公开(公告)号：US06178509B1

公开(公告)日：2001-01-23

申请号：US08924166

申请日：1997-09-05

申请人： Joseph M. Nardone ,  Richard T. Mangold ,  Jody L. Pfotenhauer ,  Keith L. Shippy ,  David W. Aucsmith ,  Richard L. Maliszewski ,  Gary L. Graunke

发明人： Joseph M. Nardone ,  Richard T. Mangold ,  Jody L. Pfotenhauer ,  Keith L. Shippy ,  David W. Aucsmith ,  Richard L. Maliszewski ,  Gary L. Graunke

IPC分类号： H04L900

CPC分类号： G11B20/00086 ,  G06F12/1408 ,  G06F21/10 ,  G06F21/14 ,  G06F21/52 ,  G06F21/57 ,  G06F21/79 ,  G06F2221/2107 ,  G06F2221/2135 ,  G06F2221/2151

摘要： In one apparatus, a number of obfuscated programming instructions is provided to perform integrity verification on a number of other plain text programming instructions. In another apparatus, a number of obfuscated programming instructions is provided to self-verify an invocation of the obfuscated programming instructions is not originated from an intruder.

摘要翻译： 在一种装置中，提供了许多模糊编程指令以对许多其他纯文本编程指令执行完整性验证。 在另一种装置中，提供了许多混淆的编程指令来自我验证，混淆编程指令的调用不是源于入侵者。

公开(公告)号：US06175925B1

公开(公告)日：2001-01-16

申请号：US08924167

申请日：1997-09-05

申请人： Joseph M. Nardone ,  Richard P. Mangold ,  Jody L. Pfotenhauer ,  Keith L. Shippy ,  David W. Aucsmith ,  Richard L. Maliszewski ,  Gary L. Graunke

发明人： Joseph M. Nardone ,  Richard P. Mangold ,  Jody L. Pfotenhauer ,  Keith L. Shippy ,  David W. Aucsmith ,  Richard L. Maliszewski ,  Gary L. Graunke

IPC分类号： G06F1130

CPC分类号： G11B20/00086 ,  G06F12/1408 ,  G06F21/10 ,  G06F21/14 ,  G06F21/52 ,  G06F21/57 ,  G06F21/79 ,  G06F2221/2107 ,  G06F2221/2135 ,  G06F2221/2151

摘要： In one apparatus, a group of plain text and obfuscated cells of programming instructions is provided to implement a descrambler that descrambles scrambled content to generate descrambled content. In another apparatus, a group of plain text and obfuscated cells of programming instructions is provided to implement an authenticator that provides appropriate authentication challenges to a scrambled content provider, and generates appropriate authentication responses to authentication challenges from the scrambled content provider. In yet another apparatus, a group of plain text and obfuscated cells of programming instructions is provided to implement an integrity verifier that performs integrity verification on a decoder. In yet another apparatus, a group of plain text and obfuscated cells of programming instructions is provided to implement a secrets holder that holds a number of secrets associated with playing scrambled contents.

摘要翻译： 在一种装置中，提供了一组编程指令的纯文本和混淆单元，以实现解扰器，其解扰加扰的内容以产生解扰的内容。 在另一种装置中，提供了一组编程指令的明文和混淆单元，以实现向加扰的内容提供商提供适当的认证挑战的认证器，并从加扰的内容提供商产生对认证挑战的适当认证响应。 在又一设备中，提供了一组编程指令的纯文本和混淆单元，以实现在解码器上执行完整性验证的完整性验证器。 在另一装置中，提供一组编程指令的明文和混淆单元，以实现保存与播放加扰内容相关联的多个秘密的秘密持有者。

公开(公告)号：US06205550B1

公开(公告)日：2001-03-20

申请号：US08924740

申请日：1997-09-05

申请人： Joseph M. Nardone ,  Richard P. Mangold ,  Jody L. Pfotenhauer ,  Keith L. Shippy ,  David W. Aucsmith ,  Richard L. Maliszewski ,  Gary L. Graunke

