公开(公告)号：US06424713B1

公开(公告)日：2002-07-23

申请号：US08972835

申请日：1997-11-18

Applicant: Eric Sprunk

Inventor： Eric Sprunk

IPC: H04L900

CPC classification number: H04N21/2347 ,  H04L9/0625 ,  H04L9/0662 ,  H04L9/088 ,  H04L9/0894 ,  H04N7/1675

Abstract: A cryptographic key is provided for cryptographically processing information. A first key is generated according to a key generator scheme. A key space of the first key is reduced in accordance with a key space reduction scheme. The reduced key space is distributed over a larger key space in accordance with a one-way key space distribution function to provide the cryptographic key. The cryptographic key has an associated first work factor for a person without knowledge of the key space distribution function, and an associated second work factor which is less than the first work factor for a person with knowledge of the key space distribution function. Information is cryptographically processed using the cryptographic key, and a new key is generated at a rate of R keys per second to provide a desired protection factor P=W/RZ for a cryptographic system having a lifetime Z.

Abstract translation: 提供加密密钥用于密码处理信息。 根据密钥发生器方案生成第一密钥。 根据密钥空间削减方案，第一密钥的密钥空间减少。 缩小的密钥空间根据单向密钥空间分配功能分布在较大的密钥空间上，以提供密码密钥。 加密密钥对于没有密钥空间分配功能的知识的人以及相关的第二工作因子具有与关键空间分配功能知识的人的第一工作因子相关联的第一工作因子。 使用加密密钥对信息进行加密处理，并且以每秒R个密钥的速率生成新密钥，以为具有寿命Z的加密系统提供期望的保护因子P = W / RZ。

公开(公告)号：US5754659A

公开(公告)日：1998-05-19

申请号：US577922

申请日：1995-12-22

Applicant: Eric Sprunk ,  Paul Moroney ,  Brant Candelore

Inventor： Eric Sprunk ,  Paul Moroney ,  Brant Candelore

IPC: G09C1/00 ,  H04B7/15 ,  H04L9/32 ,  H04L9/30

CPC classification number: H04L9/3242 ,  H04L9/3247 ,  H04L2209/12 ,  H04L2209/38 ,  H04L2209/56

Abstract: A method and apparatus are provided for generating a digital signature that authenticates information of a plurality of different information groups. Information from each group is hashed to produce a separate hash key for each group authenticating the information in that group. Particular combinations of the hash keys are hashed together to produce at least one combined hash key. Each of the hash keys is ultimately combined in a predetermined order with all other hash keys via the combined hash keys to produce the digital signature in a manner that authenticates the information of all of the information groups. The digital signature is reproducible without access to all of the information groups authenticated thereby. Instead, information from a first information group is provided together with a set of hash keys and combined hash keys embodying authenticated information from the other groups. The hash key for the first information group is produced locally and combined with the other hash keys and/or combined hash keys in order to reproduce the digital signature.

Abstract translation: 提供了一种方法和装置，用于产生认证多个不同信息组的信息的数字签名。 来自每个组的信息被散列以产生用于认证该组中的信息的每个组的单独的散列密钥。 哈希密钥的特定组合被散列在一起以产生至少一个组合的散列密钥。 每个散列密钥最终通过组合的散列密钥以预定顺序与所有其他散列密钥组合，以便以认证所有信息组的信息的方式产生数字签名。 数字签名是可重复的，无需访问由此认证的所有信息组。 相反，来自第一信息组的信息与体现来自其他组的认证信息的一组散列密钥和组合散列密钥一起提供。 用于第一信息组的散列密钥本地产生并与其它散列密钥和/或组合散列密钥组合以便再现数字签名。

公开(公告)号：US5509076A

公开(公告)日：1996-04-16

申请号：US237002

申请日：1994-05-02

Applicant: Eric Sprunk

Inventor： Eric Sprunk

IPC: G11C7/24 ,  H04L9/00

CPC classification number: G11C7/24

Abstract: Apparatus is provided for securing the integrity of a functioning system. The apparatus comprises a primary device for performing a function having a first vulnerability and a secondary device having a second vulnerability which is identical to the first vulnerability of the primary device. The secondary device is adapted to secure the function performed by the primary device in response to activity breaching the second vulnerability.

