JP2002510164A - Method and apparatus for communicating a secret message to selected members - Google Patents

Abstract

(57) Abstract: An encrypted broadcast messaging system (102, 103) is provided for each of the excluded subscriber devices held by each of the selected subscriber (101) devices of a group. Determine which management encryption keys will not be retained. The secret message is broken down into message parts, where there is one message part for one excluded subscriber unit, and each message part is provided by each of the selected subscriber (101) units. It is intended to be encrypted using each of the management encryption keys that are not held in each of the retained and excluded subscriber devices. Each message portion is encrypted using the management encryption key and delivered to at least the selected subscriber device, where the device sends the delivered message portion and the message portion needed to reconstruct the secret message. Identify. Each received encrypted message part is needed to reconstruct the secret message. Each received encrypted message part is decrypted using the intended management encryption key and the required message parts are combined in reconstructing the secret message at the selected subscriber device. Selected from

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

TECHNICAL FIELD OF THE INVENTION

The present invention relates generally to encrypted broadcast messaging systems, and more particularly, to a secret (such as a session encryption key) to selected members of a group in an encrypted broadcast messaging system. And b) a method and apparatus for transmitting a message. However, the present invention can also be used to encrypt digital content, such as audio, video, multimedia and software objects, and transmit them securely over a secure or untrusted channel.

[0002]

[Prior art]

Modern encrypted broadcast messaging systems can deliver encrypted messages to multiple subscriber devices (SDs) using well-known encrypted broadcast techniques. Broadcast encrypted messages typically include encrypted video, encrypted audio (voice),
Used for distribution of encrypted data. Generally, such systems operate on a subscription basis. Such a system can also deliver a message carrying the session encryption key to group subscriber devices by well-known group messaging techniques. Sessions are typically
Continue for the payment period for the subscription. Group messages have proven to be a highly efficient tool for communicating information to large groups of subscribers via a single broadcast transmission. One example of a commercial application of such a system is satellite transmission of expensive programs such as video and audio products.

[0003] Limitations of prior art encrypted broadcast messaging systems include:
A currently used session encryption key cannot be used to efficiently and secretly deliver a secret message containing the session encryption key only to selected subgroups of the members of the group, typically Means that the encryption key for the payment period for the next subscription will be another session encryption key.
That is, all subscriber devices that can receive and decrypt group messages encrypted using the current session encryption key are directed only to selected members of that group in subsequent transmissions. Another session encryption key can be decrypted. In order to prevent excluded members of the group from receiving and decrypting another session encryption key intended for the remaining members,
Addressing capabilities are built into the subscriber device to limit the retrieval of information in messages containing another session encryption key only for the addressed subscriber device. Continuing with the commercial example, the excluded member would indicate a subscriber with an expired account. This type of operation works well for many systems, but is not allowed with illegally modified subscriber devices or devices intentionally constructed to override addressing capabilities. It doesn't work well to prevent reception. Alternatively, some subscriber devices incorporate a second unique individual encryption key and provide another uniquely encrypted session encryption key to each of the plurality of selected subscriber devices of the group. Enables the separate transmission of any message, including: While this works properly for small groups and in groups where members substantially alter the authorization for reception, transmitting the session encryption key to each of the large group of individuals is
Increases traffic and is inefficient.

[0004] Thus, what is needed is a method and apparatus for communicating a secret message only to the subscriber devices of selected members of a group. Preferably, the method and apparatus retains the high efficiency of the prior art group broadcast encrypted messaging techniques while increasing the degree of exclusion of unselected members of the group and other unauthorized reception. I do.

[0005]

DISCLOSURE OF THE INVENTION

One aspect of the present invention is a method in an encrypted broadcast messaging system for communicating a secret message to a selected subscriber device of a group of subscriber devices. All subscriber devices of the group have at least first and second management encryption keys. Of course, each subscriber may have more than one encryption key, but two keys are required to achieve the minimum gain in efficiency provided by the present invention. The method determines a set (union) of managed cryptographic keys held by the selected subscriber device and each of the subscriber devices having at least one cryptographic key from the union and not selected to receive a secret message. The method includes determining the Residuum of the encryption key in the union that is not held by the subscriber device. A unique set of management encryption keys is assigned and pre-programmed to the subscriber units of the group, wherein each of any two subscriber units in the group is owned by the other subscriber unit. There is at least one management encryption key from the management encryption keys assigned to no groups, each management encryption key being distinct from all other encryption keys.
Pre-programming the management encryption key is desirable to prevent possible eavesdropping, reduce traffic load on the communication channel, and reduce the lead time before delivering the secret message, but pre-programming is necessary And not. The method further comprises decomposing the secret message into message parts, wherein at least one message part is a message part for each of the subscriber devices of the group not to be selected or to be excluded, wherein the message part Is associated with the excluded subscriber device and the management encryption key held thereby. Each message portion is intended to be encrypted using a management encryption key held by the selected subscriber device and not held by the associated excluded subscriber device. The method further includes encrypting the message portions, wherein each message portion is encrypted using at least one of the intended administrative encryption keys by encrypting a copy of each message portion. You. The method further comprises the step of delivering the required encrypted message part to at least the selected subscriber device of the group, the method being necessary to form a secret message by the subscriber with the delivered message part. Certain message parts are identified in the distribution or determined in the reception. The method further includes decrypting at least one of the encrypted message portions received at the selected subscriber device using the intended administrative encryption key. The method further includes the step of selecting sufficient decrypted message parts from the required message parts identified by the selected subscriber unit and the received message parts to form a secret message, and combining To form a secret message.

Another aspect of the present invention is a subscriber device in an encrypted broadcast messaging system for obtaining a secret message delivered to subscriber devices of selected members of a group. The subscriber device includes a receiving interface for receiving a message portion that is encrypted using the management encryption key. The subscriber device further includes a processing system connected to the receiving interface for processing the message portion. The processing system decrypts the message part using the intended management encryption key and selects at least one message part sufficient to reconstruct the secret message from the at least one decrypted message part. And forming a secret message by combining the selected message parts.

Another aspect of the present invention is a group manager (GM) for delivering secret messages only to subscriber devices of selected members of a group. The group manager includes a source interface for receiving subscriber authorizations. The authorization identifies the subscriber device to be selected to receive the secret message provided by the source. The group manager further includes a processing system coupled to the source interface for processing the authorization into a keyset, breaking the secret message into message parts, and encrypting the message parts with the keyset. The processing system further forms the message portion and the keyset into a message that can be used by the subscriber devices in the group, and identifies the delivered message portion and the message portion needed to form the secret message. . Processing systems include storage with conventional computer systems and mass storage for larger systems. The computer system performs the processing, preferably using a group database stored on the mass media storage device, which records an association of the management encryption key to each of the subscriber devices in the group, from which the management encryption key is generated. A set of keys is identified. These key sets, the union of the management encryption keys of all selected subscriber units, the control encryption key regime (one for each excluded subscriber device), together with the associated encryption key, are large. It is used to execute an encryption process using an encryption program stored in a mass media storage device. Residum is a subset of the union that does not intersect with the set of administrative encryption keys held by excluded subscriber devices. The group manager also includes a distributed interface coupled to the processing system for delivering messages of the message portion to the distributed communication network.

[0008] A further aspect of the present invention is a method in an encrypted broadcast messaging system for communicating a secret message to a selected subscriber device of a group of subscriber devices, wherein: The method comprising the steps of pre-combining;
Supplying. The step of encrypting further includes, prior to the encryption, pre-combining the disassembled message parts into a first result message part, wherein each of the plurality of administrative encryption keys held by the selected member is encrypted. For one. The selected member's subscriber unit cannot form a secret message only with the first result message part, and the encryption process further comprises, prior to the encryption, at least the selected member's subscriber unit. Providing a second result message portion to them. The second result message portion is a message portion that has been disassembled into a combination sufficient to allow all selected subscriber units to form a secret message by combining the received message portions. Are formed by pre-bonding. The second set of result message parts may be empty.

