WO2004038996A1 - System and method for partially-encrypted data transmission and reception - Google Patents
System and method for partially-encrypted data transmission and reception Download PDFInfo
- Publication number
- WO2004038996A1 WO2004038996A1 PCT/IB2003/004678 IB0304678W WO2004038996A1 WO 2004038996 A1 WO2004038996 A1 WO 2004038996A1 IB 0304678 W IB0304678 W IB 0304678W WO 2004038996 A1 WO2004038996 A1 WO 2004038996A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- packets
- flow
- employed
- encryption
- transmitting
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 74
- 230000005540 biological transmission Effects 0.000 title claims description 53
- 238000012937 correction Methods 0.000 claims description 35
- 238000012360 testing method Methods 0.000 claims description 16
- 230000000694 effects Effects 0.000 claims description 9
- 230000006855 networking Effects 0.000 description 15
- 238000012545 processing Methods 0.000 description 14
- 238000013459 approach Methods 0.000 description 10
- 238000010586 diagram Methods 0.000 description 8
- 238000013478 data encryption standard Methods 0.000 description 7
- DTCAGAIFZCHZFO-UHFFFAOYSA-N 2-(ethylamino)-1-(3-fluorophenyl)propan-1-one Chemical compound CCNC(C)C(=O)C1=CC=CC(F)=C1 DTCAGAIFZCHZFO-UHFFFAOYSA-N 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008447 perception Effects 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000002457 bidirectional effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000002513 implantation Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 230000005236 sound signal Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/029—Firewall traversal, e.g. tunnelling or, creating pinholes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F15/00—Digital computers in general; Data processing equipment in general
- G06F15/16—Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/0021—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/0021—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
- G11B20/00485—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier characterised by a specific kind of data which is encrypted and recorded on and/or reproduced from the record carrier
- G11B20/00492—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier characterised by a specific kind of data which is encrypted and recorded on and/or reproduced from the record carrier wherein content or user data is encrypted
- G11B20/00507—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier characterised by a specific kind of data which is encrypted and recorded on and/or reproduced from the record carrier wherein content or user data is encrypted wherein consecutive physical data units of the record carrier are encrypted with separate encryption keys, e.g. the key changes on a cluster or sector basis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/164—Implementing security features at a particular protocol layer at the network layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0625—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/23—Processing of content or additional data; Elementary server operations; Server middleware
- H04N21/234—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs
- H04N21/2347—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving video stream encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/44—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs
- H04N21/4405—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs involving video stream decryption
- H04N21/44055—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs involving video stream decryption by partially decrypting, e.g. decrypting a video stream that has been partially encrypted
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/167—Systems rendering the television signal unintelligible and subsequently intelligible
- H04N7/1675—Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/04—Masking or blinding
- H04L2209/043—Masking or blinding of tables, e.g. lookup, substitution or mapping
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/34—Encoding or coding, e.g. Huffman coding or error correction
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
Definitions
- This invention relates to systems and methods for data distribution.
- Such content and/or other data can include, for example, messages, video, audio, and software.
- the content and/or other data could be of a confidential nature.
- a content provider could be charging a fee for use of the content and/or other data.
- a data entity is dispatched as a series of packets, with some of the packets being dispatched in an encrypted manner and others of the packets being dispatched in an unencrypted manner.
- Such behavior could result in less computational overhead at sending and receiving nodes, while still providing a level of security for transmissions.
- Fig. la shows an exemplary network topology corresponding to a unicast embodiment of the present invention.
- Fig. lb shows an exemplary network topology corresponding to a multicast embodiment of the present invention.
- Fig. 2 is a flowchart showing exemplary steps preformed in packet reception in accordance with various embodiments of the present invention.
- Fig. 3a is a diagram showing a pattern, based on an arithmetic progression, for stipulating packets to be dispatched in an encrypted manner.
- Fig. 3b is a diagram showing a pattern, based on an extended arithmetic progression, for stipulating packets to be dispatched in an encrypted manner.
- Fig. 3c is a diagram showing a pattern, based on a pseudo-Gaussian pattern, for stipulating packets to be dispatched in an encrypted manner.
- Fig. 3d is a diagram showing a pattern, based on a random pattern, for stipulating packets to be dispatched in an encrypted manner.
- Fig.4a is a diagram showing an exemplary non-interleaved forward error correction implementation.
- Fig.4b is a diagram showing an exemplary interleaved forward error correction implementation.
- Fig. 5 shows an exemplary general purpose computer employable in various embodiments of the present invention.
- Fig. 6 shows a functional block diagram of an exemplary terminal employable in various embodiments of the present invention.
- a data entity is dispatched as a series of packets with some of the packets being dispatched in an encrypted manner and others of the packets being dispatched in an unencrypted manner.
- a data entity could be, for instance, streaming audio or video, non- streaming audio or video, a message, software, text, informational content, or a data file. As less decryption would need to be performed, such operation could result in the receipt of the data at a terminal requiring less processing power than would be necessary if all packets were encrypted.