发明人： Joseph M. Nardone ,  Richard P. Mangold ,  Jody L. Pfotenhauer ,  Keith L. Shippy ,  David W. Aucsmith ,  Richard L. Maliszewski ,  Gary L. Graunke

IPC分类号： G06F1130

CPC分类号： G06F12/1408 ,  G06F21/10 ,  G06F21/14 ,  G06F21/52 ,  G06F21/57 ,  G06F21/79 ,  G06F2221/2107 ,  G06F2221/2135 ,  G06F2221/2151 ,  G11B20/00086

摘要： In one apparatus, a number of obfuscated programming instructions are equipped to self-verify whether execution of the obfuscated programming instructions is being observed. In another apparatus, a number of obfuscated programming instruction are equipped to determine whether the apparatus is being operated in a mode that supports single step execution of the obfuscated programming instructions. In yet another apparatus, a number of obfuscated programming instruction are equipped to verify whether an amount of elapsed execution time has exceeded a threshold. In yet another apparatus, a first and a second group of obfuscated programming instruction are provided to implement a first and a second tamper resistant technique respectively, with the first and the second group of programming instructions sharing a storage location for a first and a second key value corresponding to the first and the second tamper resistant technique.

摘要翻译： 在一种装置中，配置了许多模糊编程指令来自我验证是否正在观察到模糊编程指令的执行。 在另一装置中，配备有多个模糊编程指令，以确定装置是否以支持模糊编程指令的单步执行的模式操作。 在另一装置中，配备有多个模糊编程指令，以验证经过的执行时间量是否超过阈值。 在另一装置中，提供第一组和第二组混淆编程指令以分别实现第一和第二防篡改技术，第一组和第二组编程指令共享用于第一和第二键的存储位置 值对应于第一和第二防篡改技术。

公开(公告)号：US5991399A

公开(公告)日：1999-11-23

申请号：US993597

申请日：1997-12-18

申请人： Gary L. Graunke ,  John Carbajal ,  Richard L. Maliszewski ,  Carlos V. Rozas

发明人： Gary L. Graunke ,  John Carbajal ,  Richard L. Maliszewski ,  Carlos V. Rozas

IPC分类号： G06F21/00 ,  G11B20/00 ,  H04L9/00 ,  H04L9/08 ,  H04L9/30 ,  H04L9/32

CPC分类号： G06F21/34 ,  G06F21/10 ,  G06Q20/3829 ,  G11B20/00086 ,  G11B20/0021 ,  G06F2211/008

摘要： Secure distribution of a private key to a user's application program (also called a "trusted player" such as a DVD player or CD-ROM player) with conditional access based on verification of the trusted player's integrity and authenticity is provided. Once validated, the trusted player uses the private key to decrypt encrypted digital content. The private key is dynamically generated, associated with specific digital content, and communicated in real-time from a server to the trusted player in a secure manner, thereby controlling access to encrypted digital content. The key is wrapped into an executable tamper resistant key module in which the key can only be used by the right trusted player as determined by the server based on user requests and payment. The key module plugs in to the trusted player and executes to validate the player and decrypt the content. The integrity of the trusted player is correlated to its ability to perform a cryptographic operation using an asymmetric key pair in a manner that is tamper resistant, thereby preventing an unencrypted copy of digital content to be made.

摘要翻译： 提供了一种基于对可靠玩家的完整性和真实性的验证，将私钥安全地分配给具有条件访问的用户应用程序（也称为“受信任的玩家”，例如DVD播放器或CD-ROM播放器）。 经过验证，受信任的播放器使用私钥来解密加密的数字内容。 私钥是动态生成的，与特定数字内容相关联，并且以安全的方式从服务器到受信任的播放器实时地进行传送，从而控制对加密的数字内容的访问。 密钥被包装成可执行的防篡改密钥模块，其中密钥只能由由服务器根据用户请求和支付确定的正确的受信任的玩家使用。 关键模块插入信任的播放器，执行验证播放器并对内容进行解密。 可信任的播放器的完整性与其以防篡改的方式使用非对称密钥对执行密码操作的能力相关联，从而防止制作数字内容的未加密的副本。

