公开(公告)号：US07929483B2

公开(公告)日：2011-04-19

申请号：US11026413

申请日：2004-12-30

申请人： Bridget D. Kimball ,  Michael T. Habrat ,  John I. Okimoto ,  Douglas M. Petty ,  Eric J. Sprunk ,  Lawrence W. Tang

发明人： Bridget D. Kimball ,  Michael T. Habrat ,  John I. Okimoto ,  Douglas M. Petty ,  Eric J. Sprunk ,  Lawrence W. Tang

IPC分类号： H04B7/212

CPC分类号： G06F21/10 ,  G06F21/725 ,  H04L63/123 ,  H04L2463/121

摘要： The present invention discloses a system and method for providing a secured system time reference to a subscriber device, e.g., a set top box or a receiver. In one embodiment, the system time reference is provided in a secure system time message that is broadcasted to a plurality of subscriber devices. Each subscriber device has a security device or software application that is capable of determining whether the received system time reference is legitimate. If the system time reference is determined to be legitimate, a local time reference is synchronized with said received system time reference.

摘要翻译： 本发明公开了一种用于向订户设备（例如机顶盒或接收机）提供安全系统时间参考的系统和方法。 在一个实施例中，在广播到多个订户设备的安全系统时间消息中提供系统时间参考。 每个用户设备具有能够确定所接收的系统时间参考是否合法的安全设备或软件应用。 如果确定系统时间参考是合法的，则将本地时间基准与所接收的系统时间参考同步。

公开(公告)号：US08156560B2

公开(公告)日：2012-04-10

申请号：US11027206

申请日：2004-12-30

申请人： John I. Okimoto ,  Bridget D. Kimball ,  Annie O. Chen ,  Michael T. Habrat ,  Douglas M. Petty ,  Eric Sprunk ,  Lawrence W. Tang

发明人： John I. Okimoto ,  Bridget D. Kimball ,  Annie O. Chen ,  Michael T. Habrat ,  Douglas M. Petty ,  Eric Sprunk ,  Lawrence W. Tang

IPC分类号： H04N7/16

CPC分类号： G06F21/10 ,  H04N7/1675 ,  H04N21/4147 ,  H04N21/4405 ,  H04N21/4408 ,  H04N21/8355

摘要： The present invention discloses an apparatus and method for defining and enforcing rules of transition between two security domains, e.g., a transport domain and a persistent security domain. In turn, a border guard, e.g., a security device, is provided between these two domains that enforce rules for transition between the two security domains. This novel approach of defining a transport domain and a persistent security domain simplifies the classification of the digital content and its movement through the system. Namely, the border guard once established between the two systems can enforce DRM rules associated with how contents are moved between the two domains.

摘要翻译： 本发明公开了一种用于定义和实施两个安全域（例如传输域和持久安全域）之间的转换规则的装置和方法。 反过来，在这两个域之间提供边界警卫，例如安全装置，这两个域执行两个安全域之间的转换规则。 这种定义传输域和持久安全域的新颖方法简化了数字内容的分类及其通过系统的移动。 也就是说，在两个系统之间建立的边界守卫可以实施与内容在两个域之间移动的相关联的DRM规则。

公开(公告)号：US07305555B2

公开(公告)日：2007-12-04

申请号：US10109111

申请日：2002-03-27

申请人： John I. Okimoto ,  Eric J. Sprunk ,  Lawrence W. Tang ,  Annie On-yee Chen ,  Bridget Kimball ,  Douglas Petty

发明人： John I. Okimoto ,  Eric J. Sprunk ,  Lawrence W. Tang ,  Annie On-yee Chen ,  Bridget Kimball ,  Douglas Petty

