公开(公告)号：US20090274295A1

公开(公告)日：2009-11-05

申请号：US12500791

申请日：2009-07-10

Applicant: Xin Qiu ,  Eric J. Sprunk

Inventor： Xin Qiu ,  Eric J. Sprunk

IPC: H04L9/30 ,  H04L9/00

CPC classification number: H04N7/52 ,  H04L9/088 ,  H04N7/1675 ,  H04N21/2347 ,  H04N21/2365 ,  H04N21/4347 ,  H04N21/4405

Abstract: A system to transmit a set of programs from a transmitter to a receiver is used to accommodate different levels of security used for each program. When a high level of security is necessary for transmitting or receiving a program the transmitter and/or receiver is operable to accommodate that level of security. Thus, both transmitters and receivers are operable to be reconfigured to encrypt or decrypt, respectively, at different levels. Accordingly, differing amounts of programs can be transmitted or received based on the resource requirements needed at any level of security. Consequently, a high level of encryption/decryption requires more resources and allows the processing of fewer services, while a lower level of encryption/decryption allows more services to be transmitted/received.

Abstract translation: 用于将一组节目从发射机发送到接收机的系统被用于适应用于每个节目的不同级别的安全性。 当需要高水平的安全性来发送或接收程序时，发射器和/或接收器可操作以适应该级别的安全性。 因此，发射机和接收机都可以被重新配置以分别在不同的级别进行加密或解密。 因此，可以基于任何安全级别所需的资源要求来发送或接收不同数量的程序。 因此，高级别的加密/解密需要更多的资源并且允许处理较少的服务，而较低级别的加密/解密允许发送/接收更多的服务。

公开(公告)号：US07450717B1

公开(公告)日：2008-11-11

申请号：US09588828

申请日：2000-06-07

Applicant: Eric J. Sprunk ,  Xin Qiu

Inventor： Eric J. Sprunk ,  Xin Qiu

IPC: H04L9/34

CPC classification number: H04L9/3247 ,  H04L9/0618 ,  H04L2209/38

Abstract: Existing key encryption approaches are extended by using overlapping portions of encrypted information. Another provision inserts one or more bits of data to ensure correct encryption/decryption. The inserted data can also be used for authentication.

Abstract translation: 通过使用加密信息的重叠部分来扩展现有密钥加密方法。 另一个规定插入一个或多个数据位以确保正确的加密/解密。 插入的数据也可以用于认证。

公开(公告)号：US20080162928A1

公开(公告)日：2008-07-03

申请号：US11616348

申请日：2006-12-27

Applicant: Xin Qiu ,  Petr Peterka ,  Eric J. Sprunk

Inventor： Xin Qiu ,  Petr Peterka ,  Eric J. Sprunk

IPC: H04L9/32

CPC classification number: H04L9/3268 ,  H04L2209/603

Abstract: An apparatus and method for providing at least one root certificate are disclosed. Specifically, a plurality of root certificates is received and stored. Afterwards, a request is received from a first endpoint device for a desired root certificate, where the desired root certificate is used by the first endpoint device to verify an identity of a second endpoint device. Furthermore, the first endpoint device and the second endpoint device are associated with different certificate hierarchies. The desired root certificate is then sent to at least the first endpoint device.

Abstract translation: 公开了一种用于提供至少一个根证书的设备和方法。 具体地，接收并存储多个根证书。 之后，从第一端点设备接收针对所需根证书的请求，其中期望的根证书由第一端点设备用于验证第二端点设备的身份。 此外，第一端点设备和第二端点设备与不同的证书层级相关联。 然后将期望的根证书发送到至少第一端点设备。

公开(公告)号：US08544077B2

公开(公告)日：2013-09-24

申请号：US12490124

申请日：2009-06-23

Applicant: Eric J. Sprunk ,  Paul Moroney ,  Alexander Medvinsky ,  Steven E. Anderson ,  Jonathan A. Fellows

Inventor： Eric J. Sprunk ,  Paul Moroney ,  Alexander Medvinsky ,  Steven E. Anderson ,  Jonathan A. Fellows

IPC: G06F7/04

CPC classification number: H04L29/06027 ,  G06F12/1408 ,  G06F21/606 ,  G06F2207/7219 ,  G06F2211/008 ,  G06F2221/2129 ,  H04L9/083 ,  H04L9/0841 ,  H04L9/3213 ,  H04L9/3263 ,  H04L63/0435 ,  H04L63/0442 ,  H04L63/061 ,  H04L63/062 ,  H04L63/0807 ,  H04L63/12 ,  H04L65/1043