[0009] A further aspect of the present invention in a group manager for delivering a secret message to a subscriber device of a selected member of a group is to pre-associate the disassembled message parts prior to encryption. This is an additional processing of the message part as one result message part, and one result message corresponds to each of the management encryption keys in the union. The selected member's subscriber unit cannot form a secret message only with the first result message part, the additional processing of which is further preceded by encryption at least by the selected member's subscriber Providing a second result message portion to them of the device. The second result message portion is a message portion that has been disassembled into a combination sufficient to allow all selected subscriber units to form a secret message by combining the received message portions. Are formed by pre-bonding.

In a preferred embodiment of the invention, the management key is a message transmitted to authorized and intended subscribers in a secure broadcast transmission. However, the invention can be used for secure transmission of digital content, including but not limited to audio products, video products, multimedia products and software objects such as data and programs. To implement such an embodiment, it would be necessary to segment the digital content into small parts, and then encrypt each small part with a different secret encryption key.

In another embodiment, the present invention may use a security device in addition to or with a secret encryption key. For example, some security devices may be used. Such security devices include security protocols, security algorithms, mathematical functions, processing methods, software security devices, hardware security devices, any combination of software-hardware devices, hash functions, serial numbers, clock values, initial values. , Random variables, initialization vectors, and any security values determined by the iterative process. In such an embodiment, the present invention securely broadcasts messages from message sources to included parties, rather than to excluded parties, over an insecure communication channel (widely). Outgoing). The method consists of a number of steps. First, a set of secret security devices is provided. The set may include one or more of the security devices described above. Next, a subset of the security devices is provided to each correspondent. For example, one correspondent is given a particular pair of public and private keys and a particular mathematical function, while the other is given a hash function and a shared secret key. . All that is required is that each correspondent has a unique subset of security devices derived from the set of available security devices as compared to all other correspondents. Next, included (selected) correspondents and excluded correspondents are identified. In effect, the excluded correspondents will be those who have expired accounts or have not paid for certain forms of special services. And one of the secret security devices is (
Selected from the set of secret security devices available through a combination of 1) analysis of security device allocations of included and excluded subscribers, and (2) executable message decomposition. . A particular selected one of the secret security devices is then used to encrypt a particular part of the message. The encrypted form of the message is then communicated over an insecure communication channel. The involved correspondents are then allowed to use certain of their owned secret security devices,
Decrypt the message. Excluded correspondents cannot decrypt the message because they lack one or more security devices needed to decrypt or decrypt one or more of the message sub-portions.

The above and additional objects are achieved as follows.

[0013] The foregoing, together with additional objects, features, and advantages will be apparent in the description that follows.

[0014] The novel features which characterize the invention are set forth in the appended claims. However, the invention itself, together with preferred modes of use, further objects and advantages of the invention, will be best understood by reference to the following detailed description of the preferred embodiments, taken in conjunction with the accompanying drawings.

[0015]

BEST MODE FOR CARRYING OUT THE INVENTION

Referring to FIG. 1, an electrical block diagram of an encrypted broadcast messaging system according to the present invention includes a source 103 for providing a secret message and a list of selected subscribers to a group manager 102, the group manager 102 comprising: The secret message is securely communicated via the distribution communication network 104 only to the subscriber devices 101 of the selected members of the group. The communication distribution network 104 is preferably a broadband cable with a head-end transmission station, the transmission station being a satellite with an uplink and downlink to a direct broadcast receiver, a terrestrial radio base station for transmission to a personal pager Or a storage and transfer data system such as the Internet, linked by a modem and T-1 to a host computer, or, if time and expense permit, may be physical distribution media. Preferably, the subscriber device 101 is like a conventional cable television set-top decoder box for premium pay channels. The source 103 for the list of selected subscriber devices is preferably a list of authorizations from a billing system that is interfaced to the cable channel's own data channel for operation of the cable company. is there. The secret message is preferably a group join encryption key for distribution of the program, such as for a premium pay channel for the next billing period. The groove manager 102 is preferably similar to a controller for a set-top decoder box for a premium pay channel. Similarly, a DBS receiver, a dot matrix LCD pager, or a web browser running on a PC or an accepting "push" information flow all function as subscriber devices. It is economical but not necessary to integrate the subscription information into the control channel to avoid another connection. By integrating the secret distribution of the session encryption key with the encrypted subscription information, together with the decoding of the encrypted subscription information, the session encryption key is physically held in the same decoder box, providing a stronger Give a security approach.

Referring to FIG. 2, in the subscriber unit 101, the processing system 204 preferably includes a microprocessor 205, such as a Motorola 68HC11 series, having a programmed portion of its internal memory. Although an external memory can be used, it is more susceptible to unauthorized changes in security. Inputs to the processing system 204 are a receiving interface 201 and a clock 202. The receive interface 201 is preferably connected to a direct data broadcast channel, such as DSS, but is envisioned to be connected to a data decoder that reads control data from line 21 of the NTSC video signal on the control channel. In the storage and transfer system, the receiving interface 201 is a simple T
It may be a CP-IP stack port, an application-level message, or some other identifiable data stream. Processing system 204
Is connected to the output interface 203 of the subscriber unit. The output interface 203 can pass confidential messages to a display for the user, if possible, or preferably, the interface
4 can pass a secret message to the application program running on it. For security reasons, it is desirable to have an encryption engine that is not physically separated from the cryptographic key to reduce attempts to steal the key. The memory 206 includes a management encryption key, a decryption and a message processing program. Further, the memory 206 preferably holds a session encryption key for the decryption program for the subscription information, preferably all located in the microcomputer's internal memory, and the unprotected encryption key stored in the microcomputer. They are not moved out of the chip. The memory 206 stores the management encryption key, at least one of which is for each of the groups to which the subscriber device belongs. Small groups need only a small number of management key (MK) slots, medium groups need half a dozen to a dozen key slots, and large groups need more than a dozen key slots. Let's be.

The unique combination of management keys is the classic n! / K! (Nk)! Is calculated using The maximum number of SDs (subscriber equipment) that can be uniquely managed for nMK is when k is n / 2. For 4MK, at most 6SD [4! / 2! (2)!
] Can be uniquely managed. Table 1 shows 92 management encryption keys (MKs).
Up to four subscriber units (SDs) are uniquely managed, each SD having six sets of 12 MKs separate from all other SDs. For a subscriber unit with 16 slots, up to 601080390 members in the group will be uniquely controllable.

“Unique” means different. It can be interleaved, but at least one key is excluded from each of the other single sets. A preferred way to make them unique is to assign at least n management keys, where n-
The selection-n / 2 (choose n / 2 out of n) is larger than the size of the entire group including the selected and excluded members. Then, each member is given n / 2 keys. In its simplest form, each set of keys is not a subset of any of the other sets, and they may be interlaced, but every set has at least one that all other sets do not have. With two keys. (In maximal use of n-select-n / 2, only one key out of the n / 2 keys in each set will be different from all other sets.) Calculated as Fibonacci number. Other methods of assuring uniqueness may be employed, but with n
The -selection-n / 2 method is the simplest and preferred. It is possible to form subgroups within the group, which meets the expected needs to take advantage of the delivery of secret messages, but reduces the size of the group with the maximum from Fibonacci numbers .

