Data communications
First Claim
Patent Images
1. A method of distributing digitally encoded data, comprising:
- a) dividing said data into a multiplicity of frames,b) encrypting said frames,c) distributing multiple copies of the said data frames to a multiplicity of users, each frame being distributed with a control field,d) communicating a seed value for key generation to respective secure modules located at each of the multiplicity of users,e) decrypting the data frames at respective users using keys derived from the seed value communicated to the secure module, the secure module being arranged to enable decryption of a respective frame only when said control field has been passed to the secure module,f) passing a control message, for modifying and controlling the availability of keys, in the control field to the secure module at a selected one or more users, andg) at the secure module of the or each selected user, in response to the said control message, controlling the availability of keys generated from the said seed value, thereby controlling access by the users to the said data.
1 Assignment
0 Petitions
Accused Products
Abstract
In a data communications system a remote data source outputs data as a series of application data units (ADUs). Each ADU is individually encrypted with a different key. The keys are transmitted (for example using Internet multicasting) via a communications network to one or more customer terminals. At the terminals a sequence of keys is generated for use in decrypting the ADUs. A record is kept of the keys generated, and this record may subsequently be used to generate a receipt for the data received by the customer. The keys may be generated, and the record stored within a secure module such as a smartcard.
61 Citations
25 Claims
-
1. A method of distributing digitally encoded data, comprising:
-
a) dividing said data into a multiplicity of frames, b) encrypting said frames, c) distributing multiple copies of the said data frames to a multiplicity of users, each frame being distributed with a control field, d) communicating a seed value for key generation to respective secure modules located at each of the multiplicity of users, e) decrypting the data frames at respective users using keys derived from the seed value communicated to the secure module, the secure module being arranged to enable decryption of a respective frame only when said control field has been passed to the secure module, f) passing a control message, for modifying and controlling the availability of keys, in the control field to the secure module at a selected one or more users, and g) at the secure module of the or each selected user, in response to the said control message, controlling the availability of keys generated from the said seed value, thereby controlling access by the users to the said data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method of operating a customer terminal in a data communications system, the method comprising:
-
a) receiving at the customer terminal a multiplicity of encrypted data frames, each with a control field; b) receiving at the customer terminal a seed value for key generation; c) passing the said seed value for key generation to a secure module located at the customer terminal; d) generating in the secure module using the seed value keys for the decryption of data frames; e) decrypting using the said keys only those respective data frames for which a control field has been received; f) passing to the said secure module a control message received in the control field; and g) in response to the said control message, controlling the availability of keys generated using the said seed value and thereby controlling access by the user of the customer terminal to data received at the customer terminal. - View Dependent Claims (21, 22)
-
-
23. A data communications system comprising
a) a remote data source arranged to output a plurality of frames; -
b) encryption means for encrypting the plurality of frames with different respective keys; c) a communications channel arranged to distribute multiple copies of the encrypted data frames, each with a control field; d) a multiplicity of customer terminals arranged to receive from the communications channel respective copies of the encrypted data frames with the control fields; e) a key generator located at a customer terminal and programmed to generate from a seed value keys for use in decrypting data frames; f) key control means connected to the key generator, the key control means comprising; an interface for receiving the control fields; and control means arranged to only release keys for decrypting those respective frames for which a control field is received and being arranged to, in response to the said control messages in the control fields, control the availability to the user of keys generated from the seed value; and g) decryption means connected to the key generator and arrange to decrypt the data frames received at the customer terminal from the communications channel. - View Dependent Claims (24, 25)
-
Specification