USP 7181758
`U.S. Application No. 08/255,649
`
`INFORMATION DISTRIBUTION AND PROCESSING SYSTEM
`
`Background of the Invention
`Description
`This application is a continuation in part of application Serial No. 08/224,280 filed April 7, 1994.
`This application is a continuation of application Ser. No. 10/079,257 filed Feb. 19, 2002, now
`abandoned, which is a continuation of application Ser. No. 09/699,022 filed Oct. 27, 2000, now
`abandoned, which is a continuation of Ser. No. 09/480,226 filed Jan. 10, 2000, now U.S. Pat. No.
`6,347,215, which is a continuation of Ser. No. 08/939,368 filed Sep. 29, 1997, now U.S. Pat. No.
`6,021,307, which is a continuation in part of application Ser. No. 08/644,838 filed May 10, 1996,
`now abandoned, which is a continuation in part of application Ser. No. 08/279,424 filed Jul. 25,
`1994, now abandoned. All these patent applications are incorporated herein by reference.
`
`The presentThis invention relates to method and apparatus for distributing and
`processinggenerally to information distribution, and more specifically relates to method and
`apparatus for preventing unauthorized use ofparticularly to distributing information by partially
`encrypting such informationusing a broadcast channel and a bi-directional communication
`channel.
`With the advance of electronic and communication technology, information conveyed in
`electronic form (“electronic content”) is fast becoming the most economic and reliable way of
`distributing information. However, many information providers are reluctant to distribute
`electronic content because it is very easy to copy and use the information without authorization.
`In spite of the existence of copyright law, experience shows that electronic content are often
`copied and used without paying any royalties to copyright holders. Thus, in order to promote the
`use of electronic conveyance of information, means must be develop to prevent unauthorized
`usage and copying of electronic content.
`
`Methods have been developed to prevent unauthorized copying of electronic content.
`Several years ago, these methods were used by many software developers. However, these copy
`protection methods do not find acceptance in the market place. Consequently, the majority of
`computer software are currently marketed without copy protection.
`
`Recently, attention has been turned towards preventing unauthorized uses. For example,
`several companies market “dongles,” or hardware keys, which are attached to a port of a
`computer. A protected software would not execute in a computer without an appropriate key.
`Thus, the protected software could be copied but cannot be used in an unauthorized computer.
`However, many users found that these software and hardware keys cause much inconvenience.
`For example, when a user wishes to remove the software from one computer and execute the
`software in another computer, the associated hardware key has to be moved. So far, no mass
`marketed software uses hardware key to protect against unauthorized uses.
`
`Other methods have been developed to prevent unauthorized usage of electronic content.
`One of the methods is disclosed in U.S. Pat. No. 5,010,571 issued to Katznelson. It discloses a
`system for controlling and accounting for retrieval of data from an optical storage medium
`
`Ex. 1027 - Page 1 of 17
`
`Groupon, Inc.
`Exhibit 1027
`
`

`
`containing encrypted data files from which retrieval must be authorized. The optical storage
`medium is distributed to customers at nominal or no charge. However, in order to decrypt the
`data files, a customer must obtain a decryption key from a remote authorization and key
`distribution station. As a result, unauthorized uses can be prevented. A similar system is
`disclosed in U.S. Pat. No. 4,827,508 issued to Shear. In Shear, the decryption key is stored in a
`secure device in the customer site. The secure device also stores accounting data relating to
`usage of the electronic content. The accounting data is periodically sent to a billing station.
`
`In the above methods disclosed by Katznelson and Shear, vast amount of distributed
`information is encrypted using a single key (or a small number of keys). Thus, if the decryption
`key is inadvertently made public, all these information can be used without paying the
`information providers. Naturally, information providers are reluctant to rely on these methods to
`distribute their valuable asset (i.e., information).
`
`Another problem with these prior art methods is that information providers cannot match
`the security level of encryption to the value of the information. Typically, the security of
`encryption is directly related to the complexity of encryption algorithm and the length of keys.
`The choice of encryption algorithms and the length of keys requires an analysis of the value of
`the information and the costs of encryption. In the methods disclosed by Katznelson and Shear,
`all information are encrypted using the same key. Thus, this key may not match the
`requirements of many information providers.
`
`A further problem of these prior art method is that the encryption algorithm is fixed at the
`time encrypted information is initially distributed. As the installed base of encrypted information
`increases, it becomes difficult to change the encryption algorithm. Thus, these method cannot use
`new cryptographic methods which may be developed in future.
