Abuse-resistant object distribution system and method
First Claim
1. A data distribution unit including electronic signal processing circuits comprising:
- a source of data signals mj ;
an access indicia generator means providing access indicia signals Ai for selected distribution to potential users over an access channel;
a data encryptor means providing encrypted data signals cj =Ej (mj) for broadcast distribution to potential users over a broadcast channel where Ej is a predetermined encryption signal processing function; and
a decryption key generator means coupled to said encryptor means and to said access indicia generator means and providing unique keys data signals tij for selected distribution to an authorized user over a key channel such that mj =D(Ai, tij, cj) where D is a predetermined decryption signal processing function for decrypting data signals encrypted with the predetermined signal processing function Ej.
2 Assignments
0 Petitions
Accused Products
Abstract
Encrypted data objects are distributed via a broadcast communication channel or media. Relatively large access indicia may also be pre-distributed to any potential data object users and/or purchasers via an access communication channel or media. Subsequently, when a particular potential user or purchaser wishes to decrypt a given data object, he or she communicates to a data distribution point the identity of the desired data object and the identity of a valid access incidium. A relatively short decryption key is then furnished via a key distribution communication channel or media to permit decryption while at the same time permitting appropriate accounting operations to take place. The system is resistant to abuse in several ways but in part because such abuse would be approximately as difficult as would be re-distribution of the entire decrypted data object itself.
241 Citations
54 Claims
-
1. A data distribution unit including electronic signal processing circuits comprising:
-
a source of data signals mj ; an access indicia generator means providing access indicia signals Ai for selected distribution to potential users over an access channel; a data encryptor means providing encrypted data signals cj =Ej (mj) for broadcast distribution to potential users over a broadcast channel where Ej is a predetermined encryption signal processing function; and a decryption key generator means coupled to said encryptor means and to said access indicia generator means and providing unique keys data signals tij for selected distribution to an authorized user over a key channel such that mj =D(Ai, tij, cj) where D is a predetermined decryption signal processing function for decrypting data signals encrypted with the predetermined signal processing function Ej. - View Dependent Claims (2, 3, 4, 5, 17, 18, 19, 20, 21)
- 18. Apparatus as in claim 1, 6, 11 or 16 wherein signal Ai represents an element of a group of signals, and
(a) the signal processing function Ej is - space="preserve" listing-type="equation">E.sub.j (m.sub.j)=ƒ
(B.sub.j, m.sub.j)
where ƒ
is a signal processing function and signal Bj represents an element of a group of signals, and(b) the signal processing function D is
space="preserve" listing-type="equation">D(A.sub.i, t.sub.ij, c.sub.j)=ƒ
'"'"'(G o A.sub.i, c.sub.j)where ƒ
'"'"' is a signal processing function, G denotes the tij th power of signal G in the group of signals, G represents an element of the group, and o denotes a group signal processing operation. - space="preserve" listing-type="equation">E.sub.j (m.sub.j)=ƒ
-
-
19. Apparatus as in claim 17 wherein the group of signals is a subgroup of order q of the multidimensional multiplicative group modulo n, where n and q are integers, and hence where signals Ai and B j represent vectors α
-
i and β
j and the tij th power of α
i is(α
ai1t.spsb.ij mod n, . . . , aimt.spsb.ij mod n), where α
i1, . . . , α
im are the components of α
i, and m is the dimension.
-
i and β
-
20. Apparatus as in claim 17 including means for implementing the signal processing functions ƒ
- and ƒ
'"'"' by bit-wise exclusive-or signal processing functions.
- and ƒ
-
21. Apparatus as in claim 1, 6, 11 or 16 wherein:
signal tij is transformed into an encrypted key signal under a key-encryption key signal shorter than tij and transmitted from a distribution unit to a terminal over a communication channel that is different than that used to communicate signal cj but the same as is used to communicate signal Ai, said key-encryption key signal being communicated on the same communication channel as is signal tij.
