Cryptographic system using interchangeable key blocks and selectable key fragments

US 4,694,491 A
Filed: 03/11/1985
Issued: 09/15/1987
Est. Priority Date: 03/11/1985
Status: Expired due to Term

First Claim

Patent Images

1. A cryptographic system for the secured transmission of information between first and second nodes, comprising, at the first node;

means for generating a key comprising more than one key fragment;

means for selecting a set of one or more of the key fragments;

means for generating data indicative of the selected key fragments;

means for encrypting the information using the selected key fragment set;

means for encrypting the key, said key encrypting means comprising means for generating a second key comprising more than one second key fragment;

means for selecting a set of one or more of the second key fragments;

means for encrytping said key with said selected set of second key fragments, means for generating second data indicative of the set of second key fragments selected; and

means for transferring the encrypted information, encrypted key, select data and second data from the first node to the second node; and

at the second node, means for decrypting the encrypted key, means for obtaining the selected key fragments set from the decrypted key in accordance with the transferred select data and means for decrypting the encrypted information using the obtained key fragments set.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cryptographic system is used for the secure transmission of digitized signals to a plurality of receivers. At the transmission end, a key consisting of two blocks, each including a plurality of key fragments, is generated. For each transmission session, different sets of key fragments may be periodically selected from one of the key blocks and used to encrypt the signals. Data indicative of the set selection is generated. The key is distributed to each receiver. The set selection data is transmitted to all receivers along with the encrypted signals and used to construct the key fragment set for decryption of the transmitted signals. During the transmission session, the other key block may be varied to form a replacement key which is distributed to each receiver. At the end of the session, the functions of the key blocks are interchanged in all receivers at one time by selecting a set in the varied key block for use in encryption and decryption.

197 Citations

31 Claims

1. A cryptographic system for the secured transmission of information between first and second nodes, comprising, at the first node;
- means for generating a key comprising more than one key fragment;
  
  means for selecting a set of one or more of the key fragments;
  
  means for generating data indicative of the selected key fragments;
  
  means for encrypting the information using the selected key fragment set;
  
  means for encrypting the key, said key encrypting means comprising means for generating a second key comprising more than one second key fragment;
  
  means for selecting a set of one or more of the second key fragments;
  
  means for encrytping said key with said selected set of second key fragments, means for generating second data indicative of the set of second key fragments selected; and
  
  means for transferring the encrypted information, encrypted key, select data and second data from the first node to the second node; and
  
  at the second node, means for decrypting the encrypted key, means for obtaining the selected key fragments set from the decrypted key in accordance with the transferred select data and means for decrypting the encrypted information using the obtained key fragments set.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein said key decryption means comprises means for storing the second key, means for obtaining the selected second key fragment set from the stored second key using the second data and means for decrypting the encrypted key using the obtained second key fragment set.
  - 3. The system of claim 1, wherein said means for generating the second key comprises means for storing a third key, means for storing a number associated with the second node, and means for encrypting the number with the third key ot obtain the second key.
  - 4. The system of claim 3, for transmission of information from a first node to a plurality of second nodes, wherein each of the second nodes has a unique number associated with it and further comprising, at the first node, means for storing each of the unique numbers and for using a different one of the unique numbers to generate each of a plurality of second keys, each of the second keys being usable only by the second node whose unique number was used to generate it.
  - 5. The system of claim 4, wherein said key decryption means comprises means for storing the second key, means for obtaining the selected second key fragment set from the stored second key using the second data and means for decrypting the encrypted key using the obtained second key fragment set.
  - 6. The system of claim 5, wherein said second key storing means stores a second key which is generated based on the unique number associated with the second node of which the storage means forms a part.
  - 7. The system of claim 1, wherein said key fragment set selection means comprises means for periodically selecting different key fragment sets.
  - 8. The system of claim 1, wherein said second key fragment selection means comprises means for periodically selecting different second key fragment sets.
  - 9. The system of claim 1, wherein the selected key fragment set is changed relatively often and the second selected key fragment set is changed less often.
  - 10. The system of claim 1, wherein the second key fragments comprise sets of bits.

