公开(公告)号：US07680743B2

公开(公告)日：2010-03-16

申请号：US10146236

申请日：2002-05-15

申请人： Marcus Peinado ,  Paul England ,  John L. Manferdelli

发明人： Marcus Peinado ,  Paul England ,  John L. Manferdelli

IPC分类号： G06F17/60 ,  G07G1/12

CPC分类号： G06F21/10

摘要： A digital rights management (DRM) system, an application, and a DRM digital license for the application are all on a computing device. The application is for being executed to perform a function and includes code requiring that the DRM system determine that the application is allowed to be executed to perform the function based on the license. The application further includes code for determining that the application is to be executed on one of the computing device or in connection with the DRM system.

摘要翻译： 用于该应用的数字版权管理（DRM）系统，应用程序和DRM数字许可证都在计算设备上。 应用程序被执行以执行功能，并且包括要求DRM系统确定允许执行应用以执行基于许可证的功能的代码。 应用还包括用于确定应用程序将在其中一个计算设备上执行或与DRM系统相关联的代码。

公开(公告)号：US07103574B1

公开(公告)日：2006-09-05

申请号：US09290363

申请日：1999-04-12

申请人： Marcus Peinado ,  Rajasekhar Abburi ,  Arnold N. Blinn ,  Thomas C. Jones ,  John L. Manferdelli ,  Jeffrey R. C. Bell ,  Ramaranthnam Venkatesan ,  Paul England ,  Mariusz H. Jakubowski ,  Hai Ying (Vincent) Yu

发明人： Marcus Peinado ,  Rajasekhar Abburi ,  Arnold N. Blinn ,  Thomas C. Jones ,  John L. Manferdelli ,  Jeffrey R. C. Bell ,  Ramaranthnam Venkatesan ,  Paul England ,  Mariusz H. Jakubowski ,  Hai Ying (Vincent) Yu

IPC分类号： G06F17/60 ,  H04L9/00

CPC分类号： H04L63/0442 ,  G06F21/10 ,  G06F21/71 ,  G06F21/84 ,  G06F2211/007 ,  G06F2221/0797 ,  G06F2221/2105 ,  G06F2221/2137 ,  G06Q30/06 ,  G06Q30/0601 ,  G07F11/002 ,  H04L63/068 ,  H04L63/0823 ,  H04L63/12 ,  H04L2463/101

摘要： An enforcement architecture and method for implementing digital rights management are disclosed. Digital content is distributed from a content server to a computing device of a user and received, and an attempt is made to render the digital content by way of a rendering application. The rendering application invokes a Digital Rights Management (DRM) system, and such DRM system determines whether a right to render the digital content in the manner sought exists based on any digital license stored in the computing device and corresponding to the digital content. If the right does not exist, a digital license that provides such right and that corresponds to the digital content is requested from a license server, and the license server issues the digital license to the DRM system. The computing device receives the issued digital license and stores the received digital license thereon.

公开(公告)号：US07051005B1

公开(公告)日：2006-05-23

申请号：US09482840

申请日：2000-01-13

申请人： Marcus Peinado ,  Rajasekhar Abburi ,  Arnold N. Blinn ,  Thomas C. Jones ,  John L. Manferdelli ,  Jeffrey R. C. Bell ,  Ramaranthnam Venkatesan ,  Paul England ,  Mariusz H. Jakubowski ,  Hai Ying (Vincent) Yu

发明人： Marcus Peinado ,  Rajasekhar Abburi ,  Arnold N. Blinn ,  Thomas C. Jones ,  John L. Manferdelli ,  Jeffrey R. C. Bell ,  Ramaranthnam Venkatesan ,  Paul England ,  Mariusz H. Jakubowski ,  Hai Ying (Vincent) Yu

IPC分类号： G06F17/60

CPC分类号： H04L63/0442 ,  G06F21/10 ,  G06F21/71 ,  G06F21/84 ,  G06F2211/007 ,  G06F2221/0704 ,  G06F2221/0797 ,  G06F2221/2105 ,  G06F2221/2137 ,  G06Q30/06 ,  G06Q50/188 ,  G07F11/002 ,  H04L63/068 ,  H04L63/0823 ,  H04L63/12 ,  H04L2463/101

摘要： A digital rights management (DRM) system operates on a computing device and requires a black box for performing decryption and encryption functions. To obtain the black box from a black box server, the DRM system requests such black box from such black box server. The black box server in response generates the black box, where such black box is unique and has a public/private key pair. The black box server then delivers the generated black box to the DRM system and the DRM system installs the delivered black box in such DRM system.

