公开(公告)号：US20100027790A1

公开(公告)日：2010-02-04

申请号：US11961848

申请日：2007-12-20

申请人： Balaji Vembu ,  Gary Graunke ,  Sathyamurthi Sadhasivan ,  Aditya Sreenivas

发明人： Balaji Vembu ,  Gary Graunke ,  Sathyamurthi Sadhasivan ,  Aditya Sreenivas

IPC分类号： H04N7/167 ,  H04L9/08

CPC分类号： G06F21/606

摘要： A method for delivering audio/video data through a hardware device using a software application comprises, at the hardware end, receiving an encrypted application key, an encrypted random session key, and encrypted audio/video data from the software. The hardware then decrypts the encrypted application key using a secret encryption key, decrypts the encrypted random session key using the application key, and decrypts the encrypted audio/video data using the random session key. The hardware may then deliver the unencrypted audio/video data by way of a display and speakers. The secret encryption key is securely embedded within the hardware device at an earlier point in time.

摘要翻译： 通过使用软件应用的硬件设备来传送音频/视频数据的方法包括在硬件端从软件接收加密的应用密钥，加密的随机会话密钥和加密的音频/视频数据。 然后硬件使用秘密加密密钥解密加密的应用密钥，使用应用密钥对加密的随机会话密钥进行解密，并使用随机会话密钥解密加密的音频/视频数据。 然后硬件可以通过显示器和扬声器传递未加密的音频/视频数据。 秘密加密密钥在较早的时间点安全地嵌入硬件设备内。

公开(公告)号：US20090172331A1

公开(公告)日：2009-07-02

申请号：US12006282

申请日：2007-12-31

申请人： Balaji Vembu ,  Aditya Sreenivas ,  Wishwesh Gandhi ,  Sathyamurthi Sadhasivan ,  Gary Graunke ,  Scott Janus ,  Murali Ramadoss

发明人： Balaji Vembu ,  Aditya Sreenivas ,  Wishwesh Gandhi ,  Sathyamurthi Sadhasivan ,  Gary Graunke ,  Scott Janus ,  Murali Ramadoss

IPC分类号： G06F21/00

CPC分类号： G06F21/84 ,  G06F21/10 ,  G06F21/74

摘要： A graphics engine may include a decryption device, a renderer, and a sprite or overlay engine, all connected to a display. A memory may have a protected and non-protected portions in one embodiment. An application may store encrypted content on the non-protected portion of said memory. The decryption device may access the encrypted material, decrypt the material, and provide it to the renderer engine of a graphics engine. The graphics engine may then process the decrypted material using the protected portion of the memory. Only graphics devices can access the protected portion of the memory in at least one mode, preventing access by outside sources. In addition, the protected memory may be stolen memory that is not identified to the operating system, making that stolen memory inaccessible to applications running on the operating system.

摘要翻译： 图形引擎可以包括全部连接到显示器的解密设备，渲染器和子画面或覆盖引擎。 在一个实施例中，存储器可以具有受保护和非保护部分。 应用可以将加密的内容存储在所述存储器的非保护部分上。 解密设备可以访问加密的材料，解密材料，并将其提供给图形引擎的渲染器引擎。 然后，图形引擎可以使用存储器的受保护部分来处理解密的材料。 只有图形设备才能以至少一种模式访问存储器的受保护部分，从而防止外部源的访问。 此外，受保护的存储器可能是未被识别到操作系统的被盗存储器，使得被盗的存储器不能在操作系统上运行的应用程序访问。

公开(公告)号：US08014530B2

公开(公告)日：2011-09-06

申请号：US11387203

申请日：2006-03-22

申请人： Ernest Brickell ,  Gary Graunke ,  William A. Stevens ,  Balaji Vembu

发明人： Ernest Brickell ,  Gary Graunke ,  William A. Stevens ,  Balaji Vembu

IPC分类号： H04L9/08

CPC分类号： H04L9/0841 ,  G09C1/00 ,  H04L2209/56

摘要： A method and apparatus for authenticated recoverable key distribution are described. In one embodiment, an application key is provided to an integrated chip platform. In one embodiment, the integrated chip platform encrypts the application key with a Key Encryption Key, which is stored within the persistent memory on the platform, and outputs a ChipID and the encrypted application key to enable recovery. In one embodiment, the platform can provide the ChipID to a recovery database to replace a lost encrypted application key. In one embodiment, the ChipID is the public key of a public/private key pair, and the application key is provided to the integrated chip platform by encrypting it using this public key. In one embodiment, the ChipID and the Key Encryption Key are derived from a secret random number programmed into the integrated chip. Other embodiments are described and claimed.

