DE19957467A1 - System for use of encrypted data sends only key over network allows access time control reduces data transmission load - Google Patents
System for use of encrypted data sends only key over network allows access time control reduces data transmission loadInfo
- Publication number
- DE19957467A1 DE19957467A1 DE19957467A DE19957467A DE19957467A1 DE 19957467 A1 DE19957467 A1 DE 19957467A1 DE 19957467 A DE19957467 A DE 19957467A DE 19957467 A DE19957467 A DE 19957467A DE 19957467 A1 DE19957467 A1 DE 19957467A1
- Authority
- DE
- Germany
- Prior art keywords
- keys
- data
- encrypted data
- user
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 230000005540 biological transmission Effects 0.000 title abstract description 6
- 238000000034 method Methods 0.000 claims 3
- 238000013475 authorization Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2211/00—Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
- G06F2211/007—Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/10—Digital recording or reproducing
- G11B2020/1087—Digital recording or reproducing wherein a selection is made among at least two alternative ways of processing
- G11B2020/10888—Digital recording or reproducing wherein a selection is made among at least two alternative ways of processing the kind of data being the selection criterion
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/30—Definitions, standards or architectural aspects of layered protocol stacks
- H04L69/32—Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
- H04L69/322—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
- H04L69/329—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Signal Processing (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
Description
Die Erfindung betrifft die Anwendung verschlüsselter Daten sowie die Bedingungen für den Zugriff auf die Daten.The invention relates to the use of encrypted data and the conditions for access to the data.
Bei großen Datenmengen ist die begrenzte Übertragungskapazität ein Problem, soweit die Daten einzeln abgerufen und bezahlt werden sollen.With large amounts of data, the limited transmission capacity is a problem, as far as the Data should be called up and paid for individually.
Nach dem Stand der Technik ermöglichen Datenbanksysteme einen Zugriff auf Daten in der Weise, dass die Daten in Reaktion auf eine Anforderung hin an den Nutzer übertragen werden. Die Daten können dabei sowohl verschlüsselt, als auch unverschlüsselt sein. Der Zugriff kann lokal oder aus der Ferne erfolgen.According to the state of the art, database systems allow access to data in the Way that the data is transmitted to the user in response to a request become. The data can be both encrypted and unencrypted. The Access can be local or remote.
Client-server-Konfigurationen in LAN und WAN, DFÜ-Fest- oder Wählverbindungen, Conditional-Access-Systeme (Zugangskontrollsysteme) bei funkgestützter Datenüber tragung.Client-server configurations in LAN and WAN, dial-up fixed or dial-up connections, Conditional access systems (access control systems) for radio-based data transfer carry.
Es wird unterschieden zwischen verschlüsselten Daten und Schlüsseln. Die Daten, die in der Regel sehr umfangreich sind, werden auf einem Speichermedium (z. B. DVD-ROM, CD- ROM) physisch zum Anwender transportiert. Die Schlüssel werden über ein Datennetz übertragen und sind entweder allgemein zugänglich oder können nur von ausgewählten Nut zern empfangen werden.A distinction is made between encrypted data and keys. The data in the Are usually very extensive, are stored on a storage medium (e.g. DVD-ROM, CD- ROM) physically transported to the user. The keys are over a data network broadcast and are either generally accessible or can only be accessed from selected groove be received.
Die Erfindung unterscheidet sich vom Stand der Technik darin, dass nur noch die Schlüssel kontinuierlich über ein Datennetz versandt werden und damit zentral gesteuert und erfasst werden kann, welcher Nutzer für welchen Zeitraum auf welche Daten eine Zugriffsbe rechtigung erhält. Der Vorteil der Erfindung gegenüber dem Stand der Technik ist, dass Begrenzungen in der Übertragungskapazität dadurch ausgeglichen werden, dass nicht mehr die kompletten Daten, sondern nur noch die Schlüssel übertragen werden.The invention differs from the prior art in that only the key be sent continuously via a data network and thus controlled and recorded centrally which user can access which data for which period of time receives authorization. The advantage of the invention over the prior art is that Limitations in the transmission capacity can be compensated for by the fact that no more the complete data, but only the keys are transferred.
