-
51.发明授权公开(公告)号:US08386803B2
公开(公告)日:2013-02-26
申请号:US12621153
申请日:2009-11-18
CPC分类号: G06F21/14 , G06F8/51 , H04L9/002 , H04L9/3013 , H04L2209/046 , H04L2209/08 , H04L2209/16
摘要: Disclosed herein are systems, computer-implemented methods, and computer-readable storage media for obfuscating data based on a discrete logarithm. A system practicing the method identifies a clear value in source code, replaces the clear value in the source code with a transformed value based on the clear value and a discrete logarithm, and updates portions of the source code that refer to the clear value such that interactions with the transformed value provide a same result as interactions with the clear value. This discrete logarithm approach can be implemented in three variations. The first variation obfuscates some or all of the clear values in loops. The second variation obfuscates data in a process. The third variation obfuscates data pointers, including tables and arrays. The third variation also preserves the ability to use pointer arithmetic.
摘要翻译: 本文公开的是基于离散对数来混淆数据的系统,计算机实现的方法和计算机可读存储介质。 实施该方法的系统识别源代码中的明确值,基于清除值和离散对数,用源代码替换变换值,并更新引用清除值的源代码部分,使得 与变换值的交互提供与清除值的交互相同的结果。 这种离散对数方法可以在三个变体中实现。 第一个变体模糊了循环中的一些或全部清除值。 第二个变体在一个过程中模糊数据。 第三个变体模糊数据指针,包括表和数组。 第三个变体也保留了使用指针算术的能力。
-
公开(公告)号:US08380991B2
公开(公告)日:2013-02-19
申请号:US12433757
申请日:2009-04-30
IPC分类号: H04L29/06
CPC分类号: H04L9/3236
摘要: In the field of computer data security, a hash process which is typically keyless and embodied in a computing apparatus is highly secure in terms of being resistant to attack. The hash process uses computer code (software) polymorphism, wherein computation of the hash value for a given message is partly dependent on the content (data) of the message. Hence the computer code changes dynamically while computing each hash value.
摘要翻译: 在计算机数据安全领域,通常无钥匙和体现在计算设备中的散列过程在抵御攻击方面是高度安全的。 散列过程使用计算机代码(软件)多态,其中给定消息的散列值的计算部分地取决于消息的内容(数据)。 因此,计算机代码在计算每个散列值时动态变化。
-
公开(公告)号:US20130003977A1
公开(公告)日:2013-01-03
申请号:US13474697
申请日:2012-05-17
IPC分类号: H04L9/08
摘要: Some embodiments provide an account-based DRM system for distributing content. The system includes several devices that are associated with an account and a set of DRM computers that receives a request to access a piece of content on the devices associated with the account. The DRM computer set then generates a several keys for the devices, where each particular key of each particular device allows the particular device to access the piece of content on the particular device. In some embodiments, the DRM computer set sends the content and keys to one device (e.g., a computer), which is used to distribute the content and the key(s) to the other devices associated with the account. In some embodiments, the DRM computer set individually encrypts each key in a format that is used during its transport to its associated device and during its use on this device.
摘要翻译: 一些实施例提供用于分发内容的基于帐户的DRM系统。 该系统包括与帐户相关联的若干设备和一组DRM计算机,其接收访问与该帐户相关联的设备上的一条内容的请求。 DRM计算机组然后生成用于设备的几个密钥,其中每个特定设备的每个特定密钥允许特定设备访问特定设备上的内容。 在一些实施例中,DRM计算机组将内容和密钥发送到一个设备(例如,计算机),其用于将内容和密钥分发到与该帐户相关联的其他设备。 在一些实施例中,DRM计算机集合以其在其传输到其关联设备期间以及在其在该设备上的使用期间使用的格式单独地加密每个密钥。
-
54.发明授权Use of media storage structure with multiple pieces of content in a content-distribution system 有权在内容分发系统中使用具有多条内容的媒体存储结构公开(公告)号:US08306918B2
公开(公告)日:2012-11-06
申请号:US11249123
申请日:2005-10-11
CPC分类号: G06Q20/1235 , G06F21/10 , G06F21/6218 , G06Q2220/12 , H04N21/00
摘要: Some embodiments of the invention provide a method for distributing content over a network. The method distributes a single media storage structure to a device (e.g., a computer, portable player, etc.) that connects to the network. The media storage structure includes first and second pieces of encrypted content. Based on whether the device is allowed to access the first piece of content, the second piece of content, or both, the method provides the device with a set of keys for decrypting the pieces of the content that the device is able to access. The provided set of keys might include one or more keys for decrypting only one of the two encrypted pieces of content. Alternatively, it might include one or more keys for decrypting both encrypted pieces of content. For instance, the selected set of keys might include a first key for decrypting the first encrypted piece and a second key for decrypting the second encrypted piece. Based on the provided set of keys, the device can then decrypt and access either one of the two pieces of content in the media storage structure or both pieces of encrypted content in the media storage structure.
