公开(公告)号：US08196214B2

公开(公告)日：2012-06-05

申请号：US12002098

申请日：2007-12-14

申请人： Augustin J. Farrugia ,  Gianpaolo Fasoli ,  Mathieu Ciet ,  Bertrand Mollinier Toublet

发明人： Augustin J. Farrugia ,  Gianpaolo Fasoli ,  Mathieu Ciet ,  Bertrand Mollinier Toublet

IPC分类号： G06F21/00

CPC分类号： H04L63/062 ,  G06F21/10 ,  H04L9/0827 ,  H04L9/0891 ,  H04L63/123 ,  H04L2209/605

摘要： Method and apparatus enabled by computer (or equivalent) hardware and software for protection of content such as audio and video to be downloaded or streamed over a computer network such as the Internet. The content is provided to the user via streaming or downloads in encrypted form. The encryption is such that the content key decryption information is transmitted so that it itself is encrypted to be both device and session unique. That is, the key information can be used only to extract the content decryption key for a particular session and for a particular client device such as an audio or video consumer playing device. This prevents any further use or copying of the content other than in that session and for that particular client. The specificity is accomplished by using a device unique identifier and antireplay information which is session specific for encrypting the content key. A typical application is Internet streaming of audio or video to consumers.

摘要翻译： 用于保护诸如音频和视频的内容的计算机（或等效的）硬件和软件能够通过诸如因特网的计算机网络下载或流式传输的方法和装置。 内容通过加密形式的流式传输或下载提供给用户。 加密是使得内容密钥解密信息被发送，使得其本身被加密成为设备和会话唯一的。 也就是说，密钥信息可以仅用于提取特定会话的内容解密密钥以及用于诸如音频或视频消费者播放设备的特定客户端设备。 这可以防止在该会话和该特定客户端之外的内容的任何进一步的使用或复制。 特异性通过使用设备唯一标识符和反重播信息来实现，该信息是会话专用于加密内容密钥。 典型的应用是将音频或视频的互联网流传输给消费者。

公开(公告)号：US20140075180A1

公开(公告)日：2014-03-13

申请号：US13615492

申请日：2012-09-13

申请人： Augustin J. Farrugia ,  Gianpaolo Fasoli ,  Bertrand Mollinier Toublet ,  Mathieu Ciet

发明人： Augustin J. Farrugia ,  Gianpaolo Fasoli ,  Bertrand Mollinier Toublet ,  Mathieu Ciet

IPC分类号： G06F21/60

CPC分类号： H04L9/32 ,  G06F21/10 ,  G06F21/602

摘要： Some embodiments of the invention provide a content-distribution system. In some embodiments, the content-distribution system distributes device-restricted content and device-unrestricted content. Device-restricted content is content that can only be played on devices that the system associates with the particular user. Device-unrestricted content is content that can be played on any device without any restrictions. However, for at least one operation or service other than playback, device-unrestricted content has to be authenticated before this operation or service can be performed on the content. In some embodiments, the system facilitates this authentication by specifying a verification parameter for a piece of device-unrestricted content. The content-distribution system of some embodiments has a set of servers that supply (1) media storage structures that store content, (2) cryptographic keys that are needed to decrypt device-restricted content, and (3) verification parameters that are needed to verify device-unrestricted content.

摘要翻译： 本发明的一些实施例提供内容分发系统。 在一些实施例中，内容分发系统分发设备限制的内容和设备无限制的内容。 设备限制内容是只能在系统与特定用户关联的设备上播放的内容。 设备无限制的内容是可以在任何设备上播放的内容，没有任何限制。 然而，对于除播放之外的至少一个操作或服务，在可以对内容执行该操作或服务之前必须认证设备无限制的内容。 在一些实施例中，系统通过为一片设备无限制内容指定验证参数来促进该认证。 一些实施例的内容分发系统具有一组服务器，其提供（1）存储内容的媒体存储结构，（2）解密设备限制的内容所需的密码密钥，以及（3）需要的验证参数 验证设备无限制的内容。

公开(公告)号：US20080294901A1

公开(公告)日：2008-11-27

申请号：US11752276

申请日：2007-05-22

申请人： Augustin J. Farrugia ,  Gianpaolo Fasoli ,  Bertrand Mollinier Toublet ,  Mathieu Ciet

