APPARATUS AND ASSOCIATED METHODOLOGY FOR MANAGING CONTENT CONTROL KEYS
First Claim
1. A method of creating and exchanging secret session keys for symmetric secret key encryption between a sending device and a receiving device without transmitting the actual secret session keys between the sending and receiving devices, the method comprising:
- providing the receiving device with a unique device number, a unique user keycode number, and a symmetric secret key encryption algorithm;
providing the sending device with the symmetric secret key encryption algorithm, a seed value and a non-system randomizer to generate a predetermined number of pseudo-random bit data based on the seed value, the pseudo-random bit data being arranged into a random number table stored in an electronic memory of the sending device;
transmitting from the receiving device to the sending device through secured communication both the unique device number and the unique user keycode number;
assigning, at the sending device, the random number table to the unique device number and unique user keycode number, the assignment being stored in a secret index in the electronic memory of the sending device;
selecting, at the sending device, a secret session key as a subset of the pseudo-random bit data in the random number table;
assigning, at the sending device, a start pointer corresponding to a start point of the subset of pseudo-random bit data and an end pointer corresponding to an end point of the subset of pseudo-random bit data;
determining selected properties identifying length and location of the subset of pseudo-random bit data in the random number table, the subset of pseudo-random bit data being the secret session key;
storing the selected properties and the start and end pointers of the secret session key in a secret session key properties descriptor buffer of the sending device;
copying into a secret session key buffer at the sending device the secret session key corresponding to the selected properties of the secret session key from within the predetermined number of pseudo-random bit data in the random number table stored at the sending device index, by utilizing the start and end pointers to locate the secret session key;
transforming the contents of the secret session key properties descriptor buffer into mangled secret session key properties;
storing the data to be transmitted to the receiving device in an input/output buffer of the sending device;
encrypting, at the sending device, the data in the input/output buffer using the symmetric key encryption algorithm and the secret session key stored in the secret session key buffer to generate an encrypted content;
appending, at the sending device, the unique device number and the mangled secret session key properties as a header of the encrypted content;
creating a connection between the sending device and the receiving device;
transmitting the encrypted content with the appended header from the sending device to the receiving device;
verifying, at the receiving device, the unique device number in the header of the encrypted content with the unique device number stored in the receiving device to determine whether the receiving device is authorized to decrypt the encrypted content;
extracting, at the receiving device, the mangled secret session key properties when the receiving device is authorized to decrypt the encrypted content, the mangled session key properties being stored in a copied mangled secret session key properties descriptor buffer of the receiving device;
restoring the contents of the copied mangled secret session key properties descriptor buffer, the restored secret session key properties corresponding to the secret session key properties at the sending device, the restored session key properties including the selected properties, the start pointer and the end pointer of the secret session key;
utilizing, at the receiving device, at least a subset of the selected properties, the starting pointer and the end pointer to extract the secret session key from a predetermined number of pseudo-random bit data previously stored in the receiving device, the predetermined number of pseudo-random bit data stored in the receiving device corresponding to the predetermined number of pseudo-random bit data stored in the sending device, the extracted secret session key being a duplicate of the secret session key stored in the sending device;
decrypting the encrypted content at the receiving device using the symmetric key encryption algorithm and the extracted secret session key when the receiving device is authorized to decrypt the encrypted content, the decrypted content being stored in an input/output buffer of the receiving device; and
securely using, reading or playing the contents of the input/output buffer of the receiving device, the secret session key having been successfully created and exchanged between the sending and receiving devices without exchanging or transmitting the actual secret session keys therebetween, the secure communication between the sending and receiving devices of encrypted content being maintained until termination of the communication is initiated by at least one of the sending and receiving devices.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of exchanging secret session keys in symmetric encryption communication includes storing random number tables in both the sending and receiving devices. The sending device then determines the secret session key utilizing the random number table, and transmits to the receiving device information for locating the secret session key within the random number table. Thus, the sending device shares the secret session key with the receiving device without actually transmitting the secret session key. The random number tables may be transmitted from one device to the other or be preinstalled in each device. Further, a common seed value may be used by each device to generate the random number table independently.
