摘要:
Secure distribution of a private key to a user's application program (also called a "trusted player" such as a DVD player or CD-ROM player) with conditional access based on verification of the trusted player's integrity and authenticity is provided. Once validated, the trusted player uses the private key to decrypt encrypted digital content. The private key is dynamically generated, associated with specific digital content, and communicated in real-time from a server to the trusted player in a secure manner, thereby controlling access to encrypted digital content. The key is wrapped into an executable tamper resistant key module in which the key can only be used by the right trusted player as determined by the server based on user requests and payment. The key module plugs in to the trusted player and executes to validate the player and decrypt the content. The integrity of the trusted player is correlated to its ability to perform a cryptographic operation using an asymmetric key pair in a manner that is tamper resistant, thereby preventing an unencrypted copy of digital content to be made.
摘要:
A method and apparatus of authenticating and verifying the integrity of software modules is disclosed. In one embodiment, said software modules initially establish their corresponding credentials. Then said local software module ensures its integrity by validating its own digital signature. Said local software module authenticates the integrity of said partner software module after having derived and validated certain information from said partner module's credential. In addition, secure linkage between said local software module and said partner software module is maintained.
摘要:
In one apparatus, a group of plain text and obfuscated cells of programming instructions is provided to implement a descrambler that descrambles scrambled content to generate descrambled content. In another apparatus, a group of plain text and obfuscated cells of programming instructions is provided to implement an authenticator that provides appropriate authentication challenges to a scrambled content provider, and generates appropriate authentication responses to authentication challenges from the scrambled content provider. In yet another apparatus, a group of plain text and obfuscated cells of programming instructions is provided to implement an integrity verifier that performs integrity verification on a decoder. In yet another apparatus, a group of plain text and obfuscated cells of programming instructions is provided to implement a secrets holder that holds a number of secrets associated with playing scrambled contents.
摘要:
In one apparatus, a number of obfuscated programming instructions is provided to perform integrity verification on a number of other plain text programming instructions. In another apparatus, a number of obfuscated programming instructions is provided to self-verify an invocation of the obfuscated programming instructions is not originated from an intruder.
摘要:
In one apparatus, a number of obfuscated programming instructions are equipped to self-verify whether execution of the obfuscated programming instructions is being observed. In another apparatus, a number of obfuscated programming instruction are equipped to determine whether the apparatus is being operated in a mode that supports single step execution of the obfuscated programming instructions. In yet another apparatus, a number of obfuscated programming instruction are equipped to verify whether an amount of elapsed execution time has exceeded a threshold. In yet another apparatus, a first and a second group of obfuscated programming instruction are provided to implement a first and a second tamper resistant technique respectively, with the first and the second group of programming instructions sharing a storage location for a first and a second key value corresponding to the first and the second tamper resistant technique.
摘要:
In some embodiments, a method and apparatus for distributing private keys to an entity with minimal secret, unique information are described. In one embodiment, the method includes the storage of a chip secret key within a manufactured chip. Once the chip secret key is stored or programmed within the chip, the chip is sent to a system original equipment manufacturer (OEM) in order to integrate the chip within a system or device. Subsequently, a private key is generated for the chip by a key distribution facility (KDF) according to a key request received from the system OEM. In one embodiment, the KDF is the chip manufacturer. Other embodiments are described and claimed.
摘要:
A source-level compiler may randomly select compilation conventions to implement portable content protection, securing the secrets embedded in a program by shuffling associated data. The program may be developed using a source language that is applicative on the associated data. To obscure the embedded secrets, in one embodiment, pre-compiler software may be deployed for compiling the program in a random-execution-order based on a random seed indication that randomly selects compilation conventions and a shuffling algorithm that moves the associated data across the program during execution.
摘要:
Encrypting data in a cascaded block cipher system may be accomplished by applying a first encryption algorithm using a secret shared between first and second parties as a key to generate a secret inner key; applying a second encryption algorithm for a predetermined number of rounds using the secret inner key to generate a plurality of blocks of ciphertext data from a plurality of blocks of plaintext data; and repeating the applying the first encryption algorithm and the applying the second encryption algorithm steps.
摘要:
A method and apparatus for memory encryption with reduced decryption latency. In one embodiment, the method includes reading an encrypted data block from memory. During reading of the encrypted data block, a keystream used to encrypt the data block is regenerated according to one or more stored criteria of the encrypted data block. Once the encrypted data block is read, the encrypted data block is decrypted using the regenerated keystream. Accordingly, in one embodiment, encryption of either random access memory (RAM) or disk memory is performed. A keystream is regenerated during data retrieval such that once the data is received, the data may be decrypted using a single clock operation. As a result, memory encryption is performed without exacerbating memory latency between the processor and memory.
摘要:
Detecting loss of stream cipher synchronization between a transmitter and a receiver in a video processing system may be achieved by receiving, by the receiver, an encrypted video frame from the transmitter, obtaining an encrypted value for a selected pixel in the encrypted video frame, decrypting the encrypted pixel value using a first portion of the receiver's current key stream, re-encrypting the pixel value using a second portion of the receiver's current key stream, sending the re-encrypted pixel value from the receiver to the transmitter, obtaining, by the transmitter, a plaintext value for the selected pixel from a corresponding original video frame and encrypting the plaintext pixel value using a second portion of the transmitter's current key stream, and comparing the re-encrypted pixel value received from the receiver with the encrypted pixel value generated by the transmitter and detecting a loss of cipher synchronization when the values do not match.