Cryptography – Key management
Reexamination Certificate
1995-10-31
2003-06-10
Hayes, Gail (Department: 2131)
Cryptography
Key management
C380S273000, C380S277000, C713S194000
Reexamination Certificate
active
06577734
ABSTRACT:
FIELD OF THE INVENTION
The invention relates to the encryption of data using unique encryption keys and more particularly relates to managing such keys to prevent misappropriation thereof.
BACKGROUND OF THE INVENTION
It is well-known that data may be encrypted before it is either transmitted to a user or stored in memory to prevent unauthorized access to the unencrypted data. For example, cable-TV systems and direct broadcast satellite video systems typically encrypt video signals before the signals are transmitted to a user. A so-called set-top box associated with the user decrypts the signals as they are received from the service provider and supplies the decrypted signals to an associated video monitor for display when the monitor is tuned to the channel carrying the video signals. The capability to decrypt such signals is typically embodied in a decryption module disposed in the set-top box, and may be, for example, an integrated circuit or a so-called smart card which “plug” into the set-top box. The decryption key that is used to decrypt video signals characterizing a particular video program is typically supplied by the provider of the video signals in a well-known manner, e.g., via satellite or telephone line.
It is also well-known that a person may use any one of a number of different illicit means to obtain such a key to view a program that has been encrypted by the program provider. Such means include so-called video “pirates” who design and market smart cards that are able to illicitly produce a service provider's decryption key, thereby allowing a person to fraudulently access an encrypted video program. Present estimates indicate that such fraudulent access costs video program providers more than six billion dollars a year in lost revenue, and such losses are expected to increase as more programming is provided via satellite and cable TV network.
SUMMARY OF THE INVENTION
We have recognized that there is a strong need to control and maintain the secrecy of the intelligence that may be used by computers to communicate with one another, in which such secrecy includes the encryption of messages that the computers exchange with one another. We have also recognized that there is a strong need to securely manage the encryption keys used in such encrypting to prevent them from being misappropriated for fraudulent purposes. We address such needs and advance the pertinent art by providing a facility which implements the secure management of encryption keys. Specifically, in accord with an aspect of the invention, the facility generates a unique device encryption key that is never disclosed externally to another device or entity (“externally unknown”) and at least one program encryption key, and then encrypts the program encryption key using the device encryption key and then stores the result in local memory. Thereafter, responsive to receipt of an indication to encrypt data, the facility retrieves the encrypted program encryption key from memory, decrypts the key using its unique device encryption key and then encrypts the data as it is received using the decrypted program encryption key. The facility then stores the encrypted data in a server for distribution to a user who enters a request for said data. Thus, the program encryption key itself is encrypted and stored in memory until there is a need to encrypt data and does not leave the facility in its original or unencrypted form. When there is a need to transport the latter key to another element, then, in accord with an aspect of the invention, the program key is encrypted using another externally unknown symmetrical encryption key that the facility indirectly shares with the other element and the result is then supplied to the latter element for decryption using its own version of the symmetrical key.
REFERENCES:
patent: 4405829 (1983-09-01), Rivest et al.
patent: 4529870 (1985-07-01), Chaum
patent: 4736422 (1988-04-01), Mason
patent: 4866707 (1989-09-01), Marshall et al.
patent: 4924513 (1990-05-01), Herbison et al.
patent: 5093862 (1992-03-01), Scwartz
patent: 5124117 (1992-06-01), Tatebayashi et al.
patent: 5142578 (1992-08-01), Matyas et al.
patent: 5195134 (1993-03-01), Inoue
patent: 5204900 (1993-04-01), Pires
patent: 5228084 (1993-07-01), Johnson et al.
patent: 5319705 (1994-06-01), Halter et al.
patent: 5363447 (1994-11-01), Rager et al.
patent: 5384850 (1995-01-01), Johnson et al.
patent: 5410602 (1995-04-01), Finkelstein et al.
patent: 5416842 (1995-05-01), Aziz
patent: 5448638 (1995-09-01), Johnson et al.
patent: 5481610 (1996-01-01), Doiron et al.
patent: 5588060 (1996-12-01), Aziz
patent: 5633933 (1997-05-01), Aziz
patent: 5668877 (1997-09-01), Aziz
Etzel Mark H.
Faucher David W.
Heer Daniel Nelson
Maher David P.
Rance Robert John
Hayes Gail
Jackson Jenise
Lucent Technologies - Inc.
LandOfFree
Data encryption key management system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Data encryption key management system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Data encryption key management system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3162172