Methods and apparatus for selective encryption and decryption of point to multi-point messages
First Claim
1. A method of selective encryption of transmitted messages, comprising the steps of:
- determining a group encryption key for an unencrypted message;
generating an error check value for the unencrypted message;
encrypting the unencrypted message using the group encryption key; and
transmitting the encrypted message and the error check value on a channel of a communication network with an associated destination address.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems for selectively encrypting and decrypting messages transmitted on a channel of a communication network, such as a broadcast channel, are provided. Group encryption keys are provided for one or more services utilizing the broadcast channel to communicate messages. A message associated with a particular service first receives an error check value, such as a cyclical redundancy check (CRC) value generated from the unencrypted message. The message is then encrypted using the group encryption key for the service and the CRC is added to the encrypted message and transmitted with a broadcast address of the communication network. A receiver then receives the message and determines that the CRC indicates an error (as it is generated from the encrypted message rather than the unencrypted message). The receiver then decrypts the message using the group encryption key for the service (assuming the receiver is authorized to receive the service, i.e., has access to the group encryption key) and generates a CRC from the decrypted message. If this CRC matches the CRC received with the message, the receiver recognizes the message as being associated with the corresponding service and processes the message accordingly. Where multiple services are supported and the receiver has a corresponding plurality of group encryption keys, each encryption key can be tested until a CRC without error is provided thereby indicating the service with which the message is associated.
80 Citations
44 Claims
-
1. A method of selective encryption of transmitted messages, comprising the steps of:
-
determining a group encryption key for an unencrypted message;
generating an error check value for the unencrypted message;
encrypting the unencrypted message using the group encryption key; and
transmitting the encrypted message and the error check value on a channel of a communication network with an associated destination address. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
wherein the steps of determining a group encryption key, generating an error check value, encrypting the unencrypted message and transmitting the encrypted message are not performed if the unencrypted message is not intended for a broadcast group having an associated group encryption key.
-
-
7. A method according to claim 6 further comprising the steps of:
-
determining if the unencrypted message is associated with at least one of general broadcast or an individual address;
transmitting the unencrypted message on the broadcast channel of the communication network with the broadcast address of the communication network if the unencrypted message is associated with general broadcast; and
transmitting the unencrypted message on the communication network with the individual address if the unencrypted message is associated with an individual address.
-
-
8. A method according to claim 6 further comprising the steps of:
-
determining if the unencrypted message is associated with at least one of general broadcast or an individual address;
encrypting the unencrypted message using a general encryption key if the unencrypted message is associated with at least one of general broadcast or an individual address;
generating an error check value based on the encrypted message if the unencrypted message is associated with at least one of general broadcast or an individual address; and
transmitting the encrypted message and the error check value based on the encrypted message on the communication network with the individual address if the unencrypted message is associated with an individual address and with the broadcast address of the communication network if the unencrypted message is associated with general broadcast.
-
-
9. A method according to claim 2 further comprising the steps of:
-
receiving the encrypted message and added error check value on the broadcast channel of the communication network;
determining if the received message is directed to the broadcast address of the communication network;
generating an error check value for the received message;
determining if the error check value indicates an error;
decrypting the received message using the group encryption key if the received message is directed to a broadcast address of the communication network and the error check value indicates an error;
generating an error check value for the decrypted message; and
assigning the received message to a group associated with the group encryption key if the error check value for the decrypted message indicates no error.
-
-
10. A method according to claim 9 wherein the step of determining a group encryption key for an unencrypted message comprises the step of determining one of a plurality of services which is associated with the message and selecting a one of a plurality of group encryption keys which is associated with the determined one of the plurality of services which is associated with the message as the group encryption key for the unencrypted message.
-
11. A method according to claim 10 further comprising the step of repeating the steps of decrypting, generating an error check value for the decrypted message and assigning the received message to a group using selected ones of the plurality of group encryption keys as the group encryption key until at least one of the error check value for the decrypted message indicates no error and each of the selected ones of the plurality of group encryption keys has been used as the group encryption key.
-
12. A method according to claim 11 further comprising the steps of:
-
receiving a request for one of the plurality of group encryption keys from a user;
associating the user with a service associated with the requested one of the plurality of group encryption keys; and
transmitting the requested one of the plurality of group encryption keys to the user on the broadcast channel of the communication network with an associated individual address of the user.
-
-
13. A method according to claim 3 further comprising the steps of:
-
receiving a request for the group encryption key from a user;
associating the user with the service associated with the group encryption key; and
transmitting the group encryption key to the user on the broadcast channel of the communication network with an associated individual address of the user.