- the above-noted lower requirements for processing power could result in less energy use by transmitting and/or receiving nodes. Such could be useful, for instance, for mobile nodes where less energy use could translate into longer battery life. Such could also be useful in applications where it is desired that equipment produce less heat. It is further noted that the lower requirement for processing power could also allow cheaper, less capable, and/or more energy efficient processors to be employed in nodes for data receipt and/or transmission.
- unicast could be employed in the delivery of the encrypted and unencrypted packets.
- the delivery could be via multicast.
- Shown in Fig. la is an exemplary network topology corresponding to a unicast embodiment of the present invention wherein a node 101 is in unicast communication with node 103 via link 105 in accordance with the present invention.
- Link 105 could be a unidirectional or bidirectional link.
- Shown in Fig. lb is an exemplary network topology corresponding to a multicast embodiment of the present invention wherein a node 107 executes multicast transmission via link 111 in accordance with the present invention for receipt by one or more of nodes 109. Included in the exemplary network topology of Fig. lb are links 113 whereby certain of nodes 109 may dispatch transmissions for reception by node 107.
- the multicast topology of Fig. lb is also exemplary of broadcast, to which this invention may also be applied.
- wired and/or wireless networks may be employed for packet delivery and reception in accordance with the present invention. Accordingly, Ethernet, 802.1 la, 802.1 lb, 802.1 lg, DVB-T (Terrestrial Digital Video Broadcast), DVB-C (Cable Digital Video Broadcast), DVB-S (Satellite Digital Video Broadcast), GPRS (General Packet Radio Service), UMTS (Universal Mobile Telecommunications Service), Bluetooth, and/or other networks could be employed.
- DVB-T Transmission Restrial Digital Video Broadcast
- DVB-C Code Digital Video Broadcast
- DVB-S Setellite Digital Video Broadcast
- GPRS General Packet Radio Service
- UMTS Universal Mobile Telecommunications Service
- Bluetooth and/or other networks could be employed.
- delivery of data flows may be on different links, logically and/or physically.
- one flow could be over unicast and another over multicast.
- one flow could be over multicast on DVB-T and another over multicast on UMTS.
- packet delivery could employ transport mode IPsec (Internet Protocol Security) or the like. More specifically, packets to be transmitted in an unencrypted manner could be dispatched using transport mode IPsec with null encryption, while packets to be transmitted in an encrypted manner could be dispatched using transport mode IPsec with non-null encryption. Alternately, packets to be transmitted in an encrypted manner might be dispatched using transport mode IPsec with non-null encryption, while packets to be transmitted in an unencrypted manner might not employ IPsec.
- transport mode IPsec Internet Protocol Security
- all packets dispatched in an encrypted manner may not be decryptable using the same key and/or may not be encrypted using the same algorithm.
- certain of the packets to be dispatched in an encrypted manner could be delivered using DES (Data Encryption Standard) encryption while others could be delivered using 3DES (triple Data Encryption Standard) encryption.
- DES Data Encryption Standard
- 3DES triple Data Encryption Standard
- each of the packets could be directed towards a particular unicast IP (Internet Protocol) address.
- multicast delivery is being performed, each of the packets could be directed towards a particular multicast IP address.
- each dispatched packet could, perhaps in one of its headers, include a data entity transmission identifier corresponding to the data entity transmission with which it is associated and/or an indication of what key should be used to decrypt its payload.
- various embodiments of the present invention may employ tunnel mode IPsec or the like in packet delivery. For instance, packets to be transmitted in an unencrypted manner could travel via an unencrypted IPsec tunnel or via an IPsec tunnel employing null encryption, while packets to be transmitted in an encrypted manner could travel via an IPsec tunnel secured via non-null encryption.
- packets to be transmitted in an unencrypted manner might be transmitted in a manner that does not make use of an IPsec tunnel, while packets to be transmitted in an encrypted manner could travel over an IPsec tunnel secured via non-null encryption.
- packets to be transmitted in an unencrypted manner and packets to be transmitted in an encrypted manner could both be transmitted over the same IPsec tunnel, with the packets to be transmitted in an encrypted manner traveling in a flow employing non-null encryption and the packets to be transmitted in an unencrypted manner traveling in a flow employing no encryption or null encryption.
- the same tunnel might not be employed for all packets of a data entity dispatched in an encrypted manner.
- certain of the packets of a data entity to be dispatched in an encrypted manner could be delivered via a tunnel employing DES encryption while others could be via a tunnel employing 3 DES encryption.
- the same tunnel flow might not be employed for all of a data entity's packets that are to be dispatched in an encrypted manner. Accordingly, for example, certain of the packets to be dispatched in an encrypted manner could be delivered via a tunnel flow employing DES encryption while others could be via a tunnel flow employing 3DES encryption.
- each dispatched packet could as above include, perhaps in a packet header, a data entity transmission identifier.
- Some embodiments of the present invention may not employ IPsec transport mode, IPsec tunnel mode, or the like for the delivery of packets to be dispatched in an encrypted manner.
- packets might be delivered using a link that offers its own security.
- packets could be delivered via a DVB-T link that implements a DVB encryption algorithm known in the art.
- each dispatched packet could include, perhaps in one of its headers, a data entity transmission identifier.
