公开(公告)号：US20080060083A1

公开(公告)日：2008-03-06

申请号：US11932473

申请日：2007-10-31

申请人： Lawrence Koved ,  Magda Mourad ,  Jonathan Munson ,  Giovanni Pacifici ,  Marco Pistoia ,  Alaa Youssef

发明人： Lawrence Koved ,  Magda Mourad ,  Jonathan Munson ,  Giovanni Pacifici ,  Marco Pistoia ,  Alaa Youssef

IPC分类号： G06F7/04

CPC分类号： G06F21/52 ,  G06F21/10 ,  G06F2221/0748

摘要： A digital rights management (DRM) system and methodology for a Java client implementing a Java Runtime Environment (JRE). The JRE comprises a Java Virtual Machine (JVM) and Java runtime libraries components and is capable of executing a player application for presenting content that can be presented through a Java program (e.g., a Java application, applet, servlet, bean, etc.) and downloaded from a content server to the client. The DRM system includes an acquisition component for receiving downloaded protected contents; and a dynamic rights management layer located between the JRE and player application for receiving requests to view or play downloaded protected contents from the player, and, in response to each request, determining the rights associated with protected content and enabling viewing or playing of the protected contents via the player application if permitted according to the rights. By providing a DRM-enabled Java runtime, which does not affect the way non-DRM-related programs work, DRM content providers will not require the installation of customized players. By securing the runtime, every Java™ player automatically and transparently becomes a DRM-enabled player.

摘要翻译： 实现Java运行时环境（JRE）的Java客户端的数字版权管理（DRM）系统和方法。 JRE包括Java虚拟机（JVM）和Java运行时库组件，并且能够执行播放器应用程序来呈现可以通过Java程序呈现的内容（例如，Java应用程序，小程序，servlet，bean等） 并从内容服务器下载到客户端。 DRM系统包括用于接收下载的受保护内容的获取组件; 以及位于JRE和播放器应用之间的动态版权管理层，用于接收从播放器查看或播放下载的受保护内容的请求，并且响应于每个请求，确定与受保护内容相关联的权限，并且使得能够观看或播放受保护的内容 内容通过玩家申请，如果允许，根据权利。 通过提供支持DRM的Java运行时，不影响非DRM相关程序的工作方式，DRM内容提供商将不需要安装定制播放器。 通过确保运行时间，每个Java（TM）播放器自动且透明地成为启用DRM的播放器。

公开(公告)号：US07827613B2

公开(公告)日：2010-11-02

申请号：US11932473

申请日：2007-10-31

申请人： Lawrence Koved ,  Magda M. Mourad ,  Jonathan P. Munson ,  Giovanni Pacifici ,  Marco Pistoia ,  Alaa S. Youssef

发明人： Lawrence Koved ,  Magda M. Mourad ,  Jonathan P. Munson ,  Giovanni Pacifici ,  Marco Pistoia ,  Alaa S. Youssef

IPC分类号： H04N7/16

CPC分类号： G06F21/52 ,  G06F21/10 ,  G06F2221/0748

摘要： A digital rights management (DRM) system and methodology for a Java client implementing a Java Runtime Environment (JRE). The JRE comprises a Java Virtual Machine (JVM) and Java runtime libraries components and is capable of executing a player application for presenting content that can be presented through a Java program (e.g., a Java application, applet, servlet, bean, etc.) and downloaded from a content server to the client. The DRM system includes an acquisition component for receiving downloaded protected contents; and a dynamic rights management layer located between the JRE and player application for receiving requests to view or play downloaded protected contents from the player, and, in response to each request, determining the rights associated with protected content and enabling viewing or playing of the protected contents via the player application if permitted according to the rights. By providing a DRM-enabled Java runtime, which does not affect the way non-DRM-related programs work, DRM content providers will not require the installation of customized players. By securing the runtime, every Java™ player automatically and transparently becomes a DRM-enabled player.

