-
1.发明申请公开(公告)号:US20100318791A1
公开(公告)日:2010-12-16
申请号:US12814554
申请日:2010-06-14
IPC分类号: H04L29/06
CPC分类号: H04L63/0823 , H04L9/3268 , H04L63/10 , H04L2209/603 , H04L2209/76
摘要: Systems and methods are disclosed for providing certificate status information about a certificate includes receiving, at a Certificate Status Information Protocol (CSIP) proxy device the certificate identity information about the certificate of the second device. Then determining, using the CSIP proxy device, whether the certificate status information is stored in a CSIP proxy device memory. If the certificate status information is not stored in the CSIP proxy device memory, creating a CSIP request based on the certificate identity information and sending the CSIP request, including the certificate identity information, to a CSIP responder computer outside the local network domain. If the certificate status information is stored in the CSIP proxy device memory, sending the certificate status information to the first device. Also, a system and method are disclosed for using a CSIP responder computer.
摘要翻译: 公开了用于提供关于证书的证书状态信息的系统和方法,包括在证书状态信息协议(CSIP)代理设备处接收关于第二设备的证书的证书身份信息。 然后,使用CSIP代理设备确定证书状态信息是否存储在CSIP代理设备存储器中。 如果证书状态信息未存储在CSIP代理设备存储器中,则根据证书身份信息创建CSIP请求,并将CSIP请求(包括证书身份信息)发送到本地网络域之外的CSIP响应者计算机。 如果证书状态信息存储在CSIP代理设备存储器中,则将证书状态信息发送到第一设备。 此外,公开了一种用于使用CSIP应答计算机的系统和方法。
-
公开(公告)号:US20080267398A1
公开(公告)日:2008-10-30
申请号:US12108719
申请日:2008-04-24
IPC分类号: H04N7/167
CPC分类号: G11B20/00086 , G11B20/00166 , G11B20/0021 , G11B20/00507 , G11B20/00731 , G11B27/30 , G11B2220/2516 , H04N7/1675 , H04N21/2541 , H04N21/4135 , H04N21/4147 , H04N21/43615 , H04N21/43622 , H04N21/4367 , H04N21/4408 , H04N21/4627 , H04N21/835 , H04N21/8355 , H04N21/8456
摘要: A process may be utilized by the DVR. The process receives a plurality of segments of a set of content and a plurality of corresponding content rule sets. Further, the process provides one or more instructions to record and encrypt the plurality of segments of the set of content on a storage medium. In addition, the process provides the plurality of content rule sets to the DRM component to be inserted into a locally generated and secured content license associated with the encryption of the set of content. The secured content license includes a master key and a list of the plurality of corresponding content rule sets that have been received in order of reception. The process receives a plurality of marker tokens from the DRM component in order to facilitate trick mode playback.
摘要翻译: DVR可以利用一个过程。 该过程接收一组内容和多个对应的内容规则集合的多个片段。 此外,该过程提供一个或多个指令以在存储介质上记录和加密该组内容的多个段。 此外,该过程向DRM组件提供多个内容规则集以被插入到与该组内容的加密相关联的本地生成和安全的内容许可中。 安全内容许可证包括主密钥和已经按照接收顺序接收的多个对应的内容规则集的列表。 该过程从DRM组件接收多个标记符号以便于特技模式回放。
-
公开(公告)号:US09171569B2
公开(公告)日:2015-10-27
申请号:US12108719
申请日:2008-04-24
IPC分类号: G11B20/00 , G11B27/30 , H04N7/167 , H04N21/254 , H04N21/4147 , H04N21/436 , H04N21/4367 , H04N21/4408 , H04N21/4627 , H04N21/835 , H04N21/8355 , H04N21/845
CPC分类号: G11B20/00086 , G11B20/00166 , G11B20/0021 , G11B20/00507 , G11B20/00731 , G11B27/30 , G11B2220/2516 , H04N7/1675 , H04N21/2541 , H04N21/4135 , H04N21/4147 , H04N21/43615 , H04N21/43622 , H04N21/4367 , H04N21/4408 , H04N21/4627 , H04N21/835 , H04N21/8355 , H04N21/8456
摘要: A process may be utilized by the DVR. The process receives a plurality of segments of a set of content and a plurality of corresponding content rule sets. Further, the process provides one or more instructions to record and encrypt the plurality of segments of the set of content on a storage medium. In addition, the process provides the plurality of content rule sets to the DRM component to be inserted into a locally generated and secured content license associated with the encryption of the set of content. The secured content license includes a master key and a list of the plurality of corresponding content rule sets that have been received in order of reception. The process receives a plurality of marker tokens from the DRM component in order to facilitate trick mode playback.