发明人： Augustin J. Farrugia ,  Gianpaolo Fasoli ,  Bertrand Mollinier Toublet ,  Mathieu Ciet

IPC分类号： H04L9/00

CPC分类号： G06F21/10

摘要： Some embodiments of the invention provide a content-distribution system for distributing content under a variety of different basis. For instance, in some embodiments, the content-distribution system distributes device-restricted content and device-unrestricted content. Device-restricted content is content that can only be played on devices that the system associates with the particular user. Device-unrestricted content is content that can be played on any device without any restrictions. However, for at least one operation or service other than playback, device-unrestricted content has to be authenticated before this operation or service can be performed on the content. In some embodiments, the system facilitates this authentication by specifying a verification parameter for a piece of device-unrestricted content. The content-distribution system of some embodiments has a set of servers that supply (1) media storage structures that store content, (2) cryptographic keys that are needed to decrypt device-restricted content, and (3) verification parameters that are needed to verify device-unrestricted content. In some embodiments, the device that receives the media storage structure inserts the received cryptographic key or verification parameter in the received media storage structure. In some embodiments, the set of servers also supply cryptographic content keys for the device-unrestricted content. These keys are used to decrypt the content upon arrival, upon first playback, or at some other time. However, some embodiments do not store these cryptographic keys in the media storage structures for the device-unrestricted content.

摘要翻译： 本发明的一些实施例提供了一种用于在各种不同基础下分发内容的内容分发系统。 例如，在一些实施例中，内容分发系统分发受设备限制的内容和设备无限制的内容。 设备限制内容是只能在系统与特定用户关联的设备上播放的内容。 设备无限制的内容是可以在任何设备上播放的内容，没有任何限制。 然而，对于除播放之外的至少一个操作或服务，在可以对内容执行该操作或服务之前必须认证设备无限制的内容。 在一些实施例中，系统通过为一片设备无限制内容指定验证参数来促进该认证。 一些实施例的内容分发系统具有一组服务器，其提供（1）存储内容的媒体存储结构，（2）解密设备限制的内容所需的密码密钥，以及（3）需要的验证参数 验证设备无限制内容。 在一些实施例中，接收媒体存储结构的设备将接收到的加密密钥或验证参数插入接收到的媒体存储结构中。 在一些实施例中，该组服务器还提供用于设备无限制内容的加密内容密钥。 这些密钥用于在到达时，首次播放时或在其他时间对内容进行解密。 然而，一些实施例不将这些加密密钥存储在用于设备无限制内容的媒体存储结构中。

公开(公告)号：US08347098B2

公开(公告)日：2013-01-01

申请号：US11752276

申请日：2007-05-22

申请人： Augustin J. Farrugia ,  Gianpaolo Fasoli ,  Bertrand Mollinier Toublet ,  Mathieu Ciet

发明人： Augustin J. Farrugia ,  Gianpaolo Fasoli ,  Bertrand Mollinier Toublet ,  Mathieu Ciet

IPC分类号： H04L29/06

CPC分类号： G06F21/10

摘要： Some embodiments of the invention provide a content-distribution system for distributing content under a variety of different basis. For instance, in some embodiments, the content-distribution system distributes device-restricted content and device-unrestricted content. Device-restricted content is content that can only be played on devices that the system associates with the particular user. Device-unrestricted content is content that can be played on any device without any restrictions. However, for at least one operation or service other than playback, device-unrestricted content has to be authenticated before this operation or service can be performed on the content. In some embodiments, the system facilitates this authentication by specifying a verification parameter for a piece of device-unrestricted content. The content-distribution system of some embodiments has a set of servers that supply (1) media storage structures that store content, (2) cryptographic keys that are needed to decrypt device-restricted content, and (3) verification parameters that are needed to verify device-unrestricted content. In some embodiments, the device that receives the media storage structure inserts the received cryptographic key or verification parameter in the received media storage structure. In some embodiments, the set of servers also supply cryptographic content keys for the device-unrestricted content. These keys are used to decrypt the content upon arrival, upon first playback, or at some other time. However, some embodiments do not store these cryptographic keys in the media storage structures for the device-unrestricted content.

