公开(公告)号：US20060150252A1

公开(公告)日：2006-07-06

申请号：US11027206

申请日：2004-12-30

申请人： John Okimoto ,  Bridget Kimball ,  Annie Chen ,  Michael Habrat ,  Douglas Petty ,  Eric Sprunk ,  Lawrence Tang

发明人： John Okimoto ,  Bridget Kimball ,  Annie Chen ,  Michael Habrat ,  Douglas Petty ,  Eric Sprunk ,  Lawrence Tang

IPC分类号： H04N7/16

CPC分类号： G06F21/10 ,  H04N7/1675 ,  H04N21/4147 ,  H04N21/4405 ,  H04N21/4408 ,  H04N21/8355

摘要： The present invention discloses an apparatus and method for defining and enforcing rules of transition between two security domains, e.g., a transport domain and a persistent security domain. In turn, a border guard, e.g., a security device, is provided between these two domains that enforce rules for transition between the two security domains. This novel approach of defining a transport domain and a persistent security domain simplifies the classification of the digital content and its movement through the system. Namely, the border guard once established between the two systems can enforce DRM rules associated with how contents are moved between the two domains.

摘要翻译： 本发明公开了一种用于定义和实施两个安全域（例如传输域和持久安全域）之间的转换规则的装置和方法。 反过来，在这两个域之间提供边界警卫，例如安全装置，这两个域执行两个安全域之间的转换规则。 这种定义传输域和持久安全域的新颖方法简化了数字内容的分类及其通过系统的移动。 也就是说，在两个系统之间建立的边界守卫可以实施与内容在两个域之间移动的相关联的DRM规则。

公开(公告)号：US20060146885A1

公开(公告)日：2006-07-06

申请号：US11026413

申请日：2004-12-30

申请人： Bridget Kimball ,  Michael Habrat ,  John Okimoto ,  Douglas Petty ,  Eric Sprunk ,  Lawrence Tang

发明人： Bridget Kimball ,  Michael Habrat ,  John Okimoto ,  Douglas Petty ,  Eric Sprunk ,  Lawrence Tang

IPC分类号： H04J3/06

CPC分类号： G06F21/10 ,  G06F21/725 ,  H04L63/123 ,  H04L2463/121

摘要： The present invention discloses a system and method for providing a secured system time reference to a subscriber device, e.g., a set top box or a receiver. In one embodiment, the system time reference is provided in a secure system time message that is broadcasted to a plurality of subscriber devices. Each subscriber device has a security device or software application that is capable of determining whether the received system time reference is legitimate. If the system time reference is determined to be legitimate, a local time reference is synchronized with said received system time reference.

摘要翻译： 本发明公开了一种用于向订户设备（例如机顶盒或接收机）提供安全系统时间参考的系统和方法。 在一个实施例中，在广播到多个订户设备的安全系统时间消息中提供系统时间参考。 每个用户设备具有能够确定所接收的系统时间参考是否合法的安全设备或软件应用。 如果确定系统时间参考是合法的，则将本地时间基准与所接收的系统时间参考同步。

公开(公告)号：US20070091345A1

公开(公告)日：2007-04-26

申请号：US11255113

申请日：2005-10-20

申请人： Xin Qiu ,  Bridget Kimball ,  Eric Sprunk ,  Lawrence Tang

发明人： Xin Qiu ,  Bridget Kimball ,  Eric Sprunk ,  Lawrence Tang

IPC分类号： G06K15/00

CPC分类号： H04L9/083 ,  H04L9/0841 ,  H04L63/0428 ,  H04L2463/062

摘要： According to one embodiment of the invention a system is utilized to leverage the security arrangement between a first and second device to establish a secure link between the first device and a third device. One embodiment of the invention is particularly suitable for loading security data on a set top box, such as that utilized in the cable television industry.

摘要翻译： 根据本发明的一个实施例，利用系统利用第一和第二设备之间的安全布置来建立第一设备和第三设备之间的安全链路。 本发明的一个实施例特别适合于将安全数据加载在诸如有线电视工业中使用的机顶盒上。

公开(公告)号：US07305555B2

公开(公告)日：2007-12-04

申请号：US10109111

申请日：2002-03-27

申请人： John I. Okimoto ,  Eric J. Sprunk ,  Lawrence W. Tang ,  Annie On-yee Chen ,  Bridget Kimball ,  Douglas Petty

发明人： John I. Okimoto ,  Eric J. Sprunk ,  Lawrence W. Tang ,  Annie On-yee Chen ,  Bridget Kimball ,  Douglas Petty

IPC分类号： H04L9/00 ,  H04K1/00 ,  G06F11/30 ,  G06F12/14 ,  G06Q40/00 ,  H04L9/32 ,  H04N7/167 ,  H04N1/44 ,  H04K1/02

CPC分类号： H04N21/254 ,  H04N7/163 ,  H04N21/2543 ,  H04N21/26609 ,  H04N21/4181 ,  H04N21/4367 ,  H04N21/4623

摘要： A system is described for uniquely mating components of a communication network such as a smartcard and a set-top box. When mated, the smartcard and set-top box are tied together and have a single identity. Further, the smartcard operates properly only when inserted into an authorized set-top box. Exchanges of information between both components are secured by encryption and authentication to guard against piracy of the exchanged information. The system provides the same authentication key to the set-top box and the smartcard. This key is used for authenticating communication between the set-top box and the smartcard. First, the authentication key is encrypted by a set-top box mating key. The set-top box employs this mating key to decrypt the authentication key. After it is derived, the authentication key is stored in the set-top box's memory. Further, the same authentication key is encrypted by a smartcard mating key. Thereafter, the smartcard employs the smartcard mating key to extract the authentication key. The clear authentication key is stored in the smartcard's memory as well. In this manner, the authentication key is used for securing all communication between the set-top box and the smart-card. For example, the set-top box may request control words from the smartcard. Only after authenticating the request, are the control words for decrypting digital content provided to the set-top box. If the smartcard authentication key is different from the set-top box key, the request for control words is denied.

摘要翻译： 描述了用于唯一地匹配诸如智能卡和机顶盒之类的通信网络的组件的系统。 当配对时，智能卡和机顶盒被捆绑在一起并具有单一身份。 此外，仅当插入授权的机顶盒时，智能卡才能正常运行。 通过加密和认证来确保两个组件之间的信息交换，以防止所交换信息的盗版。 系统向机顶盒和智能卡提供相同的认证密钥。 该密钥用于认证机顶盒和智能卡之间的通信。 首先，认证密钥由机顶盒配对密钥加密。 机顶盒采用这种配对密钥来解密认证密钥。 导出后，身份验证密钥存储在机顶盒的内存中。 此外，相同的认证密钥由智能卡配对密钥加密。 此后，智能卡采用智能卡配对密钥来提取认证密钥。 清除认证密钥也存储在智能卡的存储器中。 以这种方式，认证密钥用于保护机顶盒和智能卡之间的所有通信。 例如，机顶盒可以从智能卡请求控制字。 只有在认证请求之后，才是解密提供给机顶盒的数字内容的控制字。 如果智能卡认证密钥与机顶盒密钥不同，则拒绝对控制字的请求。