公开(公告)号：US06366970B1

公开(公告)日：2002-04-02

申请号：US09283947

申请日：1999-04-01

申请人： Robert M. Wolff ,  Randy Langer

发明人： Robert M. Wolff ,  Randy Langer

IPC分类号： G06F1314

CPC分类号： H04N21/4435 ,  H04N19/70

摘要： A method and apparatus for optimal handling of high bandwidth streaming data in a computer system minimizes computational activities to achieve maximal performance. This performance improvement is accomplished by minimizing the amount of memory copying and also by minimizing the number of allocation and deallocations of objects which occur. Memory copying is a CPU/bandwidth intense operation when there is high speed streaming data on the input. The allocation and deallocation of objects is a system resource intense activity and requires a very significant amount of CPU processing per invocation in a computing device. Using a combination of techniques, the invention provides a technique that reduces both the number of memory copies as well as the number of objects which get allocated and deallocated during the course of operating on the streaming media data.

摘要翻译： 用于在计算机系统中优化处理高带宽流数据的方法和装置使计算活动最小化以实现最大性能。 通过最小化存储器复制的量并且通过最小化发生的对象的分配和释放的数量来实现这种性能改进。 当输入上有高速流数据时，内存复制是CPU /带宽强烈的操作。 对象的分配和释放是系统资源激烈的活动，并且在计算设备中每次调用需要非常大量的CPU处理。 使用技术的组合，本发明提供了一种减少存储器副本的数量以及在流媒体数据的操作过程中获得分配和释放的对象的数量的技术。

公开(公告)号：US06373898B1

公开(公告)日：2002-04-16

申请号：US09287535

申请日：1999-04-06

申请人： Randy Langer ,  Robert M. Wolff

发明人： Randy Langer ,  Robert M. Wolff

IPC分类号： H04N712

CPC分类号： H04N19/523 ,  H04N19/70

摘要： A word wise search is performed on an MPEG-2 stream. For every word, the invention finds word-aligned patterns of 0×00 0×00 or 0×00 0×01. The algorithm applied by the invention examines the input stream buffer for the first word aligned 0 in which further testing determines is the first byte of a valid start code, and sets the sub-buffer defined by the start of the search to the location of this discovered start-code as the zero-word reach. A second search is performed in the same part of the input stream buffer, this time looking for word aligned 1's (i.e. byte pattern 0×00 0×01). For each word aligned 1 that is a start code, an entry is made into a start code list. When all of these have been found, the offset of the start code ending the current zero-word reach is added to the list of start-code offsets. This process is repeated from the 0 word reach until the end of the buffer is encountered. If 0's are not word aligned, the start codes are found on the 1's search, otherwise the start codes are found on the first search.

摘要翻译： 在MPEG-2流上进行单词搜索。 对于每个单词，本发明找到0x00 0x00或0x00 0x01的字对齐模式。 本发明应用的算法检查第一个字对齐的输入流缓冲器0，其中进一步的测试确定是有效起始码的第一个字节，并将由搜索开始所定义的子缓冲区设置到该位置 发现起始码作为零字的覆盖。 在输入流缓冲器的相同部分执行第二次搜索，这次寻找字对齐1（即字节模式0x00 0x01）。 对于作为起始代码的每个对齐的字1，将条目作为开始代码列表。 当所有这些都被发现时，结束当前零字的到达的起始代码的偏移量被添加到起始代码偏移的列表中。 该过程从0字到达重复，直到遇到缓冲区的结尾。 如果0不是字对齐，则在1的搜索中找到起始码，否则在第一次搜索时找到起始码。

公开(公告)号：US20070277037A1

公开(公告)日：2007-11-29

申请号：US10237454

申请日：2002-09-06

申请人： Randy Langer

发明人： Randy Langer

IPC分类号： H04L9/00

CPC分类号： H04L9/3247 ,  G06F21/54 ,  H04L2209/38

摘要： This invention applies to software components that interconnect, as in a frameworks, such that only components “certified” by some designated authority can participate, partly or wholly, in the intended operation of the application. The main emphasis is to limit the set of such software components to those that have been deemed to operate in some specific manner and/or in the scope of some specified set of constraints. The initial application for this invention is to prevent piracy of copyrighted data in multimedia frameworks such as Microsoft DirectShow, but the general invention has much wider applicability. Most authentication systems perform their actions prior to using the software component in question. This invention differs significantly in that it performs validation at runtime, rather than before the component is run. Thus, the validation is always at the most vulnerable point in a component's lifetime so far as counterfeiting is concerned.

