-
21.发明授权公开(公告)号:US08825551B2
公开(公告)日:2014-09-02
申请号:US11321210
申请日:2005-12-29
申请人: Petr Peterka , Alexander Medvinsky
发明人: Petr Peterka , Alexander Medvinsky
CPC分类号: G06Q20/00 , G06F21/10 , G06Q2220/00 , G06Q2220/10 , G06Q2220/18
摘要: The systems disclosed here provide a complete standards-based end-to-end scalable system for storage, delivery and in-home distribution of digital content over IP networks using standard protocols such as Real-time Transport Protocol (“RTP”) or IP-encapsulated MPEG-2 Transport Stream, or traditional MPEG-2 networks. Mechanisms are provided for receiving content from one security domain, re-encrypting that content uniquely for a receiving device, persistently storing that content, and playing back that content at a later time to and within another security domain. The systems also provide the ability to stream the persistently-stored content from the initial receiving device to another device that has been authenticated as part of a, e.g., home network. This allows a media server, e.g., a dual-tuner set-top box (“STB”) with hard drive, to deliver recorded content to any TV in the house by streaming to media clients such as STBs.
摘要翻译: 这里公开的系统提供了一种完整的基于标准的端对端可扩展系统,用于使用诸如实时传输协议(“RTP”)或IP-IP的标准协议通过IP网络存储,传送和在家内分发数字内容, 封装的MPEG-2传输流或传统的MPEG-2网络。 提供了用于从一个安全域接收内容的机制,对于接收设备唯一地重新加密该内容,持续存储该内容,以及在稍后时间再到该另一个安全域内的该内容。 这些系统还提供将持续存储的内容从初始接收设备流传送到已经被认证为例如家庭网络的一部分的另一设备的能力。 这允许诸如具有硬盘驱动器的双调谐器机顶盒(“STB”)的媒体服务器通过流向诸如STB的媒体客户端将记录的内容传送到房屋中的任何电视。
-
公开(公告)号:US20130091353A1
公开(公告)日:2013-04-11
申请号:US13564643
申请日:2012-08-01
申请人: Jiang Zhang , Alexander Medvinsky , Kwan Chen , Paul Moroney , Petr Peterka
发明人: Jiang Zhang , Alexander Medvinsky , Kwan Chen , Paul Moroney , Petr Peterka
CPC分类号: H04L9/3268 , H04L9/0825 , H04L9/083 , H04L2209/16
摘要: A method and apparatus are for transferring a client device certificate and an associated encrypted client private key to a client device from a secure device. The secure device receives over a secure connection, a secure device certificate, a secure device private key and a plurality of client device certificates. Each client certificate is associated with a bootstrap public key but is not assigned to any particular client device. A plurality of encrypted client private keys is also received. Each of the encrypted client private keys comprises a client private key associated with one of the client device certificates encrypted with the bootstrap public key. The plurality of client device certificates is stored. The encrypted client private keys are stored in double encrypted protected form. A client device certificate and an associated encrypted client private key are transferred to a client device that has successfully registered with the secure device.
摘要翻译: 一种方法和装置用于将客户端设备证书和相关联的加密的客户端私钥从安全设备传送到客户端设备。 安全设备通过安全连接,安全设备证书,安全设备私钥和多个客户端设备证书接收。 每个客户端证书与引导公钥相关联,但不分配给任何特定的客户端设备。 还接收多个加密的客户端私钥。 每个加密的客户端专用密钥包括与用引导公钥加密的客户端设备证书之一相关联的客户端专用密钥。 存储多个客户端设备证书。 加密的客户端私钥以双加密保护形式存储。 客户端设备证书和相关联的加密客户端私钥被传送到已经成功地向安全设备注册的客户端设备。
-
23.发明授权公开(公告)号:US07818792B2
公开(公告)日:2010-10-19
申请号:US10067610
申请日:2002-02-04
IPC分类号: G06F7/04
CPC分类号: H04L63/062 , H04L9/083 , H04L9/0841 , H04L9/3213 , H04L63/0807 , H04L2209/34 , H04L2209/56 , H04L2209/60
摘要: A method and system (100) for providing third party authentication when requesting content and/or services from an application server (106). The method is applicable to key management protocols that utilize the concept of tickets. The method and system include a client (102) being coupled with a third party application server (107), wherein the client submits a request for content from the third party application server and the third party application server returns requested information and corresponding authentication. The client further couples with a first application server (106), wherein the client submits a key request (KEY_REQ) including the third party server information and corresponding authentication to the first application server. The first application server authenticates the third party server information and verifies client authorization based on third party information. The first application server returns a key reply (KEY_REP) if the third party server information is authenticated and client authorization is verified.
