-
公开(公告)号:US20060107285A1
公开(公告)日:2006-05-18
申请号:US11281019
申请日:2005-11-17
申请人: Alexander Medvinsky
发明人: Alexander Medvinsky
CPC分类号: H04N21/835 , H04N7/1675 , H04N21/234327 , H04N21/2347
摘要: Described herein are embodiments that provide an approach to cryptographic key management for a digital rights management (DRM) architecture that includes multiple levels of key management for minimizing bandwidth usage while maximizing security for the DRM architecture. In one embodiment, there is provided a data structure for cryptographic key management that includes a public/private key pair and three additional layers of symmetric keys for authorizing access to a plurality of contents.
-
公开(公告)号:US20050071669A1
公开(公告)日:2005-03-31
申请号:US10933011
申请日:2004-09-02
CPC分类号: H04N21/43615 , G06F21/10 , H04N21/8355
摘要: A copyright protection method (150) and apparatus (190) employs (151) a first protection scheme (160) within a single authorized domain (195), in which all interfaces (194a-c) are protected with digital rights management system and employs (152) a second protection scheme (170) for use in inter-domain file transfers. The method (150) and apparatus (190) may employ (153) a third protection scheme (180) for external outputs (197a-c) not protected by a digital rights management system. The first protection scheme (160) includes specifying (161) whether a copy of files is allowed to be stored anywhere within the single authorized domain; specifying (162) whether files may be stored only on specific devices within the single authorized domain; or specifying (163) how many simultaneous rendering devices are permitted when rendering files. The second protection scheme (170) may include: specifying (171) if the files may be copied to other domains; and explicitly identifying (172) domains to which copies are allowed; specifying (173) if files may be moved to other domains, and optionally allowing movement of files to any other domain; specifying (174) a list of specific domains to which content may be copied, and preserving content rights during content transfer to another domain; or specifying (175) specific domains to which content may be moved, and preserving content rights during content transfer. The third protection scheme (180) may include: specifying (181) copy protection information separately for analog, digital uncompressed and digital compressed outputs; specifying (182) a CGMS Copy protection state; specifying (183) MACROVISION parameters for analog outputs; specifying (184) if a particular type of output is allowed at all; or disabling (185) the particular type of output if the particular output type is not allowed.
-
公开(公告)号:US20050071663A1
公开(公告)日:2005-03-31
申请号:US10672929
申请日:2003-09-26
申请人: Alexander Medvinsky , Petr Peterka , Jiang Zhang
发明人: Alexander Medvinsky , Petr Peterka , Jiang Zhang
CPC分类号: H04N21/43615 , G06F21/10 , H04N21/8355
摘要: Management of rights to content is provided within an authorized domain. In a single authorized domain, where a plurality of domain interfaces are protected using a common rights management system, a copy of particular content may be allowed to be provided on all devices or only on specific devices coupled to the domain via the interfaces. Copy protection information, for outputs to external devices not protected by the common rights management system, is also specified. Rules can be provided for specifying whether particular content may be copied or moved to another protected domain. A number of rendering devices permitted to render the content simultaneously may be specified. Content rules are provided for use in managing rights to content within an authorized domain. Such rules can be associated with content that is persistently stored by a consumer device, as well as with content that is only rendered by a consumer device.
摘要翻译: 在授权域内提供对内容权限的管理。 在单个授权域中,其中使用共同权限管理系统来保护多个域接口,可以允许在所有设备上或仅通过经由接口耦合到域的特定设备上提供特定内容的副本。 还规定了将保护信息复制到不受普通版权管理系统保护的外部设备的输出。 可以提供规则来指定特定内容是否可以被复制或移动到另一个受保护的域。 可以指定允许同时呈现内容的多个渲染设备。 提供内容规则用于管理授权域内的内容权限。 这样的规则可以与由消费者设备持久存储的内容以及仅由消费者设备呈现的内容相关联。
-
公开(公告)号:US20050005114A1
公开(公告)日:2005-01-06
申请号:US10613911
申请日:2003-07-05
申请人: Alexander Medvinsky
发明人: Alexander Medvinsky
CPC分类号: G06F21/725 , G06F21/10 , G06F21/335 , H04L9/083 , H04L9/3213
摘要: A ticket-based secure time protocol is used to provide client devices, or users, with secure time signals. In a preferred embodiment, the secure time signals are provided by a secure time server so that multiple clients can be time-synchronized. Ticket-based authentication uses digital certificates and public key cryptography, such as Elliptic Curve Cryptography (ECC) to reduce key administration overhead and decryption processing. Standard authentication architectures and approaches, such as Kerberos, can be used for some aspects of the invention. A preferred embodiment uses Request and Reply messages that provide added security and functionality, such as authentication, sequence-checking and verification of target destination.
