System and method for delivering encrypted information in a communication network using location indentity and key tables

US 8,472,627 B2
Filed: 11/20/2006
Issued: 06/25/2013
Est. Priority Date: 10/30/2000
Status: Expired due to Fees

- Alert
- Pin

First Claim

Patent Images

1. A system for controlling access to content data, comprising:

a receiver device, anda distributor device comprising a memory, a cryptographic engine adapted to perform encryption and decryption functions, and a processor operatively coupled to the memory and the cryptographic engine, the processor of the distributor device being adapted to communicate with the receiver device via a communications network, wherein the processor of the distributor device is further adapted to;

(a) enable the cryptographic engine of the distributor device to use a data encrypting/decrypting key to encrypt the content data;

(b) enable the cryptographic engine of the distributor device to use a key encrypting/decrypting key to encrypt both the data encrypting/decrypting key and at least one content-owner constraint; and

(c) send the encrypted content data, the encrypted data encrypting/decrypting key and the at least one encrypted content-owner constraint to the receiver device via the communications network;

wherein the receiver device comprises a memory, a cryptographic engine adapted to perform encryption and decryption functions, and a processor operatively coupled to the memory and the cryptographic engine, the processor of the receiver device being adapted to communicate with the communications network, wherein the processor of the receiver device is further adapted to;

(a) receive via the communications network the encrypted content data, the encrypted data encrypting/decrypting key and the at least one encrypted content-owner constraint;

(b) enable the cryptographic engine of the receiver device to decrypt both the encrypted data encrypting/decrypting key and the at least one encrypted content-owner constraints;

(c) decrypt the encrypted content data if the at least one content-owner constraint is satisfied, and(d) enable the cryptographic engine of the receiver device to use a second key encrypting/decrypting key to re-encrypt the data encrypting/decrypting key and to send the encrypted content data and the re-encrypted data encrypting/decrypting key to at least one other receiver device via the communications network, wherein the second key encrypting/decrypting key is different from the first key encrypting/decrypting key.

View all claims

1 Assignment

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

Access to digital data is controlled by encrypting the data in such a manner that it can be decrypted only at a specified location, within a specific time frame, and with a secret key. Data encrypted in such a manner is said to be geo-encrypted. This geo-encryption process comprises a method in which plaintext data is first encrypted using a data encrypting key that is generated at the time of encryption. The data encrypting key is then encrypted (or locked) using a key encrypting key and information derived from the location of the intended receiver. The encrypted data encrypting key is then transmitted to the receiver along with the ciphertext data. The receiver both must be at the correct location and must have a copy of the corresponding key decrypting key in order to derive the location information and decrypt the data encrypting key.

96 Citations

View as Search Results

43 Claims

1. A system for controlling access to content data, comprising:
- a receiver device, anda distributor device comprising a memory, a cryptographic engine adapted to perform encryption and decryption functions, and a processor operatively coupled to the memory and the cryptographic engine, the processor of the distributor device being adapted to communicate with the receiver device via a communications network, wherein the processor of the distributor device is further adapted to;
  
  (a) enable the cryptographic engine of the distributor device to use a data encrypting/decrypting key to encrypt the content data;
  
  (b) enable the cryptographic engine of the distributor device to use a key encrypting/decrypting key to encrypt both the data encrypting/decrypting key and at least one content-owner constraint; and
  
  (c) send the encrypted content data, the encrypted data encrypting/decrypting key and the at least one encrypted content-owner constraint to the receiver device via the communications network;
  
  wherein the receiver device comprises a memory, a cryptographic engine adapted to perform encryption and decryption functions, and a processor operatively coupled to the memory and the cryptographic engine, the processor of the receiver device being adapted to communicate with the communications network, wherein the processor of the receiver device is further adapted to;
  
  (a) receive via the communications network the encrypted content data, the encrypted data encrypting/decrypting key and the at least one encrypted content-owner constraint;
  
  (b) enable the cryptographic engine of the receiver device to decrypt both the encrypted data encrypting/decrypting key and the at least one encrypted content-owner constraints;
  
