公开(公告)号：US07010125B2

公开(公告)日：2006-03-07

申请号：US09771239

申请日：2001-01-26

Applicant: Jeffrey Bruce Lotspiech ,  Dalit Naor ,  Simeon Naor

Inventor： Jeffrey Bruce Lotspiech ,  Dalit Naor ,  Simeon Naor

IPC: H04N7/167 ,  H04L9/00

CPC classification number: G11B20/00086 ,  G11B20/0021 ,  G11B20/00224 ,  G11B20/00246 ,  G11B20/00253 ,  G11B20/00492 ,  G11B2220/2537 ,  H04L9/0836 ,  H04L9/0891 ,  H04L2209/601 ,  H04L2209/606 ,  H04N7/1675 ,  H04N21/26606 ,  H04N21/4181 ,  H04N21/4331 ,  H04N21/4623

Abstract: A method for tracing traitor receivers in a broadcast encryption system. The method includes using a false key to encode plural subsets representing receivers in the system. The subsets are derived from a tree using a Subset-Cover system, and the traitor receiver is associated with one or more compromised keys that have been obtained by a potentially cloned pirate receiver. Using a clone of the pirate receiver, the identity of the traitor receiver is determined, or the pirate receiver clones are rendered useless for decrypting data using the compromised key by generating an appropriate set of subsets.

公开(公告)号：US06947563B2

公开(公告)日：2005-09-20

申请号：US09789451

申请日：2001-02-20

Applicant: Ronald Fagin ,  Jeffrey Bruce Lotspiech ,  Nimrod Megiddo ,  Dalit Naor ,  Simeon Naor

Inventor： Ronald Fagin ,  Jeffrey Bruce Lotspiech ,  Nimrod Megiddo ,  Dalit Naor ,  Simeon Naor

IPC: H04H20/00 ,  H04L9/00 ,  H04L9/08 ,  H04N7/16 ,  H04N7/167 ,  H04N21/258 ,  H04N21/266

CPC classification number: H04N7/163 ,  G11B20/00362 ,  H04L9/0861 ,  H04L9/14 ,  H04L2209/34 ,  H04L2209/606 ,  H04N7/1675 ,  H04N21/2585 ,  H04N21/26613

Abstract: An encryption key matrix has rows grouped into segments, with a set of one segment per column establishing a slot. Slots are assigned to device manufacturers, with the keys of the slots then being assigned to decryption devices made by the respective manufacturer. In generating the slots, the number “q” of segments in a column is first defined such that a predetermined maximum number of devices can be revoked devices (in that all the keys held by the device are revoked) while ensuring that a good device remains a functional device with a probability of at least (1−Q), wherein Q is a predefined device confidence. Once the number “q” of segments has been defined, the slots themselves are defined in a provably non-discriminatory fashion using an error-correcting code such as a Reed-Solomon code. With this invention, overlap between slots can be minimized to minimize the possibility that the key set of an innocent device might be inadvertently revoked when the keys in the slots of a “bad” manufacturer are revoked.

Abstract translation: 加密密钥矩阵将行分组成段，每列建立一个段的一组。 插槽被分配给设备制造商，然后插槽的密钥被分配给由相应制造商制造的解密设备。 在产生时隙中，首先定义列中的段数“q”，使得可以撤销预定的最大数量的设备（因为设备保持的所有密钥被撤销），同时确保良好设备保持 具有至少（1-Q）的概率的功能设备，其中Q是预定义的设备置信度。 一旦已经定义了段数“q”，则使用纠错码（例如里德 - 所罗门码）以可证明的非歧视方式来定义时隙本身。 利用本发明，可以最小化时隙之间的重叠，以最小化当“坏”制造商的时隙中的密钥被撤销时，无辜设备的密钥组可能被无意中撤销的可能性。

公开(公告)号：US06888944B2

公开(公告)日：2005-05-03

申请号：US09777506

申请日：2001-02-05

Applicant: Jeffrey Bruce Lotspiech ,  Dalit Naor ,  Sigfredo Ismael Nin ,  Florian Pestoni