Abstract translation: 提供了用于确保功能系统完整性的装置。 该装置包括用于执行具有第一漏洞的功能的主设备和具有与主设备的第一漏洞相同的第二漏洞的辅助设备。 辅助设备适于响应于违反第二个漏洞的活动来保护由主设备执行的功能。

公开(公告)号：US08479020B2

公开(公告)日：2013-07-02

申请号：US11782721

申请日：2007-07-25

Applicant: Eric Sprunk

Inventor： Eric Sprunk

IPC: G06F12/14 ,  G06F11/30 ,  G06F15/16 ,  H04L9/08

CPC classification number: H04L9/0894

Abstract: A process may be utilized by a device to implement public key asymmetric encryption. The process encrypts a data set with a symmetric encryption key to form an encrypted data set. Further, the process encrypts the symmetric encryption key with a public key component of an asymmetric encryption key to form an asymmetric encrypted cookie. Finally, the process stores the encrypted data set and the asymmetric encrypted cookie in a non-secure area of a storage medium.

Abstract translation: 设备可以使用进程来实现公共密钥非对称加密。 该过程使用对称加密密钥对数据集进行加密以形成加密数据集。 此外，该过程使用非对称加密密钥的公共密钥组件对对称加密密钥进行加密以形成非对称加密的cookie。 最后，该过程将加密的数据集和非对称加密的cookie存储在存储介质的非安全区域中。

公开(公告)号：US08156560B2

公开(公告)日：2012-04-10

申请号：US11027206

申请日：2004-12-30

Applicant: John I. Okimoto ,  Bridget D. Kimball ,  Annie O. Chen ,  Michael T. Habrat ,  Douglas M. Petty ,  Eric Sprunk ,  Lawrence W. Tang

Inventor： John I. Okimoto ,  Bridget D. Kimball ,  Annie O. Chen ,  Michael T. Habrat ,  Douglas M. Petty ,  Eric Sprunk ,  Lawrence W. Tang

IPC: H04N7/16

CPC classification number: G06F21/10 ,  H04N7/1675 ,  H04N21/4147 ,  H04N21/4405 ,  H04N21/4408 ,  H04N21/8355

Abstract: The present invention discloses an apparatus and method for defining and enforcing rules of transition between two security domains, e.g., a transport domain and a persistent security domain. In turn, a border guard, e.g., a security device, is provided between these two domains that enforce rules for transition between the two security domains. This novel approach of defining a transport domain and a persistent security domain simplifies the classification of the digital content and its movement through the system. Namely, the border guard once established between the two systems can enforce DRM rules associated with how contents are moved between the two domains.

Abstract translation: 本发明公开了一种用于定义和实施两个安全域（例如传输域和持久安全域）之间的转换规则的装置和方法。 反过来，在这两个域之间提供边界警卫，例如安全装置，这两个域执行两个安全域之间的转换规则。 这种定义传输域和持久安全域的新颖方法简化了数字内容的分类及其通过系统的移动。 也就是说，在两个系统之间建立的边界守卫可以实施与内容在两个域之间移动的相关联的DRM规则。

公开(公告)号：US07787622B2

公开(公告)日：2010-08-31

申请号：US10712427

申请日：2003-11-13

Applicant: Eric Sprunk

Inventor： Eric Sprunk

IPC: H04K1/06 ,  G06F12/14

CPC classification number: H04N21/44055 ,  H04N7/163 ,  H04N7/1675 ,  H04N21/23476 ,  H04N21/26606 ,  H04N21/26613 ,  H04N21/4181 ,  H04N21/43607

Abstract: A system and method for digital data distribution is disclosed. The system and method provides a set of one or more source streams encoded by an encoder to form a common data stream for distribution to a plurality of destination systems, each authorized to access at least a portion of the common data stream. Encryption comprises obtaining the source stream, identifying some blocks of the source stream as secure blocks, identifying some other blocks of the source stream as unsecured blocks, encrypting the secure blocks for each of a plurality of destination system classes wherein each of the plurality of destination systems is a member of one or more destination system classes, and each of the blocks of an encrypted secure block set is decryptable by destination systems in the class associated with that encrypted secure block set.

Abstract translation: 公开了一种用于数字数据分配的系统和方法。 系统和方法提供由编码器编码的一个或多个源流集合，以形成用于分配给多个目的地系统的公共数据流，每个目标系统被授权访问公共数据流的至少一部分。 加密包括获得源流，将源流的一些块识别为安全块，将源流的一些其他块识别为不安全块，对多个目的地系统类中的每一个加密安全块，其中多个目的地中的每一个 系统是一个或多个目的地系统类的成员，并且加密的安全块集合的每个块可以由与该加密的安全块集相关联的类中的目的地系统解密。

公开(公告)号：US20080049942A1

公开(公告)日：2008-02-28

申请号：US11846045

申请日：2007-08-28

Applicant: Eric Sprunk ,  Alexander Medvinsky ,  Xin Qiu ,  Stuart Moskovics ,  Liqiang Chen