摘要翻译： 本发明的一些实施例提供了一种用于在各种不同基础下分发内容的内容分发系统。 例如，在一些实施例中，内容分发系统分发受设备限制的内容和设备无限制的内容。 设备限制内容是只能在系统与特定用户关联的设备上播放的内容。 设备无限制的内容是可以在任何设备上播放的内容，没有任何限制。 然而，对于除播放之外的至少一个操作或服务，在可以对内容执行该操作或服务之前必须认证设备无限制的内容。 在一些实施例中，系统通过为一片设备无限制内容指定验证参数来促进该认证。 一些实施例的内容分发系统具有一组服务器，其提供（1）存储内容的媒体存储结构，（2）解密设备限制的内容所需的密码密钥，以及（3）需要的验证参数 验证设备无限制的内容。 在一些实施例中，接收媒体存储结构的设备将接收到的加密密钥或验证参数插入接收到的媒体存储结构中。 在一些实施例中，该组服务器还提供用于设备无限制内容的加密内容密钥。 这些密钥用于在到达时，首次播放时或在其他时间对内容进行解密。 然而，一些实施例不将这些加密密钥存储在用于设备无限制内容的媒体存储结构中。

公开(公告)号：US20090154704A1

公开(公告)日：2009-06-18

申请号：US12002098

申请日：2007-12-14

申请人： Augustin J. Farrugia ,  Gianpaolo Fasoli ,  Mathieu Ciet ,  Bertrand Mollinier Toublet

发明人： Augustin J. Farrugia ,  Gianpaolo Fasoli ,  Mathieu Ciet ,  Bertrand Mollinier Toublet

IPC分类号： H04L9/00

CPC分类号： H04L63/062 ,  G06F21/10 ,  H04L9/0827 ,  H04L9/0891 ,  H04L63/123 ,  H04L2209/605

摘要： Method and apparatus enabled by computer (or equivalent) hardware and software for protection of content such as audio and video to be downloaded or streamed over a computer network such as the Internet. The content is provided to the user via streaming or downloads in encrypted form. The encryption is such that the content key decryption information is transmitted so that it itself is encrypted to be both device and session unique. That is, the key information can be used only to extract the content decryption key for a particular session and for a particular client device such as an audio or video consumer playing device. This prevents any further use or copying of the content other than in that session and for that particular client. The specificity is accomplished by using a device unique identifier and antireplay information which is session specific for encrypting the content key. A typical application is Internet streaming of audio or video to consumers.

摘要翻译： 用于保护诸如音频和视频的内容的计算机（或等效的）硬件和软件能够通过诸如因特网的计算机网络下载或流式传输的方法和装置。 内容通过加密形式的流式传输或下载提供给用户。 加密是使得内容密钥解密信息被发送，使得其本身被加密成为设备和会话唯一的。 也就是说，密钥信息可以仅用于提取特定会话的内容解密密钥以及用于诸如音频或视频消费者播放设备的特定客户端设备。 这可以防止在该会话和该特定客户端之外的内容的任何进一步的使用或复制。 特异性通过使用设备唯一标识符和反重播信息来实现，该信息是会话专用于加密内容密钥。 典型的应用是将音频或视频的互联网流传输给消费者。

公开(公告)号：US09311492B2

公开(公告)日：2016-04-12

申请号：US13615492

申请日：2012-09-13

申请人： Augustin J. Farrugia ,  Gianpaolo Fasoli ,  Bertrand Mollinier Toublet ,  Mathieu Ciet

发明人： Augustin J. Farrugia ,  Gianpaolo Fasoli ,  Bertrand Mollinier Toublet ,  Mathieu Ciet

IPC分类号： G06F21/10 ,  G06F21/60

CPC分类号： H04L9/32 ,  G06F21/10 ,  G06F21/602

摘要： Some embodiments of the invention provide a content-distribution system. In some embodiments, the content-distribution system distributes device-restricted content and device-unrestricted content. Device-restricted content is content that can only be played on devices that the system associates with the particular user. Device-unrestricted content is content that can be played on any device without any restrictions. However, for at least one operation or service other than playback, device-unrestricted content has to be authenticated before this operation or service can be performed on the content. In some embodiments, the system facilitates this authentication by specifying a verification parameter for a piece of device-unrestricted content. The content-distribution system of some embodiments has a set of servers that supply (1) media storage structures that store content, (2) cryptographic keys that are needed to decrypt device-restricted content, and (3) verification parameters that are needed to verify device-unrestricted content.

