WO2001038954A1 - Method for using encrypted data - Google Patents
Method for using encrypted data Download PDFInfo
- Publication number
- WO2001038954A1 WO2001038954A1 PCT/EP2000/009428 EP0009428W WO0138954A1 WO 2001038954 A1 WO2001038954 A1 WO 2001038954A1 EP 0009428 W EP0009428 W EP 0009428W WO 0138954 A1 WO0138954 A1 WO 0138954A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- keys
- data
- encrypted data
- user
- codes
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 6
- 230000005540 biological transmission Effects 0.000 abstract description 6
- 238000013475 authorization Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2211/00—Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
- G06F2211/007—Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/10—Digital recording or reproducing
- G11B2020/1087—Digital recording or reproducing wherein a selection is made among at least two alternative ways of processing
- G11B2020/10888—Digital recording or reproducing wherein a selection is made among at least two alternative ways of processing the kind of data being the selection criterion
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/30—Definitions, standards or architectural aspects of layered protocol stacks
- H04L69/32—Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
- H04L69/322—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
- H04L69/329—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
Definitions
- the invention relates to the use of encrypted data and the conditions for access to the data.
- the data can be both encrypted and unencrypted.
- Access can be local or remote.
- Conditional access systems for radio-based
- DND-ROM digital versatile disk
- CD-ROM physically transported to the user.
- the keys are over a data network broadcast and are either generally accessible or can only be selected by
- the content of various providers is stored in a central data processing center
- Storage media applied encrypted The encryption takes place in such a way that the
- Storage media are physically sent to users.
- the keys are sent from a transmission center.
- the dispatch takes place via a
- Data network e.g. ISDN, BOT, GSM.
- the keys can either be from everyone
- Network participants are received or are alternatively only individual users or
- the keys can be sent according to a pre-defined schedule or on demand by the user.
- the keys are processed immediately upon arrival at the user
- the user runs the key in a data receiving device (see FIG. 1).
- the key is possibly from the other signals
- This filter is e.g. B. necessary when sending via BOT to the key
- a detector unit checks whether the key matches the encryption of content on the storage medium. If the key fits, there will be a corresponding switch
- Decoder directed. The switch is only operated at the time the key is received
- the data is decrypted in the decoder and sent to
- End device forwarded for output.
- the user can access the decrypted data on this terminal for the duration of the key being sent.
- the decrypted data is only temporarily stored in the end device. So will that Data flow between storage medium and decoder interrupted - for example because of the
Abstract
The transmission of large data quantities is complicated by limited transmission capacities. In the case of encrypted data, the codes must also be transmitted. The invention provides a method in which the encrypted data is stored on media which can be physically sent to the user. Only the codes are transmitted to the users via a telecommunications network and can be specifically addressed or addressed in universally accessible manner. Said codes reach the users, according to a transmittal plan or when the users retrieve them, where they exclusively permit access to the encrypted data during the period of availability, and they cannot be stored. Different codes are also used in the case of different contents contained on the storage media. The accessibility by using codes can be centrally recorded.
Description
Verfahren zur Anwendung verschlüsselter DatenMethods of using encrypted data
Beschreibungdescription
Die Erfindung betrifft die Anwendung verschlüsselter Daten sowie die Bedingungen für den Zugriff auf die Daten.The invention relates to the use of encrypted data and the conditions for access to the data.
Bei großen Datenmengen ist die begrenzte Übertragungskapazität ein Problem, soweit die Daten einzeln abgerufen und bezahlt werden sollen.With large amounts of data, the limited transmission capacity is a problem if the data is to be called up and paid for individually.
Stand der TechnikState of the art
Nach dem Stand der Technik ermöglichen Datenbanksysteme einen Zugriff auf Daten inAccording to the state of the art, database systems allow access to data in
der Weise, dass die Daten in Reaktion auf eine Anforderung hin an den Nutzer übertragenthe way that the data is transmitted to the user in response to a request
werden. Die Daten können dabei sowohl verschlüsselt, als auch unverschlüsselt sein. Derbecome. The data can be both encrypted and unencrypted. The
Zugriff kann lokal oder aus der Ferne erfolgen.Access can be local or remote.
Als Zugriffssysteme sind bekannt:The following are known as access systems:
Client-server-Konfigurationen in LAN und WAN, DFÜ-Fest- oder Wählverbindungen,Client-server configurations in LAN and WAN, dial-up fixed or dial-up connections,
Conditional-Access-Systeme (Zugangskontrollsysteme) bei funkgestützterConditional access systems (access control systems) for radio-based
Datenübertragung.Data transfer.
