-
公开(公告)号:US20060107285A1
公开(公告)日:2006-05-18
申请号:US11281019
申请日:2005-11-17
申请人: Alexander Medvinsky
发明人: Alexander Medvinsky
CPC分类号: H04N21/835 , H04N7/1675 , H04N21/234327 , H04N21/2347
摘要: Described herein are embodiments that provide an approach to cryptographic key management for a digital rights management (DRM) architecture that includes multiple levels of key management for minimizing bandwidth usage while maximizing security for the DRM architecture. In one embodiment, there is provided a data structure for cryptographic key management that includes a public/private key pair and three additional layers of symmetric keys for authorizing access to a plurality of contents.
-
公开(公告)号:US20060047976A1
公开(公告)日:2006-03-02
申请号:US11159754
申请日:2005-06-23
申请人: Paul Moroney , Alexander Medvinsky
发明人: Paul Moroney , Alexander Medvinsky
IPC分类号: G06F12/14
CPC分类号: H04N7/1675 , H04H60/23 , H04L9/083 , H04L2209/60 , H04N21/26613 , H04N21/6118 , H04N21/6168 , H04N21/6332 , H04N21/63345
摘要: The present invention discloses an apparatus and method for securely generating a content decryption key in an endpoint device. In one example, a nonce is acquired from a packet header from a message received at the endpoint device. The content decryption key is derived utilizing a one-way content function that uses a channel key and the nonce as input parameters.
摘要翻译: 本发明公开了一种在终端设备中安全地生成内容解密密钥的装置和方法。 在一个示例中,从在端点设备处接收的消息的分组报头中获取随机数。 使用使用信道密钥和随机数作为输入参数的单向内容函数导出内容解密密钥。
-
公开(公告)号:US20050005114A1
公开(公告)日:2005-01-06
申请号:US10613911
申请日:2003-07-05
申请人: Alexander Medvinsky
发明人: Alexander Medvinsky
CPC分类号: G06F21/725 , G06F21/10 , G06F21/335 , H04L9/083 , H04L9/3213
摘要: A ticket-based secure time protocol is used to provide client devices, or users, with secure time signals. In a preferred embodiment, the secure time signals are provided by a secure time server so that multiple clients can be time-synchronized. Ticket-based authentication uses digital certificates and public key cryptography, such as Elliptic Curve Cryptography (ECC) to reduce key administration overhead and decryption processing. Standard authentication architectures and approaches, such as Kerberos, can be used for some aspects of the invention. A preferred embodiment uses Request and Reply messages that provide added security and functionality, such as authentication, sequence-checking and verification of target destination.
摘要翻译: 基于票证的安全时间协议用于向客户端设备或用户提供安全的时间信号。 在优选实施例中,安全时间信号由安全时间服务器提供,使得多个客户机可以被时间同步。 基于票证的身份验证使用数字证书和公共密钥密码术,如椭圆曲线加密(ECC)来减少密钥管理开销和解密处理。 标准认证体系结构和方法(如Kerberos)可用于本发明的某些方面。 优选实施例使用提供附加安全性和功能的请求和回复消息,例如目标目的地的认证,序列检查和验证。
-
74.发明授权Online secure device provisioning with online device binding using whitelists 有权使用白名单的在线安全设备配置与在线设备绑定公开(公告)号:US08627083B2
公开(公告)日:2014-01-07
申请号:US13267672
申请日:2011-10-06
申请人: Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Fan Wang , Ting Yao
发明人: Xin Qiu , Alexander Medvinsky , Stuart P. Moskovics , Jason A. Pasion , Fan Wang , Ting Yao
IPC分类号: H04L9/32
CPC分类号: H04L9/006 , H04L9/0891 , H04L9/14 , H04L9/321
摘要: One or more servers are provided including a session manager, authentication module, authorization module, encryption module, database, and protocol handler. The session manager is configured to receive requests for new identity data from network-enabled devices. Each request is authenticated first by the update server via its authentication module by validating the signature of the request message as well as the certificate chain trusted by the update server. The authorization module is configured to determine if the network-enabled devices specified on a whitelist are authorized to be provisioned with new identity data. The database is configured to receive new identity records generated by an identity data generation system. Each of the new identity records includes a new identifier. The new identifier is not associated or linked to any previously assigned/used identifiers and identity data, thus all the new identity records are generated independently and then loaded to the update server.
