{
`
`SHAUN WU, hereby declare:
`
`|,
`That | possess advanced knowledgeof the Japanese and English languages. The attached Japaneseinto
`English translation has been translated by me and to the best of my knowledge andbelief, it is a true
`and accurate translation of the Japanese Patent Publication No. 2004-166153.
`
`| declare thatall statements made above of my own knowledgeare true and thatall statements made
`on information and belief are believed to be true. | have been warned and understandthatwillful false
`statementsandthelike are punishable by fine or imprisonment,or both, under § 1001 of Title 18 of the
`United States Code.
`
`| declare (orcertify, verify, or state) underpenalty of perjury that the foregoingis true and correct.
`ai
`
`Executed on May 14, 2024 in _Los Angeles
`
`_, California
`
`:
`
`Shaun Wu
`
`i“
`NSD
`
`Notary Public
`
`Notary Commission Expiry ol [os [LO at
`
`
`
`
`RYAN A. KIM
`Notary Public - California
`
`é
`Los Angeles County
`
`
`Commission # 2462159
`My Comm, Expires Sep 5, 2027
`
`
`Google Exhibit 1006
`Google Exhibit 1006
`Google v. Ericsson
`Google v. Ericsson
`
`

`

`(19) Japan Patent Office (JP)
`
`(12) Japanese Unexamined Patent
`Application Publication (A)
`
`(51) lnt.C1.7
`HO4L
`HO4L
`
`9/08
`9/14
`
`(43) Publication Date:
`
`F1
`
`HO4L9/00
`HO4L9/00
`
`6O1B
`641
`
`JP 2004-166153 A 2004.6.10
`
`(11) Patent Application
`Publication Number
`Laid-Open Patent Application
`No. 2004-166153
`(P2004-166153A)
`June 10, 2004 (2004.6.10)
`Theme Code (Reference)
`5J1O4
`
`Request for Review: Yes
`(21) Application Number
`JP2002-332404 (P2002-332404)
`(22) Application Date
`November 15, 2002 (2002.11.15)
`
`Number of Claims: 8 OL (Total 25 pages)
`(71) Applicant 000004237
`NEC Corporation
`5-7-1 Shiba, Minato-Ku, Tokyo
`(71) Applicant 000232254
`NEC Communication Systems, Ltd.
`1-4-28 Mita, Minato-Ku, Tokyo
`100088890
`Patent Attorney: Junichi Kawahara
`(72) Inventor Kazuya Suzuki
`NEC Corporation, 5-7-1 Shiba, Minato-Ku,
`Tokyo
`Jibiki Masahiro
`NEC Corporation, 5-7-1 Shiba, Minato-Ku,
`Tokyo
`
`(72) Inventor
`
`(74) Agent
`
`Continue to the last page
`(54) [Name of Invention] KEY EXCHANGE METHOD IN MULTICAST DISTRIBUTION SYSTEM
`(57)[Abstract]
`[Problem] The present invention aims to avoid
`processing delays that occur when a client acquires
`a new decryption key during key change (exchange).
`[Solution] A content server distributes a decryption
`key to be used next to a key management server
`within the validity time of the key currently in use,
`and transmits a multicast packet including the key
`number. Each of the clients 51 to 5n requests the key
`management server 31
`to
`transmit
`the next
`decryption key to be used within the validity time of
`the key currently in use and after the content server
`11 has distributed the next decryption key to be used
`to the key management server 31. Also, the
`encrypted data in the multicast packet is decrypted
`using a decryption key corresponding to the key
`number
`in
`the multicast packet. The key
`management server 31 receives the next decryption
`key to be used from the content server 11, and in
`response to a transmission request from each of the
`clients 51 to 5n, transmits the next decryption key to
`be used to the source of the request.
`[Selected Drawing] Figure 1
`
`+ remaining validitytime)
`
`decryption key
`(key number +
`
`response message
`
`key information management table
`
`decryptionmethod
`packet receivingand
`
`measures
`control
`
`key
`
`client
`
`key information management table
`
`key information management table
`
`decryptionmethod
`packet receivingand
`
`measures
`control
`
`key
`
`client
`
`decryptionmethod
`packet receivingand
`
`client
`
`measures
`control
`
`key
`
`key information request
`
`key management server
`
`key management
`
`method
`
`key information management table
`
`(key number + decryption
`key information message
`
`+ remaining validity time)
`
`key
`
`(encrypted data + key number)
`
`multicast packets
`
`network
`
`transmission method
`encryption and packet
`
`content server
`
`measures
`control
`
`key
`
`key information management table
`
`

