-
公开(公告)号:US08185942B2
公开(公告)日:2012-05-22
申请号:US12169496
申请日:2008-07-08
申请人: Augustin J. Farrugia , Gianpaolo Fasoli , Jean-Francois Riendeau , Michael L. H. Brouwer , Justin Henzie
发明人: Augustin J. Farrugia , Gianpaolo Fasoli , Jean-Francois Riendeau , Michael L. H. Brouwer , Justin Henzie
IPC分类号: G06F7/04
CPC分类号: H04L63/0428 , H04L9/3234 , H04L9/3263 , H04L9/3271 , H04L63/0823 , H04L63/123 , H04L2209/56
摘要: In the computer client-server context, typically used in the Internet for communicating between a central server and user computers (clients), a method is provided for token passing which enhances security for client-server communications. The token passing is opaque, that is tokens as generated by the client and server are different and can be generated only by one or the other but can be verified by the other. This approach allows the server to remain stateless, since all state information is maintained at the client side. This operates to authenticate the client to the server and vice versa to defeat hacking attacks, that is, penetrations intended to obtain confidential information. The token as passed includes encrypted values including encrypted random numbers generated separately by the client and server, and authentication values based on the random numbers and other verification data generated using cryptographic techniques.
摘要翻译: 在计算机客户端 - 服务器上下文中,通常在因特网中用于在中央服务器和用户计算机(客户端)之间进行通信,提供了用于令牌传递的方法,其增强了客户机 - 服务器通信的安全性。 令牌传递是不透明的,即客户端和服务器生成的令牌是不同的,只能由一个或另一个生成,但可以由另一个验证。 这种方法允许服务器保持无状态,因为所有状态信息都保留在客户端。 这样做可以将客户端验证到服务器,反之亦然,以打败黑客攻击,即用于获取机密信息的渗透。 传递的令牌包括加密值,包括由客户端和服务器单独生成的加密随机数,以及基于使用加密技术生成的随机数和其他验证数据的认证值。
-
公开(公告)号:US20090279689A1
公开(公告)日:2009-11-12
申请号:US12116770
申请日:2008-05-07
CPC分类号: H04L9/3236 , H04L2209/60
摘要: Disclosed herein are systems, methods and computer readable media for performing authentication. The proposed scheme utilizes new algorithms that introduce randomness using a physical value for authentication. An exemplary method includes sharing an initial state value S(0) with a sender and a receiver, generating a sender S(t, v) based on a parameter t and an identifier v and based at least in part on the value S(0). The method includes generating a receiver S(t, v) from S(0) based on the parameter t and the identifier v wherein the parameter t is related to a physical value in authenticating the identifier v based on a comparison of the sender S(t, v) and the receiver S(t, v). The process of generating the sender S(t, v) and the receiver S(t, v) includes a random variable generated by a process such as by a random number generator, the Brownian Motion or Wiener Process. Other embodiments do not use the physical value for authentication.
摘要翻译: 本文公开了用于执行认证的系统,方法和计算机可读介质。 所提出的方案利用使用物理值引入随机性的新算法进行认证。 一种示例性方法包括与发送者和接收者共享初始状态值S(0),基于参数t和标识符v生成发送者S(t,v),并且至少部分地基于值S(0 )。 该方法包括基于参数t和标识符v从S(0)生成接收器S(t,v),其中参数t与鉴定符v的物理值有关,基于发送器S的比较( t,v)和接收机S(t,v)。 生成发送方S(t,v)和接收方S(t,v)的过程包括由诸如随机数生成器Brownian Motion或Wiener进程之类的处理生成的随机变量。 其他实施例不使用物理值进行认证。
-
公开(公告)号:US20080291999A1
公开(公告)日:2008-11-27
申请号:US11807045
申请日:2007-05-24
IPC分类号: G11B27/036
CPC分类号: H04N7/1675 , H04N21/23608 , H04N21/23614 , H04N21/23895 , H04N21/8455
摘要: Method and apparatus for marking individual video frames of an H.264/AVC standard compliant or equivalent digital video stream. Each video frame in a H.264/AVC video stream is conventionally divided into NAL units. There are typically a number of NAL units for each video frame. There is specified in the H.264/AVC standard the SEI (Supplemental Enhancement Information) type. This type includes the user data unregistered type, which can contain arbitrary data. In the present method and apparatus, an NAL unit of this type is provided at the beginning of each video frame, preceding the other NAL units associated with that video frame. The data contained in that special SEI unit is typically control information for downstream control of use of the video content. Examples of the type of control information are stream positioning data such as a video frame number; stream bit rate, such as normal, fast forward; decryption data, such as a decryption key or key derivation seed; and validation elements, such as a checksum or hash function value or signature.
