Certificate based authorized domains
    1.
    发明申请
    Certificate based authorized domains 审中-公开
    基于证书的授权域名

    公开(公告)号:US20060020784A1

    公开(公告)日:2006-01-26

    申请号:US10528492

    申请日:2003-09-17

    IPC分类号: H04L9/00

    摘要: The present invention relates to a method, a system and a central device for secure content distribution among devices in a network. The invention is based on the idea that an authorized domain is set up with a central device administering the network. When a device enters the network, the central device registers the entering device and issues at least one certificate to the entering device. The registration to ensure that the entering device is an authorized device, meaning that an authorized device manufacturer has provided the device. Due to network security, non-authorized devices are not accepted in the network. Content is distributed among the devices in the network based on authentication by means of the at least one certificate issued to each device. The distribution of content from a first device to a second device is enabled by the first device authenticating the second device, by means of the at least one certificate of the second device and vice versa.

    摘要翻译: 本发明涉及一种用于在网络中的设备之间进行安全内容分发的方法,系统和中央设备。 本发明基于以下思想:授权域被建立与管理网络的中央设备。 当设备进入网络时,中央设备注册输入设备,并向进入设备发出至少一个证书。 注册以确保输入设备是授权设备,这意味着授权设备制造商提供了设备。 由于网络安全,网络中不接受非授权设备。 基于通过发送给每个设备的至少一个证书的认证,在网络中的设备之间分发内容。 内容从第一设备到第二设备的分发由第一设备通过第二设备的至少一个证书认证第二设备来实现,反之亦然。

    Identification of protected content items by means of icons
    3.
    发明申请
    Identification of protected content items by means of icons 审中-公开
    通过图标识别受保护的内容项

    公开(公告)号:US20070100755A1

    公开(公告)日:2007-05-03

    申请号:US10561998

    申请日:2004-06-28

    IPC分类号: G06Q99/00

    CPC分类号: G06F21/105 G06F21/10

    摘要: When displaying display items representing a set of content items including items protected by a number of different digital rights management systems on the display of a content access system, the set of display items representing the content items includes icons associated at least with the display items for each protected content item. The icons indicate whether a respective content item is protected by a digital rights management system and, if so, which digital rights management system is employed to protect the respective content item, whether an executable digital rights management module for accessing the respective protected content item is accessible to the user, and whether the user is entitled to access the respective protected content item. The icons also serve as user controls either for accessing information regarding acquisition of, or initiating actual acquisition of, the digital rights management module, access rights, or both.

    摘要翻译: 当在内容访问系统的显示器上显示表示包括由多个不同的数字版权管理系统保护的项目的内容项的集合的显示项目时,表示内容项的显示项集合包括至少与显示项相关联的图标, 每个受保护的内容项。 图标表示相应的内容项目是否受到数字版权管理系统的保护,如果是,则使用哪个数字版权管理系统来保护相应的内容项目,用于访问相应的受保护内容项目的可执行数字版权管理模块是否为 用户可访问,以及用户是否有权访问相应的受保护内容项。 图标还用作用户控制,用于访问关于数字版权管理模块的获取或实际获取的访问权限或访问权限的信息。

    Apparatus and method for processing streams
    4.
    发明申请
    Apparatus and method for processing streams 审中-公开
    用于处理流的装置和方法

    公开(公告)号:US20060285686A1

    公开(公告)日:2006-12-21

    申请号:US10539386

    申请日:2003-12-01

    IPC分类号: H04N7/167

    摘要: For conditional access purposes a stream is used in which at least two different decryption algorithms are needed for decryption of packets that encode different interspersed parts of the same signal for (quasi-)continuous rendering (such as an audio or video signal). Information is included in the stream to indicate dynamically which decryption algorithm should be used for which packets. In this way, it is possible for example to use a more robust algorithm with a less frequently changing key and a less robust algorithm with a more frequently changing key, interspersed with one another for the same signal. Also, different algorithms may be used for transcrypted and not transcrypted-packets of the same signal for example when an alternative is needed for the original encryption algorithm that was used for the non-transcrypted packets.

    摘要翻译: 对于条件访问目的,使用流,其中需要至少两个不同的解密算法来解密编码用于(准)连续渲染(例如音频或视频信号)的相同信号的不同散置部分的分组。 信息被包括在流中以便动态地指示哪个分组应该使用哪个解密算法。 以这种方式,例如,可以使用具有频率变化较小的键的更健壮的算法和具有更频繁变化的键的较不健壮的算法,对于相同的信号彼此散布。 此外,不同的算法可以用于相同信号的加密而不是转发的分组,例如当用于非加密分组的原始加密算法需要替代方案时。

    System for authentication between devices using group certificates
    5.
    发明申请
    System for authentication between devices using group certificates 审中-公开
    使用组证书的设备之间进行身份验证的系统

    公开(公告)号:US20050257260A1

    公开(公告)日:2005-11-17

    申请号:US10517926

    申请日:2003-05-27

    摘要: In whilelist-based authentication, a first device (102) in a system (100) authenticates itself to a second device (103) using a group certificate identifying a range of non-revoked device identifiers, said range encompassing the device identifier of the first device (102). Preferably the device identifiers correspond to leaf nodes in a hierarchically ordered tree, and the group certificate identifies a node (202-207) in the tree representing a subtree in which the leaf nodes correspond to said range. The group certificate can also identify a further node (308, 310, 312) in the subtree which represents a sub-subtree in which the leaf nodes correspond to revoked device identifiers. Alternatively, the device identifiers are selected from a sequentially ordered range, and the group certificate identifies a subrange of the sequentially ordered range, said subrange encompassing the whitelisted device identifiers.