Inventor： Jeffrey Bruce Lotspiech ,  Dalit Naor ,  Sigfredo Ismael Nin ,  Florian Pestoni

IPC: H04H20/00 ,  H04L9/00 ,  H04L9/08 ,  H04N7/16 ,  H04N7/167 ,  H04N21/258 ,  H04N21/266

CPC classification number: H04N7/163 ,  G11B20/00362 ,  H04L9/0861 ,  H04L9/14 ,  H04L2209/34 ,  H04L2209/606 ,  H04N7/1675 ,  H04N21/2585 ,  H04N21/26613

Abstract: Sets of encryption keys useful by devices for decrypting encrypted content are defined using an error-correcting code such as a Reed-Solomon code to define vectors of length “n” over an alphabet of (0, . . . , N−1), wherein “n” is the number of columns in a key matrix and “N” is the number of rows in the matrix. Each vector represents a set of keys that can be assigned to a device. With this invention, overlap between sets of keys can be minimized to minimize the possibility that the key set of an innocent device might be inadvertently revoked when the key set of a compromised device is revoked. Also, only the generating matrix of the error-correcting code and the index of one set of keys need be stored in memory, since all previously defined key sets can be regenerated if need be from just the generating matrix and index.

Abstract translation: 使用诸如里德 - 所罗门码的纠错码来定义加密内容解密设备所使用的加密密钥集合，以在（0，...，N-1）的字母表上定义长度为“n”的向量， 其中“n”是键矩阵中的列数，“N”是矩阵中的行数。 每个向量表示可以分配给设备的一组密钥。 利用本发明，可以最小化密钥组之间的重叠，以最小化当被破坏的设备的密钥组被撤销时，无辜设备的密钥组可能被无意中撤销的可能性。 此外，只有纠错码的生成矩阵和一组密钥的索引需要存储在存储器中，因为如果需要仅来自生成矩阵和索引，则可以重新生成所有先前定义的密钥集。

公开(公告)号：US20140052699A1

公开(公告)日：2014-02-20

申请号：US13589197

申请日：2012-08-20

Applicant: Danny Harnik ,  Oded Margalit ,  Dalit Naor ,  Dmitry Sotnikov ,  Gil Vernik

Inventor： Danny Harnik ,  Oded Margalit ,  Dalit Naor ,  Dmitry Sotnikov ,  Gil Vernik

IPC: G06F7/00 ,  G06F17/30

CPC classification number: G06F3/0605 ,  G06F3/0608 ,  G06F3/0641 ,  G06F3/0653 ,  G06F3/067

Abstract: Systems and methods for estimating data reduction ratio for a data set is provided. The method comprises selecting a plurality of m elements from a data set comprising a plurality of N elements; associating an identifier hi for each of the plurality of m elements; associating an identifier he for each of the plurality of elements in the data set; tracking number of times an element i appears in a base set that includes the plurality of m elements selected from the data set; calculating a value counti that indicates the number of times an identifier he matches an identifier hi; and estimating data reduction ratio for the plurality of N elements in the data set, based on number of m number elements selected from the data set and the value counti.

Abstract translation: 提供了一种用于估计数据集的数据缩减率的系统和方法。 该方法包括从包括多个N个元素的数据集中选择多个m个元素; 将多个m个元素中的每个元素的标识符hi相关联; 将数据集中的多个元素中的每一个的标识符he相关联; 跟踪元素i出现在基本集合中的次数，其包括从数据集中选择的多个m个元素; 计算表示与标识符hi匹配的标识符的次数的值counti; 并且基于从数据集中选择的m个数量的数量和值counti来估计数据集中的多个N个元素的数据缩减比率。