摘要翻译： 本发明适用于如在框架中互连的软件组件，使得仅某些指定机构“认证”的组件可以部分或全部地参与应用程序的预期操作。 主要的重点是将这些软件组件的集合限制为被认为以某种特定方式和/或某些特定的约束集合范围内运行的软件组件。 本发明的初始应用是防止诸如Microsoft DirectShow之类的多媒体框架中的版权数据的盗版，但是一般发明具有更广泛的适用性。 大多数认证系统在使用相关软件组件之前执行其操作。 本发明在运行时执行验证而不是在组件运行之前显着地不同。 因此，鉴于伪造问题，验证总是处于组件生命周期中最脆弱的一点。

公开(公告)号：US07210134B1

公开(公告)日：2007-04-24

申请号：US10237515

申请日：2002-09-06

申请人： Randy Langer

发明人： Randy Langer

IPC分类号： G06F9/45 ,  G06F9/44

CPC分类号： G06F21/14 ,  G06F9/4484

摘要： A given software process is composed on one or more threads of execution. Each thread possesses its own stack, a region of memory set aside by the operating system for that thread to store data. Popular programming languages rely heavily on stack-based data (frequently referred to as “local” or “automatic” data). It is a characteristic of deterministic machines like computers that, given the same problem to process with the same data, the same results, both intermediate and final, will result. This even extends to the sequence the software running on the computer will take to process the problem or data. This in turn means that for each thread making up the program, the data layout in the thread's stack will be relatively consistent each time the program gets to a similar point in the processing of the problem and/or data. This represents a potential “point of repeatability” that a hacker can take advantage of. Embodiments of the current invention address this by introducing random amounts of “padding” into a thread's stack, such that all data objects that exist “below” that point in the stack are offset by the amount of this random padding. A thread could have several points in its stack where the padding is introduced, resulting in better (more difficult to hack) randomization.

摘要翻译： 给定的软件过程由一个或多个执行线程组成。 每个线程都拥有自己的堆栈，这是由该线程存储数据的操作系统旁边的一个内存区域。 流行的编程语言严重依赖于基于堆栈的数据（通常称为“本地”或“自动”数据）。 像计算机这样的确定性机器的特征是，由于同样的问题需要处理相同的数据，相同的结果将会产生中间和最终的结果。 这甚至延伸到计算机上运行的软件将处理问题或数据的顺序。 这反过来意味着，对于构成程序的每个线程，线程堆栈中的数据布局在每次程序在处理问题和/或数据时达到类似的点时将相对一致。 这表示黑客可以利用的潜在的“可重复性点”。 本发明的实施例通过将随机量的“填充”引入到线程的堆栈中来解决这个问题，使得在堆栈中指向的“低于”存在的所有数据对象被该随机填充的量偏移。 一个线程在堆栈中可能有几个点，其中引入了填充，导致更好（更难以攻击）随机化。

公开(公告)号：US08001371B2

公开(公告)日：2011-08-16

申请号：US12555748

申请日：2009-09-08

申请人： Randy Langer

发明人： Randy Langer

IPC分类号： H04L29/06 ,  G06F7/04 ,  G06F15/16 ,  G06F17/30

CPC分类号： H04L9/3297 ,  H04L9/0833 ,  H04L9/302 ,  H04L9/3263 ,  H04L63/0442 ,  H04L63/065 ,  H04L63/0823 ,  H04L63/126

摘要： A method and system for authorizing client devices to receive secured data streams through the use of digital certificates embedded in the client devices. A freely distributed cryptographically signed group file with an embedded expiration date is associated with each individual digital certificate. A single group file can be associated with more than one digital certificate but each digital certificate is associated with a single group file. The group file contains cryptographic keys that can be used to decrypt a section of the digital certificate revealing a set of client keys. The client keys are then used to encrypt a program key which are then sent back to the client device. When the client device requests a specific data stream or digital content, an issuance timestamp associated with the content is compared to the expiration date in the group file. If the issuance timestamp is after the expiration date, the client device is declined. If the issuance timestamp is before the expiration date, the requested content, encrypted utilizing the program key, is sent to the client device.

