公开(公告)号：US5991399A

公开(公告)日：1999-11-23

申请号：US993597

申请日：1997-12-18

申请人： Gary L. Graunke ,  John Carbajal ,  Richard L. Maliszewski ,  Carlos V. Rozas

发明人： Gary L. Graunke ,  John Carbajal ,  Richard L. Maliszewski ,  Carlos V. Rozas

IPC分类号： G06F21/00 ,  G11B20/00 ,  H04L9/00 ,  H04L9/08 ,  H04L9/30 ,  H04L9/32

CPC分类号： G06F21/34 ,  G06F21/10 ,  G06Q20/3829 ,  G11B20/00086 ,  G11B20/0021 ,  G06F2211/008

摘要： Secure distribution of a private key to a user's application program (also called a "trusted player" such as a DVD player or CD-ROM player) with conditional access based on verification of the trusted player's integrity and authenticity is provided. Once validated, the trusted player uses the private key to decrypt encrypted digital content. The private key is dynamically generated, associated with specific digital content, and communicated in real-time from a server to the trusted player in a secure manner, thereby controlling access to encrypted digital content. The key is wrapped into an executable tamper resistant key module in which the key can only be used by the right trusted player as determined by the server based on user requests and payment. The key module plugs in to the trusted player and executes to validate the player and decrypt the content. The integrity of the trusted player is correlated to its ability to perform a cryptographic operation using an asymmetric key pair in a manner that is tamper resistant, thereby preventing an unencrypted copy of digital content to be made.

摘要翻译： 提供了一种基于对可靠玩家的完整性和真实性的验证，将私钥安全地分配给具有条件访问的用户应用程序（也称为“受信任的玩家”，例如DVD播放器或CD-ROM播放器）。 经过验证，受信任的播放器使用私钥来解密加密的数字内容。 私钥是动态生成的，与特定数字内容相关联，并且以安全的方式从服务器到受信任的播放器实时地进行传送，从而控制对加密的数字内容的访问。 密钥被包装成可执行的防篡改密钥模块，其中密钥只能由由服务器根据用户请求和支付确定的正确的受信任的玩家使用。 关键模块插入信任的播放器，执行验证播放器并对内容进行解密。 可信任的播放器的完整性与其以防篡改的方式使用非对称密钥对执行密码操作的能力相关联，从而防止制作数字内容的未加密的副本。

公开(公告)号：US6105137A

公开(公告)日：2000-08-15

申请号：US109472

申请日：1998-07-02

申请人： Gary L. Graunke ,  Carlos V. Rozas

发明人： Gary L. Graunke ,  Carlos V. Rozas

IPC分类号： G06F1/00 ,  G06F21/00 ,  G06F11/30 ,  H02H3/05 ,  H04K1/00 ,  H04L9/00

CPC分类号： G06F21/64

摘要： A method and apparatus of authenticating and verifying the integrity of software modules is disclosed. In one embodiment, said software modules initially establish their corresponding credentials. Then said local software module ensures its integrity by validating its own digital signature. Said local software module authenticates the integrity of said partner software module after having derived and validated certain information from said partner module's credential. In addition, secure linkage between said local software module and said partner software module is maintained.

摘要翻译： 公开了一种验证和验证软件模块完整性的方法和装置。 在一个实施例中，所述软件模块最初建立其对应的证书。 然后说本地软件模块通过验证自己的数字签名来确保其完整性。 所述本地软件模块在从所述伙伴模块的凭证导出并验证某些信息之后，对所述伙伴软件模块的完整性进行认证。 此外，维护所述本地软件模块与所述伙伴软件模块之间的安全连接。

公开(公告)号：US06175925B1

公开(公告)日：2001-01-16

申请号：US08924167

申请日：1997-09-05

申请人： Joseph M. Nardone ,  Richard P. Mangold ,  Jody L. Pfotenhauer ,  Keith L. Shippy ,  David W. Aucsmith ,  Richard L. Maliszewski ,  Gary L. Graunke

发明人： Joseph M. Nardone ,  Richard P. Mangold ,  Jody L. Pfotenhauer ,  Keith L. Shippy ,  David W. Aucsmith ,  Richard L. Maliszewski ,  Gary L. Graunke