- implantation of data entity transmission in the above described embodiments could involve programmatic interface to an appropriate networking stack operating on a sending node. Such a stack could, as appropriate, implement tunnel mode IPsec and/or transport mode IPsec. It is further noted that, in both transport mode IPsec and tunnel mode IPsec, more than one ESP (Encapsulating Security Payload) Security Association (SA) can be defined for a sender. It is further noted that these multiple SA's can be used on the same data link, direction, and/or destination IP address, and that a different encryption algorithm can be defined for each SA. The different SA's can be identified by the value of the Security Parameter Index (SPI) field in the ESP header of each packet. ESP authentication functionality could be used for each SA to provide IP packet source authentication.
- SPI Security Parameter Index
- null encryption could be defined for the SA of the path carrying packets to be dispatched in an unencrypted manner, while a non-null encryption algorithm could be defined for the SA of the path carrying packets to be dispatched in an encrypted manner.
- a recipient node may receive IP packets directed to a unicast or multicast address that it is associated with.
- the node could be associated with a multicast address by having joined a corresponding multicast group.
- a node may act to determine what key, if any, needs to be applied in order to access the packet's payload (step 203). This could be achieved, for instance, by analyzing one or more indications contained in one or more of the packet's headers.
- One analyzed indication could, for instance, be one of the sort noted above that conveys the data entity transmission with which the packet is associated.
- Another analyzed indication could be one of the sort noted above that conveys which key should be applied to access the packet's payload.
- Analysis of the indication could include, for instance, consulting a lookup table correlating such indications with certain keys possessed by the node,
- the lookup table could be populated, for instance, at the time that the node received keys.
- Keys and/or lookup table could, for instance, be distributed manually by having the data entered by an employee at a store, kiosk, or the like set up by a media provider and/or service provider.
- keys and/or lookup table data could be distributed over a network in an encrypted manner such that the recipient could perform decryption using a key that the user already possesses.
- public key- private key encryption could be used, and the key that the user already possessed could be, for instance, the user's established private key.
- the analysis and/or key application could be performed, for example, by networking stack software and/or other software operating on the node.
- the networking stack and/or other software could perform additional processing on the packet payload (step 207) and then, for instance, pass the result to application software modules operating on the node (step 209).
- the networking stack and/or additional software could act to identify the data entity transmission with which a particular packet was associated. This could involve consideration of a data entity transmission identifier of the sort noted above.
- the network stack and/or additional software might not perform any additional processing on the packet payload. Instead, it could pass the packet payload to additional networking stack and/or additional software. This additional networking stack and/or additional software could be responsible for performing further processing on the packet payload and then, for instance, pass the result to application software modules operating on the node.
- a recipient terminal may receive IP packets directed to a unicast or multicast address that it is associated with.
- the receiving node In cases where packets are received via multicast, the receiving node might need to perform a plurality of join operations. For instance, the receiving node might perform a join operation for each tunnel via which packets are received. Similarly, where a terminal is to receive multicasted packets via a plurality of interfaces (e.g., DVB-T or UMTS), the node might perform a join operation for each interface. For embodiments where packets are received both via one or more tunnels and via a manner that does not employ IPsec, the terminal might perform a join operation for each tunnel and for the interface over which packets are received in a manner that does not employ IPsec.
- a plurality of join operations e.g., the receiving node might perform a join operation for each tunnel via which packets are received.
- the terminal might perform a join operation for each tunnel and for the interface over which packets are received in a manner that does not employ IPsec.
- a receiving terminal unlike is the case of embodiments where IPsec transport mode is used, might not need to examine individual packets to determine what key, if any, is needed to access packet payload. Instead, each tunnel employed could be relied upon, perhaps via the operation of networking stack and/or additional software operating of the terminal, to present to yield effectively unencrypted packets at the its endpoint. Such could be the case whether a tunnel supplies one flow or a plurality of flows.
- ratios and/or patterns may be applied to stipulate which packets of a data entity will be dispatched in an encrypted manner and which of those will be dispatched in an unencrypted manner. It is noted the same ratio and/or pattern could be applied for the entire transmission of a data entity. Furthermore, in certain embodiments, multiple ratios and/or patterns could be applied to the transmission of a particular data entity. Thus, for example, a first ratio and/or pattern could be applied to the first half of the transmission of a data entity, and a second ratio and/or pattern could be applied to the second half of the transmission.
- a pattern could be applied which relied upon a mathematical progression to stipulate which packets should be dispatched in an encrypted manner.
- an arithmetic progression pattern could be applied that stipulated that every n* packet (e.g., every 6 th packet) be dispatched in an encrypted manner.
- an extended arithmetic progression pattern could be applied that stipulated that a block of x packets should be dispatched in an encrypted manner every y packets (e.g., a block of 5 packets should be dispatched in an encrypted manner every 75 packets).
- Patterns based on geometric progressions, or mathematical progressions other than geometric or arithmetic progressions, might also be applied.
- a pattern could be applied which made use of a distribution or modification thereof to stipulate which packets should be dispatched in an encrypted manner. For instance, a Gaussian, pseudo-Gaussian, lognormal, or pseudo-lognormal distribution could be applied. As yet another example, a random pattern could be applied which resulted in a certain ratio of packets being dispatched in an encrypted manner. More generally, it is noted that various other patterns, both arbitrary and meaningful, could be applied to stipulate which packets should be dispatched in an encrypted manner.
