公开(公告)号：US10025953B2

公开(公告)日：2018-07-17

申请号：US15188737

申请日：2016-06-21

申请人： Intertrust Technologies Corporation

发明人： Xavier Serret-Avila

IPC分类号： G06F11/30 ,  G06F21/64 ,  H04L9/32 ,  H04L29/06 ,  G06F21/53

摘要： Systems and methods are disclosed for enabling a recipient of a cryptographically-signed electronic communication to verify the authenticity of the communication on-the-fly using a signed chain of check values, the chain being constructed from the original content of the communication, and each check value in the chain being at least partially dependent on the signed root of the chain and a portion of the communication. Fault tolerance can be provided by including error-check values in the communication that enable a decoding device to maintain the chain's security in the face of communication errors. In one embodiment, systems and methods are provided for enabling secure quasi-random access to a content file by constructing a hierarchy of hash values from the file, the hierarchy deriving its security in a manner similar to that used by the above-described chain. The hierarchy culminates with a signed hash that can be used to verify the integrity of other hash values in the hierarchy, and these other hash values can, in turn, be used to efficiently verify the authenticity of arbitrary portions of the content file.

公开(公告)号：US08850214B2

公开(公告)日：2014-09-30

申请号：US13892021

申请日：2013-05-10

申请人： Intertrust Technologies Corporation

发明人： Xavier Serret-Avila ,  Gilles Boccon-Gibod

IPC分类号： H04L9/32 ,  H04N21/2389 ,  H04N5/913 ,  H04N1/32 ,  H04N19/467 ,  H04N21/4627 ,  H04N21/8358 ,  G11B20/00 ,  H04N7/16 ,  H04N19/00 ,  G06T1/00

CPC分类号： G06F21/10 ,  G06F2221/07 ,  G06T1/0071 ,  G11B20/00086 ,  G11B20/00123 ,  G11B20/00884 ,  G11B20/00898 ,  H04L9/3236 ,  H04L9/3247 ,  H04L2209/608 ,  H04N1/32144 ,  H04N1/32208 ,  H04N1/32283 ,  H04N1/32288 ,  H04N1/32293 ,  H04N1/32304 ,  H04N1/3232 ,  H04N5/913 ,  H04N7/162 ,  H04N19/00 ,  H04N19/467 ,  H04N21/23892 ,  H04N21/4627 ,  H04N21/8358 ,  H04N2005/91335 ,  H04N2201/3235

摘要： Systems and methods are provided for determining a presence of a watermark in electronic data. In certain embodiments, a plurality of keys is generated, and a plurality of payloads are retrieved from electronic data using the keys. A statistical indicia of randomness is generated based on the payloads, and the presence of a watermark is determined when the indicia is below a threshold.

摘要翻译： 提供了用于确定电子数据中的水印的存在的系统和方法。 在某些实施例中，生成多个密钥，并且使用密钥从电子数据中检索多个有效载荷。 基于有效载荷生成随机性的统计标记，并且当标记低于阈值时确定水印的存在。

公开(公告)号：US09077545B2

公开(公告)日：2015-07-07

申请号：US14071586

申请日：2013-11-04

申请人： Intertrust Technologies Corporation

发明人： Stephen P. Weeks ,  Xavier Serret-Avila

IPC分类号： H04L29/06 ,  H04L9/32 ,  G06F21/60

CPC分类号： H04L9/3263 ,  G06F21/604 ,  G06F2221/2141

摘要： The present invention provides systems and methods for making efficient trust management decisions. A trust management engine is provided that processes requests for system resources, authorizations or certificates, and the identity of one or more root authorities that are ultimately responsible for granting or denying the requests. To determine whether a request should be granted, the trust management engine identifies a set principals from whom authorization may flow, and interprets each of the certificates as a function of the state of one or more of the principals. The processing logic iteratively evaluates the functions represented by the certificates, updates the states of the principals, and repeats this process until a reliable determination can be made as to whether the request should be granted or denied. The certificates may be evaluated until the state of the root authority indicates that the request should be granted, or until further evaluation of the certificates is ineffective in changing the state of the principals.

