-
21.发明授权公开(公告)号:US07293178B2
公开(公告)日:2007-11-06
申请号:US10314896
申请日:2002-12-09
申请人: Glenn F. Evans , Paul England
发明人: Glenn F. Evans , Paul England
CPC分类号: H04N21/42692 , G11B20/00086 , G11B20/0021 , G11B20/00478 , H04N5/765 , H04N5/775 , H04N5/781 , H04N5/85 , H04N5/907 , H04N5/913 , H04N21/4143 , H04N21/4405 , H04N21/4408 , H04N2005/91364
摘要: Methods and systems protect digital content such as premium content like movies, programs, and other types of digital audio/visual content. In some embodiments, an architecture and related methods protect content by maintaining the content in encrypted form, whether the content resides in video card memory (referred to herein as “VRAM”), or some other local or remote memory subsystem. The methods and systems enable video card co-processors, such as the graphics processing unit (GPU) to manipulate the encrypted content or data. In various embodiments, the content is maintained in an encrypted format and is unencrypted only when the GPU operates upon the data. After the GPU operates upon the data, the resultant data is re-encrypted and written to memory.
摘要翻译: 方法和系统保护诸如电影,节目和其他类型的数字音频/视频内容之类的优质内容的数字内容。 在一些实施例中,架构和相关方法通过以加密形式维护内容来保护内容,无论内容是驻留在视频卡存储器(本文称为“VRAM”)中,还是某些其他本地或远程存储器子系统。 所述方法和系统使视频卡协处理器(诸如图形处理单元(GPU))能够操纵加密的内容或数据。 在各种实施例中,内容被保持为加密格式,并且仅当GPU对数据进行操作时才被解密。 在GPU对数据进行操作之后,将所得数据重新加密并写入存储器。
-
22.发明授权公开(公告)号:US07243230B2
公开(公告)日:2007-07-10
申请号:US09993340
申请日:2001-11-16
申请人: Paul England , Marcus Peinado , Daniel R. Simon , Josh D. Benaloh
发明人: Paul England , Marcus Peinado , Daniel R. Simon , Josh D. Benaloh
IPC分类号: H04L9/00
CPC分类号: G06F21/57 , G06F21/606
摘要: Transferring application secrets in a trusted operating system environment involves receiving a request to transfer application data from a source computing device to a destination computing device. A check is made as to whether the application data can be transferred to the destination computing device, and if so, whether the application data can be transferred under control of the user or a third party. If these checks succeed, a check is also made as to whether the destination computing device is a trustworthy device running known trustworthy software. Input is also received from the appropriate one of the user or third party to control transferring of the application data to the destination computing device. Furthermore, application data is stored on the source computing device in a manner that facilitates determining whether the application data can be transferred, and that facilitates transferring the application data if it can be transferred.
摘要翻译: 在受信任的操作系统环境中传送应用程序秘密涉及接收将应用数据从源计算设备传送到目的地计算设备的请求。 检查应用数据是否可以传送到目的地计算设备,如果是,可以在用户或第三方的控制下传送应用数据。 如果这些检查成功,还要检查目的地计算设备是否是运行已知可靠软件的值得信赖的设备。 还从适当的用户或第三方接收输入以控制将应用数据传送到目的地计算设备。 此外,应用数据以便于确定是否可以传送应用数据的方式存储在源计算设备上,并且如果可以传送应用数据便于传送应用数据。
-
23.发明授权Protecting decrypted compressed content and decrypted decompressed content at a digital rights management client 失效在数字版权管理客户端保护解密的压缩内容和解密的解密内容公开(公告)号:US07203313B2
公开(公告)日:2007-04-10
申请号:US11176661
申请日:2005-07-07
CPC分类号: G06F21/10
摘要: Theft of decompressed digital content as the content is being rendered is prevented. A requested slow-down of the rendering of the content is detected. Transfers of relatively large amounts of data are detected. A re-compressor-based requested slow-down of the rendering of the content is detected. A re-compressor re-compressing the content is detected. In each situation, the detected activity is presumably initiated by a content thief attempting to steal the content. In each situation, the detected activity is responded to in a manner designed to frustrate the presumed attempt of the content thief to steal the content.