`
`Another method is disclosed in U.S. Pat. No. 5,247,575 issued to Sprague et al. It
`discloses that encrypted information may be electronically transmitted from a remote site to a
`receiving device in a customer site via wired or wireless means. It also discloses that the
`decryption key could be stored in a removable “key” card. The card can be inserted into the
`receiving device to decrypt the received and encrypted data. This method suffers the same
`defects described above in connection with Katznelson and Shear. In addition, this method
`requires a communication channel having a large bandwidth for transmitting the encrypted
`information.
`
`SummaryBACKGROUND OF THE INVENTION
`Recent advancements in modem and computer technology allow large amount of digital data to
`be transmitted electronically. A number of information providers (such as newspaper and
`magazine publishers) and on-line information distributors have formed partnerships to deliver
`newspaper and other information on-line. In this system, a subscriber uses a computer and a
`modem to connect, through a regular phone line, to the computer of an on-line information
`provider. The subscriber can retrieve information, including newspaper articles, stored in the
`computer of the information provider.
`Broadly stated, the invention involves a method and system for distributing and
`processing digital information. The digital information is separated into two portions. The first
`portion is a clear portion and the second (residual) portion is encrypted. The clear and the
`
`Ex. 1027 - Page 2 of 17
`
`

`
`encrypted portions are sent to a processing system which decrypts the encrypted portion. The
`clear and decrypted portion is combined to obtain a result which is substantially the same as the
`original digital information.
`
`In one embodiment of the present invention, the clear portion is distributed to customers
`at no or nominal cost. The residual portion will be stored in a central station. When a customer
`wishes to use the digital information, the central station encrypts the residual portion using an
`encryption-decryption key-pair generated at that time. The encrypted portion and the decryption
`key are sent to the processing system in a secure manner. As a result, different keys can be used
`to encrypt and decrypt the same information at different times.
`
`One feature of the present invention is that the clear portion is selected in a way to render
`the reconstruction of the original digital information difficult if the residual portion is not known.
`Thus, a customer will not be able to reconstruct the original digital information based on the
`clear portion. As a result, unauthorized use of the digital information is prevented.
`
`In the present invention, the information providers control the choice of encryption algorithms
`and keys. Further, algorithms and keys can be changed at will.
`On-line delivery of newspaper has many advantages. For example, the information can be
`updated throughout the day while the printed version is printed only once or twice a day. Further,
`it is possible to do text-based searches on the information. However, it is found that on-line
`deliver of newspaper and other information is slow. For example, a subscriber has to wait many
`seconds for a newspaper article to be delivered. The quality of the electronic newspaper is low.
`For example, in order to reduce storage and communication requirements, graphic images
`appeared in the printed version are not universally supplied in the on-line version of newspaper.
`One of the reasons for such poor performance is the limited bandwidth of communication
`channels used by on-line information distributors. Another reason is that information is centrally
`processed by the computer at the site of the information distributor, with the result that each
`subscriber only gets a small slice of the time of the computer.
`SUMMARY OF THE INVENTION
`The present invention uses two channels to deliver digital information: a broadcast channel and a
`bi-directional channel. The broadcast channel is used to deliver the bulb of the digital
`information to subscribers. The amount of information delivered is preferably sufficient to
`satisfy the needs of a large number of subscribers so that they do not have to obtain additional
`information using the bi-directional channel. The broadcasted information is stored on fast
`storage media located at subscriber sites. As a result, search and retrieval of the broadcasted
`information is quick. Further, the broadcasted information is processed locally using a dedicated
`on-site processor instead of relying on the computers of the information distributors. As a result,
`the load on the computers of the information distributors is reduced. If the subscribers desire to
`receive additional information relating to the broadcasted information, the bi-directional
`communication channel is used to transmit the request and the requested information.
`
`The distribution costs of broadcast channels are typically much lower than that of a bi-directional
`communication channel. Consequently, the major portion of information is delivered using low
`cost distribution channels. For a large number of subscribers, the broadcasted information will
`provide all the information they normally need. Thus, expensive bi-directional communication
`channels are used only occasionally.
`
`Ex. 1027 - Page 3 of 17
`
`

`
`These and other features and advantages of the present invention will be fully understood by
`referring to the following detailed description in conjunction with the accompanying drawings.
