-
公开(公告)号:US08589674B2
公开(公告)日:2013-11-19
申请号:US13350072
申请日:2012-01-13
IPC分类号: H04L9/00
CPC分类号: H04L9/0891 , H04L9/12 , H04L9/3268
摘要: In one embodiment, a method includes receiving a revocation request for revoking a model type of a device. A first computing device determines a list of device unit identifiers (UIDs) that are associated with the model type from a database. The device UIDs are for devices of the model type manufactured by a first entity. The method adds the list of device UIDs to a device revocation list and outputs the device revocation list to revoke a validity of secure information associated with devices associated with the list of device UIDs.
摘要翻译: 在一个实施例中,一种方法包括接收用于撤销设备的模型类型的吊销请求。 第一计算设备确定与数据库中的模型类型相关联的设备单元标识符(UID)的列表。 设备UID用于由第一实体制造的型号类型的设备。 该方法将设备UID的列表添加到设备撤销列表,并输出设备撤销列表以撤销与设备UID列表相关联的设备相关联的安全信息的有效性。
-
公开(公告)号:US20130185551A1
公开(公告)日:2013-07-18
申请号:US13350072
申请日:2012-01-13
IPC分类号: H04L29/06
CPC分类号: H04L9/0891 , H04L9/12 , H04L9/3268
摘要: In one embodiment, a method includes receiving a revocation request for revoking a model type of a device. A first computing device determines a list of device unit identifiers (UIDs) that are associated with the model type from a database. The device UIDs are for devices of the model type manufactured by a first entity. The method adds the list of device UIDs to a device revocation list and outputs the device revocation list to revoke a validity of secure information associated with devices associated with the list of device UIDs.
摘要翻译: 在一个实施例中,一种方法包括接收用于撤销设备的模型类型的吊销请求。 第一计算设备确定与数据库中的模型类型相关联的设备单元标识符(UID)的列表。 设备UID用于由第一实体制造的型号类型的设备。 该方法将设备UID的列表添加到设备撤销列表,并输出设备撤销列表以撤销与设备UID列表相关联的设备相关联的安全信息的有效性。
-
公开(公告)号:US08321663B2
公开(公告)日:2012-11-27
申请号:US12650943
申请日:2009-12-31
IPC分类号: H04L9/00
CPC分类号: H04L9/3263 , H04L9/3247 , H04L63/0823 , H04L63/162 , H04L2209/60 , H04L2209/80 , H04W12/06
摘要: A method is provided for enhancing security of a communication session between first and second endpoints which employs a key management protocol. The method includes sending a first message to a first end point over a communications network requesting a secure communication session therewith. The message includes an identity of a second end point requesting the authenticated communication session. A digital certificate is received from the first endpoint over the communications network. The digital certificate is issued by a certifying source verifying information contained in the digital certificate. The digital certificate includes a plurality of fields, one or more of which are transformed in accordance with a transformation algorithm. A reverse transform is applied to the one or more transformed fields to obtain the one or more fields. The digital certificate is validated and a second message is sent to the first endpoint indicating that validation is complete.
摘要翻译: 提供了一种用于增强使用密钥管理协议的第一和第二端点之间的通信会话的安全性的方法。 该方法包括通过通信网络向第一终端发送请求与其的安全通信会话的第一消息。 该消息包括请求认证通信会话的第二端点的标识。 通过通信网络从第一端点接收数字证书。 数字证书由认证来源验证数字证书中包含的信息。 数字证书包括多个字段,其中一个或多个字段根据变换算法进行变换。 对一个或多个变换字段应用反向变换以获得一个或多个字段。 验证数字证书,并将第二个消息发送到第一个端点,表示验证完成。
-
公开(公告)号:US20110161661A1
公开(公告)日:2011-06-30
申请号:US12650943
申请日:2009-12-31
CPC分类号: H04L9/3263 , H04L9/3247 , H04L63/0823 , H04L63/162 , H04L2209/60 , H04L2209/80 , H04W12/06
摘要: A method is provided for enhancing security of a communication session between first and second endpoints which employs a key management protocol. The method includes sending a first message to a first end point over a communications network requesting a secure communication session therewith. The message includes an identity of a second end point requesting the authenticated communication session. A digital certificate is received from the first endpoint over the communications network. The digital certificate is issued by a certifying source verifying information contained in the digital certificate. The digital certificate includes a plurality of fields, one or more of which are transformed in accordance with a transformation algorithm. A reverse transform is applied to the one or more transformed fields to obtain the one or more fields. The digital certificate is validated and a second message is sent to the first endpoint indicating that validation is complete.
