-
1.发明授权Method, system and program product for modifying content usage conditions during content distribution 有权用于在内容分发期间修改内容使用条件的方法,系统和程序产品公开(公告)号:US08656178B2
公开(公告)日:2014-02-18
申请号:US10125714
申请日:2002-04-18
申请人: Eric M. Foster , Jeffrey B. Lotspiech , Dalit Naor , Sigfredo I. Nin , Florian Pestoni , Wilfred E. Plouffe, Jr. , Frank A. Schaffa
发明人: Eric M. Foster , Jeffrey B. Lotspiech , Dalit Naor , Sigfredo I. Nin , Florian Pestoni , Wilfred E. Plouffe, Jr. , Frank A. Schaffa
IPC分类号: H04L9/32
CPC分类号: H04L63/10 , G06F21/10 , G06Q30/06 , G11B20/00362 , H04L63/12 , H04L2463/101
摘要: The present invention provides a method, system and program product for modifying content usage conditions during broadcast content distribution. Specifically, the present invention allows protected (e.g., encrypted, secured, etc.) content to be received along with content usage conditions, an encrypted combination of the content usage conditions and a title key (e.g., a MAC), and a key management block. Using the key management block, a key encrypting key can be determined for decrypting the combination. Once the combination is decrypted, the content usage conditions can be modified (e.g., edited, added to, etc.).
摘要翻译: 本发明提供一种用于在广播内容分发期间修改内容使用条件的方法,系统和程序产品。 具体地,本发明允许与内容使用条件,内容使用条件和标题密钥(例如,MAC)的加密组合以及密钥管理一起接收受保护(例如,加密,安全等)内容 块。 使用密钥管理块,可以确定密钥加密密钥来解密组合。 一旦组合被解密,内容使用条件可以被修改(例如,编辑,添加到等等)。
-
公开(公告)号:US08422674B2
公开(公告)日:2013-04-16
申请号:US11754667
申请日:2007-05-29
CPC分类号: G06F21/52
摘要: A method, computer program product, and data processing system for protecting sensitive program code and data (including persistently stored data) from unauthorized access. Dedicated hardware decrypts an encrypted kernel into memory for execution. When an application is to be executed, the kernel computes one or more secrets by cryptographically combining information contained in the application with secret information contained in the kernel itself. The kernel then deletes its secret information and passes the computed secrets to the application. To store data persistently in memory, the application uses one of the computed secrets to encrypt the data prior to storage. If the kernel starts another instance of the same application, the kernel (which will have been re-decrypted to restore the kernel's secrets) will compute the same one or more secrets, thus allowing the second application instance to access the data encrypted by the first application instance.
摘要翻译: 一种用于保护敏感程序代码和数据(包括永久存储的数据)的未经授权的访问的方法,计算机程序产品和数据处理系统。 专用硬件将加密的内核解密为内存以供执行。 当应用程序被执行时,内核通过将应用程序中包含的信息加密地组合在内核中包含的秘密信息来计算一个或多个秘密。 内核然后删除其秘密信息,并将计算的秘密传递给应用程序。 为了将数据永久存储在内存中,应用程序使用计算的秘密之一在存储之前对数据进行加密。 如果内核启动同一应用程序的另一个实例,内核(将被重新解密以恢复内核的秘密)将计算相同的一个或多个秘密,从而允许第二个应用程序实例访问由第一个 应用程序实例。
-
公开(公告)号:US07092527B2
公开(公告)日:2006-08-15
申请号:US10125254
申请日:2002-04-18
申请人: Eric M. Foster , Jeffrey B. Lotspiech , Florian Pestoni , Wilfred E. Plouffe, Jr. , Frank A. Schaffa
发明人: Eric M. Foster , Jeffrey B. Lotspiech , Florian Pestoni , Wilfred E. Plouffe, Jr. , Frank A. Schaffa
IPC分类号: H04L9/00
CPC分类号: G11B20/0021 , G11B20/00086 , G11B20/00188 , G11B20/00195 , G11B20/00478 , G11B20/00528 , G11B20/00536 , H04L9/0822 , H04L9/0836 , H04L9/0891 , H04L2209/601
摘要: A method, system and program product for managing a size of a key management block (KMB) during content distribution is provided. Specifically, a first KMB corresponding to a first subtree of devices is received along with content as encrypted with a title key. If a size of the first KMB exceeds a predetermined threshold, a second subtree will be created. A second KMB corresponding to the second subtree of devices will then be generated. The second KMB contains an entry revoking the entire first subtree of devices and, as such, is smaller than the first KMD. Any compliant devices from the first subtree are migrated to the second subtree.
