SYSTEM AND METHOD FOR SECURE DATA HANDLING OVER A NETWORK
FIELD OF THE INVENTION
This invention relates to a method, system, receiver, and data structure for the controlled use of data.
BACKGROUND OF THE INVENTION
Increasingly the Internet is used as a source of data and for electronic commerce. One of the drawbacks of the Internet is the inability of data providers to control data on the Internet even though such data may comprise intellectual property (e.g., copyright material) or personal data. Even if data is encrypted and a key for decryption provided only once a user pays a fee, once decrypted by the user, multiple copies of the "plain text" data may readily be made without knowledge of the data provider. This problem arises even with the use of data metering schemes since such schemes may be defeated without great difficulty. Thus, while personal and proprietary data have value, a method to securely handle the use of valued data in cyberspace does not exist. Accordingly, much of the data on the Internet is freely available even though some of this data could have an economic value if its use could be controlled.
Therefore, there is a need for approaches which allow for controlling the use of data on networks.
SUMMARY OF THE INVENTION
The present invention provides a data structure which may be analogised to a biological cell. The nucleus comprises encrypted payload data components, the cytoplasm, rules for decryption, and the cell wall, a plain text description of the payload data and a digest created at least in part from the plain text description. A special purpose receiver
uses the plain text description and digest in checking the genuineness of the cell and will only decrypt data in the cell in accordance with the rules for decryption. In some embodiments, the receiver outputs only drive voltages, rather than the decrypted data itself.
According to the present invention, there is provided a method for the controlled use of payload data on a network, comprising: receiving encrypted payload data; receiving an encrypted rules key, said rules key encrypted with a public key; receiving control data, said control data comprising rules for decryption of said payload data; decrypting said rules key with a private key paired with said public key; and decrypting said encrypted payload data utilising said decrypted rules key in accordance with said rules for decryption.
According to another aspect of the present invention, there is provided a method for the controlled use of payload data, comprising: receiving payload data, verification data, and an encrypted verification digest; receiving a hash algorithm for verification; hashing said received verification data with said hash algorithm to obtain a derived verification digest; receiving a digest key; decrypting said encrypted verification digest with said digest key; and comparing said derived verification digest with said decrypted verification digest to determine whether said payload data is genuine.
According to a further aspect of the invention, there is provided a method for the controlled use of payload data, comprising: establishing a temporary rules key; encrypting each of a plurality of payload data components with said rules key; receiving a request for certain data components; receiving a key; encrypting said rules key with said received key; sending said encrypted rules key and encrypted payload data components represented by said request.
In an aspect of the present invention, there is provided a receiver for the controlled use of payload data, comprising; a persistent memory for storing a secret key and an identification number; a volatile memory for temporarily storing decrypted payload data; an interface to a data network; an interface for outputting signals in response to contents of said volatile memory; a processor for: receiving encrypted payload data; receiving control data
comprising a payload data key and rules for decryption of said payload data; decrypting said encrypted rules key with said secret key; decrypting said encrypted payload data with said decrypted rules key in accordance with said rules for decryption; and passing said decrypted payload data to said interface.
According to a further aspect of the invention, there is provided a transmitter, comprising: means for establishing a temporary rules key; means for encrypting each of a plurality of payload data components with said rules key; means for receiving a request for certain data components; means for receiving a key; means for encrypting said rules key with said received key; means for sending said encrypted rules key and encrypted payload data components represented by said request.
According to another aspect of the invention, there is provided a data structure comprising: a plurality of components of encrypted payload data; for each of said plurality of encrypted payload data components, rules data providing rules for decryption; a plain text description of said plurality of encrypted payload data components and a digest created at least in part from said plain text description.
According to yet a further aspect of the invention, there is provide a method of initialising a data access and control device having an identification number stored in secure memory, comprising: on receiving an initialisation request, utilising a random number generator to construct a public/private key pair; outputting said identification number and said public key; and storing said private key in said secure memory.
The present invention allows individuals to specify uses for their data and have protections against use of the data in any other way, even though they are not physically present when the data is being used. Also, an individual can place a value on their data and receive payment of the specified amount each time the data is used.
With the present invention, a data owner can circulate copies of its data on a network such as the Internet but control use of the data so as to create a revenue generating entity.
Thus, with this invention, use of proprietary data such as videos, music and software can be restricted in a manner specified by the owner and protections are provided against illegitimate copying.
The present invention has application in protecting copyright, in protecting personal privacy, and in generating revenue.
BRIEF DESCRIPTION OF THE DRAWINGS
In the figures which disclose an example embodiment of the invention, figure 1 is a schematic diagram of a system made in accordance with this invention, figure 2 is a schematic diagram detailing a portion of figure 1 , figure 3 is a schematic illustration of a data structure used in the system of figure 1 , figures 4A,4B, and 4C are flow diagrams for a portion of the system of figure 1 , figure 5 is a schematic illustration of another data structure used in the system of figure 1, and figure 6 is a flow diagram for another portion of the system of figure 1.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
With reference to figure 1, a system 10 for the controlled use of data comprises servers 12a, 12b, computers 14a, 14b, and a certification authority (CA) 15 connected to a network 16. The network may be a public network, such as the Internet. Data may be uploaded to a server 12a by a terminal 18 associated therewith. A card docking station 20 is connected to computer 14 via data path 22 and to an output system 26 via lines 24a, 24b. By way of example, the output system may be an audio system or a liquid crystal display (LCD). The docking station may receive a data access and control card 30.