Vorteile und Unterscheidungsmerkmale der Erfindung gegenüber dem Stand der TechnikAdvantages and distinguishing features of the invention compared to the prior art
Es wird unterschieden zwischen verschlüsselten Daten und Schlüsseln. Die Daten, die inA distinction is made between encrypted data and keys. The data in
der Regel sehr umfangreich sind, werden auf einem Speichermedium (z. B. DND-ROM,are usually very extensive, are stored on a storage medium (e.g. DND-ROM,
CD-ROM) physisch zum Anwender transportiert. Die Schlüssel werden über ein Datennetz
übertragen und sind entweder allgemein zugänglich oder können nur von ausgewähltenCD-ROM) physically transported to the user. The keys are over a data network broadcast and are either generally accessible or can only be selected by
Nutzern empfangen werden.Users are received.
Die Erfindung unterscheidet sich vom Stand der Technik darin, dass nur noch die SchlüsselThe invention differs from the prior art in that only the key
kontinuierlich über ein Datennetz versandt werden und damit zentral gesteuert und erfasst werden kann, welcher Nutzer für welchen Zeitraum aufweiche Daten eineare continuously sent over a data network and can thus be controlled and recorded centrally, which user has soft data for which period
Zugriffsberechtigung erhält. Der Vorteil der Erfindung gegenüber dem Stand der TechnikReceives access authorization. The advantage of the invention over the prior art
ist, dassis that
Begrenzungen in der Übertragungskapazität dadurch ausgeglichen werden, dass nicht mehrLimitations in the transmission capacity can be compensated for by the fact that no more
die kompletten Daten, sondern nur noch die Schlüssel übertragen werden.the complete data, but only the keys are transferred.
Beschreibung der ErfindungDescription of the invention
In einer zentralen Datenaufbereitungsstelle werden Inhalte verschiedener Anbieter aufThe content of various providers is stored in a central data processing center
Speichermedien verschlüsselt aufgebracht. Die Verschlüsselung erfolgt dergestalt, dass dieStorage media applied encrypted. The encryption takes place in such a way that the
verschiedenen Inhalte mit unterschiedlichen Schlüsseln verschlüsselt werden. Diesedifferent content can be encrypted with different keys. This
Speichermedien werden physisch an die Nutzer versendet.Storage media are physically sent to users.
Aus einer Sendezentrale werden die Schlüssel versendet. Der Versand erfolgt über einThe keys are sent from a transmission center. The dispatch takes place via a
Datennetz (z.B. ISDN,. BOT, GSM). Die Schlüssel können entweder von allenData network (e.g. ISDN, BOT, GSM). The keys can either be from everyone
Netzteilnehmern empfangen werden oder sind alternativ nur einzelnen Nutzern bzw.Network participants are received or are alternatively only individual users or
Nutzergruppen mit separaten Adressen zugänglich, so dass nur diese den Schlüssel empfangen können, bzw. der Empfang der Schlüssel an Bedingungen geknüpft werdenUser groups accessible with separate addresses, so that only these can receive the key, or the reception of the keys is linked to conditions
kann.can.
Der Versand der Schlüssel kann sowohl nach einem im Voraus festgelegten Sendeplan als auch auf Abruf durch die Nutzer erfolgen.
Die Schlüssel werden zum Zeitpunkt des Eintreffens beim Nutzer unmittelbar verarbeitetThe keys can be sent according to a pre-defined schedule or on demand by the user. The keys are processed immediately upon arrival at the user
und können nicht gespeichert werden. Sie ermöglichen dem Nutzer den Zugriff auf die verschlüsselten Daten eines bestimmten, dem Schlüssel zugeordneten Inhalts. Dieand cannot be saved. They enable the user to access the encrypted data of a certain content assigned to the key. The
Schlüssel sind nur eine befristete Zeit aktiv und nur während dieser Zeitspanne hat derKeys are only active for a limited time and only during this period
Nutzer den Zugriff auf die verschlüsselten Daten. Auf den Schlüssel selbst kann der Nutzer nicht zugreifen.User access to the encrypted data. The user cannot access the key itself.
Anwendungsbeispielexample
Der Schlüssel läuft beim Nutzer in einer Datenempfangseinrichtung auf (siehe Fig. 1). In der Datenempfangseinrichtung wird der Schlüssel gegebenenfalls von den übrigen SignalenThe user runs the key in a data receiving device (see FIG. 1). In the data receiving device, the key is possibly from the other signals
abgetrennt. Dieser Filter ist z. B. beim Versand über BOT notwendig, um den Schlüssel zuseparated. This filter is e.g. B. necessary when sending via BOT to the key
isolieren. Der Schlüssel wird nicht gespeichert, sondern zur Zeit seines Eintreffensisolate. The key is not saved, but at the time it arrives
unmittelbar verarbeitet und gelangt damit zu keinem Zeitpunkt in den Zugriff des Nutzers.immediately processed and therefore never accessed by the user.