摘要翻译： 描述了用于认证的可恢复密钥分发的方法和装置。 在一个实施例中，将应用密钥提供给集成芯片平台。 在一个实施例中，集成芯片平台用存储在平台上的持久存储器内的密钥加密密钥加密应用密钥，并输出ChipID和加密的应用密钥以使能恢复。 在一个实施例中，平台可以将ChipID提供给恢复数据库以替换丢失的加密应用密钥。 在一个实施例中，ChipID是公共/私人密钥对的公共密钥，并且通过使用该公开密钥将应用密钥提供给集成芯片平台。 在一个实施例中，ChipID和密钥加密密钥从编入集成芯片的秘密随机数导出。 描述和要求保护其他实施例。

公开(公告)号：US20070223704A1

公开(公告)日：2007-09-27

申请号：US11387203

申请日：2006-03-22

申请人： Ernest Brickell ,  Gary Graunke ,  William Stevens ,  Balaji Vembu

发明人： Ernest Brickell ,  Gary Graunke ,  William Stevens ,  Balaji Vembu

IPC分类号： H04L9/00

CPC分类号： H04L9/0841 ,  G09C1/00 ,  H04L2209/56

摘要： A method and apparatus for authenticated recoverable key distribution are described. In one embodiment, an application key is provided to an integrated chip platform. In one embodiment, the integrated chip platform encrypts the application key with a Key Encryption Key, which is stored within the persistent memory on the platform, and outputs a ChipID and the encrypted application key to enable recovery. In one embodiment, the platform can provide the ChipID to a recovery database to replace a lost encrypted application key. In one embodiment, the ChipID is the public key of a public/private key pair, and the application key is provided to the integrated chip platform by encrypting it using this public key. In one embodiment, the ChipID and the Key Encryption Key are derived from a secret random number programmed into the integrated chip. Other embodiments are described and claimed.

摘要翻译： 描述了用于认证的可恢复密钥分发的方法和装置。 在一个实施例中，将应用密钥提供给集成芯片平台。 在一个实施例中，集成芯片平台用存储在平台上的持久存储器内的密钥加密密钥加密应用密钥，并输出ChipID和加密的应用密钥以使能恢复。 在一个实施例中，平台可以将ChipID提供给恢复数据库以替换丢失的加密应用密钥。 在一个实施例中，ChipID是公共/私人密钥对的公共密钥，并且通过使用该公开密钥将应用密钥提供给集成芯片平台。 在一个实施例中，ChipID和密钥加密密钥从编入集成芯片的秘密随机数导出。 描述和要求保护其他实施例。

公开(公告)号：US20070189534A1

公开(公告)日：2007-08-16

申请号：US11013572

申请日：2004-12-15

申请人： Matthew Wood ,  Gary Graunke

发明人： Matthew Wood ,  Gary Graunke

IPC分类号： H04K1/00

CPC分类号： G06F7/58 ,  H04L9/0662 ,  H04L63/06 ,  H04L63/166

摘要： A system, apparatus, and method are provided for enhancing entropy in a pseudo-random number generator (PRNG) using remote sources. According to one embodiment of the present invention, first, the PRNG's internal state is initialized. Local seeding information is then obtained from a local host. For added security, additional seeding information is obtained from one or more remote entropy servers operating independently to each maintain a constantly updated state pool. Finally, the PRNG is stirred based upon the local seeding information, and the additional seeding information.

摘要翻译： 提供了一种使用远程源增强伪随机数发生器（PRNG）中的熵的系统，装置和方法。 根据本发明的一个实施例，首先，PRNG的内部状态被初始化。 然后从本地主机获取本地种子信息。 为了增加安全性，从独立操作的一个或多个远程熵服务器获得附加种子信息，每个远程熵服务器维护不断更新的状态池。 最后，根据当地种子信息和附加种子信息，推动民解联。

公开(公告)号：US20060233363A1

公开(公告)日：2006-10-19

申请号：US11269397

申请日：2005-11-07

申请人： Gary Graunke

发明人： Gary Graunke

IPC分类号： H04L9/00

CPC分类号： H04L9/065 ,  H04L9/0861 ,  H04L2209/122 ,  H04L2209/601

摘要： Secure communication from one encryption domain to another using a trusted module. In one embodiment, the invention includes receiving encrypted streamed content encrypted with a first key, generating a substitution key stream based on the first key and a second key, generating a transposition key stream based on the first and second keys, and simultaneously decrypting and re-encrypting the encrypted streamed content using a combination of the substitution and transposition streams to produce re-encrypted streamed content encrypted with the second key.

