Cryptographic Protection of Usage Restrictions in Electronic Devices
    1.
    发明申请
    Cryptographic Protection of Usage Restrictions in Electronic Devices 有权
    电子设备使用限制的密码保护

    公开(公告)号:US20100180130A1

    公开(公告)日:2010-07-15

    申请号:US12351643

    申请日:2009-01-09

    IPC分类号: G06F12/14

    摘要: An electronic device requires valid control keys to change any usage restriction setting. The device is provided control keys, a secret key, and a signed software object including a batch ID and a hash of the secret key. For each control key, the device generates a cryptographic footprint bound to the device and the secret key. A message authentication code (MAC) of each usage restriction setting is generated, the MAC bound to the device and a control key. To change a usage restriction, the device receives a control key, validates it against the stored footprint, changes the usage restriction settings, and generates a new usage restriction setting MAC. The control key footprints are bound to the secret key, but the device retains only a hash of the secret key.

    摘要翻译: 电子设备需要有效的控制键来更改任何使用限制设置。 该设备被提供控制密钥,秘密密钥和包括密钥的批次ID和散列的签名的软件对象。 对于每个控制密钥,设备生成绑定到设备和秘密密钥的加密覆盖。 生成每个使用限制设置的消息认证码(MAC),绑定到设备的MAC和控制密钥。 为了更改使用限制,设备接收到控制密钥,根据存储的足迹进行验证,更改使用限制设置,并生成新的使用限制设置MAC。 控制键占用空间被绑定到秘密密钥,但设备仅保留秘密密钥的散列。

    Secure End-of-Life Handling of Electronic Devices
    2.
    发明申请
    Secure End-of-Life Handling of Electronic Devices 有权
    安全终止电子设备的处理

    公开(公告)号:US20090164800A1

    公开(公告)日:2009-06-25

    申请号:US11963019

    申请日:2007-12-21

    IPC分类号: H04L9/06

    摘要: Methods and apparatus for verifying that an electronic device has been disabled are disclosed. An exemplary electronic device includes a communications interface, a secure memory, storing a secret key, and a cryptographic circuit configured to calculate a verification token from the secret key, using a first cryptographic operation. The cryptographic circuit is further configured to calculate an identification token from the verification token, using a second cryptographic operation. The cryptographic circuit is further configured to output the identification token in response to a first command received via the communications interface. The verification token is output to the communications interface only if a predetermined functionality of the electronic device has been disabled. The electronic device may further comprise a disabling circuit configured to disable the predetermined functionality in response to a disable command.

    摘要翻译: 公开了用于验证电子设备已被禁用的方法和装置。 示例性电子设备包括通信接口,安全存储器,存储秘密密钥以及被配置为使用第一密码操作从秘密密钥计算验证令牌的密码电路。 加密电路还被配置为使用第二密码操作从验证令牌计算识别令牌。 密码电路还被配置为响应于经由通信接口接收的第一命令而输出识别令牌。 只有当电子设备的预定功能被禁用时,才将验证令牌输出到通信接口。 电子设备还可以包括被配置为响应于禁用命令来禁用预定功能的禁用电路。

    System and method for digital rights management of electronic content
    3.
    发明申请
    System and method for digital rights management of electronic content 有权
    电子内容数字版权管理系统与方法

    公开(公告)号:US20050209972A1

    公开(公告)日:2005-09-22

    申请号:US10926689

    申请日:2004-08-26

    IPC分类号: G06F1/00 H04L9/08 H04L9/00

    摘要: Digital rights management is described involving a device, a content issuer, and a rights issuer. A content encryption key (CEK) is encrypted using a public key associated with the device to produce an encrypted CEK. The encrypted CEK is encrypted using an issuer encryption key to produce a twice encrypted CEK. The twice encrypted CEK is encrypted using the public key to produce a ciphertext included in a rights object. The rights object is available to the device for decrypting digital content associated with the content issuer. The device can then decrypt the rights object ciphertext using its private key to produce a decrypted rights object ciphertext and decrypt the decrypted rights object ciphertext using an issuer decryption key received from the content issuer to produce an encrypted CEK. The encrypted CEK is decrypted using the private key to obtain the CEK, which is then available for decrypting digital content.

    摘要翻译: 描述涉及设备,内容发行者和权利发行者的数字版权管理。 使用与该设备相关联的公开密钥来加密内容加密密钥(CEK)以产生加密的CEK。 使用发行者加密密钥对加密的CEK进行加密,以产生两次加密的CEK。 使用公钥加密两次加密的CEK,以产生包含在权限对象中的密文。 权利对象可用于设备用于解密与内容发行者相关联的数字内容。 然后,设备可以使用其私钥来解密权限对象密文,以产生解密的权限对象密文,并使用从内容发行者接收到的发行者解密密钥对解密的权限对象密文进行解密,以产生加密的CEK。 使用私钥对加密的CEK进行解密以获得CEK,该CEK可用于解密数字内容。

    Method and Apparatus for Software Boot Revocation
    4.
    发明申请
    Method and Apparatus for Software Boot Revocation 有权
    软件引导撤销的方法和装置

