-
公开(公告)号:US07529919B2
公开(公告)日:2009-05-05
申请号:US10431012
申请日:2003-05-07
IPC分类号: G06F21/22
CPC分类号: G06F9/468 , G06F9/4406 , G06F21/10 , G06F21/575 , G06F2221/2113 , H04L63/0435 , H04L63/0442 , H04L63/166
摘要: In accordance with one aspect of boot blocks for software, in a computer system that has a central processing unit and a software identity register, an atomic operation is executed to set an identity of a piece of software into the software identity register. If the atomic operation completes correctly, then the software identity register contains the identity of the piece of software; otherwise, the software identity register contains a value other than the identity of the piece of software.
摘要翻译: 根据用于软件的引导块的一个方面,在具有中央处理单元和软件标识寄存器的计算机系统中,执行原子操作以将软件的身份设置为软件身份寄存器。 如果原子操作正确完成,则软件身份寄存器包含该软件的身份; 否则,软件身份寄存器包含除该软件的身份之外的值。
-
公开(公告)号:US07424606B2
公开(公告)日:2008-09-09
申请号:US10430999
申请日:2003-05-07
CPC分类号: G06F9/468 , G06F9/4406 , G06F21/10 , G06F21/575 , G06F2221/2113 , H04L63/0435 , H04L63/0442 , H04L63/166
摘要: A system and method for authenticating an operating system includes, in accordance with one aspect, a method in a computer system having a processor, an operating system (OS), and a software identity register that holds an identity of the operating system, the processor having a private key. The method comprises forming an OS certificate containing the identity from the software identity register and signing the OS certificate using the private key. In accordance with another aspect, the signed identity is submitted to a recipient to prove an identity of the operating system to the recipient.
摘要翻译: 根据一个方面,用于认证操作系统的系统和方法包括具有处理器,操作系统(OS)和保存操作系统的身份的软件身份寄存器的计算机系统中的方法,所述处理器 有私钥。 该方法包括从软件身份寄存器形成包含身份的OS证书,并使用私钥对OS证书进行签名。 根据另一方面,将签名的身份提交给接收者以向接收者证明操作系统的身份。
-
公开(公告)号:US07194092B1
公开(公告)日:2007-03-20
申请号:US09227568
申请日:1999-01-08
IPC分类号: H04L9/00
CPC分类号: G06F9/468 , G06F9/4406 , G06F21/10 , G06F21/575 , G06F2221/2113 , H04L63/0435 , H04L63/0442 , H04L63/166
摘要: Secure storage for downloaded content on a subscriber computer is keyed to a trusted digital rights management operating system, a trusted application, a trusted user or a combination thereof. A one-way hash function is applied to a seed supplied by an application to produce a hashed seed that is used to generate the application storage key. A one-way hash function is applied to a seed supplied by a user to produce a first hashed seed that is passed to a keyed hash function, which is keyed to an identity for the user, to produce a second hashed seed. The second hashed seed is used to generate the user storage key. An operating system storage key is generated from an unhashed seed. One of the storage keys is used to encrypt the downloaded content. An access predicate attached to the content when it is downloaded is associated with the storage key to enforce certain limitations on the access of the content.
摘要翻译: 用户计算机上的下载内容的安全存储被锁定到可信赖的数字版权管理操作系统,可信应用程序,可信用户或其组合。 单向散列函数应用于由应用程序提供的种子以产生用于生成应用程序存储密钥的散列种子。 单向散列函数被应用于由用户提供的种子以产生第一散列种子,该第一散列种子被传递给键入的哈希函数,其被键入用户的身份,以产生第二散列种子。 第二个散列种子用于生成用户存储密钥。 从未分解的种子生成操作系统存储密钥。 其中一个存储密钥用于加密下载的内容。 在下载时附加到内容的访问谓词与存储密钥相关联,以对内容的访问执行某些限制。
-
4.发明授权公开(公告)号:US06820063B1
公开(公告)日:2004-11-16
申请号:US09227559
申请日:1999-01-08
IPC分类号: G06F1760
CPC分类号: G06F21/57 , G06F21/10 , G06F2221/2101
摘要: Digital rights for content downloaded to a subscriber computer from a provider are specified in an access predicate. The access predicate is compared with a rights manager certificate associated with an entity, such as an application, that wants access to the content. If the rights manager certificate satisfies the access predicate, the entity is allowed access to the content. A license that specifies limitations on the use of the content can also be associated with the content and provided to the entity. The use the entity makes of the content is monitored and terminated if the entity violates the license limitations. In one aspect of the invention, the access predicate and the license are protected from tampering through cryptographic techniques.