摘要翻译： 一种用于授权客户端设备通过使用嵌入在客户端设备中的数字证书来接收安全数据流的方法和系统。 具有嵌入的到期日期的免费分发的加密签名的组文件与每个单独的数字证书相关联。 单个组文件可以与多个数字证书相关联，但每个数字证书与单个组文件相关联。 组文件包含加密密钥，可用于解密显示一组客户端密钥的数字证书的一部分。 客户端密钥然后用于加密程序密钥，然后将其发送回客户端设备。 当客户端设备请求特定数据流或数字内容时，将与内容相关联的发布时间戳与组文件中的到期日期进行比较。 如果发布时间戳记在到期日之后，客户端设备被拒绝。 如果发布时间戳在到期日期之前，则使用程序密钥加密的所请求的内容被发送到客户端设备。

公开(公告)号：US20050071631A1

公开(公告)日：2005-03-31

申请号：US10949963

申请日：2004-09-24

申请人： Randy Langer

发明人： Randy Langer

IPC分类号： H04L9/08 ,  H04L9/30 ,  H04L9/32 ,  H04L29/06 ,  H04L9/00

CPC分类号： H04L9/3297 ,  H04L9/0833 ,  H04L9/302 ,  H04L9/3263 ,  H04L63/0442 ,  H04L63/065 ,  H04L63/0823 ,  H04L63/126

摘要： A method and system for authorizing client devices to receive secured data streams through the use of digital certificates embedded in the client devices. A freely distributed cryptographically signed group file with an embedded expiration date is associated with each individual digital certificate. A single group file can be associated with more than one digital certificate but each digital certificate is associated with a single group file. The group file contains cryptographic keys that can be used to decrypt a section of the digital certificate revealing a set of client keys. The client keys are then used to encrypt a program key which are then sent back to the client device. When the client device requests a specific data stream or digital content, an issuance timestamp associated with the content is compared to the expiration date in the group file. If the issuance timestamp is after the expiration date, the client device is declined. If the issuance timestamp is before the expiration date, the requested content, encrypted utilizing the program key, is sent to the client device.

摘要翻译： 一种用于授权客户端设备通过使用嵌入在客户端设备中的数字证书来接收安全数据流的方法和系统。 具有嵌入的到期日期的免费分发的加密签名的组文件与每个单独的数字证书相关联。 单个组文件可以与多个数字证书相关联，但每个数字证书与单个组文件相关联。 组文件包含加密密钥，可用于解密显示一组客户端密钥的数字证书的一部分。 客户端密钥然后用于加密程序密钥，然后将其发送回客户端设备。 当客户端设备请求特定数据流或数字内容时，将与内容相关联的发布时间戳与组文件中的到期日期进行比较。 如果发布时间戳记在到期日之后，客户端设备被拒绝。 如果发布时间戳在到期日期之前，则使用程序密钥加密的所请求的内容被发送到客户端设备。

公开(公告)号：US20100023759A1

公开(公告)日：2010-01-28

申请号：US12555748

申请日：2009-09-08

申请人： Randy Langer

发明人： Randy Langer

IPC分类号： H04L9/00

CPC分类号： H04L9/3297 ,  H04L9/0833 ,  H04L9/302 ,  H04L9/3263 ,  H04L63/0442 ,  H04L63/065 ,  H04L63/0823 ,  H04L63/126

摘要： A method and system for authorizing client devices to receive secured data streams through the use of digital certificates embedded in the client devices. A freely distributed cryptographically signed group file with an embedded expiration date is associated with each individual digital certificate. A single group file can be associated with more than one digital certificate but each digital certificate is associated with a single group file. The group file contains cryptographic keys that can be used to decrypt a section of the digital certificate revealing a set of client keys. The client keys are then used to encrypt a program key which are then sent back to the client device. When the client device requests a specific data stream or digital content, an issuance timestamp associated with the content is compared to the expiration date in the group file. If the issuance timestamp is after the expiration date, the client device is declined. If the issuance timestamp is before the expiration date, the requested content, encrypted utilizing the program key, is sent to the client device.

