-
1.发明授权System and method for secure authentication of external software modules provided by third parties 失效由第三方提供的外部软件模块的安全认证系统和方法公开(公告)号:US07500109B2
公开(公告)日:2009-03-03
申请号:US11123373
申请日:2005-05-06
IPC分类号: H04L9/00
CPC分类号: G06F21/64 , G06Q20/3672 , H04L9/3234 , H04L9/3249 , H04L2209/56 , H04L2209/60
摘要: An external module loads into an entity's memory and is transformed by two functions. These are namely, the STOMP function and the UNSTOMP function. One or both of these functions is based on the actual code that is found in a legitimate version of the external module. The STOMP-UNSTOMP pair produces an external module that works differently if even a single byte of code in the external module has been changed by an attacker. The STOMP transforms the external module and makes it temporarily unusable whilst conversely, the UNSTOMP repairs the damage and makes it workable again. Thus, if the module is not authentic, the pairing between the STOMP and UNSTOMP is broken. Therefore, a patched module from a hacker remains unusable since the STOMP and UNSTOMP transformations do not produce a working external module. Because of the STOMP and UNSTOMP technique, an application is secure because if an external module is free from tampering then the application executes normally. In the event that an illicitly patched external module is loaded then the application fails. In either case, no audio, video or information content is illegally copied because of the disablement of the external module by the STOMP-UNSTOMP procedure.
摘要翻译: 外部模块加载到实体的存储器中,并由两个功能进行转换。 即STOMP功能和UNSTOMP功能。 这些功能中的一个或两个基于在外部模块的合法版本中找到的实际代码。 STOMP-UNSTOMP对产生一个外部模块,其工作方式不同,即使外部模块中的单个字节的代码被攻击者更改。 STOMP转换外部模块并使其暂时不可用,而相反地,UNSTOMP修复损坏并使其再次工作。 因此,如果模块不可靠,STOMP和UNSTOMP之间的配对将被破坏。 因此,来自黑客的补丁模块仍然不可用,因为STOMP和UNSTOMP转换不会产生工作的外部模块。 由于STOMP和UNSTOMP技术,应用程序是安全的,因为如果外部模块没有篡改,则应用程序正常执行。 如果加载了非法修补的外部模块,则应用程序将失败。 在任一种情况下,由于STOMP-UNSTOMP程序禁用外部模块,因此无法非法复制音频,视频或信息内容。
-
2.发明授权System and method for secure authentication of external software modules provided by third parties 失效由第三方提供的外部软件模块的安全认证系统和方法公开(公告)号:US06978375B1
公开(公告)日:2005-12-20
申请号:US09658253
申请日:2000-09-08
CPC分类号: G06F21/64 , G06Q20/3672 , H04L9/3234 , H04L9/3249 , H04L2209/56 , H04L2209/60
摘要: An external module loads into an entity's memory and is transformed by two functions. These are namely, the STOMP function and the UNSTOMP function. One or both of these functions is based on the actual code that is found in a legitimate version of the external module. The STOMP-UNSTOMP pair produces an external module that works differently if even a single byte of code in the external module has been changed by an attacker. The STOMP transforms the external module and makes it temporarily unusable whilst conversely, the UNSTOMP repairs the damage and makes it workable again. Thus, if the module is not authentic, the pairing between the STOMP and UNSTOMP is broken. Therefore, a patched module from a hacker remains unusable since the STOMP and UNSTOMP transformations do not produce a working external module. Because of the STOMP and UNSTOMP technique, an application is secure because if an external module is free from tampering then the application executes normally. In the event that an illicitly patched external module is loaded then the application fails. In either case, no audio, video or information content is illegally copied because of the disablement of the external module by the STOMP-UNSTOMP procedure.
