Abuse-resistant object distribution system and method

US 5,400,403 A
Filed: 08/16/1993
Issued: 03/21/1995
Est. Priority Date: 08/16/1993
Status: Expired due to Fees

First Claim

Patent Images

1. A data distribution unit including electronic signal processing circuits comprising:

a source of data signals m_j ;

an access indicia generator means providing access indicia signals A_i for selected distribution to potential users over an access channel;

a data encryptor means providing encrypted data signals c_j =E_j (m_j) for broadcast distribution to potential users over a broadcast channel where E_j is a predetermined encryption signal processing function; and

a decryption key generator means coupled to said encryptor means and to said access indicia generator means and providing unique keys data signals t_ij for selected distribution to an authorized user over a key channel such that m_j =D(A_i, t_ij, c_j) where D is a predetermined decryption signal processing function for decrypting data signals encrypted with the predetermined signal processing function E_j.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Encrypted data objects are distributed via a broadcast communication channel or media. Relatively large access indicia may also be pre-distributed to any potential data object users and/or purchasers via an access communication channel or media. Subsequently, when a particular potential user or purchaser wishes to decrypt a given data object, he or she communicates to a data distribution point the identity of the desired data object and the identity of a valid access incidium. A relatively short decryption key is then furnished via a key distribution communication channel or media to permit decryption while at the same time permitting appropriate accounting operations to take place. The system is resistant to abuse in several ways but in part because such abuse would be approximately as difficult as would be re-distribution of the entire decrypted data object itself.

241 Citations

54 Claims

1. A data distribution unit including electronic signal processing circuits comprising:
- a source of data signals m_j ;
  
  an access indicia generator means providing access indicia signals A_i for selected distribution to potential users over an access channel;
  
  a data encryptor means providing encrypted data signals c_j =E_j (m_j) for broadcast distribution to potential users over a broadcast channel where E_j is a predetermined encryption signal processing function; and
  
  a decryption key generator means coupled to said encryptor means and to said access indicia generator means and providing unique keys data signals t_ij for selected distribution to an authorized user over a key channel such that m_j =D(A_i, t_ij, c_j) where D is a predetermined decryption signal processing function for decrypting data signals encrypted with the predetermined signal processing function E_j.
- View Dependent Claims (2, 3, 4, 5, 17, 18, 19, 20, 21)
- - 2. A data distribution unit as in claim 1 further comprising:
    - a storage medium means containing a record of previously used access indicia signal A_i for checking for reuse of such previously used indicia signals.
  - 3. A data distribution unit as in claim 1 wherein each access indicium signal A_i includes a number of characters or bytes that exceeds two hundred.
  - 4. A data distribution unit as in claim 3 wherein each access indicium signal A_i includes a number of characters or bytes that exceeds ten thousand.
  - 5. A data distribution unit as in claim 1, 2, 3, or 4 wherein each key signal t_ij is represented by less than 200 binary bits.
  - 17. Apparatus as in claim 1, 6, 11 or 16 wherein signal A_i represents an element of a group of signals, and(a) the signal processing function E_j is
    
    space="preserve" listing-type="equation">E.sub.j (m.sub.j)=ƒ
    
    (B.sub.j, m.sub.j),
    where ƒ
    
    is a signal processing function and signal B_j represents an element of a group of signals, and(b) the signal processing function D is
    
    space="preserve" listing-type="equation">D(A.sub.i, t.sub.ij, c.sub.j)=ƒ
    
    '"'"'(A.sub.i, c.sub.j),where ƒ
    
    '"'"' is a signal processing function and A_i denotes the t_ij th power of signal A_i in the group of signals.
- 18. Apparatus as in claim 1, 6, 11 or 16 wherein signal A_i represents an element of a group of signals, and(a) the signal processing function E_j is
  
  space="preserve" listing-type="equation">E.sub.j (m.sub.j)=ƒ
  
  (B.sub.j, m.sub.j)
  where ƒ
  
  is a signal processing function and signal B_j represents an element of a group of signals, and(b) the signal processing function D is
  
  space="preserve" listing-type="equation">D(A.sub.i, t.sub.ij, c.sub.j)=ƒ
  
  '"'"'(G o A.sub.i, c.sub.j)where ƒ
  
  '"'"' is a signal processing function, G denotes the t_ij th power of signal G in the group of signals, G represents an element of the group, and o denotes a group signal processing operation.
19. Apparatus as in claim 17 wherein the group of signals is a subgroup of order q of the multidimensional multiplicative group modulo n, where n and q are integers, and hence where signals A_i and B _j represent vectors α
- _i and β
  
