-
81.发明授权System and method for providing key management protocol with client verification of authorization 有权提供密钥管理协议与客户端授权验证的系统和方法公开(公告)号:US07231663B2
公开(公告)日:2007-06-12
申请号:US10067446
申请日:2002-02-04
申请人: Alexander Medvinsky
发明人: Alexander Medvinsky
CPC分类号: H04L63/0807 , H04L63/0428 , H04L63/062
摘要: A method and system for providing a client (102) with a copy of the authorization data that can be accessed and used by the client. The method is well-suited to key management protocols that utilize the concept of tickets. Two copies of the authorization data, a client copy and a server copy, are included within and forwarded to the client where the client is requesting a ticket for a specific application server (106). The client is capable of accessing the client copy of the authorization data such that the client can verify requests, and determine authorization of use for content and/or services requested.
摘要翻译: 一种用于向客户机(102)提供可由客户端访问和使用的授权数据的副本的方法和系统。 该方法非常适合利用票证概念的密钥管理协议。 授权数据的两个副本,客户端副本和服务器副本被包括在客户端中,并且被转发到客户端请求特定应用服务器(106)的票据。 客户端能够访问授权数据的客户端副本,使得客户端可以验证请求,并确定对所请求的内容和/或服务的使用授权。
-
公开(公告)号:US20050204038A1
公开(公告)日:2005-09-15
申请号:US10798050
申请日:2004-03-11
IPC分类号: G06F15/173 , G06F17/60
CPC分类号: H04L63/0807 , G06F21/10 , G06F2221/0788 , G06Q30/00 , H04L63/0428
摘要: A method (300) for distributing data (25), within a network (11), between a source consumer (50) and a destination consumer (250). The data (25) originates from, and is protected by predetermined intellectual property rights of, a third party (20). The method (300) includes: specifying (302) a first access condition associated with the data, the access condition based on the predetermined intellectual property rights; based on a request requesting transfer of the data from the source consumer to the destination consumer, and based on a service ticket issued by an authority associated with the source consumer, arranging (304) for authentication of the destination consumer; and after authentication of the destination consumer, based on a second access condition issued by an authority associated with the source consumer, arranging (306) for transfer of the data, via the network in a peer-to-peer manner, from the source consumer to the destination consumer. Use (308) of the data is restricted in a manner specified by access conditions.
摘要翻译: 一种用于在网络(11)内在源消费者(50)和目的地消费者(250)之间分发数据(25)的方法(300)。 数据(25)来源于第三方(20)的预定知识产权保护。 方法(300)包括:指定(302)与数据相关联的第一访问条件,基于预定知识产权的访问条件; 基于请求从所述源消费者转发到所述目的地消费者的请求,并且基于与所述源消费者相关联的机构发布的服务票据,安排(304)用于所述目的地消费者的认证; 并且在所述目的地消费者的认证之后,基于与所述源消费者相关联的授权机构发布的第二访问条件,经由所述网络以对等方式从所述源消费者安排(306)所述数据的传送 到目的地消费者。 使用(308)的数据以访问条件指定的方式进行限制。
-
83.发明授权End-to end protection of media stream encryption keys for voice-over-IP systems 有权用于IP语音系统的媒体流加密密钥的端到端保护公开(公告)号:US06792534B2
公开(公告)日:2004-09-14
申请号:US10140148
申请日:2002-05-06
申请人: Alexander Medvinsky
发明人: Alexander Medvinsky
IPC分类号: H04L900
CPC分类号: H04L63/061 , H04L63/0807
摘要: The present invention reduces the exposure of keying material to intermediary devices in a communication channel between first and second servers. In one embodiment, a second server receives a first half of media stream keys from a first server. The second server uses a Kerberos-based Application Request and tickets to communicate the second half of the media stream keys to the first server. Using this approach, the exposure of the media stream keys is reduced to only the servers.
摘要翻译: 本发明减少了在第一和第二服务器之间的通信信道中的密钥材料对中间设备的暴露。 在一个实施例中,第二服务器从第一服务器接收媒体流密钥的前半部分。 第二个服务器使用基于Kerberos的应用程序请求和故障单将媒体流密钥的后半部分传送到第一个服务器。 使用这种方法,媒体流密钥的曝光仅减少到服务器。
-
公开(公告)号:US06754908B1
公开(公告)日:2004-06-22
申请号:US09505336
申请日:2000-02-16
申请人: Alexander Medvinsky
发明人: Alexander Medvinsky
IPC分类号: H04N7173
CPC分类号: H04L63/08 , H04L29/06 , H04L29/06027 , H04L63/123 , H04L63/1408 , H04N5/4401 , H04N7/165 , H04N7/167 , H04N17/004 , H04N21/2404 , H04N21/25833 , H04N21/4405 , H04N21/44236 , H04N21/4424 , H04N21/4425 , H04N21/4623 , H04N21/4627
摘要: According to the invention, an apparatus and methods for detecting modifications to information within a content receiver are described. In one embodiment, a method for detecting modification to a content receiver within a conditional access system is disclosed. In this process, a content provider generates a message. The message is sent to the content receiver by way of a network. The content receiver gets the message from the network. The content provider detects any unauthorized modification to the content receiver.