摘要翻译： 实现Java运行时环境（JRE）的Java客户端的数字版权管理（DRM）系统和方法。 JRE包括Java虚拟机（JVM）和Java运行时库组件，并且能够执行播放器应用程序来呈现可以通过Java程序呈现的内容（例如，Java应用程序，小程序，servlet，bean等） 并从内容服务器下载到客户端。 DRM系统包括用于接收下载的受保护内容的获取组件; 以及位于JRE和播放器应用之间的动态版权管理层，用于接收从播放器查看或播放下载的受保护内容的请求，并且响应于每个请求，确定与受保护内容相关联的权限，并且使得能够观看或播放受保护的内容 内容通过玩家申请，如果允许，根据权利。 通过提供支持DRM的Java运行时，不影响非DRM相关程序的工作方式，DRM内容提供商将不需要安装定制播放器。 通过保护运行时间，每个Java™播放器自动和透明地成为支持DRM的播放器。

公开(公告)号：US07308717B2

公开(公告)日：2007-12-11

申请号：US09792154

申请日：2001-02-23

申请人： Lawrence Koved ,  Magda M. Mourad ,  Jonathan P. Munson ,  Giovanni Pacifici ,  Marco Pistoia ,  Alaa S. Youssef

发明人： Lawrence Koved ,  Magda M. Mourad ,  Jonathan P. Munson ,  Giovanni Pacifici ,  Marco Pistoia ,  Alaa S. Youssef

IPC分类号： G06F7/04

CPC分类号： G06F21/52 ,  G06F21/10 ,  G06F2221/0748

摘要： A digital rights management (DRM) system and methodology for a Java client implementing a Java Runtime Environment (JRE). The JRE comprises a Java Virtual Machine (JVM) and Java runtime libraries components and is capable of executing a player application for presenting content that can be presented through a Java program (e.g., a Java application, applet, servlet, bean, etc.) and downloaded from a content server to the client. The DRM system includes an acquisition component for receiving downloaded protected contents; and a dynamic rights management layer located between the JRE and player application for receiving requests to view or play downloaded protected contents from the player, and, in response to each request, determining the rights associated with protected content and enabling viewing or playing of the protected contents via the player application if permitted according to the rights. By providing a Ad DRM-enabled Java runtime, which does not affect the way non-DRM-related programs work, DRM content providers will not require the installation of customized players. By securing the runtime, every Java™ player automatically and transparently becomes a DRM-enabled player.

摘要翻译： 实现Java运行时环境（JRE）的Java客户端的数字版权管理（DRM）系统和方法。 JRE包括Java虚拟机（JVM）和Java运行时库组件，并且能够执行播放器应用程序来呈现可以通过Java程序呈现的内容（例如，Java应用程序，小程序，servlet，bean等） 并从内容服务器下载到客户端。 DRM系统包括用于接收下载的受保护内容的获取组件; 以及位于JRE和播放器应用之间的动态版权管理层，用于接收从播放器查看或播放下载的受保护内容的请求，并且响应于每个请求，确定与受保护内容相关联的权限，并且使得能够观看或播放受保护的内容 内容通过玩家申请，如果允许，根据权利。 通过提供支持广告DRM的Java运行时，不影响非DRM相关程序的工作方式，DRM内容提供商将不需要安装自定义播放器。 通过确保运行时间，每个Java（TM）播放器自动且透明地成为启用DRM的播放器。

公开(公告)号：US07171558B1

公开(公告)日：2007-01-30

申请号：US09667286

申请日：2000-09-22

申请人： Magda M. Mourad ,  Jonathan P. Munson ,  Tamer Nadeem ,  Giovanni Pacifici ,  Marco Pistoia ,  Alaa S. Youssef

发明人： Magda M. Mourad ,  Jonathan P. Munson ,  Tamer Nadeem ,  Giovanni Pacifici ,  Marco Pistoia ,  Alaa S. Youssef

IPC分类号： H04L9/00

CPC分类号： G06F21/57 ,  G06F21/10

摘要： A digital rights management system for controlling the distribution of digital content to player applications. The system comprises a verification system, a trusted content handler, and a user interface control. The verification system is provided to validate the integrity of the player applications; and the trusted content handler is used to decrypt content and to transmit the decrypted content to the player applications, and to enforce usage rights associated with the content. The user interface control module is provided to ensure that users of the player applications are not exposed to actions that violate the usage rights. The preferred embodiment of the present invention provides a system that enables existing content viewers, such as Web browsers, document viewers, and Java Virtual Machines running content-viewing applications, with digital rights management capabilities, in a manner that is transparent to the viewer. Extending content viewers with such capabilities enables and facilitates the free exchange of digital content over open networks, such as the Internet, while protecting the rights of content owners, authors, and distributors. This protection is achieved by controlling access to the content and constraining it according to the rights and privileges granted to the user during the content acquisition phase.