摘要翻译: 用于标记H.264 / AVC标准兼容或等效数字视频流的各个视频帧的方法和装置。 H.264 / AVC视频流中的每个视频帧通常被划分成NAL个单元。 每个视频帧通常有多个NAL单元。 在H.264 / AVC标准中规定了SEI(补充增强信息)类型。 这种类型包括可以包含任意数据的用户数据未注册类型。 在本方法和装置中,这种类型的NAL单元在与该视频帧相关联的其他NAL单元之前的每个视频帧的开始处被提供。 包含在该特殊SEI单元中的数据通常是下游控制视频内容的使用的控制信息。 控制信息类型的示例是诸如视频帧号的流定位数据; 流比特率,如正常,快进; 解密数据,如解密密钥或密钥导出种子; 和验证元素,例如校验和或散列函数值或签名。
-
公开(公告)号:US20130003977A1
公开(公告)日:2013-01-03
申请号:US13474697
申请日:2012-05-17
IPC分类号: H04L9/08
摘要: Some embodiments provide an account-based DRM system for distributing content. The system includes several devices that are associated with an account and a set of DRM computers that receives a request to access a piece of content on the devices associated with the account. The DRM computer set then generates a several keys for the devices, where each particular key of each particular device allows the particular device to access the piece of content on the particular device. In some embodiments, the DRM computer set sends the content and keys to one device (e.g., a computer), which is used to distribute the content and the key(s) to the other devices associated with the account. In some embodiments, the DRM computer set individually encrypts each key in a format that is used during its transport to its associated device and during its use on this device.
摘要翻译: 一些实施例提供用于分发内容的基于帐户的DRM系统。 该系统包括与帐户相关联的若干设备和一组DRM计算机,其接收访问与该帐户相关联的设备上的一条内容的请求。 DRM计算机组然后生成用于设备的几个密钥,其中每个特定设备的每个特定密钥允许特定设备访问特定设备上的内容。 在一些实施例中,DRM计算机组将内容和密钥发送到一个设备(例如,计算机),其用于将内容和密钥分发到与该帐户相关联的其他设备。 在一些实施例中,DRM计算机集合以其在其传输到其关联设备期间以及在其在该设备上的使用期间使用的格式单独地加密每个密钥。
-
公开(公告)号:US20090279691A1
公开(公告)日:2009-11-12
申请号:US12118538
申请日:2008-05-09
IPC分类号: H04L9/28
CPC分类号: H04L9/3093 , H04L2209/08 , H04L2209/16 , H04L2209/603
摘要: A computer enabled method and apparatus for encrypting and decrypting data using a keyless transformation cryptographic technique. Data is protected using a keyless (unkeyed) complex mathematical transformation, in contrast to a traditional cryptographic algorithm using a secret key. This approach is resistant to both static analysis (hacking) performed on executable encryption/decryption code, as well as dynamic analysis performed during execution (runtime) of ciphering or deciphering. The method uses a family of asymmetric data transformations based on Galois field polynomials.
