WO2001038954A1 - Method for using encrypted data - Google Patents

Method for using encrypted data Download PDF

Info

Publication number
WO2001038954A1
WO2001038954A1 PCT/EP2000/009428 EP0009428W WO0138954A1 WO 2001038954 A1 WO2001038954 A1 WO 2001038954A1 EP 0009428 W EP0009428 W EP 0009428W WO 0138954 A1 WO0138954 A1 WO 0138954A1
Authority
WO
WIPO (PCT)
Prior art keywords
keys
data
encrypted data
user
codes
Prior art date
Application number
PCT/EP2000/009428
Other languages
German (de)
French (fr)
Inventor
Jürgen Althoff
Stefan Domeyer
Original Assignee
Deutsche Telekom Ag
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Deutsche Telekom Ag filed Critical Deutsche Telekom Ag
Publication of WO2001038954A1 publication Critical patent/WO2001038954A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2211/00Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
    • G06F2211/007Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/10Digital recording or reproducing
    • G11B2020/1087Digital recording or reproducing wherein a selection is made among at least two alternative ways of processing
    • G11B2020/10888Digital recording or reproducing wherein a selection is made among at least two alternative ways of processing the kind of data being the selection criterion
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]

Definitions

  • the invention relates to the use of encrypted data and the conditions for access to the data.
  • the data can be both encrypted and unencrypted.
  • Access can be local or remote.
  • Conditional access systems for radio-based
  • DND-ROM digital versatile disk
  • CD-ROM physically transported to the user.
  • the keys are over a data network broadcast and are either generally accessible or can only be selected by
  • the content of various providers is stored in a central data processing center
  • Storage media applied encrypted The encryption takes place in such a way that the
  • Storage media are physically sent to users.
  • the keys are sent from a transmission center.
  • the dispatch takes place via a
  • Data network e.g. ISDN, BOT, GSM.
  • the keys can either be from everyone
  • Network participants are received or are alternatively only individual users or
  • the keys can be sent according to a pre-defined schedule or on demand by the user.
  • the keys are processed immediately upon arrival at the user
  • the user runs the key in a data receiving device (see FIG. 1).
  • the key is possibly from the other signals
  • This filter is e.g. B. necessary when sending via BOT to the key
  • a detector unit checks whether the key matches the encryption of content on the storage medium. If the key fits, there will be a corresponding switch
  • Decoder directed. The switch is only operated at the time the key is received
  • the data is decrypted in the decoder and sent to
  • End device forwarded for output.
  • the user can access the decrypted data on this terminal for the duration of the key being sent.
  • the decrypted data is only temporarily stored in the end device. So will that Data flow between storage medium and decoder interrupted - for example because of the

Abstract

The transmission of large data quantities is complicated by limited transmission capacities. In the case of encrypted data, the codes must also be transmitted. The invention provides a method in which the encrypted data is stored on media which can be physically sent to the user. Only the codes are transmitted to the users via a telecommunications network and can be specifically addressed or addressed in universally accessible manner. Said codes reach the users, according to a transmittal plan or when the users retrieve them, where they exclusively permit access to the encrypted data during the period of availability, and they cannot be stored. Different codes are also used in the case of different contents contained on the storage media. The accessibility by using codes can be centrally recorded.

