Method and apparatus for security in a data processing system
First Claim
Patent Images
1. A method for a remote station to extract data from at least one encrypted packet of data provided by a broadcast service, comprising:
- receiving a broadcast access key for the broadcast service;
receiving an encrypted packet of data from a plurality of encrypted packets of data, wherein the each encrypted packet of data is associated with one short-term key from a plurality of short-term keys, wherein each short-term key is associated with a first number,receiving the first number corresponding to the short-term key associated with the encrypted packet of data;
generating the short-term key using the broadcast access key and the first number;
extracting a packet of data from the encrypted packet of data using the short-term key;
encrypting the broadcast access key to form an encrypted broadcast access key comprising;
storing a root key in the secure memory storage unit, wherein the root key is associated with the secure memory storage unit, wherein the root key is also stored in a fifth server,wherein the fifth server is part of a first server, andwherein extracting the encrypted broadcast access key further comprises;
decrypting the EBAK based on the root key stored in the secure memory storage unit;
storing the encrypted broadcast access key in a secure memory storage unit; and
extracting the encrypted broadcast access key (EBAK) from the secure memory storage unit.
1 Assignment
0 Petitions
Accused Products
Abstract
Method and apparatus for secure transmissions. Each user is provided a registration key. A long-time updated broadcast key is encrypted using the registration key and provided periodically to a user. A short-time updated key is encrypted using the broadcast key and provided periodically to a user. Broadcasts are then encrypted using the short-time key, wherein the user decrypts the broadcast message using the short-time key. One embodiment provides link layer content encryption. Another embodiment provides end-to-end encryption.
217 Citations
69 Claims
-
1. A method for a remote station to extract data from at least one encrypted packet of data provided by a broadcast service, comprising:
-
receiving a broadcast access key for the broadcast service; receiving an encrypted packet of data from a plurality of encrypted packets of data, wherein the each encrypted packet of data is associated with one short-term key from a plurality of short-term keys, wherein each short-term key is associated with a first number, receiving the first number corresponding to the short-term key associated with the encrypted packet of data; generating the short-term key using the broadcast access key and the first number; extracting a packet of data from the encrypted packet of data using the short-term key; encrypting the broadcast access key to form an encrypted broadcast access key comprising; storing a root key in the secure memory storage unit, wherein the root key is associated with the secure memory storage unit, wherein the root key is also stored in a fifth server, wherein the fifth server is part of a first server, and wherein extracting the encrypted broadcast access key further comprises; decrypting the EBAK based on the root key stored in the secure memory storage unit; storing the encrypted broadcast access key in a secure memory storage unit; and
extracting the encrypted broadcast access key (EBAK) from the secure memory storage unit. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for a remote station to extract data from at least one encrypted packet of data provided by a broadcast service, comprising:
-
receiving a broadcast access key for the broadcast service; receiving an encrypted packet of data from a plurality of encrypted packets of data, wherein the each encrypted packet of data is associated with one short-term key from a plurality of short-term keys, wherein each short-term key is associated with a first number; receiving the first number corresponding to the short-term key associated with the encrypted packet of data; generating the short-term key using the broadcast access key and the first number; extracting a packet of data from the encrypted packet of data using the short-term key; encrypting the broadcast access key to form an encrypted broadcast access key comprising; storing a root key in the secure memory storage unit, wherein the root key is associated with the secure memory storage unit; and wherein extracting the encrypted broadcast access key further comprises; decrypting the EBAK based on the root key stored in the secure memory storage unit; storing the encrypted broadcast access key in a secure memory storage unit; and extracting the encrypted broadcast access key (EBAK) from the secure memory storage unit wherein the mobile network is a Global System for mobile (GSM) network.
-
-
10. A method for a remote station to extract data from at least one encrypted packet of data provided by a broadcast service, comprising:
-
receiving a broadcast access key for the broadcast service; receiving an encrypted packet of data from a plurality of encrypted packets of data, wherein the each encrypted packet of data is associated with one short-term key from a plurality of short-term keys, wherein each short-term key is associated with a first number; receiving the first number corresponding to the short-term key associated with the encrypted packet of data; generating the short-term key using the broadcast access key and the first number; extracting a packet of data from the encrypted packet of data using the short-term key; encrypting the broadcast access key to form an encrypted broadcast access key; storing the encrypted broadcast access key in a secure memory storage unit; and extracting the encrypted broadcast access key (EBAK) from the secure memory storage unit comprising; receiving the encrypted broadcast access key and a second number and storing the encrypted broadcast access key and the second number in the secure memory storage unit.