The session key typically needs to be remembered during use,
The new key must be stored prior to the switch. Thus, for each secure service, at least two slots are needed for the session key. Preferably, the same decryption process is applied to the subscription information and the information of the encrypted secret message part (message part), which is advantageous in small portable devices. However, due to security or battery considerations, different cryptographic engines or processes may be dictated in the transmission of subscription information and the transmission of secret messages. If the group manager delivers a large number of message parts (message parts), storage of these intermediate results is required. The choice between a symmetric and asymmetric crypto engine depends on security requirements, processing and power considerations. Similar to the length of the key used. Only the disassembly method can change security. The output interface preferably connects the decoded subscription information to display software and hardware, such as decompressing video to a conventional CRT display, audio processing to stereo speakers, or data to display to an LCG. I do. Clock 202 is connected to processing system 204,
The processor 205 operates and supplies clock pulses as well as provides calendar and date and time synchronization, and is preferably part of a microprocessor support circuit. Synchronized cryptographic switching is a highly desirable feature in systems that incorporate cryptographic key changes, in which the identification of the cryptographic key used works properly, but a calendar and date and time with reasonably good accuracy are used. I need. Although the interface to the processing system is shown as providing one-way data flow, equally two-way data flow is used where appropriate, to reduce, among other things, the effects of errors.

Referring to FIG. 3, a group manager 102 having a structure complementary to the subscriber device 101 is shown. The source interface 301 can be used to receive subscription information in the same way as video, audio and data. This interface 301 is preferably connected to the source of the list of authorized subscriber devices selected to receive the secret message. Once entered, the binding of the management encryption key to each subscriber device can be stored at the GM. Preferably, such storage is protected from tampering. The secret message is preferably a group session encryption key. Clock 3
02 is connected to the processing system 304 and operates the computer system 305;
It provides clock pulses and provides calendar and date and time synchronization and is preferably part of computer system 305 itself. Processing system 304
Inside, a computer system 305 and a mass storage device 306 exist. A workstation computer, such as Sun's Sparc.RTM. Series, is preferably the computer system 305, with conventional hard disk storage attached to the computer as mass media storage 306. The distribution interface 303 preferably connects the high speed output to an uplink encoder for satellite distribution. Structurally, similar to the subscriber devices, the storage device 306 holds a management encryption key, preferably a database that associates the management encryption key held by each subscriber device with their own keys, the selected subscribers. Software that computes a key set, such as a union held by the device and a registration dam not held by each of the excluded subscriber devices; disassembly software for disassembling secret messages into message parts; message parts according to the key set Software, which encrypts the encrypted message part into a datagram format that can be used by the subscriber unit, and distributed interface software that communicates according to the protocol used by the distributed network. Preferably, the session key, management key and other sensitive information are stored in a protected form on a mass storage device.
Although two-way data flow is shown, equally one-way data flow may be utilized where appropriate.

Referring to FIG. 4, a system flow chart illustrates the operation as they are operated in the system. A secret message, such as a session encryption key, entering the system with a list of authorized (selected) subscribers of the recipient initiates the process of step 401. A management key set is invoked for the selected subscribers from the list, and their MK unions are calculated in step 403. The selection list may include an enumeration of all authorized subscriber devices, an enumeration of only excluded devices, or simply specify the list to be used in additions or deletions or both. May be. Therefore, the excluded subscriber devices are enumerated or derived from the selected recipient list. For each excluded subscriber device, a keyset is invoked and compared to the union at step 441. If none of the management encryption keys are common (there is no union, the registration is equal to a union), the compromised subscriber unit will not send a secret message encrypted with the key in the keyset. It will be excluded regardless of further operations. For such subscribers, no message parts are needed and the number of message parts is reduced at 447.

If there is at least one common management key (if the intersection is not null), the registration key is calculated using the rest of the union after removing the union of the excluded key set and the union. Is done. Residum is an administrative encryption key that can be used to convey a secret message part to selected subscriber units, excluding a particular subscriber unit for each residence. The first message part is first set in step 402 to the secret message itself. If all excluded subscriber units have a null crossing (with no crossing) with the union of the management encryption key of the selected subscriber unit, no disassembly is required. For each excluded subscriber device having a non-null crossover (with some crossover) (m), one message part decomposes the first message part as in step 445 Or by its cumulative decomposition. Message parts other than the first message part are random numbers of length equal to the secret message. The last message part is a cumulative decomposition of the secret message using all other message parts in succession.

There are many decomposition functions. Commutation functions performed in any order are best. Rotation is possible, but limited to a small number, such as less than the number of bits in the key. This implies the desired field operation. Simplicity, it suggests binary function is in Galois zone to 2 ^k acting on k bits rather than 2 at a certain point in time is appropriate extensions, it appears to provide additional methods for degradation However, any arithmetic function is used. Any string function, such as masking, may be constructed from an exclusive OR function, except that functions that require a particular order may include OR or NOT functions. Any linear string function or commutative operation function is acceptable.

The collection of message parts decomposed from the secret message is encrypted using a residue key set, and one copy of the message part is 450-452.
, Each of the management keys in the key set is encrypted. The encrypted message part is broadcast 4 over the distributed network 104.
05 to at least the selected subscriber device 101. Distributing the encrypted message part to other devices, especially to excluded devices, does not indicate that it compromises trust. If the union of management cryptographic keys for the selected subscriber unit already covers the entire group, it will be distributed to the selected subscriber unit even if it is distributed to non-members in a wider area than the selected unit. Since it is assumed that they do not have a common management key, no credit risk is indicated. Upon receipt 406 of the encrypted message part, the message part that is available once identified is parsed at 408 to select enough message parts to reconstruct the secret message. The message part is decrypted at 407 and combined at 409 with the secret message. The sequence of decryption following selection can be reversed if the identification of the encrypted message part is achieved without decryption or implied during distribution. Decoding of all available message parts, with or without duplication, is possible but takes time and effort. Selecting without identifying the message parts can work well if the number of message part combinations is small. For large numbers of combinations, identification and selection based on the best choice of time and effort and availability is optimal. Reconstruction of the secret message from all message parts, preferably by exclusive OR, is achieved in any order if a commutative function is used (exclusive OR). In step 410, the secret message is processed by an output function. A suitable procedure would be to direct the session encryption key to the decryption storage and record its availability. The secret message could be like a text message directed to a display about a large group to receive secretly.

Referring to FIG. 5, in receiving and reconstructing a secret message, an exemplary subscriber unit is shown to hold MK-1, -3, -4,..., And -13. . MP
(Message part) 1 is decrypted from both MK3 and MK13. Only one correct copy is needed. MP2 is available from MK4, MP3 is available from MK1 or MK13, MP4 is available from MK1 or MK3, and MP5 is available from MK1 or MK3.

The secret message is reconstructed by combining one copy of each of all message parts (preferably by a bitwise exclusive OR). Only one is used, even if multiple copies are available. The subscriber device determines by mistake and whether it has successfully received all parts of the secret message, but is preferably communicated with all message parts for which datagrams are required. Identify the message part. If some message parts have been recombined prior to encryption, such as the subscriber unit, through thought and error, determines the set of message parts that when combined will be a secret message. However, preferably, the datagram containing the encrypted message part or the recombined result message part indicates the parts involved and the parts needed to reconstruct the secret message.

Referring to FIG. 6, in an example of management encryption key assignment, four management encryption keys (
MK) is used in an exemplary system having at most six subscriber units (SD) that can be uniquely managed. Each SD holds two MKs, and no two SDs have the same set of MKs. Three SDs have MK1, three have MK2, three have MK3, three have MK4, none have all MKs, and each SD has Has a unique combination of In contrast, the group manager has all four MKs.