摘要翻译: 外部模块加载到实体的存储器中,并由两个功能进行转换。 即STOMP功能和UNSTOMP功能。 这些功能中的一个或两个基于在外部模块的合法版本中找到的实际代码。 STOMP-UNSTOMP对产生一个外部模块,其工作方式不同,即使外部模块中的单个字节的代码被攻击者更改。 STOMP转换外部模块并使其暂时不可用,而相反地,UNSTOMP修复损坏并使其再次工作。 因此,如果模块不可靠,STOMP和UNSTOMP之间的配对将被破坏。 因此,来自黑客的补丁模块仍然不可用,因为STOMP和UNSTOMP转换不会产生工作的外部模块。 由于STOMP和UNSTOMP技术,应用程序是安全的,因为如果外部模块没有篡改,则应用程序正常执行。 如果加载了非法修补的外部模块,则应用程序将失败。 在任一种情况下,由于STOMP-UNSTOMP程序禁用外部模块,因此无法非法复制音频,视频或信息内容。
-
公开(公告)号:US07249264B2
公开(公告)日:2007-07-24
申请号:US10114140
申请日:2002-04-02
CPC分类号: H04L63/0428
摘要: A system, method and computer readable medium for providing secure IP-based streaming in a format independent manner is disclosed. The method on a content mastering system begins with an encoded media file consisting of content data and associated metadata. First, the metadata is read from the encoded media file. Next, the encoded media file including the content data and the associated metadata is encrypted. Then, in a streaming server system, the encoded/encrypted media file is divided into more than one data packet, streamed in accordance with one or more parameters in the metadata. Each data packet includes a portion of the encoded/encrypted media file and an offset value corresponding to a location within the encoded/encrypted media file. The data packets are then streamed to a client information processing system (i.e., the client) over a network.
摘要翻译: 公开了一种以格式独立的方式提供安全的基于IP的流传输的系统,方法和计算机可读介质。 内容母版制系统上的方法以包含内容数据和关联元数据的编码媒体文件开始。 首先,从编码的媒体文件中读取元数据。 接下来,加密包含内容数据和关联元数据的编码媒体文件。 然后,在流服务器系统中,编码/加密的媒体文件被分成多个数据包,根据元数据中的一个或多个参数流式传输。 每个数据分组包括编码/加密的媒体文件的一部分和对应于编码/加密的媒体文件内的位置的偏移值。 数据包然后通过网络流式传输到客户端信息处理系统(即,客户端)。
-
4.发明授权System, service, and method for enabling authorized use of distributed content on a protected media 有权允许在受保护媒体上授权使用分布式内容的系统,服务和方法公开(公告)号:US07685636B2
公开(公告)日:2010-03-23
申请号:US11072943
申请日:2005-03-07
CPC分类号: G06F21/10 , G06F2221/0711
摘要: A protected content distribution system utilizes media-based copy protection to support online distribution of protected content in a secure and legitimate fashion. Using a media-based copy protection scheme based on broadcast encryption, the protected content distribution system realizes online distribution of protected content such as, for example audio files, movies, etc, authorizing consumption of unlicensed content by transfer of a unique encrypted key to the protected media. This transaction is fast, involving the transfer of an encrypted binding key rather than the protected content. Content is enabled through a unique encrypted key on protected media accessed through a device separate from the media driver.
摘要翻译: 受保护的内容分发系统利用基于媒体的复制保护来以安全和合法的方式支持受保护内容的在线分发。 使用基于广播加密的基于媒体的复制保护方案,受保护的内容分发系统实现受保护内容的在线分发,例如音频文件,电影等,授权通过将唯一的加密密钥传送到 受保护的媒体。 此事务快速,涉及转移加密的绑定密钥而不是受保护的内容。 通过与媒体驱动程序分开的设备访问的受保护媒体上的唯一加密密钥启用内容。
-
5.发明授权Device archiving of past cluster binding information on a broadcast encryption-based network 有权在基于广播加密的网络上设备归档过去的集群绑定信息公开(公告)号:US09009489B2
公开(公告)日:2015-04-14
申请号:US13585950
申请日:2012-08-15
CPC分类号: H04L9/0866 , H04L2209/601
摘要: Provided are techniques for the creation and storage of an archive for binding IDs corresponding to a cluster of devices that render content protected by a broadcast encryption scheme. When two or more clusters are merged, a binding ID corresponding to one of the clusters is selected and a new management key is generated. Binding IDs associated with the clusters other than the cluster associated with the selected binding ID are encrypted using the new management key and stored on a cluster-authorized device in a binding ID archive. Content stored in conformity with an outdated binding ID is retrieved by decrypting the binding ID archive with the management key, recalculating an old management key and decrypting the stored content.
