公开(公告)号：US20060059342A1

公开(公告)日：2006-03-16

申请号：US11228180

申请日：2005-09-16

申请人： Alexander Medvinsky ,  Paul Moroney ,  Eric Sprunk ,  Petr Peterka

发明人： Alexander Medvinsky ,  Paul Moroney ,  Eric Sprunk ,  Petr Peterka

IPC分类号： H04L9/00

CPC分类号： H04L9/0825 ,  G11B20/0021 ,  G11B20/00731 ,  H04L9/0822 ,  H04L9/083 ,  H04L2209/603 ,  H04N21/26606 ,  H04N21/26613 ,  H04N21/4181 ,  H04N21/63345 ,  H04N21/8355

摘要： Described herein are embodiments that provide an approach to cryptographic key management for a digital rights management (DRM) architecture that includes multiple levels of key management for minimizing bandwidth usage while maximizing security for the DRM architecture. In one embodiment, there is provided a data structure for cryptographic key management that includes a public/private key pair and three additional layers of symmetric keys for authorizing access to a plurality of contents.

摘要翻译： 这里描述的是提供用于数字版权管理（DRM）架构的加密密钥管理的方法的实施例，其包括用于最小化带宽使用的多级密钥管理，同时最大化DRM架构的安全性。 在一个实施例中，提供了一种用于加密密钥管理的数据结构，其包括用于授权访问多个内容的公钥/私钥对和三个对称密钥层。

公开(公告)号：US09171569B2

公开(公告)日：2015-10-27

申请号：US12108719

申请日：2008-04-24

申请人： Petr Peterka ,  Alexander Medvinsky ,  Paul Moroney ,  Rafie Shamsaasef

发明人： Petr Peterka ,  Alexander Medvinsky ,  Paul Moroney ,  Rafie Shamsaasef

IPC分类号： G11B20/00 ,  G11B27/30 ,  H04N7/167 ,  H04N21/254 ,  H04N21/4147 ,  H04N21/436 ,  H04N21/4367 ,  H04N21/4408 ,  H04N21/4627 ,  H04N21/835 ,  H04N21/8355 ,  H04N21/845

CPC分类号： G11B20/00086 ,  G11B20/00166 ,  G11B20/0021 ,  G11B20/00507 ,  G11B20/00731 ,  G11B27/30 ,  G11B2220/2516 ,  H04N7/1675 ,  H04N21/2541 ,  H04N21/4135 ,  H04N21/4147 ,  H04N21/43615 ,  H04N21/43622 ,  H04N21/4367 ,  H04N21/4408 ,  H04N21/4627 ,  H04N21/835 ,  H04N21/8355 ,  H04N21/8456

摘要： A process may be utilized by the DVR. The process receives a plurality of segments of a set of content and a plurality of corresponding content rule sets. Further, the process provides one or more instructions to record and encrypt the plurality of segments of the set of content on a storage medium. In addition, the process provides the plurality of content rule sets to the DRM component to be inserted into a locally generated and secured content license associated with the encryption of the set of content. The secured content license includes a master key and a list of the plurality of corresponding content rule sets that have been received in order of reception. The process receives a plurality of marker tokens from the DRM component in order to facilitate trick mode playback.

摘要翻译： DVR可以利用一个过程。 该过程接收一组内容和多个对应的内容规则集合的多个片段。 此外，该过程提供一个或多个指令以在存储介质上记录和加密该组内容的多个段。 此外，该过程向DRM组件提供多个内容规则集以被插入到与该组内容的加密相关联的本地生成和安全的内容许可中。 安全内容许可证包括主密钥和已经按照接收顺序接收的多个对应的内容规则集的列表。 该过程从DRM组件接收多个标记符号以便于特技模式回放。

公开(公告)号：US08462954B2

公开(公告)日：2013-06-11

申请号：US12474259

申请日：2009-05-28

申请人： Paul Moroney ,  Petr Peterka

发明人： Paul Moroney ,  Petr Peterka

IPC分类号： H04L9/08

CPC分类号： G06F21/10 ,  H04N21/4408 ,  H04N21/4627 ,  H04N21/8352 ,  H04N21/8355

摘要： In a method for encrypting content, the content is received in a device and at least a portion of the content is stored to thereby associate the content with one of a first copy control state and a second copy control state. The method includes creating at least one of a first content pre-key using a local storage key unique to the device as a key to encrypt the content ID of the content and a second content pre-key using the first content pre-key as a key to encrypt the first copy control state, creating a content encryption key using one of the first content pre-key as a key to encrypt the first copy control state and the second content pre-key as a key to encrypt the second copy control state, and encrypting the content using the content encryption key.