To exclude the SD-C from receiving the session key, the group manager (GM) cannot send the session key to MK1 or MK4. Sending the session key to both MK2 and MK3 allows each SD except C to receive one copy. The SD-D is actually sent two copies of the key. Redundant message parts are expected to occur in the present invention. In order to exclude SD-C and SD-D in further examples, the group manager (GM) has also been assigned to MK1 or MK4 and M
The session key cannot be transmitted to K2 or MK3. Transmission of the session key is achieved by first breaking the session key into two key parts (MP). MP1 is transmitted on MK2 and MK3, and MP2 is transmitted on MK1 and MK4. Preferably, MP2 is a random number and MP1 is a session key exclusive-ORed with MP2.

All SDs except C and D will receive copies of both MP1 and MP2. Two copies of MP1 are sent to SD-D, and M-
Two copies of P2 are sent, and in each case do not provide a session key. All selected SDs by properly combining MP1 and MP2
Will have a session key.

Referring to FIG. 7, a message part datagram diagram illustrates an exemplary message conveying a message part encrypted using a particular administrative encryption key. The datagram can include indications of other message parts needed to construct the secret message and can identify them. Without the indication of other necessary message parts, the subscriber device can check the combination until a satisfactory message part combination is found, but the hand-held device typically operates from a battery and Make identification desirable. If the message parts are pre-combined prior to transmission, the message part combinations are identified. The lack of an indication that an additional MP is required may indicate that the secret message is complete, or a simple flag may indicate that the MP is a complete secret message. Can be. The first example is a complete message part by itself, which does not require any other message parts. If fields of various lengths are used, a simple perfect flag and secret message include the entire datagram. The second example shows a message divided into three parts, this datagram carrying message part 2 and marked as second, requiring first and third message parts. The third example shows the recombined result message part of parts 1, 3, 4 and 5 missing parts 2 and 6 to complete the secret message. The last example is a session key in which the secret message is identified at 27, the datagram requires parts identified as 1 to 15, and parts 3, 4, 5 and 13 are recombined, ie 1,2,6-
Transmit the parts missing 12 and 14-15. Various instructions are possible. It will be appreciated that in large active systems it is desirable to identify certain secret messages that apply to certain message parts. The identification of the message part may include a secret message, such as to which session the message part belongs.

Referring to FIG. 8, the decomposition of the secret message into message parts, the pseudo-noise generator supplies random data used when decomposing the message. It is assumed that communicating information about each of the excluded subscribers will occur at the same time that the list of selected subscribers is transferred. The disassembly of the secret message is preferably started by first setting the secret message itself in the first message part, and then selecting a random number, preferably of a length equal to the length of the secret message to be disassembled. Doing so includes generating a message part. The shorter the length, the more vulnerable the secret message is; the longer the length, the less efficient. Preferably, the decomposition proceeds by an exclusive OR operation of the first message part and the new message part (random number) bit by bit, the result of which is kept as the first message part. The new message part is subsequently applied to the first message part by an exclusive OR operation, composing all the messages necessary to recover the secret message.

If the secret message is broken down into a sufficient number of message parts so that for each excluded subscriber device there is at least an MP that is not delivered to that subscriber device, in this example (m ), The cash register is calculated. The residual for the excluded subscriber is a set of cryptographic keys from the union used to send the message part without the opportunity for the message part to be obstructed. Each excluded subscriber device has a key set and the MP is sent to the excluded subscriber's register. The arrow indicates that the copy of the MP is passed to encryption using the management encryption key. Such examples show that some MKs are used for three MPs and some are used for two MPs or only one MP. The number of message parts grows rapidly, but is not the same for each MK.

[0033] The encrypted message parts are bundled together and encapsulated as necessary to deliver them to the distributed network. Identification is advantageous in situations where there are many secret messages and many excluded subscriber devices. If the rate of excluded subscriber devices is high, other more traditional methods should be considered.

The use of a random number to decompose a secret message is advantageous because if any message part is lost, a partial combination of message parts will appear to be a random number. Other decomposition methods, such as message shifting or analysis, are used, but the commutative nature of the exclusive OR makes it highly desirable. In addition, using random numbers of different lengths reduces the length less than the original secret message and reduces security. Using the preferred method, missing any random number equal in length to the original secret message breaks the message so as to be as difficult as not having any message parts.

If the secret message is a session encryption key, instead of the source generating the session encryption key (secret message) in another aspect, the group manager generates the session encryption key (secret message). Can be. The same form of random number generator used for the message part may be used for this.

Referring to FIG. 9, in an example in which SD-A1, SD-Q7 and SD-H6 are excluded, the group manager (CM) completes a new session key or the like in any of MK1 to MK12. I can't send my secret message. Sending a new session key is accomplished by first breaking it down into three parts. SD-A1 has a key set from MK1 to MK6, and
DQ7 has a key set from MK-7 to MK12, and SD-H6 has
4-6 and MK10-12 key sets. And the regi dams,
A1 is from MK7 to MK12, Q7 is from MK1 to MK6, and H6 is MK1-3 and MK7-9. MP1 is a key set MK1
Sent on 0-12, they are a subset of the intersection of MK1-12 and Residum A1. Similarly, MP2s are sent on MK4-6, and they are
It is a subset of Q7. MP1 and MP3 are as done in SD (
(Preferably exclusive OR) pre-assembled and sent on MK7-9, which are the intersection of Residum-A1 and Residum-H6. Then, MP2 and MP3 are combined in advance and sent to MK1-3 to form a crossover part of RESIDUM-Q7 and RESIDUM-H6. Preferably, MP2 and MP3 are random numbers, and MP1 is a session key exclusive-ORed with MP2 and exclusively ORed with MP3. The total number of transmitted MPs is 12 at this point.

All 924 possible S except SD-A1, SD-Q7 and SD-H6 above
D will receive copies of MP1, MP2 and MP3. MP1 is not sent to SD-A1, and MP2 is not sent to SD-Q7. SD-H6 is MP
1 and MP2 but not MP3. One SD-M5 is MK1,
It has 2, 3, 7, 8 and 9 and can only receive MP1 pre-coupled to MP3 and MP2 pre-coupled to MP3. Such an SD would not be able to reconstruct a secret message, eg, a session key, from these components. Thus, any of the MP1, MP2 or MP3 in the SD is provided on the appropriate MK and sent using any MK already used to enable decryption of the secret message and encrypt it. MP1 is sent on MK7, 8 or 9; MP2 is sent on MK1, 2 or 3; MP3 is
1, 2, 3, 7, 8 or 9. Only one of these is needed. The feeding process is then to send one of these alternatives. This means that a message of 13 message parts is needed, which is somewhat less than the 18 that may be needed at maximum.

With MP2

(Equation 1) And MP1

(Equation 2) And (SD-5)

(Equation 3) When

(Equation 4) By properly combining both with MP3, all selected SDs will be able to reconstruct the secret message.

Referring to FIG. 10, in an example of the pre-combination of message parts, MP1, M
P3, MP4, MP5 and MP13 are shown as a 56 bit string. The bitwise exclusive OR of MP is shown at the bottom. A preferred identifier is shown, a string of length 15 meaning 15MP is needed to reconstruct the secret message. The message part with the corresponding bit position in the string indicates that MP1, 3, 4, 5, and 13 are pre-coupled.

Referring to FIG. 11, a flowchart of the system illustrates the operation as they are operated in the system. A secret message, such as a session encryption key, entering the system with a list of authorized (selected) recipient subscriber devices initiates the process of step 1101. The management key set is called from the list for the selected subscribers, and their MK unions are calculated in step 1103. The selection list may include an enumeration of all authorized subscriber devices, an enumeration of only excluded devices, or simply specify the list to be used in additions or deletions or both. May be. Therefore, the excluded subscriber devices are enumerated or derived from the selected recipient list. For each excluded subscriber device, a keyset is invoked, step 1141
At the Union. If none of the management encryption keys are common (there is no union, the registration is equal to a union), the compromised subscriber unit will not send a secret message encrypted with the key in the keyset. It will be excluded regardless of further operations. For such subscribers, no message parts are needed and the number of message parts is reduced at 1147.