60 Citations
40 Claims
-
1. A method of creating and exchanging secret session keys for symmetric secret key encryption between a sending device and a receiving device without transmitting the actual secret session keys between the sending and receiving devices, the method comprising:
-
providing the receiving device with a unique device number, a unique user keycode number, and a symmetric secret key encryption algorithm; providing the sending device with the symmetric secret key encryption algorithm, a seed value and a non-system randomizer to generate a predetermined number of pseudo-random bit data based on the seed value, the pseudo-random bit data being arranged into a random number table stored in an electronic memory of the sending device; transmitting from the receiving device to the sending device through secured communication both the unique device number and the unique user keycode number; assigning, at the sending device, the random number table to the unique device number and unique user keycode number, the assignment being stored in a secret index in the electronic memory of the sending device; selecting, at the sending device, a secret session key as a subset of the pseudo-random bit data in the random number table; assigning, at the sending device, a start pointer corresponding to a start point of the subset of pseudo-random bit data and an end pointer corresponding to an end point of the subset of pseudo-random bit data; determining selected properties identifying length and location of the subset of pseudo-random bit data in the random number table, the subset of pseudo-random bit data being the secret session key; storing the selected properties and the start and end pointers of the secret session key in a secret session key properties descriptor buffer of the sending device; copying into a secret session key buffer at the sending device the secret session key corresponding to the selected properties of the secret session key from within the predetermined number of pseudo-random bit data in the random number table stored at the sending device index, by utilizing the start and end pointers to locate the secret session key; transforming the contents of the secret session key properties descriptor buffer into mangled secret session key properties; storing the data to be transmitted to the receiving device in an input/output buffer of the sending device; encrypting, at the sending device, the data in the input/output buffer using the symmetric key encryption algorithm and the secret session key stored in the secret session key buffer to generate an encrypted content; appending, at the sending device, the unique device number and the mangled secret session key properties as a header of the encrypted content; creating a connection between the sending device and the receiving device; transmitting the encrypted content with the appended header from the sending device to the receiving device; verifying, at the receiving device, the unique device number in the header of the encrypted content with the unique device number stored in the receiving device to determine whether the receiving device is authorized to decrypt the encrypted content; extracting, at the receiving device, the mangled secret session key properties when the receiving device is authorized to decrypt the encrypted content, the mangled session key properties being stored in a copied mangled secret session key properties descriptor buffer of the receiving device; restoring the contents of the copied mangled secret session key properties descriptor buffer, the restored secret session key properties corresponding to the secret session key properties at the sending device, the restored session key properties including the selected properties, the start pointer and the end pointer of the secret session key; utilizing, at the receiving device, at least a subset of the selected properties, the starting pointer and the end pointer to extract the secret session key from a predetermined number of pseudo-random bit data previously stored in the receiving device, the predetermined number of pseudo-random bit data stored in the receiving device corresponding to the predetermined number of pseudo-random bit data stored in the sending device, the extracted secret session key being a duplicate of the secret session key stored in the sending device; decrypting the encrypted content at the receiving device using the symmetric key encryption algorithm and the extracted secret session key when the receiving device is authorized to decrypt the encrypted content, the decrypted content being stored in an input/output buffer of the receiving device; and securely using, reading or playing the contents of the input/output buffer of the receiving device, the secret session key having been successfully created and exchanged between the sending and receiving devices without exchanging or transmitting the actual secret session keys therebetween, the secure communication between the sending and receiving devices of encrypted content being maintained until termination of the communication is initiated by at least one of the sending and receiving devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of creating and exchanging secret session keys used in symmetric secret key encryption between a sending device and a receiving device engaged in two way communication, the secret session key being exchanged without transmitting the actual secret session key between the sending and receiving devices, the method comprising:
-
providing the receiving device with a unique device number, a unique user keycode number assigned thereto, and a symmetric secret key encryption algorithm; providing the sending device with a unique device number, a unique user keycode assigned thereto, a seed value, the symmetric secret key encryption algorithm, and a non-system randomizer software; transmitting, from the receiving device to the sending device, the unique device number and unique user keycode corresponding to the receiving device; transmitting, from the sending device to the receiving device, the unique device number and unique user keycode corresponding to the sending device; generating, at the sending device, a predetermined number of pseudo-random bit data using the seed value, the predetermined number of pseudo-random bit data forming a random number table; assigning, in a secret index stored in an electronic memory of the sending device, the random number table to unique device number and the unique user keycode number corresponding to the receiving device; securely storing in the electronic memory of the receiving device, the unique device number and the unique user keycode number corresponding to the sending device; selecting, at the sending device, a secret session key as a subset of the