公开(公告)号：WO2009009191A2

公开(公告)日：2009-01-15

申请号：PCT/US2008/060715

申请日：2008-04-18

Applicant: GENERAL INSTRUMENT CORPORATION ,  PETERKA, Petr ,  MEDVINSKY, Alexander ,  MORONEY, Paul

Inventor： PETERKA, Petr ,  MEDVINSKY, Alexander ,  MORONEY, Paul

CPC classification number: G06F21/10 ,  G06Q10/06

Abstract: A process composes a content license for a set of content. The content license has a static portion and a dynamic portion. Further, the process inserts a master key into the static portion. In addition, the process inserts a plurality of content rule sets of values into the dynamic portion and composes a unique content encryption key for each segment of content associated with one of the content rule sets of values as each of the content rule sets of values is sequentially received during recording of the content. The unique content encryption key is based on the master key and at least a subset of the content rule set of values for a corresponding segment of the content. The unique content encryption key is utilized for encryption of each segment of the content to generate a plurality of encrypted content segments for storage on the storage medium.

Abstract translation: 一个进程组成一组内容的内容许可证。 内容许可证具有静态部分和动态部分。 此外，该过程将主密钥插入静态部分。 此外，该过程将多个内容规则集值集合插入到动态部分中，并且对于与内容规则集值之一相关联的每个内容段，构成唯一内容加密密钥，因为每个内容规则集值是 在记录内容期间顺序地接收。 唯一内容加密密钥基于主密钥以及内容的相应段的内容规则集合的集合的至少一个子集。 独特的内容加密密钥用于加密内容的每个段，以生成用于存储在存储介质上的多个加密的内容段。

公开(公告)号：WO2006135504A2

公开(公告)日：2006-12-21

申请号：PCT/US2006/017492

申请日：2006-05-05

Applicant: GENERAL INSTRUMENT CORPORATION ,  PETERKA, Petr ,  ABU-AMARA, Hosame, H. ,  KRAVITZ, David, W. ,  MEDVINSKY, Alexander

Inventor： PETERKA, Petr ,  ABU-AMARA, Hosame, H. ,  KRAVITZ, David, W. ,  MEDVINSKY, Alexander

IPC: H04L9/00

CPC classification number: G06F21/10 ,  H04L9/3263 ,  H04L9/3271 ,  H04L63/045 ,  H04L63/126 ,  H04L2209/603 ,  H04N21/43615 ,  H04N21/835

Abstract: Method and apparatus for transferring protected content between digital rights management systems is described. One aspect of the invention relates to importing content from an upstream digital rights management (DRM) system into a device in a downstream DRM system. Data is received that associates at least one device in the downstream DRM system with a rights issuer module (RIM). Authenticity of the data is verified as originating from an entity in a trust hierarchy of the device. If the data is authentic and the device is one of the at least one device associated with the RIM, a ciphertext version of the content and a corresponding content license is accepted from the RIM.

Abstract translation: 描述了在数字版权管理系统之间传送受保护内容的方法和装置。 本发明的一个方面涉及将内容从上游数字权限管理（DRM）系统导入下游DRM系统中的设备。 接收将下游DRM系统中的至少一个设备与权限发布者模块（RIM）相关联的数据。 数据的真实性被验证为源自设备的信任层次结构中的实体。 如果数据是真实的，并且设备是与RIM相关联的至少一个设备之一，则从RIM接受内容的密文版本和对应的内容许可证。

公开(公告)号：WO2006071495A3

公开(公告)日：2006-07-06

申请号：PCT/US2005/044818

申请日：2005-12-12

Applicant: GENERAL INSTRUMENT CORPORATION ,  MEDVINSKY, Alexander

Inventor： MEDVINSKY, Alexander

IPC: G06Q99/00 ,  H04K1/00 ,  H04L9/00

Abstract: A digital rights management method (250) and apparatus (10) for protecting digital content enables a flexible pricing model to be implemented that accounts for a subscriber's current subscription type. The digital rights management method (250) provides (251) a purchase option element for each protected digital content. This purchase option element includes specifying a set of content usage rules (which may or may not allow for the content to be saved persistently). The digital rights management method (250) also includes specifying (252) a cost for each protected digital content associated with the set of content usage rules. The digital rights management method (250) also includes specifying (253) a subscription group for the protected digital content associated with a set of content usage rules, which subscription group includes one or more subscription services and one or more associated incremental discounts for the protected digital content based on the one or more associated subscription services.