Abstract: A secure Internet Protocol (IP) telephony system, apparatus, and methods are disclosed. Communications over an IP telephony system can be secured by securing communications to and from a Cable Telephony Adapter (CTA). The system can include one or more CTAs, network servers, servers configured as signaling controllers, key distribution centers (KDC), and can include gateways that couple the IP telephony system to a Public Switched Telephone Network (PSTN). Each CTA can be configured as secure hardware and can be configured with multiple encryption keys that are used to communicate signaling or bearer channel communications. The KDC can be configured to periodically distribute symmetric encryption keys to secure communications between devices that have been provisioned to operate in the system and signaling controllers. The secure devices, such as the CTA, can communicate with other secure devices by establishing signaling and bearer channels that are encrypted with session specific symmetric keys derived from a symmetric key distributed by a signaling controller.

公开(公告)号：US08356314B2

公开(公告)日：2013-01-15

申请号：US11250352

申请日：2005-10-14

Applicant: Eric J. Sprunk

Inventor： Eric J. Sprunk

IPC: H04N7/16 ,  H04N7/167

CPC classification number: H04L63/08 ,  H04N7/1675 ,  H04N21/23476 ,  H04N21/2541 ,  H04N21/4117 ,  H04N21/435 ,  H04N21/4424 ,  H04N21/4623 ,  H04N21/8166 ,  H04N21/835 ,  H04N21/8355 ,  H04N2005/91364

Abstract: A method for securing a plaintext object within a content receiver is described. In one step, a secure portion of a secure object and a plaintext remainder of the secure object are received. Which portion of the secure object is the secure portion is determined. The secure portion is decrypted to provide a plaintext portion. The plaintext object that comprises the plaintext portion and the plaintext remainder is formed. The plaintext object is stored including authentication and authorization.

Abstract translation: 描述了用于保护内容接收器内的明文对象的方法。 在一个步骤中，接收安全对象的安全部分和安全对象的明文剩余部分。 确定安全对象的哪一部分是安全部分。 解密安全部分以提供明文部分。 形成包含明文部分和明文余数的明文对象。 存储明文对象包括认证和授权。

公开(公告)号：US08321663B2

公开(公告)日：2012-11-27

申请号：US12650943

申请日：2009-12-31

Applicant: Alexander Medvinsky ,  Tat Keung Chan ,  Eric J. Sprunk

Inventor： Alexander Medvinsky ,  Tat Keung Chan ,  Eric J. Sprunk

IPC: H04L9/00

CPC classification number: H04L9/3263 ,  H04L9/3247 ,  H04L63/0823 ,  H04L63/162 ,  H04L2209/60 ,  H04L2209/80 ,  H04W12/06

Abstract: A method is provided for enhancing security of a communication session between first and second endpoints which employs a key management protocol. The method includes sending a first message to a first end point over a communications network requesting a secure communication session therewith. The message includes an identity of a second end point requesting the authenticated communication session. A digital certificate is received from the first endpoint over the communications network. The digital certificate is issued by a certifying source verifying information contained in the digital certificate. The digital certificate includes a plurality of fields, one or more of which are transformed in accordance with a transformation algorithm. A reverse transform is applied to the one or more transformed fields to obtain the one or more fields. The digital certificate is validated and a second message is sent to the first endpoint indicating that validation is complete.

Abstract translation: 提供了一种用于增强使用密钥管理协议的第一和第二端点之间的通信会话的安全性的方法。 该方法包括通过通信网络向第一终端发送请求与其的安全通信会话的第一消息。 该消息包括请求认证通信会话的第二端点的标识。 通过通信网络从第一端点接收数字证书。 数字证书由认证来源验证数字证书中包含的信息。 数字证书包括多个字段，其中一个或多个字段根据变换算法进行变换。 对一个或多个变换字段应用反向变换以获得一个或多个字段。 验证数字证书，并将第二个消息发送到第一个端点，表示验证完成。

公开(公告)号：US20110161661A1

公开(公告)日：2011-06-30

申请号：US12650943

申请日：2009-12-31

Applicant: Alexander Medvinsky ,  Tat Keung Chan ,  Eric J. Sprunk

Inventor： Alexander Medvinsky ,  Tat Keung Chan ,  Eric J. Sprunk

IPC: H04L9/32 ,  H04L29/06 ,  H04L9/28

CPC classification number: H04L9/3263 ,  H04L9/3247 ,  H04L63/0823 ,  H04L63/162 ,  H04L2209/60 ,  H04L2209/80 ,  H04W12/06

