Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Packet header designating cryptographically protected data
Reexamination Certificate
1996-03-19
2002-10-01
Barron, Jr., Gilberto (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Packet header designating cryptographically protected data
C380S262000, C380S278000, C713S162000, C705S051000
Reexamination Certificate
active
06460137
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to an encryption processing system used in a system (digital audio interactive system) for distributing software such as video authored works, etc. via a communication in response to a request from a client and intended to encrypt the software by specified keys.
2. Description of the Related Art
In recent years, there have been proposed services for distributing digitally software (which includes audio data, video data, etc. and is hereinafter referred to as “data”) to individual houses, etc. against the background of architectures of a cable TV system and of a communication system using a communication satellite. This service system is a digital audio interactive system known as a video-on-demand system. In this digital audio interactive system, a service provider and a user communicate with each other via a telephone line or the like. Then, the service provider distributes, to a user, the data having a content requested by the user at a time designated by this user. At the same time, the service provider imposes a royalty on this set of data on the user through a credit card company or the like and returns a part of the royalty to a content provider.
What is important in terms of spreading the digital audio interactive system is that a server, a network and terminals be constructed as an infrastructure at low costs and that a great deal of data provided to the users through the infrastructure be prepared. That is, the data and the infrastructure function as the wheels of a making both indispensable to provide an environment wherein the data are easy to get transfer. For this purpose, the infrastructure has to incorporate a mechanism wherein the data provider can count on profits from providing the contents and there is no possibility of undergoing an unexpected damage due to providing the contents. Note that the above mechanism must be prepared irrespective of types (a broadband cable network, a satellite system, a mobile communication, an optical media package, etc.) of supply media intervening between the data providers and the users.
With such a standpoint, in a conventional system, the data have been encrypted during a distribution thereof so that the data are not intercepted and illegally used (reproduced) by a non-rightful third party (who does not pay the royalty of the data) during the distribution. An encryption processing method according to the conventional system will be explained with reference to FIG.
6
.
Referring to
FIG. 6
, a first encryption circuit
103
in a service provider (which is defined as a system on the side of the service provider, and the following is the same as above) encrypts data in a packet format with only one key (Ks) and distributes the data to a service client (which is defined as a system on the user's side, and the following is the same as above) via a transport layer transmission path. A first decryption circuit
106
of the service client receiving this item of encrypted data decrypts the data with the key (Ks) used for the encryption in the first encryption circuit
103
. Thus, algorithms for encrypting and decrypting the data in the conventional system are based on one-stage system using one-key (Ks) and therefore feeble. It is consequently required that the key (Ks) be frequently changed to prevent the key (Ks) from being decoded. It is also required that a cipher synchronous signal be transmitted for an immediate restoration from an error and a disconnection of the communication path.
In the conventional system, for satisfying this condition, as illustrated in
FIG. 6
, the service provider is equipped with a random-number generator
100
, a master key (K
1
)
101
and a second encryption circuit
102
, while the service client is equipped with a master key (K
1
)
104
and a second decryption circuit
105
. This random-number generator
100
continuously generates a random-number sequence at all times. Then, this random-number sequence is clipped out at intervals of several seconds on a key block unit (a predetermined number of digits for the key) and inputted as a key (Ks) updated at the intervals of several seconds to the first encryption circuit
103
. The thus updated key (Ks) must be distributed also to the service client, and, therefore, the second encryption circuit
102
encrypts the key (Ks) clipped out of the random-number generator
100
with the master key (K
1
)
101
and distributes the encrypted key to the service client by making use of a part (session layer) of a packet of the transport layer allocated to a user. The second decryption circuit
105
of the service client decrypts the encrypted key (Ks) by use of the master key (K
1
) and inputs the thus decrypted key to the first decryption circuit
106
.
Then, the first encryption circuit
103
and the first decryption circuit
106
are reset themselves each time a new key (Ks) is inputted and thus take synchronism. These circuits
103
,
106
then encrypt and decrypt the data thereafter by the new key (Ks). Note that the master keys (K
1
)
101
,
104
are fixed keys previously prepared as the same data both in the service provider and in the service client. According to the conventional data encryption processing method, the change of key and the cipher synchronizing process are thus conducted.
In the conventional encryption processing system described since the new key (Ks) has to be distributed or provided from the service provider to the service client at the intervals of several seconds as a result, a large amount of packets for key distribution other than an addition to the packets used for the data distribution must be transmitted. As a result, there remarkably declines an data transfer efficiency between the service provider and the service client.
SUMMARY OF THE INVENTION
It is a first object of the present invention to provide an encryption processing system capable of reducing the necessity for frequently changing a key by enhancing an encryption algorithm and improving a data transfer efficiency between a service provider and a service client.
Further, it is a second object of the present invention to provide an encryption processing system capable of making it difficult to decode the data by converting the data having the same content into encrypted data having a different content depending on a generation time, wherein program clock reference in a packet header used for a data transfer is used as an initial value for the encryption.
According to a first aspect of the present invention, the above first object is accomplished between a service provider and a service client. More specifically, that is an encryption processing system for encrypting data distributed between a service provider for providing the data and a service client for receiving the data. This service provider comprises a key generating element for generating two keys on the basis of random numbers, a first encrypting element for encrypting the data with the two keys generated by the key generating element, a data distributing element for distributing the data encrypted by the first encrypting element to the service client, a second encrypting element for encrypting the two keys with master keys having specified contents and a key distributing element for distributing the two keys encrypted by the second encrypting element to the service client. On the other hand, the service client comprises a first decrypting element for decrypting the two encrypted keys distributed by the key distributing element with the master keys having the specified contents and a second decrypting element for decrypting the encrypted data distributed by the data distributing element with the two keys decrypted by the first decrypting element.
According to a second aspect of the present invention, the above first and second objects are accomplished on the side of the service provider. More specifically, that is an encryption processing system in a service provider for distributing data stored in a packet to a servic
Akiyama Ryota
Ishizaki Masayuki
Koga Yuzuru
Munakata Akio
Yoshioka Makoto
Barron Jr. Gilberto
Seal James
Staas & Halsey , LLP
LandOfFree
Encryption processing system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Encryption processing system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Encryption processing system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2924467