`

`
`
`(2)
`
`JP 2004-166153 A 2004.6.10
`(cid:289)
`
`CLAIMS
`[Claim 1]
`A key exchange method in multicast distribution system having a network system where multicast distribution of encrypted data is
`performed, comprising:
`a content server that creates an encryption key/decryption key, manages the encryption key/decryption key and its key number
`and remaining validity time, distributes the decryption key to be used next to the key management server within the validity time of the
`key in use, and transmits a multicast packet containing encrypted data and the key number of the encryption key used in the encryption;
`a client that requests the key management server to transmits the decryption key to be used next within the validity time of the
`key in use after the content server distributes the decryption key to be used next to the key management server, and decrypts the encrypted
`data in the multicast packet using the decryption key corresponding to the key number in the multicast packet received from the content
`server; and
`the key management server that manages the the decryption key, its key number and remaining validity time, receives a
`decryption key to be used next from the content server, and transmits the decryption key to be used next to the client in response to a
`request from the client.
`[Claim 2]
`A key exchange method in multicast distribution system having a network system where multicast distribution of encrypted data is
`performed, comprising:
`a content server that manages the encryption key, its key number, and remaining validity time, requests the key management
`server to create the next encryption key/decryption key within the validity time of the key in use, receives the encryption key created in
`response to the request from the key management server, transmits a multicast packet containing encrypted data and the key number of
`the encryption key used in the encryption;
`a client that requests the key management server to transmit the decryption key to be used next after the content server requests
`the key management server to create an encryption key/decryption key to be used next within the validity time of the key in use, decrypts
`the encrypted data in the multicast packet using the decryption key corresponding to the key number in the multicast packet received from
`the content server; and
`the key management server that manages the encryption key, decryption key, their key numbers and remaining validity time,
`creates and stores an encryption key/decryption key to be used next in response to a request from the content server, and transmits the
`encryption key to be used next to the content server, and transmits the decryption key to be used next to the client in response to a request
`from the client.
`[Claim 3]
`A key exchange method in a multicast distribution system according to claim 1 or 2, wherein the address of a key management server is
`added to the information in a multicast packet transmitted from a content server to a client, thereby eliminating the need for the client to
`set a destination for querying and requesting a decryption key.
`[Claim 4]
`A key exchange method in multicast distribution system having a network system where multicast distribution of encrypted data is
`performed, comprising:
`a key information management table in the content server that stores a set of the encryption key/decryption key in use, its key
`number, and its remaining validity time, and a set of the encryption key/decryption key to be used next, its key number, and its remaining
`validity time;
`a key management means within the content server that transmits a key information message regarding the decryption key to be
`used next to the key management server when the remaining validity time of the key in use reaches the first setting value, switches the
`key stored in the table as the next key to be used to the new key in use when the remaining validity time of the key in use reaches 0, creates
`a new encryption key/decryption key to be used next and saves the key information in the table;
`an encryption/packet transmission means within the content server that encrypts the distributed data using the encryption key in
`use stored in its table at the time of multicast distribution, transmits a multicast packet containing encrypted data and the key number of
`the encryption key;
`
`
`
`
`(cid:289)
`
`10
`
`20
`
`30
`
`40
`
`50
`
`