Inventor： Eric Sprunk ,  Alexander Medvinsky ,  Xin Qiu ,  Stuart Moskovics ,  Liqiang Chen

IPC: H04L9/08

CPC classification number: H04L9/0844 ,  H04L9/006 ,  H04L9/0822 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/0823 ,  H04L63/166

Abstract: A system and method for securely distributing PKI data, such as one or more private keys or other confidential digital information, from a PKI data generation facility to a product in a product personalization facility that is not connected to the PKI data generation facility and is assumed to be a non-secure product personalization facility. The system includes a PKI data loader for securely transmitting the encrypted PKI data transferred from the PKI data generator to a PKI server at the product personalization facility. The PKI server then transfers the PKI data to the product of interest, typically via a PKI station acting as a proxy between the PKI server and the product. In each communication step, PKI data being transferred is encrypted multiple times and the system is designed such that if any intermediate node is compromised with all of its keys, the overall system has not yet been compromised.

Abstract translation: 用于将PKI数据（例如一个或多个私钥或其他机密数字信息）的PKI数据安全地分发到不连接到PKI数据生成设备并被假定的产品个性化设施中的产品的系统和方法 成为不安全的产品个性化设施。 该系统包括PKI数据加载器，用于将从PKI数据发生器传送的加密的PKI数据安全地发送到产品个性化设施的PKI服务器。 PKI服务器然后将PKI数据传送到感兴趣的产品，通常通过充当PKI服务器和产品之间代理的PKI站。 在每个通信步骤中，正在传送的PKI数据被加密多次，并且系统被设计成使得如果任何中间节点与其所有密钥相冲突，则整个系统尚未被破坏。

公开(公告)号：US20070091345A1

公开(公告)日：2007-04-26

申请号：US11255113

申请日：2005-10-20

Applicant: Xin Qiu ,  Bridget Kimball ,  Eric Sprunk ,  Lawrence Tang

Inventor： Xin Qiu ,  Bridget Kimball ,  Eric Sprunk ,  Lawrence Tang

IPC: G06K15/00

CPC classification number: H04L9/083 ,  H04L9/0841 ,  H04L63/0428 ,  H04L2463/062

Abstract: According to one embodiment of the invention a system is utilized to leverage the security arrangement between a first and second device to establish a secure link between the first device and a third device. One embodiment of the invention is particularly suitable for loading security data on a set top box, such as that utilized in the cable television industry.

Abstract translation: 根据本发明的一个实施例，利用系统利用第一和第二设备之间的安全布置来建立第一设备和第三设备之间的安全链路。 本发明的一个实施例特别适合于将安全数据加载在诸如有线电视工业中使用的机顶盒上。

公开(公告)号：US20060149676A1

公开(公告)日：2006-07-06

申请号：US11027830

申请日：2004-12-30

Applicant: Eric Sprunk ,  Alexander Medvinsky

Inventor： Eric Sprunk ,  Alexander Medvinsky

IPC: H04L9/00

CPC classification number: H04L9/0822 ,  H04L9/0841 ,  H04L2209/60

Abstract: The present invention discloses an apparatus and method for providing a secure move of a content decryption key within or between domains. Namely, the present invention addresses the single copy usage rule by restricting the movement of the decryption key instead of restricting the movement of the encrypted content itself.

Abstract translation: 本发明公开了一种用于提供域内或域之间的内容解密密钥的安全移动的装置和方法。 即，本发明通过限制解密密钥的移动而不是限制加密内容本身的移动来解决单一复制使用规则。

公开(公告)号：US20060020790A1

公开(公告)日：2006-01-26

申请号：US11233902

申请日：2005-09-23

Applicant: Eric Sprunk

Inventor： Eric Sprunk

IPC: H04L9/00

CPC classification number: H04N7/163 ,  H04N21/2543 ,  H04N21/26606 ,  H04N21/4143 ,  H04N21/4334 ,  H04N21/454 ,  H04N21/63345

Abstract: According to the invention, a method for securing a plaintext object within a content receiver is disclosed. In one step, a secure portion of a secure object and a plaintext remainder of the secure object are received. Which portion of the secure object is the secure portion is determined. The secure portion is decrypted to provide a plaintext portion. The plaintext object that comprises the plaintext portion and the plaintext remainder is formed. The plaintext object is stored. including authentication and authorization.

Abstract translation: 根据本发明，公开了一种用于保护内容接收器内的明文对象的方法。 在一个步骤中，接收安全对象的安全部分和安全对象的明文剩余部分。 确定安全对象的哪个部分是安全部分。 解密安全部分以提供明文部分。 形成包含明文部分和明文余数的明文对象。 明文对象被存储。 包括认证和授权。