-
4.发明授权Method and means for tetrahedron/octahedron packing and tetrahedron extraction for function approximation 失效四面体/八面体填充和四面体提取的方法和手段,用于函数近似
公开(公告)号:US5390035A
公开(公告)日:1995-02-14
申请号:US996805
申请日:1992-12-23
CPC分类号: H04N1/6058 , H04N1/6016
摘要: The invention concerns the conversion of an input color to an output color using a multi-variable function having an input domain in a first three-dimensional color space and output range in a second m-dimensional color space. The conversion from input to output color subdivides the input domain into polyhedra defined by planar grids of points connected to form a plurality of triangles. The planar grids are projected into the remaining dimension of the function domain. When an input color value is presented, the multi-variable function is used to approximate the input value by computing an approximation of the multi-variable function, which provides a value in the output range. A tetrahedron containing the input color value is extracted from the function domain. The values of the multi-variable function at the tetrahedron vertices are obtained by interpolation. The tetrahedron is subdivided into subtetrahedra. The volumes of the subtetrahedra are calculated and multiplied by the function values. The products are added together and normalized to the volume of the extracted tetrahedron to produce an approximation of the input color. The approximation is provided as the value of the output color.
摘要翻译: 本发明涉及使用具有在第一三维颜色空间中的输入域和第二m维颜色空间中的输出范围的多变量功能将输入颜色转换为输出颜色。 从输入到输出颜色的转换将输入域细分为由连接形成多个三角形的点的平面网格定义的多面体。 平面网格投影到功能域的剩余维中。 当给出输入颜色值时,多变量函数用于通过计算多变量函数的近似来近似输入值,该多变量函数在输出范围中提供一个值。 从功能域提取包含输入颜色值的四面体。 通过插值获得四面体顶点的多变量函数的值。 四面体被细分成四面体。 计算四面体的体积并乘以函数值。 将产物加在一起并归一化为提取的四面体的体积以产生输入颜色的近似值。 提供近似值作为输出颜色的值。
-
公开(公告)号:US09300465B2
公开(公告)日:2016-03-29
申请号:US12034421
申请日:2008-02-20
申请人: Eric M. Foster , Jeffrey B. Lotspiech , Florian Pestoni , Wilfred E. Plouffe, Jr. , Frank A. Schaffa
发明人: Eric M. Foster , Jeffrey B. Lotspiech , Florian Pestoni , Wilfred E. Plouffe, Jr. , Frank A. Schaffa
CPC分类号: H04L9/0822 , G11B20/0021 , G11B20/00362 , H04L9/083 , H04L9/12 , H04L63/045 , H04L2209/603 , H04L2463/101
摘要: A method and system for attaching a title key to encrypted content for synchronized transmission to, or storage by, a recipient is provided. Specifically, under the present invention, an elementary media stream is parceled into content units that each include a content packet and a header. The content packets are encrypted with one or more title keys. Once the content packets have been encrypted, the title keys are themselves encrypted with a key encrypting key. The encrypted title keys are then attached to the corresponding encrypted content packets for synchronized transmission to a recipient.