摘要翻译: 提供一个或多个服务器,包括会话管理器,认证模块,授权模块,加密模块,数据库和协议处理程序。 会话管理器被配置为从网络启用的设备接收新的身份数据的请求。 通过验证请求消息的签名以及由更新服务器信任的证书链,通过其认证模块,更新服务器首先对每个请求进行认证。 授权模块被配置为确定白名单上指定的启用网络的设备是否被授权为新的身份数据提供。 数据库被配置为接收由身份数据生成系统生成的新的身份记录。 每个新的身份记录都包含一个新的标识符。 新标识符不与任何先前分配/使用的标识符和身份数据相关联或链接,因此所有新的身份记录都是独立生成的,然后加载到更新服务器。
-
公开(公告)号:US08522361B2
公开(公告)日:2013-08-27
申请号:US13571279
申请日:2012-08-09
IPC分类号: H04L29/06
CPC分类号: G06F21/33 , G01R31/31705
摘要: A method and system for unlocking diagnostic functions in a hardware device for a user. The method obtains a signed permission object for the hardware device, and validates the signed permission object. A memory of the hardware device stores a device identifier and a last recorded sequence number. The signed permission object includes a sequence number and is associated with an expiration counter having an initial value that indicates a lifetime for the signed permission object. When the signed permission object is valid, the method updates the expiration counter to decrease the lifetime of the signed permission object, stores the sequence number associated with the signed permission object as the last recorded sequence number in the hardware device, and unlocks the diagnostic functions for the user based on the signed permission object.
摘要翻译: 一种用于在用户的硬件设备中解锁诊断功能的方法和系统。 该方法获取硬件设备的签名许可对象,并验证签名的权限对象。 硬件设备的存储器存储设备标识符和最后记录的序列号。 签名的权限对象包括序列号,并且与具有指示签名的许可对象的生命周期的初始值的到期计数器相关联。 当签名的权限对象有效时,该方法更新到期计数器以减少签名的权限对象的生命周期,将与签名的许可对象相关联的序列号作为最后记录的序列号存储在硬件设备中,并解锁诊断功能 为用户基于签名的权限对象。
-
公开(公告)号:US08504836B2
公开(公告)日:2013-08-06
申请号:US12344997
申请日:2008-12-29
申请人: Jiang Zhang , Alexander Medvinsky
发明人: Jiang Zhang , Alexander Medvinsky
CPC分类号: H04L9/0822 , H04L9/0866 , H04L9/0869 , H04L9/3263 , H04L63/061 , H04L63/104 , H04L2209/60 , H04L2209/80 , H04N21/43615 , H04N21/43637 , H04N21/4408
摘要: A domain key is securely distributed from a device in an existing network to a device outside the network. Each device generates the session key on its own using the first random number, the second random number, the Personal Identification Number, and the same key generation function. The device in the existing network sends the domain key encrypted with the session key to the other device.
摘要翻译: 域密钥从现有网络中的设备安全分发到网络外部的设备。 每个设备使用第一个随机数,第二个随机数,个人识别号和相同的密钥生成函数自行生成会话密钥。 现有网络中的设备将会话密钥加密的域密钥发送给其他设备。
-
公开(公告)号:US20130139198A1
公开(公告)日:2013-05-30
申请号:US13305958
申请日:2011-11-29
申请人: John I. Okimoto , Alexander Medvinsky , Xin Qiu
发明人: John I. Okimoto , Alexander Medvinsky , Xin Qiu
IPC分类号: H04N21/2347
CPC分类号: H04N21/25841 , H04N21/25816 , H04N21/26613 , H04N21/4623
摘要: A method, a digital content consumption device, and a conditional access system are disclosed. A network interface may receive in a digital content consumption device a public key message that includes an encrypted key. A processor may decrypt the encrypted key using a secret key to produce the transmitted public key, identify a region descriptor in the public key message, and determine the secret key based on the region descriptor.