摘要翻译： 数字版权管理系统，用于控制数字内容到玩家应用程序的分发。 系统包括验证系统，可信内容处理程序和用户界面控制。 提供验证系统以验证玩家申请的完整性; 并且可信内容处理程序用于解密内容并将解密的内容传送给播放器应用，并且执行与内容相关联的使用权限。 提供用户界面控制模块以确保玩家应用的用户不会暴露于违反使用权限的动作。 本发明的优选实施例提供了一种系统，其以对观看者透明的方式，使具有数字权限管理功能的现有内容观众（诸如Web浏览器，文档查看器和运行内容观看应用的Java虚拟机）成为可能。 扩展具有此类功能的内容观众能够实现和促进数字内容在互联网等开放网络上的自由交换，同时保护内容所有者，作者和分销商的权利。 该保护通过控制对内容的访问并根据在内容获取阶段中授予用户的权限和特权来约束来实现。

公开(公告)号：US08387111B2

公开(公告)日：2013-02-26

申请号：US10002439

申请日：2001-11-01

申请人： Lawrence Koved ,  Anthony Joseph Nadalin ,  Nataraj Nagaratnam ,  Marco Pistoia ,  Bruce Arland Rich

发明人： Lawrence Koved ,  Anthony Joseph Nadalin ,  Nataraj Nagaratnam ,  Marco Pistoia ,  Bruce Arland Rich

IPC分类号： G06F12/14

CPC分类号： G06F21/53 ,  G06F2221/2145

摘要： A method and apparatus for type independent permission based access control are provided. The method and apparatus utilize object inheritance to provide a mechanism by which a large group of permissions may be assigned to a codesource without having to explicitly assign each individual permission to the codesource. A base permission, or superclass permission, is defined along with inherited, or subclass, permissions that fall below the base permission in a hierarchy of permissions. Having defined the permissions in such a hierarchy, a developer may assign a base permission to an installed class and thereby assign all of the inherited permissions of the base permission to the installed class. In this way, security providers need not know all the permission types defined in an application. In addition, security providers can seamlessly integrate with many applications without changing their access control and policy store semantics. Moreover, application providers' security enforcement is no dependent on the security provider defined permissions. The method and apparatus do not require any changes to the Java security manager and do not require changes to application code.

摘要翻译： 提供了一种用于基于类型独立许可的访问控制的方法和装置。 该方法和装置利用对象继承来提供一种机制，通过该机制，可以将大量的权限组分配给代码源，而不必对代码源明确地分配每个单独的权限。 基本权限或超类权限与继承层级或权限级别中的基本权限之下的继承或子类权限一起定义。 在这样的层次结构中定义了权限之后，开发人员可以为已安装的类分配一个基本权限，从而将基本权限的所有继承的权限分配给已安装的类。 以这种方式，安全提供程序不需要知道应用程序中定义的所有权限类型。 此外，安全提供商可以无缝地集成许多应用程序，而无需更改其访问控制和策略存储语义。 此外，应用程序提供商的安全执行不依赖于安全提供程序定义的权限。 该方法和设备不需要对Java安全管理器进行任何更改，也不需要更改应用程序代码。

公开(公告)号：US07237236B2

公开(公告)日：2007-06-26

申请号：US10226871

申请日：2002-08-22

申请人： Aaron Stephen Jay Kershenbaum ,  Lawrence Koved ,  Anthony Joseph Nadalin ,  Marco Pistoia

发明人： Aaron Stephen Jay Kershenbaum ,  Lawrence Koved ,  Anthony Joseph Nadalin ,  Marco Pistoia

IPC分类号： G06F9/45

CPC分类号： G06F8/433 ,  G06F8/72

摘要： A method and apparatus for automatically determining optimum placement of privileged code enablement locations in existing code are provided. A method invocation graph of existing code is generated and a static analysis of the method invocation graph is performed. The static analysis is used to analyze the permission propagation through chains of method invocations in the method invocation graph. When a method invocation in the method invocation graph satisfies one or more user definable criteria, the location in the method invocation graph is saved to a file that identifies recommended insertion points for a call to the authorization enablement code. This file may then be used to manually review the code to determine if a call to privileged mode enablement should actually be made at the identified locations. Alternatively, the call to privileged mode enablement may be automatically inserted at the indicated locations using refactoring.

