1. Field of the Invention
The present invention is directed to controlling access to digital data, and to a system for providing secure communication of information to recipient devices in a manner such that the information can only be communicated or accessed at specified locations. In particular, the present invention is directed at providing enhanced cryptographic strength to encryption methods incorporating geographic and temporal restrictions.
2. Description of Related Art
Traditional methods of securing electronic data rely on encryption to assure that only authorized users can access and use the secure data. Encryption is the use of codes and ciphers to protect data from unintended disclosure or modification. It is primarily used to control access to communications transmitted over open networks, but may also be used to control access to stored data. In a transmission utilizing encryption to protect digital data, the sender converts the original data, or “plaintext,” into a coded equivalent called “ciphertext” using an encryption algorithm. The ciphertext is then decoded (or decrypted) by the receiver and thereby turned back into plaintext. The encryption algorithm uses a key, which in digital systems is a string of bits. In general, the larger the number of bits in the key, the longer it takes to break the code using so-called “brute force” methods. A drawback of conventional cryptographic systems is the difficulty of distributing the keys to recipients of encrypted information. If the keys are intercepted by an unauthorized user, then that unauthorized user could gain access to the encrypted information.
As an added layer of security, it has been proposed to further incorporate time and location data into encryption methods such that the secure data can be accessed only at an authorized location and time. See, for example, U.S. Pat. No. 7,143,289, in which Denning et al. introduce the concept of geoencryption, or location-based encryption. Using geoencryption, data can be encrypted with a particular range of geographic and temporal coordinates that prevent decryption of the data unless it takes place within the specified geographic and temporal range. For example, an employer might geoencrypt sensitive employee information making it available only within the employer's facility and during normal business hours. If the data were stolen or the facility broken into, the additional geographic and temporal restrictions would greatly reduce the likelihood that the security of the data could be compromised, even by authorized users. As another example, geoencryption might be used in the distribution of digital cinema to authorized theatres to ensure that the content could be decoded and displayed only at the authorized locations during the authorized times. The concept of geoencryption thus promises tremendous potential benefits in the management and distribution of sensitive or secured data where controlling access is the predominate concern.
However, although the location data used in the encryption process does enhance security, the addition of this one piece of information does not provide enough entropy, or unique information content, to create a sufficiently strong and robust cryptographic system to protect the most valuable data. Furthermore, simply providing additional location signals will not significantly increase the cryptographic strength of the system. Additional unique information is needed to increase the entropy sufficiently to enable a more robust security system. In addition, conventional geoencryption systems can be defeated by unauthorized users who generate false location or time data in order to spoof the decryption system. Additional unique, location-dependent information is needed to provide a cross check on position data to authenticate the source of location data used in the decryption process.
Accordingly, it would be desirable to provide a system that makes use of all location-based parameters of a navigation signal to significantly increase the entropy of the cryptographic key and to perform cross correlations of navigation parameters to authenticate the source of location data in order to generate a strong and robust cryptographic system.