摘要翻译： 数字版权管理（DRM）系统在计算设备上运行，并且需要用于执行解密和加密功能的黑匣子。 要从黑盒服务器获取黑匣子，DRM系统从这样的黑匣子服务器请求这样的黑匣子。 黑匣子服务器响应生成黑盒子，其中黑框是唯一的，并且具有公/私钥对。 黑匣子服务器然后将所生成的黑匣子传送到DRM系统，并且DRM系统将传送的黑匣子安装在这样的DRM系统中。

公开(公告)号：US06775655B1

公开(公告)日：2004-08-10

申请号：US09449106

申请日：1999-11-24

申请人： Marcus Peinado ,  John L. Manferdelli ,  Jeffrey R. C. Bell

发明人： Marcus Peinado ,  John L. Manferdelli ,  Jeffrey R. C. Bell

IPC分类号： G06F1760

CPC分类号： H04L63/0442 ,  G06F21/10 ,  G06F21/71 ,  G06F21/84 ,  G06F2211/007 ,  G06F2221/0797 ,  G06F2221/2105 ,  G06F2221/2137 ,  G06Q30/06 ,  G06Q30/0601 ,  G07F11/002 ,  H04L63/068 ,  H04L63/0823 ,  H04L63/12 ,  H04L2463/101

摘要： A rendering application determines that digital content is in an encrypted rights-protected form and invokes a Digital Rights Management (DRM) system which includes a license store having at least one digital license stored therein. Each license corresponds to a piece of digital content and includes a decryption key (KD) for decrypting the corresponding digital content. The DRM system locates each license in the license store corresponding to the digital content to be rendered, selects one of the located licenses, obtains (KD) from the selected license, decrypts the digital content with (KD), and returns the decrypted digital content to the rendering application for actual rendering.

摘要翻译： 呈现应用程序确定数字内容是加密的受权限保护的形式，并且调用数字版权管理（DRM）系统，其包括具有存储在其中的至少一个数字许可证的许可证商店。 每个许可证对应于一段数字内容，并且包括用于解密对应的数字内容的解密密钥（KD）。 DRM系统将每个许可证定位在与要呈现的数字内容相对应的许可证存储器中，选择所定位的许可证中的一个，从所选许可证中获取（KD），用（KD）解密数字内容，并返回解密的数字内容 到渲染应用程序进行实际渲染。

公开(公告)号：US07318236B2

公开(公告)日：2008-01-08

申请号：US10375246

申请日：2003-02-27

申请人： Marco A. DeMello ,  Vinay Krishnaswamy ,  Rushmi U. Malaviarachchi ,  John L. Manferdelli ,  Bradley Serbus ,  Attila Narin ,  Steve Bourne

发明人： Marco A. DeMello ,  Vinay Krishnaswamy ,  Rushmi U. Malaviarachchi ,  John L. Manferdelli ,  Bradley Serbus ,  Attila Narin ,  Steve Bourne

IPC分类号： G06F7/04 ,  H04L9/00 ,  H04Q40/00

CPC分类号： G06F21/10 ,  G06F2221/0704 ,  G06F2221/072 ,  H04L9/0825 ,  H04L9/083 ,  H04L9/3263 ,  H04L2209/603

摘要： A first trusted component on a first computing device performs cryptography, evaluation, and enforcement and is tied thereto, and a first user-machine certificate associated with the first computing device is tied to a user. Correspondingly, a second trusted component on a second computing device performs cryptography, evaluation, and enforcement and is tied thereto, and a second user-machine certificate associated with the second computing device is also tied to the user. The first trusted component obtains the content for rendering on the first computing device by way of the first user-machine certificate and the license, and the second trusted component obtains the content for rendering on the second computing device by way of the second user-machine certificate and the same license.

摘要翻译： 第一计算设备上的第一受信任的组件执行密码学，评估和执行并与之相关联，并且与第一计算设备相关联的第一用户机器证书被绑定到用户。 相应地，第二计算设备上的第二受信任组件执行密码学，评估和执行并与之相关联，并且与第二计算设备相关联的第二用户机器证书也与用户相关联。 第一信任组件通过第一用户机器证书和许可证获得用于在第一计算设备上呈现的内容，并且第二可信组件通过第二用户机器获得用于在第二计算设备上呈现的内容 证书和相同的许可证。

公开(公告)号：US07051200B1

公开(公告)日：2006-05-23

申请号：US09604518

申请日：2000-06-27

申请人： John L. Manferdelli ,  Michael David Marr ,  Vinay Krishnaswamy ,  Mariusz H. Jakubowski

发明人： John L. Manferdelli ,  Michael David Marr ,  Vinay Krishnaswamy ,  Mariusz H. Jakubowski