-
-
14. A method according to claim 13 wherein the group encryption key has an associated duration and wherein the step of determining a group encryption key for the unencrypted message further comprises the step of updating a group encryption key for the unencrypted message when a previous group encryption key has exceeded its associated duration.
-
15. A method according to claim 13 wherein the step of transmitting the group encryption key is followed by the steps of:
-
updating the group encryption key; and
transmitting the updated group encryption key to users associated with the service associated with the group encryption key using associated individual addresses of the users associated with the service associated with the group encryption key.
-
-
16. A method according to claim 13 further comprising the steps of:
-
receiving the transmitted group encryption key;
receiving the encrypted message and added error check value on the broadcast channel of the communication network;
determining if the received message is directed to the broadcast address of the communication network;
generating an error check value for the received message;
determining if the error check value indicates an error;
decrypting the received message using the group encryption key if the received message is directed to a broadcast address of the communication network and the error check value indicates an error;
generating an error check value for the decrypted message; and
assigning the received message to a group associated with the group encryption key if the error check value for the decrypted message indicates no error.
-
-
17. A method of selective decryption of transmitted messages, comprising the steps of:
-
receiving a message on a channel of a communication network;
determining if the received message is directed to a broadcast address of the communication network;
generating an error check value for the received message;
determining if the error check value indicates an error;
decrypting the received message using a group encryption key if the received message is directed to a broadcast address of the communication network and the error check value for the received message indicates an error;
generating an error check value for the decrypted message; and
assigning the received message to a group associated with the group encryption key if the error check value for the decrypted message indicates no error. - View Dependent Claims (18, 19, 20, 21, 22, 23)
transmitting a request for the group encryption key; and
receiving the group encryption key on the channel of the communication network.
-
-
19. A method according to claim 17 further comprising the step of repeating the steps of decrypting, generating an error check value for the decrypted message and assigning the received message to a group using ones of a plurality of group encryption keys as the group encryption key until at least one of the error check value for the decrypted message indicates no error and each of the ones of the plurality of group encryption keys has been used as the group encryption key.
-
20. A method according to claim 17 wherein the step of generating an error check value for the decrypted message comprises the steps of:
-
computing redundancy bits for the decrypted message; and
comparing the computed redundancy bits to redundancy bits included with the received message to determine if an error is indicated for the decrypted message.
-
-
21. A method according to claim 17 wherein the step of generating an error check value for the decrypted message comprises the steps of:
-
applying an error correction code to the decrypted message; and
determining that an error is indicated for the decrypted message if any errors remain in the decrypted message after applying the error correction code to the decrypted message.
-
-
22. A method according to claim 17 further comprising the steps of:
-
determining if the received message is directed to an individual address of a receiver device receiving the message; and
decrypting the received message using a general encryption key different from the group encryption key if the received message is directed to the individual address.
-
-
23. A method according to claim 22 further comprising the step of decrypting the received message using the general encryption key if the received message is directed to a broadcast address of the communication network and the error check value for the received message indicates no error.
-
24. A selective encryption system comprising:
-
an encryption circuit that encrypts a message using a group encryption key;
an error check value generation circuit that generates an error check value based on the unencrypted message and adds the error check value to the encrypted message;
a transmitter that transmits the encrypted message with the added error check value on a channel of a communication network; and
an encryption key selection circuit that selects one of a plurality of candidate group encryption keys as the group encryption key based on a service associated with the message. - View Dependent Claims (25)
a receiver that receives requests for the group encryption key; and
wherein the transmitter is configured to transmit the group encryption key with an individual address of a requesting device responsive to receiving a request for the group encryption key; and
wherein the transmitter transmits the encrypted message with a broadcast address of the communication network.
-
-
26. A selective decryption system comprising:
-
a receiver that receives a message on a channel of a communication network;
a decryption circuit that decrypts the message using a group encryption key;
an error check value generation circuit that generates an error check value for the received message and the decrypted message;
a comparator circuit responsive to the error check value generation circuit that determines whether an error is indicated for the received message and the decrypted message; and
a selection circuit responsive to the comparator circuit that selects one of the received message or the decrypted message as a message to process. - View Dependent Claims (27)
a transmitter that transmits a request for the group encryption key; and
wherein the receiver is configured to receive the group encryption key.