In einer zentralen Datenaufbereitungsstelle werden Inhalte verschiedener Anbieter auf Speichermedien verschlüsselt aufgebracht. Die Verschlüsselung erfolgt dergestalt, dass die verschiedenen Inhalte mit unterschiedlichen Schlüsseln verschlüsselt werden. Diese Speichermedien werden physisch an die Nutzer versendet.The content of various providers is stored in a central data processing center Storage media applied encrypted. The encryption takes place in such a way that the different contents are encrypted with different keys. This Storage media are physically sent to users.
Aus einer Sendezentrale werden die Schlüssel versendet. Der Versand erfolgt über ein Datennetz (z. B. ISDN, BOT, GSM). Die Schlüssel können entweder von allen Netzteil nehmern empfangen werden oder sind alternativ nur einzelnen Nutzern bzw. Nutzergruppen mit separaten Adressen zugänglich, so dass nur diese den Schlüssel empfangen können, bzw. der Empfang der Schlüssel an Bedingungen geknüpft werden kann.The keys are sent from a transmission center. The dispatch takes place via a Data network (e.g. ISDN, BOT, GSM). The keys can either be from any power supply recipients are received or are alternatively only individual users or user groups accessible with separate addresses so that only these can receive the key or the reception of the keys can be subject to conditions.
Der Versand der Schlüssel kann sowohl nach einem im Voraus festgelegten Sendeplan als auch auf Abruf durch die Nutzer erfolgen. The keys can be sent according to a pre-defined schedule also on demand by the user.
Die Schlüssel werden zum Zeitpunkt des Eintreffens beim Nutzer unmittelbar verarbeitet und können nicht gespeichert werden. Sie ermöglichen dem Nutzer den Zugriff auf die ver schlüsselten Daten eines bestimmten, dem Schlüssel zugeordneten Inhalts. Die Schlüssel sind nur eine befristete Zeit aktiv und nur während dieser Zeitspanne hat der Nutzer den Zugriff auf die verschlüsselten Daten. Auf den Schlüssel selbst kann der Nutzer nicht zugreifen.The keys are processed immediately upon arrival at the user and cannot be saved. They enable the user to access the ver encrypted data of a certain content assigned to the key. The keys are only active for a limited time and only during this period the user has access on the encrypted data. The user cannot access the key itself.
Der Schlüssel läuft beim Nutzer in einer Datenempfangseinrichtung auf (siehe Fig. 1). In der Datenempfangseinrichtung wird der Schlüssel gegebenenfalls von den übrigen Signalen ab getrennt. Dieser Filter ist z. B. beim Versand über BOT notwendig, um den Schlüssel zu isolieren. Der Schlüssel wird nicht gespeichert, sondern zur Zeit seines Eintreffens unmittel bar verarbeitet und gelangt damit zu keinem Zeitpunkt in den Zugriff des Nutzers.The user runs the key in a data receiving device (see FIG. 1). In the data receiving device, the key may be separated from the other signals. This filter is e.g. B. necessary when sending via BOT to isolate the key. The key is not saved, but is processed directly in cash at the time of its arrival and therefore never reaches the user.
Eine Detektoreinheit überprüft, ob der Schlüssel auf die Verschlüsselung eines Inhaltes auf dem Speichermedium passt. Passt der Schlüssel, so wird ein entsprechender Schalter ge schlossen und die verschlüsselten Daten des Speichermediums werden in einen Dekodierer geleitet. Der Schalter wird nur zur Zeit des Empfangs des Schlüssels betätigt, so dass nur während der Zeit der Schlüsselwirkung der Datenfluss ermöglicht wird.A detector unit checks whether the key is for the encryption of content fits the storage medium. If the key fits, a corresponding switch is used closed and the encrypted data of the storage medium are in a decoder headed. The switch is only operated at the time the key is received, so only data flow is enabled during the key impact period.