`BRIEF DESCRIPTION OF THE DRAWINGS
`FIG. 1 is a block diagram ofschematic drawing showing an information distribution and
`processing system in accordance withof the present invention.
`
`FIG. 2 is A flow chart showing the application of the present invention to JPEGshows a
`newspaper article as displayed on a monitor of the information distribution system shown in FIG.
`1.
`Fig. 3 is a schematic diagram showing the application of the present invention to video data.
`FIG. 2B shows the contents of the broadcast information which corresponds to the newspaper
`article of FIG. 2A.
`
`FIG. 4 is a block diagram of a software3 shows another embodiment of the information
`distribution and processing system of the present invention.
`DETAILED DESCRIPTION OF THE INVENTION
`FIG. 1 is a block diagram of an information distribution and processing system 300100 in
`accordance with the present invention. System 300lcontains a central station 302 which is
`connected via a communication link 3p3 to In this embodiment, system 100 is designed to
`electronically distribute newspaper. It should be pointed out that system 100 can also be used
`advantageously to distribute other types of information. System 100 contains a plurality of
`processing units located in subscriber sites,units (such as units 310 and 340. Processing units 310
`and 340 are also102 and 104) each connected to a bi-directional communication links 306 and
`307, respectively. Communication links 306 and 307 are preferably not connected to central
`station 302, but may be connected thereto when needed. Communication links 303, 306, and
`307channel (e.g., telephone connections 106 and 108 coupled to units 102 and 104, respectively)
`and a satellite transponder 110 for broadcasting digital data to these subscriber units. Telephone
`connections 106 and 108 (which could be wiredline-based or wireless, remote or local, point-to-
`point or broadcasting.) are coupled to a central database 109. In system 100, satellite transponder
`110 is used to broadcast the content of a newspaper to the subscriber units while telephone
`connections 106 and 108 are used to provide additional information (stored in central database
`109) to subscriber units 102 and 104, respectively, on a demand basis.
`Digital information to be distributed is separated into clear (i.e., unencrypted) portions
`and residual portions in accordance with methods described below. The residual portions are
`essentially the digital information with the clear portions removed. The clear portions are sent to
`processing units 310 and 340 via links 306 and 307, respectively. The residual portions are
`stored in central station 302 and will be encrypted before sending to processing units 310 and
`340 upon demand. Central station 302 also takes care of various accounting and bookkeeping
`functions.
`
`The structure of the processing units are substantially the same. Thus, only one of the
`units, in this case, unit 310, will be described in detail. Unit 310 contains a general processor 312
`connected to a secure processor 314 through a communication link 316 (which could be wired or
`wireless). Secure processor 314 is connected to communication link 303 through a line 318.
`Secure processor 314 is enclosed by a protective mechanism so that unauthorized access
`(physical and electrical) to the internal circuitry can be prevented. Secure processor 314 is used
`
`Ex. 1027 - Page 4 of 17
`
`

`
`to decrypt encrypted portions and temporarily store secret information (such as decryption keys
`and usage data). Unlike secure processor 314, general processor 312 does not have to be placed
`in a secure enclosure. Thus, it could be a conventional computer.
`
`In system 300, general processor 312 is used to process the unencrypted data (e.g.,
`decompression, filtering, and error correction) received from communication link 306 while
`secure processor 314 is used to process encrypted data (e.g., decryption and decompression)
`received from communication link 303. Secure processor 314 and general processor 312 can
`communicate with each other using communication link 316. This link does not have to be a
`secure communication link.
`
`Secure processor 314 preferably contains a unique device ID. This device ID is
`preferably permanently stored in a nonvolatile memory 319, such as a ROM. The device ill
`allows secure processor 314 to identify itself to other devices, such as central station 302.
`
`A typical operation of system 300 is now described. Information data is separated in
`residual data and unencrypted data according to methods ‘described below. The residual data is
`preferably a small percentage of the unencrypted data. Unencrypted data 326 preferably contains
`an information ID 327 and a content portion 328. Content portion 328 could contains data
`relating to video, text, audio, or their combination.
`
`Unencrypted data 326 is sent to general processor 312 of processing unit 310 through
`communication link 306. General processor 312 sends the information ID 327 to secure
`processor 314, which in turn forwards it to central station 302 via communication link 303. At
`the same time, the device ID stored in memory 319 is also sent to central station 302 so that it
`can keep track of usage and billing information. Central station 302 encrypts the corresponding
`residual data and sends the encrypted data to secure processor 314 via communication link 303.
