Many systems exist for securely transferring data from one location to another that frustrate parties that attempt to intercept the data and discern the content of the data. These systems typically obfuscate the data in a way, wherein, in theory, only the intended recipient has a means to understand the data. In cryptographic terms, this obfuscation of data or plaintext is called encryption of the data.
In historical systems, encryption of the data was brought about by simple substitution and/or transposition systems. A substitution encryption system utilized a mapping of characters wherein an input character was mapped directly to an output character. For example, an “a” plaintext character always becomes an “x” output encrypted character. The decryption process performed the substitution in reverse in that and “x” encrypted character is mapped to produce the “a” plaintext character. Transposition encryption simply jumbles characters in a defined fashion so that, for example, “plaintext” may become “attixnlp” by selecting the third letter in each letter selection. In more complex systems, combinations of substitution may be utilized together with transposition.
As computing power has become more powerful, these earlier system have fallen out of favor due to the ease that simple patterns in the encryption may be readily discerned. Today, more complex systems of mathematical obfuscation are utilized. In many of these systems, a symmetric key or asymmetric key pair may be utilized as at least a portion of the encryption/decryption process. In operation, during an encryption of the content, a key is mathematically combined in a complex but explicit fashion with plaintext to perform the encryption of the plaintext. Decryption of the plaintext is similarly complex and explicit.
To solve many of the problems associated with managing key distribution, a Public Key Infrastructure (PKI) is created to manage creation, distribution, and revocation of keys. A problem exists in these systems in that a trusted third party is typically required to act as a key authority that is responsible for managing keys including revocation. Further, since a portion of the keys are typically secret and not intended for general distribution, a system is required for securely distributing the secret keys to the intended recipients. In addition, even after the keys are securely distributed, the process of combining the keys or some derivation of the keys with the plaintext is oftentimes a complex mathematical process that requires a substantial amount of computing power, particularly when the combination with the plaintext (encryption) or separation from the plaintext (decryption) is performed in real time.
Further, key creation is a very complex process wherein a seed is determined utilizing a number generator that typically utilizes some form of random input (e.g., time, surrounding temperature, radioactive decay using Geiger Counter etc.) to create random numbers that may directly be the seed or may be an input into the seed. The seed is thereafter mathematically manipulated to create a key for symmetric encryption/decryption or a key pair for asymmetric encryption/decryption. In one type of random number generator, the same output number is generated each time a same input number is utilized as a starting seed. The random umber generator in this application enables bounds to be put on the generator so that the random number generated is within a range of specific values. This system enables a random number to be generated at more than one source utilizing the same input value so that the same random number may be generated. This may simplify the key distribution process, but still requires substantial computing power which now must exist at each source of key creation. Further, this system is only as secure as the secret process utilized for key generation and plaintext encryption. This process is complicated when many keys or key pairs are required to manage distribution of data.
Encryption is utilized to distribute and control access to all kinds of data such as data distributed on optical disks and data distributed through broadcast or transmission mediums. For cable and satellite networks, most video content in the U.S. is sold on a package basis with different channels forming various package groups (eg. Basic, Expanded, Digital, Complete, On Demand etc.) that are encrypted to control access to authorized users. Some European countries have the concept of per channel access where each channel needs to be separately controlled. Management of a large number of keys for access control is too large a computing task for so-called thin-clients such as set-top boxes and other consumer side content delivery systems.
It is an object of the present system to overcome disadvantages and/or make improvements in the prior art.