公开(公告)号：US09300465B2

公开(公告)日：2016-03-29

申请号：US12034421

申请日：2008-02-20

申请人： Eric M. Foster ,  Jeffrey B. Lotspiech ,  Florian Pestoni ,  Wilfred E. Plouffe, Jr. ,  Frank A. Schaffa

发明人： Eric M. Foster ,  Jeffrey B. Lotspiech ,  Florian Pestoni ,  Wilfred E. Plouffe, Jr. ,  Frank A. Schaffa

IPC分类号： H04L29/06 ,  H04L9/08 ,  H04L9/12 ,  G11B20/00

CPC分类号： H04L9/0822 ,  G11B20/0021 ,  G11B20/00362 ,  H04L9/083 ,  H04L9/12 ,  H04L63/045 ,  H04L2209/603 ,  H04L2463/101

摘要： A method and system for attaching a title key to encrypted content for synchronized transmission to, or storage by, a recipient is provided. Specifically, under the present invention, an elementary media stream is parceled into content units that each include a content packet and a header. The content packets are encrypted with one or more title keys. Once the content packets have been encrypted, the title keys are themselves encrypted with a key encrypting key. The encrypted title keys are then attached to the corresponding encrypted content packets for synchronized transmission to a recipient.

公开(公告)号：US20080273702A1

公开(公告)日：2008-11-06

申请号：US12034421

申请日：2008-02-20

申请人： Eric M. Foster ,  Jeffrey B. Lotspiech ,  Florian Pestoni ,  Wilfred E. Plouffe ,  Frank A. Schaffa

发明人： Eric M. Foster ,  Jeffrey B. Lotspiech ,  Florian Pestoni ,  Wilfred E. Plouffe ,  Frank A. Schaffa

IPC分类号： H04L9/06

CPC分类号： H04L9/0822 ,  G11B20/0021 ,  G11B20/00362 ,  H04L9/083 ,  H04L9/12 ,  H04L63/045 ,  H04L2209/603 ,  H04L2463/101

摘要： A method and system for attaching a title key to encrypted content for synchronized transmission to, or storage by, a recipient is provided. Specifically, under the present invention, an elementary media stream is parceled into content units that each include a content packet and a header. The content packets are encrypted with one or more title keys. Once the content packets have been encrypted, the title keys are themselves encrypted with a key encrypting key. The encrypted title keys are then attached to the corresponding encrypted content packets for synchronized transmission to a recipient.

摘要翻译： 提供了一种用于将标题密钥附加到加密内容以用于同步发送到或由接收者存储的方法和系统。 具体地说，在本发明中，将基本媒体流分解成各自包含内容分组和头部的内容单元。 内容分组用一个或多个标题密钥加密。 一旦内容分组被加密，标题密钥本身就用密钥加密密钥加密。 然后将加密的标题密钥附加到相应的加密内容分组，以便同步发送给接收方。

公开(公告)号：US07356147B2

公开(公告)日：2008-04-08

申请号：US10124873

申请日：2002-04-18

申请人： Eric M. Foster ,  Jeffrey B. Lotspiech ,  Florian Pestoni ,  Wilfred E. Plouffe, Jr. ,  Frank A. Schaffa

发明人： Eric M. Foster ,  Jeffrey B. Lotspiech ,  Florian Pestoni ,  Wilfred E. Plouffe, Jr. ,  Frank A. Schaffa

IPC分类号： H04K1/00 ,  H04L9/00

CPC分类号： H04L9/0822 ,  G11B20/0021 ,  G11B20/00362 ,  H04L9/083 ,  H04L9/12 ,  H04L63/045 ,  H04L2209/603 ,  H04L2463/101

摘要： A method and system for attaching a title key to encrypted content for synchronized transmission to, or storage by, a recipient is provided. Specifically, under the present invention, an elementary media stream is parceled into content units that each include a content packet and a header. The content packets are encrypted with one or more title keys. Once the content packets have been encrypted, the title keys are themselves encrypted with a key encrypting key. The encrypted title keys are then attached to the corresponding encrypted content packets for synchronized transmission to a recipient.