If there is at least one common administrative key (intersection is not null), the residual key set is calculated using the rest of the union after removing the union of the unsubscribed key set from the union. Is done. Residum is an administrative encryption key that can be used to convey a secret message part to selected subscriber units, excluding a particular subscriber unit for each residence. The first message part is initially set in step 1102 to the secret message itself. If all excluded subscriber units have a null crossing (with no crossing) with the union of the management encryption key of the selected subscriber unit, no disassembly is required. For each excluded subscriber device having a non-null crossover (with some crossover) (m), one message part decomposes the first message part as in step 1145 Or by its cumulative decomposition. Message parts other than the first message part are random numbers of length equal to the secret message. The last message part is a cumulative decomposition of the secret message using all other message parts in succession.

The collection of message parts decomposed from the secret message is then pre-combined according to the set of registers. For each management encryption key at the union, with the management encryption key, all registers will have an associated message part pre-bound at 1150-52.

All selected subscriber devices must receive the secret message.
In step 1153, the set of selected subscriber units to receive is confirmed. Any message parts that are not available at the subscriber device selected by the precombination are provided at step 1154.

The pre-bound and supplied message parts are encrypted at 1155 for each of the management keys at the union. The encrypted message part is
The data is distributed to at least the selected subscriber device 101 by the broadcast 1105 via the distribution network 104. Distributing the encrypted message part to other devices, especially to excluded devices, does not indicate that it compromises trust. If the union of management cryptographic keys for the selected subscriber unit already covers the entire group, it will be distributed to the selected subscriber unit even if it is distributed to non-members in a wider area than the selected unit. Since it is assumed that they do not have a common management key, no credit risk is indicated. Upon receiving 1106 the encrypted message part, the message part that is available if identified is 110
8 parsed to select enough message parts to reconstruct the secret message. The message part is decrypted at 1107 and 110
At 9 it is combined with the secret message. The sequence of decryption following selection can be reversed if the identification of the encrypted message part is achieved without decryption or implied during distribution. Decoding of all available message parts, with or without duplication, is possible but takes time and effort. Selecting without identifying the message parts can work well if the number of message part combinations is small. For large numbers of combinations, identification and selection based on the best choice of time and effort and availability is optimal. Reconstruction of the secret message from all message parts, preferably by exclusive OR, is achieved in any order if a commutative function is used (exclusive OR). In step 1110, the secret message is processed by an output function. A suitable procedure would be to direct the session encryption key to the decryption storage and record its availability. The secret message could be like a text message directed to a display about a large group to receive secretly.

As will be appreciated, the methods and apparatus of the described system can be used for the delivery of secret messages other than the session encryption key, and are required for identification to convey the session encryption key. The properties described are better adapted to the present invention. And, typical encrypted broadcast message transmission techniques can meet the required characteristics for delivering regular messages rather than transmitting encryption keys.

The method and apparatus of the present invention for securely broadcasting a message from a source over a communication channel that is insecure to an included party but not to an excluded party is described in various aspects. Can be executed. One broad implementation is to use "security devices" instead of secret cryptographic legal communication keys. A "security device" may include any one of many new or conventional security measurement methods or processes. For example, a secret cryptographic communication key can be used, as described in the preferred embodiment. According to the invention, symmetric or asymmetric keys are used. In another aspect, a secret-public key pair is used, such as the Defy-Hellman public secret key protocol. In another aspect, encryption or processing algorithms are used to mask or decompose portions of the transmitted message. Mathematical functions can be used to mask parts of the message. For example, various conventional analog or digital functions are used. The processing method can also be used to encrypt parts of the secret message. A software or hardware security device can be used to encrypt parts of the message.
A hash function can be used to encrypt parts of the message. A serial number unique to a particular individual or computing device can be used to encrypt or mask portions of the message. The clock value can be used if the device is synchronized in some way. this is,
Conventional techniques used in general data processing systems (typically TO
D clock). A random number generator can be used to generate a key or value for use in the encryption operation. Initialization vectors for data processing or hardware devices can be used. Further, any value determined by the iterative process (if the processes are all synchronized) can be used to change the secret cryptographic communication key. Some of these conventional alternative aspects of the security device are shown in FIG.

FIG. 12A illustrates a single encryption operation. As shown, clear text 2000 is provided to encryption engine 2002 to generate cipher text 2004. The ciphertext is communicated over an insecure communication channel and provided to the decryption engine 2006. Decryption engine 2006 operates to generate clear text 2008 that matches clear text 2000.

FIG. 12B illustrates a symmetric shared secret key encryption operation. As shown, clear text 2010 is sent to an encryption engine 2014 keyed by a secret key 2012. The encryption engine 2014 generates a ciphertext 2016 that is communicated over an insecure communication channel. Cipher text 20
16 is supplied to a decryption engine 2020 keyed by the secret key 2018. The decryption engine provides a clear text 202 that matches the clear text 2010.
2 is generated.

FIG. 12C shows an asymmetric shared secret key encryption process. In this process, the encryption key 2026 is different from the decryption key 2032. The clear text 2024 is provided to the encryption engine 2028. The encryption engine 2028
The encryption key 2026 is used to perform the encryption operation. Cipher text 203
0 is provided as the output of the encryption engine 2028 and communicated over an insecure communication channel. The cipher text 2030 is input to the decryption engine 204
3. The decryption engine 2034 decrypts the cipher text 2030 using the decryption key 2032. The decryption engine 2034 outputs the clear text 20
36 is generated as an output. The clear text 2036 matches the clear text 2024.

FIG. 12D is a schematic representation of a mediation encryption protocol. Correspondent 203
8 communicates with the correspondent 2042 using the mediated protocol 2040. The third mediator 2044 is trusted by both parties and operates to forcibly execute the mediated protocol.

FIG. 12E is a schematic representation of an arbitrated protocol for transmitting secure messages. As shown, correspondent 2046 communicates with correspondent 2048. The communication process may include evidence 2052, 205 provided to trusted arbitrator 2050.
4 is generated. The arbitrator uses the arbitrated protocol 2054 and, after confirmation, determines the validity of the communication to determine its validity and determines the identity of the communicator.

FIG. 12F is a schematic representation of a self-enforcement protocol. As shown,
The correspondent 2056 communicates with the correspondent 2058 using a self-enforcement protocol 2060.

FIG. 12G is a schematic representation using a reversible mathematical function for communicating securely. An input 2062 is provided to a mathematical function 2064, which operates on the input and produces a ciphertext output 2066. Output 2066 is communicated over an insecure communication channel. The inverse mathematical function 2070 is the hash function 2064
Are used to produce an output 2072 that matches the input 2062.

FIG. 12H shows a block diagram of an asymmetric private key-public key encryption operation. Using this operation, only the correspondent A sends or generates a message, and the correspondents including the recipient B can read the message. As shown, correspondent A generates input 2080 and the input is an encryption engine 2082
Supplied to The encryption engine is at least partially keyed to a secret key 2084 to generate ciphertext 2086 as output. The ciphertext 2086 is communicated over an insecure communication channel. Cipher text 20
86 is received by the decoding engine 2088, which decodes the
Public key 2090 (public key related to correspondent A). The decryption engine 2088 generates an output 2092 that matches the input 2080. In this manner, correspondent A can generate a message that can be read by any other correspondent using public key 2090 associated with correspondent A. It is not possible to pretend to be any correspondent A because the secret key 2084 is required to generate a decryptable message.

