Methods and apparatus for selective encryption and decryption of point to multi-point messages

US 6,832,314 B1
Filed: 12/15/1999
Issued: 12/14/2004
Est. Priority Date: 12/15/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method of selective encryption of transmitted messages, comprising the steps of:

determining a group encryption key for an unencrypted message;

generating an error check value for the unencrypted message;

encrypting the unencrypted message using the group encryption key; and

transmitting the encrypted message and the error check value on a channel of a communication network with an associated destination address.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for selectively encrypting and decrypting messages transmitted on a channel of a communication network, such as a broadcast channel, are provided. Group encryption keys are provided for one or more services utilizing the broadcast channel to communicate messages. A message associated with a particular service first receives an error check value, such as a cyclical redundancy check (CRC) value generated from the unencrypted message. The message is then encrypted using the group encryption key for the service and the CRC is added to the encrypted message and transmitted with a broadcast address of the communication network. A receiver then receives the message and determines that the CRC indicates an error (as it is generated from the encrypted message rather than the unencrypted message). The receiver then decrypts the message using the group encryption key for the service (assuming the receiver is authorized to receive the service, i.e., has access to the group encryption key) and generates a CRC from the decrypted message. If this CRC matches the CRC received with the message, the receiver recognizes the message as being associated with the corresponding service and processes the message accordingly. Where multiple services are supported and the receiver has a corresponding plurality of group encryption keys, each encryption key can be tested until a CRC without error is provided thereby indicating the service with which the message is associated.

80 Citations

View as Search Results

44 Claims

1. A method of selective encryption of transmitted messages, comprising the steps of:
- determining a group encryption key for an unencrypted message;
  
  generating an error check value for the unencrypted message;
  
  encrypting the unencrypted message using the group encryption key; and
  
  transmitting the encrypted message and the error check value on a channel of a communication network with an associated destination address.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. A method according to claim 1, wherein the associated destination address is a broadcast address of the communication network and wherein the channel is a broadcast channel of the communication network.
  - 3. A method according to claim 2 wherein the step of determining a group encryption key for a message comprises the step of determining a service associated with the message and selecting a group encryption key associated with the determined service.
  - 4. A method according to claim 2 wherein the step of generating an error check value comprises the step of computing redundancy bits for the message.
  - 5. A method according to claim 4 wherein the step of transmitting further comprises transmitting the encrypted message with the unencrypted redundancy bits appended to the encrypted message.
  - 6. A method according to claim 4 wherein the step of determining a group encryption key is preceded by the step of determining if the unencrypted message is intended for a broadcast group having an associated group encryption key;
    - and
7. A method according to claim 6 further comprising the steps of:
- determining if the unencrypted message is associated with at least one of general broadcast or an individual address;
  
  transmitting the unencrypted message on the broadcast channel of the communication network with the broadcast address of the communication network if the unencrypted message is associated with general broadcast; and
  
  transmitting the unencrypted message on the communication network with the individual address if the unencrypted message is associated with an individual address.
8. A method according to claim 6 further comprising the steps of:
- determining if the unencrypted message is associated with at least one of general broadcast or an individual address;
  
  encrypting the unencrypted message using a general encryption key if the unencrypted message is associated with at least one of general broadcast or an individual address;
  
  generating an error check value based on the encrypted message if the unencrypted message is associated with at least one of general broadcast or an individual address; and
  
  transmitting the encrypted message and the error check value based on the encrypted message on the communication network with the individual address if the unencrypted message is associated with an individual address and with the broadcast address of the communication network if the unencrypted message is associated with general broadcast.
9. A method according to claim 2 further comprising the steps of:
- receiving the encrypted message and added error check value on the broadcast channel of the communication network;
  
  determining if the received message is directed to the broadcast address of the communication network;
  
  generating an error check value for the received message;
  
  determining if the error check value indicates an error;
  
  decrypting the received message using the group encryption key if the received message is directed to a broadcast address of the communication network and the error check value indicates an error;
  
  generating an error check value for the decrypted message; and
  
  assigning the received message to a group associated with the group encryption key if the error check value for the decrypted message indicates no error.
10. A method according to claim 9 wherein the step of determining a group encryption key for an unencrypted message comprises the step of determining one of a plurality of services which is associated with the message and selecting a one of a plurality of group encryption keys which is associated with the determined one of the plurality of services which is associated with the message as the group encryption key for the unencrypted message.
11. A method according to claim 10 further comprising the step of repeating the steps of decrypting, generating an error check value for the decrypted message and assigning the received message to a group using selected ones of the plurality of group encryption keys as the group encryption key until at least one of the error check value for the decrypted message indicates no error and each of the selected ones of the plurality of group encryption keys has been used as the group encryption key.
12. A method according to claim 11 further comprising the steps of:
- receiving a request for one of the plurality of group encryption keys from a user;
  
  associating the user with a service associated with the requested one of the plurality of group encryption keys; and
  
  transmitting the requested one of the plurality of group encryption keys to the user on the broadcast channel of the communication network with an associated individual address of the user.
13. A method according to claim 3 further comprising the steps of:
- receiving a request for the group encryption key from a user;
  
