公开(公告)号：WO2010144898A1

公开(公告)日：2010-12-16

申请号：PCT/US2010/038475

申请日：2010-06-14

Applicant: GENERAL INSTRUMENT CORPORATION ,  SHAMSAASEF, Rafie ,  MEDVINSKY, Alexander ,  NAKHJIRI, Madjid F. ,  PETERKA, Petr

Inventor： SHAMSAASEF, Rafie ,  MEDVINSKY, Alexander ,  NAKHJIRI, Madjid F. ,  PETERKA, Petr

IPC: H04L29/06 ,  H04L9/32

CPC classification number: H04L63/0823 ,  H04L9/3268 ,  H04L63/10 ,  H04L2209/603 ,  H04L2209/76

Abstract: Systems and methods are disclosed for providing certificate status information about a certificate includes receiving, at a Certificate Status Information Protocol (CSIP) proxy device the certificate identity information about the certificate of the second device. Then determining, using the CSIP proxy device, whether the certificate status information is stored in a CSIP proxy device memory. If the certificate status information is not stored in the CSIP proxy device memory, creating a CSIP request based on the certificate identity information and sending the CSIP request, including the certificate identity information, to a CSIP responder computer outside the local network domain. If the certificate status information is stored in the CSIP proxy device memory, sending the certificate status information to the first device. Also, a system and method are disclosed for using a CSIP responder computer.

Abstract translation: 公开了用于提供关于证书的证书状态信息的系统和方法，包括在证书状态信息协议（CSIP）代理设备处接收关于第二设备的证书的证书身份信息。 然后，使用CSIP代理设备确定证书状态信息是否存储在CSIP代理设备存储器中。 如果证书状态信息未存储在CSIP代理设备存储器中，则根据证书身份信息创建CSIP请求，并将CSIP请求（包括证书身份信息）发送到本地网络域之外的CSIP响应者计算机。 如果证书状态信息存储在CSIP代理设备存储器中，则将证书状态信息发送到第一设备。 此外，公开了一种用于使用CSIP应答计算机的系统和方法。

公开(公告)号：WO2010077515A3

公开(公告)日：2010-07-08

申请号：PCT/US2009/066178

申请日：2009-12-01

Applicant: GENERAL INSTRUMENT CORPORATION ,  ZHANG, Jiang ,  MEDVINSKY, Alexander

Inventor： ZHANG, Jiang ,  MEDVINSKY, Alexander

IPC: H04L9/32 ,  H04L9/08

Abstract: A domain key is securely distributed from a device in an existing network to a device outside the network. Each device generates the session key on its own using the first random number, the second random number, the Personal Identification Number, and the same key generation function. The device in the existing network sends the domain key encrypted with the session key to the other device.

公开(公告)号：WO2010065259A2

公开(公告)日：2010-06-10

申请号：PCT/US2009/064109

申请日：2009-11-12

Applicant: GENERAL INSTRUMENT CORPORATION ,  MEDVINSKY, Alexander

Inventor： MEDVINSKY, Alexander

IPC: G06F21/24 ,  G06Q50/00 ,  G06F9/00 ,  G06F9/32

CPC classification number: H04L9/0822 ,  G06F21/10 ,  G06F2221/0753 ,  H04L9/083 ,  H04L9/3213 ,  H04L63/0807 ,  H04L2209/60 ,  H04L2463/101

Abstract: The present invention is a method and system for accessing digital content stored on a computing device. An agreement between a subscriber and a content provider allows the subscriber to lease the digital content from the content provider, and download the digital content from a content server operated by the content provider. The method retrieves a service ticket for the computing device, and retrieves content rights for the digital content. The service ticket includes authorization data, and a session key, where the authorization data include authorized subscription services for the computing device. The content rights include required subscription services for the digital content and are delivered authenticated with the session key. The method allows access to the digital content when the authorized subscription services included with the authorization data match the required subscription services included with the content rights.