Card 30 is detailed in figure 2. Turning to figure 2 along with figure 1, card 30
comprises a user interface 34 and an output interface 36 (which can include digital to analog conversion circuitry). When the card is docked in docking station 20 the user interface is connected to path 22 and the output interface is connected to lines 24a, 24b. Card 30 also comprises a persistent memory 40, a volatile memory 42, and a random number generator 44, each connected to a processor 50. The processor 50 also connects to each of the interfaces 34 and 36. The persistent memory and some appropriate circuitry within card 30 (such as processor 50) may comprise a field programmable mixed signal array (FPMA) in which a private key and a card identification number is stored. As will be appreciated by those skilled in the art, information stored in an FPMA is virtually impossible to obtain by unauthorised probing. In view of processor 50 in card 30, card 30 may be considered a smart card.
The set up required to use the system 10 is described from the perspective of the data provider and the data user.
With reference to figure 3, a data provider creates a data structure patterned after a biological cell, as follows. The data provider first divides valued data (payload data) into economic components and encrypts each component with a secret (i.e., symmetric) key. This results in encrypted payload data components 82a, 82b, 82c which may be considered the "nucleus" of a "cell" 80. The data provider constructs rules for the use of the data of each component. These rules are encrypted by the secret key of the data provider to obtain a control component 84 associated with the encrypted payload data components as "cell cytoplasm". Lastly, the data provider associates "metadata" 86 with the encrypted payload data components. This metadata comprises (i) a plain text portion 87 identifying the data provider and describing the payload data and, possibly, its rules and cost of use (as will become apparent, portion 87 also acts as verification data) and (ii) an encrypted digest 88 for use by a user in verifying she has reached a genuine data provider. The digest is created by passing the plain text portion 87 through a one-way hash algorithm. The digest is then encrypted by the data provider's private (asymmetric) key. The metadata may be considered as the "cell wall", which is visible to the outside world.
The "cell" 80 may reside on a server 12a, 12b or the cell may be contained in an intelligent agent structure such that the cell may circulate on the network 16.
The data provider publishes (possibly through a certification authority) the hash algorithm and a public key which is paired with the data provider's private key.
Returning to figures 1 and 2, a prospective user of payload data may obtain a data access and control card 30 from certification authority 15 (or an affiliated agency). The card has an identification number in its persistent memory 40. During initialisation of the card, processor 50 operating under an appropriate algorithm, in conjunction with random number generator 44, generates a public/private key pair. The private key is stored within the secure environment of persistent memory 40 and is never made public. The public key and identification number are output to the certification authority which keeps the public key in association with the identification number.
From the foregoing, it will be apparent that each data provider and each card has a public/private (asymmetric) key pair.
Assuming a cell 80 resides on server 12a, in operation, a user of a computer 14a may employ a web browser for network 16 to download the metadata 86 of the cell 80. If, after review of the plain text portion 87 of the metadata, the user wishes to obtain one of the payload data components of cell 80, the user may insert her card 30 in docking station 20 and download the metadata 86 to the user interface 34 of the card 30 on path 22. With reference to figure 4A along with figures 1 to 3, processor 50 of card 30 receives this information (S102) and then verifies that the cell 80 was created by the data provider identified in the metadata, as follows. The processor first obtains the hash algorithm and public key published for the data provider identified with the cell (S104). The algorithm and key may be obtained by the user from a published source using the identity of the data provider in the plain text portion of the metadata and passed to the card 30 via the user interface 34. The processor then hashes the plain text portion of the metadata into a new digest (S106) and uses the data provider's public key to decipher the encrypted digest
received with the metadata (S108). The decrypted digest and new digest are then compared (SI 10). If they match, the metadata obtained is considered to be genuinely from the data provider indicated in the plain text portion. The processor 50 therefore sends an indication of this to the user via user interface 34 (SI 12); otherwise a non-match indication is sent (Sill).
The user may then use computer 14 to send a request for certain payload data components in the cell 80 to server 12a. The user may also be required to stipulate intended usage of the requested payload data. Any payment stipulated by the plain text portion of the metadata may also be sent, either to the server if this may be accomplished in some secure fashion, or via a separate secure network (such as a telephone network). When a request for payload data is sent, the computer also prompts the card 30 to provide its identification number. More particularly, referencing figure 4B, the processor 50 of the card 30, upon receiving this prompt (SI 14), retrieves the identification number of the card from memory 40 (SI 18) and passes this number to computer 14 for transmission to server 12a (S120).