摘要翻译: 防止正在呈现内容的解压缩数字内容的盗窃。 检测到请求的内容呈现的减慢。 检测到相对大量数据的传输。 检测到基于重新压缩的请求的内容呈现的减慢。 检测到重新压缩内容的再压缩。 在每种情况下,检测到的活动大概是由试图窃取内容的内容窃贼发起的。 在每种情况下,检测到的活动都以一种旨在阻止内容窃贼窃取内容的推定尝试的方式作出回应。
-
公开(公告)号:US07203310B2
公开(公告)日:2007-04-10
申请号:US10124922
申请日:2002-04-18
申请人: Paul England , Marcus Peinado , Nicholas P. Wilt
发明人: Paul England , Marcus Peinado , Nicholas P. Wilt
IPC分类号: H04N7/167
摘要: Methods and systems are provided for cryptographically protecting secure content in connection with a graphics subsystem of a computing device. Techniques are implemented to encrypt the contents of video memory so that unauthorized software cannot gain meaningful access to it, thereby maintaining confidentiality. Moreover, a mechanism for tamper detection is provided so that there is awareness when data has been altered in some fashion, thereby maintaining integrity. In various embodiments, the contents of overlay surfaces and/or command buffers are encrypted, and/or the GPU is able to operate on encrypted content while preventing its availability to untrusted parties, devices or software.
摘要翻译: 提供了与计算设备的图形子系统相关联地加密地保护安全内容的方法和系统。 实现技术来加密视频存储器的内容,使得未经授权的软件不能获得对其的有意义的访问,从而保持机密性。 此外,提供用于篡改检测的机制,使得当数据以某种方式被改变时,意识到,从而保持完整性。 在各种实施例中,覆盖表面和/或命令缓冲器的内容被加密,和/或GPU能够对加密内容进行操作,同时防止其对不信任方,设备或软件的可用性。
-
25.发明授权System and method for authenticating an operating system to a central processing unit, providing the CPU/OS with secure storage, and authenticating the CPU/OS to a third party 有权将操作系统认证到中央处理单元的系统和方法,向CPU / OS提供安全存储,并将CPU / OS认证给第三方公开(公告)号:US07174457B1
公开(公告)日:2007-02-06
申请号:US09266207
申请日:1999-03-10
IPC分类号: H04L9/00
CPC分类号: G06F21/10 , G06F9/4406 , G06F9/468 , G06F21/445 , G06F21/57 , G06F21/575 , G06F2221/0704 , G06F2221/2103 , G06F2221/2113 , G06F2221/2129
摘要: A general-purpose processor (CPU) is configured with a new mechanism facilitating an authenticated boot sequence that provides building blocks for client-side rights management when the system is online, and provides continued protection of persistent data even when the system goes offline or is rebooted. The CPU includes a cryptographic key pair, and a manufacturer certificate testifying that the manufacturer built the CPU according to a known specification. The operating system (OS) includes a unique block of code, or “boot block” that can establish OS identity by extraction from a digitally signed boot block or by computing a hash digest of the boot block. During booting, the CPU executes a single opcode, followed by the boot block, as an atomic operation to set the identity of the OS into the software identity register. The subscriber unit then can establish a chain of trust to a content provider.
摘要翻译: 通用处理器(CPU)配置有一种新的机制,便于经过身份验证的引导顺序,该系统在系统联机时为客户端权限管理提供构建块,并且即使在系统脱机时也提供持续数据的持续保护 重新启动 CPU包括加密密钥对和制造商证书,证明制造商根据已知规格构建CPU。 操作系统(OS)包括一个唯一的代码块或“引导块”,可以通过从数字签名的引导块中提取或通过计算引导块的散列摘要来建立OS标识。 在引导期间,CPU执行单个操作码,后跟引导块,作为将操作系统的身份设置为软件身份寄存器的原子操作。 订户单元然后可以建立到内容提供商的信任链。
-
公开(公告)号:US20060288238A1
公开(公告)日:2006-12-21
申请号:US11155071
申请日:2005-06-16
申请人: Kenneth Ray , Paul England , Peter Biddle
发明人: Kenneth Ray , Paul England , Peter Biddle
IPC分类号: G06F12/14
CPC分类号: G06F21/53 , G06F21/10 , G06F2221/2149
摘要: Prevention of unpermitted use of enabling bits is achieved by sealing the enabling bits to an environment in such a way that the bits can only be unsealed by or from the environment, and by using an isolation mechanism to isolate the environment from other environments on the machine on which the environment operates. The environment is trusted not to use the enabling bits except in accordance with a set of rules governing the bits. The enabling bits may be a decryption key for DRM-protected content, and the rules may be a license governing the use of that content. Trust that the enabling bits will not be misused is established by trusting the environment not to use the enabling bits contrary to the rules, trusting the isolation mechanism to isolate the environment, and trusting the unsealing mechanism only to unseal the bits for the environment.
