Data security scheme for point-to-point communication sessions
First Claim
1. A method for secure point-to-point communication of requested information of an information service from a headend to a specific terminal which is coupled to a shared network, comprising the steps of:
- securely delivering a different session identifier to each of a plurality of terminals coupled to the network including said specific terminal;
encrypting said requested information to be provided to said specific terminal under the session identifier of that terminal;
inserting the encrypted information into designated locations in a signal multiplex;
transmitting the signal multiplex over a portion of said network serving said specific terminal; and
providing an identification signal from said headend for informing said specific terminal of the designated locations of said encrypted information in said signal multiplex and a transmission frequency at which said signal multiplex is carried on said network portion;
wherein;
in response to the receipt of said identification signal, said specific terminal tunes to said transmission frequency to locate said signal multiplex, recovers the encrypted information from said designated locations, and decrypts said information using the terminal'"'"'s session identifier; and
said transmitting of said encrypted information in said signal multiplex is initiated by a request signal which is transmitted from said specific terminal to said headend.
5 Assignments
0 Petitions
Accused Products
Abstract
Secure point-to-point communication of information to specific terminals is provided via a shared network. Far in advance of the establishment of an information session with a particular one of a plurality of terminals, a unique session identifier is securely delivered to the terminal by a highly secure entity. Information to be provided to the terminal is subsequently encrypted under the session identifier of that terminal by an insecure connection manager. The encrypted information is inserted into designated locations in a signal multiplex. The signal multiplex is transmitted over a portion of the network serving the terminal that is to receive the information. The terminal is informed of the designated locations of the encrypted information in the signal multiplex and of a transmission frequency at which the signal multiplex is carried on the network portion. The terminal tunes to the transmission frequency to locate the signal multiplex, recovers the encrypted information from the designated locations in the multiplex, and then decrypts the information using the terminal'"'"'s unique session identifier.
88 Citations
18 Claims
-
1. A method for secure point-to-point communication of requested information of an information service from a headend to a specific terminal which is coupled to a shared network, comprising the steps of:
-
securely delivering a different session identifier to each of a plurality of terminals coupled to the network including said specific terminal; encrypting said requested information to be provided to said specific terminal under the session identifier of that terminal; inserting the encrypted information into designated locations in a signal multiplex; transmitting the signal multiplex over a portion of said network serving said specific terminal; and providing an identification signal from said headend for informing said specific terminal of the designated locations of said encrypted information in said signal multiplex and a transmission frequency at which said signal multiplex is carried on said network portion;
wherein;in response to the receipt of said identification signal, said specific terminal tunes to said transmission frequency to locate said signal multiplex, recovers the encrypted information from said designated locations, and decrypts said information using the terminal'"'"'s session identifier; and said transmitting of said encrypted information in said signal multiplex is initiated by a request signal which is transmitted from said specific terminal to said headend. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A shared communication network for providing secure point-to-point communication of requested information of an information service from a headend to a specific terminal which is coupled to the network, comprising:
-
a plurality of terminals coupled to the network including said specific terminal, each terminal having a unique session identifier stored therein in a secure manner; means for transmitting a request signal from said specific terminal to said headend via said network; an encryption controller which maintains a record of said unique session identifiers in a secure manner; means responsive to said encryption controller for encrypting said requested information to be provided to said specific terminal under the session identifier of than terminal; means for inserting the encrypted information into designated locations in a signal multiplex; means for transmitting the signal multiplex over a portion of said network serving said specific terminal; and means associated with said headend for providing an identification signal to said specific terminal for informing said specific terminal of the designated locations of said encrypted information in said signal multiplex and a transmission frequency at which said signal multiplex is carried on said network portion; said specific terminal including; a frequency agile tuner which tunes to said transmission frequency to locate said signal multiplex in response to said identification signal, means for recovering the encrypted information from said designated locations of said signal multiplex, and means for decrypting the recovered encrypted information using the terminal'"'"'s session identifier; wherein said transmission of said encrypted information in said signal multiplex to said specific terminal is initiated by said request signal. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
-
-
15. A terminal for receiving encrypted requested information of an information service specifically directed thereto from a connection manager at a headend over a shared communication network, comprising:
-
means for securely receiving and storing a session identifier that is unique to the terminal; said encrypted information being encrypted under said session identifier; means for receiving frequency and demultiplexing instructions from said connection manager via said network; a frequency agile receiver responsive to said frequency instructions which tunes to a frequency at which a signal multiplex containing said encrypted information for said terminal is carried on said network; a demultiplexer coupled to receive said encrypted information from said frequency agile receiver, said demultiplexer being responsive to said demultiplexing instructions for retrieving said encrypted information; and decryption means coupled to receive said retrieved encrypted information for decrypting said retrieved encrypted information using said session identifier; wherein transmission of said encrypted information in said signal multiplex is initiated by request data which is transmitted from said terminal to said headend. - View Dependent Claims (16, 17, 18)
-
Specification