摘要翻译： 一种用于授权客户端设备通过使用嵌入在客户端设备中的数字证书来接收安全数据流的方法和系统。 具有嵌入的到期日期的免费分发的加密签名的组文件与每个单独的数字证书相关联。 单个组文件可以与多个数字证书相关联，但每个数字证书与单个组文件相关联。 组文件包含加密密钥，可用于解密显示一组客户端密钥的数字证书的一部分。 客户端密钥然后用于加密程序密钥，然后将其发送回客户端设备。 当客户端设备请求特定数据流或数字内容时，将与内容相关联的发布时间戳与组文件中的到期日期进行比较。 如果发布时间戳记在到期日之后，客户端设备被拒绝。 如果发布时间戳在到期日期之前，则使用程序密钥加密的所请求的内容被发送到客户端设备。

公开(公告)号：US07590840B2

公开(公告)日：2009-09-15

申请号：US10949963

申请日：2004-09-24

申请人： Randy Langer

发明人： Randy Langer

IPC分类号： H04L9/00

CPC分类号： H04L9/3297 ,  H04L9/0833 ,  H04L9/302 ,  H04L9/3263 ,  H04L63/0442 ,  H04L63/065 ,  H04L63/0823 ,  H04L63/126

摘要： A method and system for authorizing client devices to receive secured data streams through the use of digital certificates embedded in the client devices. A freely distributed cryptographically signed group file with an embedded expiration date is associated with each individual digital certificate. A single group file can be associated with more than one digital certificate but each digital certificate is associated with a single group file. The group file contains cryptographic keys that can be used to decrypt a section of the digital certificate revealing a set of client keys. The client keys are then used to encrypt a program key which are then sent back to the client device. When the client device requests a specific data stream or digital content, an issuance timestamp associated with the content is compared to the expiration date in the group file. If the issuance timestamp is after the expiration date, the client device is declined. If the issuance timestamp is before the expiration date, the requested content, encrypted utilizing the program key, is sent to the client device.

摘要翻译： 一种用于授权客户端设备通过使用嵌入在客户端设备中的数字证书来接收安全数据流的方法和系统。 具有嵌入的到期日期的免费分发的加密签名的组文件与每个单独的数字证书相关联。 单个组文件可以与多个数字证书相关联，但每个数字证书与单个组文件相关联。 组文件包含加密密钥，可用于解密显示一组客户端密钥的数字证书的一部分。 客户端密钥然后用于加密程序密钥，然后将其发送回客户端设备。 当客户端设备请求特定数据流或数字内容时，将与内容相关联的发布时间戳与组文件中的到期日期进行比较。 如果发布时间戳记在到期日之后，客户端设备被拒绝。 如果发布时间戳在到期日期之前，则使用程序密钥加密的所请求的内容被发送到客户端设备。

公开(公告)号：US20060075507A1

公开(公告)日：2006-04-06

申请号：US11240843

申请日：2005-09-30

申请人： Randy Langer

发明人： Randy Langer

IPC分类号： H04N7/16 ,  H04L9/32 ,  G06F17/30 ,  G06F7/04 ,  G06K9/00 ,  H03M1/68 ,  H04K1/00 ,  H04L9/00

CPC分类号： H04L9/3263 ,  H04L9/3247 ,  H04L2209/603

摘要： Some embodiments provide methods and systems for use in processing encrypted media content through a media processing stack, wherein the media processing stack comprises one or more ordered and successively arranged processing components. These embodiments receive the media content at each successive processing component and pass the media content to a successive processing component; optionally process the media content at each processing component; receive one or more decryption keys associated with the media content at one of the processing components; relay the decryption keys to one or more successive processing components to a decrypting one of the processing components that is capable of decrypting the media content, and decrypt the media content at the decrypting one of the processing components before passing the media content to the successive processing component.

摘要翻译： 一些实施例提供了用于通过媒体处理栈来处理加密的媒体内容的方法和系统，其中媒体处理栈包括一个或多个有序且连续排列的处理组件。 这些实施例在每个连续处理组件处接收媒体内容，并将媒体内容传递给连续的处理组件; 可选地在每个处理组件处理媒体内容; 在所述处理组件之一处接收与所述媒体内容相关联的一个或多个解密密钥; 将解密密钥中继到一个或多个连续的处理组件，以解密能够对媒体内容进行解密的处理组件之一，并且在将媒体内容传递到连续处理之前对解密处理组件之一解密媒体内容 零件。