-
公开(公告)号:US07137004B2
公开(公告)日:2006-11-14
申请号:US09993370
申请日:2001-11-16
申请人: Paul England , Marcus Peinado , Daniel R. Simon , Josh D. Benaloh
发明人: Paul England , Marcus Peinado , Daniel R. Simon , Josh D. Benaloh
IPC分类号: H04L9/00
摘要: Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plurality of binaries can be executed in the virtual memory space is limited based on indicators, of the binaries, that are included in the manifest.
-
公开(公告)号:US20060212363A1
公开(公告)日:2006-09-21
申请号:US11353321
申请日:2006-02-13
申请人: Marcus Peinado , Rajasekhar Abburi , Arnold Blinn , Thomas Jones , John Manferdelli , Jeffrey Bell , Ramaranthnam Venkatesan , Paul England , Mariusz Jakubowski , Hai Yu
发明人: Marcus Peinado , Rajasekhar Abburi , Arnold Blinn , Thomas Jones , John Manferdelli , Jeffrey Bell , Ramaranthnam Venkatesan , Paul England , Mariusz Jakubowski , Hai Yu
IPC分类号: G06Q30/00
CPC分类号: H04L63/0442 , G06F21/10 , G06F21/71 , G06F21/84 , G06F2211/007 , G06F2221/0797 , G06F2221/2105 , G06F2221/2137 , G06Q30/06 , G06Q30/0601 , G07F11/002 , H04L63/068 , H04L63/0823 , H04L63/12 , H04L2463/101
摘要: To render digital content determined to be in an encrypted rights-protected form, each available license corresponding to the digital content to be rendered is identified, where each such license includes a decryption key (KD) for decrypting the digital content to be rendered, and where the decryption key (KD) in the license is encrypted according to a public key (PU) (PU(KD)). One of the identified licenses is selected and (KD) is obtained from the selected license by obtaining (PU(KD)) from the selected license and decrypting (PU(KD)) according to a private key (PR) corresponding to (PU) to produce (KD). The digital content is decrypted with (KD), and the decrypted digital content is provided for actual rendering.
摘要翻译: 为了确定被确定为加密的受保护版权形式的数字内容,识别与要呈现的数字内容相对应的每个可用许可证,其中每个这样的许可证包括用于解密要呈现的数字内容的解密密钥(KD),以及 其中许可证中的解密密钥(KD)根据公共密钥(PU)(PU(KD))被加密)。 通过从所选许可证获得(PU(KD))并根据对应于(PU)的私钥(PR)解密(PU(KD)),从所选许可证中获得(KD) 生产(KD)。 数字内容用(KD)解密,解密的数字内容被提供用于实际渲染。
-
公开(公告)号:US06976175B2
公开(公告)日:2005-12-13
申请号:US11011457
申请日:2004-12-13
申请人: Paul England , Butler W. Lampson
发明人: Paul England , Butler W. Lampson
摘要: An architecture for protecting premium content in a nonsecure computer environment executes only a small number of code modules in a secure memory. The modules are arranged in a hierarchy of trust, where a module names other modules that it is willing to trust, and those modules in turn name other modules that they are willing to trust. A secure loader loads a security manager that oversees a number of content-providing modules for manipulating the content. A memory manager assigns permissions to various pages of the secure memory. The memory has rings of different security. The security model can be extended to program modules and other devices on the computer's bus, such as DMA controllers and peripherals.
-
公开(公告)号:US20050273644A1
公开(公告)日:2005-12-08
申请号:US11193267
申请日:2005-07-30
申请人: Cormac Herley , Paul England
发明人: Cormac Herley , Paul England
CPC分类号: H04L1/1812
摘要: The invention disclosed herein includes a system and method for electronically transferring data through a communications connection in a transparent manner such that the data transfer does not interfere with other traffic sharing the connection. The invention transfers data using bandwidth of the connection that other traffic are not using. If other traffic desires to use the bandwidth currently being used by the invention, the invention relinquishes the bandwidth to the other traffic and retreats to avoid bandwidth contention. Although a retreat may cause gaps in the data transferred, a key aspect of the invention is that any missing data due to these gaps is recovered easily and in a bandwidth-efficient way using novel error correction and recovery.
-
-
-
-
-
-
-
-
-
搜索结果
208 条记录 (耗时 0.039 秒)