    摘要翻译: 在基于同一列表的认证中,系统(100)中的第一设备(102)使用识别非撤销设备标识符的范围的组证书向第二设备(103)认证自身,所述范围包括第一 设备(102)。 优选地,设备标识符对应于分层排序树中的叶节点,并且组证书标识树中的节点(202-207),其中叶节点对应于所述范围的子树。 组证书还可以标识子树中的另一个节点(308,310,312),其表示子节点,其中叶节点对应于撤销的设备标识符。 或者,从顺序排序的范围中选择设备标识符,并且组证书标识顺序排列的范围的子范围,所述子范围包含列入白名单的设备标识符。

    Security modules for conditional access with restrictions
    6.
    发明申请
    Security modules for conditional access with restrictions 审中-公开
    有条件访问的安全模块有限制

    公开(公告)号:US20050168323A1

    公开(公告)日:2005-08-04

    申请号:US10512120

    申请日:2003-04-22

    摘要: A system (100) comprising a plurality of interconnected devices (101-105) and being arranged to provide the devices (101-105) conditional access to protected content items, characterized in that the system (100) is arranged to restrict the number of simultaneous sessions involving said protected content items to a predetermined total limit. Preferably the system (100) restricts the number of content items that can be accessed simultaneously to the predetermined limit. Security modules (300) such as smart cards can be used for this purpose. Each security module (300) may be arranged to restrict the number of content items to which it provides access simultaneously to an individual limit which can change over time. The system restricts the sum of the individual limits to the predetermined total limit. If the limit is reached, further sessions may he refused or allowed at reduced quality level.

    摘要翻译: 一种系统(100),包括多个互连设备(101-105),并且被布置成提供所述设备(101-105)对受保护内容项的条件访问,其特征在于,所述系统(100)被布置为限制 涉及所述受保护内容项目的同时会话达到预定的总限制。 优选地,系统(100)将可以同时访问的内容项目的数量限制到预定极限。 安全模块(300)如智能卡可用于此目的。 每个安全模块(300)可以被布置为将其提供访问的内容项目的数量同时限制为可随时间改变的单个限制。 系统将各个限制的总和限制在预定的总限制。 如果达到限制,他可能会拒绝或允许进一步的会议降低质量水平。

    Transmitter and receiver for determing locale
    7.
    发明申请
    Transmitter and receiver for determing locale 审中-公开
    用于确定场所的发射机和接收机

    公开(公告)号:US20060195885A1

    公开(公告)日:2006-08-31

    申请号:US10547325

    申请日:2003-03-04

    IPC分类号: H04N7/16 H04N11/00 H04N7/00

    摘要: A transmitter (110) which transmits a signal (120) for reception by a receiving device (130). The transmitter is arranged to insert into the signal an indication of a geographical region where the signal physically can be received. Preferably the geographical region is indicated in the signal using geometrical shapes. The receiving device receives one or more signals, each of the signals carrying an indication of a respective geographical region where the respective signal physically can be received, and is arranged to determine its locale from said indications. The receiver can compute the intersection of the sets of geometrical shapes carried in the various signals it received as the geographical region it is in. Based on its determined locale the receiver can restrict access to content, if such content is restricted to certain regions.

    摘要翻译: 发射机(110),其发送用于接收设备(130)接收的信号(120)。 发射器被布置成将信号物理地接收到的地理区域的指示插入到信号中。 优选地,在使用几何形状的信号中指示地理区域。 接收设备接收一个或多个信号,每个信号携带相应地理区域的指示,其中物理上可以接收相应的信号,并且被布置成根据所述指示确定其区域。 接收机可以计算其接收的各种信号中携带的几何形状的集合作为其所在的地理区域。根据其确定的区域设置,接收者可以限制对内容的访问,如果这些内容被限制在某些区域。

    Method for authentication between devices
    8.
    发明申请
    Method for authentication between devices 审中-公开
    设备之间的认证方法

    公开(公告)号:US20050220304A1

    公开(公告)日:2005-10-06

    申请号:US10517924

    申请日:2003-05-27

    摘要: A certifying authority provides a method for whitelist-based controlling of authentication of a first device (102) in a system (100) to a second device (103). The method comprises issuing to the first device (102) a group certificate identifying a range of non-revoked device identifiers, said range encompassing the device identifier of the first device (102). Preferably the device identifiers correspond to leaf nodes in a hierarchically ordered tree, and the group certificate identifies a node (202-207) in the tree representing a subtree in which the leaf nodes correspond to said range. The group certificate can also identify a further node (308, 310, 312) in the subtree which represents a sub-subtree in which the leaf nodes correspond to revoked device identifiers. Alternatively, the device identifiers are selected from a sequentially ordered range, and the group certificate identifies a subrange of the sequentially ordered range, said subrange encompassing the whitelisted device identifiers.

    摘要翻译: 认证机构提供一种用于基于白名单的控制系统(100)中的第一设备(102)到第二设备(103)的认证的方法。 该方法包括向第一设备(102)发出识别非撤销设备标识符的范围的组证书,所述范围包含第一设备(102)的设备标识符。 优选地,设备标识符对应于分层排序树中的叶节点,并且组证书标识树中的节点(202-207),其中叶节点对应于所述范围的子树。 组证书还可以标识子树中的另一个节点(308,310,312),其表示子节点,其中叶节点对应于撤销的设备标识符。 或者,从顺序排序的范围中选择设备标识符,并且组证书标识顺序排列的范围的子范围,所述子范围包含列入白名单的设备标识符。