11. A cryptographic system for the secure transmission of information between first and second nodes, comprising at the first node;
- means for selecting a set of one or more of the key fragments, said key fragment selection means comprising means for periodically selecting different arrangements of fragments to form the key fragment set, means for generating data indicative of the selected key fragment set, means for encrypting the information using the selected key fragments set;
  
  means for transferring the encrypted information, key, and select data from the first node to the second node;
  
  at the second node;
  
  means for obtaining the selected key fragment set for the transferred key in accordance with the transferred select data; and
  
  means for decrypting the encrypted information using the obtained key fragment set.

12. A cryptographic system for the secure transmission of information between first and second nodes, comprising, at the first node;
- means for generating a key comprising more than one key fragment, said key fragments comprising bytes;
  
  means for selecting a set of one or more of the key fragments;
  
  means for generating data indicative of the selected key fragments in said set;
  
  means for encrypting the information using the selected key fragments in said set;
  
  means for transferring the encrypted information, key, and select data from the first node to the second node; and
  
  at the second node;
  
  means for obtaining the selected key fragments said of the transferred key in accordance with the transferred selected data; and
  
  means for decrypting the encrypted information using the obtained key fragments set.

13. A cryptographic system for the secure transmission of information between first and second nodes comprising, at the first node, means for generating a key comprising first and second blocks, each block comprising more than one key fragment, means for designating one of the key blocks as the current key block for encryption and decryption, means for selecting one or more key fragments of the current key block to form a key fragment set, means for varying the second key block, said designating means designating the second key block as the then current key block after same has been varied, means for generating data indicative of the selected key fragment set from the then current key block, means for encrypting information using the selected key fragment set of the then current key block, means for transferring the encrypted information, key and data to the second node, and, at the second node, means for obtaining the selected key fragment set of the then current key block from the transferred key in accordance with the transferred data and means for decrypting the encrypted information using the obtained selected key fragment set.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
- - 14. The system of claim 13, wherein said first key block is designated as the current key block during a first transmission session and said second key block is designated as the current key block during a second transmission session.
  - 15. The system of claim 13, further comprising means, at the first node, for encrypting the key to form the key information and means, at the second node, for decrypting the key information.
  - 16. The system of claim 15, wherein said key encryption means comprises means for generating a second key comprising more than one second key fragment;
    - means for selecting one or more of the second key fragments to form a second key fragment set;
      
      means for generating second data indicative of the second key fragment set selected;
      
      means for encrypting the key with said selected set of second key fragments; and
      
      means for transferring the second data from the first node to the second node.
  - 17. The system of claim 16, wherein said key decryption means comprises means for storing the second key, means for obtaining the selected second key fragment set from the stored second key using the second data and means for decrypting the encrypted key using the obtained second key fragment set.
  - 18. The system of claim 16, wherein said means for generating the second key comprises means for storing a third key, means for storing a number associated with the second node and means for encrypting the number with the third key to obtain the second key.
  - 19. The system of claim 18, for transmission of information from a first node to a plurality of second nodes, wherein each of the second nodes has a unique number associated with it and further comprising, at the first node, means for storing each of the unique numbers and for using a different one of the unique numbers to generate each of a plurality of second keys, each of the second keys being usable only by the second node whose unique number was used to generate.
  - 20. The system of claim 13, wherein said key fragment set selection means comprises means for periodically selecting different key fragments to form the key fragment set.
  - 21. The system of claim 16, wherein said second key fragment set selection means comprises means for periodically selecting different second key fragments to form the second key fragment set.

22. A receiver for use in a system broadcasting information of the type comprising an encrypted key including more than one key fragment, data indicative of a key fragment set selected from the key, information encrypted using the selected set of key fragments indicated by the data, second data indicative of a key fragment set selected from a second key comprising more then one fragment, the receiver comprising means for receiving the key in encrypted form, data and encrypted information, means for obtaining the selected set of key fragments from the received key in accordance with the received data, means for decrypting the received information using the obtained selected key fragment set, a memory for storing a second key and means for using the stored second key to decrypt the received key fragment, comprising means for obtaining the second key fragment set from the stored second key in accordance with the second data and for using the obtained second key fragment set in decrypting the key information.
- View Dependent Claims (23)
- - 23. The receiver of claim 22, wherein said fragments are bytes.

