公开(公告)号：US06711684B1

公开(公告)日：2004-03-23

申请号：US09394765

申请日：1999-09-13

Applicant: Paul Moroney ,  Eric J. Sprunk ,  Adam L. Rappoport ,  Lawrence W. Tang

Inventor： Paul Moroney ,  Eric J. Sprunk ,  Adam L. Rappoport ,  Lawrence W. Tang

IPC: G06F1214

CPC classification number: G06F21/572 ,  G06F8/66 ,  G06F12/1408 ,  G06F21/64 ,  G06F21/71 ,  G06F21/72 ,  G06F21/73 ,  G06F21/74 ,  G06F2207/7219 ,  G06F2221/2105 ,  G06F2221/2129 ,  G06F2221/2147

Abstract: Methods and an apparatus for storing information in a processing device with flexible security are disclosed. In one embodiment, a method stores information within the processing device. The method receives a download via a first input path which includes a first breakable link and stores the download within the processing device. At some point, a key is also stored within the processing device. A ciphertext download is received via a second input path which includes a second breakable link. The ciphertext download is decrypted utilizing the key and the resulting plaintext download is stored within the processing device.

Abstract translation: 公开了一种在具有灵活安全性的处理设备中存储信息的方法和装置。 在一个实施例中，方法将信息存储在处理设备内。 该方法经由包括第一可破坏链路的第一输入路径接收下载，并将该下载存储在处理设备内。 在某一点上，密钥也存储在处理设备内。 经由包括第二可破坏链路的第二输入路径接收密文下载。 使用密钥对密文下载进行解密，并将所得到的明文下载存储在处理设备内。

公开(公告)号：US06253223B1

公开(公告)日：2001-06-26

申请号：US09455951

申请日：1999-12-07

Applicant: Eric J. Sprunk

Inventor： Eric J. Sprunk

IPC: G06F102

CPC classification number: H04L9/0861 ,  G06F7/582 ,  G06F7/588 ,  G06J1/00

Abstract: Methods and an apparatus for generating random numbers are disclosed. In a first embodiment, a method for generating random numbers involves producing a second random number. A pseudorandom number is produced from a digital random number generator and a first random number is produced from an analog random number generator. The first random number is combined with the pseudorandom number to produce a second random number that is a result of both generators' outputs

Abstract translation: 公开了生成随机数的方法和装置。 在第一实施例中，产生随机数的方法涉及产生第二随机数。 从数字随机数发生器产生伪随机数，并从模拟随机数发生器产生第一随机数。 第一个随机数与伪随机数组合，以产生作为两个发生器输出的结果的第二随机数

公开(公告)号：US08589674B2

公开(公告)日：2013-11-19

申请号：US13350072

申请日：2012-01-13

Applicant: Alexander Medvinsky ,  Tat Keung Chan ,  Eric J. Sprunk

Inventor： Alexander Medvinsky ,  Tat Keung Chan ,  Eric J. Sprunk

IPC: H04L9/00

CPC classification number: H04L9/0891 ,  H04L9/12 ,  H04L9/3268

Abstract: In one embodiment, a method includes receiving a revocation request for revoking a model type of a device. A first computing device determines a list of device unit identifiers (UIDs) that are associated with the model type from a database. The device UIDs are for devices of the model type manufactured by a first entity. The method adds the list of device UIDs to a device revocation list and outputs the device revocation list to revoke a validity of secure information associated with devices associated with the list of device UIDs.

Abstract translation: 在一个实施例中，一种方法包括接收用于撤销设备的模型类型的吊销请求。 第一计算设备确定与数据库中的模型类型相关联的设备单元标识符（UID）的列表。 设备UID用于由第一实体制造的型号类型的设备。 该方法将设备UID的列表添加到设备撤销列表，并输出设备撤销列表以撤销与设备UID列表相关联的设备相关联的安全信息的有效性。

公开(公告)号：US06839841B1

公开(公告)日：2005-01-04

申请号：US09890178

申请日：2000-01-28

Applicant: Alexander Medvinsky ,  Eric J. Sprunk

Inventor： Alexander Medvinsky ,  Eric J. Sprunk

IPC: G06F21/00 ,  H04L29/06 ,  H04L8/00

CPC classification number: H04L63/0442 ,  G06F21/33 ,  G06F21/606 ,  G06F2221/2129 ,  H04L29/06027 ,  H04L63/06 ,  H04L63/061 ,  H04L63/062 ,  H04L63/0823 ,  H04L63/12 ,  H04L65/1043

Abstract: Devices in a telecommunications system are provided with means to self-generate public key pairs and certificates. This eliminates the need for such keys and certificates to be sent to the devices from an outside source so a single-trust approach can be maintained. A manufacturer's certificate is installed into a device it the time of manufacture. The device only issues itself certificates based on a signed request from an external outside server. The device's self-issued certificates incorporate information obtained from the server in a profile. This allows control by the server over a device's self-issued certificates. In order to prevent tampering, and breaking, of the self-issued certificates, the certificate issuing process occurs within a secure microprocessor.