公开(公告)号：US20160292458A1

公开(公告)日：2016-10-06

申请号：US15188737

申请日：2016-06-21

申请人： Intertrust Technologies Corporation

发明人： Xavier Serret-Avila

IPC分类号： G06F21/64 ,  H04L9/32 ,  G06F21/53

CPC分类号： G06F21/64 ,  G06F21/53 ,  G06F2221/2149 ,  H04L9/3236 ,  H04L63/0428 ,  H04L2209/30 ,  H04L2209/38 ,  H04L2209/603

摘要： Systems and methods are disclosed for enabling a recipient of a cryptographically-signed electronic communication to verify the authenticity of the communication on-the-fly using a signed chain of check values, the chain being constructed from the original content of the communication, and each check value in the chain being at least partially dependent on the signed root of the chain and a portion of the communication. Fault tolerance can be provided by including error-check values in the communication that enable a decoding device to maintain the chain's security in the face of communication errors. In one embodiment, systems and methods are provided for enabling secure quasi-random access to a content file by constructing a hierarchy of hash values from the file, the hierarchy deriving its security in a manner similar to that used by the above-described chain. The hierarchy culminates with a signed hash that can be used to verify the integrity of other hash values in the hierarchy, and these other hash values can, in turn, be used to efficiently verify the authenticity of arbitrary portions of the content file.

摘要翻译： 公开了系统和方法，用于使密码签名的电子通信的接收者能够使用签署的检查值链来验证通信的真实性，该链由正在通信的原始内容构成，并且每个 检查链中的值至少部分地取决于链的签名根和通信的一部分。 可以通过在通信中包括错误检查值来提供容错，使得解码设备能够在面对通信错误时保持链的安全性。 在一个实施例中，提供了系统和方法，用于通过从文件中构建散列值的层级来实现对内容文件的安全准随机访问，层级以与上述链类似的方式导出其安全性。 层次结构最终得到一个可用于验证层次结构中其他哈希值的完整性的签名散列，而这些哈希值又可用于有效地验证内容文件的任意部分的真实性。

公开(公告)号：US20140068249A1

公开(公告)日：2014-03-06

申请号：US14071586

申请日：2013-11-04

申请人： Intertrust Technologies Corporation

发明人： Stephen P. WEEKS ,  Xavier Serret-Avila

IPC分类号： H04L9/32

CPC分类号： H04L9/3263 ,  G06F21/604 ,  G06F2221/2141

摘要： The present invention provides systems and methods for making efficient trust management decisions. A trust management engine is provided that processes requests for system resources, authorizations or certificates, and the identity of one or more root authorities that are ultimately responsible for granting or denying the requests. To determine whether a request should be granted, the trust management engine identifies a set principals from whom authorization may flow, and interprets each of the certificates as a function of the state of one or more of the principals. The processing logic iteratively evaluates the functions represented by the certificates, updates the states of the principals, and repeats this process until a reliable determination can be made as to whether the request should be granted or denied. The certificates may be evaluated until the state of the root authority indicates that the request should be granted, or until further evaluation of the certificates is ineffective in changing the state of the principals.

摘要翻译： 本发明提供了用于进行有效信任管理决策的系统和方法。 提供了一个信任管理引擎来处理对系统资源，授权或证书的请求以及最终负责授予或拒绝请求的一个或多个root权限的身份。 为了确定是否应该授予请求，信任管理引擎识别从其授权可能流动的集合主体，并且将每个证书解释为一个或多个主体的状态的函数。 处理逻辑迭代地评估由证书表示的功能，更新主体的状态，并重复该过程，直到可以确定是否应该请求被授予或被拒绝为止。 可以评估证书，直到根管理员的状态表明该请求应被授予，或者直到进一步评估证书在改变主体状态方面无效时。