-
公开(公告)号:US08433927B2
公开(公告)日:2013-04-30
申请号:US11754678
申请日:2007-05-29
CPC分类号: G06F12/1458 , G06F21/51 , G06F21/572 , G06F21/74
摘要: A method, computer program product, and data processing system are disclosed for protecting sensitive program code (and also data) from unauthorized access in a memory space not subject to protection fault detection. In a preferred embodiment, secure initialization hardware loads the sensitive code from a storage location accessible only to the secure initialization hardware itself and decrypts the sensitive code into a portion of the processor-accessible memory space, from which the code is executed. Once execution of the sensitive code has completed, all or at least a portion of the code is deleted before passing control to application software. If the application software needs to cause the sensitive code to be executed, the secure initialization hardware is activated to reload/decrypt a fresh copy of the sensitive code into the memory space and cause the code to be executed. Before control is returned to the application software, the sensitive code is again deleted to prevent unauthorized access.
摘要翻译: 公开了一种方法,计算机程序产品和数据处理系统,用于在不受保护故障检测的存储器空间中保护敏感程序代码(以及数据)免于未经授权的访问。 在优选实施例中,安全初始化硬件将敏感代码从仅可访问安全初始化硬件本身的存储位置加载,并将敏感代码解密为可执行代码的处理器可访问存储器空间的一部分。 一旦敏感代码的执行完成,则在将控制传递给应用软件之前,所有或至少一部分代码被删除。 如果应用软件需要执行敏感代码,则激活安全初始化硬件,将敏感代码的新鲜副本重新加载/解密到存储器空间中,并使代码被执行。 在控制返回到应用软件之前,敏感代码将被重新删除,以防止未经授权的访问。
-
公开(公告)号:US20080298581A1
公开(公告)日:2008-12-04
申请号:US11754667
申请日:2007-05-29
IPC分类号: H04L9/00
CPC分类号: G06F21/52
摘要: A method, computer program product, and data processing system for protecting sensitive program code and data (including persistently stored data) from unauthorized access are disclosed. Dedicated hardware decrypts an encrypted kernel into memory for execution. When an application is to be executed, the kernel computes one or more secrets by cryptographically combining information contained in the application with secret information contained in the kernel itself. The kernel then deletes its secret information and passes the computed secrets to the application. To store data persistently in memory, the application uses one of the computed secrets to encrypt the data prior to storage. If the kernel starts another instance of the same application, the kernel (which will have been re-decrypted to restore the kernel's secrets) will compute the same one or more secrets, thus allowing the second application instance to access the data encrypted by the first application instance.
摘要翻译: 公开了一种用于保护敏感程序代码和数据(包括永久存储的数据)从未经授权的访问的方法,计算机程序产品和数据处理系统。 专用硬件将加密的内核解密为内存以供执行。 当应用程序被执行时,内核通过将应用程序中包含的信息加密地组合在内核中包含的秘密信息来计算一个或多个秘密。 内核然后删除其秘密信息,并将计算的秘密传递给应用程序。 为了将数据永久存储在内存中,应用程序使用计算的秘密之一在存储之前对数据进行加密。 如果内核启动同一应用程序的另一个实例,内核(将被重新解密以恢复内核的秘密)将计算相同的一个或多个秘密,从而允许第二个应用程序实例访问由第一个 应用程序实例。
-
公开(公告)号:US07886162B2
公开(公告)日:2011-02-08
申请号:US11754649
申请日:2007-05-29
CPC分类号: G06F12/1458 , G06F21/52 , G06F21/575 , G06F21/79 , G06F2221/2143
摘要: A method, computer program product, and data processing system for executing larger-than-physical-memory applications while protecting sensitive program code (and also data) from unauthorized access in a memory space not subject to protection fault or page fault detection are disclosed. Large applications are accommodated by providing a mechanism for secure program overlays, in which a single large application is broken into two or more smaller applications (overlays) that can be executed from the same memory space by overwriting one of the smaller applications with another of the smaller applications when the latter needs to be executed. So that the data may be shared among these smaller applications, each of the applications contains embedded cryptographic keys, which may be used to encrypt or decrypt information to be stored persistently while control is transferred from one application to the other.