IPC分类号： H04L9/00

CPC分类号： G06F21/6218 ,  G06F21/10 ,  G06F2221/0704

摘要： A secure repository individualized for a hardware environment and a method and system for providing the same. The secure repository includes a hidden cryptographic key and code that applies the key without requiring access to a copy of the key. The code that implements the secure repository is generated in a manner that is at least partly based on a hardware ID associated with the hardware environment in which the secure repository is to be installed, and may also be based on a random number. Cryptographic functions implemented by the secure repository include decryption of encrypted information and validation of cryptographically signed information. The secure repository may be coupled to an application program, which uses cryptographic services provided by the secure repository, by way of a decoupling interface that provides a common communication and authentication interface for diverse types of secure repositories. The decoupling interface may take the form of a single application programmer interface (API) usable with multiple dynamically linkable libraries.

摘要翻译： 用于硬件环境的安全存储库以及用于提供硬件环境的方法和系统。 安全存储库包括隐藏的加密密钥和应用密钥而不需要访问密钥副本的代码。 实现安全存储库的代码以至少部分地基于与要安装安全存储库的硬件环境相关联的硬件ID的方式生成，并且还可以基于随机数。 由安全存储库实现的加密功能包括加密信息的解密和加密签名信息的验证。 安全存储库可以耦合到使用由安全存储库提供的加密服务的应用程序，该应用程序通过解耦接口来提供用于不同类型的安全存储库的公共通信和认证接口。 解耦接口可以采用可与多个动态可链接库一起使用的单个应用程序接口（API）的形式。

公开(公告)号：US07958373B2

公开(公告)日：2011-06-07

申请号：US12466295

申请日：2009-05-14

申请人： John L. Manferdelli ,  Michael David Marr ,  Vinay Krishnaswamy ,  Mariusz H. Jakubowski

发明人： John L. Manferdelli ,  Michael David Marr ,  Vinay Krishnaswamy ,  Mariusz H. Jakubowski

IPC分类号： G06F21/00 ,  G06F11/30

CPC分类号： G06F21/10 ,  G06F21/14 ,  G06F2211/007 ,  G06F2221/0748 ,  G06F2221/2107

摘要： A secure repository individualized for a hardware environment and a method and system for providing the same. The secure repository includes a hidden cryptographic key and code that applies the key without requiring access to a copy of the key. The code that implements the secure repository is generated in a manner that is at least partly based on a hardware ID associated with the hardware environment in which the secure repository is to be installed, and may also be based on a random number. Cryptographic functions implemented by the secure repository include decryption of encrypted information and validation of cryptographically signed information. The secure repository may be coupled to an application program, which uses cryptographic services provided by the secure repository, by way of a decoupling interface that provides a common communication and authentication interface for diverse types of secure repositories. The decoupling interface may take the form of a single application programmer interface (API) usable with multiple dynamically linkable libraries.

摘要翻译： 用于硬件环境的安全存储库以及用于提供硬件环境的方法和系统。 安全存储库包括隐藏的加密密钥和应用密钥而不需要访问密钥副本的代码。 实现安全存储库的代码以至少部分地基于与要安装安全存储库的硬件环境相关联的硬件ID的方式生成，并且还可以基于随机数。 由安全存储库实现的加密功能包括加密信息的解密和加密签名信息的验证。 安全存储库可以耦合到使用由安全存储库提供的加密服务的应用程序，该应用程序通过解耦接口来提供用于不同类型的安全存储库的公共通信和认证接口。 解耦接口可以采用可与多个动态可链接库一起使用的单个应用程序接口（API）的形式。

公开(公告)号：US07774830B2

公开(公告)日：2010-08-10

申请号：US11080806

申请日：2005-03-14

申请人： Blair Brewster Dillaway ,  John L. Manferdelli ,  Shawn Martin Woods

发明人： Blair Brewster Dillaway ,  John L. Manferdelli ,  Shawn Martin Woods

IPC分类号： H04L9/32

CPC分类号： H04L63/102 ,  G06F21/6218 ,  H04L63/0823

摘要： An access control policy engine associated with a resource determines whether to allow a request to access same. The engine receives the request with an security token, retrieves the token determines a type thereof, and maps access decision information in the token to a common format as at least one security claim setting forth adequate information to determine a right of the requestor. Thereafter, the engine retrieves a set of rules for accessing the resource, applies the rules to the security claims to determine whether to allow the request from the requestor, and if the request is to be allowed, provides the requestor access to the resource in accordance with the request and the rights of the requestor as determined based on the security claims.