摘要翻译: 在访问谓词中指定了从提供者下载到用户计算机的内容的数字权限。 访问谓词与与想要访问内容的实体(例如应用)相关联的权限管理器证书进行比较。 如果权限管理器证书满足访问谓词,则允许实体访问内容。 指定对使用内容的限制的许可证也可以与内容相关联并提供给实体。 如果实体违反许可证限制,使用实体使内容受到监控和终止。 在本发明的一个方面,访问谓词和许可证被保护免受通过加密技术的篡改。
-
公开(公告)号:US06327652B1
公开(公告)日:2001-12-04
申请号:US09227611
申请日:1999-01-08
IPC分类号: G06F9445
CPC分类号: G06F9/468 , G06F9/4406 , G06F21/10 , G06F2221/2113
摘要: The identity of an operating system running on a computer is determined from an identity associated with an initial component for the operating system, combined with identities of additional components that are loaded afterwards. Loading of a digital rights management operating system on a subscriber computer is guaranteed by validating digital signatures on each component to be loaded and by determining a trust level for each component. A trusted identity is assumed by the digital rights management operating system when only components with valid signatures and a pre-determined trust level are loaded. Otherwise, the operating system is associated with an untrusted identity. Both the trusted and untrusted identities are derived from the components that were loaded. Additionally, a record of the loading of each component is placed into a boot log that is protected from tampering through a chain of public-private key pairs.
摘要翻译: 在计算机上运行的操作系统的身份是从与操作系统的初始组件相关联的身份确定的,再加上随后加载的附加组件的标识。 通过验证要加载的每个组件上的数字签名以及通过确定每个组件的信任级别来保证在用户计算机上加载数字版权管理操作系统。 只有加载了具有有效签名和预定信任级别的组件时,数字版权管理操作系统才承担可信身份。 否则,操作系统与不可信身份相关联。 受信任和不受信任的身份都来自已加载的组件。 另外,每个组件的加载记录被放置在引导日志中,该引导日志不受篡改通过一系列公私密钥对。
-
6.发明授权System and method for authenticating an operating system to a central processing unit, providing the CPU/OS with secure storage, and authenticating the CPU/OS to a third party 有权将操作系统认证到中央处理单元的系统和方法,向CPU / OS提供安全存储,并将CPU / OS认证给第三方公开(公告)号:US07457412B2
公开(公告)日:2008-11-25
申请号:US11615266
申请日:2006-12-22
IPC分类号: H04L9/00
CPC分类号: G06F21/10 , G06F9/4406 , G06F9/468 , G06F21/445 , G06F21/57 , G06F21/575 , G06F2221/0704 , G06F2221/2103 , G06F2221/2113 , G06F2221/2129
摘要: In accordance with certain aspects, a computer system has a central processing unit (CPU) and an operating system (OS), the CPU having a pair of private and public keys and a software identity register that holds an identity of the operating system. An OS certificate is created including the identity from the software identity register, information describing the operating system, and the CPU public key. The created OS certificate is signed using the CPU private key.
摘要翻译: 根据某些方面,计算机系统具有中央处理单元(CPU)和操作系统(OS),所述CPU具有一对专用和公共密钥以及保存操作系统的身份的软件身份寄存器。 创建一个OS证书,包括软件身份登记器的身份,描述操作系统的信息和CPU公钥。 创建的OS证书使用CPU私钥进行签名。
-
7.发明授权System and method for authenticating an operating system to a central processing unit, providing the CPU/OS with secure storage, and authenticating the CPU/OS to a third party 有权将操作系统认证到中央处理单元的系统和方法,向CPU / OS提供安全存储,并将CPU / OS认证给第三方公开(公告)号:US07174457B1
公开(公告)日:2007-02-06
申请号:US09266207
申请日:1999-03-10
IPC分类号: H04L9/00
CPC分类号: G06F21/10 , G06F9/4406 , G06F9/468 , G06F21/445 , G06F21/57 , G06F21/575 , G06F2221/0704 , G06F2221/2103 , G06F2221/2113 , G06F2221/2129
摘要: A general-purpose processor (CPU) is configured with a new mechanism facilitating an authenticated boot sequence that provides building blocks for client-side rights management when the system is online, and provides continued protection of persistent data even when the system goes offline or is rebooted. The CPU includes a cryptographic key pair, and a manufacturer certificate testifying that the manufacturer built the CPU according to a known specification. The operating system (OS) includes a unique block of code, or “boot block” that can establish OS identity by extraction from a digitally signed boot block or by computing a hash digest of the boot block. During booting, the CPU executes a single opcode, followed by the boot block, as an atomic operation to set the identity of the OS into the software identity register. The subscriber unit then can establish a chain of trust to a content provider.