摘要翻译: 公开了一种用于执行大于物理存储器应用的方法,计算机程序产品和数据处理系统,同时在不受保护故障或页面故障检测的存储器空间中保护敏感程序代码(以及数据)以防未经授权的访问。 通过提供用于安全程序覆盖的机制来容纳大的应用程序,其中单个大型应用程序被分解成可以从相同存储器空间执行的两个或更多个更小的应用程序(覆盖层),通过用另一个 较小的应用程序,当后者需要执行。 为了使数据可以在这些较小的应用程序之间共享,每个应用程序都包含嵌入式加密密钥,这些密钥可用于加密或解密持续存储的信息,同时控制从一个应用程序传输到另一个应用程序。
-
公开(公告)号:US20080301440A1
公开(公告)日:2008-12-04
申请号:US11754658
申请日:2007-05-29
IPC分类号: H04L9/00
CPC分类号: G06F21/575 , G06F21/51 , G06F2221/2143
摘要: A method, computer program product, and data processing system for providing an updateable encrypted operating kernel are disclosed. In a preferred embodiment, secure initialization hardware decrypts a minimal secure kernel containing sensitive portions of data and/or code into a portion of the processor-accessible memory space, from which the kernel is executed. Most system software functions are not directly supported by the secure kernel but are provided by dynamically loaded kernel extensions that are encrypted with a public key so that they can only be decrypted with a private key possessed by the secure kernel. The public/private key pair is processor-specific. Before passing control to a kernel extension the secure kernel deletes a subset of its sensitive portions, retaining only those sensitive portions needed to perform the task(s) delegated to the kernel extension. Which sensitive portions are retained is determined by a cryptographic key with which the kernel extension is signed.
摘要翻译: 公开了一种用于提供可更新的加密操作内核的方法,计算机程序产品和数据处理系统。 在优选实施例中,安全初始化硬件将包含敏感部分的数据和/或代码的最小安全内核解密成可执行内核的处理器可访问存储器空间的一部分。 大多数系统软件功能并不直接得到安全内核的支持,而是由使用公钥加密的动态加载内核扩展提供,以便只能使用安全内核拥有的私有密钥进行解密。 公钥/私钥对是处理器特定的。 在将控件传递给内核扩展之前,安全内核将删除其敏感部分的一个子集,只保留执行委托给内核扩展的任务所需的敏感部分。 保留哪些敏感部分由内核扩展名与之签名的加密密钥确定。
-
10.发明授权Method, system and program product for attaching a title key to encrypted content for synchronized transmission to a recipient 有权用于将标题密钥附加到加密内容以用于同步发送到接收者的方法,系统和程序产品公开(公告)号:US07356147B2
公开(公告)日:2008-04-08
申请号:US10124873
申请日:2002-04-18
申请人: Eric M. Foster , Jeffrey B. Lotspiech , Florian Pestoni , Wilfred E. Plouffe, Jr. , Frank A. Schaffa
发明人: Eric M. Foster , Jeffrey B. Lotspiech , Florian Pestoni , Wilfred E. Plouffe, Jr. , Frank A. Schaffa
CPC分类号: H04L9/0822 , G11B20/0021 , G11B20/00362 , H04L9/083 , H04L9/12 , H04L63/045 , H04L2209/603 , H04L2463/101
摘要: A method and system for attaching a title key to encrypted content for synchronized transmission to, or storage by, a recipient is provided. Specifically, under the present invention, an elementary media stream is parceled into content units that each include a content packet and a header. The content packets are encrypted with one or more title keys. Once the content packets have been encrypted, the title keys are themselves encrypted with a key encrypting key. The encrypted title keys are then attached to the corresponding encrypted content packets for synchronized transmission to a recipient.
摘要翻译: 提供了一种用于将标题密钥附加到加密内容以用于同步发送到或由接收者存储的方法和系统。 具体地说,在本发明中,将基本媒体流分解成各自包含内容分组和头部的内容单元。 内容分组用一个或多个标题密钥加密。 一旦内容分组被加密,标题密钥本身就用密钥加密密钥加密。 然后将加密的标题密钥附加到相应的加密内容分组,以便同步发送给接收方。
-
-
-
-
-
-
-
-
-
搜索结果
19 条记录 (耗时 0.016 秒)