摘要翻译: 一种用于在从应用服务器(106)请求内容和/或服务时提供第三方认证的方法和系统(100)。 该方法适用于利用机票概念的密钥管理协议。 所述方法和系统包括与第三方应用服务器(107)耦合的客户机(102),其中客户端从第三方应用服务器提交对内容的请求,并且第三方应用服务器返回所请求的信息和相应的认证。 客户端还与第一应用服务器(106)进行耦合,其中客户端向第一应用服务器提交包括第三方服务器信息和对应认证的密钥请求(KEY_REQ)。 第一应用服务器认证第三方服务器信息,并根据第三方信息验证客户端授权。 如果第三方服务器信息被认证并且验证了客户端授权,则第一个应用程序服务器返回一个密钥回复(KEY_REP)。
-
24.发明申请Method and Apparatus for Handling of Content that includes a Mix of CCI Segments 审中-公开处理含有CCI段的混合物的内容的方法和装置公开(公告)号:US20080271153A1
公开(公告)日:2008-10-30
申请号:US11950698
申请日:2007-12-05
申请人: Petr Peterka , Alexander Medvinsky , Paul Moroney
发明人: Petr Peterka , Alexander Medvinsky , Paul Moroney
IPC分类号: G06F21/00
CPC分类号: G06F21/10
摘要: A process is provided. The process stores, on a first device, each segment of a set of content having corresponding copy control information. Further, the process receives, from a second device, a request for a copy of the set of content. In addition, the process analyzes a list of the copy control information associated with each segment of the set of content. The process also establishes a restriction indicator, based on the request for the copy of the set of content, for one or more segments of the set of content having a corresponding copy control information value. Finally, the process provides to the second device, the content, the list of copy control information, and the restriction indicator for the one or more segments.
摘要翻译: 提供了一个过程。 该过程在第一设备上存储具有相应复制控制信息的一组内容的每个段。 此外,该过程从第二设备接收对该组内容的副本的请求。 此外,该过程分析与该组内容的每个片段相关联的复制控制信息的列表。 该过程还基于对该组内容的复制的请求,针对该组内容的一个或多个段具有相应的复制控制信息值建立限制指示符。 最后,该过程向第二设备提供一个或多个段的内容,复制控制信息列表和限制指示符。
-
公开(公告)号:US20080267411A1
公开(公告)日:2008-10-30
申请号:US11773115
申请日:2007-07-03
申请人: Petr Peterka , Alexander Medvinsky
发明人: Petr Peterka , Alexander Medvinsky
IPC分类号: H04L9/08
CPC分类号: H04N21/835 , H04L9/0841 , H04L9/0891 , H04L2209/603 , H04N7/1675 , H04N21/43622 , H04N21/4367 , H04N21/4405 , H04N21/4408
摘要: A method is provided that authenticates a data transfer module. Further, the method establishes a secure tunnel between a first processor, which receives a copy protection key from the data transfer module, and a second processor, which receives the copy protection key from the first processor through the secure tunnel. In addition, the method receives, at the second processor, encrypted content from the data transfer module. The method also decrypts, at the second processor, the encrypted content with the copy protection key to generate decrypted content.