`

`
`
`(3)
`
`JP 2004-166153 A 2004.6.10
`(cid:289)
`a key information management table in the client that stores a set of the decryption key in use, its key number, and its remaining
`validity time, and can store a set of the decryption key to be used next, its key number, and its remaining validity time;
`a packet receiving/decryption means within the client that receives multicast packets sent from the content server, searches the
`decryption key from its table according to the key number in the received multicast packet, and decrypts the encrypted data in the multicast
`packet using the decryption key of that key number;
`a key management means within the client that transmits a key information request to the key management server when the
`remaining validity time of the key in use reaches the second setting value, saves the set of the decryption key to be used next, its key
`number, and its remaining validity time in the response message in its own table, and switches the key that was previously stored in the
`table as the next key to be used to the new key in use based on the recognition of changes in key numbers in multicast packets sent from
`the content server;
`a key information management table in the key management server that can store a set of the decryption key in use, its key
`number, and its remaining validity time, and can store a set of the decryption key to be used next, its key number, and its remaining validity
`time;
`
`and a key management means within the key management server that saves a set of the decryption key to be used next, its key
`number, and its remaining validity time in the key information message received from the content server in its table, transmits a response
`message containing a set of the decryption key to be used next, its key number, and its remaining validity time back to the client when
`receiving a key information request from the client when the remaining validity time of the key in use reaches the second setting value,
`switches the key stored in the table to the new key as the next key to be used when the remaining validity time of the key in use reaches
`0.
`[Claim 5]
`A key exchange method in multicast distribution system having a network system where multicast distribution of encrypted data is
`performed, comprising:
`a key information management table in the content server that can hold a set of the encryption key in use, its key number, and
`its remaining validity time, and can also hold a set of the encryption key to be used next, its key number, and its remaining validity time;
`a key management means within the content server that issues a key creation request requesting the key management server to
`create the next key to be used when the remaining validity time of the key in use reaches the first setting value, saves the set of the
`encryption key to be used next, its key number, and its remaining validity time in the key information response message in its own table,
`and switches the key stored in the table to the new key as the next key to be used when the remaining validity time of the key in use
`reaches 0;
`an encryption/packet transmission means within the content server that encrypts the distributed data using the encryption key in
`use stored in its own table at the time of multicast distribution, transmits a multicast packet containing encrypted data and the key number
`of the encryption key;
`a key information management table in the client that stores a set of the decryption key in use, its key number, and its remaining
`validity time, and can store a set of the decryption key to be used next, its key number, and its remaining validity time;
`a packet receiving/decryption means within the client that receives multicast packets sent from the content server, searches the
`decryption key from its table according to the key number in the received multicast packet, and decrypts the encrypted data in the multicast
`packet using the decryption key of that key number;
`a key management means within the client that transmits a key information request to the key management server when the
`remaining validity time of the key in use reaches the second setting value, saves the set of decryption key to be used next, its key number,
`and its remaining validity time in the response message in its table, and switches the key that was previously stored in the table as the next
`key to be used to the new key in use based on recognition of changes in key numbers in multicast packets sent from the content server;
`a key information management table in the key management server that can store a set of the encryption key/decryption key in
`use, its key number, and its remaining validity time, and can also store a set of the encryption key/decryption key to be used next, its key
`number, and its remaining validity time; and
`
`(cid:289)
`
`10
`
`20
`
`30
`
`40
`
`50
`
`