`Because link 303 is not a secure link, special methods, described below, need to be used for
`central station 302 to securely send the corresponding decryption key to secure processor 314 ..
`Secure processor 314 decrypts the received encrypted data and combines the result with the
`unencrypted data so as to reconstruct the full digital information.
`
`The key used for encrypting and decrypting the encrypted data could be different for each
`processing and communication session described above. Thus, it is more difficult for
`unauthorized persons to obtain the decryption key to decrypt the encrypted data. Even assuming
`that a few decryption keys are inadvertently disclosed to unauthorized persons, only a few pieces
`of information is compromised. This is different from the system disclosed in the prior art, where
`inadvertent disclosure of a single decryption key may compromise vast amount of information.
`
`Processing unit 310 also contains an output unit 322, which may be connected to general
`processor 312 or secure processor 314. Depending on the information processed, output unit 322
`may be a printer, loudspeaker, TV, or LCD display. In situations where it is not desirable to
`expose the reconstructed information, output unit 322 should be securely connected to secure
`processor 314.
`
`Even though Fig. 1 shows secure processor 314 as a single block, the function of secure
`processor 314 could be carried out in several components. For example, the device ID could be
`
`Ex. 1027 - Page 5 of 17
`
`

`
`stored in a smart card 332 which is removably connected to processing unit 310. Smart card 332
`should be protected from unauthorized intrusion.
`
`Methods for separating information into unencrypted and residual portions are now
`described. It has been observed that information generally has a certain degree of correlation. At
`one extreme is information that is highly correlated. An example is video information which
`consists of a series of pictures depicting time progression of a scene. Each picture typically
`differs slightly from an adjacent picture in the series because the time difference in the scene
`depicted by adjacent pictures is typically less than 0.1 second. As a result, video information
`contains many pictures which are substantially the same. Consequently, it is easy to construct a
`picture missing from the series by interpolating from the pictures prior and subsequent to the
`missing picture. This type of information is considered to have a high degree of temporal
`correlation.
`
`Video information also has another type of correlation. The spatial variation of a picture
`is typically very gentle. For example, if the picture is a human swimming in water, there is little
`variation (in terms of color and intensity) in the portion of the picture relating to water.
`Consequently, it may be easy to recreate a missing portion of a picture by interpolating from
`portions of the picture surrounding the missing portion. This type of information is considered to
`have a high degree of spatial correlation.
`
`At the other extreme is information for which it is difficult to create a missing portion
`from other portions. This type of information has a low degree of correlation. An example of this
`type of information is the binary code of a piece of software. Typically, it is difficult to recreate a
`missing byte (or a series of missing bytes) from other bytes in the binary code.
`
`In the middle of this spectrum of correlation is text information. The structure of many
`languages dictates that redundant words or letters be used at predetermined positions of a
`sentence. Thus, it is possible to guess missing words and letters in a sentence. For example, the
`grammar of the English language imposes a set of rules which includes putting the letter “s” at
`the end of a noun to designate plural quantity. In many sentences, the noun is not the only place
`where plural quantity is indicated. For example, the sentence “there are two birds” uses the word
`“two” to indicate the existence of more than one bird, in addition to the letter “s” attached to the
`word “bird.” Thus, the letter “s” at the end of the word “bird” is correlated to the word “two” in
`the above sentence. Similarly, the word “are” is correlated with the word “two.”
`
`Information can also be classified according to its effect on intended uses if a portion of
`the information is missing. At one extreme is information which would be useless if a small
`portion is missing. An example is the binary code of a piece of software. A computer is unlikely
`to successfully execute the software if the binary code has a few erroneous bytes. This type of
`information is considered to be error intolerant. At the other extreme is information that degrades
`gracefully. For example, when noise of TV signal increases (i.e., portions of video information is
`missing or has erroneous values), color TV pictures often become monochrome. However, it is
`still possible to watch and comprehend the TV pictures, even though they are less pleasing to the
`eyes. This type of information is considered to be error tolerant. Error toleration can also be
`different depending on spatial or temporal types of errors.