Mit Hilfe des Schlüssels werden die Daten im Dekodierer entschlüsselt und an ein Endgerät zur Ausgabe weiter geleitet. An diesem Endgerät kann der Nutzer für die Dauer des Aussendens des Schlüssels Zugriff auf die entschlüsselten Daten nehmen. Die entschlüsselten Daten werden im Endgerät nur flüchtig gespeichert. Wird also der Datenfluss zwischen Speichermedium und Dekodierer unterbrochen - etwa weil der Schlüssel nicht mehr gesen det wird - so kann der Nutzer keinen Zugriff mehr auf die Daten nehmen. With the help of the key, the data is decrypted in the decoder and sent to an end device forwarded to output. The user can use this device for the duration of the Send the key to access the decrypted data. The decrypted Data is only temporarily stored in the end device. So will the data flow between Storage medium and decoder interrupted - for example because the key is no longer being read is detected - so the user can no longer access the data.
LAN Local Area Network
WAN Wide Area Network
DFÜ Daten-Fern-Übertragung
DVD Digital Versatile Disc
CD Compact Dis
ROM Read Only Memory
ISDN Integrated Services Digital Network
BOT Broadcast Online Television
GSM Global System for Mobile communication
LAN Local Area Network
WAN wide area network
Remote data transmission
DVD digital versatile disc
CD Compact Dis
ROM Read Only Memory
ISDN Integrated Services Digital Network
BOT Broadcast Online Television
GSM Global System for Mobile communication
Claims (3)
dass die Schlüssel zur Entschlüsselung der Daten über ein Datennetz übertragen werden, dass die Schlüssel von allen Netzteilnehmern zu empfangen sind oder alternativ nur einzelne Nutzer bzw. Nutzergruppen adressiert werden können,
dass der Versand der Schlüssel sowohl nach einem im Voraus festgelegten Sendeplan als auch auf Abruf durch die Nutzer erfolgen kann,
dass die gesendeten Schlüssel zum Zeitpunkt des Eintreffens beim Nutzer unmittelbar verarbeitet werden und nicht gespeichert werden können,
dass der Zugriff auf die verschlüsselten Daten zeitlich bestimmt wird durch die Verfügbarkeit der empfangenen Schlüssel, und
dass der Empfang der Schlüssel an weitere Bedingungen geknüpft werden kann.1. Method for using encrypted data, characterized in that the encrypted data is stored on storage media which can be physically sent to the user.
that the keys for decrypting the data are transmitted over a data network, that the keys can be received by all network participants or, alternatively, only individual users or user groups can be addressed,
that the keys can be sent both according to a pre-defined schedule and on demand by the user,
that the keys sent are processed immediately at the point of arrival at the user and cannot be saved,
that the access to the encrypted data is determined by the availability of the received keys, and
that the reception of the keys can be subject to further conditions.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE19957467A DE19957467A1 (en) | 1999-11-24 | 1999-11-24 | System for use of encrypted data sends only key over network allows access time control reduces data transmission load |
PCT/EP2000/009428 WO2001038954A1 (en) | 1999-11-24 | 2000-09-27 | Method for using encrypted data |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE19957467A DE19957467A1 (en) | 1999-11-24 | 1999-11-24 | System for use of encrypted data sends only key over network allows access time control reduces data transmission load |
Publications (1)
Publication Number | Publication Date |
---|---|
DE19957467A1 true DE19957467A1 (en) | 2001-05-31 |
Family
ID=7930769
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
DE19957467A Withdrawn DE19957467A1 (en) | 1999-11-24 | 1999-11-24 | System for use of encrypted data sends only key over network allows access time control reduces data transmission load |
Country Status (2)
Country | Link |
---|---|
DE (1) | DE19957467A1 (en) |