Abstract translation: 电信系统中的设备具有自我生成公钥对和证书的手段。 这消除了将这些密钥和证书从外部源发送到设备的需要，因此可以维持单一信任方法。 制造商的证书安装在制造时的设备中。 设备只会根据外部外部服务器的签名请求发出证书。 设备的自颁发证书包含从配置文件中的服务器获得的信息。 这允许服务器通过设备的自颁发证书进行控制。 为了防止自发证书的篡改和破坏，证书颁发过程发生在安全微处理器内。

公开(公告)号：US08687806B2

公开(公告)日：2014-04-01

申请号：US12345741

申请日：2008-12-30

Applicant: Lawrence D. Vince ,  Eric J. Sprunk

Inventor： Lawrence D. Vince ,  Eric J. Sprunk

IPC: H04L9/00 ,  H04L9/08 ,  G06F7/04 ,  G06F17/30

CPC classification number: H04H60/15 ,  H04H60/23 ,  H04L9/0861 ,  H04L2209/601 ,  H04N7/165 ,  H04N21/43853 ,  H04N21/4623 ,  H04N21/63345

Abstract: A method and apparatus is provided for decrypting an encrypted transport stream, comprising. The method includes receiving the encrypted transport stream over a content delivery network. The encrypted transport stream is encrypted using a first control word that serves as an encryption/decryption key. A variable control word is received over the content delivery network. The variable control word is mathematically constrained to create a second control word. The encrypted transport stream is decrypted using the second control word if the second control word is the same as the first control word.

Abstract translation: 提供了一种解密加密的传输流的方法和装置，包括： 该方法包括通过内容传送网络接收加密的传输流。 使用用作加密/解密密钥的第一控制字对加密的传输流进行加密。 通过内容传送网络接收可变控制字。 可变控制字在数学上被约束以产生第二控制字。 如果第二控制字与第一控制字相同，则使用第二控制字对加密的传输流进行解密。

公开(公告)号：US07929483B2

公开(公告)日：2011-04-19

申请号：US11026413

申请日：2004-12-30

Applicant: Bridget D. Kimball ,  Michael T. Habrat ,  John I. Okimoto ,  Douglas M. Petty ,  Eric J. Sprunk ,  Lawrence W. Tang

Inventor： Bridget D. Kimball ,  Michael T. Habrat ,  John I. Okimoto ,  Douglas M. Petty ,  Eric J. Sprunk ,  Lawrence W. Tang

IPC: H04B7/212

CPC classification number: G06F21/10 ,  G06F21/725 ,  H04L63/123 ,  H04L2463/121

Abstract: The present invention discloses a system and method for providing a secured system time reference to a subscriber device, e.g., a set top box or a receiver. In one embodiment, the system time reference is provided in a secure system time message that is broadcasted to a plurality of subscriber devices. Each subscriber device has a security device or software application that is capable of determining whether the received system time reference is legitimate. If the system time reference is determined to be legitimate, a local time reference is synchronized with said received system time reference.

Abstract translation: 本发明公开了一种用于向订户设备（例如机顶盒或接收机）提供安全系统时间参考的系统和方法。 在一个实施例中，在广播到多个订户设备的安全系统时间消息中提供系统时间参考。 每个用户设备具有能够确定所接收的系统时间参考是否合法的安全设备或软件应用。 如果确定系统时间参考是合法的，则将本地时间基准与所接收的系统时间参考同步。

公开(公告)号：US20090323954A1

公开(公告)日：2009-12-31

申请号：US12490124

申请日：2009-06-23

Applicant: Eric J. Sprunk ,  Paul Moroney ,  Alexander Medvinsky ,  Steven E. Anderson ,  Jonathan A. Fellows

Inventor： Eric J. Sprunk ,  Paul Moroney ,  Alexander Medvinsky ,  Steven E. Anderson ,  Jonathan A. Fellows

IPC: H04L9/08 ,  H04L12/66 ,  H04L9/32

CPC classification number: H04L29/06027 ,  G06F12/1408 ,  G06F21/606 ,  G06F2207/7219 ,  G06F2211/008 ,  G06F2221/2129 ,  H04L9/083 ,  H04L9/0841 ,  H04L9/3213 ,  H04L9/3263 ,  H04L63/0435 ,  H04L63/0442 ,  H04L63/061 ,  H04L63/062 ,  H04L63/0807 ,  H04L63/12 ,  H04L65/1043

Abstract: A secure Internet Protocol (IP) telephony system, apparatus, and methods are disclosed. Communications over an IP telephony system can be secured by securing communications to and from a Cable Telephony Adapter (CTA). The system can include one or more CTAs, network servers, servers configured as signaling controllers, key distribution centers (KDC), and can include gateways that couple the IP telephony system to a Public Switched Telephone Network (PSTN). Each CTA can be configured as secure hardware and can be configured with multiple encryption keys that are used to communicate signaling or bearer channel communications. The KDC can be configured to periodically distribute symmetric encryption keys to secure communications between devices that have been provisioned to operate in the system and signaling controllers. The secure devices, such as the CTA, can communicate with other secure devices by establishing signaling and bearer channels that are encrypted with session specific symmetric keys derived from a symmetric key distributed by a signaling controller.