IPC分类号： G06F1130

CPC分类号： G11B20/00086 ,  G06F12/1408 ,  G06F21/10 ,  G06F21/14 ,  G06F21/52 ,  G06F21/57 ,  G06F21/79 ,  G06F2221/2107 ,  G06F2221/2135 ,  G06F2221/2151

摘要： In one apparatus, a group of plain text and obfuscated cells of programming instructions is provided to implement a descrambler that descrambles scrambled content to generate descrambled content. In another apparatus, a group of plain text and obfuscated cells of programming instructions is provided to implement an authenticator that provides appropriate authentication challenges to a scrambled content provider, and generates appropriate authentication responses to authentication challenges from the scrambled content provider. In yet another apparatus, a group of plain text and obfuscated cells of programming instructions is provided to implement an integrity verifier that performs integrity verification on a decoder. In yet another apparatus, a group of plain text and obfuscated cells of programming instructions is provided to implement a secrets holder that holds a number of secrets associated with playing scrambled contents.

摘要翻译： 在一种装置中，提供了一组编程指令的纯文本和混淆单元，以实现解扰器，其解扰加扰的内容以产生解扰的内容。 在另一种装置中，提供了一组编程指令的明文和混淆单元，以实现向加扰的内容提供商提供适当的认证挑战的认证器，并从加扰的内容提供商产生对认证挑战的适当认证响应。 在又一设备中，提供了一组编程指令的纯文本和混淆单元，以实现在解码器上执行完整性验证的完整性验证器。 在另一装置中，提供一组编程指令的明文和混淆单元，以实现保存与播放加扰内容相关联的多个秘密的秘密持有者。

公开(公告)号：US06178509B1

公开(公告)日：2001-01-23

申请号：US08924166

申请日：1997-09-05

申请人： Joseph M. Nardone ,  Richard T. Mangold ,  Jody L. Pfotenhauer ,  Keith L. Shippy ,  David W. Aucsmith ,  Richard L. Maliszewski ,  Gary L. Graunke

发明人： Joseph M. Nardone ,  Richard T. Mangold ,  Jody L. Pfotenhauer ,  Keith L. Shippy ,  David W. Aucsmith ,  Richard L. Maliszewski ,  Gary L. Graunke

IPC分类号： H04L900

CPC分类号： G11B20/00086 ,  G06F12/1408 ,  G06F21/10 ,  G06F21/14 ,  G06F21/52 ,  G06F21/57 ,  G06F21/79 ,  G06F2221/2107 ,  G06F2221/2135 ,  G06F2221/2151

摘要： In one apparatus, a number of obfuscated programming instructions is provided to perform integrity verification on a number of other plain text programming instructions. In another apparatus, a number of obfuscated programming instructions is provided to self-verify an invocation of the obfuscated programming instructions is not originated from an intruder.

摘要翻译： 在一种装置中，提供了许多模糊编程指令以对许多其他纯文本编程指令执行完整性验证。 在另一种装置中，提供了许多混淆的编程指令来自我验证，混淆编程指令的调用不是源于入侵者。

公开(公告)号：US06205550B1

公开(公告)日：2001-03-20

申请号：US08924740

申请日：1997-09-05

申请人： Joseph M. Nardone ,  Richard P. Mangold ,  Jody L. Pfotenhauer ,  Keith L. Shippy ,  David W. Aucsmith ,  Richard L. Maliszewski ,  Gary L. Graunke

发明人： Joseph M. Nardone ,  Richard P. Mangold ,  Jody L. Pfotenhauer ,  Keith L. Shippy ,  David W. Aucsmith ,  Richard L. Maliszewski ,  Gary L. Graunke

IPC分类号： G06F1130

CPC分类号： G06F12/1408 ,  G06F21/10 ,  G06F21/14 ,  G06F21/52 ,  G06F21/57 ,  G06F21/79 ,  G06F2221/2107 ,  G06F2221/2135 ,  G06F2221/2151 ,  G11B20/00086

摘要： In one apparatus, a number of obfuscated programming instructions are equipped to self-verify whether execution of the obfuscated programming instructions is being observed. In another apparatus, a number of obfuscated programming instruction are equipped to determine whether the apparatus is being operated in a mode that supports single step execution of the obfuscated programming instructions. In yet another apparatus, a number of obfuscated programming instruction are equipped to verify whether an amount of elapsed execution time has exceeded a threshold. In yet another apparatus, a first and a second group of obfuscated programming instruction are provided to implement a first and a second tamper resistant technique respectively, with the first and the second group of programming instructions sharing a storage location for a first and a second key value corresponding to the first and the second tamper resistant technique.