`
`Ex. 1027 - Page 6 of 17
`
`

`
`It should be pointed out that even though the degree of error tolerance has some
`relationship to the degree of correlation of information, it does not depend solely on the degree
`of correlation. For example, a person typically does not tolerate a small distortion in a familiar
`song while may tolerate a large distortion in a new song, even though the degree of correlation of
`these two songs are the same. As another example, a reader is likely to tolerate a large number of
`missing words in a newspaper article. On the other hand, the same reader probably would not
`tolerate the same percentage of missing words in a poem. Thus, even though the degree of
`correlation of the newspaper article and poem may be the same (because they follow essentially
`the same grammar rules), the degree of error tolerance is different. This is because error
`tolerance depends, to a certain extent, on subjective considerations.
`
`In the prior art information distribution and processing systems using cryptography, every
`bit of information is encrypted. One aspect of the present invention is the realization that it may
`not be necessary to completely encrypt the information, especially when it has a low degree of
`correlation. This is because it is often difficult to reconstruct the residual portions based on the
`clear portions of information. In addition, information that has a low degree of error tolerance
`may only need to be encrypted at a few critical places (e.g., the destination address of a jump op
`code, or the last name field of a customer database). This is because a user would not accept the
`information if a small portion is missing or erroneous. Thus, even though most of the
`information is in the clear, it is still not commercially useful if isolated portions are unavailable
`because they cannot be decrypted (i.e., people are still willing to pay a high price to obtain the
`full information, even though they already have 99 percent of the information). Since only a
`small portion of information need to be decrypted, the amount of computation power required to
`decrypt the information is reduced.
`
`Encrypting a portion of information may also help to reduce the computation power
`required for other signal processing tasks. As an example, information which is massive and
`highly correlated (e.g., video information) is often compressed in order to reduce the amount of
`memory space used for storing and the bandwidth used for transmitting the information. Many
`compression methods make extensive use of the correlative nature of information. However,
`many encryption methods have a tendency to randomize information. For example, if the plain
`text is a string of identical letters, the encrypted text using algorithms such as DES may be a
`string of letters in which every letter is different. Consequently, it may be more difficult to
`compress the encrypted text.
`
`The word “encryption” is used broadly in the present invention to include different ways
`of transforming information so that it is difficult for an unauthorized person to correctly
`understand the information. It includes transformation in which a key is required, such as public
`key and secret key encryption methods. It also includes scrambling information according to a
`secret algorithm without using a particular parameter which may be classified as a “key.”
`
`The word “information” is used broadly in the present invention to include data that is
`organized in some logical manner. Examples of information include video signal, audio signal,
`picture, graphic, computer software, text, database, and multimedia composition.
`
`In another embodiment of the present invention, information is encrypted in different
`levels of security. In this embodiment, most of the information is encrypted using a method
`
`Ex. 1027 - Page 7 of 17
`
`

`
`having a low level of security (instead of no encryption, as are the embodiments described
`above) and a portion of the information is encrypted using a method having a high level of
`security.
`
`Typically, the amount of computational power needed for decryption is positively related
`to the level of security. Thus, information encrypted using a method having a low level of
`security requires less time to decrypt.
`
`An example of distributing graphic images using the above described method is now
`described. Because of the rich information content of graphic images, they require a large
`number of bytes to digitize. Consequently, it is common to compress the digitized graphic
`images. One of the most popular methods is JPEG (Joint Photographic Experts Group). An
`application of the present invention to JPEG is now described. It should be appreciated that the
`same principle can be applied to other methods of processing graphic images.
`
`It is known that human eye is less sensitive to color changes than to brightness changes.
`Thus, the chrominance component can be coded with more loss than the luminance component.
`For example, a widely used color scheme is CCIR 601, in which three components, Y, Cb, and
`Cr, are used. Under this color scheme, the Y component roughly represents the brightness of a
`color image, and can be used as a black-and-white version of the color image. The Cb and C r
`components roughly represent the blueness and redness, respective, of the image.
`
`JPEG works best when applied to color data expressed as luminance (brightness) and
`chrominance components because it allows these components to be sampled at different rate (i.e.,
`subsampling). When JPEG is used to compress an YCbCv image, a fair common choice is to use
`one Cb and C r sample for each four Y samples. Each of the sampled component is discrete
`cosine transformed and then quantized in accordance with a quantization table. The results of
`quantization are compressed using either a modified Huffman code or arithmetic coding.