Abstract: A method is provided for enhancing security of a communication session between first and second endpoints which employs a key management protocol. The method includes sending a first message to a first end point over a communications network requesting a secure communication session therewith. The message includes an identity of a second end point requesting the authenticated communication session. A digital certificate is received from the first endpoint over the communications network. The digital certificate is issued by a certifying source verifying information contained in the digital certificate. The digital certificate includes a plurality of fields, one or more of which are transformed in accordance with a transformation algorithm. A reverse transform is applied to the one or more transformed fields to obtain the one or more fields. The digital certificate is validated and a second message is sent to the first endpoint indicating that validation is complete.

Abstract translation: 提供了一种用于增强使用密钥管理协议的第一和第二端点之间的通信会话的安全性的方法。 该方法包括通过通信网络向第一终端发送请求与其的安全通信会话的第一消息。 该消息包括请求认证通信会话的第二端点的标识。 通过通信网络从第一端点接收数字证书。 数字证书由认证来源验证数字证书中包含的信息。 数字证书包括多个字段，其中一个或多个字段根据变换算法进行变换。 对一个或多个变换字段应用反向变换以获得一个或多个字段。 验证数字证书，并将第二个消息发送到第一个端点，表示验证完成。

公开(公告)号：US06810525B1

公开(公告)日：2004-10-26

申请号：US09631328

申请日：2000-08-03

Applicant: Reem Safadi ,  Eric J. Sprunk ,  Doug Makofka ,  Ray Bontempi

Inventor： Reem Safadi ,  Eric J. Sprunk ,  Doug Makofka ,  Ray Bontempi

IPC: H04N7173

CPC classification number: H04N21/47211 ,  G06Q20/12 ,  G06Q20/145 ,  G06Q20/3674 ,  G07F17/16 ,  H04N7/165 ,  H04N7/1675 ,  H04N21/2543 ,  H04N21/25875 ,  H04N21/478 ,  H04N21/6125 ,  H04N21/63345 ,  H04N2007/1739

Abstract: A method and system are provided for impulse purchasing of services over a communication network, such as a cable or satellite television network. Such services can include games or information accompanying television programming, home-shopping, e-mail services, streaming media and the like. Security is provided through entitlements generated by the access controller 14 and entitlement tokens generated by a secure processor. The secure processor is located at a subscriber terminal 16 through which a subscriber orders and obtains the services. A token is generated when the subscriber either selects the service, if pre-authorized, or when the service is purchased on impulse. The token is secure and signed, and may be used by a policy/proxy server 18 subtending to the Network Operator's ISP and associated services to further facilitate offering these services to the subscribers.

Abstract translation: 提供了一种方法和系统，用于通过诸如有线电视或卫星电视网络的通信网络的脉冲购买服务。 这样的服务可以包括伴随电视节目，家庭购物，电子邮件服务，流媒体等的游戏或信息。 通过由访问控制器14产生的授权和由安全处理器产生的授权令牌来提供安全性。 安全处理器位于用户终端16，用户通过该终端订购并获得服务。 当用户选择服务时，如果预先授权，或者服务是按冲动购买的，则产生一个令牌。 该令牌是安全和签名的，并且可以被对准网络运营商的ISP和相关联的服务的策略/代理服务器18使用，以进一步促进向订户提供这些服务。

公开(公告)号：US07929701B1

公开(公告)日：2011-04-19

申请号：US10049812

申请日：2000-01-28

Applicant: Eric J. Sprunk ,  Paul Moroney

Inventor： Eric J. Sprunk ,  Paul Moroney

IPC: H04L9/00 ,  H04L29/06

CPC classification number: H04L29/06027 ,  G06F12/1408 ,  G06F21/606 ,  G06F2207/7219 ,  G06F2211/008 ,  G06F2221/2129 ,  H04L9/3263 ,  H04L63/0435 ,  H04L63/062 ,  H04L63/30 ,  H04L65/1043 ,  H04L2209/56 ,  Y02E50/17

Abstract: Multiple public/private key pairs of varying levels of security are used to provide a high level of security while still allowing fast processing of encrypted information. The lower-security level includes keys that are small in length, that are changed relatively often, and that require less or fewer resources to implement their functions. When it is required to change key pairs of low security, a key pair at a higher security level (i.e., longer length keys) than the lower-security level keys is used to transfer the new lower-security public keys to devices using those keys. The higher-security keys can, in turn, be changed at a frequency lower than the lower-security keys. The higher-security keys require a higher level of resources to perform their coding operations. This approach of using keys of escalating levels of security to replace lower-security keys, where the higher-security keys require more resources, are more secure, and are replaced less often than the lower-security keys, can be followed as many times as is desired to create a hierarchy of public key uses with the result that the lower-security operations can be performed quickly while the overall system security is high.