- Figs. 3a-3d Shown in Figs. 3a-3d are exemplary patterns for stipulating packets to be dispatched in an encrypted manner. Included in Figs. 3a-3d are packets to be dispatched in an encrypted manner 301 and packets to be dispatched in an unencrypted manner 303.
- Fig. 3a shows a pattern based on an arithmetic progression that provides a 9: 1 unencrypted packet encrypted packet ratio over 10 packets.
- Fig. 3b shows a pattern based on an extended arithmetic progression that provides a 9: 1 unencrypted packet to encrypted packet ratio over 100 packets.
- 3c shows a pseudo-Gaussian pattern that provides a 1:9 encrypted packet to unencrypted packet ratio over 100 packets.
- Fig. 3d shows a random pattern that provides a 9: 1 unencrypted packet to encrypted packet ratio over 100 packets.
- certain factors may be taken into account in establishing ratios, patterns, and/or the like regarding which packets of a data entity should be dispatched in an encrypted manner. For instance, in considering the establishment of a ratio of packets dispatched in an unencrypted manner to number of packets dispatched in an encrypted manner, it might be recognized that increasing the ratio could have the benefit of lowering the amount of decryption processing that needed to be done at a receiving node. As noted above, such could provide benefits such as less power consumption at the receiving node. On the other hand, increasing this ratio could result in the data entity transmission being more prone to receipt by unintended recipients. Accordingly, it might be desirable to choose a ratio that made a compromise between these effects.
- one approach could be to determine the highest ratio that would still provide acceptable prevention of data entity use by unintended recipients. Such a determination could take into account factors such as, for example, the type of data entity, the fee charged to those who wish to receive the data entity legitimately, the ephemerality of the data entity, a confidential nature of the data entity, the particular nature of the data entity, and so on.
- a high unencrypted packet to encrypted packet ratio may be possible for the transmission of software, as a small amount of missing data can render software inoperative.
- a lower ratio might be required for the transmission of stream- type content such as MP3 audio and Realplayer video, as such content may provide a certain level of functionality even when certain of its data is missing even though that level may be perceived as intolerable. For instance, a Realplayer video stream or file missing some data might result only in dropped video frames.
- factors such as a fee charged, ephemerality, and/or particularities may also be taken into account when deciding upon the ratio to be employed for the transmission of a data entity. Such factors may be useful, for instance, when determining a transmission ratio for data entity types, such as stream type content, where a certain level of functionality can be offered by a transmission even what certain of its data is missing. For instance, suppose a data entity transmission corresponded to a live video feed of a Las Vegas boxing match for which the cost to legitimately receive the data entity transmission was relatively high.
- the ratio might need to be set relatively low, with the rationale being that the high price associated with the data entity transmission could result in users being reluctant to pay so long as even a moderately acceptable viewing experience could be had without paying.
- the ratio could be set relatively high when transmitting a classical music data entity.
- the ratio chosen may be the highest possible while still preventing an unintended recipient from being able to discern the nature of the transmitted data entity.
- Factors could be discovered and/or refined via user testing in a number of ways. For instance, test users could be presented with data entities suffering from various levels of packet loss.
- the data entities presented could be of various types. For instance, video data entities and music data entities could be presented. Further, specific data entities (e.g., specific films or musical pieces) could be presented. The users could be questioned as to their satisfaction with the data entities.
- the questions could, perhaps, be presented within certain scenario frameworks. For instance, a user, after being presented with a football game video suffering from missing packets, could be asked how satisfied she would be with the flawed video if the price for legitimate receipt was a specified number of Euros.
- a user could be presented with data entities of mock confidential natures, and quizzed on her ability to discern the nature of the data entity.
- Certain embodiments of the present invention may employ forward error correction (FEC) in packet delivery.
- FEC forward error correction
- Such FEC may be implemented in a number of ways.
- Open System Interconnect Layer 3 FEC may be implemented in a non-interleaved fashion by dividing data to be dispatched into error correction blocks of N consecutive data segments, and inserting M redundant error correction segments within every block.
- the error correction segments of an error correction block may be calculated based on the data segments in that block. If at least N segments out of the N + M segments in a block are received correctly, then any missing data segments are expected to be reconstructable. On the other hand, a burst error damaging more than M consecutive segments may cause one or more data segments to be lost at the receiver end.
- An example of such FEC is shown in Fig. 4a. Included in Fig. 4a are error correction blocks 401, error correction segments 403, and data segments 405.
- Open System Interconnect (OSI) Layer 3 FEC could be implemented in an interleaved fashion by dividing data to be dispatched into error correction blocks of N consecutive data segments and creating M redundant error correction segments for each block. As an example, the segments could then be dispatched in such an order that the data segments corresponding to a certain number of blocks would be dispatched before the error correction segments corresponding to those blocks. In general, FEC will perform better where segments are positioned as far from other segments of the same block as and the order of segments does not generally affect this performance. Thus, the segments of a block that are the closest determine the weakest point in the FEC. An example of such an FEC implementation is shown in Fig. 4b. In Fig.