摘要翻译: 通用处理器(CPU)配置有一种新的机制,便于经过身份验证的引导顺序,该系统在系统联机时为客户端权限管理提供构建块,并且即使在系统脱机时也提供持续数据的持续保护 重新启动 CPU包括加密密钥对和制造商证书,证明制造商根据已知规格构建CPU。 操作系统(OS)包括一个唯一的代码块或“引导块”,可以通过从数字签名的引导块中提取或通过计算引导块的散列摘要来建立OS标识。 在引导期间,CPU执行单个操作码,后跟引导块,作为将操作系统的身份设置为软件身份寄存器的原子操作。 订户单元然后可以建立到内容提供商的信任链。
-
公开(公告)号:US06330670B1
公开(公告)日:2001-12-11
申请号:US09227561
申请日:1999-01-08
IPC分类号: G06F944
CPC分类号: G06F9/468 , G06F9/4406 , G06F21/10 , G06F21/575 , G06F2221/2113
摘要: A digital rights management operating system protects rights-managed data, such as downloaded content, from access by untrusted programs while the data is loaded into memory or on a page file as a result of the execution of a trusted application that accesses the memory. To protect the rights-managed data resident in memory, the digital rights management operating system refuses to load an untrusted program into memory while the trusted application is executing or removes the data from memory before loading the untrusted program. If the untrusted program executes at the operating system level, such as a debugger, the digital rights management operating system renounces a trusted identity created for it by the computer processor when the computer was booted. To protect the rights-managed data on the page file, the digital rights management operating system prohibits raw access to the page file, or erases the data from the page file before allowing such access. Alternatively, the digital rights management operating system can encrypt the rights-managed data prior to writing it to the page file. The digital rights management operating system also limits the functions the user can perform on the rights-managed data and the trusted application, and can provide a trusted clock used in place of the standard computer clock.
摘要翻译: 数字版权管理操作系统由于执行访问存储器的可信应用程序而将数据加载到存储器或页面文件中时,保护诸如下载的内容之类的权利管理的数据免受不可信程序的访问。 为了保护驻留在内存中的权限管理数据,数字版权管理操作系统拒绝在可信应用程序正在执行之前加载不受信任的程序,或者在加载不受信任的程序之前从内存中删除数据。 如果不可信程序在操作系统级别(例如调试器)上执行,则数字版权管理操作系统在计算机引导时放弃由计算机处理器为其创建的可信标识。 为了保护页面文件上的权限管理数据,数字版权管理操作系统禁止原始访问页面文件,或者在允许访问页面之前从页面文件中删除数据。 或者,数字权限管理操作系统可以在将权限管理的数据写入页面文件之前加密。 数字版权管理操作系统还限制用户可以在权限管理的数据和可信应用上执行的功能,并且可以提供用于代替标准计算机时钟的可信时钟。
-
9.发明授权公开(公告)号:US07543336B2
公开(公告)日:2009-06-02
申请号:US10431011
申请日:2003-05-07
IPC分类号: G06F7/00
CPC分类号: G06F9/468 , G06F9/4406 , G06F21/10 , G06F21/575 , G06F2221/2113 , H04L63/0435 , H04L63/0442 , H04L63/166
摘要: In one aspect, a data structure to be encrypted is received, the data structure including content along with a statement of conditions under which the content may be decrypted. The content is encrypted using a public key of a pair of public and private keys of a device that is to decrypt the data structure. In another aspect, a data structure is decrypted using a private key of a pair of public and private keys. A statement of conditions under which content in the data structure can be decrypted is obtained, and testing is performed as to whether the conditions are satisfied. The decrypted content is returned only if the conditions are satisfied.
摘要翻译: 在一个方面中,接收要加密的数据结构,该数据结构包括内容以及内容可被解密的条件语句。 使用要解密数据结构的设备的一对公钥和私钥的公钥来加密内容。 在另一方面,使用一对公钥和私钥的私钥对数据结构进行解密。 获得可解密数据结构中的内容的条件声明,并且对条件是否满足进行测试。 解密的内容只有在满足条件的情况下才会被返回。
-
公开(公告)号:US07434263B2
公开(公告)日:2008-10-07
申请号:US10430994
申请日:2003-05-07
IPC分类号: G06F21/27
CPC分类号: G06F9/468 , G06F9/4406 , G06F21/10 , G06F21/575 , G06F2221/2113 , H04L63/0435 , H04L63/0442 , H04L63/166
摘要: In one aspect, a data structure to be encrypted is received in a device, the data structure including content along with a statement of conditions under which the content may be decrypted. The data structure is encrypted using a symmetric key of a processor of the device. In another aspect, a data structure is decrypted using a processor symmetric key. A statement of conditions under which content in the data structure can be decrypted is obtained, and testing is performed as to whether the conditions are satisfied. The decrypted content is returned only if the conditions are satisfied.
摘要翻译: 一方面,在设备中接收要加密的数据结构,该数据结构包括内容以及内容可被解密的条件语句。 使用设备的处理器的对称密钥对数据结构进行加密。 在另一方面,使用处理器对称密钥解密数据结构。 获得可解密数据结构中的内容的条件声明,并且对条件是否满足进行测试。 解密的内容只有在满足条件的情况下才会被返回。
-
-
-
-
-
-
-
-
-
搜索结果
42 条记录 (耗时 0.031 秒)