-
6. A terminal for receiving broadcast encrypted data signals cj via a broadcast channel and encrypted by a predetermined encrypting signal processing function Ej (mj)=cj and for selectively decrypting such data signals, said terminal comprising:
-
means for receiving at least one access indicium signal Ai received via an access channel; and a decryptor means adapted to receive a unique decryption key signal tij based on a selected signal Ai and a selected signal cj via a key channel and to provide a decryption signal mj of the selected encrypted data. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A data distribution system comprising:
-
a plurality of data signal receiving terminals; at least one data signal distribution unit coupled to said plurality of data signal receiving terminals by a data signal object broadcast channel providing encrypted data signal objects cj to each terminal; an access channel providing a unique access indicium signal Ai to any terminal desiring access to said data signal objects; and a key signal distribution channel for providing a unique decryption key signal tij to any requesting terminal from a distribution unit corresponding to supplied indicium signal Ai and a selected encrypted data signal object cj and for decrypting signal cj. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A data distribution system comprising:
-
a source of data signals mj ; an access indicia generator providing access indicia signals Ai ; a data encryptor providing encrypted data signals cj =Ej (mj) where Ej is a predetermined encryption signal processing function; and a decryption key generator coupled to said encryptor and to said access indicia generator and providing unique key signals tij such that data signals mj =D(Ai, tij, cj) where D is a predetermined decryption signal processing function for decrypting data encrypted with the predetermined signal processing function Ej ; a plurality of terminals coupled to receive said data signals cj ; and each said terminal including a decryptor means adapted to receive a decryption key signal tij based on a supplied signal Ai and a selected signal cj and to provide a decryption signal m'"'"'j of the selected encrypted data.
-
-
22. A data object distribution system, comprising
(a) a broadcast channel for transmitting identical encrypted signals representing data objects from a distribution unit to a plurality of terminals; -
(b) an access number channel for transmitting a unique access number signal from said distribution unit to any one of said terminals, (c) a key distribution channel for transmitting signals representing indexes of an encrypted data object signal and of an access number signal from any one of said terminals to said distribution unit and for transmitting a key signal from the distribution unit to said one terminal which, in combination with the access number signal enables access to the data object, (d) a distribution unit means coupled to said broadcast channel, said access number channel, and said key distribution channel, and adapted for i. generating an access number signal Ai, where i is the index of the access number signal, ii. transmitting signal Ai on said access number channel, iii. transforming a data object signal mj into an encrypted data object signal cj, where j is the index of the data object signal,
space="preserve" listing-type="equation">c.sub.j =E.sub.j (m.sub.j),and Ej is a signal processing function, iv. transmitting signal cj on said broadcast channel, v. computing a key signal tij such that
space="preserve" listing-type="equation">m.sub.j =D(A.sub.i, t.sub.ij, c.sub.j),where D is a signal processing function, vi. receiving signals representing index numbers i and j from said key distribution channel, and vii. transmitting signal tij on said key distribution channel, and (e) a plurality of terminal means, each terminal means being coupled to said broadcast channel, said access number channel, and said key distribution channel, and adapted for i. receiving signal cj from said broadcast channel, ii. receiving signal Ai from said access number channel, iii. transmitting signals representing i and j on said key distribution channel, and iv. transforming signal cj into a data object signal m'"'"'j, where
space="preserve" listing-type="equation">m'"'"'.sub.j =D(A.sub.i, t.sub.ij, c.sub.j). - View Dependent Claims (23, 24, 25, 26, 27)
- 24. The system as in claim 22 wherein signal Ai represents an element of a group of signals, and
(a) the signal processing function Ej is - space="preserve" listing-type="equation">E.sub.j (m.sub.j)=ƒ
(B.sub.j, m.sub.j)
where ƒ
is a signal processing function signal Bj represents an element of a group of signal, and(b) the signal processing function D is
space="preserve" listing-type="equation">D(A.sub.i, t.sub.ij, c.sub.j)=ƒ
'"'"'(G o A.sub.i, c.sub.j)where ƒ
'"'"' is a signal processing function, G denotes the tij th power of signal G in the group of signals, G represents an element of the group of signals, and o denotes a group signal processing operation. - space="preserve" listing-type="equation">E.sub.j (m.sub.j)=ƒ
-
-
25. The system as in claim 23 or 24 wherein the group of signals is a subgroup of order q of the multidimensional multiplicative group modulo n where n and q are integers, and hence where signals Ai and Bj represent vectors α
-
i and β
j, and the tij th power of α
i is(α
i1t.spsb.ij mod n, . . . , α
imt.spsb.ij mod n), where α
i1, . . . , α
im are the components of α
i and m is the dimension.