  associating the user with the service associated with the group encryption key; and
  
  transmitting the group encryption key to the user on the broadcast channel of the communication network with an associated individual address of the user.
14. A method according to claim 13 wherein the group encryption key has an associated duration and wherein the step of determining a group encryption key for the unencrypted message further comprises the step of updating a group encryption key for the unencrypted message when a previous group encryption key has exceeded its associated duration.
15. A method according to claim 13 wherein the step of transmitting the group encryption key is followed by the steps of:
- updating the group encryption key; and
  
  transmitting the updated group encryption key to users associated with the service associated with the group encryption key using associated individual addresses of the users associated with the service associated with the group encryption key.
16. A method according to claim 13 further comprising the steps of:
- receiving the transmitted group encryption key;
  
  receiving the encrypted message and added error check value on the broadcast channel of the communication network;
  
  determining if the received message is directed to the broadcast address of the communication network;
  
  generating an error check value for the received message;
  
  determining if the error check value indicates an error;
  
  decrypting the received message using the group encryption key if the received message is directed to a broadcast address of the communication network and the error check value indicates an error;
  
  generating an error check value for the decrypted message; and
  
  assigning the received message to a group associated with the group encryption key if the error check value for the decrypted message indicates no error.

17. A method of selective decryption of transmitted messages, comprising the steps of:
- receiving a message on a channel of a communication network;
  
  determining if the received message is directed to a broadcast address of the communication network;
  
  generating an error check value for the received message;
  
  determining if the error check value indicates an error;
  
  decrypting the received message using a group encryption key if the received message is directed to a broadcast address of the communication network and the error check value for the received message indicates an error;
  
  generating an error check value for the decrypted message; and
  
  assigning the received message to a group associated with the group encryption key if the error check value for the decrypted message indicates no error.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. A method according to claim 17 wherein the step of decrypting the received message is preceded by the steps of:
19. A method according to claim 17 further comprising the step of repeating the steps of decrypting, generating an error check value for the decrypted message and assigning the received message to a group using ones of a plurality of group encryption keys as the group encryption key until at least one of the error check value for the decrypted message indicates no error and each of the ones of the plurality of group encryption keys has been used as the group encryption key.
20. A method according to claim 17 wherein the step of generating an error check value for the decrypted message comprises the steps of:
- computing redundancy bits for the decrypted message; and
  
  comparing the computed redundancy bits to redundancy bits included with the received message to determine if an error is indicated for the decrypted message.
21. A method according to claim 17 wherein the step of generating an error check value for the decrypted message comprises the steps of:
- applying an error correction code to the decrypted message; and
  
  determining that an error is indicated for the decrypted message if any errors remain in the decrypted message after applying the error correction code to the decrypted message.
22. A method according to claim 17 further comprising the steps of:
- determining if the received message is directed to an individual address of a receiver device receiving the message; and
  
  decrypting the received message using a general encryption key different from the group encryption key if the received message is directed to the individual address.
23. A method according to claim 22 further comprising the step of decrypting the received message using the general encryption key if the received message is directed to a broadcast address of the communication network and the error check value for the received message indicates no error.

24. A selective encryption system comprising:
- an encryption circuit that encrypts a message using a group encryption key;
  
  an error check value generation circuit that generates an error check value based on the unencrypted message and adds the error check value to the encrypted message;
  
  a transmitter that transmits the encrypted message with the added error check value on a channel of a communication network; and
  
  an encryption key selection circuit that selects one of a plurality of candidate group encryption keys as the group encryption key based on a service associated with the message.
- View Dependent Claims (25)
- - 25. A system according to claim 24 further comprising:

26. A selective decryption system comprising:
- a receiver that receives a message on a channel of a communication network;
  
  a decryption circuit that decrypts the message using a group encryption key;
  
  an error check value generation circuit that generates an error check value for the received message and the decrypted message;
  
  a comparator circuit responsive to the error check value generation circuit that determines whether an error is indicated for the received message and the decrypted message; and
  
  a selection circuit responsive to the comparator circuit that selects one of the received message or the decrypted message as a message to process.
- View Dependent Claims (27)
- - 27. A system according to claim 26 further comprising:

28. A system for selective encryption of transmitted messages, comprising:
- means for determining a group encryption key for an unencrypted message;
  
  means for generating an error check value for the unencrypted message;
  
  means for encrypting the unencrypted message using the group encryption key;
  
  means for adding the error check value to the encrypted message; and
  
  means for transmitting the encrypted message and added error check value on a channel of a communication network with an associated destination address.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37)
- - 29. A system according to claim 28, wherein the associated destination address is a broadcast address of the communication network and wherein the channel is a broadcast channel of the communication network.
  - 30. A system according to claim 29 wherein the means for determining a group encryption key for a message comprises means for determining a service associated with the message and selecting a group encryption key associated with the determined service.
  - 31. A system according to claim 29 wherein the means for generating an error check value comprises means for computing redundancy bits for the message.
  - 32. A system according to claim 31 further comprising:
33. A system according to claim 31 further comprising:
- means for determining if the unencrypted message is associated with at least one of general broadcast or an individual address;
  