- 4b segments are labeled in the form a.b, where a is the ordinal of an error correction block and b is the ordinal of a data segment 405 within the error correction block a.
- the error correction segment 403 of the error correction block a is identified as a.X.
- Fig. 4b first dispatched the first data segments corresponding to each of four error correction blocks.
- Next dispatched are the second data segments corresponding to each of four error correction blocks, and then the third data segments corresponding to each of four error correction blocks.
- the error correction segments corresponding to each of four error correction blocks are dispatched.
- An interleaved FEC implementation is expected to provide better protection against burst error than an non- interleaved implementation, allowing for a burst of up to length total number of segments /N before data loss.
- a burst of up four segments could be tolerated without data loss.
- data is transmitted as a series of packets with certain of the packets being dispatched in an unencrypted manner and certain of the packets being dispatched in an encrypted manner.
- the encrypted packets are effectively lost packets, while the unencrypted packets are effectively properly received packets.
- the use of FEC in data transmission can allow a recipient node to reconstruct the data carried by lost packets, effectively counteracting the loss.
- the ratio and/or pattern corresponding to which packets are dispatched in an encrypted manner may need to be selected to prevent FEC from operating at unauthorized receiving nodes to reconstruct data hidden in encrypted packets. Such FEC operation could effectively allow unauthorized recipients to have access to such hidden data.
- One approach could be to set the unencrypted packet to encrypted packet ratio high enough that, even with FEC reconstruction operating on an unauthorized recipient node, the user associated with the node would be presented with a data entity that suffered enough from effective packet loss to not be of value to the user. Determination of this ratio could take into account the particular FEC implementation being employed, suggestions by experts such as those of the sort noted above, and/or data garnered from user testing.
- Another approach could be to specify that there be consecutive sequences of packets to be dispatched in an encrypted manner with the sequences being of sufficient length to effectively introduce at unauthorized recipient nodes burst error of sufficient length to overwhelm FEC data recovery efforts. For instance, setting sequence length to be total number of segments /N would be expected to cause data loss in the FEC implementations noted above.
- a technique for applying the present invention in a network environment that employs FEC operating at OSI Level 3 or higher may be to alter the network environment to support FEC operating at OSI Level 2 or lower, and to use such an FEC mode in the dispatch of packets in accordance with the present invention.
- FEC performed on data packets after the encryption has been performed will not reduce the security in any case and this may be used in system design to determine the relative OSI layer at which both FEC and encryption are performed.
- packets may be dispatched via a transmission mode, protocol, system, or the like wherein packets are retransmitted via periodic retransmissions and/or in conjunction with an automatic repeat request (ARQ) implementation.
- ARQ automatic repeat request
- One such approach could be to have all or some retransmitted packets be dispatched in an encrypted manner.
- the encryption employed for such retransmissions could be of a lower level that the encryption employed during original transmissions, perhaps helping to lessen overall decryption burden at authorized recipient nodes.
- all or some of the packets initially dispatched in an encrypted manner could be retransmitted over a different link than the one employed in initial transmission. For instance, in the case where initial transmission involved the use of IPsec over a link that was not inherently encrypted, IPsec might not be employed in retransmission and instead a link offering inherent encryption (e.g., encrypted UMTS) could be used.
- Yet another approach could be to have the pattern for dispatching encrypted packets for retransmissions be the same as the pattern employed in initial transmission, so that if a particular packet was initially dispatched in an encrypted manner it would be sent in an encrypted manner in retransmission. It is noted that such an approach may not be applicable for embodiments where it is not known which particular packets were dispatched in an encrypted manner and which particular packets were dispatched in an unencrypted manner.
- various of the techniques described above for specifying which packets of a data entity should be dispatched in an encrypted manner and which packets of that data entity should be dispatched in an unencrypted manner could be applied so that more than one encryption algorithm and/or key is employed in packet dispatch.
- various of the above techniques could be employed such that certain of the packets to be dispatched in an encrypted manner are dispatched using a weaker encryption and others of those packets are dispatched using a stronger encryption. Such an implementation could result in less decryption processing overhead at authorized recipient nodes than if all of the packets to be dispatched in an encrypted manner were dispatching using the stronger encryption. As another example, various of the above techniques could be employed such that certain of the packets to be dispatched in an unencrypted manner are dispatched using a relatively weak encryption algorithm rather than none at all.
- user testing and/or expert advice could be employed in the determination of how more than one encryption algorithm and/or key be employed in packet dispatch. Such user testing and/or expert advice could be similar in nature to the user testing and expert advice described above.
- Certain devices employed in accordance with the present invention may be implemented using computers.
- the above-noted nodes may be implemented using network-capable computers.
- a receiving node could be a wireless terminal.
- certain procedures and the like described herein may be executed by or with the help of computers.
- computer refers but are not limited to a processor card smart card, a media device, a personal computer, an engineering workstation, a PC, a Macintosh, a PDA, a wired or wireless terminal, a server, a network access point, a network multicast point, or the like, perhaps running an operating system such as OS X, Linux, Darwin, Windows CE, Windows XP, Palm OS, Symbian OS, or the like, perhaps with support for Java or .Net.
