-
公开(公告)号:US20120303951A1
公开(公告)日:2012-11-29
申请号:US13170261
申请日:2011-06-28
IPC分类号: H04L9/32
CPC分类号: H04L9/3247 , G06F21/10 , H04L9/3265 , H04L63/123 , H04L2209/603 , H04L2463/101
摘要: A client, method and system for registering a DRM client is disclosed. The method (100) includes the steps of: initiating (110) a registration request via a DRM client with an encrypted registration message including an asymmetric key cryptographic identity, a customer identifier and an application specific information (AINFO) field including a digital signature and a device certificate chain; validating (120) information in the application specific information (AINFO) field by a DRM registration server; and receiving (130) a registration response, the registration response being encrypted and including access information, to obtain content. Advantageously, this method provides an enhanced and reliable means of authentication.
摘要翻译: 公开了用于注册DRM客户端的客户端,方法和系统。 所述方法(100)包括以下步骤:通过DRM客户端发起(110)注册请求,所述注册请求具有加密的注册消息,所述加密的注册消息包括非对称密钥加密标识,客户标识符和包括数字签名的应用专用信息(AINFO) 设备证书链; 通过DRM注册服务器验证应用程序特定信息(AINFO)字段中的信息(120); 并且接收(130)注册响应,所述注册响应被加密并包括访问信息,以获得内容。 有利地,该方法提供了增强和可靠的认证手段。
-
公开(公告)号:US09184917B2
公开(公告)日:2015-11-10
申请号:US13170261
申请日:2011-06-28
CPC分类号: H04L9/3247 , G06F21/10 , H04L9/3265 , H04L63/123 , H04L2209/603 , H04L2463/101
摘要: A client, method and system for registering a DRM client is disclosed. The method (100) includes the steps of: initiating (110) a registration request via a DRM client with an encrypted registration message including an asymmetric key cryptographic identity, a customer identifier and an application specific information (AINFO) field including a digital signature and a device certificate chain; validating (120) information in the application specific information (AINFO) field by a DRM registration server; and receiving (130) a registration response, the registration response being encrypted and including access information, to obtain content. Advantageously, this method provides an enhanced and reliable means of authentication.
摘要翻译: 公开了用于注册DRM客户端的客户端,方法和系统。 所述方法(100)包括以下步骤:通过DRM客户端发起(110)注册请求,所述注册请求具有加密的注册消息,所述加密的注册消息包括非对称密钥加密标识,客户标识符和包括数字签名的应用专用信息(AINFO) 设备证书链; 通过DRM注册服务器验证应用程序特定信息(AINFO)字段中的信息(120); 并且接收(130)注册响应,所述注册响应被加密并包括访问信息,以获得内容。 有利地,该方法提供了增强和可靠的认证手段。
-
公开(公告)号:US08997252B2
公开(公告)日:2015-03-31
申请号:US12794305
申请日:2010-06-04
CPC分类号: H04L63/06 , G06F21/10 , G06F21/33 , G06F2221/2105 , G06F2221/2145 , H04L63/0823 , H04L63/20 , H04L2463/101
摘要: A conditional access system (CAS) computer in a downloadable CAS receives a downloadable management certificate (DMC) and determines, using the DMC, security information including a DMC key size and an expiration time of a DMC subordinate certificate authority (sub-CA) certificate, for the client device. The CAS computer then determines whether the DMC is valid based on the expiration time of the DMC sub-CA certificate. If the DMC is determined to be valid, the CAS server sends a cryptographic identity for the client device and a CAS client to the client device protected using the DMC. At a later time, if the DMC key size is considered to be still sufficiently secure, the validity of the DMC is extended by issuing a new DMC sub-CA certificate with the same public key as the original DMC sub-CA certificate.
摘要翻译: 可下载的CAS中的条件访问系统(CAS)计算机接收可下载的管理证书(DMC),并使用DMC确定包括DMC下属认证机构(子CA)证书的DMC密钥大小和到期时间的安全信息 ,用于客户端设备。 CAS计算机然后根据DMC子CA证书的到期时间确定DMC是否有效。 如果DMC确定为有效,CAS服务器将客户端设备和CAS客户端的加密身份发送到使用DMC保护的客户端设备。 稍后,如果DMC密钥大小被认为仍然足够安全,则DMC的有效性通过发布与DMC DMC-CA认证相同的公钥的新的DMC子CA证书来扩展。
-
公开(公告)号:US20120042160A1
公开(公告)日:2012-02-16
申请号:US13207394
申请日:2011-08-10
CPC分类号: H04L63/0884 , H04L9/0844 , H04L9/321 , H04L9/3271 , H04L63/067 , H04L63/0892 , H04L63/105 , H04L63/166
摘要: A method of authentication and authorization over a communications system is provided. Disclosed herein are systems and methods for creating a cryptographic evidence, called authentication/authorization evidence, AE, when a successful authentication/authorization between a client and an authentication server is complete. There are a variety of methods for generating AE. For instance, the AE can be data that is exchanged during the authentication signaling or data that results from it. A distinctive point being that AE results from the authentication process and is used as prior state for the following TLS exchange. An example for creation of AE, is as follows: EAP authentications typically result in an Extended Master Session Key (EMSK). The EMSK can be used to create an Evidence Master Key (EMK) that can then be used to create AE for a variety of servers.