公开(公告)号：US07925025B2

公开(公告)日：2011-04-12

申请号：US12061084

申请日：2008-04-02

Applicant: Jeffrey Bruce Lotspiech ,  Dalit Naor ,  Simeon Naor

Inventor： Jeffrey Bruce Lotspiech ,  Dalit Naor ,  Simeon Naor

IPC: H04L9/00 ,  H04L9/08 ,  G06F7/04 ,  H04N7/16

CPC classification number: H04L63/0428 ,  G11B20/0021 ,  H04L9/0836 ,  H04L9/0891 ,  H04L12/18 ,  H04L2209/605 ,  H04L2209/606

Abstract: A tree is used to partition stateless receivers in a broadcast content encryption system into subsets. Two different methods of partitioning are disclosed. When a set of revoked receivers is identified, the revoked receivers define a relatively small cover of the non-revoked receivers by disjoint subsets. Subset keys associated with the subsets are then used to encrypt a session key that in turn is used to encrypt the broadcast content. Only non-revoked receivers can decrypt the session key and, hence, the content.

Abstract translation: 一棵树用于将广播内容加密系统中的无状态接收器分成子集。 公开了两种不同的分割方法。 当识别出一组撤销的接收者时，撤销的接收者通过不相交的子集定义非撤销的接收者的相对较小的覆盖。 与子集相关联的子集密钥然后用于加密会话密钥，会话密钥又用于加密广播内容。 只有非撤销的接收者可以解密会话密钥，因此可以解密内容。

公开(公告)号：US20080192939A1

公开(公告)日：2008-08-14

申请号：US12061084

申请日：2008-04-02

Applicant: Jeffrey Bruce Lotspiech ,  Dalit Naor ,  Simeon Naor

Inventor： Jeffrey Bruce Lotspiech ,  Dalit Naor ,  Simeon Naor

IPC: H04L9/14 ,  H04L9/08 ,  H04L9/28

CPC classification number: H04L63/0428 ,  G11B20/0021 ,  H04L9/0836 ,  H04L9/0891 ,  H04L12/18 ,  H04L2209/605 ,  H04L2209/606

Abstract: A tree is used to partition stateless receivers in a broadcast content encryption system into subsets. Two different methods of partitioning are disclosed. When a set of revoked receivers is identified, the revoked receivers define a relatively small cover of the non-revoked receivers by disjoint subsets. Subset keys associated with the subsets are then used to encrypt a session key that in turn is used to encrypt the broadcast content. Only non-revoked receivers can decrypt the session key and, hence, the content.

Abstract translation: 一棵树用于将广播内容加密系统中的无状态接收器分成子集。 公开了两种不同的分割方法。 当识别出一组撤销的接收者时，撤销的接收者通过不相交的子集定义非撤销的接收者的相对较小的覆盖。 与子集相关联的子集密钥然后用于加密会话密钥，会话密钥又用于加密广播内容。 只有非撤销的接收者可以解密会话密钥，因此可以解密内容。

公开(公告)号：US07039803B2

公开(公告)日：2006-05-02

申请号：US09770877

申请日：2001-01-26

Applicant: Jeffrey Bruce Lotspiech ,  Dalit Naor ,  Simeon Naor

Inventor： Jeffrey Bruce Lotspiech ,  Dalit Naor ,  Simeon Naor

IPC: H04L9/00

CPC classification number: H04L63/0428 ,  G11B20/0021 ,  H04L9/0836 ,  H04L9/0891 ,  H04L12/18 ,  H04L2209/605 ,  H04L2209/606

Abstract: A tree is used to partition stateless receivers in a broadcast content encryption system into subsets. Two different methods of partitioning are disclosed. When a set of revoked receivers is identified, the revoked receivers define a relatively small cover of the non-revoked receivers by disjoint subsets. Subset keys associated with the subsets are then used to encrypt a session key that in turn is used to encrypt the broadcast content. Only non-revoked receivers can decrypt the session key and, hence, the content.

