System and method for delivering encrypted information in a communication network using location identity and key tables
First Claim
1. A method for controlling access to digital information, comprising:
- encrypting said digital information using a data encrypting key;
modifying the data encrypting key using location identity data that defines at least a specific geographic location to produce a location-modified data encrypting key;
encrypting said location-modified data encrypting key using a key encrypting key to produce an encrypted location-modified data encrypting key; and
communicating said encrypted location-modified data encrypting key and said encrypted digital information to a recipient device such that said encrypted digital information can be decrypted by the recipient only at said specific geographic location.
3 Assignments
0 Petitions
Accused Products
Abstract
Access to digital data is controlled by encrypting the data in such a manner that, in a single digital data acquisition step, it can be decrypted only at a specified location, within a specific time frame, and with a secret key. Data encrypted in such a manner is said to be geo-encrypted. This geo-encryption process comprises a method in which plaintext data is first encrypted using a data encrypting key that is generated at the time of encryption. The data encrypting key is then encrypted (or locked) using a key encrypting key and information derived from the location of the intended receiver. The encrypted data encrypting key is then transmitted to the receiver along with the ciphertext data. The receiver both must be at the correct location and must have a copy of the corresponding key decrypting key in order to derive the location information and decrypt the data encrypting key. After the data encrypting key is decrypted (or unlocked), it is used to decrypt the ciphertext. If an attempt is made to decrypt the data encrypting key at an incorrect location or using an incorrect secret key, the decryption will fail. If the sender so elects, access to digital data also can be controlled by encrypting it in such a manner that it must traverse a specific route from the sender to the recipient in order to enable decryption of the data. Key management can be handled using either private-key or public-key cryptography. If private-key cryptography is used, the sender can manage the secret key decrypting keys required for decryption in a secure manner that is transparent to the recipient. As a consequence of its ability to manipulate the secret keys, the sender of encrypted data retains the ability to control access to its plaintext even after its initial transmission.
-
Citations
48 Claims
-
1. A method for controlling access to digital information, comprising:
-
encrypting said digital information using a data encrypting key; modifying the data encrypting key using location identity data that defines at least a specific geographic location to produce a location-modified data encrypting key; encrypting said location-modified data encrypting key using a key encrypting key to produce an encrypted location-modified data encrypting key; and communicating said encrypted location-modified data encrypting key and said encrypted digital information to a recipient device such that said encrypted digital information can be decrypted by the recipient only at said specific geographic location. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. An apparatus for controlling access to digital information, comprising:
a processor having memory adapted to store software instructions operable to cause said processor to perform the functions of; encrypting said digital information using a data encrypting key; modifying the data encrypting key using location identity data that defines at least a specific geographic location to produce a location-modified data encrypting key; encrypting said location-modified data encrypting key using a key encrypting key to produce an encrypted location-modified data encrypting key; and communicating said encrypted location-modified data encrypting key and said encrypted digital information to a recipient device such that said encrypted digital information can be decrypted by the recipient only at said specific geographic location. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
-
43. An apparatus for receiving digital information, comprising:
a processor having memory adapted to store software instructions operable to cause said processor to perform the functions of; receiving encrypted digital information and an encrypted location-modified data encrypting key; decrypting said encrypted location-modified data encrypting key using a key encrypting key to obtain a location-modified data encrypting key; determining a location value that defines a specific geographic location of said apparatus; extracting a data encrypting key from said location-modified data encrypting key using said location value; and decrypting said encrypted digital information using said data encrypting key. - View Dependent Claims (44, 45, 46, 47, 48)
Specification