公开(公告)号：WO2008063262A2

公开(公告)日：2008-05-29

申请号：PCT/US2007/019956

申请日：2007-09-14

Applicant: BROADON COMMUNICATIONS CORP. ,  SRINIVASAN, Pramila ,  PRINCEN, John ,  CHAN, Andy ,  MIELKE, Paul ,  WHEELER, Rob

Inventor： SRINIVASAN, Pramila ,  PRINCEN, John ,  CHAN, Andy ,  MIELKE, Paul ,  WHEELER, Rob

IPC: G11C16/22

CPC classification number: G06F21/79

Abstract: A technique for securing a flash memory block in a secure device system involves cryptographic techniques including the generation of a Message Authentication Code (MAC). The MAC may be generated each time a file is saved to one or more data blocks of a flash memory device and stored with the file's metadata and to each of the data blocks. A technique for reading and storing versioned files may be employed when applications utilize versioning.

Abstract translation: 用于将闪存块保护在安全设备系统中的技术涉及包括生成消息认证码（MAC）的密码技术。 每当将文件保存到闪存设备的一个或多个数据块并且与该文件的元数据一起存储并存储到每个数据块时，可以生成MAC。 当应用程序利用版本控制时，可以采用读取和存储版本化文件的技术。

公开(公告)号：WO2005057346A2

公开(公告)日：2005-06-23

申请号：PCT/US2004/040486

申请日：2004-12-02

Applicant: BROADON COMMUNICATIONS CORP.

Inventor： YEN, Wei ,  PRINCEN, John ,  LO, Raymond ,  SRINIVASAN, Pramila

IPC: G06F

CPC classification number: G06F21/10 ,  G06Q10/00 ,  H04L9/3226 ,  H04L9/3247 ,  H04L2209/603

Abstract: Delivery of licenses (142) in a closed distribution system including a playback device (120) and secure processor (110). The secure processor (110) allows only use of authorized content (131), and the playback device (120) is authorized to execute content (131). A user (150) requests a license (142) to selected content (131) using a communication link, without the playback device (120), outside the closed content system to a license server (140). The user (150) requests licenses (142) using SMS, sending small amounts of information, possibly including proofs of purchase. The server (140) responds using SMS, providing the user (150) with a code representing information interpretable as a license, such as an encrypted content key or a shared secret known to the user (150). The user (150), using a keypad or other device (122), inputs that code to the playback device (120), which determines if it authorizes use of the content (131). The playback device (120) authenticates the license (142), determining whether that license (142) authorizes the use (150) for the content (131), and enforces the licensed rights.

Abstract translation: 在包括回放设备（120）和安全处理器（110）的封闭分配系统中交付许可证（142）。 安全处理器（110）仅允许使用授权内容（131），并且重放设备（120）被授权执行内容（131）。 用户（150）使用通信链路在没有播放设备（120）的情况下向所述许可证服务器（140）在所述封闭的内容系统外部向所选择的内容（131）请求许可证（142）。 用户（150）使用SMS请求许可证（142），发送少量的信息，可能包括购买证明。 服务器（140）使用SMS进行响应，向用户（150）提供表示可被解释为许可证的信息的代码，诸如加密内容密钥或用户已知的共享秘密（150）。 用户（150）使用小键盘或其他设备（122）将该代码输入到播放设备（120），该播放设备确定是否授权使用内容（131）。 回放设备（120）认证许可证（142），确定该许可证（142）是否授权使用（150）内容（131），并强制执行许可的权限。

公开(公告)号：WO2009158337A2

公开(公告)日：2009-12-30

申请号：PCT/US2009/048259

申请日：2009-06-23

Applicant: BROADON COMMUNICATIONS CORP. ,  LO, Raymond ,  CHANG, Angel, Xuan ,  ONORATO, Steven, Jason

Inventor： LO, Raymond ,  CHANG, Angel, Xuan ,  ONORATO, Steven, Jason

IPC: G06N5/02 ,  G06F15/16 ,  H04L9/32

CPC classification number: H04L67/104

Abstract: Improving connectivity in a peer-to-peer (P2P) network involves packet forwarding by infrastructure or peers. A system can achieve full connectivity and a setup for transactions that takes a fraction of a second. The system can include a routing table that is initially configured so that packets to peers are routed via the infrastructure. NAT traversal heuristics can be employed to establish direct connections between peers in parallel with packet forwarding in accordance with the routing table. When a direct connection is ready, the routing table can be updated so that packets are sent P2P. If a direct connection cannot be made, the routing table can be updated so that the packets are sent through a peer intermediary without going through the infrastructure.