摘要翻译: 一种使用无钥匙转换加密技术加密和解密数据的计算机启用的方法和装置。 与使用秘密密钥的传统加密算法相比,使用无钥匙(无钥匙)复杂数学变换来保护数据。 这种方法对于在可执行加密/解密代码上执行的静态分析(黑客)以及在加密或解密的执行(运行时)期间执行的动态分析都是耐受的。 该方法使用基于伽罗瓦域多项式的非对称数据变换族。
-
公开(公告)号:US20070220261A1
公开(公告)日:2007-09-20
申请号:US11377082
申请日:2006-03-15
IPC分类号: H04L9/00
CPC分类号: G06F21/64
摘要: Some embodiments of the invention provide a method of verifying the integrity of digital content. At a source of the digital content, the method generates a signature for the digital content by applying a hashing function to a particular portion of the digital content, where the particular portion is less than the entire digital content. The method supplies the signature and the digital content to a device. At the device, the method applies the hashing function to the particular portion of the digital content in order to verify the supplied signature, and thereby verifies the integrity of the supplied digital content.
摘要翻译: 本发明的一些实施例提供了一种验证数字内容的完整性的方法。 在数字内容的源头上,该方法通过对数字内容的特定部分应用散列函数来生成数字内容的签名,其中特定部分小于整个数字内容。 该方法将签名和数字内容提供给设备。 在该设备中,该方法将哈希函数应用于数字内容的特定部分,以验证所提供的签名,从而验证所提供的数字内容的完整性。
-
公开(公告)号:US08364965B2
公开(公告)日:2013-01-29
申请号:US11377082
申请日:2006-03-15
IPC分类号: H04L29/06
CPC分类号: G06F21/64
摘要: Some embodiments of the invention provide a method of verifying the integrity of digital content. At a source of the digital content, the method generates a signature for the digital content by applying a hashing function to a particular portion of the digital content, where the particular portion is less than the entire digital content. The method supplies the signature and the digital content to a device. At the device, the method applies the hashing function to the particular portion of the digital content in order to verify the supplied signature, and thereby verifies the integrity of the supplied digital content.
摘要翻译: 本发明的一些实施例提供了一种验证数字内容的完整性的方法。 在数字内容的源头上,该方法通过对数字内容的特定部分应用散列函数来生成数字内容的签名,其中特定部分小于整个数字内容。 该方法将签名和数字内容提供给设备。 在该设备中,该方法将哈希函数应用于数字内容的特定部分,以验证所提供的签名,从而验证所提供的数字内容的完整性。
-
公开(公告)号:US08165286B2
公开(公告)日:2012-04-24
申请号:US12061363
申请日:2008-04-02
CPC分类号: H04L9/002 , H04L9/3066 , H04L2209/16 , H04L2209/603
摘要: Method and apparatus for increasing security of a cryptographic algorithm such as deciphering, enciphering, or a digital signature. A cryptographic algorithm and a key are provided such that a deciphering process, for instance, is partitioned between two portions. The portion of the cryptographic algorithm carried out in the first portion is implemented in a “white box” model such that it is highly secure even against an attack by the user who has full access to internal operations, code execution and memory of the user device, such as a hacker or attacker. The remaining portion of the algorithm is carried out in the second portion. Since this second portion has relaxed security constraints, its code may be implemented using a “black box” approach where its code execution may be more efficient and faster, not requiring the code obfuscation of the white box implementation in the user device. This partitioning may be achieved using a delegation protocol. The chief advantage is that even given a limited code size for the cryptographic process, the security of the system is improved by carrying out the more computationally intensive functions more efficiently in the black box portion and executing the less computationally intensive function in the white box portion.
