System and method for delivering encrypted information in a communication network using location identity and key tables

US 7,143,289 B2
Filed: 11/16/2001
Issued: 11/28/2006
Est. Priority Date: 10/30/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method for controlling access to digital information, comprising:

encrypting said digital information using a data encrypting key;

modifying the data encrypting key using location identity data that defines at least a specific geographic location to produce a location-modified data encrypting key;

encrypting said location-modified data encrypting key using a key encrypting key to produce an encrypted location-modified data encrypting key; and

communicating said encrypted location-modified data encrypting key and said encrypted digital information to a recipient device such that said encrypted digital information can be decrypted by the recipient only at said specific geographic location.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Access to digital data is controlled by encrypting the data in such a manner that, in a single digital data acquisition step, it can be decrypted only at a specified location, within a specific time frame, and with a secret key. Data encrypted in such a manner is said to be geo-encrypted. This geo-encryption process comprises a method in which plaintext data is first encrypted using a data encrypting key that is generated at the time of encryption. The data encrypting key is then encrypted (or locked) using a key encrypting key and information derived from the location of the intended receiver. The encrypted data encrypting key is then transmitted to the receiver along with the ciphertext data. The receiver both must be at the correct location and must have a copy of the corresponding key decrypting key in order to derive the location information and decrypt the data encrypting key. After the data encrypting key is decrypted (or unlocked), it is used to decrypt the ciphertext. If an attempt is made to decrypt the data encrypting key at an incorrect location or using an incorrect secret key, the decryption will fail. If the sender so elects, access to digital data also can be controlled by encrypting it in such a manner that it must traverse a specific route from the sender to the recipient in order to enable decryption of the data. Key management can be handled using either private-key or public-key cryptography. If private-key cryptography is used, the sender can manage the secret key decrypting keys required for decryption in a secure manner that is transparent to the recipient. As a consequence of its ability to manipulate the secret keys, the sender of encrypted data retains the ability to control access to its plaintext even after its initial transmission.

Citations

48 Claims

1. A method for controlling access to digital information, comprising:
- encrypting said digital information using a data encrypting key;
  
  modifying the data encrypting key using location identity data that defines at least a specific geographic location to produce a location-modified data encrypting key;
  
  encrypting said location-modified data encrypting key using a key encrypting key to produce an encrypted location-modified data encrypting key; and
  
  communicating said encrypted location-modified data encrypting key and said encrypted digital information to a recipient device such that said encrypted digital information can be decrypted by the recipient only at said specific geographic location.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 2. The method of claim 1, wherein said location identity data further comprises at least a location value and a proximity value of said specific geographic location.
  - 3. The method of claim 2, wherein said location value defines a location of an intended receiver of said digital information.
  - 4. The method of claim 3, wherein said proximity value defines a zone that encompasses said location.
  - 5. The method of claim 2, wherein said location value further comprises at least one of a latitude, longitude, altitude and time dimension.
  - 6. The method of claim 2, wherein said location identity data further defines a universal location that encompasses the entire earth.
  - 7. The method of claim 1, further comprising identifying location of a receiver at which access to said digital information is sought.
  - 8. The method of claim 7, wherein said location identifying step further comprises recovering said location from a GPS receiver.
  - 9. The method of claim 1, wherein said location identity data further comprises a location value and a shape parameter, the shape parameter defining a shape of a region encompassing the specific geographic location.
  - 10. The method of claim 1, further comprising:
    - decrypting said encrypted location-modified data encrypting key using a key decrypting key;
      
      using a location value to recover said data encrypting key from said location-modified data encrypting key; and
      
      decrypting said digital information using said data encrypting key.
  - 11. The method of claim 10, further comprising deriving said location value from a signal received by a GPS receiver and a shape parameter defining a shape of a region encompassing the specific geographic location.
  - 12. The method of claim 10, further comprising precluding ability to decrypt said encrypted digital information if said step of decrypting said encrypted digital information is attempted at other than said specific geographic location.
  - 13. The method of claim 10, further comprising precluding ability to decrypt said encrypted digital information if said step of decrypting said encrypted digital information is attempted without using said key decrypting key.
  - 14. The method of claim 1, wherein said digital information further comprises a secret key, and further comprising the step of distributing said secret key to an intended receiver.
  - 15. The method of claim 1, further comprising routing said encrypted digital information to an intended receiver through at least one distributor.
  - 16. The method of claim 15, wherein said routing step further comprises adding a layer of encryption of said data encrypting key for said at least one distributor.
  - 17. The method of claim 1, further comprising generating said data encrypting key using a pseudo-random number generator.
  - 18. The method of claim 17, wherein said step of generating said data encrypting key further comprises using GPS signals to partially seed said pseudo-random number generator.
  - 19. The method of claim 1, further comprising decrypting and recovering said data encrypting key from said encrypted location-modified data encrypting key using a key decrypting key and a location value, and re-encrypting said data encrypting key using at least one of a different location identity data and a different key encrypting key to produce a different encrypted location-modified data encrypting key.
  - 20. The method of claim 1, further comprising providing a key table used to store a plurality of keys including said key encrypting key.
  - 21. The method of claim 20, further comprising associating said plurality of keys with respective providers of said digital information.
  - 22. The method of claim 20, further comprising administering management of said plurality of keys in said key table.
  - 23. The method of claim 22, wherein said administering step further comprises adding, changing or deleting any one of said plurality of keys in said key table.
  - 24. The method of claim 22, wherein said key table is located with a remote device, and said administering step further comprises adding, changing or deleting any one of said plurality of keys in said key table remotely.
  - 25. The method of claim 24, wherein said administering step further comprises including a signature when adding, changing or deleting any one of said plurality of secret keys in said key table.
  - 26. The method of claim 20, wherein said step of providing a key table further comprises storing keys used for signing data and validating signatures.