FIG. 12I shows a simplified block diagram of asymmetric private key-public key encryption, where any correspondent A can generate a message and such The message can be read by only one correspondent B. As shown, input 2100 is provided by correspondent A as input to encryption engine 2102. The encryption engine is tuned to the public key 2104 associated with correspondent B. The encryption engine 2102 generates a ciphertext 2106 that is communicated over an insecure communication channel. Cipher text 21
06 is provided as an input to the decryption engine 2110. Decryption engine 2
110 uses a secret key 2108 that is associated with and known only to correspondent B. Decoding engine 2110 produces an output 2112 corresponding to input 2100. In this manner, any correspondent A can generate a secret message that is read only by the correspondent B.

FIG. 12J is a simplified schematic representation of a signature operation that can be used for secure transmission. As shown, input 2120 is secure (reliable)
Used to generate both signature and secret messages. Input 2120 is provided to a hash function 2122 to generate a signature. Hash function 21
22 scrambles the input in an irreversible manner. Hash function 2122
Is supplied to an encryption engine 2124, which generates a signature 2126 that is encrypted and communicated over an insecure communication channel. The signature 2126 is provided as input to a decryption engine 2128, which generates an output that is supplied to a comparator 2140. Input 2
120 is also provided to an encryption engine 2130,
Generates as output ciphertext 2132, which is communicated over an insecure communication channel and received by decryption engine 2134.
Decoding engine 2134 produces an output 2136 corresponding to input 2120.
The output of the decryption engine 2134 is supplied to a hash function 2138, which corresponds to the hash function 2122. In other words, hash functions 2122 and 2138 operate to generate the same but random output based on the input. The output of hash function 2138 is provided to comparator 2140. If the values provided for the signature and the message are the same, the communication is valid. In other words, the communication is from a trusted source.

FIG. 12K is a simplified block diagram using initial values and iterative processing for performing secure communication over an insecure communication channel. As shown, an initial value or vector 2144 is generated by a combination of a random number 2140 and a time or other periodic value 2142. The initial values are provided to an algorithm or generator 2146. Input 2148 is coupled to the output of algorithm / generator 2146 in exclusive OR operation 2150. All of these processes are performed under the control of the correspondent A. The correspondent B or other authorized correspondent has the same initial value 2154 supplied to the same algorithm / generator 2156. The output of algorithm / generator 2156 is provided as input to exclusive OR operation 2158. The other input of exclusive OR operation 2158 is provided by exclusive OR operation 2150 over an insecure communication channel. The output of exclusive OR operation 2158 is output 2160 of input 2148. this is,
This is possible due to the unique properties of commutative and reversible exclusive OR operations. Any periodic processing can be used instead of a time value to synchronize authorized parties.

[0058] The simplified example of FIG. 12 is a secret cryptography to decompose, encrypt, or mask selected portions or segments of a message to be communicated over an insecure communication channel. Fig. 4 illustrates various conventional security devices that can be used instead of or in combination with a communication key.

In overview, in the present invention, it is necessary and necessary to determine the total number of secret communication keys to be used to communicate a message only to the included parties, excluding excluded parties. Some consideration must be given to determine the amount of decomposition or segmentation of a given message. One approach is to focus on maximizing message segmentation or decomposition, rather than maximizing analysis of key variance. In other words, one broad approach is to emphasize segmentation or decomposition and not key analysis. This type of analysis is governed by the total number of excluded parties. A drawback associated with this type of analysis is that it consumes a significant amount of bandwidth to communicate heavily decomposed or segmented messages.

Another approach is to maximize the effort in analyzing key allocation at the included and excluded correspondents to minimize the amount and number of segments of the message to be sent to communicate the message. Is to pay.

In effect, some coordination must be achieved between analyzing the key allocation and segmenting or decomposing the message. Analysis of this problem in conjunction with a system of linear equations to determine the optimal amount of decomposition or segmentation and key identity to minimize processing and minimize the bandwidth required for secure communication Is found.

[0062] These and other changes are made by those skilled in the art and should be considered not to depart from the scope of the claims.

Thus, it should be apparent from the above disclosure that the present invention provides a method and apparatus for communicating a secret message only to the subscriber units of selected members of a group. Advantageously, the method and apparatus retain the high efficiency characteristics of prior art group broadcast encrypted messaging techniques, with a significant degree of elimination of unselected group members and other unauthorized recipients. Will be increased.

In another embodiment of the present invention, it is advantageous to perform the message disassembly and encryption operations continuously to increase security and reduce bandwidth requirements for secure communication. There will be. The current implementation described here uses an exclusive OR
Although heavily dependent on arithmetic, this is not necessarily the only means to achieve secure communication. Exclusive OR operations have certain properties that make them useful in the current case. For example, an exclusive OR operation is its own inverse function.
Furthermore, exclusive OR operations are commutative. It is possible to combine non-linear or non-commutative functions, but that would be difficult. Higher-order arithmetic functions such as those in the GF ^m range are commutative and useful. Furthermore, the rotation and splice string functions are inversely transformed, but their usefulness is limited.

Mathematically, due to the pre-coupled parts, some devices performing the reconstruction are required to generate an odd number of message parts to include the message parts under an exclusive OR operation. In some devices only, even numbers can cause failures because even numbers are possible. Therefore, the supply step is inserted in claim 3.
The device needs to choose how to combine the parts so that all parts are included. If other functions such as GF are used for the decomposition,
The size of the field will determine how much occurrence is required for each message part. For example, FG2 ⁵ has an element 32. Depending on the selected field polynomial, as a combination function, for example, 1, 31, 5
Some primitive function is selected to use, for example. Zero is not a useful combination function. A primitive of one implies that the message part appears only once in the last reconstruction. Other primitives are arithmetically combined to obtain the result. Thus, a particular message part given to itself three times is available, and its equivalent single occurrence is calculated by knowing the polynomial. This helps to solve some combinations, but is a problem of spanning all eigenvectors.

Although the invention has been described with reference to particular embodiments, the description is not intended to be construed in a limiting sense. Various modifications of the disclosed embodiments, as well as alternative embodiments of the invention, will be apparent to persons skilled in the art upon reference to the description of the invention. It is therefore contemplated that the appended claims will cover any such modifications or embodiments that fall within the scope of the invention.

[0067]

[Table 1]

[Brief description of the drawings]

FIG. 1 is an electrical block diagram of an encrypted broadcast message delivery system according to the present invention.

FIG. 2 is an electrical block diagram of a subscriber device according to the present invention.

FIG. 3 is an electrical block diagram of a group manager according to the present invention.

FIG. 4 is a system flowchart of an encrypted selective group broadcast message transmission system according to the present invention.

FIG. 5 is a functional diagram of decrypting a message part and reconstructing it into a secret message according to the present invention.

FIG. 6 is an exemplary assignment of a management encryption key at a subscriber device of a member of a group according to the present invention.

FIG. 7 is a message structure diagram of an exemplary message part diagram according to the present invention.

FIG. 8 is a functional diagram of the decomposition and encryption of a secret message according to the present invention.

FIG. 9 is an exemplary detailed diagram incorporating pre-coupling and dispensing according to the present invention.

FIG. 10 is an exemplary assignment of a management encryption key in a subscriber unit of a larger group of members.

FIG. 11 is a system flowchart of an encrypted selective group broadcast messaging system incorporating pre-association and provisioning according to the present invention.

FIG. 12 is a graphical illustration of multiple alternative security devices that may be used in place of or in conjunction with secret cryptographic keys in another embodiment of the present invention.

Table 1 is an indication of the total number of subscribers who can be served using a certain number of secret encryption keys.