摘要翻译: 根据本发明,描述了一种用于检测对内容接收器内的信息的修改的装置和方法。 在一个实施例中,公开了一种用于检测对条件访问系统内的内容接收器的修改的方法。 在此过程中,内容提供商生成消息。 消息通过网络发送到内容接收方。 内容接收器从网络获取消息。 内容提供商检测对内容接收器的任何未经授权的修改。
-
公开(公告)号:US09553725B2
公开(公告)日:2017-01-24
申请号:US13301206
申请日:2011-11-21
CPC分类号: H04L9/32 , H04L9/0816 , H04L9/0822 , H04L9/0866 , H04L63/12 , H04L63/123 , H04L63/126 , H04L2209/601
摘要: Systems and methods for authenticating data and timeliness are disclosed. A method for authentication can comprise processing a data block to determine a first secret element, generating a second secret element based upon the first secret element, generating a non-secret element based upon the second secret element, and comparing the non-secret element to a nonce associated with the first secret element to determine authentication.
摘要翻译: 披露了用于认证数据和及时性的系统和方法。 认证方法可以包括处理数据块以确定第一秘密元素,基于第一秘密元素生成第二秘密元素,基于第二秘密元素生成非秘密元素,并且将非秘密元素与 与第一秘密元素相关联以确定认证的随机数。
-
公开(公告)号:US09548859B2
公开(公告)日:2017-01-17
申请号:US12327326
申请日:2008-12-03
申请人: Alexander Medvinsky
发明人: Alexander Medvinsky
CPC分类号: H04L9/0822 , G06F21/10 , G06F2221/0753 , H04L9/083 , H04L9/3213 , H04L63/0807 , H04L2209/60 , H04L2463/101
摘要: The present invention is a method and system for accessing digital content stored on a computing device. An agreement between a subscriber and a content provider allows the subscriber to lease the digital content from the content provider, and download the digital content from a content server operated by the content provider. The method retrieves a service ticket for the computing device, and retrieves content rights for the digital content. The service ticket includes authorization data, and a session key, where the authorization data include authorized subscription services for the computing device. The content rights include required subscription services for the digital content and are delivered authenticated with the session key. The method allows access to the digital content when the authorized subscription services included with the authorization data match the required subscription services included with the content rights.
摘要翻译: 本发明是用于访问存储在计算设备上的数字内容的方法和系统。 用户和内容提供商之间的协议允许用户从内容提供商租赁数字内容,并从内容提供商操作的内容服务器下载数字内容。 该方法检索计算设备的服务票证,并检索数字内容的内容权限。 服务票包括授权数据和会话密钥,其中授权数据包括用于计算设备的授权订阅服务。 内容权限包括数字内容所需的订阅服务,并通过会话密钥进行验证。 当授权数据所包含的授权订阅服务与内容权限所包含的所需订阅服务相匹配时,该方法允许访问数字内容。
-
87.发明授权Methods, apparatus and system for authenticating a programmable hardware device and for authenticating commands received in the programmable hardware device from a secure processor 有权用于认证可编程硬件设备并用于从安全处理器认证在可编程硬件设备中接收的命令的方法,装置和系统公开(公告)号:US09003197B2
公开(公告)日:2015-04-07
申请号:US12056721
申请日:2008-03-27
申请人: Jiang Zhang , Peter Chen , Alexander Medvinsky
发明人: Jiang Zhang , Peter Chen , Alexander Medvinsky
CPC分类号: G06F21/76 , G06F12/1466 , G06F21/73 , G06F2221/2129
摘要: A method, device and system for authenticating a programmable hardware device, such as a programmable hardware chip, and a command received by the programmable hardware device. A secure processor or other trusted source authenticates the programmable hardware chip by verifying, with the secure processor's own verification key, a random number sent to the programmable hardware chip and encrypted using a verification key embedded within the programmable hardware chip, since the nature of the encryption is such that only the original logic function that includes the verification key can encrypt the data correctly. A command received by the programmable hardware chip is authenticated by verifying that a command authentication token received by the programmable hardware chip is generated using the correct command authentication key and consequently verifying that the command is received from the secure processor, as only the party who has the command authentication key can encrypt the data correctly.