摘要翻译: 提供了一种验证数据传输模块的方法。 此外,该方法在从数据传输模块接收复制保护密钥的第一处理器和通过安全隧道从第一处理器接收复制保护密钥的第二处理器之间建立安全隧道。 此外,该方法在第二处理器处接收来自数据传送模块的加密内容。 该方法还在第二处理器处利用复制保护密钥解密加密的内容以产生解密的内容。
-
公开(公告)号:US07404082B2
公开(公告)日:2008-07-22
申请号:US11228180
申请日:2005-09-16
申请人: Alexander Medvinsky , Paul Moroney , Eric Sprunk , Petr Peterka
发明人: Alexander Medvinsky , Paul Moroney , Eric Sprunk , Petr Peterka
IPC分类号: H04L9/00
CPC分类号: H04L9/0825 , G11B20/0021 , G11B20/00731 , H04L9/0822 , H04L9/083 , H04L2209/603 , H04N21/26606 , H04N21/26613 , H04N21/4181 , H04N21/63345 , H04N21/8355
摘要: Described herein are embodiments that provide an approach to cryptographic key management for a digital rights management (DRM) architecture that includes multiple levels of key management for minimizing bandwidth usage while maximizing security for the DRM architecture. In one embodiment, there is provided a data structure for cryptographic key management that includes a public/private key pair and three additional layers of symmetric keys for authorizing access to a plurality of contents.
摘要翻译: 这里描述的是提供用于数字版权管理(DRM)架构的加密密钥管理的方法的实施例,其包括用于最小化带宽使用的多级密钥管理,同时最大化DRM架构的安全性。 在一个实施例中,提供了一种用于加密密钥管理的数据结构,其包括用于授权访问多个内容的公钥/私钥对和三个对称密钥层。
-
27.发明授权公开(公告)号:US09177114B2
公开(公告)日:2015-11-03
申请号:US11455510
申请日:2006-06-19
申请人: Alexander Medvinsky , Petr Peterka
发明人: Alexander Medvinsky , Petr Peterka
CPC分类号: G06F21/10 , G06F2221/0708
摘要: The present invention discloses an apparatus and method for a method for determining proximity of a device (e.g., a client device). In one example, a key management request is acquired from the device. A measurement request is then transmitted to the device. Afterwards, a measurement reply is received from the device. In response, a determination is made as to whether a measurement parameter associated with the transmitting and the receiving exceeds a predetermined threshold. If the predetermined threshold is not exceeded (i.e., the device is proximate to an associated local network), then a reply to the original key management request is transmitted to the device. Notably, the reply to the key management request is required for the device to establish a secure session with a server from which digital content can be acquired.
摘要翻译: 本发明公开了一种用于确定设备(例如,客户端设备)的接近度的方法的装置和方法。 在一个示例中,从设备获取密钥管理请求。 然后将测量请求发送到设备。 之后,从设备接收到测量答复。 作为响应,确定与发送和接收相关联的测量参数是否超过预定阈值。 如果未超过预定阈值(即,设备接近相关联的本地网络),则向原始设备发送对原始密钥管理请求的回复。 值得注意的是,需要对密钥管理请求的回复,以使设备与可从其获取数字内容的服务器建立安全会话。
-
公开(公告)号:US08788810B2
公开(公告)日:2014-07-22
申请号:US12648768
申请日:2009-12-29
申请人: Jiang Zhang , Alexander Medvinsky , Paul Moroney , Petr Peterka
发明人: Jiang Zhang , Alexander Medvinsky , Paul Moroney , Petr Peterka
IPC分类号: G06F11/30
CPC分类号: H04L63/061 , H04L9/0841 , H04L9/3226 , H04L9/3263 , H04L9/3271 , H04L63/0442 , H04L63/0823 , H04L63/0869 , H04L63/123 , H04L2463/061
摘要: In a method of temporarily registering a second device with a first device, in which the first device includes a temporary registration mode, the temporary registration mode in the first device is activated, a temporary registration operation in the first device is initiated from the second device, a determination as to whether the second device is authorized to register with the first device is made, and the second device is temporarily registered with the first device in response to a determination that the second device is authorized to register with the first device, in which the temporary registration requires that at least one of the second device and the first device delete information required for the temporary registration following at least one of a determination of a network connection between the first device and the second device and a powering off of at least one of the first device and the second device.