`

`
`
`(4)
`
`JP 2004-166153 A 2004.6.10
`(cid:289)
`a key management means within the key management server that creates the encryption key/decryption key to be used next in
`response to the key creation request from the content server, saves the set of the encryption key/decryption key to be used next, its key
`number, and its remaining validity time in its table, returns a key information response message regarding the encryption key to be used
`next to the content server, transmits a response message containing a set of the decryption key to be used next, its key number, and its
`remaining validity time back to the client, and switches the key stored in the table to the new key as the next key to be used when the
`remaining validity time of the key in use reaches 0.
`[Claim 6]
`A key exchange method in a multicast distribution system according to claim 4 or claim 5, wherein the address of a key management
`server is added to the information in a multicast packet transmitted from a content server to a client, thereby eliminating the need for the
`client to set a destination for a key information request.
`[Claim 7]
`A key exchange method in multicast distribution system having a network system where multicast distribution of encrypted data is
`performed, comprising:
`a content server key exchange control program in which the content server functions as
`a key information management table that stores a set of an encryption key/decryption key in use, its key number, and
`its remaining validity time, and a set of an encryption key/decryption key to be used next, its key number, and its
`remaining validity time,
`a key management means in which when the remaining validity time of the key in use reaches the first setting value,
`it transmits a key information message regarding the decryption key to be used next to the key management server
`and when the remaining validity time of the key in use reaches 0, switches the key stored in its own table as the next
`key to be used to a new key in use, creates a new encryption key/decryption key to be used next, and saves the key
`information in its own table, and
`an encryption/packet transmission means that encrypts distributed data using the currently used encryption key stored
`in its own table during multicast distribution, and transmits a multicast packet containing the encrypted data and the
`key number of the encryption key;
`a client key exchange control program in which the client functions as
`a key information management table capable of holding a set of a decryption key in use, its key number, and its
`remaining validity time, and a set of a decryption key to be used next, its key number, and its remaining validity time,
`a packet receiving/decryption means that receives a multicast packet sent from a content server, searches for a
`decryption key from its own table using the key number in the received multicast packet, and decrypts the encrypted
`data in the multicast packet using the decryption key with that key number, and
`a key management means in which when the remaining validity time of the key in use reaches the second setting value,
`it transmit a key information request to the key management server, saves the set of the decryption key to be used
`next, its key number, and its remaining validity time in the response message in its own table, and switches the key
`that was previously stored in its own table as the next key to be used to the new key in use based on the recognition
`of changes in key numbers in multicast packets sent from the content server; and
`a key exchange control program for the key management server in which the key management server functions as
`a key information management table capable of storing a set of a decryption key in use, its key number, and its
`remaining validity time, and a set of a decryption key to be used next, its key number, and its remaining validity time,
`and
`a key management method that saves a set of the decryption key to be used next, its key number, and its remaining
`validity time in the key information message received from the content server in its own table, transmits a response
`message containing a set of the decryption key to be used next, its key number, and its remaining validity time back
`to the client in response to the key information request from the client when the remaining validity time of the key in
`use reaches the second setting value, and switches the next key to be used from the key stored in the own table to the
`new key in use when the remaining validity time of the currently used key reaches 0.
`
`[Claim 8]
`A key exchange method in multicast distribution system having a network system where multicast distribution of encrypted data is
`performed, comprising:
`a content server key exchange control program in which the content server functions as
`
`
`
`
`(cid:289)
`
`10
`
`20
`
`30
`
`40
`
`50
`
`

`

`10
`
`20
`
`30
`
`40
`
`50
`
`
`
`(5)
`
`JP 2004-166153 A 2004.6.10
`(cid:289)
`a key information management table capable of storing a set of an encryption key in use, its key number, and its remaining
`validity time, and a set of an encryption key to be used next, its key number, and its remaining validity time,
`a key management means that issues a key creation request to the key management server to request creation of the next key to
`be used when the remaining validity time of the key in use reaches a first setting value, saves the set of the encryption key to be
`used next, its key number, and its remaining validity time in the key information response message received as a response in its
`own table, and switches a key stored in its own table to a new key to be used next when the remaining validity time of the key
`in use reaches 0, and
`an encryption/packet transmission means that encrypts distribution data using an encryption key in use stored in its own table
`during multicast distribution, and transmits a multicast packet having the encrypted data and the key number of the encryption
`key;
`
` a
`
` client key exchange control program in which the client functions as
`a key information management table capable of storing a set of a decryption key in use, its key number, and its remaining validity
`time, and a set of a decryption key to be used next, its key number, and its remaining validity time,
`a packet receiving/decryption means that receives a multicast packet sent from a content server, searches for a decryption key
`from its own table using the key number in the received multicast packet, and decrypts the encrypted data in the multicast packet
`using the decryption key with that key number,
`a key management means that transmits a key information request to the key management server when the remaining validity
`time of the key in use reaches the second setting value, saves the set of the decryption key to be used next, its key number, and
`its remaining validity time in the response message in its own table, and switches the key that was previously stored in the local
`table as the next key to be used to the new key in use based on the recognition of changes in key numbers in multicast packets
`sent from the content server; and
`a key exchange control program for the key management server in which the key management server functions as
`a key information management table that can store a set of the encryption key/decryption key in use, its key number, and its
`remaining validity time and can also store a set of the encryption key/decryption key to be used next, its key number, and its
`remaining validity time, creates the encryption key/decryption key to be used next in response to the key creation request
`received from the content server, saves the set of the encryption key/decryption key to be used next, its key number, and its
`remaining validity time in its own table, transmits back a key information response message regarding the encryption key to be
`used next to the content server, transmits back a response message containing a pair of the decryption key to be used next, its
`key number, and its remaining validity time to the client when a key information request is received from the client when the
`remaining validity time of the key in use reaches the second setting value, and switches the key stored in its own table to a new
`key to be used next when the remaining validity time of the currently used key reaches 0.
`DETAILED DESCRIPTION OF THE INVENTION
`[0001]
`[Technical Field]
`The present invention relates to a multicast distribution system that prevents eavesdropping by encrypting multicast distribution using a
`different key at regular intervals, and to a key exchange method in a multicast distribution system for controlling and managing the
`exchange of keys (encryption key/decryption key).
`[0002]
`[Conventional Technology]
`Generally, multicast packets are received by an unspecified number of recipients, so in order to allow only specific clients to view them,
`the data delivered by the packets must be encrypted with an encryption key and a decryption key must be distributed only to clients
`permitted to view them.
`[0003]
`At this time, by periodically changing the key, it is possible to manage clients and further improve the confidentiality of the encryption.
`[0004]
`Conventionally, in multicast distribution systems in which distribution data (data to be distributed) is encrypted, encryption keys and
`decryption keys have been replaced to prevent eavesdropping by encrypting the data using different keys at regular intervals (see, for
`
`
`
`(cid:289)
`
`