摘要翻译： 在用于加密内容的方法中，在设备中接收内容，并且存储内容的至少一部分，从而将内容与第一复制控制状态和第二复制控制状态之一相关联。 该方法包括使用设备唯一的本地存储密钥来创建第一内容预密钥中的至少一个作为密钥来加密内容的内容ID，第二内容预密钥使用第一内容预密钥作为 用于加密第一复制控制状态的密钥，使用第一内容预密钥之一作为加密第一复制控制状态的密钥和第二内容预密钥作为加密第二复制控制状态的密钥来创建内容加密密钥 ，并使用内容加密密钥加密内容。

公开(公告)号：US08255989B2

公开(公告)日：2012-08-28

申请号：US10170951

申请日：2002-06-12

申请人： Alexander Medvinsky ,  Petr Peterka ,  Paul Moroney

发明人： Alexander Medvinsky ,  Petr Peterka ,  Paul Moroney

IPC分类号： G06F7/04

CPC分类号： H04L63/0457 ,  G06F21/10 ,  G06F21/602 ,  G06F21/606 ,  H04L63/0407 ,  H04L63/062 ,  H04L63/0807 ,  H04L65/607 ,  H04L65/608

摘要： A session rights object and authorization data are used for defining a consumer's access right to a media content stream. The access rights are determined at a caching server remotely located from the consumer rather than locally at the end user site. In a first aspect, in a computing network having a content provider, a key distribution center, a caching server and a client, a method for controlling client access to a real-time data stream from the caching server, is disclosed. The method includes receiving, by the client, a session rights object from a content provider, the session rights object defining access rules for accessing the real-time data stream; receiving, by the client, authorization data from the key distribution center, the authorization data defining the client's access rights to the real-time data stream; forwarding to the caching server the session rights object and the authorization data; comparing, by the caching server, the session rights object with the authorization data to determine client authorization; and if the client is authorized, streaming, by the caching server, the real-time data stream to the client.

摘要翻译： 会话权限对象和授权数据用于定义消费者对媒体内容流的访问权限。 访问权限在远程位于消费者的缓存服务器上确定，而不是在最终用户站点本地。 在第一方面，在具有内容提供商，密钥分配中心，高速缓存服务器和客户端的计算网络中，公开了一种用于控制来自高速缓存服务器的客户端对实时数据流的访问的方法。 该方法包括从客户端接收来自内容提供商的会话权限对象，会话权限对象定义用于访问实时数据流的访问规则; 由客户端从密钥分配中心接收授权数据，定义客户端对实时数据流的访问权限; 转发到缓存服务器会话权限对象和授权数据; 通过缓存服务器比较会话权限对象与授权数据，以确定客户端授权; 并且如果客户端被授权，则通过缓存服务器流式传输到客户端的实时数据流。

公开(公告)号：US20110161660A1

公开(公告)日：2011-06-30

申请号：US12648768

申请日：2009-12-29

申请人： Jiang Zhang ,  Alexander Medvinsky ,  Paul Moroney ,  Petr Peterka

发明人： Jiang Zhang ,  Alexander Medvinsky ,  Paul Moroney ,  Petr Peterka

IPC分类号： H04L9/32 ,  G06F21/20 ,  H04L29/06 ,  G06F7/58

CPC分类号： H04L63/061 ,  H04L9/0841 ,  H04L9/3226 ,  H04L9/3263 ,  H04L9/3271 ,  H04L63/0442 ,  H04L63/0823 ,  H04L63/0869 ,  H04L63/123 ,  H04L2463/061

摘要： In a method of temporarily registering a second device with a first device, in which the first device includes a temporary registration mode, the temporary registration mode in the first device is activated, a temporary registration operation in the first device is initiated from the second device, a determination as to whether the second device is authorized to register with the first device is made, and the second device is temporarily registered with the first device in response to a determination that the second device is authorized to register with the first device, in which the temporary registration requires that at least one of the second device and the first device delete information required for the temporary registration following at least one of a determination of a network connection between the first device and the second device and a powering off of at least one of the first device and the second device.