摘要翻译： 本发明的一些实施例提供内容分发系统。 在一些实施例中，内容分发系统分发设备限制的内容和设备无限制的内容。 设备限制内容是只能在系统与特定用户关联的设备上播放的内容。 设备无限制的内容是可以在任何设备上播放的内容，没有任何限制。 然而，对于除播放之外的至少一个操作或服务，在可以对内容执行该操作或服务之前必须认证设备无限制的内容。 在一些实施例中，系统通过为一片设备无限制内容指定验证参数来促进该认证。 一些实施例的内容分发系统具有一组服务器，其提供（1）存储内容的媒体存储结构，（2）解密设备限制的内容所需的密码密钥，以及（3）需要的验证参数 验证设备无限制的内容。

公开(公告)号：US08412938B2

公开(公告)日：2013-04-02

申请号：US12551172

申请日：2009-08-31

申请人： Augustin J. Farrugia ,  Bertrand Mollinier Toublet ,  Gianpaolo Fasoli ,  Mathieu Ciet ,  Jill Surdzial

发明人： Augustin J. Farrugia ,  Bertrand Mollinier Toublet ,  Gianpaolo Fasoli ,  Mathieu Ciet ,  Jill Surdzial

IPC分类号： H04L29/06

CPC分类号： H04L63/0428 ,  H04L9/321 ,  H04L9/3218 ,  H04L9/3242 ,  H04L2209/603 ,  H04L2209/80

摘要： In the fields of data security and system reliability and qualification, this disclosure is of a method, system and apparatus for verifying or authenticating a device to a host using a zero-knowledge based authentication technique which includes a keyed message authentication code such as an HMAC or keyed cipher function and which operates on secret information shared between the host and the device. This is useful both for security purposes and also to make sure that a device such as a computer peripheral or accessory or component is qualified to be interoperable with the host.

摘要翻译： 在数据安全性和系统可靠性和资格认证领域中，本公开是一种用于使用基于零知识的认证技术来验证或认证到主机的设备的方法，系统和装置，其包括诸如HMAC之类的密钥化消息认证码 或密钥密码函数，并且操作在主机和设备之间共享的秘密信息。 这对于安全目的也是有用的，并且还确保诸如计算机外围设备或附件或组件的设备有资格与主机互操作。

公开(公告)号：US20130182842A1

公开(公告)日：2013-07-18

申请号：US13349451

申请日：2012-01-12

申请人： Gianpaolo Fasoli ,  Augustin J. Farrugia ,  Bertrand Mollinier Toublet ,  Gelareh Taban ,  Nicholas T. Sullivan ,  Srinivas Vedula

发明人： Gianpaolo Fasoli ,  Augustin J. Farrugia ,  Bertrand Mollinier Toublet ,  Gelareh Taban ,  Nicholas T. Sullivan ,  Srinivas Vedula

IPC分类号： H04L9/14 ,  H04L9/08

CPC分类号： H04L9/14 ,  H04L9/0861 ,  H04L2209/603 ,  H04N21/2347 ,  H04N21/26613 ,  H04N21/63345

摘要： Disclosed herein are systems, methods, and non-transitory computer-readable storage media for key space division and sub-key derivation for mixed media digital rights management content and secure digital asset distribution. A system practicing the exemplary method derives a set of family keys from a master key associated with an encrypted media asset using a one-way function, wherein each family key is uniquely associated with a respective client platform type, wherein the master key is received from a server account database, and identifies a client platform type for a client device and a corresponding family key from the set of family keys. The system encrypts an encrypted media asset with the corresponding family key to yield a platform-specific encrypted media asset, and transmits the platform-specific encrypted media asset to the client device. Thus, different client devices receive device-specific encrypted assets which can be all derived based on the same master key.

摘要翻译： 本文公开了用于混合媒体数字版权管理内容和安全数字资产分配的关键空间划分和子密钥导出的系统，方法和非暂时的计算机可读存储介质。 实施示例性方法的系统使用单向函数从与加密的媒体资产相关联的主密钥导出一组家庭密钥，其中每个家庭密钥与相应的客户端平台类型唯一地相关联，其中主密钥从 一个服务器帐户数据库，并从一组家庭密钥中识别客户端设备的客户端平台类型和相应的家庭密钥。 该系统使用相应的家庭密钥对加密的媒体资产进行加密，以产生特定于平台的加密媒体资产，并将平台特定的加密媒体资产发送到客户端设备。 因此，不同的客户端设备接收可以全部基于相同主密钥导出的特定于设备的加密资产。