公开(公告)号：US20050169466A1

公开(公告)日：2005-08-04

申请号：US10769253

申请日：2004-01-30

申请人： Gary Graunke

发明人： Gary Graunke

IPC分类号： H04L9/12 ,  H04N7/16 ,  H04N7/167

CPC分类号： H04N21/4367 ,  H04L9/065 ,  H04L9/12 ,  H04L2209/60 ,  H04N7/163 ,  H04N7/1675 ,  H04N21/4405 ,  H04N21/4408

摘要： Detecting loss of stream cipher synchronization between a transmitter and a receiver in a video processing system may be achieved by receiving, by the receiver, an encrypted video frame from the transmitter, obtaining an encrypted value for a selected pixel in the encrypted video frame, decrypting the encrypted pixel value using a first portion of the receiver's current key stream, re-encrypting the pixel value using a second portion of the receiver's current key stream, sending the re-encrypted pixel value from the receiver to the transmitter, obtaining, by the transmitter, a plaintext value for the selected pixel from a corresponding original video frame and encrypting the plaintext pixel value using a second portion of the transmitter's current key stream, and comparing the re-encrypted pixel value received from the receiver with the encrypted pixel value generated by the transmitter and detecting a loss of cipher synchronization when the values do not match.

摘要翻译： 检测视频处理系统中的发射机和接收机之间的流密码同步的损失可以通过接收机从发射机接收加密的视频帧来获得加密的视频帧中的所选像素的加密值，解密 使用接收机当前密钥流的第一部分的加密像素值，使用接收机当前密钥流的第二部分重新加密像素值，将重新加密的像素值从接收器发送到发送器，通过 发送器，来自相应的原始视频帧的所选像素的明文值，并使用发送器当前密钥流的第二部分加密明文像素值，并将从接收器接收的重新加密的像素值与生成的加密像素值进行比较 并且当值不匹配时检测密码同步丢失。

公开(公告)号：US20050050355A1

公开(公告)日：2005-03-03

申请号：US10652140

申请日：2003-08-29

申请人： Gary Graunke

发明人： Gary Graunke

IPC分类号： G06F21/00 ,  H04L9/06 ,  G06F11/30 ,  H04L9/00

CPC分类号： G06F21/14 ,  H04L9/06

摘要： In one embodiment, the present invention may perform a transformation based on existing program operations or operators which may provide encrypting compiler-generated code for compilation with original source code, securing distributable content in hostile environments. As an example, use of compiler analysis and heuristics for pairing variables and identifying encryption/decryption points may protect distributable software, such as the compiled code from automated attacks. In one embodiment, pre-compiler software may dynamically obtain one or more program operators from the source code for applying data transformation based on custom ciphers to encrypt/decrypt data in between references to data variables in a particular portion of the source code, providing encrypting compiler-generated code for mixing with the source code prior to compilation into tamper-resistant object code.

摘要翻译： 在一个实施例中，本发明可以基于现有的程序操作或操作者执行转换，所述操作可以提供加密编译器生成的代码以用原始源代码进行编译，从而将可分发内容保护在恶劣的环境中。 例如，使用编译器分析和启发式方法来配对变量和识别加密/解密点可以保护可分发软件，例如自动化攻击的编译代码。 在一个实施例中，预编译器软件可以从源代码动态地获得一个或多个程序操作符，用于基于自定义密码应用数据变换，以在源代码的特定部分中对数据变量的引用之间加密/解密数据，从而提供加密 编译器生成的代码，用于与源代码混合，然后编译成防篡改对象代码。