Description

Verfahren zur Anwendung verschlüsselter DatenMethods of using encrypted data
Beschreibungdescription
Die Erfindung betrifft die Anwendung verschlüsselter Daten sowie die Bedingungen für den Zugriff auf die Daten.The invention relates to the use of encrypted data and the conditions for access to the data.
Bei großen Datenmengen ist die begrenzte Übertragungskapazität ein Problem, soweit die Daten einzeln abgerufen und bezahlt werden sollen.With large amounts of data, the limited transmission capacity is a problem if the data is to be called up and paid for individually.
Stand der TechnikState of the art
Nach dem Stand der Technik ermöglichen Datenbanksysteme einen Zugriff auf Daten inAccording to the state of the art, database systems allow access to data in
der Weise, dass die Daten in Reaktion auf eine Anforderung hin an den Nutzer übertragenthe way that the data is transmitted to the user in response to a request
werden. Die Daten können dabei sowohl verschlüsselt, als auch unverschlüsselt sein. Derbecome. The data can be both encrypted and unencrypted. The
Zugriff kann lokal oder aus der Ferne erfolgen.Access can be local or remote.
Als Zugriffssysteme sind bekannt:The following are known as access systems:
Client-server-Konfigurationen in LAN und WAN, DFÜ-Fest- oder Wählverbindungen,Client-server configurations in LAN and WAN, dial-up fixed or dial-up connections,
Conditional-Access-Systeme (Zugangskontrollsysteme) bei funkgestützterConditional access systems (access control systems) for radio-based
Datenübertragung.Data transfer.
Vorteile und Unterscheidungsmerkmale der Erfindung gegenüber dem Stand der TechnikAdvantages and distinguishing features of the invention compared to the prior art
Es wird unterschieden zwischen verschlüsselten Daten und Schlüsseln. Die Daten, die inA distinction is made between encrypted data and keys. The data in
der Regel sehr umfangreich sind, werden auf einem Speichermedium (z. B. DND-ROM,are usually very extensive, are stored on a storage medium (e.g. DND-ROM,
CD-ROM) physisch zum Anwender transportiert. Die Schlüssel werden über ein Datennetz übertragen und sind entweder allgemein zugänglich oder können nur von ausgewähltenCD-ROM) physically transported to the user. The keys are over a data network broadcast and are either generally accessible or can only be selected by
Nutzern empfangen werden.Users are received.
Die Erfindung unterscheidet sich vom Stand der Technik darin, dass nur noch die SchlüsselThe invention differs from the prior art in that only the key
kontinuierlich über ein Datennetz versandt werden und damit zentral gesteuert und erfasst werden kann, welcher Nutzer für welchen Zeitraum aufweiche Daten eineare continuously sent over a data network and can thus be controlled and recorded centrally, which user has soft data for which period
Zugriffsberechtigung erhält. Der Vorteil der Erfindung gegenüber dem Stand der TechnikReceives access authorization. The advantage of the invention over the prior art
ist, dassis that
Begrenzungen in der Übertragungskapazität dadurch ausgeglichen werden, dass nicht mehrLimitations in the transmission capacity can be compensated for by the fact that no more
die kompletten Daten, sondern nur noch die Schlüssel übertragen werden.the complete data, but only the keys are transferred.
Beschreibung der ErfindungDescription of the invention
In einer zentralen Datenaufbereitungsstelle werden Inhalte verschiedener Anbieter aufThe content of various providers is stored in a central data processing center
Speichermedien verschlüsselt aufgebracht. Die Verschlüsselung erfolgt dergestalt, dass dieStorage media applied encrypted. The encryption takes place in such a way that the
verschiedenen Inhalte mit unterschiedlichen Schlüsseln verschlüsselt werden. Diesedifferent content can be encrypted with different keys. This
Speichermedien werden physisch an die Nutzer versendet.Storage media are physically sent to users.
Aus einer Sendezentrale werden die Schlüssel versendet. Der Versand erfolgt über einThe keys are sent from a transmission center. The dispatch takes place via a
Datennetz (z.B. ISDN,. BOT, GSM). Die Schlüssel können entweder von allenData network (e.g. ISDN, BOT, GSM). The keys can either be from everyone
Netzteilnehmern empfangen werden oder sind alternativ nur einzelnen Nutzern bzw.Network participants are received or are alternatively only individual users or
Nutzergruppen mit separaten Adressen zugänglich, so dass nur diese den Schlüssel empfangen können, bzw. der Empfang der Schlüssel an Bedingungen geknüpft werdenUser groups accessible with separate addresses, so that only these can receive the key, or the reception of the keys is linked to conditions
kann.can.
Der Versand der Schlüssel kann sowohl nach einem im Voraus festgelegten Sendeplan als auch auf Abruf durch die Nutzer erfolgen. Die Schlüssel werden zum Zeitpunkt des Eintreffens beim Nutzer unmittelbar verarbeitetThe keys can be sent according to a pre-defined schedule or on demand by the user. The keys are processed immediately upon arrival at the user
und können nicht gespeichert werden. Sie ermöglichen dem Nutzer den Zugriff auf die verschlüsselten Daten eines bestimmten, dem Schlüssel zugeordneten Inhalts. Dieand cannot be saved. They enable the user to access the encrypted data of a certain content assigned to the key. The
Schlüssel sind nur eine befristete Zeit aktiv und nur während dieser Zeitspanne hat derKeys are only active for a limited time and only during this period
Nutzer den Zugriff auf die verschlüsselten Daten. Auf den Schlüssel selbst kann der Nutzer nicht zugreifen.User access to the encrypted data. The user cannot access the key itself.
Anwendungsbeispielexample
Der Schlüssel läuft beim Nutzer in einer Datenempfangseinrichtung auf (siehe Fig. 1). In der Datenempfangseinrichtung wird der Schlüssel gegebenenfalls von den übrigen SignalenThe user runs the key in a data receiving device (see FIG. 1). In the data receiving device, the key is possibly from the other signals
abgetrennt. Dieser Filter ist z. B. beim Versand über BOT notwendig, um den Schlüssel zuseparated. This filter is e.g. B. necessary when sending via BOT to the key
isolieren. Der Schlüssel wird nicht gespeichert, sondern zur Zeit seines Eintreffensisolate. The key is not saved, but at the time it arrives
unmittelbar verarbeitet und gelangt damit zu keinem Zeitpunkt in den Zugriff des Nutzers.immediately processed and therefore never accessed by the user.
Eine Detektoreinheit überprüft, ob der Schlüssel auf die Verschlüsselung eines Inhaltes auf dem Speichermedium passt. Passt der Schlüssel, so wird ein entsprechender SchalterA detector unit checks whether the key matches the encryption of content on the storage medium. If the key fits, there will be a corresponding switch
geschlossen und die verschlüsselten Daten des Speichermediums werden in einenclosed and the encrypted data of the storage medium are in one
Dekodierer geleitet. Der Schalter wird nur zur Zeit des Empfangs des Schlüssels betätigt,Decoder directed. The switch is only operated at the time the key is received,
so dass nur während der Zeit der Schlüsselwirkung der Datenfluss ermöglicht wird.so that the flow of data is only possible during the key impact period.
Mit Hilfe des Schlüssels werden die Daten im Dekodierer entschlüsselt und an einWith the help of the key, the data is decrypted in the decoder and sent to
Endgerät zur Ausgabe weiter geleitet. An diesem Endgerät kann der Nutzer für die Dauer des Aussendens des Schlüssels Zugriff auf die entschlüsselten Daten nehmen. Die entschlüsselten Daten werden im Endgerät nur flüchtig gespeichert. Wird also der Datenfluss zwischen Speichermedium und Dekodierer unterbrochen - etwa weil derEnd device forwarded for output. The user can access the decrypted data on this terminal for the duration of the key being sent. The decrypted data is only temporarily stored in the end device. So will that Data flow between storage medium and decoder interrupted - for example because of the
Schlüssel nicht mehr gesendet wird - so kann der Nutzer keinen Zugriff mehr auf dieKey is no longer sent - so the user can no longer access the
Daten nehmen. Take data.
Bezugszeichen-AuflistungReference sign collection
LAN Local Area NetworkLAN Local Area Network
WAN Wide Area NetworkWAN wide area network
DFÜ Daten-Fern-ÜbertragungRemote data transmission
DVD Digital Versatile DiscDVD digital versatile disc
CD Compact DisCD Compact Dis
ROM Read Only MemoryROM Read Only Memory
ISDN Integrated Services Digital NetworkISDN Integrated Services Digital Network
BOT Broadcast Online TelevisionBOT Broadcast Online Television
GSM Global System for Mobile communication GSM Global System for Mobile communication