公开(公告)号：US5974550A

公开(公告)日：1999-10-26

申请号：US989615

申请日：1997-12-12

申请人： Richard L. Maliszewski

发明人： Richard L. Maliszewski

IPC分类号： G09C1/00 ,  G06F1/00 ,  G06F21/00 ,  H04L9/10 ,  H04L9/32 ,  H04L9/00 ,  H04K1/00

CPC分类号： G06F21/31 ,  H04L9/3247 ,  H04L9/3271

摘要： Authenticating a remote process operating in an address space different than that of a local process includes the steps of creating, by the local process, a tamper resistant module containing a temporary secret, sending the tamper resistant module and a challenge from the local process to the remote process, executing the tamper resistant module by the remote process and recovering the secret when the integrity of the remote process is verified by the tamper resistant module, encoding the challenge using the secret to produce a response, sending the response to the local process, and decoding the response by the local process. Optionally, the tamper resistant module includes a request for information from the second process and the response includes the answer to the request for information.

摘要翻译： 验证在与本地进程不同的地址空间中操作的远程进程包括以下步骤：通过本地进程创建包含临时秘密的防篡改模块，将防篡改模块和挑战从本地进程创建到 远程进程，由远程进程执行防篡改模块，并且当通过防篡改模块验证远程进程的完整性时恢复秘密，使用秘密对挑战进行编码以产生响应，向本地进程发送响应， 并通过本地进程对响应进行解码。 可选地，防篡改模块包括对来自第二进程的信息的请求，并且响应包括对信息请求的答案。

公开(公告)号：US20100174889A1

公开(公告)日：2010-07-08

申请号：US12349307

申请日：2009-01-06

申请人： Richard L. Maliszewski ,  James P. Held ,  Daniel Baumberger

发明人： Richard L. Maliszewski ,  James P. Held ,  Daniel Baumberger

IPC分类号： G06F9/455 ,  G06F9/30

CPC分类号： G06F9/45533 ,  G06F9/22 ,  G06F9/30174 ,  G06F9/30189

摘要： Embodiments of apparatuses, methods, and systems for modifying the behavior of a guest installed to run within a VM are disclosed. In one embodiment, an apparatus includes virtualization logic, first storage, second storage, decode logic, and multiplexing logic. The virtualization logic is to provide a mode in which to operate a virtual machine. The first storage is to store a first plurality of micro-instructions to control the apparatus. The second storage is to store a second plurality of micro-instructions to control the apparatus. The decode logic is to decode a macro-instruction into one of a first plurality and a second plurality of micro-instructions. The multiplexing logic is to cause the macro-instruction to be decoded into the second plurality of micro-instructions instead of the first plurality of micro-instructions only when issued from the virtual machine.

摘要翻译： 公开了用于修改安装在VM内运行的客户端的行为的装置，方法和系统的实施例。 在一个实施例中，设备包括虚拟化逻辑，第一存储，第二存储，解码逻辑和多路复用逻辑。 虚拟化逻辑是提供一种操作虚拟机的模式。 第一存储器是存储第一多个微指令以控制该装置。 第二存储器是存储第二多个微指令以控制该装置。 解码逻辑是将宏指令解码为第一多个和第二多个微指令之一。 复用逻辑是仅在从虚拟机发出时，使宏指令被解码成第二多个微指令而不是第一多个微指令。

公开(公告)号：US07181603B2

公开(公告)日：2007-02-20

申请号：US10096685

申请日：2002-03-12

申请人： Lewis V. Rothrock ,  Richard L. Maliszewski

发明人： Lewis V. Rothrock ,  Richard L. Maliszewski

IPC分类号： G06F9/00

CPC分类号： H04L9/3247 ,  G06F21/51

摘要： Redirecting function calls through a protected environment to effect secure linkage of program modules. In one embodiment, a program module, such as a player application for example, may make function calls to secure functions instead of to insecure operating system (OS) services, thereby deterring attacks on the player's calls to OS services. In one embodiment, the new secure functions provide similar functionality to the replaced OS services. Providing a securely loaded function for calling by a program module in place of calling an insecure OS function includes obtaining object code for the securely loaded function from a signed binary description file, performing signature and integrity verification of the program module using the signed binary description file, loading the object code for the securely loaded function into memory, and updating an address for calling the securely loaded function by the program module.