- exemplary computer 5000 as shown in Fig. 5 includes system bus 5050 which operatively connects two processors 5051 and 5052, random access memory (RAM) 5053, read-only memory (ROM) 5055, input output (I/O) interfaces 5057 and 5058, storage interface 5059, and display interface 5061.
- Storage interface 5059 in turn connects to mass storage 5063.
- I/O interfaces 5057 and 5058 may be an Ethernet, IEEE 1394, IEEE 802.1 lb, Bluetooth, DVB-T, DVB-S, digital audio broadcast (DAB), GPRS, UMTS, or other interface known in the art.
- Mass storage 5063 may be a hard drive, optical drive, or the like.
- Processors 5057 and 5058 may each be a commonly known processor such as an IBM or Motorola PowerPC, an AMD Athlon, an AMD Opteron, an Intel ARM, an Intel XScale, a Transmeta Crusoe, or an Intel Pentium.
- Computer 5000 as shown in this example also includes an display unit 5001, a keyboard 5002 and a mouse 5003. In alternate embodiments, keyboard 5002, and/or mouse 5003 might be replaced with a touch screen, pen, or keypad interface.
- Computer 5000 may additionally include or be attached to card readers, DVD drives, or floppy disk drives whereby media containing program code may be inserted for the purpose of loading the code onto the computer.
- a computer may run one or more software modules and/or additional software designed to perform one or more of the above- described operations, the modules and/or additional software being programmed using a language such as Java, Objective C, C, C#, or C++ according to methods known in the art. It is noted that any described division of operations among particular software modules and/or additional software is for purposes of illustration, and that altemate divisions of operation may be employed. Accordingly, operations discussed as being performed by one software module and/or additional software item might instead be performed by a plurality of software modules and/or additional software. Similarly, operations discussed as being performed by a plurality of modules and/or additional software might instead be performed by a single module and/or additional software item.
- embodiments of the invention disclose certain software modules and/or additional software as operating on certain devices, in alternate embodiments these modules might be distributed to run on other devices than those stated. For instance, one or more modules disclosed to be running on a sending node might instead run on a receiving node or vice versa. As another example, operations disclosed as being performed by a particular node might instead be performed by a plurality of nodes and/or other devices. It is further noted that, in various embodiments, grid computing techniques may be employed.
- Terminal node 6000 of Fig. 6 may be used in any/all of the embodiments described herein.
- the terminal 6000 comprises a processing unit CPU 603, a multi-carrier signal terminal part 605 and a user interface (601, 602).
- the multi- carrier signal terminal part 605 and the user interface (601, 602) are coupled with the processing unit CPU 603.
- the user interface (601, 602) comprises a display and a keyboard to enable a user to use the terminal 6000.
- the user interface (601, 602) comprises a microphone and a speaker for receiving and producing audio signals.
- the user interface (601, 602) may also comprise voice recognition (not shown).
- the processing unit CPU 603 comprises a microprocessor (not shown), memory 604 and possibly software.
- the software can be stored in the memory 604.
- the microprocessor controls, on the basis of the software, the operation of the terminal 6000, such as the receiving of the data stream, the tolerance of the impulse burst noise in the data reception, displaying output in the user interface and the reading of inputs received from the user interface .
- the operations are described above.
- the hardware contains circuitry for detecting the signal, circuitry for demodulation, circuitry for detecting the impulse, circuitry for blanking those samples of the symbol where significant amount of impulse noise is present, circuitry for calculating estimates, and circuitry for performing the corrections of the corrupted data.
- the terminal 6000 can be a hand-held device which the user can comfortably carry.
- the terminal 6000 can be a cellular mobile phone which comprises the multi- carrier signal terminal part 605 for receiving the multicast transmission stream. Therefore, the terminal 6000 may possibly interact with the service providers.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Multimedia (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Quality & Reliability (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP03751182A EP1556988A4 (en) | 2002-10-28 | 2003-10-20 | System and method for partially-encrypted data transmission and reception |
AU2003269400A AU2003269400A1 (en) | 2002-10-28 | 2003-10-20 | System and method for partially-encrypted data transmission and reception |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/281,507 | 2002-10-28 | ||
US10/281,507 US20040083360A1 (en) | 2002-10-28 | 2002-10-28 | System and method for partially-encrypted data transmission and reception |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2004038996A1 true WO2004038996A1 (en) | 2004-05-06 |
Family
ID=32107165
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/IB2003/004678 WO2004038996A1 (en) | 2002-10-28 | 2003-10-20 | System and method for partially-encrypted data transmission and reception |