WO (1) | WO2001038954A1 (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2405297B (en) * | 2003-08-20 | 2006-12-20 | Vodafone Plc | Data distribution |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE19609556A1 (en) * | 1996-03-12 | 1997-09-18 | Bernd Schneider | Data communication method and data communication system for performing the method |
DE19722424C1 (en) * | 1997-05-28 | 1998-08-06 | Ericsson Telefon Ab L M | Secure access method |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH0934841A (en) * | 1995-07-21 | 1997-02-07 | Fujitsu Ltd | On-line ciphering releasing system of storage medium and its method |
US5892825A (en) * | 1996-05-15 | 1999-04-06 | Hyperlock Technologies Inc | Method of secure server control of local media via a trigger through a network for instant local access of encrypted data on local media |
JPH11250141A (en) * | 1998-03-04 | 1999-09-17 | Nippon Telegr & Teleph Corp <Ntt> | Method for distributing real time contents |
-
1999
- 1999-11-24 DE DE19957467A patent/DE19957467A1/en not_active Withdrawn
-
2000
- 2000-09-27 WO PCT/EP2000/009428 patent/WO2001038954A1/en unknown
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE19609556A1 (en) * | 1996-03-12 | 1997-09-18 | Bernd Schneider | Data communication method and data communication system for performing the method |
DE19722424C1 (en) * | 1997-05-28 | 1998-08-06 | Ericsson Telefon Ab L M | Secure access method |
Non-Patent Citations (1)
Title |
---|
OFFERGELD,Michael T., HELD,Albert: IT-Sicherheit in offenen Netzen. In: ntz, Bd.44, 1991, H.8, S.538-543 * |
Also Published As
Publication number | Publication date |
---|---|
WO2001038954A1 (en) | 2001-05-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
DE19529320C2 (en) | Software playback device | |
DE69535701T2 (en) | Reception access controlled radio signals | |
DE69630012T2 (en) | DELAYED ACCESS | |
DE69915213T2 (en) | Device and method for data conversion in a copyright protection system | |
DE69902527T3 (en) | ADJUSTMENT DEVICE BETWEEN A RECEIVER AND A SAFETY MODULE | |
DE60222012T2 (en) | SYSTEM AND METHOD FOR HYBRID CONDITIONAL ACCESS TO RECEIVERS OF ENCRYPTED TRANSMISSIONS | |
DE69914306T2 (en) | RECORDING ENCRYPTED DIGITAL DATA | |
DE69620668T2 (en) | Universal electronic system for rental and delivery of video games | |
DE60103637T2 (en) | SYSTEM AND METHOD FOR SAFE DATA TRANSMISSION | |
DE60319537T2 (en) | Method and electronic module for secure data transmission | |
EP0684721A2 (en) | Data bus communication | |
RU96108949A (en) | SYSTEM FOR LOCAL PROCESSING / ACCESS AND PRESENTATION OF LARGE DATA VOLUMES | |
DE19957467A1 (en) | System for use of encrypted data sends only key over network allows access time control reduces data transmission load | |
EP1737237A1 (en) | Method and apparatus for reproducing media data | |
EP1642458B1 (en) | Method and device for transmitting decryption codes of freely transmitted, encrypted program contents to clearly identifiable receivers | |
DE60225721T2 (en) | PROCEDURE FOR ACCESS CONTROL OF SPECIFIC SERVICES BY A DISTRIBUTOR | |
DE60126329T2 (en) | data distribution system | |
EP0888597B1 (en) | Process for data communications and a data communications system for carrying out the process | |
EP1455530A1 (en) | System for recording and playback of television signals from multiple television channels | |
DE19957679B4 (en) | Device for recording an audio and / or video signal | |
DE19961726A1 (en) | Graphics output unit and graphics output system | |
DE10108872B4 (en) | Method for enabling the decryption of transmitted information | |
EP2092745B1 (en) | Method for transmitting video files in a data network | |
EP1338144A1 (en) | Hotel television system | |
EP0895198A2 (en) | Vehicle with a memory for on demand diagnostic data and with a remote controlled central locking device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
OM8 | Search report available as to paragraph 43 lit. 1 sentence 1 patent law | ||
8110 | Request for examination paragraph 44 | ||
8130 | Withdrawal |