公开(公告)号：WO2006033997A2

公开(公告)日：2006-03-30

申请号：PCT/US2005/033042

申请日：2005-09-16

Applicant: GENERAL INSTRUMENT CORPORATION ,  MEDVINSKY, Alexander ,  MORONEY, Paul ,  PTERKA, Peter ,  SPRUNK, Eric, J.

Inventor： MEDVINSKY, Alexander ,  MORONEY, Paul ,  PTERKA, Peter ,  SPRUNK, Eric, J.

IPC: H04L9/00

CPC classification number: H04L9/0825 ,  G11B20/0021 ,  G11B20/00731 ,  H04L9/0822 ,  H04L9/083 ,  H04L2209/603 ,  H04N21/26606 ,  H04N21/26613 ,  H04N21/4181 ,  H04N21/63345 ,  H04N21/8355

Abstract: Described herein are embodiments that provide an approach to cryptographic key management for a digital rights management (DRM) architecture that includes multiple levels of key management for minimizing bandwidth usage while maximizing security for the DRM architecture. In one embodiment, there is provided a data structure for cryptographic key management that includes a public/private key pair and three additional layers of symmetric keys for authorizing access to a plurality of contents.

Abstract translation: 这里描述的是提供用于数字版权管理（DRM）架构的加密密钥管理的方法的实施例，其包括用于最小化带宽使用的多级密钥管理，同时最大化DRM架构的安全性。 在一个实施例中，提供了一种用于加密密钥管理的数据结构，其包括用于授权访问多个内容的公钥/私钥对和三个对称密钥层。

公开(公告)号：WO2005004391A1

公开(公告)日：2005-01-13

申请号：PCT/US2002/011165

申请日：2002-03-20

Applicant: GENERAL INSTRUMENT CORPORATION

Inventor： PETERKA, Petr ,  MEDVINSKY, Alexander ,  MORONEY, Paul

IPC: H04L12/14

CPC classification number: H04L63/0428 ,  H04L12/18 ,  H04L29/06027 ,  H04L63/062 ,  H04L65/4076 ,  H04L65/607 ,  H04L2463/101 ,  H04N7/162 ,  H04N21/234327 ,  H04N21/23439 ,  H04N21/23476 ,  H04N21/2542 ,  H04N21/25435 ,  H04N21/25875 ,  H04N21/26613 ,  H04N21/26616 ,  H04N21/44055 ,  H04N21/4623 ,  H04N21/47211 ,  H04N21/63345

Abstract: According to one embodiment of the invention, a free preview of a program can be provided to client computers in a multicasting system. This can allow viewers in the multicasting system to view a first portion of the program before deciding whether to order the program content. According to another embodiment, various distribution methods can be accomplished using encryption keys to distribute program content. According to yet another embodiment, an initial viewing period can be provided to allow negotiation of the encryption keys. According to another embodiment, rules and conditions for providing content in a multicasting environment can be utilized.

Abstract translation: 根据本发明的一个实施例，可以向组播系统中的客户端计算机提供程序的免费预览。 这可以允许多播系统中的观看者在决定是否订购节目内容之前查看节目的第一部分。 根据另一个实施例，可以使用加密密钥来完成各种分发方法来分发节目内容。 根据另一个实施例，可以提供初始观看周期以允许加密密钥的协商。 根据另一实施例，可以利用用于在多播环境中提供内容的规则和条件。

公开(公告)号：WO2003107625A1

公开(公告)日：2003-12-24

申请号：PCT/US2003/018782

申请日：2003-06-12

Applicant: GENERAL INSTRUMENT CORPORATION

Inventor： MEDVINSKY, Alexander ,  PETERKA, Petr ,  MORONEY, Paul

IPC: H04L29/06

CPC classification number: H04L63/0457 ,  G06F21/10 ,  G06F21/602 ,  G06F21/606 ,  H04L63/0407 ,  H04L63/062 ,  H04L63/0807 ,  H04L65/607 ,  H04L65/608

Abstract: A session rights object and authorization data are used for defining a consumer's access right to a media content stream. The access rights are determined at a caching server (115) remotely located from the consumer (116) rather than locally at the end user site. In a first aspect, in a computing network having a content provider (102), a key distribution center, a caching server (115) and a client (116) a method for controlling client access to a real-time data stream from the caching server, is disclosed. The method includes receiving, by the client, a session rights object from a content provider, the session rights object defining access rules for accessing the real-time data stream; receiving, by the client, authorization data from the key distribution center, the authorization data defining the client's access rights to the real-time data stream; forwarding to the caching server the session rights object and the authorization data; comparing, by the caching server, the session rights object with the authorization data to determine client authorization; and if the client is authorized, streaming, by the caching server, the real-time data stream to the client.

