公开(公告)号：US20140079216A1

公开(公告)日：2014-03-20

申请号：US14017016

申请日：2013-09-03

Applicant: Cisco Technology Inc.

Inventor： Erez Waisbard ,  Hillel Solow

IPC: H04N7/167

CPC classification number: H04N7/167 ,  H04H60/15 ,  H04H60/23 ,  H04N21/26606 ,  H04N21/4181 ,  H04N21/4405 ,  H04N21/4408 ,  H04N21/4623

Abstract: A method and system of preventing control word sharing, the method and system including receiving a temporal key, denoted TKi, at a removable security element, receiving an entitlement control message (ECM), the ECM including a control word derivable by the removable security element, deriving the control word from the ECM at the removable security element, combining at least the control word and a value associated with an ID of the removable security element, thereby producing combined control word and removable security element ID data, encrypting the combined control word and removable security element ID data according to an encryption function, wherein the encrypting includes using TKi as an encryption key, and at a time after a removable security element interface has received TKi, but prior to a start of a crypto period with which the control word is associated, sending the encrypted combined control word and removable security element ID data to the removable security element interface. Related apparatus, methods and systems are also described.

Abstract translation: 一种防止控制字共享的方法和系统，所述方法和系统包括在可移动安全元件处接收表示为TKi的时间密钥，接收授权控制消息（ECM），所述ECM包括可移除安全元件可导出的控制字 从可移除安全元件的ECM导出控制字，至少组合控制字和与可拆卸安全元件的ID相关联的值，从而产生组合的控制字和可移除的安全元件ID数据，对组合的控制字进行加密 以及根据加密功能的可移动安全元素ID数据，其中所述加密包括使用TKi作为加密密钥，并且在可移除安全元素接口已经接收到TKi之后但是在所述控制 字相关联，将加密的组合控制字和可移除安全元素ID数据发送到可移除安全元件i 接口 还描述了相关装置，方法和系统。

公开(公告)号：US10785234B2

公开(公告)日：2020-09-22

申请号：US15189023

申请日：2016-06-22

Applicant: Cisco Technology, Inc.

Inventor： Hillel Solow ,  Steve Epstein ,  Ezra Darshan ,  Arnold Zucker ,  Shali Mor ,  Asaf Cohen

IPC: H04L29/06 ,  G06F21/55

Abstract: In one example, a method includes for each one time period of a plurality of time periods performing a weighted random selection of a first set of intrusion detection/protection system rules from a plurality of rules, each rule of the plurality of rules having an associated probability of selection, preparing a packet inspection plan including the first set of intrusion detection/protection system rules, and sending the packet inspection plan to a network distribution device to inspect packets according to the packet inspection plan. Related apparatus and methods are also described.

公开(公告)号：US10284588B2

公开(公告)日：2019-05-07

申请号：US15276808

申请日：2016-09-27

Applicant: Cisco Technology, Inc.

Inventor： Hillel Solow ,  Ezra Darshan ,  Harel Cain ,  Steve Epstein ,  Arnold Zucker

IPC: G06F21/57 ,  H04L29/06 ,  G06F21/00

Abstract: In one embodiment, a method for assessing security posture for entities in a computing network is implemented on a computing device and includes: receiving behavior data from one or more of the entities, where the behavior data is associated with at least activity on the computing network by the one or more entities, calculating a risk score for at least one of the entities by comparing the behavior data with a classification model, where the classification model represents at least a baseline for normative network behavior by the entities in a computing network, assessing a security posture for the at least one the entities based on the risk score, and allocating network security resources to the at least one of the entities at least in accordance with the security posture.

公开(公告)号：US20150143451A1

公开(公告)日：2015-05-21

申请号：US14083807

申请日：2013-11-19

Applicant: Cisco Technology Inc.

Inventor： Hillel Solow ,  Lawrence Sol Rublin

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/20 ,  H04L63/10 ,  H04L67/12

Abstract: A method for providing safety for downloadable applications on an onboard computer in a safety critical environment includes installing an application on the onboard computer, where the application is signed by a trusted signing entity, associating a usage policy with the signed application in a safety permissions manifest, where the usage policy at least includes rules for actions allowed for the signed application under certain environmental conditions in the safety critical environment, monitoring the environmental conditions, receiving a request to perform an action from the signed application, determining whether performance of the action is permissible, where the determining is based on least on the associated usage policy and the monitored environmental conditions, and permitting/preventing the performance based on the determining. Related apparatus and methods are also described.