With reference to figure 6 along with figures 1 to 3 and 5, when a request for data is received by the server 12a, if proper payment is also received, server 12a constructs a "daughter" cell 80a (figure 5) from "master" cell 80 (figure 3) for transmission to computer 14a, as follows. The encrypted payload data component(s) for the requested data, say component 82a, is retrieved and decrypted with the data provider's private key (S202). Each of these components is then re-encrypted with a temporary symmetric rules key which is created by the server especially for the purpose of the data transaction. As well, rules for the use of the requested data may be encrypted with the rules key (S204). The usage rules encrypted by the rules key comprise an encrypted control component 84a associated with the encrypted data component 82a.
The server 12a then queries the certification authority 15 with the card's identification number over network 16 (or over another network) (S206). The certification authority returns the public key associated with this identification number. Server 12a uses the card's public key to encrypt the rules key to obtain an encrypted rule key 90 (S210).
Lastly, the server obtains subsidiary metadata 86a comprising plain text, which may describe the data sent and which identifies the data provider, along with an encrypted digest. In this case, the digest is created from the complete daughter cell 80a (by passing the entire daughter cell through the one-way hash algorithm); the digest is then encrypted by the data provider's private key (S212). The encrypted data component 82a, control component 84a, subsidiary metadata 86a, and the encrypted rules key 90 comprise the daughter cell 80a which is sent to computer 14a (S214).
Computer 14a passes the daughter cell 80a to card 30. Turning to figure 4C, on obtaining the daughter cell, the processor 50 of the card first verifies that the entire cell is genuine using the digest included in subsidiary metadata 86a and the published hash algorithm and public key of the data provider, as described before (S128). The processor next obtains the card's private key from persistent memory 40 to decrypt the encrypted rules key 90 (SI 30). The rules key is then used to decrypt the rules and the data key of control component 84a. The processor 50 then decrypts the encrypted payload data component 82a using the key of component 84a in accordance with the rules of component 84a. In part, these rules may enforce the rules initially described to the user in the plain text portion 87 of the metadata of the master cell 80. For example, the rules could specify the length of time the data may be used or how many times it can be used. Also, the rules could specify that the data be output only in audio form or only as text on a CRT display. In addition, for personal data, the rules can specify that the personal identifying information never be output together with certain pieces of data that the owner considers sensitive.
The decrypted data is temporarily stored in volatile memory 42 and passed to output interface 36 such that, as data is passed to the output interface, that data is not retained in the volatile memory (SI 34).
The output interface may comprise an interface which receives a textual data input and outputs analog (or digital) drive voltages on two or more lines for an analog (or digital) LCD tablet. In such case, the output system 26 is such a tablet and the card is designed for handling textual data. Assuming then that the data output to the output interface is text of a
book, the output interface will drive the LCD tablet to display pages of the book.
Alternatively, the output interface may comprise an audio interface designed to receive digitally encoded music or digital text and output left and right audio voltages on two (or more) lines. In such case, the output system 26 could comprise a speaker preamplifier.
Optionally, card 30 could have both interfaces and appropriate switching for use of the proper interface. In such instance, the card could be used to allow for either the display or audio presentation of a book.
The advantage of this arrangement is that only analog (or digital) drive voltages are output from docking station 20, which are much less easily pirated than digital data signals. Further, a pirated recording of drive voltages would only be useful with the proper special purpose output system.
In a further embodiment, the output system 26 may be a digital storage device and the output interface 36 may output decrypted data on a digital line to the storage device. This digital data would be stripped of any association with the data provider. In this way, non-identifying data from many data providers may be obtained for data mining, and the data providers compensated for provision of the data.
In a further embodiment, the decrypted data is software. In such instance, the output system 26 may be a dumb terminal. The processor 50, on decryption of the software, establishes a fast logical connection between itself and the dumb terminal allowing execution of the software in its volatile memory 42 by processor 50 while the connection persists. (It may be possible to omit the output interface 36 in this embodiment and employ the computer 14a as the dumb terminal via user interface 34.)
If a daughter cell contains more than one data component, rather than encrypting each component with the same temporary rules key, each component may be encrypted with
a different temporary symmetric data key. In such case, the temporary data keys are encrypted with the temporary symmetric rules key and these encrypted temporary data keys become part of the control component of the daughter cell. Also, while not preferred, optionally the rules in the control component of the daughter cell are not encrypted.
Data in a daughter cell has been described as being encrypted with a symmetric (secret) temporary key, which symmetric key is encrypted by a public key of a card. The reason for this approach rather than an approach of encrypting the data itself with the card's public key is the slowness of decryption algorithms for asymmetric keys.
While the data components and rules in the master cell 80 have been described as being encrypted with the secret key of the data provider, this may not be necessary where the master cell is only ever located in a secure environment.
An advantage of the described system is that a user will never know her private key.
Obviously, a user may use their card with any computer 14 of system 10. As will be apparent, the docking station may be part of computer 14a rather than a separate component. A computer 14a operating with a card acts as a special purpose receiver. Thus, in place of a general-purpose computer 14a and a server 12a, a special purpose communication device, such as a digital phone could use the described encryption scheme to ensure private communications.
Rather than using a data access and control card 30 in the described system, a PCMIA or other suitable device capable of providing the described functionality may be used.
Other modifications within the spirit of the invention will be apparent to those skilled in the art.