IPC分类号： H04L9/00 ,  H04K1/00 ,  G06F11/30 ,  G06F12/14 ,  G06Q40/00 ,  H04L9/32 ,  H04N7/167 ,  H04N1/44 ,  H04K1/02

CPC分类号： H04N21/254 ,  H04N7/163 ,  H04N21/2543 ,  H04N21/26609 ,  H04N21/4181 ,  H04N21/4367 ,  H04N21/4623

摘要： A system is described for uniquely mating components of a communication network such as a smartcard and a set-top box. When mated, the smartcard and set-top box are tied together and have a single identity. Further, the smartcard operates properly only when inserted into an authorized set-top box. Exchanges of information between both components are secured by encryption and authentication to guard against piracy of the exchanged information. The system provides the same authentication key to the set-top box and the smartcard. This key is used for authenticating communication between the set-top box and the smartcard. First, the authentication key is encrypted by a set-top box mating key. The set-top box employs this mating key to decrypt the authentication key. After it is derived, the authentication key is stored in the set-top box's memory. Further, the same authentication key is encrypted by a smartcard mating key. Thereafter, the smartcard employs the smartcard mating key to extract the authentication key. The clear authentication key is stored in the smartcard's memory as well. In this manner, the authentication key is used for securing all communication between the set-top box and the smart-card. For example, the set-top box may request control words from the smartcard. Only after authenticating the request, are the control words for decrypting digital content provided to the set-top box. If the smartcard authentication key is different from the set-top box key, the request for control words is denied.

摘要翻译： 描述了用于唯一地匹配诸如智能卡和机顶盒之类的通信网络的组件的系统。 当配对时，智能卡和机顶盒被捆绑在一起并具有单一身份。 此外，仅当插入授权的机顶盒时，智能卡才能正常运行。 通过加密和认证来确保两个组件之间的信息交换，以防止所交换信息的盗版。 系统向机顶盒和智能卡提供相同的认证密钥。 该密钥用于认证机顶盒和智能卡之间的通信。 首先，认证密钥由机顶盒配对密钥加密。 机顶盒采用这种配对密钥来解密认证密钥。 导出后，身份验证密钥存储在机顶盒的内存中。 此外，相同的认证密钥由智能卡配对密钥加密。 此后，智能卡采用智能卡配对密钥来提取认证密钥。 清除认证密钥也存储在智能卡的存储器中。 以这种方式，认证密钥用于保护机顶盒和智能卡之间的所有通信。 例如，机顶盒可以从智能卡请求控制字。 只有在认证请求之后，才是解密提供给机顶盒的数字内容的控制字。 如果智能卡认证密钥与机顶盒密钥不同，则拒绝对控制字的请求。

公开(公告)号：US06978022B2

公开(公告)日：2005-12-20

申请号：US09898168

申请日：2001-07-03

申请人： John I. Okimoto ,  Lawrence W. Tang

发明人： John I. Okimoto ,  Lawrence W. Tang

IPC分类号： H04N7/16 ,  H04N7/167 ,  H04N7/173 ,  H04N21/2225 ,  H04N21/231 ,  H04N21/2347 ,  H04N21/254 ,  H04N21/2543 ,  H04N21/266 ,  H04N21/4143 ,  H04N21/4405 ,  H04N21/442 ,  H04N21/4627 ,  H04N21/472 ,  H04N21/6334 ,  H04N21/6377 ,  H04N21/6405 ,  H04N21/6587 ,  H04N21/8355 ,  H04N21/8549 ,  H04L9/00

CPC分类号： H04N21/23473 ,  H04N7/165 ,  H04N7/1675 ,  H04N7/17336 ,  H04N21/2225 ,  H04N21/23106 ,  H04N21/2347 ,  H04N21/2541 ,  H04N21/2543 ,  H04N21/26606 ,  H04N21/26609 ,  H04N21/4143 ,  H04N21/4405 ,  H04N21/44204 ,  H04N21/4627 ,  H04N21/47202 ,  H04N21/47211 ,  H04N21/63345 ,  H04N21/63775 ,  H04N21/6405 ,  H04N21/6587 ,  H04N21/8355 ,  H04N21/8549