  _j and the t_ij th power of α
  
  _i is(α
  
  a_i1^t.spsb.ij mod n, . . . , a_im^t.spsb.ij mod n), where α
  
  _i1, . . . , α
  
  _im are the components of α
  
  _i, and m is the dimension.
20. Apparatus as in claim 17 including means for implementing the signal processing functions ƒ
- and ƒ
  
  '"'"' by bit-wise exclusive-or signal processing functions.
21. Apparatus as in claim 1, 6, 11 or 16 wherein:
- signal t_ij is transformed into an encrypted key signal under a key-encryption key signal shorter than t_ij and transmitted from a distribution unit to a terminal over a communication channel that is different than that used to communicate signal c_j but the same as is used to communicate signal A_i, said key-encryption key signal being communicated on the same communication channel as is signal t_ij.

6. A terminal for receiving broadcast encrypted data signals c_j via a broadcast channel and encrypted by a predetermined encrypting signal processing function E_j (m_j)=c_j and for selectively decrypting such data signals, said terminal comprising:
- means for receiving at least one access indicium signal A_i received via an access channel; and
  
  a decryptor means adapted to receive a unique decryption key signal t_ij based on a selected signal A_i and a selected signal c_j via a key channel and to provide a decryption signal m_j of the selected encrypted data.
- View Dependent Claims (7, 8, 9, 10)
- - 7. A terminal as in claim 6 wherein each access indicium signal A_i includes a number of characters or bytes that exceeds two hundred.
  - 8. A terminal as in claim 7 wherein each access indicium signal A_i includes a number of characters or bytes that exceeds ten thousand.
  - 9. A terminal as in claim 6 wherein each key signal t_ij is represented by less than 200 binary bits.
  - 10. A terminal as in claim 6 wherein said key signal t_ij is accessible to a user of said terminal.

11. A data distribution system comprising:
- a plurality of data signal receiving terminals;
  
  at least one data signal distribution unit coupled to said plurality of data signal receiving terminals by a data signal object broadcast channel providing encrypted data signal objects c_j to each terminal;
  
  an access channel providing a unique access indicium signal A_i to any terminal desiring access to said data signal objects; and
  
  a key signal distribution channel for providing a unique decryption key signal t_ij to any requesting terminal from a distribution unit corresponding to supplied indicium signal A_i and a selected encrypted data signal object c_j and for decrypting signal c_j.
- View Dependent Claims (12, 13, 14, 15)
- - 12. A data distribution system as in claim 11 further comprising:
    - data signal storage means maintaining a record of previously used A_i for checking for reuse of such A_i.
  - 13. A data distribution system as in claim 11 wherein each access indicium signal A_i includes a number of characters or bytes that exceeds two hundred.
  - 14. A data distribution system as in claim 13 wherein each access indicium signal A_i includes a number of characters or bytes that exceeds ten thousand.
  - 15. A data distribution system as in claim 11 wherein each key signal t_ij is represented by less than 200 binary bits.

16. A data distribution system comprising:
- a source of data signals m_j ;
  
  an access indicia generator providing access indicia signals A_i ;
  
  a data encryptor providing encrypted data signals c_j =E_j (m_j) where E_j is a predetermined encryption signal processing function; and
  
  a decryption key generator coupled to said encryptor and to said access indicia generator and providing unique key signals t_ij such that data signals m_j =D(A_i, t_ij, c_j) where D is a predetermined decryption signal processing function for decrypting data encrypted with the predetermined signal processing function E_j ;
  
  a plurality of terminals coupled to receive said data signals c_j ; and
  
  each said terminal including a decryptor means adapted to receive a decryption key signal t_ij based on a supplied signal A_i and a selected signal c_j and to provide a decryption signal m'"'"'_j of the selected encrypted data.