Country Status (6)
Country | Link |
---|---|
US (1) | US20040083360A1 (en) |
EP (1) | EP1556988A4 (en) |
KR (1) | KR20050071625A (en) |
CN (1) | CN1717894A (en) |
AU (1) | AU2003269400A1 (en) |
WO (1) | WO2004038996A1 (en) |
Families Citing this family (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7362780B2 (en) * | 2002-12-11 | 2008-04-22 | Nokia Corporation | Avoiding compression of encrypted payload |
US7577837B1 (en) * | 2003-04-17 | 2009-08-18 | Cisco Technology, Inc. | Method and apparatus for encrypted unicast group communication |
US8078164B2 (en) | 2004-01-06 | 2011-12-13 | Vasu Networks Corporation | Mobile telephone VOIP/cellular seamless roaming switching controller |
EP1738538B1 (en) | 2004-01-06 | 2018-08-08 | Vasu Networks Corporation | Telephone with automatic switching between cellular and voip networks |
US8913604B2 (en) * | 2004-01-06 | 2014-12-16 | Vasu Networks Corporation | Access point with controller for billing and generating income for access point owner |
US10419996B2 (en) | 2004-01-06 | 2019-09-17 | Vasu Networks Corporation | Mobile device with automatic switching between cellular and wifi networks |
US10320989B2 (en) | 2005-02-11 | 2019-06-11 | Vasu Networks Corporation | Access point with controller for billing and generating income for access point owner |
US8533454B2 (en) * | 2006-09-25 | 2013-09-10 | Qualcomm Incorporated | Method and apparatus having null-encryption for signaling and media packets between a mobile station and a secure gateway |
KR20090002939A (en) * | 2007-07-05 | 2009-01-09 | 삼성전자주식회사 | A method of transmitting and receiving video data in a digital broadcasting service and an apparatus thereof |
KR100888075B1 (en) * | 2008-04-28 | 2009-03-11 | 인하대학교 산학협력단 | An encryption and decryption system for multicast using a personal symmetric key |
JP2010034860A (en) * | 2008-07-29 | 2010-02-12 | Fujitsu Ltd | Ip network communicating method which has security function, and communicating system |
CN102318313B (en) * | 2009-02-16 | 2015-04-01 | 瑞典爱立信有限公司 | Non-encrypted network operation solution |
US8289970B2 (en) * | 2009-07-17 | 2012-10-16 | Microsoft Corporation | IPSec encapsulation mode |
WO2012129546A2 (en) * | 2011-03-23 | 2012-09-27 | Selerity, Inc. | Securely enabling access to information over a network across multiple protocols |
CN102254127A (en) * | 2011-08-11 | 2011-11-23 | 华为技术有限公司 | Method, device and system for encrypting and decrypting files |
CN102427399B (en) * | 2012-01-09 | 2014-07-16 | 北京邮电大学 | Secure network coding method for optical networks based on source information encryption |
US8996962B2 (en) * | 2012-08-23 | 2015-03-31 | Broadcom Corporation | Chase coding for error correction of encrypted packets with parity |
JP2014099752A (en) * | 2012-11-14 | 2014-05-29 | Fujitsu Ltd | Communication device, communication system, and encryption algorithm execution method for the same communication system |
KR102146757B1 (en) * | 2018-11-08 | 2020-08-21 | 한국스마트인증 주식회사 | Method for Statement Confirmation, Enrollment of Identity Repository Module, and Entity Authentication, which Guarantees Anonymity While Preventing Sybil Attack |
US12063207B2 (en) * | 2021-09-28 | 2024-08-13 | Fortinet, Inc. | Non-interfering access layer end-to-end encryption for IOT devices over a data communication network |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5983350A (en) * | 1996-09-18 | 1999-11-09 | Secure Computing Corporation | Secure firewall supporting different levels of authentication based on address or encryption status |
US6385647B1 (en) * | 1997-08-18 | 2002-05-07 | Mci Communications Corporations | System for selectively routing data via either a network that supports Internet protocol or via satellite transmission network based on size of the data |
US6400695B1 (en) * | 1998-05-22 | 2002-06-04 | Lucent Technologies Inc. | Methods and apparatus for retransmission based access priority in a communications system |
US6415031B1 (en) * | 1999-03-12 | 2002-07-02 | Diva Systems Corporation | Selective and renewable encryption for secure distribution of video on-demand |
US6449718B1 (en) * | 1999-04-09 | 2002-09-10 | Xerox Corporation | Methods and apparatus for partial encryption of tokenized documents |
Family Cites Families (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5253294A (en) * | 1983-02-22 | 1993-10-12 | At&T Bell Laboratories | Secure transmission system |
US6012144A (en) * | 1996-10-08 | 2000-01-04 | Pickett; Thomas E. | Transaction security method and apparatus |
JP2002044135A (en) * | 2000-07-25 | 2002-02-08 | Mitsubishi Electric Corp | Encryption device and encryption communication system |
US7165175B1 (en) * | 2000-09-06 | 2007-01-16 | Widevine Technologies, Inc. | Apparatus, system and method for selectively encrypting different portions of data sent over a network |
KR100413682B1 (en) * | 2001-03-26 | 2003-12-31 | 삼성전자주식회사 | Method for controlling transmission and reception of data including ciphered data stream |
US6795554B2 (en) * | 2001-04-05 | 2004-09-21 | Inner Vision Imaging, Llc | Method of transmitting medical information over a network |
US7151831B2 (en) * | 2001-06-06 | 2006-12-19 | Sony Corporation | Partial encryption and PID mapping |
US7197768B2 (en) * | 2001-07-09 | 2007-03-27 | Advanced Micro Devices, Inc. | Software modem for communicating data using encrypted data and unencrypted control codes |