摘要翻译: 提供了一种用于增强使用密钥管理协议的第一和第二端点之间的通信会话的安全性的方法。 该方法包括通过通信网络向第一终端发送请求与其的安全通信会话的第一消息。 该消息包括请求认证通信会话的第二端点的标识。 通过通信网络从第一端点接收数字证书。 数字证书由认证来源验证数字证书中包含的信息。 数字证书包括多个字段,其中一个或多个字段根据变换算法进行变换。 对一个或多个变换字段应用反向变换以获得一个或多个字段。 验证数字证书,并将第二个消息发送到第一个端点,表示验证完成。
-
公开(公告)号:US08997252B2
公开(公告)日:2015-03-31
申请号:US12794305
申请日:2010-06-04
CPC分类号: H04L63/06 , G06F21/10 , G06F21/33 , G06F2221/2105 , G06F2221/2145 , H04L63/0823 , H04L63/20 , H04L2463/101
摘要: A conditional access system (CAS) computer in a downloadable CAS receives a downloadable management certificate (DMC) and determines, using the DMC, security information including a DMC key size and an expiration time of a DMC subordinate certificate authority (sub-CA) certificate, for the client device. The CAS computer then determines whether the DMC is valid based on the expiration time of the DMC sub-CA certificate. If the DMC is determined to be valid, the CAS server sends a cryptographic identity for the client device and a CAS client to the client device protected using the DMC. At a later time, if the DMC key size is considered to be still sufficiently secure, the validity of the DMC is extended by issuing a new DMC sub-CA certificate with the same public key as the original DMC sub-CA certificate.
摘要翻译: 可下载的CAS中的条件访问系统(CAS)计算机接收可下载的管理证书(DMC),并使用DMC确定包括DMC下属认证机构(子CA)证书的DMC密钥大小和到期时间的安全信息 ,用于客户端设备。 CAS计算机然后根据DMC子CA证书的到期时间确定DMC是否有效。 如果DMC确定为有效,CAS服务器将客户端设备和CAS客户端的加密身份发送到使用DMC保护的客户端设备。 稍后,如果DMC密钥大小被认为仍然足够安全,则DMC的有效性通过发布与DMC DMC-CA认证相同的公钥的新的DMC子CA证书来扩展。
-
公开(公告)号:US20120042160A1
公开(公告)日:2012-02-16
申请号:US13207394
申请日:2011-08-10
CPC分类号: H04L63/0884 , H04L9/0844 , H04L9/321 , H04L9/3271 , H04L63/067 , H04L63/0892 , H04L63/105 , H04L63/166
摘要: A method of authentication and authorization over a communications system is provided. Disclosed herein are systems and methods for creating a cryptographic evidence, called authentication/authorization evidence, AE, when a successful authentication/authorization between a client and an authentication server is complete. There are a variety of methods for generating AE. For instance, the AE can be data that is exchanged during the authentication signaling or data that results from it. A distinctive point being that AE results from the authentication process and is used as prior state for the following TLS exchange. An example for creation of AE, is as follows: EAP authentications typically result in an Extended Master Session Key (EMSK). The EMSK can be used to create an Evidence Master Key (EMK) that can then be used to create AE for a variety of servers.
摘要翻译: 提供了一种通信系统的认证和授权方法。 本文公开了当客户端和认证服务器之间的成功认证/授权完成时,用于创建加密证据的系统和方法,称为认证/授权证据。 有多种生成AE的方法。 例如,AE可以是在认证信令期间交换的数据或由其产生的数据。 一个独特之处在于,AE来自认证过程,并被用作以下TLS交换的先前状态。 创建AE的示例如下:EAP认证通常导致扩展主会话密钥(EMSK)。 EMSK可用于创建证据主密钥(EMK),然后可用于为各种服务器创建AE。
-
公开(公告)号:US20100215171A1
公开(公告)日:2010-08-26
申请号:US12708171
申请日:2010-02-18
IPC分类号: H04K1/00
CPC分类号: H04L9/088 , H04L2209/60
摘要: In a method for testing a transport packet decrypting module of a client device, a first decryption operation of the transport packet decrypting module is implemented on a test encrypted control word using a content decryption key ladder to derive a test control word, a second decryption operation of the transport packet decrypting module is implemented on one or more test transport packets using the test control word via a predetermined content decryption algorithm, the KIV is derived from the decrypted transport packets, and the derived KIV is compared with a value stored in the client device to verify whether the transport packet decrypting module of the client device is functioning properly.