Abstract translation: 公开了一种安全的因特网协议（IP）电话系统，装置和方法。 通过IP电话系统的通信可以通过保护与有线电话适配器（CTA）的通信来保护。 该系统可以包括一个或多个CTA，网络服务器，配置为信令控制器的服务器，密钥分配中心（KDC），并且可以包括将IP电话系统耦合到公共交换电话网络（PSTN）的网关。 每个CTA都可以配置为安全硬件，并且可以配置多个用于通信信令或承载信道通信的加密密钥。 KDC可以被配置为周期性地分配对称加密密钥以保护已经被提供以在系统和信令控制器中操作的设备之间的通信。 诸如CTA之类的安全设备可以通过建立用由信令控制器分配的对称密钥导出的会话专用对称密钥加密的信令和承载信道来与其他安全设备进行通信。

公开(公告)号：US07058609B2

公开(公告)日：2006-06-06

申请号：US10114898

申请日：2002-04-02

Applicant: Paul Moroney ,  Eric J. Sprunk

Inventor： Paul Moroney ,  Eric J. Sprunk

IPC: G06F17/60

CPC classification number: H04L63/04 ,  G06Q30/018 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/08 ,  H04L63/10 ,  H04L2463/101 ,  H04N7/165 ,  H04N7/1675 ,  H04N7/173 ,  H04N7/17345 ,  H04N21/25435 ,  H04N21/4623 ,  H04N21/4667 ,  H04N21/6582

Abstract: A system is described for allowing “pay by time” purchasing of digital video programming. The system provides for a variable or metered approach. A user can purchase a fraction of a program for a price different from that required for purchasing the entire program. Records of the user's viewing can be created to record, e.g., when a user started receiving a program, how long the user received a program, and when the user stopped receiving a program.

公开(公告)号：US20130185551A1

公开(公告)日：2013-07-18

申请号：US13350072

申请日：2012-01-13

Applicant: Alexander Medvinsky ,  Tat Keung Chan ,  Eric J. Sprunk

Inventor： Alexander Medvinsky ,  Tat Keung Chan ,  Eric J. Sprunk

IPC: H04L29/06

CPC classification number: H04L9/0891 ,  H04L9/12 ,  H04L9/3268

Abstract: In one embodiment, a method includes receiving a revocation request for revoking a model type of a device. A first computing device determines a list of device unit identifiers (UIDs) that are associated with the model type from a database. The device UIDs are for devices of the model type manufactured by a first entity. The method adds the list of device UIDs to a device revocation list and outputs the device revocation list to revoke a validity of secure information associated with devices associated with the list of device UIDs.

Abstract translation: 在一个实施例中，一种方法包括接收用于撤销设备的模型类型的吊销请求。 第一计算设备确定与数据库中的模型类型相关联的设备单元标识符（UID）的列表。 设备UID用于由第一实体制造的型号类型的设备。 该方法将设备UID的列表添加到设备撤销列表，并输出设备撤销列表以撤销与设备UID列表相关联的设备相关联的安全信息的有效性。

公开(公告)号：US07672452B2

公开(公告)日：2010-03-02

申请号：US10428882

申请日：2003-05-01

Applicant: Madhusudhan R. Penugonda ,  Michael W. Johnson ,  Eric J. Sprunk ,  An Tonthat

Inventor： Madhusudhan R. Penugonda ,  Michael W. Johnson ,  Eric J. Sprunk ,  An Tonthat

IPC: H04K1/00

CPC classification number: G01R31/318541 ,  G01R31/31719 ,  G01R31/318588 ,  H04L9/0637 ,  H04L9/0643 ,  H04L2209/26

Abstract: According to the invention, a circuit that is capable of automated scan testing is disclosed. Included in the circuit are a cryptographic engine, a digital circuit, an input pin, and an output pin. The cryptographic engine capable of performing at least one of encryption and decryption of one or more digital signals. The digital circuit includes combinatorial logic and a number of memory cells. The memory cells have scan inputs connected serially in a scan chain. The input pin and output pin are coupled to the scan chain. At least one of the input pin and the output pin carries at least some cipher text data of the scan chain.

Abstract translation: 根据本发明，公开了能够进行自动扫描测试的电路。 电路中包括加密引擎，数字电路，输入引脚和输出引脚。 能够执行一个或多个数字信号的加密和解密中的至少一个的加密引擎。 数字电路包括组合逻辑和多个存储单元。 存储单元具有扫描链中的串行连接的扫描输入。 输入引脚和输出引脚耦合到扫描链。 输入引脚和输出引脚中的至少一个至少携带扫描链的一些密文数据。