摘要翻译： 提供了一种用于自动确定现有代码中特权代码启用位置的最佳布局的方法和装置。 生成现有代码的方法调用图，并执行方法调用图的静态分析。 静态分析用于通过方法调用图中的方法调用链来分析权限传播。 当方法调用图中的方法调用满足一个或多个用户可定义的标准时，方法调用图中的位置将保存到一个文件中，该文件标识了对授权启用代码的调用的推荐插入点。 然后可以使用该文件手动查看代码，以确定是否应在所识别的位置实际执行对特权模式启用的调用。 或者，可以使用重构在所指示的位置自动地插入对特权模式启用的呼叫。

公开(公告)号：US20050039158A1

公开(公告)日：2005-02-17

申请号：US10639862

申请日：2003-08-13

申请人： Lawrence Koved ,  Anthony Nadalin ,  Marco Pistoia

发明人： Lawrence Koved ,  Anthony Nadalin ,  Marco Pistoia

IPC分类号： G06F9/44

CPC分类号： G06F21/53

摘要： A method and apparatus for implementing a new Permission for methods that perform callback operations are provided. The method and apparatus provide an AdoptPermission Permission type that allows a method to pass a Java 2 authorization test without having the specific required Permissions expressly granted to the method and without the method having the AllPermission Permission granted to it. With the apparatus and method, an AdoptPermission Permission type is defined that operates to allow a ProtectionDomain to “adopt” a required Permission. However, this adoption of a required Permission can only be performed if the ProtectionDomain of at least one method in the thread stack has been granted a Permission that implies the required Permission. Thus, the AdoptPermission Permission type provides an intermediate mechanism that is not as over-inclusive as the AllPermission Permission type and is not as under-inclusive as requiring that all methods in the thread stack include the required Permission expressly granted to them.

摘要翻译： 提供了一种用于实现执行回调操作的方法的新的Permission的方法和装置。 该方法和设备提供了一个AdoptPermission权限类型，允许一种方法传递Java 2授权测试，而不会明确授予该方法的特定所需权限，而不授予其授予AllPermission权限的方法。 使用设备和方法，定义了一个AdoptPermission权限类型，该类型用于允许ProtectionDomain“采用”所需的权限。 但是，只有当线程堆栈中至少有一个方法的ProtectionDomain被授予一个隐含所需权限的权限时，才能执行所需的权限。 因此，AdoptPermission Permission类型提供了一个不像AllPermission Permission类型那样超出包容性的中间机制，并且不包含要求线程堆栈中的所有方法都包含明确授予它们的所需权限。

公开(公告)号：US20090094667A1

公开(公告)日：2009-04-09

申请号：US11867792

申请日：2007-10-05

申请人： Ted A. Habeck ,  Lawrence Koved ,  Jeff McAffer ,  Marco Pistoia

发明人： Ted A. Habeck ,  Lawrence Koved ,  Jeff McAffer ,  Marco Pistoia

IPC分类号： G06F17/00

CPC分类号： G06F21/6218

摘要： Systems and methods are presented for automatically determining the security requirements of program code during the creation or modification of that program code and for presenting the necessary security permissions to a developer of the program code at the time of the creation or modification of the program code. A cache is established containing program code segments including library calls and application program interfaces that require security permissions at runtime. The cache also includes the security permissions associated with the stored program code segments. Program code editing is monitored in real time during the editing, and instances of edits that add, modify or delete the stored program code segments from the program code being edited are identified. The security permissions associated with the program code segments that are modified by the edits are retrieved from the cache. The retrieved security permissions are immediately presented to the developer in an interactive format that provides the developer with the ability to accept or decline the necessary changes to the security permissions.