摘要翻译： 提供了一种用于将标题密钥附加到加密内容以用于同步发送到或由接收者存储的方法和系统。 具体地说，在本发明中，将基本媒体流分解成各自包含内容分组和头部的内容单元。 内容分组用一个或多个标题密钥加密。 一旦内容分组被加密，标题密钥本身就用密钥加密密钥加密。 然后将加密的标题密钥附加到相应的加密内容分组，以便同步发送给接收方。

公开(公告)号：US08656178B2

公开(公告)日：2014-02-18

申请号：US10125714

申请日：2002-04-18

申请人： Eric M. Foster ,  Jeffrey B. Lotspiech ,  Dalit Naor ,  Sigfredo I. Nin ,  Florian Pestoni ,  Wilfred E. Plouffe, Jr. ,  Frank A. Schaffa

发明人： Eric M. Foster ,  Jeffrey B. Lotspiech ,  Dalit Naor ,  Sigfredo I. Nin ,  Florian Pestoni ,  Wilfred E. Plouffe, Jr. ,  Frank A. Schaffa

IPC分类号： H04L9/32

CPC分类号： H04L63/10 ,  G06F21/10 ,  G06Q30/06 ,  G11B20/00362 ,  H04L63/12 ,  H04L2463/101

摘要： The present invention provides a method, system and program product for modifying content usage conditions during broadcast content distribution. Specifically, the present invention allows protected (e.g., encrypted, secured, etc.) content to be received along with content usage conditions, an encrypted combination of the content usage conditions and a title key (e.g., a MAC), and a key management block. Using the key management block, a key encrypting key can be determined for decrypting the combination. Once the combination is decrypted, the content usage conditions can be modified (e.g., edited, added to, etc.).

摘要翻译： 本发明提供一种用于在广播内容分发期间修改内容使用条件的方法，系统和程序产品。 具体地，本发明允许与内容使用条件，内容使用条件和标题密钥（例如，MAC）的加密组合以及密钥管理一起接收受保护（例如，加密，安全等）内容 块。 使用密钥管理块，可以确定密钥加密密钥来解密组合。 一旦组合被解密，内容使用条件可以被修改（例如，编辑，添加到等等）。

公开(公告)号：US07092527B2

公开(公告)日：2006-08-15

申请号：US10125254

申请日：2002-04-18

申请人： Eric M. Foster ,  Jeffrey B. Lotspiech ,  Florian Pestoni ,  Wilfred E. Plouffe, Jr. ,  Frank A. Schaffa

发明人： Eric M. Foster ,  Jeffrey B. Lotspiech ,  Florian Pestoni ,  Wilfred E. Plouffe, Jr. ,  Frank A. Schaffa

IPC分类号： H04L9/00

CPC分类号： G11B20/0021 ,  G11B20/00086 ,  G11B20/00188 ,  G11B20/00195 ,  G11B20/00478 ,  G11B20/00528 ,  G11B20/00536 ,  H04L9/0822 ,  H04L9/0836 ,  H04L9/0891 ,  H04L2209/601

摘要： A method, system and program product for managing a size of a key management block (KMB) during content distribution is provided. Specifically, a first KMB corresponding to a first subtree of devices is received along with content as encrypted with a title key. If a size of the first KMB exceeds a predetermined threshold, a second subtree will be created. A second KMB corresponding to the second subtree of devices will then be generated. The second KMB contains an entry revoking the entire first subtree of devices and, as such, is smaller than the first KMD. Any compliant devices from the first subtree are migrated to the second subtree.

公开(公告)号：US07516331B2

公开(公告)日：2009-04-07

申请号：US10723725

申请日：2003-11-26

申请人： Hongxia Jin ,  Donald E. Leake, Jr. ,  Jeffrey B. Lotspiech ,  Sigfredo I. Nin ,  Wilfred E. Plouffe

发明人： Hongxia Jin ,  Donald E. Leake, Jr. ,  Jeffrey B. Lotspiech ,  Sigfredo I. Nin ,  Wilfred E. Plouffe

IPC分类号： H04L9/32

CPC分类号： G06F21/6218 ,  G06F21/14 ,  G06F21/51

摘要： A trusted Java virtual machine provides a method for supporting tamper-resistant applications, ensuring the integrity of an application and its secrets such as keys. The trusted Java virtual machine verifies the integrity of the Java application, prevents debugging of the Java application, and allows the Java application to securely store and retrieve secrets. The trusted Java virtual machine environment comprises a TrustedDictionary, a TrustedBundle, an optional encryption method for encrypting and decrypting byte codes, and an underlying trusted Java virtual machine. The encrypted TrustedDictionary protects data while the TrustedBundle protects programming code, allowing applications to store secret data and secure counters. The application designer can restrict TrustedBundle access to only those interfaces that the application designer explicitly exports. The open source code may optionally be encrypted. Secrets required by the open source programming code of the application are encrypted in TrustedDictionary.