公开(公告)号：US08638935B2

公开(公告)日：2014-01-28

申请号：US13349451

申请日：2012-01-12

申请人： Gianpaolo Fasoli ,  Augustin J. Farrugia ,  Bertrand Mollinier Toublet ,  Gelareh Taban ,  Nicholas T. Sullivan ,  Srinivas Vedula

发明人： Gianpaolo Fasoli ,  Augustin J. Farrugia ,  Bertrand Mollinier Toublet ,  Gelareh Taban ,  Nicholas T. Sullivan ,  Srinivas Vedula

IPC分类号： H04L9/14

CPC分类号： H04L9/14 ,  H04L9/0861 ,  H04L2209/603 ,  H04N21/2347 ,  H04N21/26613 ,  H04N21/63345

摘要： Disclosed herein are systems, methods, and non-transitory computer-readable storage media for key space division and sub-key derivation for mixed media digital rights management content and secure digital asset distribution. A system practicing the exemplary method derives a set of family keys from a master key associated with an encrypted media asset using a one-way function, wherein each family key is uniquely associated with a respective client platform type, wherein the master key is received from a server account database, and identifies a client platform type for a client device and a corresponding family key from the set of family keys. The system encrypts an encrypted media asset with the corresponding family key to yield a platform-specific encrypted media asset, and transmits the platform-specific encrypted media asset to the client device. Thus, different client devices receive device-specific encrypted assets which can be all derived based on the same master key.

摘要翻译： 本文公开了用于混合媒体数字版权管理内容和安全数字资产分配的关键空间划分和子密钥导出的系统，方法和非暂时的计算机可读存储介质。 实施示例性方法的系统使用单向函数从与加密的媒体资产相关联的主密钥导出一组家庭密钥，其中每个家庭密钥与相应的客户端平台类型唯一地相关联，其中主密钥从 一个服务器帐户数据库，并从一组家庭密钥中识别客户端设备的客户端平台类型和相应的家庭密钥。 该系统使用相应的家庭密钥对加密的媒体资产进行加密，以产生特定于平台的加密媒体资产，并将平台特定的加密媒体资产发送到客户端设备。 因此，不同的客户端设备接收可以全部基于相同主密钥导出的特定于设备的加密资产。

公开(公告)号：US20120095877A1

公开(公告)日：2012-04-19

申请号：US12907915

申请日：2010-10-19

申请人： Jean-Pierre Ciudad ,  Augustin J. Farrugia ,  David M'Raihi ,  Bertrand Mollinier Toublet ,  Gianpaolo Fasoli ,  Nicholas T. Sullivan

发明人： Jean-Pierre Ciudad ,  Augustin J. Farrugia ,  David M'Raihi ,  Bertrand Mollinier Toublet ,  Gianpaolo Fasoli ,  Nicholas T. Sullivan

IPC分类号： H04L9/32 ,  G06F7/04 ,  G06Q30/00

CPC分类号： G06F21/105 ,  G06Q30/0601 ,  G06Q30/0641

摘要： Disclosed herein are systems, methods, and non-transitory computer-readable media for enforcing application usage policies. As part of an application purchase transaction, the application distributor creates a unique proof of purchase receipt. This receipt can be bundled with the application and delivered to the purchaser. Each machine can maintain an authorization file that lists the users authorized to use applications on that machine. A system configured to practice the method verifies that a user is authorized to use an application on a machine based on an application proof of purchase receipt and the authorization file. If the application proof of purchase receipt and the authorization file are both valid, the system checks if the user account identifier in the receipt is contained in the authorization file. If so, the user can be considered authorized to use the application on the machine.

摘要翻译： 本文公开了用于实施应用使用策略的系统，方法和非暂时性计算机可读介质。 作为应用程序购买交易的一部分，应用经销商创建了购买收据的独特证明。 该收据可以与应用程序捆绑并交付给买方。 每个机器可以维护一个授权文件，其中列出了授权在该机器上使用应用程序的用户。 配置为执行该方法的系统基于购买收据的应用证明和授权文件验证用户被授权在机器上使用应用程序。 如果采购凭证的应用证明和授权文件都有效，系统将检查收据中的用户帐号标识是否包含在授权文件中。 如果是这样，用户可以被认为有权在机器上使用应用程序。