`

`
`
`(6)
`
`JP 2004-166153 A 2004.6.10
`(cid:289)
`
`example, Patent Document 1).
`[0005]
`Such a conventional multicast distribution system includes a content server (referred to as a "transmitter" in Patent Document 1), a client
`(referred to as a "receiver" in Patent Document 1), and a key management server. The content server transmits a packet with key request
`information attached at regular intervals, The client that receives this information requests a key from the key management server, which
`updates the key at regular intervals, preventing the encrypted data from being leaked even if the key falls into the hands of a third party.
`[0006]
`[Patent Document 1]
`JP2001-285273A (pages 2-4, FIG. 1)
`[0007]
`[Problem To Be Solved by The Invention]
`The above-mentioned key exchange method in the conventional multicast distribution system has the following problems.
`[0008]
`The first problem is that a time lag occurs when receiving key request information. The reason for this problem is that when a client
`receives key request information, it requests a key from the key management server and starts decryption only after receiving the response
`(key). and the client cannot decrypt the encrypted information (encrypted data) until a response is received from the key management
`server.
`[0009]
`The second problem is that if a user joins a multicast broadcast in the middle of a broadcast, the user cannot view the broadcast
`immediately. The reason for this problem is that packets with attached key request information are generated at regular intervals, so clients
`participating in a multicast broadcast cannot obtain the decryption key until the next key request information is sent, and therefore cannot
`decrypt the data.
`[0010]
`The third problem is that when the key request information distributed by multicast is lost on the route, the key cannot be obtained for a
`long period of time. The reason for this problem is that multicast delivery does not perform confirmation, so it is not possible to check if
`a packet has been lost along the route. Therefore, if a packet with a key request attached is lost, a new key cannot be obtained until the
`next key request is sent. Thus, the encrypted information cannot be decrypted until the new key is available.
`[0011]
`In view of the above, the object of the present invention is to solve the above problems and to provide a key exchange method in a multicast
`distribution system that prevents eavesdropping by encrypting data with a different key at regular intervals during multicast distribution,
`thereby eliminating the confirmation delay (key switch delay) that occurs when changing (exchanging) a key and enabling real-time data
`processing.
`[0012]
`In other words, the feature of the present invention is that when encryption of distribution data during multicast distribution is performed,
`the encryption key and decryption key are changed periodically to improve the confidentiality of the encryption, and it is also possible to
`prevent delays associated with the acquisition (by the client) of new key information (the key and associated information) when the key
`is changed.
`[0013]
`[Means For Solving the Problem]
`The key exchange method in the multicast distribution system related to the present invention has a network system where multicast
`distribution of encrypted data is performed, comprising:
`a key information management table in the content server that stores a set of the encryption key/decryption key in use (paired
`encryption key and decryption key; they may be the same key), its key number (information for identifying the key), and its remaining
`validity time (key information related to the key), the encryption key/decryption key to be used next, its key number, and its remaining
`validity time;
`
`
`
`
`(cid:289)
`
`10
`
`20
`
`30
`
`40
`
`50
`
`