摘要翻译: 提供了用于创建和存储用于绑定ID的存档的技术,所述绑定ID对应于呈现由广播加密方案保护的内容的设备的集群。 当两个或更多个集群合并时,选择与一个集群对应的绑定ID,并生成新的管理密钥。 与除与所选绑定ID相关联的集群之外的集群相关联的绑定ID使用新的管理密钥加密并存储在绑定ID归档中的集群授权设备上。 通过用管理密钥解密绑定ID档案,重新计算旧的管理密钥并解密所存储的内容来检索与过时的绑定ID一致的存储的内容。
-
公开(公告)号:US08265275B2
公开(公告)日:2012-09-11
申请号:US12895599
申请日:2010-09-30
申请人: Jeffrey B. Lotspiech
发明人: Jeffrey B. Lotspiech
IPC分类号: H04L29/06
CPC分类号: H04N7/1675 , H04N21/2347 , H04N21/26613 , H04N21/4405 , H04N21/4623 , H04N21/4627 , H04N21/8355
摘要: A cryptographic authentication system comprises an authentication media key block that comprises media key precursors. The system generates transformed keys by applying a function to a media ID of a media and each of the media key precursors, and generates entries in a binding table by applying an encrypting function to a media key of an encrypted content and each of the transformed keys. To play encrypted content, a media player processes the authentication media key block using a device key to extract a media key precursor, extracts a media key from the binding table using the extracted media key precursor and the media ID, and verifies that the extracted media key matches the media key of the encrypted content, allowing the media device to decrypt and play the encrypted content.
摘要翻译: 加密认证系统包括包括媒体密钥前体的认证媒体密钥块。 该系统通过将媒体ID和每个媒体密钥前导应用功能来生成变换密钥,并且通过对加密内容的媒体密钥和每个已变换密钥应用加密功能来生成绑定表中的条目 。 为了播放加密的内容,媒体播放器使用设备密钥处理认证媒体密钥块以提取媒体密钥前体,使用所提取的媒体密钥前身和媒体ID从绑定表提取媒体密钥,并且验证所提取的媒体 密钥与加密内容的媒体密钥相匹配,允许媒体设备解密并播放加密的内容。
-
7.发明申请公开(公告)号:US20090138731A1
公开(公告)日:2009-05-28
申请号:US12363876
申请日:2009-02-02
申请人: Hongxia Jin , Donald E. Leake, JR. , Jeffrey B. Lotspiech , Sigfredo I. Nin , Wilfred E. Plouffe
发明人: Hongxia Jin , Donald E. Leake, JR. , Jeffrey B. Lotspiech , Sigfredo I. Nin , Wilfred E. Plouffe
IPC分类号: G06F21/22
CPC分类号: G06F21/6218 , G06F21/14 , G06F21/51
摘要: A trusted Java virtual machine provides a method for supporting tamper-resistant applications, ensuring the integrity of an application and its secrets such as keys. The trusted Java virtual machine verifies the integrity of the Java application, prevents debugging of the Java application, and allows the Java application to securely store and retrieve secrets. The trusted Java virtual machine environment comprises a TrustedDictionary, a TrustedBundle, an optional encryption method for encrypting and decrypting byte codes, and an underlying trusted Java virtual machine. The encrypted TrustedDictionary protects data while the TrustedBundle protects programming code, allowing applications to store secret data and secure counters. The application designer can restrict TrustedBundle access to only those interfaces that the application designer explicitly exports. The open source code may optionally be encrypted. Secrets required by the open source programming code of the application are encrypted in TrustedDictionary.
摘要翻译: 受信任的Java虚拟机提供了一种支持防篡改应用程序的方法,确保应用程序的完整性及其密钥(如密钥)。 受信任的Java虚拟机验证Java应用程序的完整性,防止Java应用程序的调试,并允许Java应用程序安全地存储和检索秘密。 受信任的Java虚拟机环境包括TrustedDictionary,TrustedBundle,用于加密和解密字节代码的可选加密方法,以及底层可信Java虚拟机。 加密的TrustedDictionary保护数据,而TrustedBundle保护编程代码,允许应用程序存储秘密数据和安全计数器。 应用程序设计人员可以将TrustedBundle访问限制为应用程序设计程序明确导出的那些接口。 可以可选地加密开源代码。 应用程序的开源编程代码所需的秘密在TrustedDictionary中加密。
-
公开(公告)号:US20090034783A1
公开(公告)日:2009-02-05
申请号:US11833981
申请日:2007-08-04
IPC分类号: G06K9/00
CPC分类号: G11B20/00086 , G11B20/00884 , G11B20/00898 , H04N21/2541 , H04N21/42646 , H04N21/4627 , H04N21/835 , H04N21/8358
摘要: A system and method are provided for facilitating the playing of a watermarked video having the “birthday problem”. Consumers send the problem disc to an authorization center where the disc is analyzed to determine if it is a legitimate disc. The authorization center generates a digital certificate uniquely associated with the disc and with the video and embeds the digital certificate into the disc. The digital certificate will cause a video player to play the video without checking for the watermark.