摘要翻译: 本发明的一些实施例提供了一种通过网络分发内容的方法。 该方法将单个媒体存储结构分发到连接到网络的设备(例如,计算机,便携式播放器等)。 媒体存储结构包括第一和第二片加密内容。 基于该设备是允许访问第一条内容,第二条内容还是两者,该方法向设备提供一组密钥,用于解密设备能够访问的内容片段。 所提供的密钥集可以包括用于仅解密两个加密的内容中的一个的一个或多个密钥。 或者,它可以包括用于解密加密的内容片段的一个或多个密钥。 例如,所选择的密钥集合可以包括用于解密第一加密片段的第一密钥和用于解密第二加密片段的第二密钥。 基于所提供的一组密钥,设备可以解密和访问媒体存储结构中的两条内容中的任何一个或媒体存储结构中的两条加密内容。
-
55.发明申请SECURING IMPLEMENTATION OF A CRYPTOGRAPHIC PROCESS HAVING FIXED OR DYNAMIC KEYS 有权保护具有固定或动态键的克隆过程的实施公开(公告)号:US20120179919A1
公开(公告)日:2012-07-12
申请号:US12987931
申请日:2011-01-10
IPC分类号: G06F12/14
CPC分类号: G06F21/602 , G06F21/72 , H04L9/0631 , H04L2209/046 , H04L2209/16 , H04L2209/24
摘要: In the field of computer enabled cryptography, such as a keyed block cipher having a plurality of rounds, the cipher is hardened against attack by protecting the round keys by (1) combining several cipher operations using a pair of sub-keys (round keys) into one table look-up, or (2) a key masking process which obscures the round keys by providing a masked version of the key operations for carrying out encryption or decryption using the cipher. This approach is especially advantageous in an insecure “White Box” environment where an attacker has full access to execution of the cipher algorithm, including the algorithm's internal state during its execution.
摘要翻译: 在诸如具有多个回合的密钥分组密码的计算机启用密码学领域中,通过(1)使用一对子密钥(循环密钥)组合若干密码操作来保护循环密钥来加密密码, 进入一个表查找,或者(2)通过提供用于使用密码进行加密或解密的密钥操作的掩蔽版本来掩盖轮密钥的密钥掩蔽处理。 这种方法在不安全的“白盒”环境中特别有利,攻击者可以完全访问密码算法的执行,包括算法的执行过程中的内部状态。
-
56.发明授权Method and apparatus for securing content using encryption with embedded key in content 有权使用内嵌密钥加密保护内容的方法和装置公开(公告)号:US08196214B2
公开(公告)日:2012-06-05
申请号:US12002098
申请日:2007-12-14
IPC分类号: G06F21/00
CPC分类号: H04L63/062 , G06F21/10 , H04L9/0827 , H04L9/0891 , H04L63/123 , H04L2209/605
摘要: Method and apparatus enabled by computer (or equivalent) hardware and software for protection of content such as audio and video to be downloaded or streamed over a computer network such as the Internet. The content is provided to the user via streaming or downloads in encrypted form. The encryption is such that the content key decryption information is transmitted so that it itself is encrypted to be both device and session unique. That is, the key information can be used only to extract the content decryption key for a particular session and for a particular client device such as an audio or video consumer playing device. This prevents any further use or copying of the content other than in that session and for that particular client. The specificity is accomplished by using a device unique identifier and antireplay information which is session specific for encrypting the content key. A typical application is Internet streaming of audio or video to consumers.
摘要翻译: 用于保护诸如音频和视频的内容的计算机(或等效的)硬件和软件能够通过诸如因特网的计算机网络下载或流式传输的方法和装置。 内容通过加密形式的流式传输或下载提供给用户。 加密是使得内容密钥解密信息被发送,使得其本身被加密成为设备和会话唯一的。 也就是说,密钥信息可以仅用于提取特定会话的内容解密密钥以及用于诸如音频或视频消费者播放设备的特定客户端设备。 这可以防止在该会话和该特定客户端之外的内容的任何进一步的使用或复制。 特异性通过使用设备唯一标识符和反重播信息来实现,该信息是会话专用于加密内容密钥。 典型的应用是将音频或视频的互联网流传输给消费者。
-
公开(公告)号:US20110246787A1
公开(公告)日:2011-10-06
申请号:US12753021
申请日:2010-04-01
IPC分类号: G06F12/14
CPC分类号: G06F21/60 , G06F21/14 , G06F2221/2107 , G09C1/00 , H04L2209/04
摘要: In a first computer (digital) data obfuscation process, data which is conventionally arranged in a data structure called an array (e.g., a table) and conventionally stored in computer or computer device memory is obfuscated (masked) by logically or mathematically combining the data, entry-by-entry, with a masking value which is computed as a logical or mathematical function of the entry itself or its index in the array, modulo a security value. The complementary unmasking value is a pointer to the entry's address in the table modulo the security value. In a second computer (digital) data obfuscation process, the addresses (location designations) in memory of a data array are themselves obfuscated (masked) by partitioning the array into blocks of entries and shuffling the order of the data entries in each block by a predetermined algorithm, resulting in a shuffled array also differing from the original array in terms of its size (the total number of entries).