摘要翻译： 提出了系统和方法，用于在创建或修改程序代码期间自动确定程序代码的安全性要求，并在创建或修改程序代码时向程序代码的开发人员呈现必要的安全权限。 建立了包含程序代码段的缓存，包括在运行时需要安全权限的库调用和应用程序接口。 缓存还包括与存储的程序代码段相关联的安全许可。 在编辑期间实时监控程序代码编辑，并且识别从正在编辑的程序代码中添加，修改或删除存储的程序代码段的编辑实例。 从缓存中检索与编辑修改的程序代码段相关联的安全权限。 检索到的安全权限立即以交互式格式呈现给开发人员，交互式格式使开发人员能够接受或拒绝对安全权限的必要更改。

公开(公告)号：US20080104698A1

公开(公告)日：2008-05-01

申请号：US11968673

申请日：2008-01-03

申请人： Lawrence Koved ,  Anthony Nadalin ,  Marco Pistoia

发明人： Lawrence Koved ,  Anthony Nadalin ,  Marco Pistoia

IPC分类号： G06F21/00

CPC分类号： G06F21/53

摘要： A method and apparatus for implementing a new Permission for methods that perform callback operations are provided. The method and apparatus provide an AdoptPermission Permission type that allows a method to pass a Java 2 authorization test without having the specific required Permissions expressly granted to the method and without the method having the AllPermission Permission granted to it. With the apparatus and method, an AdoptPermission Permission type is defined that operates to allow a ProtectionDomain to “adopt” a required Permission. However, this adoption of a required Permission can only be performed if the ProtectionDomain of at least one method in the thread stack has been granted a Permission that implies the required Permission. Thus, the AdoptPermission Permission type provides an intermediate mechanism that is not as over-inclusive as the AllPermission Permission type and is not as under-inclusive as requiring that all methods in the thread stack include the required Permission expressly granted to them.

摘要翻译： 提供了一种用于实现执行回调操作的方法的新的Permission的方法和装置。 该方法和设备提供了一个AdoptPermission权限类型，允许一种方法传递Java 2授权测试，而不会明确授予该方法的特定所需权限，而不授予其授予AllPermission权限的方法。 使用设备和方法，定义了一个AdoptPermission权限类型，该类型用于允许ProtectionDomain“采用”所需的权限。 但是，只有当线程堆栈中至少有一个方法的ProtectionDomain被授予一个隐含所需权限的权限时，才能执行所需的权限。 因此，AdoptPermission Permission类型提供了一个不像AllPermission Permission类型那样超出包容性的中间机制，并且不包含要求线程堆栈中的所有方法都包含明确授予它们的所需权限。

公开(公告)号：US08789188B2

公开(公告)日：2014-07-22

申请号：US11867792

申请日：2007-10-05

申请人： Ted A. Habeck ,  Lawrence Koved ,  Jeff McAffer ,  Marco Pistoia

发明人： Ted A. Habeck ,  Lawrence Koved ,  Jeff McAffer ,  Marco Pistoia

IPC分类号： G06F21/00

CPC分类号： G06F21/6218

摘要： Systems and methods are presented for automatically determining the security requirements of program code during the creation or modification of that program code and for presenting the necessary security permissions to a developer of the program code at the time of the creation or modification of the program code. A cache is established containing program code segments including library calls and application program interfaces that require security permissions at runtime. The cache also includes the security permissions associated with the stored program code segments. Program code editing is monitored in real time during the editing, and instances of edits that add, modify or delete the stored program code segments from the program code being edited are identified. The security permissions associated with the program code segments that are modified by the edits are retrieved from the cache. The retrieved security permissions are immediately presented to the developer in an interactive format that provides the developer with the ability to accept or decline the necessary changes to the security permissions.

摘要翻译： 提出了系统和方法，用于在创建或修改程序代码期间自动确定程序代码的安全性要求，并在创建或修改程序代码时向程序代码的开发人员呈现必要的安全权限。 建立了包含程序代码段的缓存，包括在运行时需要安全权限的库调用和应用程序接口。 缓存还包括与存储的程序代码段相关联的安全许可。 在编辑期间实时监控程序代码编辑，并且识别从正在编辑的程序代码中添加，修改或删除存储的程序代码段的编辑实例。 从缓存中检索与编辑修改的程序代码段相关联的安全权限。 检索到的安全权限立即以交互式格式呈现给开发人员，交互式格式使开发人员能够接受或拒绝对安全权限的必要更改。