Eine Detektoreinheit überprüft, ob der Schlüssel auf die Verschlüsselung eines Inhaltes auf dem Speichermedium passt. Passt der Schlüssel, so wird ein entsprechender SchalterA detector unit checks whether the key matches the encryption of content on the storage medium. If the key fits, there will be a corresponding switch
geschlossen und die verschlüsselten Daten des Speichermediums werden in einenclosed and the encrypted data of the storage medium are in one
Dekodierer geleitet. Der Schalter wird nur zur Zeit des Empfangs des Schlüssels betätigt,Decoder directed. The switch is only operated at the time the key is received,
so dass nur während der Zeit der Schlüsselwirkung der Datenfluss ermöglicht wird.so that the flow of data is only possible during the key impact period.
Mit Hilfe des Schlüssels werden die Daten im Dekodierer entschlüsselt und an einWith the help of the key, the data is decrypted in the decoder and sent to
Endgerät zur Ausgabe weiter geleitet. An diesem Endgerät kann der Nutzer für die Dauer des Aussendens des Schlüssels Zugriff auf die entschlüsselten Daten nehmen. Die entschlüsselten Daten werden im Endgerät nur flüchtig gespeichert. Wird also der
Datenfluss zwischen Speichermedium und Dekodierer unterbrochen - etwa weil derEnd device forwarded for output. The user can access the decrypted data on this terminal for the duration of the key being sent. The decrypted data is only temporarily stored in the end device. So will that Data flow between storage medium and decoder interrupted - for example because of the
Schlüssel nicht mehr gesendet wird - so kann der Nutzer keinen Zugriff mehr auf dieKey is no longer sent - so the user can no longer access the
Daten nehmen.
Take data.
Bezugszeichen-AuflistungReference sign collection
LAN Local Area NetworkLAN Local Area Network
WAN Wide Area NetworkWAN wide area network
DFÜ Daten-Fern-ÜbertragungRemote data transmission
DVD Digital Versatile DiscDVD digital versatile disc
CD Compact DisCD Compact Dis
ROM Read Only MemoryROM Read Only Memory
ISDN Integrated Services Digital NetworkISDN Integrated Services Digital Network
BOT Broadcast Online TelevisionBOT Broadcast Online Television
GSM Global System for Mobile communication
GSM Global System for Mobile communication
Claims
1. Verfahren zur Anwendung verschlüsselter Daten, d a d u r c h g e k e n n z e i c h n e t, dass die verschlüsselten Daten auf Speichermedien gespeichert werden, die an die Nutzer physisch versendet werden können, dass die Schlüssel zur Entschlüsselung der Daten über ein Datennetz übertragen werden, dass die Schlüssel von allen Netzteilnehmern zu empfangen sind oder alternativ nur einzelne Nutzer bzw. Nutzergruppen adressiert werden können, dass der Versand der Schlüssel sowohl nach einem im Voraus festgelegten Sendeplan als auch auf Abruf durch die Nutzer erfolgen kann, dass die gesendeten Schlüssel zum Zeitpunkt des Eintreffens beim Nutzer unmittelbar verarbeitet werden und nicht gespeichert werden können, dass der Zugriff auf die verschlüsselten Daten zeitlich bestimmt wird durch die Verfügbarkeit der empfangenen Schlüssel, und dass der Empfang der Schlüssel an weitere Bedingungen geknüpft werden kann.1. Method for using encrypted data, characterized in that the encrypted data are stored on storage media that can be physically sent to the user, that the keys for decrypting the data are transmitted over a data network, that the keys can be received by all network participants or alternatively, only individual users or user groups can be addressed, that the keys can be sent both according to a pre-defined schedule and on demand by the user, that the keys sent are processed immediately at the point of arrival at the user and are not saved can be that the access to the encrypted data is determined by the availability of the received keys, and that the reception of the keys can be linked to other conditions.
2. Verfahren nach Anspruch 1, dadurch gekennzeichnet, dass die Zugriffsmöglichkeit auf die Speichermedien mit verschlüsselten Daten zentral gesteuert und erfasst werden kann.2. The method according to claim 1, characterized in that the accessibility to the storage media with encrypted data can be controlled and recorded centrally.