Abstract translation: 会话权限对象和授权数据用于定义消费者对媒体内容流的访问权限。 访问权限在远离消费者（116）的缓存服务器（115）确定，而不是在最终用户站点本地。 在第一方面，在具有内容提供商（102），密钥分配中心，缓存服务器（115）和客户机（116）的计算网络中，控制客户端从缓存中访问实时数据流的方法 服务器，被披露。 该方法包括从客户端接收来自内容提供商的会话权限对象，会话权限对象定义用于访问实时数据流的访问规则; 由客户端从密钥分配中心接收授权数据，定义客户端对实时数据流的访问权限; 转发到缓存服务器会话权限对象和授权数据; 通过缓存服务器比较会话权限对象与授权数据进行比较，以确定客户端授权; 并且如果客户端被授权，则通过缓存服务器流式传输到客户端的实时数据流。

公开(公告)号：WO2002063850A2

公开(公告)日：2002-08-15

申请号：PCT/US2001/051362

申请日：2001-10-26

Applicant: GENERAL INSTRUMENT CORPORATION

Inventor： PETERKA, Petr ,  SPRUNK, Eric ,  MORONEY, Paul ,  MEDVINSKY, Alexander

IPC: H04L29/06

CPC classification number: H04N21/23473 ,  H04N7/165 ,  H04N7/1675 ,  H04N7/17336 ,  H04N21/2225 ,  H04N21/23106 ,  H04N21/2347 ,  H04N21/2541 ,  H04N21/2543 ,  H04N21/26606 ,  H04N21/26609 ,  H04N21/4143 ,  H04N21/4405 ,  H04N21/44204 ,  H04N21/4627 ,  H04N21/47202 ,  H04N21/47211 ,  H04N21/63345 ,  H04N21/63775 ,  H04N21/6405 ,  H04N21/6587 ,  H04N21/8355 ,  H04N21/8549

Abstract: According to one embodiment of the invention, a free preview of a program can be provided to client computers in a multicasting system. This can allow viewers in the multicasting system to view a first portion of the program before deciding whether to order the program content. According to another embodiment, various distribution methods can be accomplished using encryption keys to distribute progam content. According to yet another embodiment, an initial viewing period can be provided to allow negociation of the encryption keys. According to another embodiment, rules and conditions for providing content in a multicasting environment can be utilized.

Abstract translation: 根据本发明的一个实施例，可以向组播系统中的客户端计算机提供程序的免费预览。 这可以允许多播系统中的观看者在决定是否订购节目内容之前查看节目的第一部分。 根据另一实施例，可以使用加密密钥来完成各种分发方法来分发程序内容。 根据另一个实施例，可以提供初始观看周期以允许加密密钥的否定。 根据另一实施例，可以利用用于在多播环境中提供内容的规则和条件。

公开(公告)号：WO2002062054A2

公开(公告)日：2002-08-08

申请号：PCT/US2001/051051

申请日：2001-10-26

Applicant: GENERAL INSTRUMENT CORPORATION

Inventor： PETERKA, Petr ,  MORONEY, Paul ,  SPRUNK, Eric ,  MEDVINSKY, Alexander

IPC: H04N5/00

CPC classification number: H04N21/23473 ,  H04N7/165 ,  H04N7/1675 ,  H04N7/17336 ,  H04N21/2225 ,  H04N21/23106 ,  H04N21/2347 ,  H04N21/2541 ,  H04N21/2543 ,  H04N21/26606 ,  H04N21/26609 ,  H04N21/4143 ,  H04N21/4405 ,  H04N21/44204 ,  H04N21/4627 ,  H04N21/47202 ,  H04N21/47211 ,  H04N21/63345 ,  H04N21/63775 ,  H04N21/6405 ,  H04N21/6587 ,  H04N21/8355 ,  H04N21/8549

Abstract: According to one embodiment of the invention, a free preview of a program can be provided to client computers in a multicasting system. This can allow viewers in the multicasting system to view a first portion of the program before deciding whether to order the program content. According to another embodiment, various distribution methods can be accomplished using encyrption keys to distribute program content. According to yet another embodiment, an initial viewing period can be provided to allow negotiation of the encryption keys. According to another embodiment, rules and conditions for providing content in a multicasting environment can be utilized.