摘要翻译: 提供了一种通信系统的认证和授权方法。 本文公开了当客户端和认证服务器之间的成功认证/授权完成时,用于创建加密证据的系统和方法,称为认证/授权证据。 有多种生成AE的方法。 例如,AE可以是在认证信令期间交换的数据或由其产生的数据。 一个独特之处在于,AE来自认证过程,并被用作以下TLS交换的先前状态。 创建AE的示例如下:EAP认证通常导致扩展主会话密钥(EMSK)。 EMSK可用于创建证据主密钥(EMK),然后可用于为各种服务器创建AE。
-
公开(公告)号:US08589674B2
公开(公告)日:2013-11-19
申请号:US13350072
申请日:2012-01-13
IPC分类号: H04L9/00
CPC分类号: H04L9/0891 , H04L9/12 , H04L9/3268
摘要: In one embodiment, a method includes receiving a revocation request for revoking a model type of a device. A first computing device determines a list of device unit identifiers (UIDs) that are associated with the model type from a database. The device UIDs are for devices of the model type manufactured by a first entity. The method adds the list of device UIDs to a device revocation list and outputs the device revocation list to revoke a validity of secure information associated with devices associated with the list of device UIDs.
摘要翻译: 在一个实施例中,一种方法包括接收用于撤销设备的模型类型的吊销请求。 第一计算设备确定与数据库中的模型类型相关联的设备单元标识符(UID)的列表。 设备UID用于由第一实体制造的型号类型的设备。 该方法将设备UID的列表添加到设备撤销列表,并输出设备撤销列表以撤销与设备UID列表相关联的设备相关联的安全信息的有效性。
-
公开(公告)号:US20100215171A1
公开(公告)日:2010-08-26
申请号:US12708171
申请日:2010-02-18
IPC分类号: H04K1/00
CPC分类号: H04L9/088 , H04L2209/60
摘要: In a method for testing a transport packet decrypting module of a client device, a first decryption operation of the transport packet decrypting module is implemented on a test encrypted control word using a content decryption key ladder to derive a test control word, a second decryption operation of the transport packet decrypting module is implemented on one or more test transport packets using the test control word via a predetermined content decryption algorithm, the KIV is derived from the decrypted transport packets, and the derived KIV is compared with a value stored in the client device to verify whether the transport packet decrypting module of the client device is functioning properly.
摘要翻译: 在一种用于测试客户端设备的传输分组解密模块的方法中,使用内容解密密钥梯形图在测试加密控制字上实现传输分组解密模块的第一解密操作,以导出测试控制字,第二解密操作 的传输分组解密模块通过预定的内容解密算法使用测试控制字在一个或多个测试传输分组上实现,从解密的传输分组导出KIV,并将导出的KIV与存储在客户端中的值进行比较 设备来验证客户端设备的传输分组解密模块是否正常工作。
-
公开(公告)号:US20130185551A1
公开(公告)日:2013-07-18
申请号:US13350072
申请日:2012-01-13
IPC分类号: H04L29/06
CPC分类号: H04L9/0891 , H04L9/12 , H04L9/3268
摘要: In one embodiment, a method includes receiving a revocation request for revoking a model type of a device. A first computing device determines a list of device unit identifiers (UIDs) that are associated with the model type from a database. The device UIDs are for devices of the model type manufactured by a first entity. The method adds the list of device UIDs to a device revocation list and outputs the device revocation list to revoke a validity of secure information associated with devices associated with the list of device UIDs.
