System and method for delivering encrypted information in a communication network using location indentity and key tables
DCFirst Claim
1. A system for controlling access to content data, comprising:
- a receiver device, anda distributor device comprising a memory, a cryptographic engine adapted to perform encryption and decryption functions, and a processor operatively coupled to the memory and the cryptographic engine, the processor of the distributor device being adapted to communicate with the receiver device via a communications network, wherein the processor of the distributor device is further adapted to;
(a) enable the cryptographic engine of the distributor device to use a data encrypting/decrypting key to encrypt the content data;
(b) enable the cryptographic engine of the distributor device to use a key encrypting/decrypting key to encrypt both the data encrypting/decrypting key and at least one content-owner constraint; and
(c) send the encrypted content data, the encrypted data encrypting/decrypting key and the at least one encrypted content-owner constraint to the receiver device via the communications network;
wherein the receiver device comprises a memory, a cryptographic engine adapted to perform encryption and decryption functions, and a processor operatively coupled to the memory and the cryptographic engine, the processor of the receiver device being adapted to communicate with the communications network, wherein the processor of the receiver device is further adapted to;
(a) receive via the communications network the encrypted content data, the encrypted data encrypting/decrypting key and the at least one encrypted content-owner constraint;
(b) enable the cryptographic engine of the receiver device to decrypt both the encrypted data encrypting/decrypting key and the at least one encrypted content-owner constraints;
(c) decrypt the encrypted content data if the at least one content-owner constraint is satisfied, and(d) enable the cryptographic engine of the receiver device to use a second key encrypting/decrypting key to re-encrypt the data encrypting/decrypting key and to send the encrypted content data and the re-encrypted data encrypting/decrypting key to at least one other receiver device via the communications network, wherein the second key encrypting/decrypting key is different from the first key encrypting/decrypting key.
1 Assignment
Litigations
0 Petitions
Accused Products
Abstract
Access to digital data is controlled by encrypting the data in such a manner that it can be decrypted only at a specified location, within a specific time frame, and with a secret key. Data encrypted in such a manner is said to be geo-encrypted. This geo-encryption process comprises a method in which plaintext data is first encrypted using a data encrypting key that is generated at the time of encryption. The data encrypting key is then encrypted (or locked) using a key encrypting key and information derived from the location of the intended receiver. The encrypted data encrypting key is then transmitted to the receiver along with the ciphertext data. The receiver both must be at the correct location and must have a copy of the corresponding key decrypting key in order to derive the location information and decrypt the data encrypting key.
96 Citations
43 Claims
-
1. A system for controlling access to content data, comprising:
-
a receiver device, and a distributor device comprising a memory, a cryptographic engine adapted to perform encryption and decryption functions, and a processor operatively coupled to the memory and the cryptographic engine, the processor of the distributor device being adapted to communicate with the receiver device via a communications network, wherein the processor of the distributor device is further adapted to; (a) enable the cryptographic engine of the distributor device to use a data encrypting/decrypting key to encrypt the content data; (b) enable the cryptographic engine of the distributor device to use a key encrypting/decrypting key to encrypt both the data encrypting/decrypting key and at least one content-owner constraint; and (c) send the encrypted content data, the encrypted data encrypting/decrypting key and the at least one encrypted content-owner constraint to the receiver device via the communications network; wherein the receiver device comprises a memory, a cryptographic engine adapted to perform encryption and decryption functions, and a processor operatively coupled to the memory and the cryptographic engine, the processor of the receiver device being adapted to communicate with the communications network, wherein the processor of the receiver device is further adapted to; (a) receive via the communications network the encrypted content data, the encrypted data encrypting/decrypting key and the at least one encrypted content-owner constraint; (b) enable the cryptographic engine of the receiver device to decrypt both the encrypted data encrypting/decrypting key and the at least one encrypted content-owner constraints; (c) decrypt the encrypted content data if the at least one content-owner constraint is satisfied, and (d) enable the cryptographic engine of the receiver device to use a second key encrypting/decrypting key to re-encrypt the data encrypting/decrypting key and to send the encrypted content data and the re-encrypted data encrypting/decrypting key to at least one other receiver device via the communications network, wherein the second key encrypting/decrypting key is different from the first key encrypting/decrypting key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A method for controlling access to content data, comprising:
-
a distributor device (i) using a data encrypting/decrypting key to encrypt the content data, (ii) using a key encrypting/decrypting key to encrypt both the data encrypting/decrypting key and at least one content-owner constraint, and (iii) sending the encrypted content data, the encrypted data encrypting/decrypting key and the at least one encrypted content-owner constraint to a receiver device via a communication network; and a receiver device (i) receiving via the communications network the encrypted content data, the encrypted data encrypting/decrypting key and the at least one encrypted content-owner constraint, (ii) decrypting both the encrypted data encrypting/decrypting key and the at least one encrypted content-owner constraint, (iii) decrypt the encrypted content data if the at least one content-owner constraint is satisfied, (iv) using a second key encrypting/decrypting key to re-encrypt the data encrypting/decrypting key, and (v) sending the encrypted content data and the re-encrypted data encrypting/decrypting key to at least one other receiver device via the communications network. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
-
Specification