[Procedural Amendment] Submission of translation of Article 34 Amendment of the Patent Cooperation Treaty

[Submission date] April 11, 2000 (2000.4.11)

[Procedure amendment 1]

[Document name to be amended] Statement

[Correction target item name] Claims

[Correction method] Change

[Correction contents]

[Claims]

──────────────────────────────────────────────────続 き Continuation of front page (81) Designated country EP (AT, BE, CH, CY, DE, DK, ES, FI, FR, GB, GR, IE, IT, LU, MC, NL, PT, SE ), AL, AM, AT, AU, AZ, BA, BB, BG, BR, BY, CA, CH, CN, CU, CZ, DE, DK, EE, ES, FI, GB, GE, GH, GM , HR, HU, ID, IL, IS, JP, KE, KG, KP, KR, KZ, LC, LK, LR, LS, LT, LU, LV, MD, MG, MK, MN, MW, MX, NO, NZ, PL, PT, RO, RU, SD, SE, SG, SI, SK, SL, TJ, TM, TR, TT, UA, UG, US, UZ, V N, YU, ZW [Continued from summary] Selected from those combined in reconstructing the secret message.

Claims (51)

[Claims] 1. A method for securely broadcasting a message from a message source over an insecure communication channel to an included party but not to an excluded party, comprising: Providing a set of secret security devices; (b) providing a subset of the secret security device to each correspondent; and (c) each correspondent being compared to all other correspondents. Having a unique subset of the secret security device obtained from a set of secret security devices; and (d) identifying the secret security device associated with the included correspondent and the excluded correspondent. (E) (1) allocating the secret security device at the included and excluded communicators; Selecting a particular one of the secret security devices from the set of secret security devices by a combination of: parsing the message; Decomposing the message into message parts; (g) using the specific one of the secret security devices to secure the specific message part of the message; (h) the insecure Communicating a secure form of the message over a communication channel; and (i) the included correspondent uses the particular one of the secret security devices to secure the form of the message. The message can be generated from the method. 2. The method for securely broadcasting according to claim 1, wherein the security device includes: (1) a cryptographic communication key; (2) a protocol; (3) an algorithm; (5) processing method, (6) software security device, (7) hardware security device, (8) hash function, (9) serial number, (10) clock value, ( A method including at least one of: 11) an initial value; (12) a random variable; (13) an initialization vector; and (14) a value determined by periodic processing. 3. The method of securely broadcasting according to claim 1, wherein the secret security device includes at least one of: (1) a cryptographic algorithm; and (2) a cryptographic key. Including a security device. 4. The method of securely broadcasting according to claim 3, wherein the cryptographic security device comprises an asymmetric cryptographic security device. 5. The method of securely broadcasting according to claim 3, wherein the cryptographic security device comprises a symmetric cryptographic security device. 6. The method for securely broadcasting according to claim 1, wherein: (1) the set of secret security devices includes at least four secret security devices; and (2) a subset of each of the secret security devices is at least four. A method involving two secret security devices. 7. The method of securely broadcasting according to claim 1, wherein each of the secret security devices has an initial state that is changed after receiving the message. 8. The method of securely broadcasting according to claim 1, wherein the security device includes a secret cryptographic communication key. 9. The method of securely broadcasting according to claim 8, wherein the secret cryptographic communication key comprises a symmetric secret cryptographic communication key. 10. The method of securely broadcasting according to claim 1, wherein: (i) the set of secret security devices includes a set of secret cryptographic communication keys; and (j) the message is a message. (K) each message portion is encrypted with a particular one of the set of secret cryptographic communication keys. . 11. The method of securely broadcasting according to claim 10, wherein the set of secret cryptographic communication keys includes at least four secret cryptographic communication keys. 12. The method of securely broadcasting according to claim 10, wherein a particular one of the secret cryptographic communication keys comprises: (1) the included and excluded communication parties; And (2) an executable segmentation of the message. 13. The method of securely broadcasting according to claim 1, wherein said subset of said secret security devices is substantially n-select-n / 2.
The method given to each correspondent by. 14. The method of securely broadcasting according to claim 1, wherein the secret security device includes data indicating a security key, and wherein the subset of the security keys is substantially n-select-n /. Provided to each correspondent by 2. 15. The method of securely broadcasting according to claim 1, wherein the step of decomposing the message into message parts applies a back-calculable mathematical function to the message and outputs substantially unpredictable. A method achieved by generating 16. The method of securely broadcasting according to claim 1, wherein the step of decomposing the message into message parts comprises: And performing a bitwise exclusive OR operation. 17. A method for securely broadcasting a message from a message source over a communication channel that is not secure to included communicators but not to excluded communicators, comprising: (a) Providing a set with a secret cryptographic communication key; (b) providing each correspondent with a subset of said secret cryptographic communication key; and (c) providing each correspondent with all other Having a unique subset of the secret cryptographic communication key and the key obtained from the set with the secret cryptographic communication key as compared to the correspondent of: d. Identifying a secret cryptographic communication key associated with the excluded communicator; and (e) (1) secret cryptographic communication between the included communicator and the excluded communicator. Solution of allocation with key (2) selecting a particular one of the secret cryptographic communication keys from the set of the secret cryptographic communication keys by a combination of: an analysis of an executable decomposition of the message; (F) decomposing the message into message parts; (g) using the specific one of the secret cryptographic communication keys to encrypt the specific message part of the message; ) Communicating an encrypted form of the message over the insecure communication channel; and (i) verifying that the included communicator is the particular one of the secret cryptographic communication keys. The message can be decrypted using the method. 18. The method of securely broadcasting according to claim 17, wherein the secret cryptographic command key comprises an asymmetric cryptographic communication key. 19. The method of securely broadcasting according to claim 17, wherein the secret cryptographic command key comprises a symmetric cryptographic communication key. 20. The method of securely broadcasting according to claim 17, wherein: (1) the set of secret cryptographic communication keys includes at least four secret cryptographic communication keys; and (2) the secret cryptographic method. Wherein each subset of the generic communication keys includes at least two secret cryptographic communication keys. 21. The method of securely broadcasting according to claim 17, wherein the step of decomposing the message into message parts applies a back-calculable mathematical function to the message to produce a substantially unpredictable output. The method achieved by generating 22. The method of securely broadcasting according to claim 17, wherein the step of decomposing the message into message parts comprises: And performing a bitwise exclusive OR operation. 23. An encrypted broadcast messaging system for communicating secret messages to selected subscriber devices in a group, while excluding other subscriber devices in the group. A method in a system for performing communication, comprising: (a) pre-programming a second set of managed security devices from a first set of managed security devices to each of the subscriber devices of the group, the method comprising: Pre-programming each of said sets to be different from all other second sets; and (b) a managed security device held by said selected subscriber unit, and a subscription removed from said group. Determining a management security device held by the user device; (C) decomposing the secret message into message parts, wherein at least one message part is a message part associated with each of the excluded subscriber devices of the group, and each message part is the excluded part. Providing message portions that are intended to be secured using a managed security device that is not retained by the assigned subscriber device; and (d) using the intended managed security device for each message portion. Securing a copy of each of the message portions, wherein securing one copy for each of the managed security devices held by the selected subscriber device and not held by an associated excluded device. And (e) the secure message Delivering the minutes to at least selected subscriber devices in the group and identifying the delivered message portion and the message portion needed to reconstruct the secret message; and (f) at least Receiving one secure message part and identifying at least one received message part and at least one message part necessary to reconstruct the secret message; Reconstructing at least one received encrypted message part using a management security device; and (h) sufficient to reconstruct said secret message from said secure received message part. Selecting at least one message part; and (i) combining the selected message parts. Method comprising the steps of reconstructing the secret message by. 24. The method according to claim 23, wherein the management security device comprises: (1) a cryptographic communication key, (2) a protocol, (3) an algorithm, and (4) a mathematical function. (5) processing method, (6) software security device, (7) hardware security device, (8) hash function, (9) serial number, (10) clock value, (11) initial A value, (12) a random variable, (13) an initialization vector, and (14) a value determined by periodic processing. 