公开(公告)号：US07003677B1

公开(公告)日：2006-02-21

申请号：US09431067

申请日：1999-11-01

Applicant: Amir Herzberg ,  Dalit Naor ,  Eldad Shai ,  Boaz Barak

Inventor： Amir Herzberg ,  Dalit Naor ,  Eldad Shai ,  Boaz Barak

IPC: H04L9/12

CPC classification number: H04L9/0833 ,  H04L9/0897 ,  H04L9/3255 ,  H04L9/3297 ,  H04L63/06 ,  H04L63/20

Abstract: A method for providing a proactive security in proactive operating environment. The proactive operating environment includes a group of proactive servers communicating over a network. Each proactive server (PSI) includes a storage that includes a non erasable part that stores a public, non proactive related, key VIStart. The storage further includes an erasable part for storing private and public data. The proactive server has a discardable one-time private key SIStart that corresponds to the public key VIStart. The proactive server further has configuration data C. There is further provided a processor for providing a proactive services to applications. The proactive server has a group public proactive key VCERT common to the group of proactive servers and a share SICERT of a corresponding private proactive key SCERT. The method further includes the steps of invoking initialization procedure for generating restore related information, and invoking a restore procedure for utilizing the public, non proactive related, key VIStart and the restore related information for restoring the public proactive key VCERT.

Abstract translation: 一种在主动操作环境中提供主动安全性的方法。 主动操作环境包括通过网络通信的一组主动式服务器。 每个主动服务器（PS ）包括一个存储器，该存储器包括一个不可擦除的部分，它存储一个公共的，非主动的相关的键。开始 。 存储器还包括用于存储私人和公共数据的可擦除部分。 主动服务器具有与公开密钥对应的可丢弃的一次性私钥S _{。 主动服务器还具有配置数据C.还提供了一种用于向应用提供主动服务的处理器。 主动服务器具有主动服务器组共享的组公共主动密钥VIST CERT 和相应的私人主动式的共享S /> CERT 密钥S CERT 。 该方法还包括以下步骤：调用用于产生恢复相关信息的初始化过程，以及调用恢复过程以利用公共的，非主动的相关的密钥开始和 恢复相关信息以恢复公共主动密钥V CERT 。}

公开(公告)号：US06883097B1

公开(公告)日：2005-04-19

申请号：US09575740

申请日：2000-05-22

Applicant: Jeffrey Bruce Lotspiech ,  Ariel Virgil Mirles ,  Dalit Naor ,  Sigfredo Ismael Nin

Inventor： Jeffrey Bruce Lotspiech ,  Ariel Virgil Mirles ,  Dalit Naor ,  Sigfredo Ismael Nin

IPC: H04H20/00 ,  H04L9/00 ,  H04L9/08 ,  H04N7/16 ,  H04N7/167 ,  H04N21/258 ,  H04N21/266

CPC classification number: H04N7/163 ,  G11B20/00362 ,  H04L9/0861 ,  H04L9/14 ,  H04L2209/34 ,  H04L2209/606 ,  H04N7/1675 ,  H04N21/2585 ,  H04N21/26613

Abstract: A system for protecting content on recordable media for, e.g., DVD audio disks, flash memory media, or other media includes providing a media key block (MKB) on each media, with each MKB including 25,000 encryptions of a media key by 25,000 or so device keys. Each authorized player in the system has a single device key from among the system device keys with which to decrypt the media key. To avoid a coincidence attack in which a hacker can learn the MKB and associated media key and then guess at a device key without knowing its position in the MKB, the media key is XORed with a number representing each position in the MKB, and only then encrypted with the device key corresponding to that position.

Abstract translation: 用于保护例如DVD音频盘，闪存介质或其他媒体的可记录媒体上的内容的系统包括在每个媒体上提供媒体密钥块（MKB），每个MKB包括25,000个媒体密钥的25,000个加密 设备密钥。 系统中的每个授权的播放器具有用于解密媒体密钥的系统设备密钥中的单个设备密钥。 为了避免黑客可以学习MKB和相关媒体密钥的巧合攻击，然后在不知道其在MKB中的位置的情况下猜测设备密钥，则将媒体密钥与表示MKB中每个位置的数字进行异或， 用与该位置对应的设备密钥加密。