摘要翻译: 公开了一种方法,数字内容消费装置和条件访问系统。 网络接口可以在数字内容消费设备中接收包括加密密钥的公开密钥消息。 处理器可以使用秘密密钥来解密加密的密钥,以产生所传送的公共密钥,识别公开密钥消息中的区域描述符,并且基于区域描述符确定秘密密钥。
-
公开(公告)号:US08364964B2
公开(公告)日:2013-01-29
申请号:US12648416
申请日:2009-12-29
申请人: Alexander Medvinsky , Paul Moroney , Jiang Zhang
发明人: Alexander Medvinsky , Paul Moroney , Jiang Zhang
CPC分类号: H04L9/0833 , H04L9/0844 , H04L9/3263 , H04L63/06 , H04L63/0823 , H04L63/10 , H04L2209/80 , H04N21/26606 , H04N21/26613 , H04W12/04
摘要: In a method of registering a plurality of client devices with a device registration server for secure data communications, a unique symmetric key is generated for each of the client devices using a cryptographic function on a private key of the device registration server and a respective public key of each of the client devices, and a broadcast message containing the public key of the device registration server is sent to the client devices, in which the client devices are configured to generate a respective unique symmetric key from the public key of the device registration server and its own private key using a cryptographic function, and in which the unique symmetric key generated by each client device matches the respective unique symmetric key generated by the device registration server for the respective client device.
摘要翻译: 在使用用于安全数据通信的设备注册服务器登记多个客户端设备的方法中,使用设备注册服务器的私钥的密码功能和相应的公钥来为每个客户端设备生成独特的对称密钥 并且将包含设备注册服务器的公开密钥的广播消息发送到客户端设备,其中客户端设备被配置为从设备注册服务器的公开密钥生成相应的唯一对称密钥 和其自己的私钥使用加密功能,并且其中由每个客户端设备生成的唯一对称密钥与由相应客户端设备的设备注册服务器生成的相应唯一对称密钥匹配。
-
公开(公告)号:US08266684B2
公开(公告)日:2012-09-11
申请号:US12242150
申请日:2008-09-30
IPC分类号: G06F21/00
CPC分类号: G06F21/33 , G01R31/31705
摘要: A method and system for unlocking diagnostic functions in a hardware device for a user. The method obtains a signed permission object for the hardware device, and validates the signed permission object. A memory of the hardware device stores a device identifier and a last recorded sequence number. The signed permission object includes a sequence number and is associated with an expiration counter having an initial value that indicates a lifetime for the signed permission object. When the signed permission object is valid, the method updates the expiration counter to decrease the lifetime of the signed permission object, stores the sequence number associated with the signed permission object as the last recorded sequence number in the hardware device, and unlocks the diagnostic functions for the user based on the signed permission object.
摘要翻译: 一种用于在用户的硬件设备中解锁诊断功能的方法和系统。 该方法获取硬件设备的签名许可对象,并验证签名的权限对象。 硬件设备的存储器存储设备标识符和最后记录的序列号。 签名的权限对象包括序列号,并且与具有指示签名的许可对象的生命周期的初始值的到期计数器相关联。 当签名的权限对象有效时,该方法更新到期计数器以减少签名的权限对象的生命周期,将与签名的许可对象相关联的序列号作为最后记录的序列号存储在硬件设备中,并解锁诊断功能 为用户基于签名的权限对象。
-
公开(公告)号:US20100215171A1
公开(公告)日:2010-08-26
申请号:US12708171
申请日:2010-02-18
IPC分类号: H04K1/00
CPC分类号: H04L9/088 , H04L2209/60
摘要: In a method for testing a transport packet decrypting module of a client device, a first decryption operation of the transport packet decrypting module is implemented on a test encrypted control word using a content decryption key ladder to derive a test control word, a second decryption operation of the transport packet decrypting module is implemented on one or more test transport packets using the test control word via a predetermined content decryption algorithm, the KIV is derived from the decrypted transport packets, and the derived KIV is compared with a value stored in the client device to verify whether the transport packet decrypting module of the client device is functioning properly.
摘要翻译: 在一种用于测试客户端设备的传输分组解密模块的方法中,使用内容解密密钥梯形图在测试加密控制字上实现传输分组解密模块的第一解密操作,以导出测试控制字,第二解密操作 的传输分组解密模块通过预定的内容解密算法使用测试控制字在一个或多个测试传输分组上实现,从解密的传输分组导出KIV,并将导出的KIV与存储在客户端中的值进行比较 设备来验证客户端设备的传输分组解密模块是否正常工作。
-
-
-
-
-
-
-
-
-
搜索结果
128 条记录 (耗时 0.029 秒)