Abstract translation: 本发明是用于访问存储在计算设备上的数字内容的方法和系统。 用户和内容提供商之间的协议允许用户从内容提供商租赁数字内容，并从内容提供商操作的内容服务器下载数字内容。 该方法检索计算设备的服务票证，并检索数字内容的内容权限。 服务票包括授权数据和会话密钥，其中授权数据包括用于计算设备的授权订阅服务。 内容权限包括数字内容所需的订阅服务，并通过会话密钥进行验证。 当授权数据所包含的授权订阅服务与内容权限所包含的所需订阅服务相匹配时，该方法允许访问数字内容。

公开(公告)号：WO2008134463A1

公开(公告)日：2008-11-06

申请号：PCT/US2008/061485

申请日：2008-04-25

Applicant: GENERAL INSTRUMENT CORPORATION ,  SHAMSAASEF, Rafie ,  PETERKA, Petr ,  MEDVINSKY, Alexander ,  MORONEY, Paul

Inventor： PETERKA, Petr ,  MEDVINSKY, Alexander ,  MORONEY, Paul

IPC: G11B20/00 ,  G11B27/30 ,  H04N7/167 ,  H04N7/24

CPC classification number: G11B20/00086 ,  G11B20/00166 ,  G11B20/0021 ,  G11B20/00507 ,  G11B20/00731 ,  G11B27/30 ,  G11B2220/2516 ,  H04N7/1675 ,  H04N21/2541 ,  H04N21/4135 ,  H04N21/4147 ,  H04N21/43615 ,  H04N21/43622 ,  H04N21/4367 ,  H04N21/4408 ,  H04N21/4627 ,  H04N21/835 ,  H04N21/8355 ,  H04N21/8456

Abstract: A process may be utilized by the DVR. The process receives a plurality of segments of a set of content and a plurality of corresponding content rule sets. Further, the process provides one or more instructions to record and encrypt the plurality of segments of the set of content on a storage medium. In addition, the process provides the plurality of content rule sets to the DRM component to be inserted into a locally generated and secured content license associated with the encryption of the set of content. The secured content license includes a master key and a list of the plurality of corresponding content rule sets that have been received in order of reception. The process receives a plurality of marker tokens from the DRM component in order to facilitate trick mode playback.

Abstract translation: DVR可以利用一个过程。 该过程接收一组内容和多个对应的内容规则集合的多个片段。 此外，该过程提供一个或多个指令以在存储介质上记录和加密该组内容的多个段。 此外，该过程向DRM组件提供多个内容规则集以被插入到与该组内容的加密相关联的本地生成和安全的内容许可中。 安全内容许可证包括主密钥和已经按照接收顺序接收的多个对应的内容规则集的列表。 该过程从DRM组件接收多个标记符号以便于特技模式回放。

公开(公告)号：WO2004060042A2

公开(公告)日：2004-07-22

申请号：PCT/US2003/041296

申请日：2003-12-29

Applicant: GENERAL INSTRUMENT CORPORATION

Inventor： PETERKA, Petr ,  MEDVINSKY, Alexander

IPC: H04L29/06

CPC classification number: H04L63/062 ,  H04L63/0807 ,  H04L63/0823 ,  H04L2463/101

Abstract: A digital rights management system (DRM) 100 for restricting and permitting content access in a digital content distribution network such as a network used to deliver television programming. The DRM uses distributed authentication and provisioning so that the potentially many different entities involved in the content distribution network can have localized management and control. Distributed authentication can use single or multiple instances of authentication services. A ticket granting service (TGS) 108 is used to allow clients to request services. In one approach, multiple authentication services use a common key that is known to the TGS 108. In another approach, unique keys are provided to each authentication service and these keys are communicated to the TGS. Distributed provisioning allows different entities to grant access rights or other resources. Provisioning service (PS) 120 processes can execute at multiple different physical locations. Synchronization among the different PSs 120 is provided by a managing entity or in a peer-to-peer transfer to help ensure the uniqueness of user IDs. New clients can make an initialization request from a key management system 122 via an appropriate protocol. The requests can be made from a single, dedicated authentication service 112, from an authentication service associated with a specific provisioning service, or from multiple authentication services in the network.