Claims

Patentansprüche (3) Claims (3)
1. Verfahren zur Anwendung verschlüsselter Daten, d a d u r c h g e k e n n z e i c h n e t, dass die verschlüsselten Daten auf Speichermedien gespeichert werden, die an die Nutzer physisch versendet werden können, dass die Schlüssel zur Entschlüsselung der Daten über ein Datennetz übertragen werden, dass die Schlüssel von allen Netzteilnehmern zu empfangen sind oder alternativ nur einzelne Nutzer bzw. Nutzergruppen adressiert werden können, dass der Versand der Schlüssel sowohl nach einem im Voraus festgelegten Sendeplan als auch auf Abruf durch die Nutzer erfolgen kann, dass die gesendeten Schlüssel zum Zeitpunkt des Eintreffens beim Nutzer unmittelbar verarbeitet werden und nicht gespeichert werden können, dass der Zugriff auf die verschlüsselten Daten zeitlich bestimmt wird durch die Verfügbarkeit der empfangenen Schlüssel, und dass der Empfang der Schlüssel an weitere Bedingungen geknüpft werden kann.1. Method for using encrypted data, characterized in that the encrypted data are stored on storage media that can be physically sent to the user, that the keys for decrypting the data are transmitted over a data network, that the keys can be received by all network participants or alternatively, only individual users or user groups can be addressed, that the keys can be sent both according to a pre-defined schedule and on demand by the user, that the keys sent are processed immediately at the point of arrival at the user and are not saved can be that the access to the encrypted data is determined by the availability of the received keys, and that the reception of the keys can be linked to other conditions.
2. Verfahren nach Anspruch 1, dadurch gekennzeichnet, dass die Zugriffsmöglichkeit auf die Speichermedien mit verschlüsselten Daten zentral gesteuert und erfasst werden kann.2. The method according to claim 1, characterized in that the accessibility to the storage media with encrypted data can be controlled and recorded centrally.
Verfahren nach Anspruch 1 und 2, dadurch gekennzeichnet, dass bei unterschiedlichen Inhalten auf dem Speichermedium die Dateien mit unterschiedlichen Schlüsseln verschlüsselt werden. A method according to claim 1 and 2, characterized in that in the case of different contents on the storage medium, the files are encrypted with different keys.
PCT/EP2000/009428 1999-11-24 2000-09-27 Method for using encrypted data WO2001038954A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE19957467.7 1999-11-24
DE19957467A DE19957467A1 (en) 1999-11-24 1999-11-24 System for use of encrypted data sends only key over network allows access time control reduces data transmission load