摘要翻译： 在一种装置中，配置了许多模糊编程指令来自我验证是否正在观察到模糊编程指令的执行。 在另一装置中，配备有多个模糊编程指令，以确定装置是否以支持模糊编程指令的单步执行的模式操作。 在另一装置中，配备有多个模糊编程指令，以验证经过的执行时间量是否超过阈值。 在另一装置中，提供第一组和第二组混淆编程指令以分别实现第一和第二防篡改技术，第一组和第二组编程指令共享用于第一和第二键的存储位置 值对应于第一和第二防篡改技术。

公开(公告)号：US08639915B2

公开(公告)日：2014-01-28

申请号：US12750128

申请日：2010-03-30

申请人： Gary L. Graunke

发明人： Gary L. Graunke

IPC分类号： G06F15/177

CPC分类号： H04L9/0891 ,  H04L9/0827 ,  H04L9/0877 ,  H04L9/3278 ,  H04L2209/60

摘要： In some embodiments, a method and apparatus for distributing private keys to an entity with minimal secret, unique information are described. In one embodiment, the method includes the storage of a chip secret key within a manufactured chip. Once the chip secret key is stored or programmed within the chip, the chip is sent to a system original equipment manufacturer (OEM) in order to integrate the chip within a system or device. Subsequently, a private key is generated for the chip by a key distribution facility (KDF) according to a key request received from the system OEM. In one embodiment, the KDF is the chip manufacturer. Other embodiments are described and claimed.

摘要翻译： 在一些实施例中，描述了用于将私钥分配给具有最小秘密唯一信息的实体的方法和装置。 在一个实施例中，该方法包括在制造的芯片内存储芯片秘密密钥。 一旦将芯片秘密密钥存储或编程在芯片内，则芯片被发送到系统原始设备制造商（OEM），以将芯片集成到系统或设备内。 随后，根据从系统OEM接收的密钥请求，通过密钥分发设备（KDF）为芯片生成私钥。 在一个实施例中，KDF是芯片制造商。 描述和要求保护其他实施例。

公开(公告)号：US08166471B2

公开(公告)日：2012-04-24

申请号：US12507863

申请日：2009-07-23

申请人： Gary L. Graunke

发明人： Gary L. Graunke

IPC分类号： G06F9/44

CPC分类号： G06F21/125 ,  G06F21/14

摘要： A source-level compiler may randomly select compilation conventions to implement portable content protection, securing the secrets embedded in a program by shuffling associated data. The program may be developed using a source language that is applicative on the associated data. To obscure the embedded secrets, in one embodiment, pre-compiler software may be deployed for compiling the program in a random-execution-order based on a random seed indication that randomly selects compilation conventions and a shuffling algorithm that moves the associated data across the program during execution.

摘要翻译： 源级编译器可以随机选择编译约定来实现便携式内容保护，通过混洗相关数据来保护嵌入在程序中的秘密。 可以使用适用于相关数据的源语言来开发该程序。 为了掩盖嵌入式秘密，在一个实施例中，可以部署预编译器软件，用于基于随机选择编译约定的随机种子指示以及随机执行顺序来移动相关数据的混洗算法以随机执行顺序编译程序 程序执行。

公开(公告)号：US08155306B2

公开(公告)日：2012-04-10

申请号：US11008904

申请日：2004-12-09

申请人： Ernic F. Brickell ,  Gary L. Graunke

发明人： Ernic F. Brickell ,  Gary L. Graunke

IPC分类号： G06F21/00

CPC分类号： H04L9/0637 ,  H04L9/0668

摘要： Encrypting data in a cascaded block cipher system may be accomplished by applying a first encryption algorithm using a secret shared between first and second parties as a key to generate a secret inner key; applying a second encryption algorithm for a predetermined number of rounds using the secret inner key to generate a plurality of blocks of ciphertext data from a plurality of blocks of plaintext data; and repeating the applying the first encryption algorithm and the applying the second encryption algorithm steps.