摘要翻译: 在一个实施例中,一种方法包括接收用于撤销设备的模型类型的吊销请求。 第一计算设备确定与数据库中的模型类型相关联的设备单元标识符(UID)的列表。 设备UID用于由第一实体制造的型号类型的设备。 该方法将设备UID的列表添加到设备撤销列表,并输出设备撤销列表以撤销与设备UID列表相关联的设备相关联的安全信息的有效性。
-
公开(公告)号:US20100313014A1
公开(公告)日:2010-12-09
申请号:US12794305
申请日:2010-06-04
CPC分类号: H04L63/06 , G06F21/10 , G06F21/33 , G06F2221/2105 , G06F2221/2145 , H04L63/0823 , H04L63/20 , H04L2463/101
摘要: A conditional access system (CAS) computer in a downloadable CAS receives a downloadable management certificate (DMC) and determines, using the DMC, security information including a DMC key size and an expiration time of a DMC subordinate certificate authority (sub-CA) certificate, for the client device. The CAS computer then determines whether the DMC is valid based on the expiration time of the DMC sub-CA certificate. If the DMC is determined to be valid, the CAS server sends a cryptographic identity for the client device and a CAS client to the client device protected using the DMC. At a later time, if the DMC key size is considered to be still sufficiently secure, the validity of the DMC is extended by issuing a new DMC sub-CA certificate with the same public key as the original DMC sub-CA certificate.
摘要翻译: 可下载的CAS中的条件访问系统(CAS)计算机接收可下载的管理证书(DMC),并使用DMC确定包括DMC下属认证机构(子CA)证书的DMC密钥大小和到期时间的安全信息 ,用于客户端设备。 CAS计算机然后根据DMC子CA证书的到期时间确定DMC是否有效。 如果DMC确定为有效,CAS服务器将客户端设备和CAS客户端的加密身份发送到使用DMC保护的客户端设备。 稍后,如果DMC密钥大小被认为仍然足够安全,则DMC的有效性通过发布与DMC DMC-CA认证相同的公钥的新的DMC子CA证书来扩展。
-
公开(公告)号:US08856509B2
公开(公告)日:2014-10-07
申请号:US13207394
申请日:2011-08-10
CPC分类号: H04L63/0884 , H04L9/0844 , H04L9/321 , H04L9/3271 , H04L63/067 , H04L63/0892 , H04L63/105 , H04L63/166
摘要: A method of authentication and authorization over a communications system is provided. Disclosed herein are systems and methods for creating a cryptographic evidence, called authentication/authorization evidence, AE, when a successful authentication/authorization between a client and an authentication server is complete. There are a variety of methods for generating AE. For instance, the AE can be data that is exchanged during the authentication signaling or data that results from it. A distinctive point being that AE results from the authentication process and is used as prior state for the following TLS exchange. An example for creation of AE, is as follows: EAP authentications typically result in an Extended Master Session Key (EMSK). The EMSK can be used to create an Evidence Master Key (EMK) that can then be used to create AE for a variety of servers.
摘要翻译: 提供了一种通信系统的认证和授权方法。 本文公开了当客户端和认证服务器之间的成功认证/授权完成时,用于创建加密证据的系统和方法,称为认证/授权证据。 有多种生成AE的方法。 例如,AE可以是在认证信令期间交换的数据或由其产生的数据。 一个独特之处在于,AE来自认证过程,并被用作以下TLS交换的先前状态。 创建AE的示例如下:EAP认证通常导致扩展主会话密钥(EMSK)。 EMSK可用于创建证据主密钥(EMK),然后可用于为各种服务器创建AE。
-
公开(公告)号:US20140029747A1
公开(公告)日:2014-01-30
申请号:US13557595
申请日:2012-07-25
IPC分类号: G06F21/24
CPC分类号: H04N21/440218 , H04N21/4405 , H04N21/4408 , H04N21/4627
摘要: A system is provided for use with secure content in a first format. The system includes a conditional access device, a transcoding device and a media processor. The conditional access device is operable to receive the secure content and can generate a second secure content based on the secure content. The conditional access device can further provide the second secure content to the transcoding device. The transcoding device can transcode the second secure content into transcoded content of a second format, can secure the transcoded content as secure transcoded content and can provide the secure transcoded content to the media processor
摘要翻译: 提供了以第一格式用于安全内容的系统。 该系统包括条件访问设备,代码转换设备和媒体处理器。 条件访问设备可操作以接收安全内容,并且可以基于安全内容生成第二安全内容。 条件访问设备还可以向代码转换设备提供第二安全内容。 代码转换设备可以将第二安全内容转码为第二格式的经转码的内容,可以将转码的内容保护为安全代码转换的内容,并且可以将安全的代码转换的内容提供给媒体处理器
-
-
-
-
-
-
-
-
-
搜索结果
53 条记录 (耗时 0.028 秒)
