Internet protocol telephony security architecture
    1.
    发明申请
    Internet protocol telephony security architecture 有权
    互联网协议电话安全架构

    公开(公告)号:US20050027985A1

    公开(公告)日:2005-02-03

    申请号:US10893047

    申请日:2004-07-15

    摘要: A secure Internet Protocol (IP) telephony system, apparatus, and methods are disclosed. Communications over an IP telephony system can be secured by securing communications to and from a Cable Telephony Adapter (CTA). The system can include one or more CTAs, network servers, servers configured as signaling controllers, key distribution centers (KDC), and can include gateways that couple the IP telephony system to a Public Switched Telephone Network (PSTN). Each CTA can be configured as secure hardware and can be configured with multiple encryption keys that are used to communicate signaling or bearer channel communications. The KDC can be configured to periodically distribute symmetric encryption keys to secure communications between devices that have been provisioned to operate in the system and signaling controllers. The secure devices, such as the CTA, can communicate with other secure devices by establishing signaling and bearer channels that are encrypted with session specific symmetric keys derived from a symmetric key distributed by a signaling controller.

    摘要翻译: 公开了一种安全的因特网协议(IP)电话系统,装置和方法。 通过IP电话系统的通信可以通过保护与有线电话适配器(CTA)的通信来保护。 该系统可以包括一个或多个CTA,网络服务器,配置为信令控制器的服务器,密钥分配中心(KDC),并且可以包括将IP电话系统耦合到公共交换电话网络(PSTN)的网关。 每个CTA都可以配置为安全硬件,并且可以配置多个用于通信信令或承载信道通信的加密密钥。 KDC可以被配置为周期性地分配对称加密密钥以保护已经被提供以在系统和信令控制器中操作的设备之间的通信。 诸如CTA之类的安全设备可以通过建立用由信令控制器分配的对称密钥导出的会话专用对称密钥加密的信令和承载信道来与其他安全设备进行通信。

    Key management protocol and authentication system for secure internet protocol rights management architecture
    4.
    发明授权
    Key management protocol and authentication system for secure internet protocol rights management architecture 有权
    用于安全互联网协议权限管理架构的密钥管理协议和认证系统

    公开(公告)号:US07243366B2

    公开(公告)日:2007-07-10

    申请号:US10092347

    申请日:2002-03-04

    摘要: A digital rights management architecture for securely delivering content to authorized consumers. The architecture includes a content provider and a consumer system for requesting content from the content provider. The content provider generates a session rights object having purchase options selected by the consumer. A KDC thereafter provides authorization data to the consumer system. Also, a caching server is provided for comparing the purchase options with the authorization data. The caching server forwards the requested content to the consumer system if the purchase options match the authorization data. Note that the caching server employs real time streaming for securely forwarding the encrypted content, and the requested content is encrypted for forwarding to the consumer system. Further, the caching server and the consumer system exchange encrypted control messages (and authenticated) for supporting transfer of the requested content. In this manner, all interfaces between components are protected by encryption and/authenticated.

    摘要翻译: 数字版权管理架构,用于将权限安全地传递给授权消费者。 该架构包括内容提供商和用于从内容提供商请求内容的消费者系统。 内容提供商生成具有由消费者选择的购买选项的会话权限对象。 KDC此后向消费者系统提供授权数据。 此外,还提供了一个缓存服务器,用于将购买选项与授权数据进行比较。 如果购买选项与授权数据匹配,则缓存服务器将所请求的内容转发到消费者系统。 请注意,缓存服务器采用实时流式传输安全地转发加密的内容,并且所请求的内容被加密以转发到消费者系统。 此外,缓存服务器和消费者系统交换加密的控制消息(并被认证)以支持所请求的内容的传送。 以这种方式,组件之间的所有接口都受到加密和/或认证的保护。

    Method and apparatus for authenticating data
    8.
    发明申请
    Method and apparatus for authenticating data 审中-公开
    用于认证数据的方法和装置

    公开(公告)号:US20050071640A1

    公开(公告)日:2005-03-31

    申请号:US10796712

    申请日:2004-03-09

    IPC分类号: H04L9/08 H04L9/32 H04L9/00

    摘要: A method for authenticating a string of data stored remotely from the processor. A bifurcated hash routine can be utilized to provide a check root along with a putative new root for a revised string of data. The check root can be compared with the previously determined initial root. If the check root matches the initial root, the new root is accepted in view of the fact that it was computed concurrently with the check root.