-
-
11. A method for a remote station to extract data from at least one encrypted packet of data provided by a broadcast service, comprising:
-
receiving a broadcast access key for the broadcast service; receiving an encrypted packet of data from a plurality of encrypted packets of data, wherein the each encrypted packet of data is associated with one short-term key from a plurality of short-term keys, wherein each short-term key is associated with a first number; receiving the first number corresponding to the short-term key associated with the encrypted packet of data; generating the short-term key using the broadcast access key and the first number; extracting a packet of data from the encrypted packet of data using the short-term key; encrypting the broadcast access key to form an encrypted broadcast access key; storing the encrypted broadcast access key in a secure memory storage unit; and extracting the encrypted broadcast access key (EBAK) from the secure memory storage unit comprising; determining a Temporary Key (TK); storing the TK in the secure memory storage unit; and decrypting the EBAK using the TK to form the Broadcast Access Key (BAK). - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method for a remote station to extract data from at least one encrypted packet of data provided by a broadcast service, comprising:
-
receiving a broadcast access key for the broadcast service wherein receiving the broadcast access key comprises requesting the broadcast access key from a first server; receiving an encrypted packet of data from a plurality of encrypted packets of data, wherein the each encrypted packet of data is associated with one short-term key from a plurality of short-term keys, wherein each short-term key is associated with a first number; receiving the first number corresponding to the short-term key associated with the encrypted packet of data; generating the short-term key using the broadcast access key and the first number; and extracting a packet of data from the encrypted packet of data using the short-term key.
-
-
22. A method for a remote station to extract data from at least one encrypted packet of data provided by a broadcast service, comprising:
-
receiving a broadcast access key for the broadcast service; receiving an encrypted packet of data from a plurality of encrypted packets of data, wherein the each encrypted packet of data is associated with one short-term key from a plurality of short-term keys, wherein each short-term key is associated with a first number; receiving the first number corresponding to the short-term key associated with the encrypted packet of data, wherein receiving the encrypted packet of data and the associated first number comprises receiving the associated first number with each encrypted packet of data; generating the short-term key using the broadcast access key and the first number; and extracting packet of data from the encrypted packet of data using the short-term key. - View Dependent Claims (23)
-
-
24. A method for a remote station to extract data from at least one encrypted packet of data provided by a broadcast service, comprising:
-
receiving a broadcast access key for the broadcast service; receiving an encrypted packet of data from a plurality of encrypted packets of data, wherein the each encrypted packet of data is associated with one short-term key from a plurality of short-term keys, wherein each short-term key is associated with a first number; receiving the first number corresponding to the short-term key associated with the encrypted packet of data, wherein the first number is received with at least one encrypted packet of data; generating the short-term key using the broadcast access key and the first number; and extracting a packet of data from the encrypted packet of data using the short-term key.
-
-
25. A method for a remote station to extract data from at least one encrypted packet of data provided by a broadcast service, comprising:
-
receiving a broadcast access key for the broadcast service at the remote station comprising; receiving a broadcast access key expiration indicator wherein the broadcast access key expiration indicator identifies an expiration time of the broadcast access key; receiving an encrypted packet of data from a plurality of encrypted packets of data, wherein the each encrypted packet of data is associated with one short-term key from a plurality of short-term keys, wherein each short-term key is associated with a first number; receiving the first number corresponding to the short-term key associated with the encrypted packet of data; generating the short-term key using the broadcast access key and the first number, and extracting a packet of data from the encrypted packet of data using the short-term key.
-
-
26. A method for a remote station to extract data from at least one encrypted packet of data provided by a broadcast service, comprising:
-
receiving a broadcast access key for the broadcast service at the remote station comprising; authorizing the remote station to provide the broadcast service; receiving an encrypted packet of data from a plurality of encrypted packets of data, wherein the each encrypted packet of data is associated with one short-term key from a plurality of short-term keys, wherein each short-term key is associated with a first number; receiving the first number corresponding to the short-term key associated with the encrypted packet of data; generating the short-term key using the broadcast access key and the first number; and extracting a packet of data from the encrypted packet of data using the short-term key.
-
-
27. A method for a remote station to extract data from at least one encrypted packet of data provided by a broadcast service, comprising:
-
receiving a broadcast access key for the broadcast service; receiving an encrypted packet of data from a plurality of encrypted packets of data, wherein the each encrypted packet of data is associated with one short-term key from a plurality of short-term keys, wherein each short-term key is associated with a first number; receiving the first number corresponding to the short-term key associated with the encrypted packet of data; generating the short-term key using the broadcast access key and the first number; extracting a packet of data from the encrypted packet of data using the short-term key; and storing the broadcast access key in a secure memory storage unit, wherein receiving the broadcast access key comprises authorizing the secure memory storage unit to provide the short-term keys to the remote station, wherein the first server authorizes the secure memory storage unit.