公开(公告)号：US09401896B2

公开(公告)日：2016-07-26

申请号：US14304422

申请日：2014-06-13

申请人： Intertrust Technologies Corporation

发明人： Xavier Serret-Avila

IPC分类号： H04L29/06 ,  G06F21/64 ,  H04L9/32

CPC分类号： G06F21/64 ,  G06F21/53 ,  G06F2221/2149 ,  H04L9/3236 ,  H04L63/0428 ,  H04L2209/30 ,  H04L2209/38 ,  H04L2209/603

摘要： Systems and methods are disclosed for enabling a recipient of a cryptographically-signed electronic communication to verify the authenticity of the communication on-the-fly using a signed chain of check values, the chain being constructed from the original content of the communication, and each check value in the chain being at least partially dependent on the signed root of the chain and a portion of the communication. Fault tolerance can be provided by including error-check values in the communication that enable a decoding device to maintain the chain's security in the face of communication errors. In one embodiment, systems and methods are provided for enabling secure quasi-random access to a content file by constructing a hierarchy of hash values from the file, the hierarchy deriving its security in a manner similar to that used by the above-described chain. The hierarchy culminates with a signed hash that can be used to verify the integrity of other hash values in the hierarchy, and these other hash values can, in turn, be used to efficiently verify the authenticity of arbitrary portions of the content file.

摘要翻译： 公开了系统和方法，用于使密码签名的电子通信的接收者能够使用签署的检查值链来验证通信的真实性，该链由正在通信的原始内容构成，并且每个 检查链中的值至少部分地取决于链的签名根和通信的一部分。 可以通过在通信中包括错误检查值来提供容错，使得解码设备能够在面对通信错误时保持链的安全性。 在一个实施例中，提供了系统和方法，用于通过从文件中构建散列值的层级来实现对内容文件的安全准随机访问，层级以与上述链类似的方式导出其安全性。 层次结构最终得到一个可用于验证层次结构中其他哈希值的完整性的签名散列，而这些哈希值又可用于有效地验证内容文件的任意部分的真实性。

公开(公告)号：US20150067882A1

公开(公告)日：2015-03-05

申请号：US14486834

申请日：2014-09-15

申请人： Intertrust Technologies Corporation

发明人： Xavier Serret-Avila ,  Gilles Boccon-Gibod

IPC分类号： G06F21/10

CPC分类号： G06F21/10 ,  G06F2221/07 ,  G06T1/0071 ,  G11B20/00086 ,  G11B20/00123 ,  G11B20/00884 ,  G11B20/00898 ,  H04L9/3236 ,  H04L9/3247 ,  H04L2209/608 ,  H04N1/32144 ,  H04N1/32208 ,  H04N1/32283 ,  H04N1/32288 ,  H04N1/32293 ,  H04N1/32304 ,  H04N1/3232 ,  H04N5/913 ,  H04N7/162 ,  H04N19/00 ,  H04N19/467 ,  H04N21/23892 ,  H04N21/4627 ,  H04N21/8358 ,  H04N2005/91335 ,  H04N2201/3235

摘要： Systems and methods are provided for determining a presence of a watermark in electronic data. In certain embodiments, a plurality of keys is generated, and a plurality of payloads are retrieved from electronic data using the keys. A statistical indicia of randomness is generated based on the payloads, and the presence of a watermark is determined when the indicia is below a threshold.

摘要翻译： 提供了用于确定电子数据中的水印的存在的系统和方法。 在某些实施例中，生成多个密钥，并且使用密钥从电子数据中检索多个有效载荷。 基于有效载荷生成随机性的统计标记，并且当标记低于阈值时确定水印的存在。