`
`If color fidelity is an important element of the images, it may be sufficient to encrypt only
`the Cb or C r component in order to prevent unauthorized uses. In this case, only a small portion
`of the digital data needs to be encrypted. The quantization table is stored in an JPEG file. In
`some situations, it may be sufficient to only encrypt the quantization table. Again, only a small
`portion of the digital data needs to be encrypted.
`
`Fig. 2 is a flow chart 350 showing a method of using the information distribution and
`processing system 300 of Fig. 1 to distribute and process graphic images in JPEG form. The
`JPEG data is separated into unencrypted and residual portions according to the method described
`above. The unencrypted portion of the JPEG file is sent to processing unit 310 through
`communication link 306 (step 354). For example, the unencrypted portion could be stored in an
`on-line bulletin board system and downloaded to processing unit 310 through a regular phone
`line. Alternatively, the unencrypted portion could be recorded in a portable memory medium
`(e.g., floppy diskettes, tapes, or CD-ROMs) and distributed to potential customers. General
`processor 312 reads the information ID 327 and causes the secure processor 314 to send the
`information ID and its device ID to central station 302 (step 356). Central station 302 then
`encrypts the residual portions and sends the encrypted portion (e.g., quantization table) to secure
`processor 314. Central station 302 also sends the decryption key to secure processor 314 using
`
`Ex. 1027 - Page 8 of 17
`
`

`
`one of the well known secure communication protocols (step 358). Secure processor 314
`decrypts the data and causes general processor 312 to send the unencrypted JPEG portion thereto
`for generating a complete image (step 360). The image is sent to the output unit 322 for display
`(step 362).
`
`Fig. 3 is a diagram showing one embodiment in which information having a high degree
`of correlation, such as video information 110, is processed with an information distribution and
`processing system of the present invention. Only three frame 112, 114 and 116 of video
`information 110 are shown, although video information 110 typically contains a large number of
`frames. Frames 112, 114, and 116 each has a centrally located region 122, 124, and 126,
`respectively, which are of similar size and shape. Only these regions are encrypted while the rest
`of the frames are in the clear. The area of each of these regions is preferably small compared to
`the size of a full frame.
`
`Video information 110 is separated by a signal processor 120 into modified video
`information 150 and central region information 130. The three frames 112, 114, and 116 of the
`video information 110 are transformed into three frames 152, 154, and 156, respectively, of
`modified video information 150. Frames in the modified video information 150 do not contain
`information in the centrally located regions 162, 164, and 166 (which correspond to centrally
`located regions 122, 124, and 126, respectively). On the other hand, the frames 132, 134, and
`136 in the central region information 130 contain only information relating to the centrally
`located regions 122, 124, and 126.
`
`In the method of the present invention, only the centr~ region information 130 needs to
`be encrypted while the modified video information 150 can stay in the clear. The modified video
`information 150 is sent to general processor 170, which corresponds to general processor 312 of
`Fig. 1. The central region information 130 is sent to secure processor 140, which corresponds to
`secure processor 314 of Fig. 1. The secure processor 140 decrypts the encrypted frames 132,
`134, and 136 and combine them with frames 152, 154, and 156 to reconstruct the video images.
`These images are displayed by a display unit 142, which corresponds to output unit 322 of Fig. 1.
`In order to prevent unauthorized recording of the analog signal, it may be desirable to include a
`system of analog copy protection 144 in secure processor 140.
`
`In this embodiment, substantially the same region of all the frames (i.e., frames
`corresponding to all times from beginning to end) are encrypted. Thus, it is not possible for an
`unauthorized person to take advantage of temporal correlation to reconstruct the centrally located
`regions because there is no basis to perform interpolation. It is also difficult to take advantage of
`spatial correlation near the center of the frame because there is little unencrypted data available
`at areas surrounding the center.
`
`Stated in a slightly different way, the method disclosed above encrypts substantially all
`the correlated portions of the information. Since almost none of the correlated portions are in the
`clear, it is impossible to bypass the correlated portions by using techniques such as interpolation.
`
`The size of the regions 122, 124 and 126 depends on the degree of error tolerance. If
`spatial error tolerance is low (i.e., a user will not tolerate even a small amount of erroneous
`
`Ex. 1027 - Page 9 of 17
`
`

`
`spatial information), the size of the regions 122, 124 and 126 could be small. Further, for
`situations where temporal error tolerance is low, it is not necessary to encrypt all the frame.
`
`The reason for positioning the encrypted region at the center is to take advantage of the
`fact that the most informative area of a picture is usually the center. It may be advantageous to