摘要翻译： 受信任的Java虚拟机提供了一种支持防篡改应用程序的方法，确保应用程序的完整性及其密钥（如密钥）。 受信任的Java虚拟机验证Java应用程序的完整性，防止Java应用程序的调试，并允许Java应用程序安全地存储和检索秘密。 受信任的Java虚拟机环境包括TrustedDictionary，TrustedBundle，用于加密和解密字节代码的可选加密方法，以及底层可信Java虚拟机。 加密的TrustedDictionary保护数据，而TrustedBundle保护编程代码，允许应用程序存储秘密数据和安全计数器。 应用程序设计人员可以将TrustedBundle访问限制为应用程序设计程序明确导出的那些接口。 可以可选地加密开源代码。 应用程序的开源编程代码所需的秘密在TrustedDictionary中加密。

公开(公告)号：US20090138731A1

公开(公告)日：2009-05-28

申请号：US12363876

申请日：2009-02-02

申请人： Hongxia Jin ,  Donald E. Leake, JR. ,  Jeffrey B. Lotspiech ,  Sigfredo I. Nin ,  Wilfred E. Plouffe

发明人： Hongxia Jin ,  Donald E. Leake, JR. ,  Jeffrey B. Lotspiech ,  Sigfredo I. Nin ,  Wilfred E. Plouffe

IPC分类号： G06F21/22

CPC分类号： G06F21/6218 ,  G06F21/14 ,  G06F21/51

摘要： A trusted Java virtual machine provides a method for supporting tamper-resistant applications, ensuring the integrity of an application and its secrets such as keys. The trusted Java virtual machine verifies the integrity of the Java application, prevents debugging of the Java application, and allows the Java application to securely store and retrieve secrets. The trusted Java virtual machine environment comprises a TrustedDictionary, a TrustedBundle, an optional encryption method for encrypting and decrypting byte codes, and an underlying trusted Java virtual machine. The encrypted TrustedDictionary protects data while the TrustedBundle protects programming code, allowing applications to store secret data and secure counters. The application designer can restrict TrustedBundle access to only those interfaces that the application designer explicitly exports. The open source code may optionally be encrypted. Secrets required by the open source programming code of the application are encrypted in TrustedDictionary.

摘要翻译： 受信任的Java虚拟机提供了一种支持防篡改应用程序的方法，确保应用程序的完整性及其密钥（如密钥）。 受信任的Java虚拟机验证Java应用程序的完整性，防止Java应用程序的调试，并允许Java应用程序安全地存储和检索秘密。 受信任的Java虚拟机环境包括TrustedDictionary，TrustedBundle，用于加密和解密字节代码的可选加密方法，以及底层可信Java虚拟机。 加密的TrustedDictionary保护数据，而TrustedBundle保护编程代码，允许应用程序存储秘密数据和安全计数器。 应用程序设计人员可以将TrustedBundle访问限制为应用程序设计程序明确导出的那些接口。 可以可选地加密开源代码。 应用程序的开源编程代码所需的秘密在TrustedDictionary中加密。

公开(公告)号：US07747877B2

公开(公告)日：2010-06-29

申请号：US12363876

申请日：2009-02-02

申请人： Hongxia Jin ,  Donald E. Leake, Jr. ,  Jeffrey B. Lotspiech ,  Sigfredo I. Nin ,  Wilfred E. Plouffe

发明人： Hongxia Jin ,  Donald E. Leake, Jr. ,  Jeffrey B. Lotspiech ,  Sigfredo I. Nin ,  Wilfred E. Plouffe

IPC分类号： G06F11/30 ,  G06F12/14

CPC分类号： G06F21/6218 ,  G06F21/14 ,  G06F21/51

摘要： A trusted Java virtual machine provides a method for supporting tamper-resistant applications, ensuring the integrity of an application and its secrets such as keys. The trusted Java virtual machine verifies the integrity of the Java application, prevents debugging of the Java application, and allows the Java application to securely store and retrieve secrets. The trusted Java virtual machine environment comprises a TrustedDictionary, a TrustedBundle, an optional encryption method for encrypting and decrypting byte codes, and an underlying trusted Java virtual machine. The encrypted TrustedDictionary protects data while the TrustedBundle protects programming code, allowing applications to store secret data and secure counters. The application designer can restrict TrustedBundle access to only those interfaces that the application designer explicitly exports. The open source code may optionally be encrypted. Secrets required by the open source programming code of the application are encrypted in TrustedDictionary.