Abstract translation: 提高对等（P2P）网络中的连通性涉及基础设施或对等体的数据包转发。 系统可以实现完全连接和一个需要几分之一秒的事务的设置。 系统可以包括最初配置的路由表，使得到对等体的分组经由基础设施路由。 可以采用NAT穿越启发式方法，根据路由表，与对等体并发发送直接连接。 当直接连接准备就绪时，可以更新路由表，使数据包发送到P2P。 如果不能进行直接连接，则可以更新路由表，以便通过对等中介发送数据包，而无需通过基础架构。

公开(公告)号：WO2008057156A2

公开(公告)日：2008-05-15

申请号：PCT/US2007/020074

申请日：2007-09-13

Applicant: BROADON COMMUNICATIONS CORP. ,  SRINIVASAN, Pramila ,  PRINCEN, John

Inventor： SRINIVASAN, Pramila ,  PRINCEN, John

IPC: G06F21/24

CPC classification number: G06F21/72 ,  G06F21/33 ,  G06F21/71 ,  G06F21/73 ,  H04L9/0869 ,  H04L9/3066 ,  H04L9/3213 ,  H04L9/3263 ,  H04L2209/603

Abstract: An improved secure programming technique involves reducing the size of bits programmed in on-chip secret non-volatile memory, at the same time enabling the typical secure applications supported by secure devices. A technique for secure programming involves decoupling chip manufacture from the later process of connecting to ticket servers to obtain tickets. A method according to the technique may involve sending a (manufacturing) server signed certificate from the device prior to any communication to receive tickets. A device according to the technique may include chip-internal non-volatile memory to store the certificate along with the private key, in the manufacturing process.

Abstract translation: 改进的安全编程技术涉及减小在片上秘密非易失性存储器中编程的位的大小，同时启用由安全设备支持的典型安全应用。 一种用于安全编程的技术涉及将芯片制造与后来连接到票务服务器以获得票据的过程分离。 根据该技术的方法可以涉及在任何通信之前从设备发送（制造）服务器签名证书以接收票据。 根据该技术的设备可以包括芯片内部非易失性存储器以在制造过程中将证书与私钥一起存储。

公开(公告)号：WO2007130554A2

公开(公告)日：2007-11-15

申请号：PCT/US2007/010797

申请日：2007-05-02

Applicant: BROADON COMMUNICATIONS CORP. ,  YEN, Wei ,  SRINIVASAN, Pramila ,  PRINCEN, John ,  LO, Raymond ,  HO, Wilson

Inventor： YEN, Wei ,  SRINIVASAN, Pramila ,  PRINCEN, John ,  LO, Raymond ,  HO, Wilson

IPC: H04K1/04

CPC classification number: G06F21/128 ,  A63F13/35 ,  A63F13/71 ,  A63F13/79 ,  G06F21/10 ,  G06F2221/0711 ,  H04L9/3236 ,  H04L9/3247 ,  H04L63/0428 ,  H04L63/104 ,  H04L63/123 ,  H04L2209/56 ,  H04L2209/60 ,  H04L2463/101

Abstract: A technique for content management involves storing runtime state of content externally. A system created according to the technique may include a state server that receives runtime state of content from a playback device, and provides the runtime state to that or another playback device upon request. A playback device constructed according to the technique may include a content state recovery engine for recovering runtime state that was previously stored externally to the playback device. A method according to the technique may include generating the runtime state locally, storing the runtime state externally, and re-acquiring the runtime state.

Abstract translation: 一种用于内容管理的技术涉及从外部存储内容的运行时状态。 根据技术创建的系统可以包括状态服务器，其从播放设备接收内容的运行时状态，并且根据请求将该运行时状态提供给该或另一播放设备。 根据该技术构造的重放设备可以包括用于恢复先前存储在播放设备外部的运行时状态的内容状态恢复引擎。 根据该技术的方法可以包括本地生成运行时状态，在外部存储运行时状态，并重新获取运行时状态。

公开(公告)号：WO2004072787A2

公开(公告)日：2004-08-26

申请号：PCT/US2004/003413

申请日：2004-02-06

Applicant: BROADON COMMUNICATIONS CORP.

Inventor： SRINIVASAN, Pramila ,  PRINCEN, John ,  BERNDT, Frank ,  BLYTHE, David ,  SAPERSTEIN, William ,  YEN, Wei

IPC: G06F

CPC classification number: G06F21/71 ,  G06F21/10 ,  G06F21/51 ,  G06F21/52 ,  G06F21/73 ,  G06F21/74

Abstract: A secure processor assuring application software is executed securely, and assuring only authorized software is executed, monitored modes and secure modes of operation. The former executes application software transparently to that software. The latter verifies execution of the application software is authorized, performs any extraordinary services required by the application software, and verifies the processor has obtained rights to execute the content. The secure processor (1) appears hardware-identical to an ordinary processor, with the effect that application software written for ordinary processors can be executed on the secure processor without substantial change, (2) needs only a minimal degree of additional hardware over and above those portions appearing hardware-identical to an ordinary processor. The secure processor operates without substantial reduction, in speed or other resources available to the application software. Functions operating in secure mode might reside in an on-chip non-volatile memory, or might be loaded from external storage with authentication.