摘要翻译: 在一种用于测试客户端设备的传输分组解密模块的方法中,使用内容解密密钥梯形图在测试加密控制字上实现传输分组解密模块的第一解密操作,以导出测试控制字,第二解密操作 的传输分组解密模块通过预定的内容解密算法使用测试控制字在一个或多个测试传输分组上实现,从解密的传输分组导出KIV,并将导出的KIV与存储在客户端中的值进行比较 设备来验证客户端设备的传输分组解密模块是否正常工作。
-
公开(公告)号:US20100313014A1
公开(公告)日:2010-12-09
申请号:US12794305
申请日:2010-06-04
CPC分类号: H04L63/06 , G06F21/10 , G06F21/33 , G06F2221/2105 , G06F2221/2145 , H04L63/0823 , H04L63/20 , H04L2463/101
摘要: A conditional access system (CAS) computer in a downloadable CAS receives a downloadable management certificate (DMC) and determines, using the DMC, security information including a DMC key size and an expiration time of a DMC subordinate certificate authority (sub-CA) certificate, for the client device. The CAS computer then determines whether the DMC is valid based on the expiration time of the DMC sub-CA certificate. If the DMC is determined to be valid, the CAS server sends a cryptographic identity for the client device and a CAS client to the client device protected using the DMC. At a later time, if the DMC key size is considered to be still sufficiently secure, the validity of the DMC is extended by issuing a new DMC sub-CA certificate with the same public key as the original DMC sub-CA certificate.
摘要翻译: 可下载的CAS中的条件访问系统(CAS)计算机接收可下载的管理证书(DMC),并使用DMC确定包括DMC下属认证机构(子CA)证书的DMC密钥大小和到期时间的安全信息 ,用于客户端设备。 CAS计算机然后根据DMC子CA证书的到期时间确定DMC是否有效。 如果DMC确定为有效,CAS服务器将客户端设备和CAS客户端的加密身份发送到使用DMC保护的客户端设备。 稍后,如果DMC密钥大小被认为仍然足够安全,则DMC的有效性通过发布与DMC DMC-CA认证相同的公钥的新的DMC子CA证书来扩展。
-
公开(公告)号:US09184917B2
公开(公告)日:2015-11-10
申请号:US13170261
申请日:2011-06-28
CPC分类号: H04L9/3247 , G06F21/10 , H04L9/3265 , H04L63/123 , H04L2209/603 , H04L2463/101
摘要: A client, method and system for registering a DRM client is disclosed. The method (100) includes the steps of: initiating (110) a registration request via a DRM client with an encrypted registration message including an asymmetric key cryptographic identity, a customer identifier and an application specific information (AINFO) field including a digital signature and a device certificate chain; validating (120) information in the application specific information (AINFO) field by a DRM registration server; and receiving (130) a registration response, the registration response being encrypted and including access information, to obtain content. Advantageously, this method provides an enhanced and reliable means of authentication.
摘要翻译: 公开了用于注册DRM客户端的客户端,方法和系统。 所述方法(100)包括以下步骤:通过DRM客户端发起(110)注册请求,所述注册请求具有加密的注册消息,所述加密的注册消息包括非对称密钥加密标识,客户标识符和包括数字签名的应用专用信息(AINFO) 设备证书链; 通过DRM注册服务器验证应用程序特定信息(AINFO)字段中的信息(120); 并且接收(130)注册响应,所述注册响应被加密并包括访问信息,以获得内容。 有利地,该方法提供了增强和可靠的认证手段。
-
公开(公告)号:US08856509B2
公开(公告)日:2014-10-07
申请号:US13207394
申请日:2011-08-10
CPC分类号: H04L63/0884 , H04L9/0844 , H04L9/321 , H04L9/3271 , H04L63/067 , H04L63/0892 , H04L63/105 , H04L63/166
摘要: A method of authentication and authorization over a communications system is provided. Disclosed herein are systems and methods for creating a cryptographic evidence, called authentication/authorization evidence, AE, when a successful authentication/authorization between a client and an authentication server is complete. There are a variety of methods for generating AE. For instance, the AE can be data that is exchanged during the authentication signaling or data that results from it. A distinctive point being that AE results from the authentication process and is used as prior state for the following TLS exchange. An example for creation of AE, is as follows: EAP authentications typically result in an Extended Master Session Key (EMSK). The EMSK can be used to create an Evidence Master Key (EMK) that can then be used to create AE for a variety of servers.
摘要翻译: 提供了一种通信系统的认证和授权方法。 本文公开了当客户端和认证服务器之间的成功认证/授权完成时,用于创建加密证据的系统和方法,称为认证/授权证据。 有多种生成AE的方法。 例如,AE可以是在认证信令期间交换的数据或由其产生的数据。 一个独特之处在于,AE来自认证过程,并被用作以下TLS交换的先前状态。 创建AE的示例如下:EAP认证通常导致扩展主会话密钥(EMSK)。 EMSK可用于创建证据主密钥(EMK),然后可用于为各种服务器创建AE。
-
-
-
-
-
-
-
-
-
搜索结果
53 条记录 (耗时 0.022 秒)