    摘要翻译: 一种用于认证从处理器远程存储的数据串的方法。 可以使用分叉哈希例程来为经修改的数据串提供检查根和推定的新根。 检查根可以与先前确定的初始根进行比较。 如果检查根与初始根匹配,则根据与检查根同时计算的事实,新的根被接受。

    Generation of cryptographic signatures using hash keys
    9.
    发明授权
    Generation of cryptographic signatures using hash keys 失效
    使用散列键生成加密签名

    公开(公告)号:US5754659A

    公开(公告)日:1998-05-19

    申请号:US577922

    申请日:1995-12-22

    摘要: A method and apparatus are provided for generating a digital signature that authenticates information of a plurality of different information groups. Information from each group is hashed to produce a separate hash key for each group authenticating the information in that group. Particular combinations of the hash keys are hashed together to produce at least one combined hash key. Each of the hash keys is ultimately combined in a predetermined order with all other hash keys via the combined hash keys to produce the digital signature in a manner that authenticates the information of all of the information groups. The digital signature is reproducible without access to all of the information groups authenticated thereby. Instead, information from a first information group is provided together with a set of hash keys and combined hash keys embodying authenticated information from the other groups. The hash key for the first information group is produced locally and combined with the other hash keys and/or combined hash keys in order to reproduce the digital signature.

    摘要翻译: 提供了一种方法和装置,用于产生认证多个不同信息组的信息的数字签名。 来自每个组的信息被散列以产生用于认证该组中的信息的每个组的单独的散列密钥。 哈希密钥的特定组合被散列在一起以产生至少一个组合的散列密钥。 每个散列密钥最终通过组合的散列密钥以预定顺序与所有其他散列密钥组合,以便以认证所有信息组的信息的方式产生数字签名。 数字签名是可重复的,无需访问由此认证的所有信息组。 相反,来自第一信息组的信息与体现来自其他组的认证信息的一组散列密钥和组合散列密钥一起提供。 用于第一信息组的散列密钥本地产生并与其它散列密钥和/或组合散列密钥组合以便再现数字签名。

    Cryptographic apparatus with double feedforward hash function
    10.
    发明授权
    Cryptographic apparatus with double feedforward hash function 失效
    具有双前馈散列函数的加密装置

    公开(公告)号:US5606616A

    公开(公告)日:1997-02-25

    申请号:US497880

    申请日:1995-07-03

    CPC分类号: H04L9/0643 H04L2209/125

    摘要: Apparatus is provided for authenticating information using a double feedforward hash function to provide complementarity in the implementation of an encryption algorithm. A cryptographic processor has a first input for receiving plaintext, a second input for receiving a key and an output for outputting ciphertext generated by cryptographically processing the plaintext and key. A first circuit element is responsive to the ciphertext and plaintext for outputting a first ciphertext derivative. A second circuit element is responsive to at least a portion of the first ciphertext derivative and the key for outputting a second ciphertext derivative. The first and second circuit elements can be XOR gates. Alternatively, these elements can be provided using lookup tables. Subsequent cryptographic processor stages can be provided having a first input for receiving second plaintext, a second input for receiving the second ciphertext derivative as a key, and an output for outputting second ciphertext generated by cryptographically processing the second plaintext and the second ciphertext derivative. In an illustrated embodiment, the cryptographic processor is a DES processor.

    摘要翻译: 提供了用于使用双前馈散列函数来认证信息的装置,以在实现加密算法中提供互补性。 密码处理器具有用于接收明文的第一输入,用于接收密钥的第二输入和用于输出通过密码处理明文和密钥产生的密文的输出。 第一电路元件响应密文和明文输出第一密文导数。 第二电路元件响应于第一密文导数的至少一部分和用于输出第二密文导数的密钥。 第一和第二电路元件可以是异或门。 或者,可以使用查找表来提供这些元素。 可以提供后续的加密处理器级,其具有用于接收第二明文的第一输入,用于接收第二密文导数作为键的第二输入,以及用于输出通过密码处理第二明文和第二密文导数而生成的第二密文的输出。 在所示实施例中,密码处理器是DES处理器。