-
i and β
-
26. The system as in claim 23 or 24 including means for implementing the signal processing functions ƒ
- and ƒ
'"'"' by bit-wise exclusive-or signal processing functions.
- and ƒ
-
27. The system as in claim 22, 23, or 24 wherein
(a) the distribution unit means is further adapted for i. transforming signal tij into an encrypted key signal under a key-encryption key signal shorter than signal tij and transmitting said encrypted key signal on the access number channel, whereby the distribution unit may predistribute said encrypted key signal, and ii. transmitting said key-encryption key signal on the key distribution channel, and (b) the terminal means is further adapted for i. receiving said encrypted key signal from the access number channel, ii. receiving said key-encryption key signal from the key distribution channel, and iii. transforming said encrypted key signal into a key signal t'"'"'ij under said key-encryption key signal.
-
28. A data distribution method comprising:
-
providing a source of data signals mj ; providing access indicia signals Ai for selected distribution to potential users over an access channel; providing encrypted data signals cj =Ej (mj) for broadcast distribution to potential users over a broadcast channel where Ej is a predetermined encryption signal processing function; and providing unique key data signals tij for selected distribution to an authorized user over a key channel such that mj =D(Ai, tij, cj) where D is a predetermined decryption signal processing function for decrypting data encrypted with the predetermined signal processing function Ej. - View Dependent Claims (29, 30, 31, 32, 44, 45, 46, 47, 48)
- 45. Method as in claim 28, 33, 38 or 43 wherein Ai represents an element of a group of signals, and
(a) the signal processing function Ej is - space="preserve" listing-type="equation">E.sub.j (m.sub.j)=ƒ
(B.sub.j, m.sub.j)
where ƒ
is a signal processing function Bj represents an element of a group of signals, and(b) the signal processing function D is
space="preserve" listing-type="equation">D(A.sub.i, t.sub.ij, c.sub.j)=ƒ
'"'"'(G o A.sub.i, c.sub.j)where ƒ
'"'"' is a signal processing function, G denotes the tij th power of G in the group of signals, G represents an element of the group of signals, and o denotes a group signal processing operation. - space="preserve" listing-type="equation">E.sub.j (m.sub.j)=ƒ
-
-
46. Method as in claim 44 wherein the group of signals is a subgroup of order q of the multidimensional multiplicative group modulo n, where n and q are integers, and hence where signals Ai and Bj represent vectors α
-
i and β
j and the tij th power of α
i is(α
i1t.spsb.ij mod n, . . . , α
imt.spsb.ij mod n), where α
i1 . . . , α
im are the components of α
i, and m is the dimension.
-
i and β
-
47. Method as in claim 44 wherein the signal processing functions ƒ
- and ƒ
'"'"' include bit-wise exclusive-or processing of signals.
- and ƒ
-
48. Method as in claim 28, 33, 38 or 43 wherein:
signal tij is transformed into an encrypted key signal under a key-encryption key signal shorter than signal tij and transmitted from a distribution unit to a terminal over a communication channel that is different than that used to communicate signal cj but the same as is used to communicate signal Ai, said key-encryption key being communicated on the same communication channel as is signal tij.
-
33. A method for receiving broadcast encrypted data signals cj via a broadcast channel and encrypted by a predetermined encrypting signal processing function Ej (mj)=cj and for selectively decrypting such data, said method comprising:
-
providing at least one access indicium signal Ai received via an access channel; and receiving a unique decryption key signal tij based on a selected signal Ai and a selected signal cj via a key channel and providing a decryption signal mj of the selected encrypted data. - View Dependent Claims (34, 35, 36, 37)
-
-
38. A data distribution method comprising:
-
providing a plurality of data receiving terminals; providing encrypted signals representing data objects cj to each terminal via a data object broadcast channel; providing a unique access indicium signal Ai to any terminal desiring access to said data objects via an access channel; and providing a unique decryption key signal tij via a key distribution channel to any requesting terminal corresponding to a supplied indicium signal Ai and a selected encrypted data object signal cj and for decrypting signal cj. - View Dependent Claims (39, 40, 41, 42)
-
-
43. A data distribution method comprising:
-
providing a source of data signal mj ; providing access indicia signal Ai ; providing encrypted data signal cj =Ej (mj) where Ej is a predetermined encryption signal processing function; and providing unique key signals tij such that mj =D(Ai, tij, cj) where D is a predetermined decryption signal processing function for decrypting data encrypted with the predetermined signal processing function Ej ; providing a plurality of terminals coupled to receive said signal cj ; and providing a decryptor in each terminal adapted to receive a decryption key signal tij based on a supplied signal Ai and a selected signal cj and to provide a decryption signal m'"'"'j of the selected encrypted data.