摘要翻译: 在第一设备暂时注册第二设备的方法中,其中第一设备包括临时注册模式,激活第一设备中的临时注册模式,从第二设备启动第一设备中的临时注册操作 进行关于第二设备是否被授权向第一设备注册的确定,并且响应于第二设备被授权向第一设备注册的确定,第二设备被临时登记到第一设备, 所述暂时注册要求所述第二设备和所述第一设备中的至少一个删除在所述第一设备和所述第二设备之间的网络连接的确定中的至少一个之后临时注册所需的信息,以及至少 第一个设备和第二个设备之一。
-
29.发明申请公开(公告)号:US20130159193A1
公开(公告)日:2013-06-20
申请号:US13329437
申请日:2011-12-19
申请人: Polly Tang , Alexander Medvinsky , Petr Peterka
发明人: Polly Tang , Alexander Medvinsky , Petr Peterka
CPC分类号: G06Q20/1235
摘要: An embodiment of the present invention provides a method of transferring content within a system having a credit managing device, a content providing device and a user device. The method includes: registering the user device with the credit managing device; providing a universal credit to the user device from the credit managing device; providing encrypted content and a pre-rights generator from the content providing device to the user device at a first time without consuming the universal credit; generating a decryption key from the pre-rights generator a second time after the first time; and decrypting, via the decryption key, the encrypted content at the user device and consuming a portion of the universal credit.
摘要翻译: 本发明的实施例提供了一种在具有信用管理装置,内容提供装置和用户装置的系统内传送内容的方法。 该方法包括:向信用管理装置注册用户装置; 从信用管理设备向用户设备提供通用信用; 在第一时间将内容提供设备的加密内容和预权限生成器提供给用户设备,而不消耗通用信用; 在第一次之后第二次从预权产生器生成解密密钥; 以及经由所述解密密钥解密所述用户设备处的加密内容并消耗所述通用信用的一部分。
-
30.发明授权System for digital rights management using distributed provisioning and authentication 有权使用分布式配置和认证的数字版权管理系统公开(公告)号:US08364951B2
公开(公告)日:2013-01-29
申请号:US10334606
申请日:2002-12-30
申请人: Petr Peterka , Alexander Medvinsky
发明人: Petr Peterka , Alexander Medvinsky
IPC分类号: H04L9/00
CPC分类号: H04L63/062 , H04L63/0807 , H04L63/0823 , H04L2463/101
摘要: A digital rights management system (DRM) for restricting and permitting content access in a digital content distribution network such as a network used to deliver television programming. The DRM uses distributed authentication and provisioning so that the potentially many different entities involved in the content distribution network can have localized management and control. Distributed authentication can use single or multiple instances of authentication services. A ticket granting service (TGS) is used to allow clients to request services. In one approach, multiple authentication services use a common key that is known to the TGS. In another approach, unique keys are provided to each authentication service and these keys are communicated to the TGS. Distributed provisioning allows different entities to grant access rights or other resources. Provisioning service (PS) processes can execute at multiple different physical locations. Synchronization among the different PSs is provided by a managing entity or in a peer-to-peer transfer to help ensure the uniqueness of user IDs. New clients can make an initialization request from a key management system via an appropriate protocol. The requests can be made from a single, dedicated authentication service, from an authentication service associated with a specific provisioning service, or from multiple authentication services in the network.
摘要翻译: 一种数字版权管理系统(DRM),用于限制和许可数字内容分发网络中的内容访问,例如用于传送电视节目的网络。 DRM使用分布式认证和配置,使得涉及内容分发网络的潜在许多不同实体可以具有本地化的管理和控制。 分布式身份验证可以使用单个或多个身份验证服务实例。 票务授予服务(TGS)用于允许客户端请求服务。 在一种方法中,多个认证服务使用TGS已知的公共密钥。 在另一种方法中,向每个认证服务提供唯一的密钥,并将这些密钥通信给TGS。 分布式配置允许不同的实体授予访问权限或其他资源。 配置服务(PS)进程可以在多个不同的物理位置执行。 不同PS之间的同步由管理实体或对等传输提供,以帮助确保用户ID的唯一性。 新客户端可以通过适当的协议从密钥管理系统发出初始化请求。 可以从单个专用认证服务,从与特定供应服务相关联的认证服务或从网络中的多个认证服务进行请求。
-
-
-
-
-
-
-
-
-
搜索结果
128 条记录 (耗时 0.028 秒)