摘要翻译: 提供了一种用于促进播放具有“生日问题”的带水印的视频的系统和方法。 消费者将问题光盘发送到光盘被分析的授权中心,以确定它是否是合法光盘。 授权中心生成与光盘和视频唯一相关联的数字证书,并将数字证书嵌入到光盘中。 数字证书将导致视频播放器播放视频而不检查水印。
-
9.发明申请METHOD, SYSTEM AND PROGRAM PRODUCT FOR ATTACHING A TITLE KEY TO ENCRYPTED CONTENT FOR SYNCHRONIZED TRANSMISSION TO A RECIPIENT 审中-公开方法,系统和程序产品,用于连接加密内容以同步传输到接收方的名称公开(公告)号:US20080273702A1
公开(公告)日:2008-11-06
申请号:US12034421
申请日:2008-02-20
申请人: Eric M. Foster , Jeffrey B. Lotspiech , Florian Pestoni , Wilfred E. Plouffe , Frank A. Schaffa
发明人: Eric M. Foster , Jeffrey B. Lotspiech , Florian Pestoni , Wilfred E. Plouffe , Frank A. Schaffa
IPC分类号: H04L9/06
CPC分类号: H04L9/0822 , G11B20/0021 , G11B20/00362 , H04L9/083 , H04L9/12 , H04L63/045 , H04L2209/603 , H04L2463/101
摘要: A method and system for attaching a title key to encrypted content for synchronized transmission to, or storage by, a recipient is provided. Specifically, under the present invention, an elementary media stream is parceled into content units that each include a content packet and a header. The content packets are encrypted with one or more title keys. Once the content packets have been encrypted, the title keys are themselves encrypted with a key encrypting key. The encrypted title keys are then attached to the corresponding encrypted content packets for synchronized transmission to a recipient.
摘要翻译: 提供了一种用于将标题密钥附加到加密内容以用于同步发送到或由接收者存储的方法和系统。 具体地说,在本发明中,将基本媒体流分解成各自包含内容分组和头部的内容单元。 内容分组用一个或多个标题密钥加密。 一旦内容分组被加密,标题密钥本身就用密钥加密密钥加密。 然后将加密的标题密钥附加到相应的加密内容分组,以便同步发送给接收方。
-
10.发明申请SYSTEM AND METHOD FOR GUARANTEEING SOFTWARE INTEGRITY VIA COMBINED HARDWARE AND SOFTWARE AUTHENTICATION 有权通过组合硬件和软件认证来保护软件完整性的系统和方法公开(公告)号:US20080215885A1
公开(公告)日:2008-09-04
申请号:US11764748
申请日:2007-06-18
申请人: Jeffrey B. Lotspiech
发明人: Jeffrey B. Lotspiech
CPC分类号: H04L9/3249 , G06F21/64 , G06Q10/087 , H04L9/302 , H04L9/3236 , H04L2209/127 , H04L2209/56 , H04L2209/603
摘要: A system, method, and computer program product enabling individual user devices to authenticate and validate a digital message sent by a distribution center, without requiring transmissions to the distribution center. The center transmits the message with an appended modulus that is the product of two specially selected primes. The transmission also includes an appended authentication value that is based on an original message hash value, a new message hash value, and the modulus. The new message hash value is designed to be the center's public RSA key; a corresponding private RSA key is also computed. Individual user devices combine a digital signet, a public modulus, preferably unique hardware-based numbers, and an original message hash to compute a unique integrity value K. Subsequent messages are similarly processed to determine new integrity values K′, which equal K if and only if new messages originated from the center and have not been corrupted.
摘要翻译: 一种系统,方法和计算机程序产品,其使得各个用户设备能够对分发中心发送的数字消息进行认证和验证,而不需要向分发中心传输。 中心传输具有两个特别选择的素数的乘积的附加模数的消息。 传输还包括基于原始消息散列值,新消息散列值和模数的附加认证值。 新消息哈希值被设计为中心的公共RSA密钥; 还计算相应的专用RSA密钥。 单个用户设备组合数字签名,公共模块,优选地基于唯一的基于硬件的号码和原始消息散列以计算唯一的完整性值K.类似地处理后续消息以确定新的完整性值K',其等于K if 只有新消息始发于中心并且没有被破坏。
-
-
-
-
-
-
-
-
-
搜索结果
46 条记录 (耗时 0.022 秒)