  (c) decrypt the encrypted content data if the at least one content-owner constraint is satisfied, and(d) enable the cryptographic engine of the receiver device to use a second key encrypting/decrypting key to re-encrypt the data encrypting/decrypting key and to send the encrypted content data and the re-encrypted data encrypting/decrypting key to at least one other receiver device via the communications network, wherein the second key encrypting/decrypting key is different from the first key encrypting/decrypting key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The system of claim 1, wherein the processor of the receiver device is further adapted to enable the cryptographic engine of the receiver device to use the key encrypting/decrypting key to decrypt both the encrypted data encrypting/decrypting key and the at least one encrypted content-owner constraints.
  - 3. The system of claim 1, wherein the processor of the distributor device is further adapted to generate the data encrypting/decrypting key.
  - 4. The system of claim 1, wherein the processor of the distributor device is further adapted to generate the key encrypting/decrypting key.
  - 5. The system of claim 1, wherein the processor of the receiver device is further adapted to generate the second key encrypting/decrypting key.
  - 6. The system of claim 1, wherein the processor of the receiver device is further adapted to generate a key identifier (ID) associated with the second key encrypting/decrypting key and to send the key ID and the second key encrypting/decryption key to the at least one other receiver.
  - 7. The system of claim 6, wherein the processor of the receiver device is further adapted to enable the cryptographic engine of the receiver device to encrypt the second key encrypting/decrypting key and the key ID before it is sent to the at least one other receiver.
  - 8. The system of claim 1, wherein the at least one content-owner constraint comprises a permissible time period for use of the content data, and the receiver device further comprises a time source, the processor of the receiver device being further adapted to retrieve a current time measurement from the time source and determine whether the current time measurement satisfies the permissible time period.
  - 9. The system of claim 1, wherein the at least one content-owner constraint comprises a permissible geographical proximity for use of the content data, wherein the receiver device further comprises a geographic data source, the processor of the receiver device being further adapted to retrieve a current geographic location measurement from the geographic data source, and determine whether the current geographic location satisfies the permissible geographic proximity.
  - 10. The system of claim 1, wherein the at least one content-owner constraint comprises at least a permissible time period for use of the content data and a permissible geographical proximity for use of the content data.
  - 11. The system of claim 1, wherein the receiver device comprises a tamperproof, secure enclosure for preventing unauthorized access to at least the data encrypting/decrypting key.
  - 12. The system of claim 11, wherein the at least one other receiver device comprises a tamperproof, secure enclosure for preventing unauthorized access to at least the data encrypting/decrypting key.
  - 13. The system of claim 1, wherein the processor of the receiver device is further adapted to enable the cryptographic engine of the receiver device to use the data encrypting/decrypting key to decrypt the content data if the at least one content-owner constraint is satisfied.
  - 14. The system of claim 6, wherein the processor of the receiver device is further adapted to enable the cryptographic engine of the receiver device to use the second key encrypting/decrypting key to encrypt at least one other content-owner constraint and send the at least one other encrypted content-owner constraint to the at least one other receiver.
  - 15. The system of claim 14, wherein the at least one other content-owner constraint is the same as the at least one content-owner constraint.
  - 16. The system of claim 14, wherein the at least one other content-owner constraint is at least partially the same as the at least one content-owner constraint.
  - 17. The system of claim 14, further comprising the at least one other receiver, wherein the at least one other receiver device comprises a memory, a cryptographic engine adapted to perform at least a decryption function, and a processor operatively coupled to the memory and the cryptographic engine, the processor of the at least one other receiver device being adapted to receive via the communications network the second key encrypting/decrypting key and the key ID, and to store the second key encrypting/decrypting key and the key ID in the memory of the at least one other receiver so that the key ID is linked to the second key encrypting/decrypting key.
  - 18. The system of claim 17, wherein the processor of the at least one other receiver device is further adapted to (i) receive via the communications network the encrypted content data, the re-encrypted data encrypting/decrypting key, and the at least one other encrypted content-owner constraint, (ii) receive via the communications network a retransmission of the key ID, (iii) use the key ID to retrieve the second key encrypting/decrypting key from the memory of the at least one other receiver device, and (iii) enable the cryptographic engine of the at least one other receiver device to use the second key encrypting/decrypting key to decrypt the at least one other encrypted content-owner constraint.
  - 19. The system of claim 18, wherein the processor of the at least one other receiver device is further adapted to render the content data if the at least one other content-owner constraint is satisfied.
  - 20. The system of claim 19, wherein the processor of the at least one other receiver device is further adapted to enable the cryptographic engine of the at least one other receiver device to use the data encrypting/decrypting key to decrypt the content data if the at least one other content-owner constraint is satisfied.
  - 21. The system of claim 20, wherein the processor of the at least one other receiver device is further adapted to enable the cryptographic engine of the at least one other receiver device to use the second key encrypting/decrypting key to decrypt the content data if the at least one other content-owner constraint is satisfied.

22. A method for controlling access to content data, comprising:
- a distributor device (i) using a data encrypting/decrypting key to encrypt the content data, (ii) using a key encrypting/decrypting key to encrypt both the data encrypting/decrypting key and at least one content-owner constraint, and (iii) sending the encrypted content data, the encrypted data encrypting/decrypting key and the at least one encrypted content-owner constraint to a receiver device via a communication network; and
  