22. A data object distribution system, comprising(a) a broadcast channel for transmitting identical encrypted signals representing data objects from a distribution unit to a plurality of terminals;
- (b) an access number channel for transmitting a unique access number signal from said distribution unit to any one of said terminals,(c) a key distribution channel for transmitting signals representing indexes of an encrypted data object signal and of an access number signal from any one of said terminals to said distribution unit and for transmitting a key signal from the distribution unit to said one terminal which, in combination with the access number signal enables access to the data object,
  (d) a distribution unit means coupled to said broadcast channel, said access number channel, and said key distribution channel, and adapted fori. generating an access number signal A_i, where i is the index of the access number signal,ii. transmitting signal A_i on said access number channel,
  iii. transforming a data object signal m_j into an encrypted data object signal c_j, where j is the index of the data object signal,
  space="preserve" listing-type="equation">c.sub.j =E.sub.j (m.sub.j),
  and E_j is a signal processing function,iv. transmitting signal c_j on said broadcast channel,
  v. computing a key signal t_ij such that
  space="preserve" listing-type="equation">m.sub.j =D(A.sub.i, t.sub.ij, c.sub.j),
  where D is a signal processing function,vi. receiving signals representing index numbers i and j from said key distribution channel, andvii. transmitting signal t_ij on said key distribution channel, and
  (e) a plurality of terminal means, each terminal means being coupled to said broadcast channel, said access number channel, and said key distribution channel, and adapted fori. receiving signal c_j from said broadcast channel,ii. receiving signal A_i from said access number channel,iii. transmitting signals representing i and j on said key distribution channel, and
  iv. transforming signal c_j into a data object signal m'"'"'_j, where
  space="preserve" listing-type="equation">m'"'"'.sub.j =D(A.sub.i, t.sub.ij, c.sub.j).
- View Dependent Claims (23, 24, 25, 26, 27)
- - 23. The system as in claim 22 wherein signal A_i represents an element of a group of signals,(a) the signal processing function E_j is
    
    space="preserve" listing-type="equation">E.sub.j (m.sub.j)=ƒ
    
    (B.sub.j, m.sub.j),
    where ƒ
    
    is a signal processing function and signal B_j represents an elements of a groups of signals, and(b) the signal processing function D is
    
    space="preserve" listing-type="equation">D(A.sub.i, t.sub.ij, c.sub.j)=ƒ
    
    '"'"'(A.sub.i, c.sub.j),where ƒ
    
    '"'"' is a signal processing function and A_i denotes the t_ij th the power of signal A_i in the group of signals.
- 24. The system as in claim 22 wherein signal A_i represents an element of a group of signals, and(a) the signal processing function E_j is
  
  space="preserve" listing-type="equation">E.sub.j (m.sub.j)=ƒ
  
  (B.sub.j, m.sub.j)
  where ƒ
  
  is a signal processing function signal B_j represents an element of a group of signal, and(b) the signal processing function D is
  
  space="preserve" listing-type="equation">D(A.sub.i, t.sub.ij, c.sub.j)=ƒ
  
  '"'"'(G o A.sub.i, c.sub.j)where ƒ
  
  '"'"' is a signal processing function, G denotes the t_ij th power of signal G in the group of signals, G represents an element of the group of signals, and o denotes a group signal processing operation.
25. The system as in claim 23 or 24 wherein the group of signals is a subgroup of order q of the multidimensional multiplicative group modulo n where n and q are integers, and hence where signals A_i and B_j represent vectors α
- _i and β
  
  _j, and the t_ij th power of α
  
  _i is(α
  
  _i1^t.spsb.ij mod n, . . . , α
  
  _im^t.spsb.ij mod n), where α
  
  _i1, . . . , α
  
  _im are the components of α
  
  _i and m is the dimension.
26. The system as in claim 23 or 24 including means for implementing the signal processing functions ƒ
- and ƒ
  
