 15 further comprising the step of:
    - transmitting said two key-sets from at least two communication units to at least one secure agent using a secure channel, each one of said key-sets being stored on one distinct said communication units, said two communication units comprising a first communication unit and a second communication unit.
  - 17. The method of claim 16 wherein said at least two key-sets being transmitted to said secure agent using a public key encryption method.
  - 18. The method of claim 17 wherein said public key encryption method is the ElGamal variant of the Diffie-Hellman method.
  - 19. The method of claim 16 further comprising the step of:
    - selecting said data-block from a data-set transferred from said first communication unit to said secure agent using said secure channel.
  - 20. The method of claim 19 further comprising the step of:
    - transmitting said encrypted data-block from said secure agent to said second communication unit using said secure channel.
  - 21. The method of claim 15 further comprising the step of:
    - discarding said data-block and the corresponding said encryption key.
  - 22. The method of claim 15 wherein the wherein the encryption of said data-block is performed using at least one hardware component to enhance the encryption throughput.

23. A method of decryption for secure data handling implemented over a network, the method comprising the steps of:
- generating at least one decryption key corresponding to at least one data-block using a combination of at least two keys selected from at least two key-sets, said data-block being an encrypted data-block; and
  
  decrypting said data-block with said decryption key to generate a decrypted data-block.
- View Dependent Claims (24, 25, 26, 27, 28)
- - 24. The method of claim 23 further comprising the step of:
    - transmitting said least two key-sets from at least two communication units to at least one secure agent using a secure channel, each one of said key-sets being stored on one distinct said communication units, said two communication units comprising a first communication unit and a second communication unit, said key-sets being stored on two distinct said communication units.
  - 25. The method of claim 24 further comprising the step of:
    - selecting said one data-block from a data-set transferred from a given communication unit storing the encrypted content to said secure agent using said secure channel.
  - 26. The method of claim 25 further comprising, the step of:
    - transmitting said decrypted data-block from said secure agent to an output device using said secure channel.
  - 27. The method of claim 23 further comprising the step of:
    - discarding each of said data-block and the corresponding said decryption key.
  - 28. The method of claim 23 wherein the encryption of said data-block is performed using at least one hardware components to enhance the decryption throughput.

29. A method of encryption for providing security against deceptive interference with communications, the method comprising steps of:
- encrypting a data-block with at least one encryption key to generate an encrypted data-block; and
  
  encrypting a subset of said encrypted data-block with at least one secondary key.
- View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38)
- - 30. The method of claim 29 further comprising the steps of:
    - computing said encryption key based on a combination of at least two keys selected from at least two key-sets.
  - 31. The method of claim 29 wherein said key-sets being stored on at least two distinct communication units, said at least two key-sets received from said least two communication units over a secure channel, said two communication units comprising a first communication unit and a second communication unit.
  - 32. The method of claim 31 wherein said secondary keys are distributed over distinct said communication units for increasing security.
  - 33. The method of claim 31 further comprising the step of:
    - selecting at least one data-block from a data-set transferred from said first communication unit to said secure agent using said secure channel.
  - 34. The method of claim 33 further comprising the steps of:
    - determining at least one selected block-set comprising a predetermined number of selected blocks chosen from said data-set, said blocks being duplicated for a pre-determined number of times; and
      
      generating a predetermined number of said secondary keys, each one of said secondary keys corresponding to one of said selected blocks.
  - 35. The method of claim 34 wherein said subset representing the non-empty intersection of a given selected block and said data-block.
  - 36. The method of claim 35 further comprising the step of:
    - optimally choosing said selected blocks for reducing the size of said encrypted data-block.
  - 37. The method of claim 34 further comprising the step of:
    - sending said encrypted data-block to said second communication unit.
  - 38. The method of claim 29 further comprising the step of:
    - discarding said data-block and the corresponding said encryption key.

39. A method of decryption for providing security against deceptive interference with communications, the method comprising steps of:
- decrypting a data-block with at least one decryption key to generate an non-encrypted data-block, said data-block being an encrypted data-block; and
  
  encrypting a subset of said data-block with at least one secondary key.
- View Dependent Claims (40, 41, 42, 43, 44, 45, 46, 47)
- - 40. The method of claim 39 further comprising the steps of:
    - computing said decryption key based on a combination of at least two keys selected from at least two key-sets.
  - 41. The method of claim 39 wherein said key-sets being stored on at least two distinct communication units, said at least two key-sets received from said least two communication units over a secure channel, said two communication units comprising a first communication unit and a second communication unit.
  - 42. The method of claim 41 wherein said secondary keys are distributed over distinct said communication units for increasing security.
  - 43. The method of claim 41 further comprising the step of:
    - selecting at least one data-block from a data-set transferred from said first communication unit to said secure agent using said secure channel.
  - 44. The method of claim 43 further comprising the steps of:
    - determining at least one selected block-set comprising a predetermined number of selected blocks chosen from said data-set, said blocks being duplicated for a pre-determined number of times; and
      
      generating a predetermined number of said secondary keys, each one of said secondary keys corresponding to one of said selected blocks.
  - 45. The method of claim 44 wherein said subset representing the non-empty intersection of a given selected block and said data-block.
  - 46. The method of claim 44 further comprising the step of:
    - sending said encrypted data-block to said second communication unit.
  - 47. The method of claim 39 further comprising the step of:
    - discarding said data-block and the corresponding said encryption key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Matsushita Electric Industrial Company Limited (Panasonic Holdings Corporation)
Original Assignee
Matsushita Electric Industrial Company Limited (Panasonic Holdings Corporation)
Inventors
Perkins, Gregory M., Bhattacharya, Prabir, Bushmitch, Dennis

Application Number

US10/205,344
Publication Number

US 20040019805A1
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

H04L 9/083 involving central third par...

Apparatus and method for securing a distributed network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

47 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for securing a distributed network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

47 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links