Verfahren nach Anspruch 1 und 2, dadurch gekennzeichnet, dass bei unterschiedlichen Inhalten auf dem Speichermedium die Dateien mit unterschiedlichen Schlüsseln verschlüsselt werden. A method according to claim 1 and 2, characterized in that in the case of different contents on the storage medium, the files are encrypted with different keys.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE19957467.7 | 1999-11-24 | ||
DE19957467A DE19957467A1 (en) | 1999-11-24 | 1999-11-24 | System for use of encrypted data sends only key over network allows access time control reduces data transmission load |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2001038954A1 true WO2001038954A1 (en) | 2001-05-31 |
Family
ID=7930769
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2000/009428 WO2001038954A1 (en) | 1999-11-24 | 2000-09-27 | Method for using encrypted data |
Country Status (2)
Country | Link |
---|---|
DE (1) | DE19957467A1 (en) |
WO (1) | WO2001038954A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2405297A (en) * | 2003-08-20 | 2005-02-23 | Vodafone Plc | Data distribution |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH0934841A (en) * | 1995-07-21 | 1997-02-07 | Fujitsu Ltd | On-line ciphering releasing system of storage medium and its method |
US5892825A (en) * | 1996-05-15 | 1999-04-06 | Hyperlock Technologies Inc | Method of secure server control of local media via a trigger through a network for instant local access of encrypted data on local media |
JPH11250141A (en) * | 1998-03-04 | 1999-09-17 | Nippon Telegr & Teleph Corp <Ntt> | Method for distributing real time contents |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE19609556A1 (en) * | 1996-03-12 | 1997-09-18 | Bernd Schneider | Data communication method and data communication system for performing the method |
DE19722424C5 (en) * | 1997-05-28 | 2006-09-14 | Telefonaktiebolaget Lm Ericsson (Publ) | Method of securing access to a remote system |
-
1999
- 1999-11-24 DE DE19957467A patent/DE19957467A1/en not_active Withdrawn
-
2000
- 2000-09-27 WO PCT/EP2000/009428 patent/WO2001038954A1/en unknown
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH0934841A (en) * | 1995-07-21 | 1997-02-07 | Fujitsu Ltd | On-line ciphering releasing system of storage medium and its method |
US5892825A (en) * | 1996-05-15 | 1999-04-06 | Hyperlock Technologies Inc | Method of secure server control of local media via a trigger through a network for instant local access of encrypted data on local media |
JPH11250141A (en) * | 1998-03-04 | 1999-09-17 | Nippon Telegr & Teleph Corp <Ntt> | Method for distributing real time contents |
Non-Patent Citations (2)
Title |
---|
PATENT ABSTRACTS OF JAPAN vol. 1997, no. 06 30 June 1997 (1997-06-30) * |
PATENT ABSTRACTS OF JAPAN vol. 1999, no. 14 22 December 1999 (1999-12-22) * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2405297A (en) * | 2003-08-20 | 2005-02-23 | Vodafone Plc | Data distribution |
GB2405297B (en) * | 2003-08-20 | 2006-12-20 | Vodafone Plc | Data distribution |
Also Published As
Publication number | Publication date |
---|---|
DE19957467A1 (en) | 2001-05-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
DE19529320C2 (en) | Software playback device | |
DE69535496T2 (en) | data bus communication | |
RU2138924C1 (en) | System for local processing/access and representation of large bodies of data and its application (versions) | |
US5036537A (en) | Geographic black-out method for direct broadcast satellite system | |
DE4337726B4 (en) | Music player for a motor vehicle | |
US6628891B1 (en) | Signal filtering mechanism for a multi-purpose digital television receiver | |
DE69630012T2 (en) | DELAYED ACCESS | |
DE69914306T2 (en) | RECORDING ENCRYPTED DIGITAL DATA | |
US6035038A (en) | Conditional access system and smartcard allowing such access | |
DE4201031C2 (en) | Program selection system for the automated pre-selection of television or radio programs according to the individual interests of the participants | |
AU751436B2 (en) | Mechanism for matching a receiver with a security module | |
RU96108949A (en) | SYSTEM FOR LOCAL PROCESSING / ACCESS AND PRESENTATION OF LARGE DATA VOLUMES | |
CA2039123A1 (en) | Video control system | |
EP1338943A2 (en) | Method for activating a file on a navigation system | |
DE19529487A1 (en) | Software supply system | |
DE69831205T2 (en) | Data transmission method and system and program recording medium | |
WO2000072574A3 (en) | An architecture for controlling the flow and transformation of multimedia data | |
WO2001038954A1 (en) | Method for using encrypted data | |
EP1642458B1 (en) | Method and device for transmitting decryption codes of freely transmitted, encrypted program contents to clearly identifiable receivers | |
DE19805409B4 (en) | Virtual audio and / or video library with remote access | |
EP1455530A1 (en) | System for recording and playback of television signals from multiple television channels | |
EP0888597B1 (en) | Process for data communications and a data communications system for carrying out the process | |
DE60225721T2 (en) | PROCEDURE FOR ACCESS CONTROL OF SPECIFIC SERVICES BY A DISTRIBUTOR | |
CN100447879C (en) | Multimedia storage device having digital write-only area | |
DE10035707A1 (en) | Digital acquisition and reproduction involves setting header information in isolated packets representing input data stream time position, adding null packets corresponding to time separation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): BR IL IN JP PL US |
|
NENP | Non-entry into the national phase |
Ref country code: JP |