  '"'"' by bit-wise exclusive-or signal processing functions.
27. The system as in claim 22, 23, or 24 wherein(a) the distribution unit means is further adapted fori. transforming signal t_ij into an encrypted key signal under a key-encryption key signal shorter than signal t_ij and transmitting said encrypted key signal on the access number channel, whereby the distribution unit may predistribute said encrypted key signal, andii. transmitting said key-encryption key signal on the key distribution channel, and(b) the terminal means is further adapted fori. receiving said encrypted key signal from the access number channel,ii. receiving said key-encryption key signal from the key distribution channel, andiii. transforming said encrypted key signal into a key signal t'"'"'_ij under said key-encryption key signal.

28. A data distribution method comprising:
- providing a source of data signals m_j ;
  
  providing access indicia signals A_i for selected distribution to potential users over an access channel;
  
  providing encrypted data signals c_j =E_j (m_j) for broadcast distribution to potential users over a broadcast channel where E_j is a predetermined encryption signal processing function; and
  
  providing unique key data signals t_ij for selected distribution to an authorized user over a key channel such that m_j =D(A_i, t_ij, c_j) where D is a predetermined decryption signal processing function for decrypting data encrypted with the predetermined signal processing function E_j.
- View Dependent Claims (29, 30, 31, 32, 44, 45, 46, 47, 48)
- - 29. A data distribution method as in claim 28 further comprising:
    - recording previously used access indicia signals A_i in a storage medium for checking for reuse of such previously used indicia signals.
  - 30. A data distribution method as in claim 28 wherein each access indicium signal A_i includes a number of characters or bytes that exceeds two hundred.
  - 31. A data distribution method as in claim 30 wherein each access indicium signal A_i includes a number of characters or bytes that exceeds ten thousand.
  - 32. A data distribution method as in claims 28, 29, 30 or 31 wherein each key signal t_ij is represented by less than 200 binary bits.
  - 44. Method as in claim 28, 33, 38 or 43 where signal A_i represents an element of a group of signals, and(a) the signal processing function E_j is
    
    space="preserve" listing-type="equation">E.sub.j (m.sub.j)=ƒ
    
    (B.sub.j, m.sub.j),
    where ƒ
    
    is a signal processing function and B_j represents an element of a group of signals, and(b) the signal processing function D is
    
    space="preserve" listing-type="equation">D(A.sub.i, t.sub.ij, c.sub.j)=ƒ
    
    '"'"'(A.sub.i, c.sub.j),where ƒ
    
    40 is a signal processing function and A_i denotes the t_ij th power of signal A_i in the group of signals.
- 45. Method as in claim 28, 33, 38 or 43 wherein A_i represents an element of a group of signals, and(a) the signal processing function E_j is
  
  space="preserve" listing-type="equation">E.sub.j (m.sub.j)=ƒ
  
  (B.sub.j, m.sub.j)
  where ƒ
  
  is a signal processing function B_j represents an element of a group of signals, and(b) the signal processing function D is
  
  space="preserve" listing-type="equation">D(A.sub.i, t.sub.ij, c.sub.j)=ƒ
  
  '"'"'(G o A.sub.i, c.sub.j)where ƒ
  
  '"'"' is a signal processing function, G denotes the t_ij th power of G in the group of signals, G represents an element of the group of signals, and o denotes a group signal processing operation.
46. Method as in claim 44 wherein the group of signals is a subgroup of order q of the multidimensional multiplicative group modulo n, where n and q are integers, and hence where signals A_i and B_j represent vectors α
- _i and β
  
  _j and the t_ij th power of α
  
  _i is(α
  
  _i1^t.spsb.ij mod n, . . . , α
  
  _im^t.spsb.ij mod n), where α
  
  _i1 . . . , α
  
  _im are the components of α
  
  _i, and m is the dimension.
47. Method as in claim 44 wherein the signal processing functions ƒ
- and ƒ
  
  '"'"' include bit-wise exclusive-or processing of signals.
48. Method as in claim 28, 33, 38 or 43 wherein:
- signal t_ij is transformed into an encrypted key signal under a key-encryption key signal shorter than signal t_ij and transmitted from a distribution unit to a terminal over a communication channel that is different than that used to communicate signal c_j but the same as is used to communicate signal A_i, said key-encryption key being communicated on the same communication channel as is signal t_ij.