-
-
28. A method for a remote station to extract data from at least one encrypted packet of data provided by a broadcast service, comprising:
-
receiving a broadcast access key for the broadcast service; receiving an encrypted packet of data from a plurality of encrypted packets of data, wherein the each encrypted packet of data is associated with one short-term key from a plurality of short-term keys, wherein each short-term key is associated with a first number; receiving the first number corresponding to the short-term key associated with the encrypted packet of data; generating the short-term key using the broadcast access key and the first number; extracting a packet of data from the encrypted packet of data using the short-term key; and storing the broadcast access key in a secure memory storage unit, wherein the secure memory storage unit is a User Identity Module (UIM) adapted for use in a wireless device supporting spread spectrum protocols.
-
-
29. A method for encryption key management in a communication system supporting broadcast services, comprising:
-
generating a short-term key using a broadcast access key; encrypting a packet of data using the short-term key; broadcasting the encrypted packet of data; and sending the broadcast access key from a first server to a remote station comprising; generating the broadcast access key in a fourth server.
-
-
30. A method for encryption key management in a communication system supporting broadcast services, comprising:
-
generating a short-term key using a broadcast access key; encrypting a packet of data using the short-term key; broadcasting the encrypted packet of data; sending the broadcast access key from a first server to a remote station; generating a first random value in the fourth server; and assigning the first random value to the broadcast access key in a fourth server.
-
-
31. A method for encryption key management in a communication system supporting broadcast services, comprising:
-
generating a short-term key using a broadcast access key BAK; encrypting a packet of data using the short-term key; broadcasting the encrypted packet of data; and sending the broadcast access key from a first server to a remote station, wherein the first server stores details of BAK values provided to the secure memory storage unit, wherein the details are used for accounting. - View Dependent Claims (32)
-
-
33. A method for encryption key management in a communication system supporting broadcast services, comprising:
-
generating a short-term key using a broadcast access key; encrypting a packet of data using the short-term key; broadcasting the encrypted packet of data; forming an Encrypted Broadcast Access Key (EBAK) from the broadcast access key at a first server; and transmitting the encrypted broadcast access key. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52)
-
-
53. A method for encryption key management in a communication system supporting broadcast services, comprising:
-
generating a short-term key using a broadcast access key; and encrypting a packet of data using the short-term key; broadcasting the encrypted packet of data, wherein generating the short-term key comprises; generating the short-term key using the broadcast access key and a first number at a second server; and determining a value of the first number at the second server, comprising determining at least part of the first number from a value not controlled by the second server. - View Dependent Claims (54, 55)
-
-
56. A method for encryption key management in a communication system supporting broadcast services, comprising:
-
generating a short-term key using a broadcast access key; encrypting a packet of data using the short-term key; broadcasting the encrypted packet of data and an associated first number, the broadcasting comprising; sending the first number with each encrypted packet of data.
-
-
57. A method for encryption key management in a communication system supporting broadcast services, comprising:
-
generating a short-term key using a broadcast access key; encrypting a packet of data using the short-term key; broadcasting the encrypted packet of data and an associated first number, the broadcasting comprising; sending the first number with at least one encrypted packet of data; and sending at least one encrypted packet of data without the first number.
-
-
58. A remote station adapted to extract data from at least one encrypted packet of data provided by a broadcast server, comprising:
-
receiver adapted for; receiving a broadcast access key for the broadcast service; receiving an encrypted packet of data from a plurality of encrypted packets of data, wherein the each encrypted packet of data is associated with one short-term key from a plurality of short-term keys, wherein each short-term key is associated with a first number; receiving the first number corresponding to the short-term key associated with the encrypted packet of data; generator adapted for generating the short-term key using the broadcast access key and the first number; means for extracting a packet of data from the encrypted packet of data using the short-term key; means for encrypting the broadcast access key to form an encrypted broadcast access key, wherein the secure memory storage unit is further adapted to store the encrypted broadcast access key; and means for extracting the encrypted broadcast access key (EBAK) from the secure memory storage unit, comprising; means for determining a Temporary Key (TK) comprising means for determining the TK associated with a second number stored in the secure memory storage unit; means for storing the TK in the secure memory storage unit; and means for decrypting the EBAK using the TK to form a Broadcast Access Key (BAK), wherein the means for determining the TK associated with the second number comprises; means for forming the TK from the second number and a second root key stored in the secure memory storage unit, wherein the second root key is uniquely associated with the secure memory storage unit. - View Dependent Claims (59, 60, 61)
-
-
62. A remote station adapted to extract data from at least one encrypted packet of data provided by a broadcast service, comprising:
-
receiver adapted for; receiving a broadcast access key for the broadcast service; receiving an encrypted packet of data from a plurality of encrypted packets of data, wherein the each encrypted packet of data is associated with one short-term key from a plurality of short-term keys, wherein each short-term key is associated with a first number; receiving the first number corresponding to the short-term key associated with the encrypted packet of data; wherein the receiver comprises a transmitter for requesting the broadcast access key from a first server; generator adapted for generating the short-term key using the broadcast access key and the first number; and means for extracting a packet of data from the encrypted packet of data using the short-term key.