摘要： An encryption renewal system for generating entitlement control messages, the system being secured by physical separation of components. The encryption renewal system has a first computing platform for performing non-secure tasks associated with one or more control messages that transmit one or more keys to a subscriber; and a second computing platform physically separate from the first computing platform containing one or more application specific integrated circuit chip for generating the one or more control messages. In addition, a method by the encryption renewal system is used to register an off-line encryption device in order to begin encrypting clear content. The method includes generating data for registering the off-line encryption device; encrypting the data with one or more cryptographic keys to form encrypted data; forwarding the encrypted data to the off-line encryption device; and retrieving the data from the encrypted data, wherein the off-line encryption device begins to encrypt clear content only after the data is retrieved.

摘要翻译： 一种用于生成授权控制消息的加密更新系统，该系统通过组件的物理分离来保护。 加密更新系统具有第一计算平台，用于执行与向用户发送一个或多个密钥的一个或多个控制消息相关联的非安全任务; 以及物理上与第一计算平台物理上分离的第二计算平台，其包含用于生成一个或多个控制消息的一个或多个专用集成电路芯片。 此外，通过加密更新系统的方法用于注册离线加密设备，以便开始加密明确的内容。 该方法包括生成用于注册离线加密设备的数据; 用一个或多个加密密钥加密数据以形成加密数据; 将加密的数据转发到离线加密设备; 以及从所述加密数据中检索所述数据，其中所述离线加密设备仅在所述数据被检索之后开始加密清除内容。

公开(公告)号：US20130139198A1

公开(公告)日：2013-05-30

申请号：US13305958

申请日：2011-11-29

申请人： John I. Okimoto ,  Alexander Medvinsky ,  Xin Qiu

发明人： John I. Okimoto ,  Alexander Medvinsky ,  Xin Qiu

IPC分类号： H04N21/2347

CPC分类号： H04N21/25841 ,  H04N21/25816 ,  H04N21/26613 ,  H04N21/4623

摘要： A method, a digital content consumption device, and a conditional access system are disclosed. A network interface may receive in a digital content consumption device a public key message that includes an encrypted key. A processor may decrypt the encrypted key using a secret key to produce the transmitted public key, identify a region descriptor in the public key message, and determine the secret key based on the region descriptor.

摘要翻译： 公开了一种方法，数字内容消费装置和条件访问系统。 网络接口可以在数字内容消费设备中接收包括加密密钥的公开密钥消息。 处理器可以使用秘密密钥来解密加密的密钥，以产生所传送的公共密钥，识别公开密钥消息中的区域描述符，并且基于区域描述符确定秘密密钥。

公开(公告)号：US07765600B2

公开(公告)日：2010-07-27

申请号：US10838413

申请日：2004-05-04

申请人： Jeri L. Saunders ,  Annie O. Chen ,  Erik J. Elstermann ,  John I. Okimoto

发明人： Jeri L. Saunders ,  Annie O. Chen ,  Erik J. Elstermann ,  John I. Okimoto

IPC分类号： G06F7/04 ,  G06F12/14 ,  H04N7/167 ,  G06F21/00

CPC分类号： G06F21/121

摘要： A method for authorizing a computer program having a number of features for use with a product includes: receiving license data generated using a first key, the license data specifying a unique identifier associated with the product and specifying at least one feature authorized for use with the product; using a second key associated with the first key, obtaining the unique identifier from the license data; retrieving a product identifier from the product; determining whether the unique identifier corresponds to the product identifier; and based on the determination, authorizing use of the at least one feature with the product.

摘要翻译： 一种用于授权具有用于产品的多个特征的计算机程序的方法包括：接收使用第一密钥生成的许可证数据，所述许可证数据指定与所述产品相关联的唯一标识符，并且指定授权与所述产品一起使用的至少一个特征 产品; 使用与所述第一密钥相关联的第二密钥，从所述许可证数据获得所述唯一标识符; 从产品中检索产品标识符; 确定所述唯一标识符是否对应于所述产品标识符; 并且基于所述确定，授权使用所述至少一个特征与所述产品。