33. A method for receiving broadcast encrypted data signals c_j via a broadcast channel and encrypted by a predetermined encrypting signal processing function E_j (m_j)=c_j and for selectively decrypting such data, said method comprising:
- providing at least one access indicium signal A_i received via an access channel; and
  
  receiving a unique decryption key signal t_ij based on a selected signal A_i and a selected signal c_j via a key channel and providing a decryption signal m_j of the selected encrypted data.
- View Dependent Claims (34, 35, 36, 37)
- - 34. A method as in claim 33 wherein each access indicium signal A_i includes a number of characters or bytes that exceeds two hundred.
  - 35. A method as in claim 33 wherein each access indicium signal A_i includes a number of characters or bytes that exceeds ten thousand.
  - 36. A method as in claim 33 wherein each key signal t_ij is represented by less than 200 binary bits.
  - 37. A method as in claim 34 wherein said key signal t_ij is accessible to a user of said terminal.

38. A data distribution method comprising:
- providing a plurality of data receiving terminals;
  
  providing encrypted signals representing data objects c_j to each terminal via a data object broadcast channel;
  
  providing a unique access indicium signal A_i to any terminal desiring access to said data objects via an access channel; and
  
  providing a unique decryption key signal t_ij via a key distribution channel to any requesting terminal corresponding to a supplied indicium signal A_i and a selected encrypted data object signal c_j and for decrypting signal c_j.
- View Dependent Claims (39, 40, 41, 42)
- - 39. A data distribution method as in claim 38 further comprising:
    - maintaining a record of previously used signal A_i for checking for reuse of such signals A_i.
  - 40. A data distribution method as in claim 38 wherein each access indicium signal A_i includes a number of characters or bytes that exceeds two hundred.
  - 41. A data distribution method as in claim 40 wherein each access indicium signal A_i includes a number of characters or bytes that exceeds ten thousand.
  - 42. A data distribution method as in claim 38 wherein each key signal t_ij is represented by less than 200 binary bits.

43. A data distribution method comprising:
- providing a source of data signal m_j ;
  
  providing access indicia signal A_i ;
  
  providing encrypted data signal c_j =E_j (m_j) where E_j is a predetermined encryption signal processing function; and
  
  providing unique key signals t_ij such that m_j =D(A_i, t_ij, c_j) where D is a predetermined decryption signal processing function for decrypting data encrypted with the predetermined signal processing function E_j ;
  
  providing a plurality of terminals coupled to receive said signal c_j ; and
  
  providing a decryptor in each terminal adapted to receive a decryption key signal t_ij based on a supplied signal A_i and a selected signal c_j and to provide a decryption signal m'"'"'_j of the selected encrypted data.

49. A data object distribution method, comprising(a) transmitting identical encrypted signals representing data objects from a distribution unit via a broadcast channel to a plurality of terminals;
- (b) transmitting a unique access number signal from said distribution unit to any one of said terminals via an access number channel,(c) transmitting index signals of an encrypted data object and of an access number signal from any one of said terminals to said distribution unit via a key distribution channel and transmitting a key signal from the distribution unit to said one terminal which, in combination with the access number signal enables access to the data object signal,
  (d) coupling a distribution unit to said broadcast channel, said access number channel, and said key distribution channel, and adapting the distribution unit fori. generating an acess number signal A_i, where signal i is the index of the access number signal,ii. transmitting signal A_i on said access number channel,
  iii. transforming a data object signal m_j into an encrypted data object signal c_j, where signal j is the index of the data object signal,
  space="preserve" listing-type="equation">c.sub.j =E.sub.j (m.sub.j),
  and E_j is a signal processing function,iv. transmitting signal c_j on said broadcast channel,
  v. computing a key signal t_ij such that
  space="preserve" listing-type="equation">m.sub.j =D(A.sub.i, t.sub.ij, c.sub.j),
  where D is a signal processing function,vi. receiving signals representing index numbers i and j from said key distribution channel, andvii. transmitting signal t_ij on said key distribution channel, and
  (e) coupling a plurality of terminals to said broadcast channel, said access number channel, and said key distribution channel, and adapting each terminal fori. receiving signal c_j from said broadcast channel,ii. receiving signal A_i from said access number channel,iii. transmitting signals i and j on said key distribution channel, and
  iv. transforming signal c_j into a data object signal m'"'"'_j, where
  space="preserve" listing-type="equation">m'"'"'.sub.j =D(A.sub.i, t.sub.ij, c.sub.j).
- View Dependent Claims (50, 51, 52, 53, 54)
- - 50. The method as in claim 49 wherein signal A_i represents an element of a group of signals,(a) the signal processing function E_j is
    