摘要翻译： 与资源相关联的访问控制策略引擎确定是否允许请求访问它。 引擎使用安全令牌接收请求，检索令牌确定其类型，并将令牌中的访问决策信息映射到通用格式作为至少一个安全权利要求，其中提供足够的信息以确定请求者的权利。 此后，引擎检索用于访问资源的一组规则，将规则应用于安全声明以确定是否允许来自请求者的请求，并且如果请求被允许，则根据请求提供对资源的请求者访问 请求者的请求和权利根据担保权利要求确定。

公开(公告)号：US20090293116A1

公开(公告)日：2009-11-26

申请号：US12486057

申请日：2009-06-17

申请人： Marco A. DeMello ,  Vinay Krishnaswamy ,  John L. Manferdelli

发明人： Marco A. DeMello ,  Vinay Krishnaswamy ,  John L. Manferdelli

IPC分类号： G06F21/24

CPC分类号： G06F21/10 ,  G06F2221/0737 ,  G06F2221/2137

摘要： A digital rights management system for the distribution, protection and use of electronic content. The system includes a client architecture which receives content, where the content is preferably protected by encryption and may include a license and individualization features. Content is protected at several levels, including: no protection; source-sealed; individually-sealed (or “inscribed”); source-signed; and fully-individualized (or “owner exclusive”). The client also includes and/or receives components which permit the access and protection of the encrypted content, as well as components that allow content to be provided to the client in a form that is individualized for the client. In some cases, access to the content will be governed by a rights construct defined in the license bound to the content. The client components include an object which accesses encrypted content, an object that parses the license and enforces the rights in the license, an object which obtains protection software and data that is individualized for the client and/or the persona operating the client, and a script of instructions that provides individualization information to a distributor of content so that the content may be individualized for the client and/or its operating persona. Content is generally protected by encrypting it with a key and then sealing the key into the content in a way that binds it to the meta-data associated with the content. In some instances, the key may also be encrypted in such a way as to be accessible only by the use of individualized protection software installed on the client, thereby binding use of the content to a particular client or set of clients.

摘要翻译： 数字版权管理系统，用于分发，保护和使用电子内容。 该系统包括接收内容的客户端架构，其中优选地通过加密保护内容，并且可以包括许可证和个性化特征。 内容受到多个级别的保护，包括：无保护; 源密封; 单独密封（或“铭刻”）; 源代码; 和完全个性化（或“所有者独占”）。 客户端还包括和/或接收允许加密内容的访问和保护的组件以及允许以为客户端个性化的形式向客户端提供内容的组件。 在某些情况下，访问内容将受到绑定到内容的许可证中定义的权利结构的约束。 客户端组件包括访问加密内容的对象，解析许可证并执行许可证中的权限的对象，获得保护软件的对象和为客户端和/或操作客户端的个人化的数据，以及 向内容分发者提供个性化信息的指令脚本，使得可以为客户端和/或其操作人员个性化内容。 内容通常通过用密钥加密来保护，然后以将其绑定到与内容相关联的元数据的方式将密钥密封到内容中。 在某些情况下，密钥还可以以仅通过使用安装在客户端上的个性化保护软件才能访问的方式进行加密，从而将内容的使用绑定到特定客户端或客户端集合。

公开(公告)号：US06996720B1

公开(公告)日：2006-02-07

申请号：US09604946

申请日：2000-06-27

申请人： Marco A. DeMello ,  Vinay Krishnaswamy ,  John L. Manferdelli

发明人： Marco A. DeMello ,  Vinay Krishnaswamy ,  John L. Manferdelli

IPC分类号： G06F12/14

CPC分类号： G06F21/10 ,  G06F2221/0737 ,  G06F2221/2137

摘要： A digital rights management system for the distribution, protection and use of electronic content. The system includes a client architecture which receives content, where the content is preferably protected by encryption and may include a license and individualization features. Content is protected at several levels, including: no protection; source-sealed; individually-sealed (or “inscribed”); source-signed; and fully-individualized (or “owner exclusive”). The client also includes and/or receives components which permit the access and protection of the encrypted content, as well as components that allow content to be provided to the client in a form that is individualized for the client. In some cases, access to the content will be governed by a rights construct defined in the license bound to the content. The client components include an object which accesses encrypted content, an object that parses the license and enforces the rights in the license, an object which obtains protection software and data that is individualized for the client and/or the persona operating the client, and a script of instructions that provides individualization information to a distributor of content so that the content may be individualized for the client and/or its operating persona. Content is generally protected by encrypting it with a key and then sealing the key into the content in a way that binds it to the meta-data associated with the content. In some instances, the key may also be encrypted in such a way as to be accessible only by the use of individualized protection software installed on the client, thereby binding use of the content to a particular client or set of clients.