摘要翻译: 基于票证的安全时间协议用于向客户端设备或用户提供安全的时间信号。 在优选实施例中,安全时间信号由安全时间服务器提供,使得多个客户机可以被时间同步。 基于票证的身份验证使用数字证书和公共密钥密码术,如椭圆曲线加密(ECC)来减少密钥管理开销和解密处理。 标准认证体系结构和方法(如Kerberos)可用于本发明的某些方面。 优选实施例使用提供附加安全性和功能的请求和回复消息,例如目标目的地的认证,序列检查和验证。
-
65.发明授权公开(公告)号:US09177114B2
公开(公告)日:2015-11-03
申请号:US11455510
申请日:2006-06-19
申请人: Alexander Medvinsky , Petr Peterka
发明人: Alexander Medvinsky , Petr Peterka
CPC分类号: G06F21/10 , G06F2221/0708
摘要: The present invention discloses an apparatus and method for a method for determining proximity of a device (e.g., a client device). In one example, a key management request is acquired from the device. A measurement request is then transmitted to the device. Afterwards, a measurement reply is received from the device. In response, a determination is made as to whether a measurement parameter associated with the transmitting and the receiving exceeds a predetermined threshold. If the predetermined threshold is not exceeded (i.e., the device is proximate to an associated local network), then a reply to the original key management request is transmitted to the device. Notably, the reply to the key management request is required for the device to establish a secure session with a server from which digital content can be acquired.
摘要翻译: 本发明公开了一种用于确定设备(例如,客户端设备)的接近度的方法的装置和方法。 在一个示例中,从设备获取密钥管理请求。 然后将测量请求发送到设备。 之后,从设备接收到测量答复。 作为响应,确定与发送和接收相关联的测量参数是否超过预定阈值。 如果未超过预定阈值(即,设备接近相关联的本地网络),则向原始设备发送对原始密钥管理请求的回复。 值得注意的是,需要对密钥管理请求的回复,以使设备与可从其获取数字内容的服务器建立安全会话。
-
公开(公告)号:US08887310B2
公开(公告)日:2014-11-11
申请号:US12622016
申请日:2009-11-19
CPC分类号: H04L63/108 , H04L63/0823 , H04L67/04 , H04W12/04 , H04W12/06
摘要: A method is provided for operating a consumer programming device that provisions consumer electronic devices. The method includes receiving over a communication link a first enable message that authorizes the consumer programming device to make available one or more resources which enable it to provide services to consumer electronic devices. Services are provided to consumer electronic devices up until all the resources have been exhausted. Additional consumer electronic devices are provided with services only if a second enable message is received over the communication link.
摘要翻译: 提供了一种用于操作为消费者电子设备提供消费者编程设备的方法。 该方法包括通过通信链路接收授权消费者编程设备使可用的一个或多个资源使其能够向消费者电子设备提供服务的第一启用消息。 向消费电子设备提供服务,直到所有资源耗尽。 仅当通过通信链路接收到第二启用消息时,附加消费者电子设备才被提供有服务。
-
67.发明授权Online secure device provisioning with online device binding using whitelists 有权使用白名单的在线安全设备配置与在线设备绑定公开(公告)号:US08627083B2
公开(公告)日:2014-01-07
申请号:US13267672
申请日:2011-10-06
申请人: Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Fan Wang , Ting Yao
发明人: Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Fan Wang , Ting Yao
IPC分类号: H04L9/32
CPC分类号: H04L9/006 , H04L9/0891 , H04L9/14 , H04L9/321
摘要: One or more servers are provided including a session manager, authentication module, authorization module, encryption module, database, and protocol handler. The session manager is configured to receive requests for new identity data from network-enabled devices. Each request is authenticated first by the update server via its authentication module by validating the signature of the request message as well as the certificate chain trusted by the update server. The authorization module is configured to determine if the network-enabled devices specified on a whitelist are authorized to be provisioned with new identity data. The database is configured to receive new identity records generated by an identity data generation system. Each of the new identity records includes a new identifier. The new identifier is not associated or linked to any previously assigned/used identifiers and identity data, thus all the new identity records are generated independently and then loaded to the update server.
