Data security scheme for point-to-point communication sessions

US 5,627,892 A
Filed: 04/19/1995
Issued: 05/06/1997
Est. Priority Date: 04/19/1995
Status: Expired due to Term

First Claim

Patent Images

1. A method for secure point-to-point communication of requested information of an information service from a headend to a specific terminal which is coupled to a shared network, comprising the steps of:

securely delivering a different session identifier to each of a plurality of terminals coupled to the network including said specific terminal;

encrypting said requested information to be provided to said specific terminal under the session identifier of that terminal;

inserting the encrypted information into designated locations in a signal multiplex;

transmitting the signal multiplex over a portion of said network serving said specific terminal; and

providing an identification signal from said headend for informing said specific terminal of the designated locations of said encrypted information in said signal multiplex and a transmission frequency at which said signal multiplex is carried on said network portion;

wherein;

in response to the receipt of said identification signal, said specific terminal tunes to said transmission frequency to locate said signal multiplex, recovers the encrypted information from said designated locations, and decrypts said information using the terminal'"'"'s session identifier; and

said transmitting of said encrypted information in said signal multiplex is initiated by a request signal which is transmitted from said specific terminal to said headend.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Secure point-to-point communication of information to specific terminals is provided via a shared network. Far in advance of the establishment of an information session with a particular one of a plurality of terminals, a unique session identifier is securely delivered to the terminal by a highly secure entity. Information to be provided to the terminal is subsequently encrypted under the session identifier of that terminal by an insecure connection manager. The encrypted information is inserted into designated locations in a signal multiplex. The signal multiplex is transmitted over a portion of the network serving the terminal that is to receive the information. The terminal is informed of the designated locations of the encrypted information in the signal multiplex and of a transmission frequency at which the signal multiplex is carried on the network portion. The terminal tunes to the transmission frequency to locate the signal multiplex, recovers the encrypted information from the designated locations in the multiplex, and then decrypts the information using the terminal'"'"'s unique session identifier.

88 Citations

View as Search Results

18 Claims

1. A method for secure point-to-point communication of requested information of an information service from a headend to a specific terminal which is coupled to a shared network, comprising the steps of:
- securely delivering a different session identifier to each of a plurality of terminals coupled to the network including said specific terminal;
  
  encrypting said requested information to be provided to said specific terminal under the session identifier of that terminal;
  
  inserting the encrypted information into designated locations in a signal multiplex;
  
  transmitting the signal multiplex over a portion of said network serving said specific terminal; and
  
  providing an identification signal from said headend for informing said specific terminal of the designated locations of said encrypted information in said signal multiplex and a transmission frequency at which said signal multiplex is carried on said network portion;
  
  wherein;
  
  in response to the receipt of said identification signal, said specific terminal tunes to said transmission frequency to locate said signal multiplex, recovers the encrypted information from said designated locations, and decrypts said information using the terminal'"'"'s session identifier; and
  
  said transmitting of said encrypted information in said signal multiplex is initiated by a request signal which is transmitted from said specific terminal to said headend.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A method in accordance with claim 1 comprising the further steps of:
    - providing a common key to each of said plurality of terminals; and
      
      encrypting said requested information under said common key as well as under the session identifier of said specific terminal;
      
      whereby said specific terminal decrypts said information using its session identifier and the common key.
  - 3. A method in accordance with claim 2 wherein said specific terminal is instructed during said informing step to immediately tune to said transmission frequency to locate and decrypt said encrypted information.
  - 4. A method in accordance with claim 1 wherein a unique terminal address is used to direct specific instructions to said specific terminal.
  - 5. A method in accordance with claim 1 wherein an initial session identifier is delivered to each of said terminals during installation of the respective terminal at an end user location.
  - 6. A method in accordance with claim 1, wherein said request signal is initiated by a user who desires to receive said requested information via said specific terminal.

7. A shared communication network for providing secure point-to-point communication of requested information of an information service from a headend to a specific terminal which is coupled to the network, comprising:
- a plurality of terminals coupled to the network including said specific terminal, each terminal having a unique session identifier stored therein in a secure manner;
  
  means for transmitting a request signal from said specific terminal to said headend via said network;
  
  an encryption controller which maintains a record of said unique session identifiers in a secure manner;
  
  means responsive to said encryption controller for encrypting said requested information to be provided to said specific terminal under the session identifier of than terminal;
  
  means for inserting the encrypted information into designated locations in a signal multiplex;
  
  means for transmitting the signal multiplex over a portion of said network serving said specific terminal; and
  
  means associated with said headend for providing an identification signal to said specific terminal for informing said specific terminal of the designated locations of said encrypted information in said signal multiplex and a transmission frequency at which said signal multiplex is carried on said network portion;
  