摘要翻译: 在第一计算机(数字)数据混淆处理中,通过逻辑地或数学地组合数据来模拟(掩蔽)常规地被布置在被称为阵列(例如,一个表格)的数据结构中并且通常存储在计算机或计算机设备存储器中的数据 逐个输入,具有屏蔽值,其被计算为条目本身的逻辑或数学函数或其阵列中的索引,模数为安全值。 补充取消掩码值是指向该表中条目地址的指针,以模拟安全值。 在第二计算机(数字)数据混淆处理中,数据阵列的存储器中的地址(位置指定)本身通过将阵列划分成条目块并将每个块中的数据条目的顺序按顺序排列(A)来进行混淆(掩蔽) 预定的算法,导致在其大小(入口总数)方面与原始阵列不同的混洗阵列。
-
公开(公告)号:US20110055576A1
公开(公告)日:2011-03-03
申请号:US12551267
申请日:2009-08-31
IPC分类号: H04L9/32
CPC分类号: H04L9/3236
摘要: This discloses, in the computer data security field, a cryptographic hash function process embodied in a computer system and which may be keyless, but is highly secure. The process is based on the type of randomness exhibited by a heap or stack of physical objects such as a heap of pieces of fruit and involves modeling the behavior of such a heap when pieces are removed from the heap. Computation of the hash value (digest) is thereby the result of executing a heap model algorithm using the message as an input to initialize the heap, then executing the heap model algorithm which logically models the process of serially removing objects (pieces of fruit) from the heap at various locations in the modeled heap.
摘要翻译: 这在计算机数据安全领域中公开了一种体现在计算机系统中的加密哈希函数过程,其可以是无钥匙的,但是是高度安全的。 该过程基于堆或堆栈的物理对象(例如一堆水果)所呈现的随机性的类型,并且涉及当从堆中移除碎片时对该堆的行为进行建模。 因此,哈希值(摘要)的计算是使用消息作为输入来初始化堆的执行堆模型算法的结果,然后执行堆模型算法,其对从串行移除对象(水果)的过程进行逻辑建模 堆在建模堆中的各个位置。
-
公开(公告)号:US20100304826A1
公开(公告)日:2010-12-02
申请号:US12475353
申请日:2009-05-29
IPC分类号: A63F9/24
CPC分类号: H04L9/3236
摘要: In the computer data security field, a cryptographic hash function process embodied in a computer system and which is typically keyless, but is highly secure. The process is based on the type of randomness exhibited by the well known gambling game of roulette played on a roulette wheel involving dropping a ball onto a partitioned spinning wheel. The ball loses momentum and drops into one of the partitions (pockets) of the wheel. Computation of the hash value (digest) is the result of executing in a model (such as computer code or logic circuitry) such a game algorithm using the message as an input to the game algorithm, then executing the game algorithm. A state of the game (the final ball location) after a ball (or several balls) are played gives the hash digest value of the message.
摘要翻译: 在计算机数据安全领域中,加密散列函数过程体现在计算机系统中,并且通常是无钥匙的,但是是高度安全的。 这个过程是基于在轮盘赌上玩的轮盘赌的众所周知的赌博游戏展示的随机性类型,包括将球落在分隔的旋转轮上。 球失去动量并落入车轮的一个分区(口袋)中。 哈希值(摘要)的计算是在使用该消息作为游戏算法的输入的游戏算法的模型(诸如计算机代码或逻辑电路)中执行的结果,然后执行游戏算法。 球(或几球)播放后的游戏状态(最终球位置)给出消息的散列摘要值。
-
公开(公告)号:US20090287942A1
公开(公告)日:2009-11-19
申请号:US12120146
申请日:2008-05-13
IPC分类号: G06F12/14
CPC分类号: G06F21/10 , G06F1/14 , G06F21/57 , G06F21/725 , G06F2221/2137 , G11B20/00086 , G11B20/0084
摘要: Method and apparatus to detect clock roll-forward attacks in a computing device or similar system. This protects against hackers who tamper with the system clock of, for instance, a digital media playback device in order to access a content item which has been rented for a limited time. By detecting clock roll-forward tampering, the present method and system prevent such hackers from accessing the content item outside its authorized rental time period.
摘要翻译: 在计算设备或类似系统中检测时钟前滚攻击的方法和装置。 这可防止篡改例如数字媒体播放设备的系统时钟的黑客,以便访问在有限时间内租用的内容项目。 通过检测时钟前滚篡改,本方法和系统防止这些黑客在其授权租期之外访问该内容项。
-
-
-
-
-
-
-
-
-
搜索结果
174 条记录 (耗时 0.038 秒)