Abstract translation: 使用不同级别的安全性的多个公钥/私钥对来提供高水平的安全性，同时仍然允许加密信息的快速处理。 较低安全级别包括长度较小的密钥，相对频繁地更改，并且需要较少或较少的资源来实现其功能。 当需要更改低安全性的密钥对时，使用比较低安全级别密钥更高的安全级别的密钥对（即较长的密钥）将新的较低安全性的公钥传输到使用这些密钥的设备 。 更高安全性的密钥又可以以低于较低安全密钥的频率进行更改。 较高安全性的密钥需要更高级别的资源来执行编码操作。 使用升级级别的安全性的密钥替代较低安全性密钥（其中较高安全性密钥需要更多资源）的方法更安全，并且被替换的次数低于较低安全密钥，可以跟随多次 需要创建公共密钥使用的层次结构，结果是可以在整个系统安全性较高的情况下快速执行较低安全性的操作。

公开(公告)号：US07305555B2

公开(公告)日：2007-12-04

申请号：US10109111

申请日：2002-03-27

Applicant: John I. Okimoto ,  Eric J. Sprunk ,  Lawrence W. Tang ,  Annie On-yee Chen ,  Bridget Kimball ,  Douglas Petty

Inventor： John I. Okimoto ,  Eric J. Sprunk ,  Lawrence W. Tang ,  Annie On-yee Chen ,  Bridget Kimball ,  Douglas Petty

IPC: H04L9/00 ,  H04K1/00 ,  G06F11/30 ,  G06F12/14 ,  G06Q40/00 ,  H04L9/32 ,  H04N7/167 ,  H04N1/44 ,  H04K1/02

CPC classification number: H04N21/254 ,  H04N7/163 ,  H04N21/2543 ,  H04N21/26609 ,  H04N21/4181 ,  H04N21/4367 ,  H04N21/4623

Abstract: A system is described for uniquely mating components of a communication network such as a smartcard and a set-top box. When mated, the smartcard and set-top box are tied together and have a single identity. Further, the smartcard operates properly only when inserted into an authorized set-top box. Exchanges of information between both components are secured by encryption and authentication to guard against piracy of the exchanged information. The system provides the same authentication key to the set-top box and the smartcard. This key is used for authenticating communication between the set-top box and the smartcard. First, the authentication key is encrypted by a set-top box mating key. The set-top box employs this mating key to decrypt the authentication key. After it is derived, the authentication key is stored in the set-top box's memory. Further, the same authentication key is encrypted by a smartcard mating key. Thereafter, the smartcard employs the smartcard mating key to extract the authentication key. The clear authentication key is stored in the smartcard's memory as well. In this manner, the authentication key is used for securing all communication between the set-top box and the smart-card. For example, the set-top box may request control words from the smartcard. Only after authenticating the request, are the control words for decrypting digital content provided to the set-top box. If the smartcard authentication key is different from the set-top box key, the request for control words is denied.

Abstract translation: 描述了用于唯一地匹配诸如智能卡和机顶盒之类的通信网络的组件的系统。 当配对时，智能卡和机顶盒被捆绑在一起并具有单一身份。 此外，仅当插入授权的机顶盒时，智能卡才能正常运行。 通过加密和认证来确保两个组件之间的信息交换，以防止所交换信息的盗版。 系统向机顶盒和智能卡提供相同的认证密钥。 该密钥用于认证机顶盒和智能卡之间的通信。 首先，认证密钥由机顶盒配对密钥加密。 机顶盒采用这种配对密钥来解密认证密钥。 导出后，身份验证密钥存储在机顶盒的内存中。 此外，相同的认证密钥由智能卡配对密钥加密。 此后，智能卡采用智能卡配对密钥来提取认证密钥。 清除认证密钥也存储在智能卡的存储器中。 以这种方式，认证密钥用于保护机顶盒和智能卡之间的所有通信。 例如，机顶盒可以从智能卡请求控制字。 只有在认证请求之后，才是解密提供给机顶盒的数字内容的控制字。 如果智能卡认证密钥与机顶盒密钥不同，则拒绝对控制字的请求。