Abstract translation: 确保应用软件的安全处理器被安全地执行，并且仅确保授权的软件被执行，监视模式和安全的操作模式。 前者对该软件透明地执行应用软件。 后者验证应用软件的执行是否被授权，执行应用软件所需的任何非凡服务，并验证处理器是否已获得执行内容的权限。 安全处理器（1）看起来与普通处理器硬件相同，其结果是可以在安全处理器上执行为普通处理器编写的应用软件，而无需实质性的改变，（2）仅需要最小程度的附加硬件 这些部分出现与普通处理器相同的硬件。 安全处理器在实质上减少，速度或可用于应用软件的其他资源的情况下运行。 以安全模式运行的功能可能驻留在片上非易失性存储器中，或者可以通过认证从外部存储器加载。

公开(公告)号：WO2008048403A2

公开(公告)日：2008-04-24

申请号：PCT/US2007/019862

申请日：2007-09-12

Applicant: BROADON COMMUNICATIONS CORP. ,  PRINCEN, John ,  SRINIVASAN, Pramila ,  ANDERSON, Craig

Inventor： PRINCEN, John ,  SRINIVASAN, Pramila ,  ANDERSON, Craig

IPC: H04L9/00 ,  G06F12/14 ,  H04L9/32 ,  G06F11/30

CPC classification number: H04L9/3236 ,  G06F21/10 ,  G11B20/00086 ,  G11B20/0021 ,  G11B20/00333 ,  G11B20/00507 ,  H04L9/0897 ,  H04L9/3213 ,  H04L9/3265 ,  H04L2209/38 ,  H04L2209/605

Abstract: A technique for security and authentication on block-based media includes involves the use of protected keys, providing authentication and encryption primitives. A system according to the technique may include a secure device having a security kernel with protected keys. A disk drive security mechanism may support authentication of data, secrecy, and ticket validation using the security kernel and, for example, a ticket services module (e.g., a shared service that may or may not be used by other storage devices like flash).

Abstract translation: 基于块的媒体上的安全和认证技术包括使用受保护的密钥，提供认证和加密原语。 根据该技术的系统可以包括具有带有受保护密钥的安全内核的安全设备。 磁盘驱动器安全机制可以支持使用安全内核以及例如票务服务模块（例如，可以或不可以由诸如闪存的其他存储设备使用的共享服务）来验证数据，保密和票证验证。

公开(公告)号：WO2008039246A2

公开(公告)日：2008-04-03

申请号：PCT/US2007/010601

申请日：2007-05-01

Applicant: BROADON COMMUNICATIONS CORP. ,  YEN, Wei ,  PRINCEN, John ,  LO, Raymond ,  HO, Wilson

Inventor： YEN, Wei ,  PRINCEN, John ,  LO, Raymond ,  HO, Wilson

IPC: G06Q99/00

CPC classification number: G06F21/10

Abstract: A technique for DRM translation involves converting first digital content into second digital content. An example of a system according to the technique includes a server that provides a first digital content unit coded with a first digital format and use- right protected by first digital rights management (DRM). The system further includes a translator capable of converting the first digital content unit into a second digital content unit coded with a second digital format and use-right protected by second DRM.

Abstract translation: 用于DRM​​翻译的技术涉及将第一数字内容转换为第二数字内容。 根据该技术的系统的示例包括提供以第一数字格式编码的第一数字内容单元和由第一数字版权管理（DRM）保护的使用权的服务器。 该系统还包括能够将第一数字内容单元转换成用第二数字格式编码的第二数字内容单元和由第二DRM保护的使用权的转换器。

公开(公告)号：WO2005045644A2

公开(公告)日：2005-05-19

申请号：PCT/US2004/037050

申请日：2004-11-05

Applicant: BROADON COMMUNICATIONS CORP.

Inventor： YEN, Wei ,  BLYTHE, David ,  PRINCEN, John ,  SRINIVASAN, Pramila

IPC: G06F

CPC classification number: G06F21/71 ,  G06F21/10 ,  G06F21/51 ,  G06F21/52 ,  G06F21/73 ,  G06F21/74 ,  G06F2221/0773 ,  Y10S707/99939

Abstract: Dynamic assignment of rights to content 112, such as in a closed distribution system 110. Noting state information generated by an item of current content, and modifying state or rights of new content in response. Pre-loading or dynamically sending new content to the owner of the current content, with rights being enabled only at a later time, in the playback device 130, with predetermined conditions. In response to current state information, dynamically sending a license 142 for new content from a server 140. Conditional or dynamic licenses to new content, including a set of rights associated with a class of possible sets of state information. Assignment of limited rights to a content, with support in a secure player to enforce them; for purposes of rental, bonus content, trials and other business models.

Abstract translation: 动态分配内容112的权限，例如在封闭的分配系统110中。记录由当前内容的项目产生的状态信息，以及响应地修改新内容的状态或权限。 在预定条件下，在回放设备130中预加载或动态地将新内容发送给当前内容的所有者，并且权限仅在稍后时间被启用。 响应于当前状态信息，从服务器140动态地发送用于新内容的许可证142.对新内容的条件或动态许可证，包括与一组可能的状态信息集相关联的一组权利。 对内容赋予有限的权利，在安全的玩家的支持下执行; 用于出租，奖金内容，试用和其他商业模式。