-
-
28. A system for selective encryption of transmitted messages, comprising:
-
means for determining a group encryption key for an unencrypted message;
means for generating an error check value for the unencrypted message;
means for encrypting the unencrypted message using the group encryption key;
means for adding the error check value to the encrypted message; and
means for transmitting the encrypted message and added error check value on a channel of a communication network with an associated destination address. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37)
means for determining if the unencrypted message is associated with at least one of general broadcast or an individual address;
means for transmitting the unencrypted message on a broadcast channel of a communication network with the broadcast address of the communication network if the unencrypted message is associated with general broadcast; and
means for transmitting the unencrypted message on a broadcast channel of a communication network with the individual address if the unencrypted message is associated with an individual address.
-
-
33. A system according to claim 31 further comprising:
-
means for determining if the unencrypted message is associated with at least one of general broadcast or an individual address;
means for encrypting the unencrypted message using a general encryption key if the unencrypted message is associated with at least one of general broadcast or an individual address;
means for generating an error check value based on the encrypted message if the unencrypted message is associated with at least one of general broadcast or an individual address; and
means for adding the error check value based on the encrypted message to the encrypted message if the unencrypted message is associated with at least one of general broadcast or an individual address; and
means for transmitting the encrypted message and the appended error check value based on the encrypted message on a broadcast channel of a communication network with the individual address if the unencrypted message is associated with an individual address and with the broadcast address of the communication network if the unencrypted message is associated with general broadcast.
-
-
34. A system according to claim 30 further comprising:
-
means for receiving a request for the group encryption key from a user;
means for associating the user with the service associated with the group encryption key; and
means for transmitting the group encryption key to the user on the broadcast channel of the communication network with an associated individual address of the user.
-
-
35. A system according to claim 34 wherein the group encryption key has an associated duration and wherein the means for determining a group encryption key for the unencrypted message further comprises means for updating a group encryption key for the unencrypted message when a previous group encryption key has exceeded its associated duration.
-
36. A system according to claim 34 further comprising:
-
means for updating the group encryption key; and
means for transmitting the updated group encryption key to users associated with the service associated with the group encryption key using associated individual addresses of the users associated with the service associated with the group encryption key.
-
-
37. A system according to claim 34 further comprising:
-
means for receiving the transmitted group encryption key;
means for receiving the encrypted message and added error check value on the broadcast channel of the communication network;
means for determining if the received message is directed to the broadcast address of the communication network;
means for generating an error check value for the received message;
means for determining if the error check value indicates an error;
means for decrypting the received message using the group encryption key if the received message is directed to a broadcast address of the communication network and the error check value indicates an error;
means for generating an error check value for the decrypted message; and
means for assigning the received message to a group associated with the group encryption key if the error check value for the decrypted message indicates no error.
-
-
38. A system for selective decryption of transmitted messages, comprising:
-
means for receiving a message on a channel of a communication network;
means for determining if the received message is directed to a broadcast address of the communication network;
means for generating an error check value for the received message;
means for determining if the error check value indicates an error;
means for decrypting the received message using a group encryption key if the received message is directed to a broadcast address of the communication network and the error check value for the received message indicates an error;
means for generating an error check value for the decrypted message; and
means for assigning the received message to a group associated with the group encryption key if the error check value for the decrypted message indicates no error. - View Dependent Claims (39, 40, 41, 42, 43, 44)
means for transmitting a request for the group encryption key; and
means for receiving the group encryption key on the channel of the communication network.
-
-
40. A system according to claim 38 further comprising means for repeating the steps of decrypting, generating an error check value for the decrypted message and assigning the received message to a group using ones of a plurality of group encryption keys as the group encryption key until at least one of the error check value for the decrypted message indicates no error and each of the ones of the plurality of group encryption keys has been used as the group encryption key.
-
41. A system according to claim 38 wherein the means for generating an error check value for the decrypted message further comprises:
-
means for computing redundancy bits for the decrypted message; and
means for comparing the computed redundancy bits to redundancy bits included with the received message to determine if an error is indicated for the decrypted message.
-
-
42. A system according to claim 38 wherein the means for generating an error check value for the decrypted message further comprises:
-
means for applying an error correction code to the decrypted message; and
means for determining that an error is indicated for the decrypted message if any errors remain in the decrypted message after applying the error correction code to the decrypted message.
-
-
43. A system according to claim 38 further comprising:
-
means for determining if the received message is directed to an individual address of a receiver device receiving the message; and
means for decrypting the received message using a general encryption key different from the group encryption key if the received message is directed to the individual address.
-
-
44. A system according to claim 43 further comprising means for decrypting the received message using the general encryption key if the received message is directed to a broadcast address of the communication network and the error check value for the received message indicates no error.
Specification