`

`
`
`(7)
`
`JP 2004-166153 A 2004.6.10
`(cid:289)
`a key management means in the content server that transmits a key information message regarding the decryption key to be used
`next to the key management server (a message containing key information that is a set of the decryption key to be used next, its key
`number, and its remaining validity time) when the remaining validity time of the key in use (encryption key/decryption key) reaches the
`first setting value (a value smaller than the initial value of the remaining validity time of the key in use and larger than 0), switches the
`key stored in the own table (the key information management table in the content server) to the new key to be used next when the remaining
`validity time of the key in use reaches 0, creates a new encryption key/decryption key to be used next and saves the key information (a set
`of the encryption key/decryption key, its key number, and its remaining validity time) in its own table;
`an encryption/packet transmission means in the content server that encrypts the distributed data using the encryption key in use
`stored in its own table (the key information management table in the content server) at the time of multicast distribution, and transmits a
`multicast packet containing encrypted data and the key number of the encryption key;
`a key information management table in the client that can store a pair of the decryption key in use, its key number, and its
`remaining validity time, and can store a pair of the decryption key to be used next, its key number, and its remaining validity time;
`a packet receiving/decryption means in the client that receives multicast packets sent from the content server, searches for a
`decryption key from its own table (the key information management table in the client where it exists) based on the key number in the
`received multicast packet, and decrypts the encrypted data in the multicast packet using the decryption key of that key number;
`a key management means in the client that transmits a key information request to the key management server when the remaining
`validity time of the key in use reaches the second setting value (a value smaller than the first setting value and larger than 0), saves a set
`of the decryption key to be used next, its key number, and its remaining validity time in the response message in the own table (the key
`information management table in the client where the self exists), and switches the key that was previously stored in the local table as the
`next key to be used to the new key in use based on recognition of changes in key numbers in multicast packets sent from the content
`server;
`
`a key information management table in the key management server that can store a set of a decryption key in use, its key number,
`and its remaining validity time, and a set of a decryption key to be used next, its key number, and its remaining validity time; and
`a key management means in the key management server that saves a set of the decryption key to be used next, its key number,
`and its remaining validity time in the key information message received from the content server in its own table (the key information
`management table in the key management server), transmits back a response message containing a set of the decryption key to be used
`next, its key number, and its remaining validity time to the client when receiving a key information request from the client when the
`remaining validity time of the key in use reaches the second setting value, and switches the key stored in the local table to the new key as
`the next key to be used when the remaining validity time of the key in use reaches 0.
`[0014]
`Here, the key exchange method in the multicast distribution system related to the present invention can be realized in a form that includes
`a content server key exchange control program for causing the content server to function as the key information management table, key
`management means, and encryption/packet transmission means, a client key management program for causing the client to function as the
`key information management table, packet receiving/decryption means, and key management means, and a key exchange control program
`for a key management server for causing the above key management server to function as the above key information management table
`and key management means.
`[0015]
`Further, the key exchange method in the multicast distribution system related to the present invention described above can be expressed,
`more generally, as comprising: a content server in which a network system where multicast distribution of encrypted data is performed
`creates an encryption key/decryption key, manages the encryption key/decryption key, its key number and remaining validity time,
`distributes the decryption key to be used next to the key management server within the validity time of the key in use (before the remaining
`validity time reaches 0), and transmits a multicast packet containing encrypted data and the key number of the encryption key used in the
`encryption; a client that requests the key management server to transmit the decryption key to be used next after the content server
`
`
`
`(cid:289)
`
`10
`
`20
`
`30
`
`40
`
`50
`
`

`

`
`
`(8)
`
`JP 2004-166153 A 2004.6.10
`(cid:289)
`distributes the decryption key to be used next to the key management server within the validity time of the key in use and decrypts the
`encrypted data in the multicast packet using the decryption key corresponding to the key number in the multicast packet received from the
`content server; and a key management server that manages the decryption key, its key number and remaining validity time, and receives
`the decryption key to be used next from the content server, and transmits the decryption key to be used next to the client in response to a
`request from the client.
`[0016]
`Furthe