摘要翻译： 在第一设备暂时注册第二设备的方法中，其中第一设备包括临时注册模式，激活第一设备中的临时注册模式，从第二设备启动第一设备中的临时注册操作 进行关于第二设备是否被授权向第一设备注册的确定，并且响应于第二设备被授权向第一设备注册的确定，第二设备被临时登记到第一设备， 所述暂时注册要求所述第二设备和所述第一设备中的至少一个删除在所述第一设备和所述第二设备之间的网络连接的确定中的至少一个之后临时注册所需的信息，以及至少 第一个设备和第二个设备之一。

公开(公告)号：US20090285401A1

公开(公告)日：2009-11-19

申请号：US12468839

申请日：2009-05-19

申请人： Paul Moroney ,  Petr Peterka ,  Jiang Zhang

发明人： Paul Moroney ,  Petr Peterka ,  Jiang Zhang

IPC分类号： H04L9/06 ,  G06Q30/00 ,  G06F21/00 ,  H04L9/00

CPC分类号： H04N7/1675 ,  G06Q30/06 ,  H04N21/26606 ,  H04N21/4405 ,  H04N21/4623

摘要： Providing access to content for devices is performed by providing multiple entitlement management messages (EMMs), each which including a service key, to the plurality of devices. Also, a same entitlement control message (ECM) is provided to the devices. The ECM includes an encrypted traffic key for decrypting content. Each of the devices derives an access key from the service key according to a business model level of access to the content for a user of the devices and uses the access key to decrypt the traffic key to access the content according to the business model level of access to the content for the each of the plurality of devices.

摘要翻译： 通过向多个设备提供包括服务密钥的多个授权管理消息（EMM）来提供对设备的内容的访问。 此外，向设备提供相同的授权控制消息（ECM）。 ECM包括用于解密内容的加密业务密钥。 每个设备根据对设备的用户的内容的访问的业务模型级别从服务密钥导出访问密钥，并且使用访问密钥来解​​密业务密钥以根据业务模型级别 访问多个设备中的每一个的内容。

公开(公告)号：US08788810B2

公开(公告)日：2014-07-22

申请号：US12648768

申请日：2009-12-29

申请人： Jiang Zhang ,  Alexander Medvinsky ,  Paul Moroney ,  Petr Peterka

发明人： Jiang Zhang ,  Alexander Medvinsky ,  Paul Moroney ,  Petr Peterka

IPC分类号： G06F11/30

CPC分类号： H04L63/061 ,  H04L9/0841 ,  H04L9/3226 ,  H04L9/3263 ,  H04L9/3271 ,  H04L63/0442 ,  H04L63/0823 ,  H04L63/0869 ,  H04L63/123 ,  H04L2463/061

摘要： In a method of temporarily registering a second device with a first device, in which the first device includes a temporary registration mode, the temporary registration mode in the first device is activated, a temporary registration operation in the first device is initiated from the second device, a determination as to whether the second device is authorized to register with the first device is made, and the second device is temporarily registered with the first device in response to a determination that the second device is authorized to register with the first device, in which the temporary registration requires that at least one of the second device and the first device delete information required for the temporary registration following at least one of a determination of a network connection between the first device and the second device and a powering off of at least one of the first device and the second device.

摘要翻译： 在第一设备暂时注册第二设备的方法中，其中第一设备包括临时注册模式，激活第一设备中的临时注册模式，从第二设备启动第一设备中的临时注册操作 进行关于第二设备是否被授权向第一设备注册的确定，并且响应于第二设备被授权向第一设备注册的确定，第二设备被临时登记到第一设备， 所述暂时注册要求所述第二设备和所述第一设备中的至少一个删除在所述第一设备和所述第二设备之间的网络连接的确定中的至少一个之后临时注册所需的信息，以及至少 第一个设备和第二个设备之一。

公开(公告)号：US20090296940A1

公开(公告)日：2009-12-03

申请号：US12474259

申请日：2009-05-28

申请人： Paul Moroney ,  Petr Peterka

发明人： Paul Moroney ,  Petr Peterka

IPC分类号： H04L9/08 ,  H04L9/00 ,  G06F21/24

CPC分类号： G06F21/10 ,  H04N21/4408 ,  H04N21/4627 ,  H04N21/8352 ,  H04N21/8355

摘要： In a method for encrypting content, the content is received in a device and at least a portion of the content is stored to thereby associate the content with one of a first copy control state and a second copy control state. The method includes creating at least one of a first content pre-key using a local storage key unique to the device as a key to encrypt the content ID of the content and a second content pre-key using the first content pre-key as a key to encrypt the first copy control state, creating a content encryption key using one of the first content pre-key as a key to encrypt the first copy control state and the second content pre-key as a key to encrypt the second copy control state, and encrypting the content using the content encryption key.