27. An apparatus for controlling access to digital information, comprising:
- a processor having memory adapted to store software instructions operable to cause said processor to perform the functions of;
  
  encrypting said digital information using a data encrypting key;
  
  modifying the data encrypting key using location identity data that defines at least a specific geographic location to produce a location-modified data encrypting key;
  
  encrypting said location-modified data encrypting key using a key encrypting key to produce an encrypted location-modified data encrypting key; and
  
  communicating said encrypted location-modified data encrypting key and said encrypted digital information to a recipient device such that said encrypted digital information can be decrypted by the recipient only at said specific geographic location.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 28. The apparatus of claim 27, wherein said location identity data comprises at least a location value and a proximity value of said specific geographic location.
  - 29. The apparatus of claim 28, wherein said location value defines a location of an intended receiver of said digital information.
  - 30. The apparatus of claim 28, wherein said location value further comprises at least one of a latitude, longitude, altitude and time dimension.
  - 31. The apparatus of claim 28, wherein said proximity value corresponds to a zone that encompasses said location.
  - 32. The apparatus of claim 27, wherein said processor is further operable to identify location of a receiver at which access to said digital information is sought.
  - 33. The apparatus of claim 27, further comprising a GPS receiver coupled to said processor.
  - 34. The apparatus of claim 27, wherein said location identity data further comprises a location value and a shape parameter, the shape parameter defining a shape of a region encompassing said specific geographic location.
  - 35. The apparatus of claim 27, wherein said digital information further comprises a secret key, and said processor is further operable to distribute said secret key to an intended receiver located at said specific geographic location.
  - 36. The apparatus of claim 27, wherein said processor is further operable to route said encrypted digital information to an intended receiver through at least one distributor.
  - 37. The apparatus of claim 27, further comprising a pseudo-random number generator operatively coupled to said processor to generate said data encrypting key.
  - 38. The apparatus of claim 27, wherein said processor is further operable to decrypt said encrypted location-modified data encrypting key, and re-encrypt said location-modified data encrypting key using at least one of a different location identity data and a different key encrypting key.
  - 39. The apparatus of claim 27, wherein said memory further comprises a key table used to store a plurality of keys including said key encrypting key.
  - 40. The apparatus of claim 39, wherein ones of said plurality of keys are associated with respective providers of said digital information.
  - 41. The apparatus of claim 39, wherein processor is further operable to add, change or delete any one of said plurality of keys in said key table.
  - 42. The method of claim 39, wherein said processor is further operable to provide a signature for authentication of one of said plurality of keys.

43. An apparatus for receiving digital information, comprising:
- a processor having memory adapted to store software instructions operable to cause said processor to perform the functions of;
  
  receiving encrypted digital information and an encrypted location-modified data encrypting key;
  
  decrypting said encrypted location-modified data encrypting key using a key encrypting key to obtain a location-modified data encrypting key;
  
  determining a location value that defines a specific geographic location of said apparatus;
  
  extracting a data encrypting key from said location-modified data encrypting key using said location value; and
  
  decrypting said encrypted digital information using said data encrypting key.
- View Dependent Claims (44, 45, 46, 47, 48)
- - 44. The apparatus of claim 43, wherein said function of decrypting said encrypted digital information further comprises precluding ability to decrypt said encrypted digital information if decryption is attempted at other than said specific geographic location.
  - 45. The apparatus of claim 43, further comprising a GPS receiver coupled to said processor.
  - 46. The apparatus of claim 43, wherein said processor is further operable to re-encrypt said data encrypting key using at least one of a different location identity data and a different key encrypting key.
  - 47. The apparatus of claim 43, wherein said memory further comprises a key table used to store a plurality of keys including said key decrypting key.
  - 48. The apparatus of claim 43, wherein ones of said plurality of keys are associated with respective providers of said digital information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Longbeam Technologies LLC (IP Edge LLC)
Original Assignee
Geocodex LLC
Inventors
Denning, Dorothy E., Glick, Barry J., Karpf, Ronald S., Seiler, Mark E.
Primary Examiner(s)
Louis-Jacques, Jacques
Assistant Examiner(s)
Poltorak, Piotr

Application Number

US09/992,378
Publication Number

US 20020136407A1
Time in Patent Office

1,838 Days
Field of Search

380/255, 380/258, 380/45, 713/168, 713/201
US Class Current

713/168
CPC Class Codes

G06F 21/1013   to locations

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2221/2107   File encryption

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 2463/101   applying security measures ...

H04L 63/0421   Anonymous communication, i....

H04L 63/0428   wherein the data content is...

H04L 63/0492   by using a location-limited...

H04L 63/06   for supporting key manageme...

H04L 63/10   for controlling access to d...

H04L 63/1408   by monitoring network traff...

H04L 67/02   based on web technology, e....

H04L 67/142   Managing session states for...

H04L 67/52   specially adapted for the l...

H04L 67/535   Tracking the activity of th...

H04N 9/8205   involving the multiplexing ...

System and method for delivering encrypted information in a communication network using location identity and key tables

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

48 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for delivering encrypted information in a communication network using location identity and key tables

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

48 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links