摘要翻译: 用于提高加密算法的安全性的方法和装置,例如解密,加密或数字签名。 提供了一种加密算法和密钥,使得例如在两部分之间进行解密处理。 在第一部分中执行的加密算法的部分被实现在“白盒”模型中,使得即使对于完全访问内部操作,代码执行和用户设备的存储器的用户的攻击也是非常安全的 ,如黑客或攻击者。 算法的剩余部分在第二部分中进行。 由于该第二部分具有放松的安全约束,因此其代码可以使用“黑箱”方法来实现,其中其代码执行可能更有效和更快,而不需要用户设备中的白盒实现的代码混淆。 可以使用委托协议来实现该分区。 主要的优点是,即使给出密码过程的有限的代码大小,通过在黑盒部分中更有效地执行更多的计算密集型函数,并且在白盒部分中执行较少的计算密集型函数来提高系统的安全性 。
-
公开(公告)号:US20110317840A1
公开(公告)日:2011-12-29
申请号:US13224163
申请日:2011-09-01
IPC分类号: H04L9/00
CPC分类号: H04L9/3242 , H04L2209/24 , H04L2209/38 , H04L2209/80
摘要: Disclosed herein are systems, method and computer readable medium for providing authentication of an entity B by an entity A. In the method, entity A selects a value p, a range [a, b] and a granularity epsilon. Entity A sends p, [a, b], and epsilon to entity B. Entity B initializes a value yB=0 and for each x in {a, a+epsilon, . . . , b−epsilon, b} and computes z=E(x)*x. The function E(x) is an encryption scheme and the multiplication is carried out mod p. Entity B updates yB=yB+z. After processing each x, entity B sends yB to entity A. Entity A performs the same calculation and generates a yA value and compares yA with yB. If yB=yA, Entity A authenticate entity B. In one aspect, a light HMAC scheme splits an input x into n blocks with key expansion.
摘要翻译: 本文公开了用于由实体A提供实体B的认证的系统,方法和计算机可读介质。在该方法中,实体A选择值p,范围[a,b]和粒度ε。 实体A向实体B发送p,[a,b]和epsilon。实体B初始化值yB = 0,对于{a,a +ε, 。 。 ,b-epsilon,b}并计算z = E(x)* x。 函数E(x)是一个加密方案,并且乘法执行mod p。 实体B更新yB = yB + z。 在处理每个x之后,实体B向实体A发送yB。实体A执行相同的计算并生成yA值并将yA与yB进行比较。 如果yB = yA,则实体A认证实体B.在一个方面,轻的HMAC方案将输入x分割成具有密钥扩展的n个块。
-
10.发明申请Digital rights management system with diversified content protection process 审中-公开具有多元化内容保护过程的数字版权管理体系公开(公告)号:US20070220585A1
公开(公告)日:2007-09-20
申请号:US11366191
申请日:2006-03-01
IPC分类号: H04L9/00
CPC分类号: G06F21/10
摘要: Some embodiments of the invention provide a digital rights management (DRM) method for distributing content to users over a network. Based on a first set of diversity indicia, the method identifies a first security element for distributing a set of content to a first computer. The set of content includes one or more pieces of content. Based on a second set of diversity indicia, the method identifies a second security element for distributing the set of content to a second computer. Based on the first security element, method protects the set of content for the first computer and sends the protected set of content to the first computer through the network. Based on the second security element, the method protects the set of content for the second computer and sends the protected set of content to the second computer through the network.
摘要翻译: 本发明的一些实施例提供了一种用于通过网络向用户分发内容的数字版权管理(DRM)方法。 基于第一组分集标记,该方法识别用于将一组内容分发给第一计算机的第一安全元件。 该组内容包括一个或多个内容。 基于第二组分集标记,所述方法识别用于将所述内容集合分发给第二计算机的第二安全元件。 基于第一安全元素,方法保护第一计算机的内容集合,并通过网络将受保护的内容集合发送到第一计算机。 基于第二安全元件,该方法保护第二计算机的内容集,并通过网络将受保护的内容集合发送到第二计算机。
-
-
-
-
-
-
-
-
-
搜索结果
28 条记录 (耗时 0.014 秒)