摘要翻译： 在用于加密内容的方法中，在设备中接收内容，并且存储内容的至少一部分，从而将内容与第一复制控制状态和第二复制控制状态之一相关联。 该方法包括使用设备唯一的本地存储密钥来创建第一内容预密钥中的至少一个作为密钥来加密内容的内容ID，第二内容预密钥使用第一内容预密钥作为 用于加密第一复制控制状态的密钥，使用第一内容预密钥之一作为加密第一复制控制状态的密钥和第二内容预密钥作为加密第二复制控制状态的密钥来创建内容加密密钥 ，并使用内容加密密钥加密内容。

公开(公告)号：US20080270308A1

公开(公告)日：2008-10-30

申请号：US11843335

申请日：2007-08-22

申请人： Petr Peterka ,  Alexander Medvinsky ,  Paul Moroney

发明人： Petr Peterka ,  Alexander Medvinsky ,  Paul Moroney

IPC分类号： G06Q10/00

CPC分类号： H04N21/440281 ,  G06F21/10 ,  G06F2221/0784 ,  G06F2221/2137 ,  G06F2221/2151 ,  H04N21/4147 ,  H04N21/4408 ,  H04N21/4627 ,  H04N21/8456

摘要： A process may be utilized by a DVR. The process characterizes a set of content as a plurality of segments as the set of content is received. Each of the segments has a segment length according to a predetermined time interval. Further, the process encrypts each of the segments with a corresponding content encryption key to generate a plurality of encrypted segments. The corresponding content encryption key for each of the segments is generated by the DRM component. In addition, the process stores each of the encrypted segments for playback with trick play features in accordance with an expiration content rule having a time limit on the temporary playability of the set of content.

摘要翻译： DVR可以利用进程。 当接收到内容集合时，该过程将一组内容表征为多个段。 每个段具有根据预定时间间隔的段长度。 此外，该过程使用对应的内容加密密钥来加密每个段，以生成多个加密段。 每个段的相应内容加密密钥由DRM组件产生。 此外，该过程根据具有对该组内容的临时播放性具有时间限制的期满内容规则，将每个加密段用于播放特技播放特征。

公开(公告)号：US07243366B2

公开(公告)日：2007-07-10

申请号：US10092347

申请日：2002-03-04

申请人： Alexander Medvinsky ,  Petr Peterka ,  Paul Moroney ,  Eric Sprunk

发明人： Alexander Medvinsky ,  Petr Peterka ,  Paul Moroney ,  Eric Sprunk

IPC分类号： G06F17/30 ,  G06F7/04 ,  G06K9/00 ,  H04L9/32 ,  H04L9/00

CPC分类号： H04L63/04 ,  G06Q20/367 ,  H04L63/062 ,  H04L63/08 ,  H04L2463/101

摘要： A digital rights management architecture for securely delivering content to authorized consumers. The architecture includes a content provider and a consumer system for requesting content from the content provider. The content provider generates a session rights object having purchase options selected by the consumer. A KDC thereafter provides authorization data to the consumer system. Also, a caching server is provided for comparing the purchase options with the authorization data. The caching server forwards the requested content to the consumer system if the purchase options match the authorization data. Note that the caching server employs real time streaming for securely forwarding the encrypted content, and the requested content is encrypted for forwarding to the consumer system. Further, the caching server and the consumer system exchange encrypted control messages (and authenticated) for supporting transfer of the requested content. In this manner, all interfaces between components are protected by encryption and/authenticated.

摘要翻译： 数字版权管理架构，用于将权限安全地传递给授权消费者。 该架构包括内容提供商和用于从内容提供商请求内容的消费者系统。 内容提供商生成具有由消费者选择的购买选项的会话权限对象。 KDC此后向消费者系统提供授权数据。 此外，还提供了一个缓存服务器，用于将购买选项与授权数据进行比较。 如果购买选项与授权数据匹配，则缓存服务器将所请求的内容转发到消费者系统。 请注意，缓存服务器采用实时流式传输安全地转发加密的内容，并且所请求的内容被加密以转发到消费者系统。 此外，缓存服务器和消费者系统交换加密的控制消息（并被认证）以支持所请求的内容的传送。 以这种方式，组件之间的所有接口都受到加密和/或认证的保护。