  a receiver device (i) receiving via the communications network the encrypted content data, the encrypted data encrypting/decrypting key and the at least one encrypted content-owner constraint, (ii) decrypting both the encrypted data encrypting/decrypting key and the at least one encrypted content-owner constraint, (iii) decrypt the encrypted content data if the at least one content-owner constraint is satisfied, (iv) using a second key encrypting/decrypting key to re-encrypt the data encrypting/decrypting key, and (v) sending the encrypted content data and the re-encrypted data encrypting/decrypting key to at least one other receiver device via the communications network.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
- - 23. The method of claim 22, wherein the step of the receiver device decrypting both the encrypted data encrypting/decrypting key and the at least one encrypted content-owner constraint further comprises the receiver device using the key encrypting/decrypting key to decrypt both the encrypted data encrypting/decrypting key and the at least one encrypted content-owner constraint.
  - 24. The method of claim 22, further comprising the distributor device generating the data encrypting/decrypting key.
  - 25. The method of claim 22, further comprising the distributor device generating the key encrypting/decrypting key.
  - 26. The method of claim 22, further comprising the receiver device generating the second key encrypting/decrypting key.
  - 27. The method of claim 23, further comprising the receiver device generating a key identifier (ID) associated with the second key encrypting/decrypting key and sending the key ID and the second key encrypting/decrypting key to the at least one other receiver.
  - 28. The method of claim 27, further comprising the receiver encrypting the key ID and the second key encrypting/decrypting key before sending it to the at least one other receiver.
  - 29. The method of claim 22, wherein the step of determining whether the at least one content-owner constraint is satisfied further comprises the steps of retrieving a current time from a time source and determining whether the current time satisfies a permissible time period.
  - 30. The method of claim 22, wherein the step of determining whether the at least one content-owner constraint is satisfied further comprises the steps of retrieving a current geographic location from a geographic data source and determining whether the current geographic location satisfies a permissible geographic proximity.
  - 31. The method of claim 22, wherein the step of determining whether the at least one content-owner constraint is satisfied further comprises the steps of retrieving a current time, retrieving a current geographical location, determining whether the current time satisfies a permissible time period, and determining whether the current geographic location satisfies a permissible geographic proximity.
  - 32. The method of claim 22, further comprising the receiver device using the data encrypting/decrypting key to decrypt the content data if the at least one content-owner constraint is satisfied.
  - 33. The method of claim 32, further comprising the receiver device using the second key encrypting/decrypting key to encrypt at least one other content-owner constraint and sending the at least one other encrypted content-owner constraint to the at least one other receiver.
  - 34. The method of claim 33, wherein the at least one other content-owner constraint is the same as the at least one content-owner constraint.
  - 35. The method of claim 33, wherein the at least one other content-owner constraint is at least partially the same as the at least one content-owner constraint.
  - 36. The method of claim 33, further comprising the at least one other receiver device receiving via the communications network the second key encrypting/decrypting key and the key ID, and storing the second encrypting/decrypting key and the key ID in a memory of the at least one other receiver device so that the key ID is linked to the second encrypting/decrypting key.
  - 37. The method of claim 36, further comprising the at least one other receiver device (i) receiving via the communications network the encrypted content data, the re-encrypted data encrypting/decrypting key, and the at least one other encrypted content-owner constraint, (ii) receiving via the communications network a retransmission of the key ID, (iii) using the key ID to retrieve the second key encrypting/decrypting key from the memory of the at least one other receiver device, and (iv) using the second key encrypting/decrypting key to decrypt the at least one other encrypted content-owner constraint.
  - 38. The method of claim 37, further comprising the at least one other receiver device using the second key encrypting/decrypting key to decrypt the data encrypting/decrypting key if the at least one other content-owner constraint is satisfied.
  - 39. The method of claim 38, further comprising the at least one other receiver device, after the encrypted data encrypting/decrypting key is decrypted, using the data encrypting/decrypting key to decrypt the encrypted content data.
  - 40. The method of claim 37, wherein the step of the at least one other receiver device using the second key encrypting/decrypting key to decrypt the at least one other encrypted content-owner constraint, further comprises using the second key encrypting/decrypting key to decrypt both the at least one other encrypted content-owner constraint and the data encrypting/decrypting key.
  - 41. The method of claim 40, further comprising the at least one other receiver device using the data encrypting/decrypting key to decrypt the encrypted content data if the at least one other content-owner constraint is satisfied.
  - 42. The method of claim 22, further comprising enclosing the receiver device in a tamperproof, secure enclosure to prevent unauthorized access to at least the data encrypting/decrypting key.
  - 43. The method of claim 22, further comprising enclosing the at least one other receiver device in a tamperproof, secure enclosure to prevent unauthorized access to at least the data encrypting/decrypting key.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Longbeam Technologies LLC (IP Edge LLC)
Original Assignee
Geocodex LLC
Inventors
Denning, Dorothy E., Glick, Barry J., Karpf, Ronald S., Seiler, Mark E.
Primary Examiner(s)
Poltorak, Peter

Application Number

US11/561,857
Publication Number

US 20070086593A1
Time in Patent Office

2,409 Days
Field of Search

None
US Class Current

380/258
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 2209/80   Wireless network architectu...

H04L 63/0428   wherein the data content is...

H04L 63/107   wherein the security polici...

H04L 63/12   Applying verification of th...

H04L 9/0872   using geo-location informat...

H04L 9/0891   Revocation or update of sec...

System and method for delivering encrypted information in a communication network using location indentity and key tables

First Claim

1 Assignment

Litigations

0 Petitions

Accused Products

Abstract

96 Citations

43 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for delivering encrypted information in a communication network using location indentity and key tables

First Claim

1 Assignment

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

96 Citations

43 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links