摘要翻译： 可以通过使用第一方和第二方之间共享的秘密应用第一加密算法作为生成秘密内密钥的密钥来实现加密级联块密码系统中的数据; 使用所述秘密内键对预定次数的循环应用第二加密算法，以从多个明文数据块生成多个密文块数据; 并重复应用第一加密算法和应用第二加密算法步骤。

公开(公告)号：US07472285B2

公开(公告)日：2008-12-30

申请号：US10603680

申请日：2003-06-25

申请人： Gary L. Graunke ,  Carlos Rozas

发明人： Gary L. Graunke ,  Carlos Rozas

IPC分类号： H04L9/00

CPC分类号： G06F12/1408 ,  G06F12/0802 ,  G06F21/78 ,  G06F21/85 ,  H04L9/0637 ,  H04L2209/12

摘要： A method and apparatus for memory encryption with reduced decryption latency. In one embodiment, the method includes reading an encrypted data block from memory. During reading of the encrypted data block, a keystream used to encrypt the data block is regenerated according to one or more stored criteria of the encrypted data block. Once the encrypted data block is read, the encrypted data block is decrypted using the regenerated keystream. Accordingly, in one embodiment, encryption of either random access memory (RAM) or disk memory is performed. A keystream is regenerated during data retrieval such that once the data is received, the data may be decrypted using a single clock operation. As a result, memory encryption is performed without exacerbating memory latency between the processor and memory.

摘要翻译： 一种减少解密延迟的存储器加密方法和装置。 在一个实施例中，该方法包括从存储器读取加密的数据块。 在读取加密数据块期间，根据加密数据块的一个或多个存储标准来重新生成用于加密数据块的密钥流。 读取加密的数据块后，使用再生的密钥流对加密的数据块进行解密。 因此，在一个实施例中，执行随机存取存储器（RAM）或磁盘存储器的加密。 在数据检索期间重新生成密钥流，使得一旦接收到数据，可以使用单个时钟操作来解密数据。 结果，执行存储器加密，而不会加剧处理器和存储器之间的存储器等待时间。

公开(公告)号：US07369661B2

公开(公告)日：2008-05-06

申请号：US10769253

申请日：2004-01-30

申请人： Gary L. Graunke

发明人： Gary L. Graunke

IPC分类号： H04L9/00

CPC分类号： H04N21/4367 ,  H04L9/065 ,  H04L9/12 ,  H04L2209/60 ,  H04N7/163 ,  H04N7/1675 ,  H04N21/4405 ,  H04N21/4408

摘要： Detecting loss of stream cipher synchronization between a transmitter and a receiver in a video processing system may be achieved by receiving, by the receiver, an encrypted video frame from the transmitter, obtaining an encrypted value for a selected pixel in the encrypted video frame, decrypting the encrypted pixel value using a first portion of the receiver's current key stream, re-encrypting the pixel value using a second portion of the receiver's current key stream, sending the re-encrypted pixel value from the receiver to the transmitter, obtaining, by the transmitter, a plaintext value for the selected pixel from a corresponding original video frame and encrypting the plaintext pixel value using a second portion of the transmitter's current key stream, and comparing the re-encrypted pixel value received from the receiver with the encrypted pixel value generated by the transmitter and detecting a loss of cipher synchronization when the values do not match.

摘要翻译： 检测视频处理系统中的发射机和接收机之间的流密码同步的损失可以通过接收机从发射机接收加密的视频帧来获得加密的视频帧中的所选像素的加密值，解密 使用接收机当前密钥流的第一部分的加密像素值，使用接收机当前密钥流的第二部分重新加密像素值，将重新加密的像素值从接收器发送到发送器，通过 发送器，来自相应的原始视频帧的所选像素的明文值，并使用发送器当前密钥流的第二部分加密明文像素值，并将从接收器接收的重新加密的像素值与生成的加密像素值进行比较 并且当值不匹配时检测密码同步丢失。