25. The method according to claim 23, wherein the management security device comprises a cryptographic security device comprising at least one of: (1) a cryptographic algorithm; and (2) a cryptographic key. Including method. 26. The method for securely broadcasting according to claim 25, wherein the cryptographic security device comprises an asymmetric cryptographic security device. 27. The method for securely broadcasting according to claim 25, wherein said cryptographic security device comprises a symmetric cryptographic security device. 28. The method of securely broadcasting according to claim 23, wherein: (1) the set of managed security devices includes at least four managed security devices; and (2) a subset of each of the managed security devices is at least four. A method involving two administrative security devices. 29. The method for securely broadcasting according to claim 23, wherein the management security device includes a secret cryptographic communication key. 30. The method for securely broadcasting according to claim 29, wherein said secret cryptographic communication key comprises a symmetric secret cryptographic communication key. 31. The method of securely broadcasting according to claim 23, wherein: (i) said set of managed security devices includes a set of managed cryptographic communication keys; and (j) said message is a message portion. And (k) each message portion is encrypted with a particular one of the set of managed cryptographic communication keys. 32. The method for securely broadcasting according to claim 31, wherein the set of managed cryptographic communication keys includes at least four secret cryptographic communication keys. 33. The method for securely broadcasting according to claim 31, wherein a specific one of the secret cryptographic communication keys is: (1) providing the included and excluded subscribers with each other. Analysis of the key allocation in (1) and (2) possible segmentation of the message. 34. The method for securely broadcasting according to claim 23, wherein said subset of said managed security devices is provided to each subscriber by substantially n-selection-n / 2. 35. The method of securely broadcasting according to claim 23, wherein the management security device includes data indicating a security key, and wherein the subset of the security keys is substantially n-select-n /. Providing to each subscriber by (2). 36. The method of securely broadcasting according to claim 23, wherein the step of decomposing the message into message parts comprises applying a back-calculable mathematical function to the message to produce a substantially unpredictable output. A method achieved by generating 37. The method of securely broadcasting according to claim 23, wherein the step of decomposing the message into message parts comprises: And performing a bitwise exclusive OR operation. 38. An encrypted broadcast message delivery system for delivering secret messages to selected subscriber devices in a group, while excluding other subscriber devices in the group. A method in a system for performing transmission, comprising: (a) determining a management encryption key held by the selected subscriber device and a management encryption key held by a subscriber device excluded from the group; (B) decomposing the secret message into message parts including at least one message part associated therewith for each of the excluded subscriber devices of the group; and (c) copying the message parts. Stored by the selected subscriber device and retained by the associated excluded device. Generating one copy for each of the managed cryptographic keys, wherein each message portion is intended to be encrypted using the retained managed cryptographic key; and (d) Encrypting each of the message parts using a management encryption key intended for the message parts; and (e) delivering the encrypted message parts to at least selected subscriber devices in the group. Identifying the delivered message portion and the message portion needed to reconstruct the secret message. 39. The method according to claim 38, wherein the step of copying further includes a step of pre-combining and a step of supplying, and is encrypted using a specific management encryption key. A copy of all message parts to be joined is precombined into a first result message part, the combination being equivalent to that at the subscriber unit, identifying the message parts that make up the result, and selecting all selected parts. Providing a second result message portion sufficient to reconstruct a secret message from the result message portion delivered to the subscriber device that has been delivered. 40. An encrypted broadcast messaging system for obtaining secret messages by selected subscriber units in a group, excluding other subscriber units in the group. (A) pre-programming a second set of management encryption keys from a first set of at least two management encryption keys into each of said group of subscriber devices. Pre-programming each of the two sets to be different from all other second sets; and (b) receiving at least one encrypted message part, and receiving at least one received message part and Identifying at least one message part required to reconstruct the secret message; (C) decrypting the at least one received encrypted message part using a management encryption key; and (d) extracting at least one message part sufficient to reconstruct the secret message. Selecting from the decrypted received message parts; and (e) reconstructing a secret message by combining the selected message parts and passing it on to the destination. 41. A subscriber unit connected to: (a) a receiving interface for receiving a secure message portion; and (b) a receiving interface for processing the received secure message portion. (C) the processing system is programmed to generate a message portion from the received secure message portion using a pre-programmed security device from a set of available security devices. (D) the pre-programmed security device associated with the receiving interface is different from all others; and (e) at least enough for the processing system to reconstruct a secret message. Select one message part from the message part (F) the processing system is programmed to reconstruct the secret message by combining the selected decrypted message parts; and (g) connecting to the processing system. A subscriber device comprising an output interface for presenting said secret message to its destination. 42. The subscriber device according to claim 41, wherein the security device includes: (1) a cryptographic communication key; (2) a protocol; (3) an algorithm; and (4) a mathematical function. (5) processing method, (6) software security device, (7) hardware security device, (8) hash function, (9) serial number, (10) clock value, (11) A subscriber device including at least one of an initial value, (12) a random variable, (13) an initialization vector, and (14) a value determined by periodic processing. 43. The subscriber unit according to claim 41, wherein the secret security device includes at least one of: (1) a cryptographic algorithm; and (2) a cryptographic key. Subscriber equipment containing the device. 44. The subscriber unit according to claim 43, wherein the cryptographic security device comprises an asymmetric cryptographic security device. 45. The subscriber device according to claim 43, wherein the cryptographic security device comprises a symmetric cryptographic security device. 46. The subscriber unit according to claim 41, wherein: (1) the set of available security devices includes at least four secret security devices; and (2) each of the pre-programmed secret security devices. A subscriber device wherein at least a subset of the subscriber devices includes at least two secret security devices. 47. The subscriber unit according to claim 41, wherein the subset of the secret security devices is provided to each correspondent by substantially n-selection-n / 2. 48. The subscriber unit according to claim 41, wherein the secret security device includes data indicating a security key, and wherein a subset of the security keys is substantially n-selection-n / 2. Subscriber equipment comprising: being provided to a subscriber of the subscriber. 49. The subscriber unit according to claim 41, wherein the message is decomposed into message parts by applying a reversible mathematical function to the message to produce a substantially unpredictable output. Subscriber equipment. 50. The subscriber unit according to claim 41, wherein the bit-wise exclusive OR operation is performed on bits of equal or greater length that are substantially random with the message. A subscriber device where messages are broken down into message parts. 51. A group manager, comprising: (a) a source interface for receiving a secret message and a list of selected subscriber devices receiving the secret message; and (b) connected to the source interface; A processing system for processing the received list of selected subscriber devices into a keyset and for processing the secret message into a message portion; and (c) the processing system makes the selection. (D) the processing system excludes the secret message, wherein the processing system is configured to determine a management encryption key held by the designated subscriber device and a management encryption key held by the excluded subscriber device. Message including at least one message part associated with each of the identified subscriber devices And wherein the processing system is programmed to break into separate minutes, and wherein the processing system includes one copy for each of the management encryption keys held by the selected subscriber device and not held by the associated excluded device. Wherein the processing system is programmed to copy each message part that is intended to be encrypted using an encryption key, and wherein the processing system encrypts each of the message parts using a management encryption key intended for each of the message parts. And the secret message and a message portion delivered in a form usable by the subscriber device and programmed to deliver the encrypted message portion to at least the selected subscriber device in the group. The message parts needed to reconstruct the And which, (e) which is connected to a processing system the encrypted message subgroup managers dispersion interface is included for presenting a message to the broadcast network.