公开(公告)号：US5852826A

公开(公告)日：1998-12-22

申请号：US592012

申请日：1996-01-26

申请人： Gary Graunke ,  Leonard D. Shapiro ,  Sujata Ramamoorthy

发明人： Gary Graunke ,  Leonard D. Shapiro ,  Sujata Ramamoorthy

IPC分类号： G06F7/36 ,  G06F7/16

CPC分类号： G06F7/36 ,  Y10S707/99937

摘要： A parallel sorting technique for external and internal sorting which maximizes the use of multiple processes to sort records from an input data set. Performance of the sort linearly scales with the number of processors because multiple processors can perform every step of the technique. To begin, the records of a data set to be sorted are read from an input file and written into multiple buffers in memory so long as memory is available. The records within each buffer are then simultaneously sorted to create runs therein. A merge tree is constructed with the runs as stream elements into leaf nodes of the tree, where the stream elements are merged. The stream elements at each node are then merged by multiple processes working simultaneously at the node, thereby generating an output stream of elements for merging at a higher node. For an internal sort, the run that results from all of the merging is immediately written to an output device. For an external sort, the run is an intermediate run, written to secondary storage along with other intermediate runs. A forecast structure provides a forecast of the order of the run blocks from the multiple intermediate runs. These blocks are read in the forecasted order from secondary storage, written into memory and merged through a merge tree to form an ordered record stream that is a complete run for the data set. The ordered record stream is then written to the output device.

摘要翻译： 用于外部和内部排序的并行排序技术，其最大限度地利用多个进程来从输入数据集排序记录。 由于多个处理器可以执行该技术的每一步，排序的性能会随着处理器的数量而逐渐增加。 首先，只要存储器可用，将从输入文件中读取要排序的数据集的记录，并将其写入存储器中的多个缓冲区。 然后每个缓冲区中的记录被同时排序以在其中创建运行。 将合并树构建为流作为流元素的树作为树的叶节点，其中流元素被合并。 然后，在节点处同时工作的多个进程合并每个节点处的流元素，从而生成用于在较高节点处合并的元素的输出流。 对于内部排序，从所有合并产生的运行将立即写入输出设备。 对于外部排序，运行是一个中间运行，与其他中间运行一起写入辅助存储。 预测结构提供了来自多个中间运行的运行块的顺序的预测。 这些块以二级存储的预测顺序读取，写入内存并通过合并树合并，形成数据集的完整运行的有序记录流。 然后将有序记录流写入输出设备。

公开(公告)号：US20080075284A1

公开(公告)日：2008-03-27

申请号：US11923635

申请日：2007-10-24

申请人： Carl Ellison ,  C. Brendan Traw ,  Michael Ripley ,  Gary Graunke

发明人： Carl Ellison ,  C. Brendan Traw ,  Michael Ripley ,  Gary Graunke

IPC分类号： H04N7/167 ,  H04L9/08 ,  H04L9/14

CPC分类号： G11B20/0021 ,  G11B20/00086 ,  G11B20/00188 ,  G11B20/00224 ,  G11B20/00253 ,  G11B20/00362 ,  G11B20/00492 ,  G11B20/00528 ,  H04L9/0825 ,  H04L9/0897 ,  H04L2209/60

摘要： Protected content distribution is accomplished by a first entity generating a set of asymmetric key pairs, creating a plurality of sets of private keys by selecting a combination of private keys from the set of asymmetric key pairs for each created set, and distributing the sets of private keys to playback devices. A second entity produces protected content including encrypted content and a public key media key block, encrypts a symmetric content key with each public key in the set of asymmetric key pairs to form the public key media key block and encrypts a content title with the symmetric content key to form the encrypted content. A playback device stores one set of private keys, receives the protected content, and decrypts and plays the content title stored in the protected content when a selected one of the set of private keys stored by the playback device successfully decrypts the encrypted symmetric content key stored in the public key media key block of the received protected content.

摘要翻译： 受保护的内容分发由生成一组非对称密钥对的第一实体完成，通过从每个创建的集合的非对称密钥对集合中选择私钥的组合来创建多组私钥，并且分发私有密钥集合 播放设备的键。 第二实体产生包括加密内容和公共密钥媒体密钥块的受保护内容，使用非对称密钥对集合中的每个公开密钥对对称内容密钥进行加密，以形成公共密钥媒体密钥块，并加密具有对称内容的内容标题 密钥来形成加密的内容。 回放设备存储一组专用密钥，接收受保护的内容，并且当由重放设备存储的一组专用密钥中的所选择的一个成功地解密存储的加密的对称内容密钥时，解密并播放存储在受保护内容中的内容标题 在接收到的受保护内容的公钥媒体密钥块中。