  means for encrypting the unencrypted message using a general encryption key if the unencrypted message is associated with at least one of general broadcast or an individual address;
  
  means for generating an error check value based on the encrypted message if the unencrypted message is associated with at least one of general broadcast or an individual address; and
  
  means for adding the error check value based on the encrypted message to the encrypted message if the unencrypted message is associated with at least one of general broadcast or an individual address; and
  
  means for transmitting the encrypted message and the appended error check value based on the encrypted message on a broadcast channel of a communication network with the individual address if the unencrypted message is associated with an individual address and with the broadcast address of the communication network if the unencrypted message is associated with general broadcast.
34. A system according to claim 30 further comprising:
- means for receiving a request for the group encryption key from a user;
  
  means for associating the user with the service associated with the group encryption key; and
  
  means for transmitting the group encryption key to the user on the broadcast channel of the communication network with an associated individual address of the user.
35. A system according to claim 34 wherein the group encryption key has an associated duration and wherein the means for determining a group encryption key for the unencrypted message further comprises means for updating a group encryption key for the unencrypted message when a previous group encryption key has exceeded its associated duration.
36. A system according to claim 34 further comprising:
- means for updating the group encryption key; and
  
  means for transmitting the updated group encryption key to users associated with the service associated with the group encryption key using associated individual addresses of the users associated with the service associated with the group encryption key.
37. A system according to claim 34 further comprising:
- means for receiving the transmitted group encryption key;
  
  means for receiving the encrypted message and added error check value on the broadcast channel of the communication network;
  
  means for determining if the received message is directed to the broadcast address of the communication network;
  
  means for generating an error check value for the received message;
  
  means for determining if the error check value indicates an error;
  
  means for decrypting the received message using the group encryption key if the received message is directed to a broadcast address of the communication network and the error check value indicates an error;
  
  means for generating an error check value for the decrypted message; and
  
  means for assigning the received message to a group associated with the group encryption key if the error check value for the decrypted message indicates no error.

38. A system for selective decryption of transmitted messages, comprising:
- means for receiving a message on a channel of a communication network;
  
  means for determining if the received message is directed to a broadcast address of the communication network;
  
  means for generating an error check value for the received message;
  
  means for determining if the error check value indicates an error;
  
  means for decrypting the received message using a group encryption key if the received message is directed to a broadcast address of the communication network and the error check value for the received message indicates an error;
  
  means for generating an error check value for the decrypted message; and
  
  means for assigning the received message to a group associated with the group encryption key if the error check value for the decrypted message indicates no error.
- View Dependent Claims (39, 40, 41, 42, 43, 44)
- - 39. A system according to claim 38 further comprising:
40. A system according to claim 38 further comprising means for repeating the steps of decrypting, generating an error check value for the decrypted message and assigning the received message to a group using ones of a plurality of group encryption keys as the group encryption key until at least one of the error check value for the decrypted message indicates no error and each of the ones of the plurality of group encryption keys has been used as the group encryption key.
41. A system according to claim 38 wherein the means for generating an error check value for the decrypted message further comprises:
- means for computing redundancy bits for the decrypted message; and
  
  means for comparing the computed redundancy bits to redundancy bits included with the received message to determine if an error is indicated for the decrypted message.
42. A system according to claim 38 wherein the means for generating an error check value for the decrypted message further comprises:
- means for applying an error correction code to the decrypted message; and
  
  means for determining that an error is indicated for the decrypted message if any errors remain in the decrypted message after applying the error correction code to the decrypted message.
43. A system according to claim 38 further comprising:
- means for determining if the received message is directed to an individual address of a receiver device receiving the message; and
  
  means for decrypting the received message using a general encryption key different from the group encryption key if the received message is directed to the individual address.
44. A system according to claim 43 further comprising means for decrypting the received message using the general encryption key if the received message is directed to a broadcast address of the communication network and the error check value for the received message indicates no error.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ericsson, Inc. (Telefonaktiebolaget LM Ericsson)
Original Assignee
Ericsson, Inc. (Telefonaktiebolaget LM Ericsson)
Inventors
Irvin, David R.
Primary Examiner(s)
Barrón, Gilberto
Assistant Examiner(s)
Nobahar, Abdulhakim

Application Number

US09/464,363
Time in Patent Office

1,826 Days
Field of Search

713/160, 713/162, 713/163, 713/168, 370/342, 370/389, 370/395.64, 370/360, 370/395
US Class Current

713/162
CPC Class Codes

H04L 1/0061   Error detection codes

H04L 63/065   for group communications cr...

H04W 12/037   of the control plane, e.g. ...

H04W 4/12   Messaging; Mailboxes; Annou...

H04W 76/40   for selective distribution ...

Methods and apparatus for selective encryption and decryption of point to multi-point messages

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

80 Citations

44 Claims

Specification

Use Cases

Quick Links

Others

Methods and apparatus for selective encryption and decryption of point to multi-point messages

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

80 Citations

44 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others