摘要翻译: DVR可以利用一个过程。 该过程接收一组内容和多个对应的内容规则集合的多个片段。 此外,该过程提供一个或多个指令以在存储介质上记录和加密该组内容的多个段。 此外,该过程向DRM组件提供多个内容规则集以被插入到与该组内容的加密相关联的本地生成和安全的内容许可中。 安全内容许可证包括主密钥和已经按照接收顺序接收的多个对应的内容规则集的列表。 该过程从DRM组件接收多个标记符号以便于特技模式回放。
-
4.发明授权公开(公告)号:US07818792B2
公开(公告)日:2010-10-19
申请号:US10067610
申请日:2002-02-04
IPC分类号: G06F7/04
CPC分类号: H04L63/062 , H04L9/083 , H04L9/0841 , H04L9/3213 , H04L63/0807 , H04L2209/34 , H04L2209/56 , H04L2209/60
摘要: A method and system (100) for providing third party authentication when requesting content and/or services from an application server (106). The method is applicable to key management protocols that utilize the concept of tickets. The method and system include a client (102) being coupled with a third party application server (107), wherein the client submits a request for content from the third party application server and the third party application server returns requested information and corresponding authentication. The client further couples with a first application server (106), wherein the client submits a key request (KEY_REQ) including the third party server information and corresponding authentication to the first application server. The first application server authenticates the third party server information and verifies client authorization based on third party information. The first application server returns a key reply (KEY_REP) if the third party server information is authenticated and client authorization is verified.
摘要翻译: 一种用于在从应用服务器(106)请求内容和/或服务时提供第三方认证的方法和系统(100)。 该方法适用于利用机票概念的密钥管理协议。 所述方法和系统包括与第三方应用服务器(107)耦合的客户机(102),其中客户端从第三方应用服务器提交对内容的请求,并且第三方应用服务器返回所请求的信息和相应的认证。 客户端还与第一应用服务器(106)进行耦合,其中客户端向第一应用服务器提交包括第三方服务器信息和对应认证的密钥请求(KEY_REQ)。 第一应用服务器认证第三方服务器信息,并根据第三方信息验证客户端授权。 如果第三方服务器信息被认证并且验证了客户端授权,则第一个应用程序服务器返回一个密钥回复(KEY_REP)。
-
公开(公告)号:US20060047601A1
公开(公告)日:2006-03-02
申请号:US11180151
申请日:2005-07-13
CPC分类号: H04H60/14 , H04L9/083 , H04L9/0897 , H04L63/061 , H04L63/068 , H04L2209/60 , H04N7/1675 , H04N7/17336 , H04N21/26613 , H04N21/4383 , H04N21/4384 , H04N21/6125 , H04N21/63345
摘要: The present invention discloses an apparatus and method for distributing channel key data to an endpoint device. In one example, the present invention provides channel key data to at least one endpoint device prior to the endpoint device being tuned to at least one channel associated with the channel key data. The endpoint device is then informed of the expiration time of the channel key data and is subsequently, upon request, provided the replacement channel key data on a optimized basis (e.g. randomized or utilizing some other optimization algorithm) prior to the expiration time of the original channel key data.
摘要翻译: 本发明公开了一种用于将通道密钥数据分发到端点设备的装置和方法。 在一个示例中,本发明在将端点设备调谐到与频道密钥数据相关联的至少一个频道之前,向至少一个端点设备提供频道密钥数据。 然后,通知端点设备通道密钥数据的到期时间,并且随后根据请求,在原始的到期时间之前优化的基础(例如,随机化或利用一些其他优化算法)提供替换信道密钥数据 频道关键数据。
-
公开(公告)号:US20110119739A1
公开(公告)日:2011-05-19
申请号:US12622016
申请日:2009-11-19
IPC分类号: H04L29/06
CPC分类号: H04L63/108 , H04L63/0823 , H04L67/04 , H04W12/04 , H04W12/06
摘要: A method is provided for operating a consumer programming device that provisions consumer electronic devices. The method includes receiving over a communication link a first enable message that authorizes the consumer programming device to make available one or more resources which enable it to provide services to consumer electronic devices. Services are provided to consumer electronic devices up until all the resources have been exhausted. Additional consumer electronic devices are provided with services only if a second enable message is received over the communication link.
摘要翻译: 提供了一种用于操作为消费者电子设备提供消费者编程设备的方法。 该方法包括通过通信链路接收授权消费者编程设备使可用的一个或多个资源使其能够向消费者电子设备提供服务的第一启用消息。 向消费电子设备提供服务,直到所有资源耗尽。 仅当通过通信链路接收到第二启用消息时,附加消费者电子设备才被提供有服务。
-
7.发明授权Dynamic cryptographic subscriber-device identity binding for subscriber mobility 有权动态加密用户设备身份绑定用于用户移动性公开(公告)号:US08555361B2
公开(公告)日:2013-10-08
申请号:US13036139
申请日:2011-02-28
IPC分类号: G06F21/00
CPC分类号: H04L63/126 , H04L9/0861 , H04L9/3213 , H04L9/3263 , H04L63/061 , H04L63/08 , H04L63/0892 , H04L63/162 , H04L2209/603 , H04L2463/061 , H04L2463/082
摘要: A method of authentication and authorization over a communication system is provided. The method performs a first authentication of a device based on a set of device identity and credentials. The first authentication includes creation of a first set of keying material. The method also includes performing a second authentication of a subscriber based on a set of subscriber identity and credentials. The second authentication includes creation of a second set of keying material. A set of compound key material is created with a key derivation mechanism that uses the first set of keying material and the second set of keying material. A binding token is created by cryptographically signing at least the device identity authenticated in the first authentication and the subscriber identity authenticated in the second authentication using the set of compound keying material. The signed binding token is exchanged for verification with an authenticating and authorizing party.