Abstract translation: 一种用于在安全关键环境中为板载计算机提供可下载应用程序的安全性的方法包括在机载计算机上安装应用程序，其中应用程序由可信任的签名实体签名，将使用策略与签名的应用程序相关联， 其中使用策略至少包括在安全关键环境中在特定环境条件下允许签署的应用的动作的规则，监视环境条件，从签名的应用接收执行动作的请求，确定该动作的执行是否为 允许的，其中所述确定至少基于相关联的使用策略和所监视的环境条件，以及基于所述确定允许/防止所述性能。 还描述了相关装置和方法。

公开(公告)号：US20150142798A1

公开(公告)日：2015-05-21

申请号：US14407969

申请日：2013-06-17

Applicant: Cisco Technology, Inc.

Inventor： Avraham Poupko ,  Hillel Solow ,  Perry Smith

IPC: H04L29/08 ,  G06F17/30

CPC classification number: H04L67/22 ,  G06F17/30053 ,  H04L67/26 ,  H04L67/2804 ,  H04L67/306

Abstract: A method and system for media consumption are described. The method including tagging each one of a plurality of content items with at least one metadata tag, the metadata tag including a descriptor of at least one topical attribute describing the content item, the plurality of content items being adapted for consumption on a plurality of user devices, wherein the plurality of content items are provided in multiple file formats; acquiring a history of user consumption of the plurality of content items on a plurality of user devices associated with a single user; storing a user record including the acquired user history, a plurality of metadata tags associated with user consumed content, and including a list of devices comprising the plurality of user devices associated with a single user; building a playlist based, at least in part, on the following criteria, wherein each content item which is listed on the playlist has at least one tag which is also one of a plurality of tags already stored in the user record: a) including a content item which has been started but not completely consumed, b) not including content items marked in the acquired history as being completely consumed, unless the content items have changed with respect to the version consumed, and c) including content items which have not been consumed; selecting at least one content item from the playlist; and pushing the selected at least one content item to at least one of the plurality of user devices associated with a single user, wherein if the selected at least one content item is not suitable for consumption on the at least one of the plurality of user devices, then a next item in the playlist is pushed to the least one of the plurality of user devices.

Abstract translation: 描述了用于媒体消费的方法和系统。 所述方法包括使用至少一个元数据标签来标记多个内容项中的每一个，所述元数据标签包括描述所述内容项的至少一个主题属性的描述符，所述多个内容项适于在多个用户上消费 设备，其中所述多个内容项目以多种文件格式提供; 在与单个用户相关联的多个用户设备上获取所述多个内容项目的用户消费历史; 存储包括所获取的用户历史的用户记录，与用户消费内容相关联的多个元数据标签，并且包括与单个用户相关联的包括所述多个用户设备的设备列表; 至少部分地基于以下标准构建播放列表，其中在播放列表中列出的每个内容项目具有至少一个标签，其也已经存储在用户记录中的多个标签之一：a）包括 已经开始但未完全消费的内容项目，b）不包括所获取的历史中标记为被完全消费的内容项目，除非内容项目相对于所消费的版本已经改变，以及c）包括尚未被使用的内容项目 消耗 从所述播放列表中选择至少一个内容项; 以及将所选择的至少一个内容项目推送到与单个用户相关联的所述多个用户设备中的至少一个，其中如果所选择的至少一个内容项目不适于在所述多个用户设备中的所述至少一个用户设备 ，则播放列表中的下一个项目被推送到多个用户设备中的至少一个。

公开(公告)号：US20190058910A1

公开(公告)日：2019-02-21

申请号：US15681388

申请日：2017-08-20

Applicant: Cisco Technology, Inc.

Inventor： Hillel Solow

IPC: H04N21/254 ,  G06F21/10 ,  H04L9/06 ,  H04L29/06

Abstract: In one embodiment, a computing device includes: a media player operative to at least play a content item on the computing device, a blockchain-based wallet application operative to transfer a transaction amount to a publisher wallet ID via an associated blockchain-based transaction service, a secure digital rights management (DRM) client application operative to verify the transfer of the transaction amount to said publisher wallet ID according to a public transaction ledger associated with the associated blockchain-based transaction service and upon successful verification of the transfer of the transaction amount to the publisher wallet ID at least unlock a locked version of the content item, and a processor operative to execute the media player, the blockchain-based wallet application, and the DRM client application.