摘要翻译： 受信任的Java虚拟机提供了一种支持防篡改应用程序的方法，确保应用程序的完整性及其密钥（如密钥）。 受信任的Java虚拟机验证Java应用程序的完整性，防止Java应用程序的调试，并允许Java应用程序安全地存储和检索秘密。 受信任的Java虚拟机环境包括TrustedDictionary，TrustedBundle，用于加密和解密字节代码的可选加密方法，以及底层可信Java虚拟机。 加密的TrustedDictionary保护数据，而TrustedBundle保护编程代码，允许应用程序存储秘密数据和安全计数器。 应用程序设计人员可以将TrustedBundle访问限制为应用程序设计程序明确导出的那些接口。 可以可选地加密开源代码。 应用程序的开源编程代码所需的秘密在TrustedDictionary中加密。

公开(公告)号：US07539307B2

公开(公告)日：2009-05-26

申请号：US10723403

申请日：2003-11-26

申请人： Jeffrey B. Lotspiech ,  Florian Pestoni

发明人： Jeffrey B. Lotspiech ,  Florian Pestoni

IPC分类号： H04N7/167

CPC分类号： G11B20/00086 ,  G11B20/00094 ,  G11B20/00123 ,  G11B20/0021 ,  G11B20/00362 ,  G11B20/0071 ,  G11B20/00855 ,  G11B20/00978 ,  H04L63/0428 ,  H04L63/123

摘要： Enhanced multimedia content on physical media interacts with the user through a media player and the Internet. Enhanced multimedia utilizes IDs for pieces of content on the media and a media key block. On the enhanced media is a file with a list of URLs. As the enhanced media plays a section requiring a set of keys for decryption, the media player accesses the URL for that section and obtains the decryption key. The decryption key may be purchased or provided for free. Secure encryption and transmission of these keys is accomplished by broadcast encryption using a media key block. Each media has a unique set of keys that allow the media player to process the media key block; however, each media follows a unique path through the media key block. All legitimate media players obtain the media key; circumvention devices cannot decipher the media key block.

摘要翻译： 物理媒体上的增强型多媒体内容通过媒体播放器和互联网与用户交互。 增强多媒体利用媒体上的内容片段和媒体密钥块的ID。 在增强型媒体上是一个包含URL列表的文件。 由于增强媒体播放需要一组密钥进行解密的部分，媒体播放器访问该部分的URL并获得解密密钥。 解密密钥可以免费购买或提供。 通过使用媒体密钥块的广播加密来实现这些密钥的安全加密和传输。 每个媒体都有一组唯一的密钥，允许媒体播放器处理媒体密钥块; 然而，每个媒体遵循通过媒体密钥块的唯一路径。 所有合法媒体播放器获取媒体密钥; 规避设备不能破译媒体密钥块。

公开(公告)号：US09009489B2

公开(公告)日：2015-04-14

申请号：US13585950

申请日：2012-08-15

申请人： Thomas A. Bellwood ,  Robert G. Deen ,  Jeffrey B. Lotspiech ,  Matthew F. Rutkowski

发明人： Thomas A. Bellwood ,  Robert G. Deen ,  Jeffrey B. Lotspiech ,  Matthew F. Rutkowski

IPC分类号： G06F11/30 ,  G06F12/14 ,  H04L9/08

CPC分类号： H04L9/0866 ,  H04L2209/601

摘要： Provided are techniques for the creation and storage of an archive for binding IDs corresponding to a cluster of devices that render content protected by a broadcast encryption scheme. When two or more clusters are merged, a binding ID corresponding to one of the clusters is selected and a new management key is generated. Binding IDs associated with the clusters other than the cluster associated with the selected binding ID are encrypted using the new management key and stored on a cluster-authorized device in a binding ID archive. Content stored in conformity with an outdated binding ID is retrieved by decrypting the binding ID archive with the management key, recalculating an old management key and decrypting the stored content.

摘要翻译： 提供了用于创建和存储用于绑定ID的存档的技术，所述绑定ID对应于呈现由广播加密方案保护的内容的设备的集群。 当两个或更多个集群合并时，选择与一个集群对应的绑定ID，并生成新的管理密钥。 与除与所选绑定ID相关联的集群之外的集群相关联的绑定ID使用新的管理密钥加密并存储在绑定ID归档中的集群授权设备上。 通过用管理密钥解密绑定ID档案，重新计算旧的管理密钥并解密所存储的内容来检索与过时的绑定ID一致的存储的内容。