摘要翻译: 用于认证可编程硬件设备(诸如可编程硬件芯片)和由可编程硬件设备接收的命令的方法,设备和系统。 安全处理器或其他可信源通过使用安全处理器自己的验证密钥验证发送到可编程硬件芯片的随机数并使用嵌入在可编程硬件芯片内的验证密钥进行加密来验证可编程硬件芯片,因为 加密只有包含验证密钥的原始逻辑功能才能正确加密数据。 由可编程硬件芯片接收的命令通过验证使用正确的命令认证密钥生成由可编程硬件芯片接收到的命令认证令牌,从而验证从安全处理器接收到该命令的认证,只有具有 命令认证密钥可以正确加密数据。
-
公开(公告)号:US08761401B2
公开(公告)日:2014-06-24
申请号:US11846045
申请日:2007-08-28
申请人: Eric J. Sprunk , Alexander Medvinsky , Xin Qiu , Stuart Moskovics , Liqiang Chen
发明人: Eric J. Sprunk , Alexander Medvinsky , Xin Qiu , Stuart Moskovics , Liqiang Chen
CPC分类号: H04L9/0844 , H04L9/006 , H04L9/0822 , H04L63/0428 , H04L63/062 , H04L63/0823 , H04L63/166
摘要: A system and method for securely distributing PKI data, such as one or more private keys or other confidential digital information, from a PKI data generation facility to a product in a product personalization facility that is not connected to the PKI data generation facility and is assumed to be a non-secure product personalization facility. The system includes a PKI data loader for securely transmitting the encrypted PKI data transferred from the PKI data generator to a PKI server at the product personalization facility. The PKI server then transfers the PKI data to the product of interest, typically via a PKI station acting as a proxy between the PKI server and the product. In each communication step, PKI data being transferred is encrypted multiple times and the system is designed such that if any intermediate node is compromised with all of its keys, the overall system has not yet been compromised.
摘要翻译: 用于将PKI数据(例如一个或多个私钥或其他机密数字信息)的PKI数据安全地分发到不连接到PKI数据生成设备并被假定的产品个性化设施中的产品的系统和方法 成为不安全的产品个性化设施。 该系统包括PKI数据加载器,用于将从PKI数据发生器传送的加密的PKI数据安全地发送到产品个性化设施的PKI服务器。 PKI服务器然后将PKI数据传送到感兴趣的产品,通常通过充当PKI服务器和产品之间代理的PKI站。 在每个通信步骤中,正在传送的PKI数据被加密多次,并且系统被设计成使得如果任何中间节点与其所有密钥相冲突,则整个系统尚未被破坏。
-
公开(公告)号:US08538890B2
公开(公告)日:2013-09-17
申请号:US12549468
申请日:2009-08-28
申请人: Alexander Medvinsky
发明人: Alexander Medvinsky
CPC分类号: H04L9/321 , H04L9/3263 , H04L2209/60
摘要: A method of encrypting a unique cryptographic entity (UCE), where a client device receives a global-key (GK-) encrypted UKD comprising a GK-encrypted UCE and a GK-encrypted unit key number (UKN). The client device verifies that the GK-encrypted UKN is the same as a pre-provisioned value and then decrypts the GK-encrypted UKD using a global key (GK). The client device then re-encrypts the decrypted UKD using a device user key (DUK) to determine a DUK-encrypted UCE and a DUK-encrypted UKN. The DUK-encrypted UKN is verified as not equal to the GK-encrypted UKN. The DUK-encrypted UKN is then appended to the DUK-encrypted UCE to form a DUK-encrypted UKD and stored in a memory.
摘要翻译: 一种加密唯一密码实体(UCE)的方法,其中客户端设备接收包括GK加密的UCE和GK加密的单元密钥号码(UKN)的全球密钥(GK-)加密的UKD。 客户端设备验证GK加密的UKN与预先设定的值相同,然后使用全局密钥(GK)解密GK加密的UKD。 客户端设备然后使用设备用户密钥(DUK)重新加密解密的UKD,以确定DUK加密的UCE和DUK加密的UKN。 DUK加密的UKN被验证为不等于GK加密的UKN。 然后将DUK加密的UKN附加到DUK加密的UCE以形成DUK加密的UKD并存储在存储器中。
-
公开(公告)号:US20130185551A1
公开(公告)日:2013-07-18
申请号:US13350072
申请日:2012-01-13
IPC分类号: H04L29/06
CPC分类号: H04L9/0891 , H04L9/12 , H04L9/3268
摘要: In one embodiment, a method includes receiving a revocation request for revoking a model type of a device. A first computing device determines a list of device unit identifiers (UIDs) that are associated with the model type from a database. The device UIDs are for devices of the model type manufactured by a first entity. The method adds the list of device UIDs to a device revocation list and outputs the device revocation list to revoke a validity of secure information associated with devices associated with the list of device UIDs.
摘要翻译: 在一个实施例中,一种方法包括接收用于撤销设备的模型类型的吊销请求。 第一计算设备确定与数据库中的模型类型相关联的设备单元标识符(UID)的列表。 设备UID用于由第一实体制造的型号类型的设备。 该方法将设备UID的列表添加到设备撤销列表,并输出设备撤销列表以撤销与设备UID列表相关联的设备相关联的安全信息的有效性。
-
-
-
-
-
-
-
-
-
搜索结果
128 条记录 (耗时 0.022 秒)