    space="preserve" listing-type="equation">E.sub.j (m.sub.j)=ƒ
    
    (B.sub.j, m.sub.j),
    where ƒ
    
    is a signal processing function and B_j represents an element of a group of signals, and(b) the signal processing function D is
    
    space="preserve" listing-type="equation">D(A.sub.i,t.sub.ij, c.sub.j)=ƒ
    
    '"'"'(A.sub.i, c.sub.j),where ƒ
    
    '"'"' is a signal processing function and A_i denotes the t_ij th power of signal A_i in the group of signals.
- 51. The method as in claim 49 wherein signal A_i represents an element of a group of signals, and(a) the signal processing function E_j is
  
  space="preserve" listing-type="equation">E.sub.j (m.sub.j)=ƒ
  
  (B.sub.j m.sub.j)
  where ƒ
  
  is a signal processing function, signal B_j represents an element of a group of signals, and(b) the signal processing function D is
  
  space="preserve" listing-type="equation">D(A.sub.i, t.sub.ij, c.sub.j)=ƒ
  
  '"'"'(G o A.sub.i, c.sub.j)where ƒ
  
  '"'"' is a signal processing function, G denotes the t_ij th power of G in the group of signals, G represents an element of the group of signals and o denotes a group signal processing operation.
52. The method as in claim 50 or 51 wherein the group of signals is a subgroup of order q of the multidimensional multiplicative group modulo n where n and q are integers, and hence where signals A_i and B_j represent vectors α
- _i and β
  
  _j, and the t_ij th power of α
  
  _i is(a_i1^t.spsb.ij mod n, . . . , α
  
  _im^t.spsb.ij mod n), where α
  
  _i1, . . . , α
  
  _im are the components of α
  
  _i and m is the dimension.
53. The method as in claim 50 or 51 wherein the signal processing functions ƒ
- and ƒ
  
  '"'"' include bit-wise exclusive-or processing of signals.
54. The method as in claim 49, 50 or 51 wherein(a) the distribution uniti. transforms signal t_ij into an encrypted key signal under a key-encryption key signal shorter than signal t_ij and transmits said encrypted key signal on the access number channel, whereby the distribution unit may predistribute said encrypted key signal, andii. transmits said key-encryption key signal on the key distribution channel, and(b) the terminali. receives said encrypted key signal from the access number channel,ii. receives said key-encryption key signal from the key distribution channel, andiii. transforms said encrypted key signal into a key signal t'"'"'_ij under said key-encryption key signal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RSA Security Incorporated (Symphony Technology Group LLC)
Original Assignee
RSA Data Security, Inc. (Symphony Technology Group LLC)
Inventors
Fahn, Paul N., Robshaw, Matthew J. B., Kaliski, Burton S. Jr.
Primary Examiner(s)
CANGIALOSI, SALVATORE A

Application Number

US08/106,979
Time in Patent Office

582 Days
Field of Search

380/21, 380/30, 380/4, 380/25
US Class Current

705/51
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G07F 17/16   for devices exhibiting adve...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/601   Broadcast encryption

H04L 9/0827   involving distinctive inter...

H04L 9/083   involving central third par...

Abuse-resistant object distribution system and method

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

241 Citations

54 Claims

Specification

Solutions

Use Cases

Quick Links

Abuse-resistant object distribution system and method

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

241 Citations

54 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links