摘要翻译: 提供了一种通信系统的认证和授权方法。 该方法基于一组设备身份和凭证来执行设备的第一认证。 第一认证包括创建第一组密钥材料。 该方法还包括基于一组订户身份和凭证来执行订户的第二认证。 第二认证包括创建第二组密钥材料。 使用密钥导出机制创建一组复合密钥材料,该机制使用第一组密钥材料和第二组密钥材料。 绑定令牌是通过使用该组复合密钥材料至少加密地签名在第一认证中认证的设备身份和在第二认证中认证的用户身份来创建的。 签署的绑定令牌与认证和授权方交换验证。
-
公开(公告)号:US20120042160A1
公开(公告)日:2012-02-16
申请号:US13207394
申请日:2011-08-10
CPC分类号: H04L63/0884 , H04L9/0844 , H04L9/321 , H04L9/3271 , H04L63/067 , H04L63/0892 , H04L63/105 , H04L63/166
摘要: A method of authentication and authorization over a communications system is provided. Disclosed herein are systems and methods for creating a cryptographic evidence, called authentication/authorization evidence, AE, when a successful authentication/authorization between a client and an authentication server is complete. There are a variety of methods for generating AE. For instance, the AE can be data that is exchanged during the authentication signaling or data that results from it. A distinctive point being that AE results from the authentication process and is used as prior state for the following TLS exchange. An example for creation of AE, is as follows: EAP authentications typically result in an Extended Master Session Key (EMSK). The EMSK can be used to create an Evidence Master Key (EMK) that can then be used to create AE for a variety of servers.
摘要翻译: 提供了一种通信系统的认证和授权方法。 本文公开了当客户端和认证服务器之间的成功认证/授权完成时,用于创建加密证据的系统和方法,称为认证/授权证据。 有多种生成AE的方法。 例如,AE可以是在认证信令期间交换的数据或由其产生的数据。 一个独特之处在于,AE来自认证过程,并被用作以下TLS交换的先前状态。 创建AE的示例如下:EAP认证通常导致扩展主会话密钥(EMSK)。 EMSK可用于创建证据主密钥(EMK),然后可用于为各种服务器创建AE。
-
公开(公告)号:US20100071040A1
公开(公告)日:2010-03-18
申请号:US12233279
申请日:2008-09-18
CPC分类号: H04L63/20 , G06F21/33 , H04L63/0823
摘要: A method, a network element, and a client device for creating a trusted connection with a network are disclosed. A client device 104 may attempt to access a sub-network 106. The client device 104 may determine that a certificate of the sub-network 106 is issued by a certification authority absent from a device certificate trust list. The client device 104 may receive via the sub-network 106 a certificate trust list update 400 from a certificate trust list provider 108.
摘要翻译: 公开了一种用于创建与网络的可信连接的方法,网络元件和客户端设备。 客户端设备104可以尝试访问子网络106.客户端设备104可以确定子网络106的证书是由设备证书信任列表中不存在的证书颁发机构颁发的。 客户端设备104可以经由子网络106从证书信任列表提供者108接收证书信任列表更新400。
-
公开(公告)号:US08856509B2
公开(公告)日:2014-10-07
申请号:US13207394
申请日:2011-08-10
CPC分类号: H04L63/0884 , H04L9/0844 , H04L9/321 , H04L9/3271 , H04L63/067 , H04L63/0892 , H04L63/105 , H04L63/166
摘要: A method of authentication and authorization over a communications system is provided. Disclosed herein are systems and methods for creating a cryptographic evidence, called authentication/authorization evidence, AE, when a successful authentication/authorization between a client and an authentication server is complete. There are a variety of methods for generating AE. For instance, the AE can be data that is exchanged during the authentication signaling or data that results from it. A distinctive point being that AE results from the authentication process and is used as prior state for the following TLS exchange. An example for creation of AE, is as follows: EAP authentications typically result in an Extended Master Session Key (EMSK). The EMSK can be used to create an Evidence Master Key (EMK) that can then be used to create AE for a variety of servers.
摘要翻译: 提供了一种通信系统的认证和授权方法。 本文公开了当客户端和认证服务器之间的成功认证/授权完成时,用于创建加密证据的系统和方法,称为认证/授权证据。 有多种生成AE的方法。 例如,AE可以是在认证信令期间交换的数据或由其产生的数据。 一个独特之处在于,AE来自认证过程,并被用作以下TLS交换的先前状态。 创建AE的示例如下:EAP认证通常导致扩展主会话密钥(EMSK)。 EMSK可用于创建证据主密钥(EMK),然后可用于为各种服务器创建AE。
-
-
-
-
-
-
-
-
-
搜索结果
128 条记录 (耗时 0.022 秒)