Abstract translation: 根据本发明的一个实施例，可以向组播系统中的客户端计算机提供程序的免费预览。 这可以允许多播系统中的观看者在决定是否订购节目内容之前查看节目的第一部分。 根据另一个实施例，可以使用传播密钥来分发节目内容来实现各种分发方法。 根据另一个实施例，可以提供初始观看周期以允许加密密钥的协商。 根据另一实施例，可以利用用于在多播环境中提供内容的规则和条件。

公开(公告)号：WO2012112273A1

公开(公告)日：2012-08-23

申请号：PCT/US2012/022725

申请日：2012-01-26

Applicant: GENERAL INSTRUMENT CORPORATION ,  MOSKOVICS, Stuart P. ,  QIU, Xin ,  VOSS, Joel D. ,  MEDVINSKY, Alexander

Inventor： MOSKOVICS, Stuart P. ,  QIU, Xin ,  VOSS, Joel D. ,  MEDVINSKY, Alexander

IPC: G06F21/00

CPC classification number: G06F21/57

Abstract: A method and system generates and distributes unique cryptographic device keys. The method includes generating at least a first device key and encrypting the first device key with a first encrypting key to produce a first encrypted copy of the device key. The method also includes encrypting the first device key with a second encrypting key to produce a second encrypted copy of the device key. The second encrypting key is different from said first encrypting key. The first and second encrypted copies of the device keys are associated with a device ID identifying a computing device being manufactured. The second encrypted copy of the device key is loaded onto the computing device. The first encrypted copy of the device key and the device ID with which it is associated are stored onto at least one server for subsequent use after the computing device has been deployed to a customer.

Abstract translation: 方法和系统生成和分发唯一的加密设备密钥。 该方法包括至少生成第一设备密钥并用第一加密密钥加密第一设备密钥以产生设备密钥的第一加密副本。 该方法还包括用第二加密密钥加密第一设备密钥以产生设备密钥的第二加密副本。 第二加密密钥与所述第一加密密钥不同。 设备密钥的第一和第二加密副本与标识正在制造的计算设备的设备ID相关联。 设备密钥的第二个加密副本被加载到计算设备上。 在将计算设备部署到客户之后，设备密钥的第一加密副本和与其相关联的设备ID被存储在至少一个服务器上用于随后的使用。

公开(公告)号：WO2011106769A3

公开(公告)日：2011-09-01

申请号：PCT/US2011/026465

申请日：2011-02-28

Applicant: GENERAL INSTRUMENT CORPORATION ,  NAKHJIRI, Madjid, F. ,  HOEPER, Katrin ,  MEDVINSKY, Alexander

Inventor： NAKHJIRI, Madjid, F. ,  HOEPER, Katrin ,  MEDVINSKY, Alexander

IPC: H04L29/06

Abstract: A method of authentication and authorization over a communication system is provided. The method performs a first authentication of a device based on a set of device identity and credentials. The first authentication includes creation of a first set of keying material. The method also includes performing a second authentication of a subscriber based on a set of subscriber identity and credentials. The second authentication includes creation of a second set of keying material. A set of compound key material is created with a key derivation mechanism that uses the first set of keying material and the second set of keying material. A binding token is created by cryptographically signing at least the device identity authenticated in the first authentication and the subscriber identity authenticated in the second authentication using the set of compound keying material. The signed binding token is exchanged for verification with an authenticating and authorizing party.

Abstract translation: 提供了通过通信系统进行认证和授权的方法。 该方法基于一组设备身份和凭证来执行设备的第一认证。 第一次认证包括创建第一组键控材料。 该方法还包括基于一组订户身份和凭证来执行订户的第二认证。 第二次认证包括创建第二组键控材料。 使用第一组键控材料和第二组键控材料的键推导机制来创建一组复合键材料。 绑定令牌是通过使用该组复合密钥材料对至少第一认证中认证的设备身份和第二认证中认证的订户身份进行密码签名而创建的。 已签名的绑定令牌与验证和授权方进行交换以进行验证。