Publications (1)

Publication Number Publication Date
WO2001038954A1 true WO2001038954A1 (en) 2001-05-31

Family

ID=7930769

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2000/009428 WO2001038954A1 (en) 1999-11-24 2000-09-27 Method for using encrypted data

Country Status (2)

Country Link
DE (1) DE19957467A1 (en)
WO (1) WO2001038954A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2405297A (en) * 2003-08-20 2005-02-23 Vodafone Plc Data distribution

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0934841A (en) * 1995-07-21 1997-02-07 Fujitsu Ltd On-line ciphering releasing system of storage medium and its method
US5892825A (en) * 1996-05-15 1999-04-06 Hyperlock Technologies Inc Method of secure server control of local media via a trigger through a network for instant local access of encrypted data on local media
JPH11250141A (en) * 1998-03-04 1999-09-17 Nippon Telegr & Teleph Corp <Ntt> Method for distributing real time contents

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19609556A1 (en) * 1996-03-12 1997-09-18 Bernd Schneider Data communication method and data communication system for performing the method
DE19722424C5 (en) * 1997-05-28 2006-09-14 Telefonaktiebolaget Lm Ericsson (Publ) Method of securing access to a remote system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0934841A (en) * 1995-07-21 1997-02-07 Fujitsu Ltd On-line ciphering releasing system of storage medium and its method
US5892825A (en) * 1996-05-15 1999-04-06 Hyperlock Technologies Inc Method of secure server control of local media via a trigger through a network for instant local access of encrypted data on local media
JPH11250141A (en) * 1998-03-04 1999-09-17 Nippon Telegr & Teleph Corp <Ntt> Method for distributing real time contents

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
PATENT ABSTRACTS OF JAPAN vol. 1997, no. 06 30 June 1997 (1997-06-30) *
PATENT ABSTRACTS OF JAPAN vol. 1999, no. 14 22 December 1999 (1999-12-22) *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2405297A (en) * 2003-08-20 2005-02-23 Vodafone Plc Data distribution
GB2405297B (en) * 2003-08-20 2006-12-20 Vodafone Plc Data distribution

Also Published As

Publication number Publication date
DE19957467A1 (en) 2001-05-31

Similar Documents

Publication Publication Date Title
DE19529320C2 (en) Software playback device
DE69535496T2 (en) data bus communication
RU2138924C1 (en) System for local processing/access and representation of large bodies of data and its application (versions)
US5036537A (en) Geographic black-out method for direct broadcast satellite system
DE4337726B4 (en) Music player for a motor vehicle
US6628891B1 (en) Signal filtering mechanism for a multi-purpose digital television receiver
DE69630012T2 (en) DELAYED ACCESS
DE69914306T2 (en) RECORDING ENCRYPTED DIGITAL DATA
US6035038A (en) Conditional access system and smartcard allowing such access
DE4201031C2 (en) Program selection system for the automated pre-selection of television or radio programs according to the individual interests of the participants
AU751436B2 (en) Mechanism for matching a receiver with a security module
RU96108949A (en) SYSTEM FOR LOCAL PROCESSING / ACCESS AND PRESENTATION OF LARGE DATA VOLUMES
CA2039123A1 (en) Video control system
EP1338943A2 (en) Method for activating a file on a navigation system
DE19529487A1 (en) Software supply system
DE69831205T2 (en) Data transmission method and system and program recording medium
WO2000072574A3 (en) An architecture for controlling the flow and transformation of multimedia data
WO2001038954A1 (en) Method for using encrypted data
EP1642458B1 (en) Method and device for transmitting decryption codes of freely transmitted, encrypted program contents to clearly identifiable receivers
DE19805409B4 (en) Virtual audio and / or video library with remote access
EP1455530A1 (en) System for recording and playback of television signals from multiple television channels
EP0888597B1 (en) Process for data communications and a data communications system for carrying out the process
DE60225721T2 (en) PROCEDURE FOR ACCESS CONTROL OF SPECIFIC SERVICES BY A DISTRIBUTOR
CN100447879C (en) Multimedia storage device having digital write-only area
DE10035707A1 (en) Digital acquisition and reproduction involves setting header information in isolated packets representing input data stream time position, adding null packets corresponding to time separation

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): BR IL IN JP PL US

NENP Non-entry into the national phase

Ref country code: JP