pseudo-random bit data in the random number table corresponding to the unique device number and unique user keycode number of the receiving device; selecting, at the sending device, a start pointer and an end pointer corresponding to the subset of the pseudo-random bit data, the start and end pointers defining selected properties of the secret session key including a length and random number table location thereof; storing the selected properties of the secret session key, the start pointer and the end pointer into a secret session key properties descriptor buffer of the sending device; copying the secret session key into a secret session key buffer of the sending device using the start and end pointers to locate the secret session key within the random number table, the secret session key corresponding to the selected properties of the secret session key; encoding, at the sending device, the contents of the secret session key properties descriptor buffer into mangled secret session key properties; storing in an input/output buffer of the sending device, data to be encrypted and transmitted to the receiving device; encrypting, at the sending device, the data in the input/output buffer using the symmetric key encryption algorithm and the secret session key stored in the secret session key buffer to generate an encrypted content; appending, at the sending device, the unique device number and mangled secret session key properties as a header of the encrypted content; creating a connection between the sending device and the receiving device; transmitting the encrypted content with the appended header from the sending device to the receiving device; verifying, at the receiving device, the unique device number in the header of the encrypted content with the unique device number stored in the receiving device to determine whether the receiving device is authorized to decrypt the encrypted content; extracting, at the receiving device, the mangled secret session key properties when receiving device is authorized to decrypt the encrypted content, the mangled session key properties being stored in a copied mangled secret session key properties descriptor buffer of the receiving device; restoring the contents of the copied mangled secret session key properties descriptor buffer, the restored secret session key properties corresponding to the secret session key properties at the sending device, the restored session key properties including the selected properties, the start pointer and the end pointer of the secret session key; utilizing, at the receiving device, at least a subset of the selected properties, the starting pointer and the end pointer to extract the secret session key from a predetermined number of pseudo-random bit data previously stored in the receiving device, the predetermined number of pseudo-random bit data stored in the receiving device corresponding to the predetermined number of pseudo-random bit data stored in the sending device, the extracted secret session key being a duplicate of the secret session key stored in the sending device; decrypting the encrypted content at the receiving device using the symmetric key encryption algorithm and the extracted secret session key when receiving device is authorized to decrypt the encrypted content, the decrypted content being stored in an input/output buffer of the receiving device; securely using, reading or playing the contents of the input/output buffer of the receiving device, the secret session key having been successfully created and exchanged between the sending and receiving devices without exchanging or transmitting the actual secret session keys therebetween; determining, at the receiving device, whether additional communication with the sending device is required based on the contents of the input/output buffer; encoding, at the receiving device, restored secret session key properties into mangled secret session key properties, and storing the mangled secret session key properties into a mangled secret session key properties descriptor buffer; storing data to be encrypted and transmitted from the receiving device to the sending device in an input/output buffer of the receiving device; encrypting, at the receiving device, the data in the input/output buffer using the symmetric key encryption algorithm and the secret session key to generate an encrypted content; appending, at the receiving device, the unique device number of the sending device and the contents of the mangled secret session key properties descriptor buffer as a header of the encrypted content; creating a connection between the receiving device and the sending device; transmitting the encrypted content with the appended header from the receiving device to the sending device; verifying, at the sending device, the unique device number in the header of the encrypted content with the unique device number stored in the sending device to determine whether the sending device is authorized to decrypt the encrypted content; extracting, at the sending device, the mangled secret session key properties when the sending device is authorized to decrypt the encrypted content, the mangled session key properties being stored in a copied mangled secret session key properties descriptor buffer of the sending device; restoring the contents of the copied mangled secret session key properties descriptor buffer, the restored secret session key properties corresponding to the secret session key properties at the receiving device, the restored secret session key properties including the selected properties, the start pointer and the end pointer of the secret session key; utilizing, at the sending device, at least a subset of the selected properties, the starting pointer and the end pointer to extract the secret session key from a predetermined number of pseudo-random bit data previously stored in the sending device, the predetermined number of pseudo-random bit data stored in the sending device corresponding to the predetermined number of pseudo-random bit data stored in the receiving device, the extracted secret session key being a duplicate of the session key stored in the receiving device; decrypting the encrypted content at the sending device using the symmetric key encryption algorithm and the extracted secret session key when the sending device is authorized to decrypt the encrypted content, the decrypted content being stored in an input/output buffer of the sending device; securely using, reading or playing the contents of the input/output buffer of the receiving device, the secret session key having been successfully created and exchanged between the sending and receiving devices without exchanging or transmitting the actual secret session keys therebetween; repeating all steps above until at least one of the sending device and the receiving device ends communication therebetween. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A computer-readable medium storing computer-readable instructions thereon, the computer-readable instructions, when executed by a processor cause the processor to perform a method comprising:
-
providing a receiving device with a unique device number, a unique user keycode number, and a symmetric secret key encryption algorithm; providing a sending device with a symmetric secret key encryption algorithm, a seed value and a non-system randomizer to generate a predetermined number of pseudo-random bit data based on the seed value, the pseudo-random bit data being arranged into a random number table stored in an electronic memory of the sending device; transmitting from the receiving device to the sending device through secured communication both the unique device number and the unique user keycode number; assigning, at the sending device, the random number table to the unique device number and unique user keycode number, the assignment being stored in a secret index in the electronic memory of the sending device; selecting, at the sending device, a secret session key as a subset of the pseudo-random bit data in the random number table; assigning, at the sending device, a start pointer corresponding to a start point of the subset of pseudo-random bit data and an end pointer corresponding to an end point of the subset of pseudo-random bit data; determining selected properties identifying length and location of the subset of pseudo-random bit data in the random number table, the subset of pseudo-random bit data being the secret session key; storing the selected properties and the start and end pointers of the secret session key in a secret session key properties descriptor buffer of the sending device; copying into a secret session key buffer at the sending device the secret session key corresponding to the selected properties of the secret session key from within the predetermined number of pseudo-random bit data in the random number table stored at the sending device index, by utilizing the start and end pointers to locate the secret session key; transforming the contents of the secret session key properties descriptor buffer into mangled secret session key properties; storing the data to be transmitted to the receiving device in an input/output buffer of the sending device; encrypting, at the sending device, the data in the input/output buffer using the symmetric key encryption algorithm and the secret session key stored in the secret session key buffer to generate an encrypted content; appending, at the sending device, the unique device number and the mangled secret session key properties as a header of the encrypted content; creating a connection between the sending device and the receiving device; transmitting the encrypted content with the appended header from the sending device to the receiving device; verifying, at the receiving device, the unique device number in the header of the encrypted content with the unique device number stored in the receiving device to determine whether the receiving device is authorized to decrypt the encrypted content; extracting, at the receiving device, the mangled secret session key properties when the receiving device is authorized to decrypt the encrypted content, the mangled session key properties being stored in a copied mangled secret session key properties descriptor buffer of the receiving device; restoring the contents of the copied mangled secret session key properties descriptor buffer, the restored secret session key properties corresponding to the secret session key properties at the sending device, the restored session key properties including the selected properties, the start pointer and the end pointer of the secret session key; utilizing, at the receiving device, at least a subset of the selected properties, the starting pointer and the end pointer to extract the secret session key from a predetermined number of pseudo-random bit data previously stored in the receiving device, the predetermined number of pseudo-random bit data stored in the receiving device corresponding to the predetermined number of pseudo-random bit data stored in the sending device, the extracted secret session key being a duplicate of the secret session key stored in the sending device; decrypting the encrypted content at the receiving device using the symmetric key encryption algorithm and the extracted secret session key when the receiving device is authorized to decrypt the encrypted content, the decrypted content being stored in an input/output buffer of the receiving device; and securely using, reading or playing the contents of the input/output buffer of the receiving device, the secret session key having been successfully created and exchanged between the sending and receiving devices without exchanging or transmitting the actual secret session keys therebetween, the secure communication between the sending and receiving devices of encrypted content being maintained until termination of the communication is initiated by at least one of the sending and receiving devices. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A computer-readable medium storing computer-readable instructions thereon, the computer-readable instructions when executed by a processor, cause the processor to perform a method comprising:
-
providing a receiving device with a unique device number, a unique user keycode number assigned thereto, and a symmetric secret key encryption algorithm; providing a sending device with a unique device number, a unique user keycode assigned thereto, a seed value, a symmetric secret key encryption algorithm, and a non-system randomizer software; transmitting, from the receiving device to the sending device, the unique device number and unique user keycode corresponding to the receiving device; transmitting, from the sending device to the receiving device, the unique device number and unique user keycode corresponding to the sending device; generating, at the sending device, a predetermined number of pseudo-random bit data using the seed value, the predetermined number of pseudo-random bit data forming a random number table; assigning, in a secret index stored in an electronic memory of the sending device, the random number table to unique device number and the unique user keycode number corresponding to the receiving device; securely storing in the electronic memory of the receiving device, the unique device number and the unique user keycode number corresponding to the sending device; selecting, at the sending device, a secret session key as a subset of the pseudo-random bit data in the random number table corresponding to the unique device number and unique user keycode number of the