Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Having particular address related cryptography
Reexamination Certificate
2000-07-13
2004-08-24
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Having particular address related cryptography
C713S152000, C380S255000
Reexamination Certificate
active
06782475
ABSTRACT:
TECHNICAL FIELD
This invention relates in general to encrypted broadcast messaging systems, and more specifically to a method and apparatus for conveying a private message, such as a session crypto-key, to selected members of a group in an encrypted broadcast messaging system; however, the present invention may also be utilized to encrypt and securely transmit digital content, such as audio, video, multimedia, and software objects over insecure channels.
BACKGROUND ART
Modern encrypted broadcast messaging systems can convey an encrypted message to a plurality of subscriber devices (SDs) through well-known encrypted broadcast techniques. Broadcast encrypted messages have typically been used for delivery of encrypted video, encrypted audio, and encrypted data. Popularly, such systems operate on a subscription basis. Such systems also can deliver a message conveying a session crypto-key to a group of subscriber devices through well-known group messaging techniques. A session typically lasts for the payment period of the subscription. Group messages have proven to be a highly efficient tool for conveying information to large groups of subscribers through a single broadcast transmission. One example of such a commercial application is the satellite transmission of premium programming such as video and audio products.
A limitation of prior art encrypted broadcast messaging systems has been an inability to deliver a private message containing, for example, a session crypto-key efficiently and privately only to a selected sub-group of members of the group using a current session crypto-key, the separate session crypto-key typically being the crypto-key for the next subscription payment period. That is, all subscriber devices capable of receiving and decrypting an encrypted group message using a current session crypto-key have been able to decrypt a subsequent transmission of a separate session crypto-key intended only for selected members of the group. To prevent excluded members of the group from receiving and decrypting such a separate session crypto-key intended for the rest of the group, addressing capability was built into subscriber devices limiting capture of the information in a message containing the separate session crypto-key only to addressed subscriber devices. Continuing with the commercial example, the excluded members would represent subscribers that have accounts that are past due. This type of operation has worked reasonably well for many systems, but does not work as well for preventing unauthorized pirate reception using tampered subscriber devices or purpose-built devices having the addressing capability overridden. As an alternative approach some subscriber devices have incorporated a second unique individual crypto-key, allowing individual transmissions of any message, including a separate session crypto-key, encrypted uniquely to each of the plurality of selected subscriber devices in the group. This has worked reasonably well for small groups and in groups whose members substantially change authorization to receive, but transmitting a session crypto-key to each of the individuals of a large group generates a lot of traffic and is inefficient.
Thus, what is needed is a method and apparatus for conveying a private message only to selected member subscriber devices of a group. Preferably, the method and apparatus will retain the high efficiency characteristics of prior art group broadcast encrypted messaging techniques, while adding a significant degree of exclusion of members of the group not selected as well as other unauthorized recipients.
DISCLOSURE OF INVENTION
An aspect of the present invention is a method in an encrypted broadcast messaging system for conveying a private message to selected subscriber devices of a group of subscriber devices, all subscriber devices of the group having at least a first and second management crypto-keys. Of course, each subscriber may possess more than two crypto-keys, but two keys are required to achieve the minimum gain in efficiency offered by this invention. The method comprises the step of determining the collection (the Union) of management crypto-keys held by the selected subscriber devices and for each subscriber device having at least one crypto-key from the Union and not selected to received the private message a Residuum of crypto-keys in the Union not held by the subscriber device. Unique sets of management crypto-keys are assigned and pre-programmed into the subscriber devices of the group such that each of any two subscriber devices in the group has at least one management crypto-key from the management crypto-keys assigned to the group that the other subscriber device does not have, each management crypto-key being unique from all other crypto-keys. Pre-programming of management crypto-keys is desirable to prevent possible eavesdropping, lessen the traffic load on the communication channel, and reduce the lead time prior to delivering a private message, but pre-programming is not required. The method further comprises the step of decomposing the private message into message-parts, at least one message-part for each of the subscriber devices of the group not selected, that is, to be excluded, the message-part being associated to the excluded subscriber device and the management crypto-keys held by it. Each message-part is intended to be encrypted using management crypto-keys held by the selected subscriber devices and not held by the associated excluded subscriber device. The method further comprises the step of encrypting the message-parts, each message-part being encrypted using at least one of the intended management crypto-keys, by encrypting a copy of each message-part. The method further comprises the step of delivering the necessary encrypted message-parts to at least the selected subscriber devices of the group, the message-parts delivered and the message-parts necessary to form the private message by a subscriber being identified in delivery or determined in reception. The method further comprises the step of decrypting at least one of encrypted message-parts received by the selected subscriber devices using an intended management crypto-key. The method further comprises the step of choosing by the selected subscriber devices sufficient decrypted message-parts to form the private message from the identified necessary message-parts and the message-parts received, and forming the private message by combining.
Another aspect of the present invention is a subscriber device in an encrypted broadcast messaging system for obtaining a private message delivered to selected member subscriber devices of a group. The subscriber device comprises a receiving interface for receiving a message-part encrypted using a management crypto-key. The subscriber device further comprises a processing system coupled to the receiving interface for processing the message-parts. The processing comprises decrypting the message-parts using an intended management crypto-key, choosing from the at least one decrypted message-parts at least one message-part sufficient to re-compose the private message, and forming a private message by combining the chosen message-parts.
Another aspect of the present invention is a group manager (GM) for delivering a private message only to selected member subscriber devices of a group. The group manager comprises a source interface for receiving subscriber authorizations. The authorizations identify the subscriber devices to be selected to receive a private message, the private message being provided by the source. The group manager further comprises a processing system coupled to the source interface for processing the authorizations into key-sets and for decomposing the private message into message-parts and for encrypting the message-parts according to the key-sets. The processing system further forms the message-parts and key-sets into messages that can be utilized by subscriber devices in the group, identifying the message-parts delivered and message-parts necessary to form the private message. Th
Hunn Melvin A.
Peeso Thomas R.
Zand Kambiz
LandOfFree
Method and apparatus for conveying a private message to... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for conveying a private message to..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for conveying a private message to... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3353074