摘要翻译： 通过受保护的环境重定向函数调用以实现程序模块的安全连接。 在一个实施例中，例如诸如播放器应用的程序模块可以进行功能调用以保护功能而不是不安全的操作系统（OS）服务，从而阻止对OS服务的播放器的呼叫的攻击。 在一个实施例中，新的安全功能提供与替换的OS服务类似的功能。 提供用于由程序模块调用代替调用不安全的OS功能的安全加载的功能包括从签名的二进制描述文件获取安全加载的功能的目标代码，使用带符号的二进制描述文件执行程序模块的签名和完整性验证 将安全加载的功能的目标代码加载到存储器中，并且通过程序模块更新用于调用安全加载的功能的地址。

公开(公告)号：US6021487A

公开(公告)日：2000-02-01

申请号：US768069

申请日：1996-12-16

申请人： Richard L. Maliszewski

发明人： Richard L. Maliszewski

IPC分类号： G06F5/01 ,  G06F9/302 ,  G06F9/38

CPC分类号： G06F9/3001 ,  G06F5/01 ,  G06F9/30072 ,  G06F7/49978

摘要： A method and apparatus to divide a signed integer by a constant power of two using conditionally-executed instructions to choose between a first result in the event that the dividend is a negative signed integer and a second result in the event that the dividend is a positive signed integer, wherein values associated with the first result and the second result are generated simultaneously.

摘要翻译： 一种使用有条件执行的指令将有符号整数除以2的恒定幂的方法和装置，以在股利为负的有符号整数的事件中的第一个结果和在股息为正的情况下的第二个结果之间进行选择 有符号整数，其中与第一结果和第二结果相关联的值同时生成。

公开(公告)号：US07140005B2

公开(公告)日：2006-11-21

申请号：US09764725

申请日：2001-01-17

申请人： Richard L. Maliszewski

发明人： Richard L. Maliszewski

IPC分类号： G06F12/14 ,  G06F21/22

CPC分类号： G06F11/3688 ,  G06F21/54

摘要： A data processing device associates a test module with a sequence of instructions, the test module producing a test result by performing a test on a sequence of instructions. In the sequence of instructions, a first instruction comprising a target address is replaced with a second instruction having an instruction address in the sequence, the second instruction to transfer control to the test module. The target address is stored within an encrypted table, and the test module locates the target address in the table and transfers control to the target address when the test result indicates the sequence of instructions may proceed.

摘要翻译： 数据处理装置将测试模块与指令序列相关联，测试模块通过对指令序列执行测试来产生测试结果。 在指令序列中，包括目标地址的第一指令被替换为具有序列中的指令地址的第二指令，第二指令将控制转移到测试模块。 目标地址存储在加密表中，测试模块将目标地址定位在表中，并且当测试结果指示指令序列可以进行时，将控制转移到目标地址。

公开(公告)号：US07073200B2

公开(公告)日：2006-07-04

申请号：US09769155

申请日：2001-01-24

申请人： Richard L. Maliszewski

发明人： Richard L. Maliszewski

IPC分类号： G06F11/30 ,  G06F12/00

CPC分类号： H04N21/44029 ,  H04N7/1675 ,  H04N21/23439 ,  H04N21/4405 ,  H04N21/8106

摘要： Providing secure content-based user experience enhancement in a player device for rendering digital content includes accepting encrypted digital content, decrypting the encrypted digital content into decrypted digital content, downsampling the decrypted digital content into downsampled digital content; and processing the downsampled digital content by an enhancement module to provide the user experience enhancement. The system protects content being rendered by a player application even when the content is also sent to an enhancement module such as a plug-in. The original content is protected by only transferring a version of the content to the enhancement module that is downsampled. That is, the original high fidelity, high value content is never transferred to the untrusted enhancement module. Instead, the content is downsampled into a lower fidelity form that it is still useful for the purposes of enhancement module processing, but is not useful or desirable for other purposes (such as normal rendering of the content for enjoyment by the user).