-
-
63. A remote station adapted to extract data from at least one encrypted packet of data provided by a broadcast service, comprising:
-
receiver adapted for; receiving a broadcast access key for the broadcast service; receiving an encrypted packet of data from a plurality of encrypted packets of data, wherein the each encrypted packet of data is associated with one short-term key from a plurality of short-term keys, wherein each short-term key is associated with a first number; receiving the first number corresponding to the short-term key associated with the encrypted packet of data; wherein the receiver comprises means for receiving the first number with each encrypted packet of data; generator adapted for generating the short-term key using the broadcast access key and the first number; and means for extracting a packet of data from the encrypted packet of data using the short-term key. - View Dependent Claims (64)
-
-
65. A remote station adapted to extract data from at least one encrypted packet of data provided by a broadcast service, comprising:
-
receiver adapted for; receiving a broadcast access key for the broadcast service; receiving an encrypted packet of data from a plurality of encrypted packets of data, wherein the each encrypted packet of data is associated with one short-term key from a plurality of short-term keys, wherein each short-term key is associated with a first number; receiving the first number corresponding to the short-term key associated with the encrypted packet of data wherein the first number is received with at least one encrypted packet of data; generator adapted for generating the short-term key using the broadcast access key and the first number; and means for extracting a packet of data from the encrypted packet of data using the short-term key.
-
-
66. A remote station adapted to extract data from at least one encrypted packet of data provided by a broadcast service, comprising:
-
receiver adapted for; receiving a broadcast access key for the broadcast service; receiving an encrypted packet of data from a plurality of encrypted packets of data, wherein the each encrypted packet of data is associated with one short-term key from a plurality of short-term keys, wherein each short-term key is associated with a first number; receiving the first number corresponding to the short-term key associated with the encrypted packet of data; receiving a broadcast access key expiration indicator, wherein the broadcast access key expiration indicator identifies an expiration time of the broadcast access key; generator adapted for generating the short-term key using the broadcast access key and the first number; and means for extracting a packet of data from the encrypted packet of data using the short-term key.
-
-
67. A remote station adapted to extract data from at least one encrypted packet of data provided by a broadcast service, comprising:
-
receiver adapted for; receiving a broadcast access key for the broadcast service; receiving an encrypted packet of data from a plurality of encrypted packets of data, wherein the each encrypted packet of data is associated with one short-term key from a plurality of short-term keys, wherein each short-term key is associated with a first number; receiving the first number corresponding to the short-term key associated with the encrypted packet of data; authorizing the remote station to provide the broadcast service; generator adapted for generating the short-term key using the broadcast access key and the first number; and means for extracting a packet of data from the encrypted packet of data using the short-term key.
-
-
68. A remote station adapted to extract data from at least one encrypted packet of data provided by a broadcast service, comprising:
-
receiver adapted for; receiving a broadcast access key for the broadcast service; receiving an encrypted packet of data from a plurality of encrypted packets of data, wherein the each encrypted packet of data is associated with one short-term key from a plurality of short-term keys, wherein each short-term key is associated with a first number; receiving the first number corresponding to the short-term key associated with the encrypted packet of data; generator adapted for generating the short-term key using the broadcast access key and the first number; means for extracting a packet of data from the encrypted packet of data using the short-term key; and secure memory storage unit for storing the broadcast access key, wherein the receiver for receiving the broadcast access key is further adapted for; authorizing the secure memory storage unit to provide the short-term keys to the remote station, wherein the first server authorizes the secure memory storage unit.
-
-
69. A remote station adapted to extract data from at least one encrypted packet of data provided by a broadcast service, comprising:
-
receiver adapted for; receiving a broadcast access key for the broadcast service; receiving an encrypted packet of data from a plurality of encrypted packets of data, wherein the each encrypted packet of data is associated with one short-term key from a plurality of short-term keys, wherein each short-term key is associated with a first number; receiving the first number corresponding to the short-term key associated with the encrypted packet of data; generator adapted for generating the short-term key using the broadcast access key and the first number; means for extracting a packet of data from the encrypted packet of data using the short-term key; and secure memory storage unit for storing the broadcast access key, wherein the secure memory storage unit is a User Identity Module (UIM) adapted for use in a wireless device supporting spread spectrum protocols.
-
Specification