-
-
49. A data object distribution method, comprising
(a) transmitting identical encrypted signals representing data objects from a distribution unit via a broadcast channel to a plurality of terminals; -
(b) transmitting a unique access number signal from said distribution unit to any one of said terminals via an access number channel, (c) transmitting index signals of an encrypted data object and of an access number signal from any one of said terminals to said distribution unit via a key distribution channel and transmitting a key signal from the distribution unit to said one terminal which, in combination with the access number signal enables access to the data object signal, (d) coupling a distribution unit to said broadcast channel, said access number channel, and said key distribution channel, and adapting the distribution unit for i. generating an acess number signal Ai, where signal i is the index of the access number signal, ii. transmitting signal Ai on said access number channel, iii. transforming a data object signal mj into an encrypted data object signal cj, where signal j is the index of the data object signal,
space="preserve" listing-type="equation">c.sub.j =E.sub.j (m.sub.j),and Ej is a signal processing function, iv. transmitting signal cj on said broadcast channel, v. computing a key signal tij such that
space="preserve" listing-type="equation">m.sub.j =D(A.sub.i, t.sub.ij, c.sub.j),where D is a signal processing function, vi. receiving signals representing index numbers i and j from said key distribution channel, and vii. transmitting signal tij on said key distribution channel, and (e) coupling a plurality of terminals to said broadcast channel, said access number channel, and said key distribution channel, and adapting each terminal for i. receiving signal cj from said broadcast channel, ii. receiving signal Ai from said access number channel, iii. transmitting signals i and j on said key distribution channel, and iv. transforming signal cj into a data object signal m'"'"'j, where
space="preserve" listing-type="equation">m'"'"'.sub.j =D(A.sub.i, t.sub.ij, c.sub.j). - View Dependent Claims (50, 51, 52, 53, 54)
- 51. The method as in claim 49 wherein signal Ai represents an element of a group of signals, and
(a) the signal processing function Ej is - space="preserve" listing-type="equation">E.sub.j (m.sub.j)=ƒ
(B.sub.j m.sub.j)
where ƒ
is a signal processing function, signal Bj represents an element of a group of signals, and(b) the signal processing function D is
space="preserve" listing-type="equation">D(A.sub.i, t.sub.ij, c.sub.j)=ƒ
'"'"'(G o A.sub.i, c.sub.j)where ƒ
'"'"' is a signal processing function, G denotes the tij th power of G in the group of signals, G represents an element of the group of signals and o denotes a group signal processing operation. - space="preserve" listing-type="equation">E.sub.j (m.sub.j)=ƒ
-
-
52. The method as in claim 50 or 51 wherein the group of signals is a subgroup of order q of the multidimensional multiplicative group modulo n where n and q are integers, and hence where signals Ai and Bj represent vectors α
-
i and β
j, and the tij th power of α
i is(ai1t.spsb.ij mod n, . . . , α
imt.spsb.ij mod n), where α
i1, . . . , α
im are the components of α
i and m is the dimension.
-
i and β
-
53. The method as in claim 50 or 51 wherein the signal processing functions ƒ
- and ƒ
'"'"' include bit-wise exclusive-or processing of signals.
- and ƒ
-
54. The method as in claim 49, 50 or 51 wherein
(a) the distribution unit i. transforms signal tij into an encrypted key signal under a key-encryption key signal shorter than signal tij and transmits said encrypted key signal on the access number channel, whereby the distribution unit may predistribute said encrypted key signal, and ii. transmits said key-encryption key signal on the key distribution channel, and (b) the terminal i. receives said encrypted key signal from the access number channel, ii. receives said key-encryption key signal from the key distribution channel, and iii. transforms said encrypted key signal into a key signal t'"'"'ij under said key-encryption key signal.
Specification