公开(公告)号：US20130297941A1

公开(公告)日：2013-11-07

申请号：US13892021

申请日：2013-05-10

申请人： Intertrust Technologies Corporation

发明人： Xavier Serret-Avila ,  Gilles Boccon-Gibod

IPC分类号： H04L9/32

CPC分类号： G06F21/10 ,  G06F2221/07 ,  G06T1/0071 ,  G11B20/00086 ,  G11B20/00123 ,  G11B20/00884 ,  G11B20/00898 ,  H04L9/3236 ,  H04L9/3247 ,  H04L2209/608 ,  H04N1/32144 ,  H04N1/32208 ,  H04N1/32283 ,  H04N1/32288 ,  H04N1/32293 ,  H04N1/32304 ,  H04N1/3232 ,  H04N5/913 ,  H04N7/162 ,  H04N19/00 ,  H04N19/467 ,  H04N21/23892 ,  H04N21/4627 ,  H04N21/8358 ,  H04N2005/91335 ,  H04N2201/3235

摘要： Systems and methods are provided for determining a presence of a watermark in electronic data. In certain embodiments, a plurality of keys is generated, and a plurality of payloads are retrieved from electronic data using the keys. A statistical indicia of randomness is generated based on the payloads, and the presence of a watermark is determined when the indicia is below a threshold.

公开(公告)号：US09485100B2

公开(公告)日：2016-11-01

申请号：US14739277

申请日：2015-06-15

申请人： Intertrust Technologies Corporation

发明人： Stephen P. Weeks ,  Xavier Serret-Avila

IPC分类号： H04L9/32 ,  G06F21/60

CPC分类号： H04L9/3263 ,  G06F21/604 ,  G06F2221/2141

摘要： The present invention provides systems and methods for making efficient trust management decisions. A trust management engine is provided that processes requests for system resources, authorizations or certificates, and the identity of one or more root authorities that are ultimately responsible for granting or denying the requests. To determine whether a request should be granted, the trust management engine identifies a set principals from whom authorization may flow, and interprets each of the certificates as a function of the state of one or more of the principals. The processing logic iteratively evaluates the functions represented by the certificates, updates the states of the principals, and repeats this process until a reliable determination can be made as to whether the request should be granted or denied. The certificates may be evaluated until the state of the root authority indicates that the request should be granted, or until further evaluation of the certificates is ineffective in changing the state of the principals.

公开(公告)号：US20140289523A1

公开(公告)日：2014-09-25

申请号：US14304422

申请日：2014-06-13

申请人： Intertrust Technologies Corporation

发明人： Xavier Serret-Avila

IPC分类号： H04L29/06

CPC分类号： G06F21/64 ,  G06F21/53 ,  G06F2221/2149 ,  H04L9/3236 ,  H04L63/0428 ,  H04L2209/30 ,  H04L2209/38 ,  H04L2209/603

摘要： Systems and methods are disclosed for enabling a recipient of a cryptographically-signed electronic communication to verify the authenticity of the communication on-the-fly using a signed chain of check values, the chain being constructed from the original content of the communication, and each check value in the chain being at least partially dependent on the signed root of the chain and a portion of the communication. Fault tolerance can be provided by including error-check values in the communication that enable a decoding device to maintain the chain's security in the face of communication errors. In one embodiment, systems and methods are provided for enabling secure quasi-random access to a content file by constructing a hierarchy of hash values from the file, the hierarchy deriving its security in a manner similar to that used by the above-described chain. The hierarchy culminates with a signed hash that can be used to verify the integrity of other hash values in the hierarchy, and these other hash values can, in turn, be used to efficiently verify the authenticity of arbitrary portions of the content file.

摘要翻译： 公开了系统和方法，用于使密码签名的电子通信的接收者能够使用签署的检查值链来验证通信的真实性，该链由正在通信的原始内容构成，并且每个 检查链中的值至少部分地取决于链的签名根和通信的一部分。 可以通过在通信中包括错误检查值来提供容错，使得解码设备能够在面对通信错误时保持链的安全性。 在一个实施例中，提供了系统和方法，用于通过从文件中构建散列值的层级来实现对内容文件的安全准随机访问，层级以与上述链类似的方式导出其安全性。 层次结构最终得到一个可用于验证层次结构中其他哈希值的完整性的签名散列，而这些哈希值又可用于有效地验证内容文件的任意部分的真实性。