US7242773B2 (en) * | 2002-09-09 | 2007-07-10 | Sony Corporation | Multiple partial encryption using retuning |
US6948067B2 (en) * | 2002-07-24 | 2005-09-20 | Qualcomm, Inc. | Efficient encryption and authentication for data processing systems |
US6950517B2 (en) * | 2002-07-24 | 2005-09-27 | Qualcomm, Inc. | Efficient encryption and authentication for data processing systems |
US7254233B2 (en) * | 2002-07-24 | 2007-08-07 | Qualcomm Incorporated | Fast encryption and authentication for data processing systems |
US7305084B2 (en) * | 2002-07-24 | 2007-12-04 | Qualcomm Incorporated | Fast encryption and authentication for data processing systems |
US7620185B2 (en) * | 2004-09-15 | 2009-11-17 | Nokia Corporation | Preview of payable broadcasts |
-
2002
- 2002-10-28 US US10/281,507 patent/US20040083360A1/en not_active Abandoned
-
2003
- 2003-10-20 KR KR1020057007221A patent/KR20050071625A/en not_active Application Discontinuation
- 2003-10-20 CN CNA200380104229XA patent/CN1717894A/en active Pending
- 2003-10-20 AU AU2003269400A patent/AU2003269400A1/en not_active Abandoned
- 2003-10-20 EP EP03751182A patent/EP1556988A4/en not_active Withdrawn
- 2003-10-20 WO PCT/IB2003/004678 patent/WO2004038996A1/en not_active Application Discontinuation
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5983350A (en) * | 1996-09-18 | 1999-11-09 | Secure Computing Corporation | Secure firewall supporting different levels of authentication based on address or encryption status |
US6385647B1 (en) * | 1997-08-18 | 2002-05-07 | Mci Communications Corporations | System for selectively routing data via either a network that supports Internet protocol or via satellite transmission network based on size of the data |
US6400695B1 (en) * | 1998-05-22 | 2002-06-04 | Lucent Technologies Inc. | Methods and apparatus for retransmission based access priority in a communications system |
US6415031B1 (en) * | 1999-03-12 | 2002-07-02 | Diva Systems Corporation | Selective and renewable encryption for secure distribution of video on-demand |
US6449718B1 (en) * | 1999-04-09 | 2002-09-10 | Xerox Corporation | Methods and apparatus for partial encryption of tokenized documents |
Non-Patent Citations (1)
Title |
---|
See also references of EP1556988A4 * |
Also Published As
Publication number | Publication date |
---|---|
EP1556988A1 (en) | 2005-07-27 |
US20040083360A1 (en) | 2004-04-29 |
AU2003269400A1 (en) | 2004-05-13 |
CN1717894A (en) | 2006-01-04 |
KR20050071625A (en) | 2005-07-07 |
EP1556988A4 (en) | 2007-06-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20040083360A1 (en) | System and method for partially-encrypted data transmission and reception | |
US8175278B2 (en) | Key management messages for secure broadcast | |
Ahsan | Covert channel analysis and data hiding in TCP/IP | |
CN101854590B (en) | Method and apparatus for header compression in a wireless communication system | |
KR101527979B1 (en) | Information transmission security method | |
CN102088441B (en) | Data encryption transmission method and system for message-oriented middleware | |
JPH11187013A (en) | Cryptographic key distribution system | |
US20130254614A1 (en) | System and methods for error tolerant content delivery over multicast channels | |
CN101310473A (en) | Air-interface application layer security for wireless networks | |
Zhang et al. | Energy efficiency of encryption schemes applied to wireless sensor networks | |
WO2016015222A1 (en) | Data encryption and transmission method and device | |
CN102088352B (en) | Data encryption transmission method and system for message-oriented middleware | |
Abdullaziz et al. | Network packet payload parity based steganography | |
RU2356170C2 (en) | Method and device for protection in system of data processing | |
Tiloca et al. | GREP: A group rekeying protocol based on member join history | |
WO2008156514A2 (en) | Low complexity encryption method for content that is coded by a rateless code | |
CN1864386A (en) | Naming of 802.11 group keys to allow support of multiple broadcast and multicast domains | |
US20130276065A1 (en) | System and methods for receiving and correcting content transmitted over multicast channels | |
Zhang et al. | A stealthy covert storage channel for asymmetric surveillance VoLTE endpoints | |
Challal et al. | H2A: Hybrid hash-chaining scheme for adaptive multicast source authentication of media-streaming | |
US8631313B2 (en) | Method of error detection for wireless transmission | |
Setia et al. | A scalable and reliable key distribution protocol for multicast group rekeying | |
Venkadesh et al. | Techniques to enhance security in SCTP for multi-homed networks | |
Aslan | A hybrid scheme for multicast authentication over lossy networks | |
US20040008840A1 (en) | Secure telecommunications system for wireless local area networks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2003751182 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1020057007221 Country of ref document: KR |
|
WWE | Wipo information: entry into national phase |
Ref document number: 20038A4229X Country of ref document: CN |
|
WWP | Wipo information: published in national office |
Ref document number: 1020057007221 Country of ref document: KR |
|
WWP | Wipo information: published in national office |
Ref document number: 2003751182 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: JP |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: JP |