  said specific terminal including;
  
  a frequency agile tuner which tunes to said transmission frequency to locate said signal multiplex in response to said identification signal,means for recovering the encrypted information from said designated locations of said signal multiplex, andmeans for decrypting the recovered encrypted information using the terminal'"'"'s session identifier;
  
  wherein said transmission of said encrypted information in said signal multiplex to said specific terminal is initiated by said request signal.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. Apparatus in accordance with claim 7 wherein:
    - said encryption controller provides a common key to said encrypting means and to each of said plurality of terminals; and
      
      said encrypting means encrypts said requested information under said common key as well as under the session identifier of said specific terminal, and said specific terminal decrypts said information using its session identifier and the common key.
  - 9. Apparatus in accordance with claim 8 wherein said terminals are responsive to unique terminal addresses for receiving instructions directed thereto from said informing means.
  - 10. Apparatus in accordance with claim 8 wherein said encryption controller is separate from said encrypting means and is configured to have a higher level of security than that of said encryption means, and securely maintains a unique unit key for each of said terminals, said unit keys being used by the encryption controller to securely communicate the session identifiers to their respective terminals.
  - 11. Apparatus in accordance with claim 7 further comprising:
    - a connection manager for initiating said point-to-point communication of said requested information, said connection manager being responsive to said encryption controller;
      
      a plurality of information servers; and
      
      a switch for selectively combining information from said servers into said multiplex;
      
      wherein said information servers and said switch are responsive to said connection manager for providing said point-to-point communication of said requested information.
  - 12. Apparatus in accordance with claim 11 further comprising:
    - a plurality of switches coupled to said plurality of information servers for selectively combining information from said servers into a plurality of multiplexes for transmission on different portions of said network;
      
      wherein said plurality of switches are responsive to said connection manager for providing said point-to-point communication of said requested information.
  - 13. Apparatus in accordance with claim 7 wherein the session identifier for each terminal is loaded into the terminal encrypted under a unit key unique to that terminal, said unit key being securely maintained by said encryption controller in a region that is separate from said encrypting means;
    - said encryption controller being configured to have a higher level of security than that of said encrypting means.
  - 14. Apparatus in accordance with claim 7, wherein said request signal is initiated by a user who desires to receive said requested information via said specific terminal.

15. A terminal for receiving encrypted requested information of an information service specifically directed thereto from a connection manager at a headend over a shared communication network, comprising:
- means for securely receiving and storing a session identifier that is unique to the terminal;
  
  said encrypted information being encrypted under said session identifier;
  
  means for receiving frequency and demultiplexing instructions from said connection manager via said network;
  
  a frequency agile receiver responsive to said frequency instructions which tunes to a frequency at which a signal multiplex containing said encrypted information for said terminal is carried on said network;
  
  a demultiplexer coupled to receive said encrypted information from said frequency agile receiver, said demultiplexer being responsive to said demultiplexing instructions for retrieving said encrypted information; and
  
  decryption means coupled to receive said retrieved encrypted information for decrypting said retrieved encrypted information using said session identifier;
  
  wherein transmission of said encrypted information in said signal multiplex is initiated by request data which is transmitted from said terminal to said headend.
- View Dependent Claims (16, 17, 18)
- - 16. A terminal in accordance with claim 15, further comprising:
    - means for receiving and storing a common key;
      
      said encrypted requested information being encrypted under said common key;
      
      wherein said decryption means decrypts said encrypted information using said common key and said session identifier.
  - 17. A terminal in accordance with claim 15 wherein said session identifier is encrypted under a unit key that is unique to said terminal.
  - 18. A terminal in accordance with claim 15, further comprising:
    - means for transmitting said request data from the terminal to said headend over said communication network; and
      
      means for encrypting said request data under said session identifier prior to said transmitting to said headend;
      
      wherein said headend initiates delivery of said signal multiplex to said terminal in response to the receipt of said request data at said headend.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google Technology Holdings LLC (Alphabet Inc.)
Original Assignee
General Instrument Corporation (CommScope Holding Company, Inc.)
Inventors
Kauffman, Marc W.
Primary Examiner(s)
Tarcza, Thomas H.
Assistant Examiner(s)
Laufer, Pinchus M.

Application Number

US08/420,710
Time in Patent Office

748 Days
Field of Search

380/21, 380/49, 380/7, 380/20, 380/10, 380/13, 370/92, 370/94.2
US Class Current

380/212
CPC Class Codes

H04N 7/165 Centralised control of user...

Data security scheme for point-to-point communication sessions

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

88 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Data security scheme for point-to-point communication sessions

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

88 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links