1. Field of the Invention
The present invention relates to controlling access to digital data through a communication network based on location. More particularly, the present invention relates to a method and apparatus for encrypting digital data in a communication network in such a manner that it can be decrypted only at a specified location and using a secret key.
2. Description of Related Art
Rapid advances in computer, telecommunications and networking technology have enabled new opportunities and applications that were impossible just a few years ago. These advances are exemplified by the rapid growth of network systems seeking to delivery “high-value” content securely to authorized recipients. Examples of such networks include those that handle confidential, sensitive, or classified information in the health care, financial, and national security fields. They also include networks that handle intellectual property or copyrighted data such as computer software, literary works, and entertainment products. Controlling the security of information in such systems, including confidentiality, authenticity, integrity, authorized use, transaction secrecy, site protection, etc., has proven to be a difficult problem that has reduced the benefit that businesses and consumers might otherwise enjoy from such systems.
One technology that is critical to protecting information on these networks is cryptography. Cryptography is the use of codes and ciphers to protect data from unintended disclosure or modification. It is primarily used to control access to communications transmitted over open networks, but may also be used to control access to stored data. In a transmission utilizing cryptography to protect digital data, the sender converts the original data, or “plaintext,” into a coded equivalent called “ciphertext” using an encryption algorithm. The ciphertext is then decoded (or decrypted) by the receiver and thereby turned back into plaintext. The encryption algorithm uses a key, which in digital systems is a string of bits. In general, the larger the number of bits in the key, the longer it takes to break the code using so-called “brute force” methods.
Keys form the basis of all cryptographic systems. Two separate cryptographic key methods have been widely adopted by users of electronic networks: private-key cryptography and public-key cryptography. With private-key cryptography (also known as symmetric cryptography), the sender and receiver use a common secret key to encrypt and decrypt data. With public-key cryptography (also known as asymmetric cryptography), the sender and receiver use different but mathematically related keys to encrypt and decrypt the data. In particular, the sender encrypts the data using a public key that is unique to the receiver, while the receiver decrypts the data using the corresponding private key that is known only to the receiver. Because separate keys are used, public-key cryptography also can be used to provide digital signatures for authentication and non-repudiation. In this case, the sender signs the data using the sender's private key, while the receiver validates the data using the sender's public key.
Owing to their different mathematics, private-key cryptography is generally much more efficient than public-key cryptography. It runs faster and can provide comparable security using shorter keys. Consequently, most network systems use private-key cryptography to encrypt and decrypt most types of data. Public-key cryptography, if used at all, is presently used only to distribute the secret keys used with private-key cryptography and to digitally sign data.
The shared secret keys used with private-key cryptography can be distributed using either private-key or public-key methods. Private-key distribution methods are particularly well suited to broadcast and multicast applications where a central, shared server transmits data to one or more receivers simultaneously, such as subscription television, and to other applications that involve communications to or from a central server. Public-key distribution methods are particularly well suited to applications involving communications between two entities that do not trust each other and do not employ a shared server, such as electronic mail delivered across the Internet and connections between web browsers and web servers.
With both public-key and private-key cryptography, anyone knowing the secret key needed to decrypt the data can decrypt and access that data, assuming the method of encryption is known (which is generally assumed). It does not matter where the person is located or how the person acquired the data. For some applications, however, it would be desirable to control access to data based not only on a secret key, but also on location. For example, in the context of digital cinema, such a capability would enable a producer of digital movies to be assured that its products could only be decrypted in certain theaters whose locations would be known in advance. Or, a provider of entertainment products such as movies and subscription television would be assured that its products could only be decrypted within the premises of its customers or within a particular geographic region. This capability would guard against many threats, including the unauthorized distribution of copyright-protected works over the Internet or through other means. Even if the keys were compromised, recipients would not be at the proper location to enable decryption. The related patent applications referenced above disclose a method and system for encrypting digital data based on location.
It would also be desirable to have a capability to control access to data based on the distribution path of the data. For example, such a capability would enable a provider of protected works to be assured that its works were distributed through specific channels. Persons acquiring the product through other channels would then be unable to decrypt the data, even if they acquired the secret key. This capability could be used even when location is not a factor for authorizing decryption. Location-based encryption and path-dependent encryption would significantly enhance the security of data.
Another limitation of conventional encryption systems, particularly those that are based entirely on private-key cryptography, is that key management is vested with a single entity. Key management refers to the control over distribution of keys within a network. By restricting key management to a single entity, data providers that do not have key management authority are limited in their ability to control access to their digital data through the networks. Therefore, in addition to using location-based encryption and path-dependent encryption, it would be desirable to provide a method and system whereby multiple data providers can independently manage the secret keys they use to communicate with other providers and receivers.