Abstract translation: 数字版权管理系统（DRM）100，用于限制和许可数字内容分发网络中的内容访问，例如用于传送电视节目的网络。 DRM使用分布式认证和配置，使得涉及内容分发网络的潜在许多不同实体可以具有本地化的管理和控制。 分布式身份验证可以使用单个或多个身份验证服务实例。 票务授予服务（TGS）108用于允许客户端请求服务。 在一种方法中，多个认证服务使用TGS 108已知的公共密钥。另一种方法是向每个认证服务提供唯一的密钥，并将这些密钥传送给TGS。 分布式配置允许不同的实体授予访问权限或其他资源。 供应服务（PS）120进程可以在多个不同的物理位置执行。 不同PS 120之间的同步由管理实体或对等传输提供，以帮助确保用户ID的唯一性。 新客户端可以通过适当的协议从密钥管理系统122进行初始化请求。 可以从单个专用认证服务112，从与特定供应服务相关联的认证服务或从网络中的多个认证服务进行请求。

公开(公告)号：WO2004006536A2

公开(公告)日：2004-01-15

申请号：PCT/US2003/021088

申请日：2003-07-08

Applicant: GENERAL INSTRUMENT CORPORATION

Inventor： MEDVINSKY, Alexander

IPC: H04L29/06

CPC classification number: H04L9/083 ,  H04L9/0866 ,  H04L9/0869 ,  H04L9/0897 ,  H04L63/0442 ,  H04L63/061 ,  H04L2209/56 ,  H04L2463/061

Abstract: A method and system for generating an electronic key used in an electronic transaction can be created by executing a one-way function on a host that derives the electronic key from a key seed saved in a on-volatile storage unit of the host and a unique host identification that is resident on the host. The function is preferably executed each time an electronic transaction requiring the use of the electronic key is made.

Abstract translation: 用于生成电子交易中使用的电子密钥的方法和系统可以通过在主机上执行单向函数来创建，该主机从保存在瞬变波形中的密钥种子中导出电子密钥 主机的存储单元和驻留在主机上的唯一主机标识。 每当需要使用电子钥匙的电子交易完成时，优选执行该功能。

公开(公告)号：WO2004002112A1

公开(公告)日：2003-12-31

申请号：PCT/US2003/020305

申请日：2003-06-25

Applicant: GENERAL INSTRUMENT CORPORATION

Inventor： MEDVINSKY, Alexander ,  PETERKA, Petr

IPC: H04L29/06

CPC classification number: H04L63/0457 ,  G06F21/10 ,  G06F21/602 ,  G06F21/606 ,  H04L29/06027 ,  H04L63/0407 ,  H04L63/062 ,  H04L63/0807 ,  H04L65/607 ,  H04L65/608

Abstract: A method for securely streaming real-time content from a caching server to an authorized client. The method includes the steps of encrypting an RTSP (real-time streaming protocol) message having a header and a payload, the RTSP message being encrypted in its entirety; and providing a first clear header for the encrypted RTSP message. Further, the method includes the steps of encrypting an RTCP (real-time control protocol) message having a header and a payload, the RTCP message being encrypted in its entirety; and providing a second clear header for the encrypted RTCP message. Thereafter, the encrypted RTSP message and the first clear header are transmitted, and the encrypted RTCP message and the second clear header are transmitted in order to securely stream the real-time content from the caching server to the authorized client.

Abstract translation: 一种将实时内容从缓存服务器安全地传输到授权客户端的方法。 该方法包括加密具有报头和有效载荷的RTSP（实时流协议）消息的步骤，该RTSP消息被整体加密; 并为加密的RTSP消息提供第一清除报头。 此外，该方法包括加密具有报头和有效载荷的RTCP（实时控制协议）消息的步骤，RTCP消息被整体加密; 并为加密的RTCP消息提供第二清除报头。 此后，发送加密的RTSP消息和第一清除报头，并且发送加密的RTCP消息和第二清除报头以便将实时内容从缓存服务器安全地传送到授权客户端。

