SYSTEM AND METHOD FOR DELIVERING ENCRYPTED INFORMATION IN A COMMUNICATION NETWORK USING LOCATION INDENTITY AND KEY TABLES
1 Assignment
0 Petitions
Accused Products
Abstract
Access to digital data is controlled by encrypting the data in such a manner that, in a single digital data acquisition step, it can be decrypted only at a specified location, within a specific time frame, and with a secret key. Data encrypted in such a manner is said to be geo-encrypted. This geo-encryption process comprises a method in which plaintext data is first encrypted using a data encrypting key that is generated at the time of encryption. The data encrypting key is then encrypted (or locked) using a key encrypting key and information derived from the location of the intended receiver. The encrypted data encrypting key is then transmitted to the receiver along with the ciphertext data. The receiver both must be at the correct location and must have a copy of the corresponding key decrypting key in order to derive the location information and decrypt the data encrypting key. After the data encrypting key is decrypted (or unlocked), it is used to decrypt the ciphertext. If an attempt is made to decrypt the data encrypting key at an incorrect location or using an incorrect secret key, the decryption will fail. If the sender so elects, access to digital data also can be controlled by encrypting it in such a manner that it must traverse a specific route from the sender to the recipient in order to enable decryption of the data. Key management can be handled using either private-key or public-key cryptography. If private-key cryptography is used, the sender can manage the secret key decrypting keys required for decryption in a secure manner that is transparent to the recipient. As a consequence of its ability to manipulate the secret keys, the sender of encrypted data retains the ability to control access to its plaintext even after its initial transmission.
97 Citations
97 Claims
-
1-50. -50. (canceled)
-
51. An apparatus for controlling access to digital data, comprising:
-
a physically secure enclosure;
a memory contained within the enclosure and adapted to store at least one decryption key;
a cryptographic engine contained within the enclosure and adapted to perform decryption functions;
a time source contained within the enclosure; and
a processor contained within the enclosure and operatively coupled to the memory, the cryptographic engine and the time source, the processor being adapted to communicate with a communications network external to the enclosure and receive via the communications network a data package comprising an encrypted data decrypting key and an encrypted digital data file, the data package identifying a permissible time period for use of the encrypted data decrypting key, wherein the processor is further adapted to (a) retrieve the at least one decryption key from the memory, (b) enable the cryptographic engine to decrypt the encrypted data decrypting key of the data package using the at least one decryption key, (c) retrieve a current time measurement from the time source, (d) determine whether the current time measurement satisfies the permissible time period defined for the data package, and (e) enable the cryptographic engine to decrypt the encrypted digital data file using the decrypted data decrypting key only if the current time measurement satisfies the permissible time period. - View Dependent Claims (52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66)
-
-
67. A system for controlling access to digital data, comprising:
-
a physically secure enclosure containing;
a memory adapted to store at least one decryption key, a cryptographic engine adapted to perform decryption functions, a time source, and a processor operatively coupled to the memory, the cryptographic engine and the time source, the processor being adapted to communicate with a communications network external to the enclosure and receive via the communications network a data package comprising an encrypted data decrypting key and an encrypted digital data file, the data package identifying a permissible time period for use of the encrypted data decrypting key, wherein the processor is further adapted to (a) retrieve the at least one decryption key from the memory, (b) enable the cryptographic engine to decrypt the encrypted data decrypting key of the data package using the at least one decryption key, (c) retrieve a current time measurement from the time source, (d) determine whether the current time measurement satisfies the permissible time period defined for the data package, and (e) enable the cryptographic engine to decrypt the encrypted digital data file using the decrypted data decrypting key only if the current time measurement satisfies the permissible time period; and
a play back device operatively coupled to the processor and adapted to play back the decrypted digital data file. - View Dependent Claims (68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82)
-
-
83. A method for controlling access to digital data, comprising:
-
storing at least one decryption key in a secure memory;
receiving via a communications network a data package comprising an encrypted data decrypting key and an encrypted digital media data file, the data package further defining a permissible time period for use of the encrypted data decrypting key;
retrieving the at least one decryption key from the secure memory;
retrieving an accurate time measurement;
determining whether the time measurement is within the permissible time period;
enabling decryption of the encrypted data decrypting key of the data package using the at least one decryption key; and
enabling decryption of the encrypted digital media data file using the decrypted data decrypting key only if the time measurement is within the permissible time period. - View Dependent Claims (84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97)
-
Specification