receiving device; selecting, at the sending device, a start pointer and an end pointer corresponding to the subset of the pseudo-random bit data, the start and end pointers defining selected properties of the secret session key including a length and random number table location thereof; storing the selected properties of the secret session key, the start pointer and the end pointer into a secret session key properties descriptor buffer of the sending device; copying the secret session key into a secret session key buffer of the sending device using the start and end pointers to locate the secret session key within the random number table, the secret session key corresponding to the selected properties of the secret session key; encoding, at the sending device, the contents of the secret session key properties descriptor buffer into mangled secret session key properties; storing in an input/output buffer of the sending device, data to be encrypted and transmitted to the receiving device; encrypting, at the sending device, the data in the input/output buffer using the symmetric key encryption algorithm and the secret session key stored in the secret session key buffer to generate an encrypted content; appending, at the sending device, the unique device number and mangled secret session key properties as a header of the encrypted content; creating a connection between the sending device and the receiving device; transmitting the encrypted content with the appended header from the sending device to the receiving device; verifying, at the receiving device, the unique device number in the header of the encrypted content with the unique device number stored in the receiving device to determine whether the receiving device is authorized to decrypt the encrypted content; extracting, at the receiving device, the mangled secret session key properties when receiving device is authorized to decrypt the encrypted content, the mangled session key properties being stored in a copied mangled secret session key properties descriptor buffer of the receiving device; restoring the contents of the copied mangled secret session key properties descriptor buffer, the restored secret session key properties corresponding to the secret session key properties at the sending device, the restored session key properties including the selected properties, the start pointer and the end pointer of the secret session key; utilizing, at the receiving device, at least a subset of the selected properties, the starting pointer and the end pointer to extract the secret session key from a predetermined number of pseudo-random bit data previously stored in the receiving device, the predetermined number of pseudo-random bit data stored in the receiving device corresponding to the predetermined number of pseudo-random bit data stored in the sending device, the extracted secret session key being a duplicate of the secret session key stored in the sending device; decrypting the encrypted content at the receiving device using the symmetric key encryption algorithm and the extracted secret session key when receiving device is authorized to decrypt the encrypted content, the decrypted content being stored in an input/output buffer of the receiving device; securely using, reading or playing the contents of the input/output buffer of the receiving device, the secret session key having been successfully created and exchanged between the sending and receiving devices without exchanging or transmitting the actual secret session keys therebetween; determining, at the receiving device, whether additional communication with the sending device is required based on the contents of the input/output buffer; encoding, at the receiving device, restored secret session key properties into mangled secret session key properties, and storing the mangled secret session key properties into a mangled secret session key properties descriptor buffer; storing data to be encrypted and transmitted from the receiving device to the sending device in an input/output buffer of the receiving device; encrypting, at the receiving device, the data in the input/output buffer using the symmetric key encryption algorithm and the secret session key to generate an encrypted content; appending, at the receiving device, the unique device number of the sending device and the contents of the mangled secret session key properties descriptor buffer as a header of the encrypted content; creating a connection between the receiving device and the sending device; transmitting the encrypted content with the appended header from the receiving device to the sending device; verifying, at the sending device, the unique device number in the header of the encrypted content with the unique device number stored in the sending device to determine whether the sending device is authorized to decrypt the encrypted content; extracting, at the sending device, the mangled secret session key properties when the sending device is authorized to decrypt the encrypted content, the mangled session key properties being stored in a copied mangled secret session key properties descriptor buffer of the sending device; restoring the contents of the copied mangled secret session key properties descriptor buffer, the restored secret session key properties corresponding to the secret session key properties at the receiving device, the restored secret session key properties including the selected properties, the start pointer and the end pointer of the secret session key; utilizing, at the sending device, at least a subset of the selected properties, the starting pointer and the end pointer to extract the secret session key from a predetermined number of pseudo-random bit data previously stored in the sending device, the predetermined number of pseudo-random bit data stored in the sending device corresponding to the predetermined number of pseudo-random bit data stored in the receiving device, the extracted secret session key being a duplicate of the session key stored in the receiving device; decrypting the encrypted content at the sending device using the symmetric key encryption algorithm and the extracted secret session key when the sending device is authorized to decrypt the encrypted content, the decrypted content being stored in an input/output buffer of the sending device; securely using, reading or playing the contents of the input/output buffer of the receiving device, the secret session key having been successfully created and exchanged between the sending and receiving devices without exchanging or transmitting the actual secret session keys therebetween; repeating all steps above until at least one of the sending device and the receiving device ends communication therebetween. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40)
-
Specification