公开(公告)号：US10205707B2

公开(公告)日：2019-02-12

申请号：US15168053

申请日：2016-05-29

Applicant: Cisco Technology, Inc.

Inventor： Hillel Solow

IPC: H04L29/06 ,  H04N21/235 ,  H04N21/418 ,  H04N21/426 ,  H04N21/434 ,  H04N21/4405 ,  H04N21/4623 ,  H04N21/643 ,  H04L9/28 ,  H04L12/18

Abstract: A Headend system including a packer to pack media content into a plurality of packets including a first packet and a second packet, a packet scheduler to schedule when the packets will be broadcast/multicast to a plurality of end-user devices, and calculate a plurality of timing values including a first timing value which provides an indication of how long the second packet will arrive at the end-user devices after the arrival of the first packet at the end-user devices, and an encryption engine to: encrypt the media content of the packets and the timing values, wherein the media content of the first packet and the first timing value are encrypted by different encryption algorithms, or the same encryption algorithm with different cryptographic keys.

公开(公告)号：US20180241759A1

公开(公告)日：2018-08-23

申请号：US15439965

申请日：2017-02-23

Applicant: Cisco Technology, Inc.

Inventor： Hillel Solow ,  Vered Anikster ,  David Wachtfogel

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/108 ,  G06F21/10 ,  H04L63/083 ,  H04L63/107 ,  H04L67/22 ,  H04N21/25816 ,  H04N21/25841 ,  H04W12/00502 ,  H04W12/00503 ,  H04W12/00505 ,  H04W12/00508

Abstract: In one embodiment, a method includes receiving an access request for a video service from a client device, authorizing the client device to access the video service when the client device is initiating connection to the video service via a home Internet access point in a home associated with an authorized account for the video service, determining a time restriction for access to at least part of the video service when the client device is initiating connection to the video service via a non-home Internet access point located outside the home, a duration of the time restriction being dependent upon a usage behavior of the client device, and authorizing the client device to access the at least part of the video service subject to the time restriction when the client device is initiating connection to the video service via the non-home Internet access point.

公开(公告)号：US11234033B2

公开(公告)日：2022-01-25

申请号：US15681388

申请日：2017-08-20

Applicant: Cisco Technology, Inc.

Inventor： Hillel Solow

IPC: H04N21/25 ,  G06F21/10 ,  H04N21/254 ,  H04L9/06 ,  H04L29/06 ,  H04L9/32 ,  H04N21/4405 ,  H04N21/4627 ,  G06F21/64 ,  G06Q20/38

Abstract: In one embodiment, a computing device includes: a media player operative to at least play a content item on the computing device, a blockchain-based wallet application operative to transfer a transaction amount to a publisher wallet ID via an associated blockchain-based transaction service, a secure digital rights management (DRM) client application operative to verify the transfer of the transaction amount to said publisher wallet ID according to a public transaction ledger associated with the associated blockchain-based transaction service and upon successful verification of the transfer of the transaction amount to the publisher wallet ID at least unlock a locked version of the content item, and a processor operative to execute the media player, the blockchain-based wallet application, and the DRM client application.

公开(公告)号：US10387648B2

公开(公告)日：2019-08-20

申请号：US15334311

申请日：2016-10-26

Applicant: Cisco Technology, Inc.

Inventor： Benyamin Hirschberg ,  Moshe Kravchik ,  Arie Haenel ,  Hillel Solow

IPC: G06F21/56

Abstract: In one embodiment, a system includes a central processing unit (CPU) to identify a ransomware process which encrypted a plurality of files yielding a plurality of encrypted files, in response to identifying the ransomware process, dump a memory space and a state of the CPU yielding a memory dump, and search the memory dump for a plurality of candidate encryption keys, and a decryption engine to attempt to decrypt at least one encrypted file of the plurality of encrypted files with different candidate encryption keys of the plurality of candidate encryption keys until the at least one encrypted file is successfully decrypted with one candidate encryption key of the different candidate encryption keys, and decrypt the plurality of encrypted files using the one candidate encryption key. Related apparatus and methods are also described.