    公开(公告)号:US20110225409A1

    公开(公告)日:2011-09-15

    申请号:US12722046

    申请日:2010-03-11

    IPC分类号: G06F21/22 G06F9/24

    CPC分类号: G06F21/575

    摘要: A composite customer ID (CCID) is stored in the OTP memory of integrated circuit chipsets used by a number of different customers. The CCID includes individual customer IDs (CIDs) at defined index positions, each corresponding to a different customer. Each chipset allows or disallows software booting, based reading a certificate index value from a given customer's certificate, reading an OTP CID from OTP, as pointed to the by certificate index value, and evaluating the OTP CID with a certificate CID read from the certificate. Thus, while CCID carries information for a plurality of customers, each customer's certificate points only to that customer's OTP CID, which can be changed to revoke that customer's certificate without revoking the other customers' certificates. The CCID also may include a version number, where the chipsets allow or disallow software booting based on evaluating the certificate version number in view of the CCID version number.

    摘要翻译: 复合客户ID(CCID)存储在许多不同客户使用的集成电路芯片组的OTP存储器中。 CCID包括在定义的索引位置处的每个客户ID(CID),每个客户ID对应于不同的客户。 每个芯片组允许或不允许软件引导,基于从给定客户的证书读取证书索引值,从OTP读取OTP CID,按证书索引值指示,并使用从证书读取的证书CID来评估OTP CID。 因此,当CCID携带多个客户的信息时,每个客户的证书仅指示该客户的OTP CID,其可以被改变以撤消该客户的证书而不撤销其他客户的证书。 CCID还可以包括版本号,其中基于CCID版本号,基于评估证书版本号,芯片组允许或不允许软件启动。

    METHOD FOR ALTERATION OF INTEGRITY PROTECTED DATA IN A DEVICE, COMPUTER PROGRAM PRODUCT AND DEVICE IMPLEMENTING THE METHOD
    5.
    发明申请
    METHOD FOR ALTERATION OF INTEGRITY PROTECTED DATA IN A DEVICE, COMPUTER PROGRAM PRODUCT AND DEVICE IMPLEMENTING THE METHOD 审中-公开
    用于改变设备中的完整性保护数据的方法,计算机程序产品和实现方法的设备

    公开(公告)号:US20100299748A1

    公开(公告)日:2010-11-25

    申请号:US12746864

    申请日:2008-11-27

    IPC分类号: H04L9/32 G06F21/24

    摘要: The invention relates to a method for enabling modifications of integrity protected data, such as SIM lock settings, in a device. The method comprises: in a device, creating a data entity containing signed change information about allowable alterations, the change information being bound to the device, a certificate with a public key corresponding to the private key used to sign the change information; accessing the device and requesting alteration; verifying the requested alteration against the data entity; and if the verification succeeds, performing the requested alteration. By centrally preparing dedicated replacement devices, which locally can be altered in a simple and secure way, without compromising sensitive information or data, a more secure handling of alteration is achieved. Also, the invention relates to a corresponding computer program product and a device implementing the method.

    摘要翻译: 本发明涉及一种用于在设备中修改完整性受保护数据(例如SIM卡锁定设置)的方法。 该方法包括:在设备中,创建包含关于允许的更改的已签名变更信息的数据实体,所述变更信息被绑定到所述设备,具有与用于签署所述变更信息的所述私钥对应的公开密钥的证书; 访问设备并请求更改; 验证对数据实体的请求的改变; 并且如果验证成功,则执行所请求的改变。 通过集中准备专门的替换设备,可以以简单和安全的方式在本地进行更改,而不会影响敏感信息或数据,从而实现更安全的更改处理。 此外,本发明涉及相应的计算机程序产品和实现该方法的设备。

    System for heating liquid by solar radiation
    6.
    发明申请
    System for heating liquid by solar radiation 审中-公开
    太阳辐射加热液体的系统

    公开(公告)号:US20050087186A1

    公开(公告)日:2005-04-28

    申请号:US10968137

    申请日:2004-10-20

    申请人: Per Stahl

    发明人: Per Stahl

    IPC分类号: F24J2/34 F24J2/44 F24J2/04

    摘要: A system for heating liquid using solar radiation, includes a plurality of solar panels (1, 2, 3, 4, 5), at least one reservoir for heated liquid and pipes for circulating liquid between the respective solar panel and the at least one liquid reservoir, the liquid circulating by gravity circulation. The present system is characterised in that a non-return valve (17) for controlling the flow of heated liquid from the respective solar panel is placed in a portion of the circulation pipe between the upper end of the solar panel and the at least one liquid reservoir, the non-return valve (17) being adapted to open and close at a predetermined pressure in the liquid flow from the solar panel.

    摘要翻译: 一种使用太阳辐射加热液体的系统,包括多个太阳能电池板(1,2,3,4,5),至少一个用于加热液体的储存器和用于在相应太阳能电池板和至少一个液体之间循环液体的管道 水库,液体通过重力循环循环。 本系统的特征在于,用于控制来自各个太阳能电池板的加热液体的流动的止回阀(17)被放置在循环管道的一部分在太阳能电池板的上端和至少一个液体 储液器,止回阀(17)适于以来自太阳能电池板的液体流中的预定压力打开和关闭。