24. A receiver for use in a system broadcasting information of the type comprising key information including a key with first and second blocks, each having more than one fragments, one of the blocks being designated as the current key block for encrypting and decrypting during a period in which the other block is varied and, thereafter, the second block being designated as the current key block, data indicative of a key fragment set selected from the then current key block and information encrypted using the selected set of fragments indicated by the data, the receiver comprising means for receiving the key information, data and encrypted information, means for obtaining, from the received key information, the selected key fragment set in accordance with the received data and means for decrypting the received information using the obtained selected key fragment set.
- View Dependent Claims (25, 26, 27, 28)
- - 25. The receiver of claim 24, wherein the key information is received in encrypted form and further comprising a memory for storing a second key and means for using the second key to decrypt the received key information.
  - 26. The receiver of claim 25, wherein the second key comprises more than one fragment wherein the broadcast signal comprises second data indicative of a selected set of fragments from the second key and wherein said means for using the second key to decrypt the received key information comprises means for obtaining the second key fragment set from the stored second key in accordance with the second data and for using the obtained second key fragment set in decrypting the key information.
  - 27. The receiver of claim 24, wherein said first key block is designated as the current key block during a first transmission session and said second key block is designated as the current key block during a second transmission session.
  - 28. The receiver of claim 24, wherein the blocks comprise sets of bytes.

29. A cryptographic method for the secure transmission of information between first and second nodes comprising the steps of, at the first node, generating a key comprising more than one key fragment, selecting one or more of the key fragments to form the set, generating data indicative of the selective key fragments set, encrypting the information to be transmitted using the selected key fragment set, encrypting the key, the step of encrypting the key comprising the steps of generating a second key comprising more than one key fragment, selecting one or more of the second key fragments to form a second set, encrypting the key with the selected set of second key fragments generating second data indicative of the selected second key fragment set, transferring the encrypted information, encrypted key, data and second data from the first node to the second node and, at the second node, obtaining the selected key fragment set from the transferred encrypted key in accordance with the transferred data, decrypting the encrypted key and decrypting the information using the obtained key fragment set.

30. The method of claim 56, wherein the step of decrypting the key information includes the steps of storing the second key, obtaining the selected second key fragment set from the stored second key using the second data and decrypting the encrypted key using the obtained second key fragment set.

31. A method for changing keys in a cryptographic system for transmitting information from a first node to a plurality of second nodes, the method comprising the steps of:
- generating a first key comprising first and second blocks, selecting said first block of the first key for use in encrypting and decrypting, encrypting the information to be transmitted with the first key block;
  
  generating a second key comprising first and second blocks in which said first block is identical to the first block of the first key;
  
  transmitting the encrypted information to each of the second nodes, distributing the first key to each of the second nodes to permit decryption of the transmitted information with the first block, distributing the second key to each of the second nodes for substitution for the first key, distributing to each of the second nodes a signal causing each of the second nodes to switch from said first block of said second key to said second block of said second key for decryption of the transmitted information as the second block of the second key is substituted for the first block of the first key for encryption of the information to be transferred.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
General Instrument Corporation (CommScope Holding Company, Inc.)
Original Assignee
General Instrument Corporation (CommScope Holding Company, Inc.)
Inventors
Horne, Donald R., Jeffers, John M.
Primary Examiner(s)
NOT, DEFINED
Assistant Examiner(s)
NOT, DEFINED

Application Number

US06/710,385
Time in Patent Office

918 Days
Field of Search

358/120, 358/121, 358/122, 358/123, 358/124, 358/84, 178/22.04, 178/22.05, 178/22.06, 178/22.13, 178/22.14, 178/22.16, 178/22.15
US Class Current

380/239
CPC Class Codes

H04L 2209/601   Broadcast encryption

H04L 9/0861   Generation of secret inform...

H04L 9/0891   Revocation or update of sec...

H04N 21/23895   involving multiplex stream ...

H04N 21/26613   for generating or managing ...

H04N 21/6332   directed to client

H04N 7/1675   Providing digital key or au...

Cryptographic system using interchangeable key blocks and selectable key fragments

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

197 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographic system using interchangeable key blocks and selectable key fragments

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

197 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links