摘要翻译: 提供一个或多个服务器,包括会话管理器,认证模块,授权模块,加密模块,数据库和协议处理程序。 会话管理器被配置为从网络启用的设备接收新的身份数据的请求。 通过验证请求消息的签名以及由更新服务器信任的证书链,通过其认证模块,更新服务器首先对每个请求进行认证。 授权模块被配置为确定白名单上指定的启用网络的设备是否被授权为新的身份数据提供。 数据库被配置为接收由身份数据生成系统生成的新的身份记录。 每个新的身份记录都包含一个新的标识符。 新标识符不与任何先前分配/使用的标识符和身份数据相关联或链接,因此所有新的身份记录都是独立生成的,然后加载到更新服务器。
-
公开(公告)号:US08584214B2
公开(公告)日:2013-11-12
申请号:US12233279
申请日:2008-09-18
IPC分类号: H04L29/06
CPC分类号: H04L63/20 , G06F21/33 , H04L63/0823
摘要: A method, a network element, and a client device for creating a trusted connection with a network are disclosed. A client device 104 may attempt to access a sub-network 106. The client device 104 may determine that a certificate of the sub-network 106 is issued by a certification authority absent from a device certificate trust list. The client device 104 may receive via the sub-network 106 a certificate trust list update 400 from a certificate trust list provider 108.
摘要翻译: 公开了一种用于创建与网络的可信连接的方法,网络元件和客户端设备。 客户端设备104可以尝试访问子网络106.客户端设备104可以确定子网络106的证书是由设备证书信任列表中不存在的证书颁发机构颁发的。 客户端设备104可以经由子网络106从证书信任列表提供者108接收证书信任列表更新400。
-
公开(公告)号:US08522361B2
公开(公告)日:2013-08-27
申请号:US13571279
申请日:2012-08-09
IPC分类号: H04L29/06
CPC分类号: G06F21/33 , G01R31/31705
摘要: A method and system for unlocking diagnostic functions in a hardware device for a user. The method obtains a signed permission object for the hardware device, and validates the signed permission object. A memory of the hardware device stores a device identifier and a last recorded sequence number. The signed permission object includes a sequence number and is associated with an expiration counter having an initial value that indicates a lifetime for the signed permission object. When the signed permission object is valid, the method updates the expiration counter to decrease the lifetime of the signed permission object, stores the sequence number associated with the signed permission object as the last recorded sequence number in the hardware device, and unlocks the diagnostic functions for the user based on the signed permission object.
摘要翻译: 一种用于在用户的硬件设备中解锁诊断功能的方法和系统。 该方法获取硬件设备的签名许可对象,并验证签名的权限对象。 硬件设备的存储器存储设备标识符和最后记录的序列号。 签名的权限对象包括序列号,并且与具有指示签名的许可对象的生命周期的初始值的到期计数器相关联。 当签名的权限对象有效时,该方法更新到期计数器以减少签名的权限对象的生命周期,将与签名的许可对象相关联的序列号作为最后记录的序列号存储在硬件设备中,并解锁诊断功能 为用户基于签名的权限对象。
-
公开(公告)号:US08504836B2
公开(公告)日:2013-08-06
申请号:US12344997
申请日:2008-12-29
申请人: Jiang Zhang , Alexander Medvinsky
发明人: Jiang Zhang , Alexander Medvinsky
CPC分类号: H04L9/0822 , H04L9/0866 , H04L9/0869 , H04L9/3263 , H04L63/061 , H04L63/104 , H04L2209/60 , H04L2209/80 , H04N21/43615 , H04N21/43637 , H04N21/4408
摘要: A domain key is securely distributed from a device in an existing network to a device outside the network. Each device generates the session key on its own using the first random number, the second random number, the Personal Identification Number, and the same key generation function. The device in the existing network sends the domain key encrypted with the session key to the other device.
摘要翻译: 域密钥从现有网络中的设备安全分发到网络外部的设备。 每个设备使用第一个随机数,第二个随机数,个人识别号和相同的密钥生成函数自行生成会话密钥。 现有网络中的设备将会话密钥加密的域密钥发送给其他设备。
-
-
-
-
-
-
-
-
-
搜索结果
128 条记录 (耗时 0.034 秒)