公开(公告)号：WO2003101073A1

公开(公告)日：2003-12-04

申请号：PCT/US2003/003972

申请日：2003-02-06

Applicant: GENERAL INSTRUMENT CORPORATION

Inventor： MEDVINSKY, Alexander ,  PETERKA, Petr

IPC: H04L29/06

CPC classification number: H04L63/062 ,  H04L63/0428 ,  H04L63/0807 ,  H04L63/12

Abstract: In a client-server system employing protocols such as RTP (real-time protocol), RTCP (real-time control protocol) and RTSP (real-time streaming protocol) for communicating real-time data stream, a method for using the same security parameters to secure by encryption and/or authentication, communication of the real-time data stream. The method includes establishing two or more security parameters for securing communications during the streaming session; establishing a session identifier associated with the security parameters; transmitting, from client to server, an RTSP message for requesting the real-time data stream, the RTSP message being secured with the security parameters; establishing a streaming session for streaming an RTP message containing the real-time data, the RTP message being secured with the security parameters; transmitting, from client to server, an RTCP protocol message containing statistics relating to the streaming session, the RTCP message being secured with the security parameters, and exchanging any one or more additional RTSP, RTP and RTCP messages in any order, each message being secured with the security parameters which are identifiable with the session identifier.

Abstract translation: 在采用诸如RTP（实时协议），RTCP（实时控制协议）和用于传送实时数据流的RTSP（实时流传输协议）等协议的客户端 - 服务器系统中，使用相同安全性的方法 通过加密和/或认证来保护的参数，实时数据流的通信。 该方法包括建立用于在流媒体会话期间保护通信的两个或多个安全参数; 建立与所述安全参数相关联的会话标识符; 从客户端向服务器发送用于请求实时数据流的RTSP消息，所述RTSP消息由安全参数保护; 建立用于流式传输包含所述实时数据的RTP消息的流传输会话，所述RTP消息由所述安全参数保护; 从客户端向服务器发送包含与流传输会话有关的统计信息的RTCP协议消息，RTCP消息由安全参数保护，并以任何顺序交换任何一个或多个附加的RTSP，RTP和RTCP消息，每个消息被保护 具有可由会话标识符识别的安全参数。

公开(公告)号：WO2003067801A2

公开(公告)日：2003-08-14

申请号：PCT/US2003/000084

申请日：2003-01-02

Applicant: GENERAL INSTRUMENT CORPORATION

Inventor： MEDVINSKY, Alexander

IPC: H04L

CPC classification number: H04L63/0807 ,  H04L63/0428 ,  H04L63/062

Abstract: A method and system for providing a client (102) with a copy of the authorization data that can be accessed and used by the client. The method is well­suited to key management protocols that utilize the concept of tickets. Two copies of the authorization data, a client copy and a server copy, are included within and forwarded to the client where the client is requesting a ticket for a specific application server (106). The client is capable of accessing the client copy of the authorization data such that the client can verify requests, and determine authorization of use for content and/or services requested.

Abstract translation: 一种用于向客户端102提供可由客户机访问和使用的授权数据的副本的方法和系统。 该方法适用于利用票证概念的密钥管理协议。 授权数据的两个副本，客户端副本和服务器副本被包括在客户端中，并且转发给客户端请求特定应用服务器106的票据。客户端能够访问授权数据的客户端副本 使得客户端可以验证请求，并确定对所请求的内容和/或服务的使用授权。

公开(公告)号：WO2003063429A1

公开(公告)日：2003-07-31

申请号：PCT/US2003/002233

申请日：2003-01-24

Applicant: GENERAL INSTRUMENT CORPORATION

Inventor： MEDVINSKY, Alexander

IPC: H04L12/56

CPC classification number: H04L63/126 ,  H04L47/70 ,  H04L47/724 ,  H04L47/805 ,  H04L47/808 ,  H04L63/06

Abstract: A method and apparatus for providing authenticated quality of service reservation in a communication system (500). According to one embodiment of the invention a signaling controller (524) distributes keys for use by a first quality of service server (528) and a router (516) for establishing quality of service over a communication system.

Abstract translation: 一种用于在通信系统（500）中提供经认证的服务质量保留的方法和装置。 根据本发明的一个实施例，信令控制器（524）分配由第一服务质量服务器（528）和路由器（516）使用的密钥，用于通过通信系统建立服务质量。