公开(公告)号：WO2009149019A2

公开(公告)日：2009-12-10

申请号：PCT/US2009/045857

申请日：2009-06-01

Applicant: MICROSOFT CORPORATION

Inventor： SCHNELL, Patrik ,  ALKOVE, James, M.

IPC: G06F21/24 ,  G06Q50/00

CPC classification number: G06F21/10 ,  G06F2221/0706

Abstract: In accordance with one or more aspects, a first device receives a digital certificate of a second device. The first device generates a digitally signed temporary domain join request and sends the request to a domain controller. The domain controller generates, for the first device, a temporary domain certificate allowing the first device to temporarily consume content bound to the domain. The temporary domain certificate is sent to the first device, allowing the first device to temporarily consume content bound to the domain.

Abstract translation: 根据一个或多个方面，第一设备接收第二设备的数字证书。 第一个设备生成数字签名的临时域加入请求，并将请求发送到域控制器。 域控制器为第一个设备生成临时域证书，允许第一个设备暂时消耗绑定到域的内容。 临时域证书被发送到第一个设备，允许第一个设备暂时消耗绑定到该域的内容。

公开(公告)号：WO2008147827A2

公开(公告)日：2008-12-04

申请号：PCT/US2008/064441

申请日：2008-05-22

Applicant: MICROSOFT CORPORATION

Inventor： DUBHASHI, Kedarnath A. ,  ALKOVE, James, M. ,  SCHNELL, Patrik ,  GRIGOROVITCH, Alexandre, V. ,  MANGALORE, Vikram

IPC: H04L9/00 ,  H04L9/32

CPC classification number: H04L9/0825 ,  G06F21/10 ,  G06F2221/0711 ,  H04L9/0816 ,  H04L9/0838 ,  H04L9/3268 ,  H04L9/3271 ,  H04L2209/603

Abstract: Systems, methods, and/or techniques ("tools") for binding content licenses to portable storage devices are described. In connection with binding the content licenses to the portable storage devices ("stores"), a host may perform authentication protocols that include generating a nonce, sending the nonce to a store, and receiving a session key from the store, with the session key being generated using the nonce. The store may perform authentication protocols that include receiving the nonce from the host, generating a random session key based on the nonce, and sending the session key to the host.

Abstract translation: 描述用于将内容许可证绑定到便携式存储设备的系统，方法和/或技术（“工具”）。 关于将内容许可证绑定到便携式存储设备（“存储”），主机可以执行认证协议，其包括生成随机数，向存储发送随机数，以及从存储接收会话密钥与会话密钥 使用随机数生成。 商店可以执行包括从主机接收随机数的认证协议，基于随机数生成随机会话密钥，并将会话密钥发送到主机。

公开(公告)号：WO2005112333A1

公开(公告)日：2005-11-24

申请号：PCT/US2004/023606

申请日：2004-07-22

Applicant: MICROSOFT CORPORATION ,  ALKOVE, James, M. ,  DEBIQUE, Kirt, A. ,  GRIGOROVITCH, Alexandre, V. ,  POWELL, William, C. ,  MCKUNE, Jeffrey, Richard

Inventor： ALKOVE, James, M. ,  DEBIQUE, Kirt, A. ,  GRIGOROVITCH, Alexandre, V. ,  POWELL, William, C. ,  MCKUNE, Jeffrey, Richard

IPC: H04L9/00

CPC classification number: G06F21/10 ,  G06F21/53 ,  G06F21/6209

Abstract: The described embodiments relate to data security. One exemplary system includes a first component (126) associated with data on which an action can be performed and a second component (124) configured to perform the action on the data. The system also includes a third component (120) configured to ascertain the action and determine, as a function of the action, at least one policy to be implemented prior to allowing the second component (124) to access the data.

Abstract translation: 所描述的实施例涉及数据安全性。 一个示例性系统包括与可以在其上执行动作的数据相关联的第一组件（126）和被配置为对数据执行动作的第二组件（124）。 该系统还包括配置成确定动作的第三组件（120），并且根据该动作确定在允许第二组件（124）访问数据之前要实现的至少一个策略。

公开(公告)号：WO2009088611A3

公开(公告)日：2009-07-16

申请号：PCT/US2008/085896

申请日：2008-12-08

Applicant: MICROSOFT CORPORATION

Inventor： ALKOVE, James, M. ,  KNOWLTON, Chadd, B.

IPC: G06F17/00 ,  G06Q50/00

Abstract: This document describes tools capable of managing digital content from multiple content providers based on a user's identity. By so doing, the tools may free people from the limitations of their storage media and devices. The tools may perform these and other actions through an indirect relationship with users, such as when third-party content providers use the tools but provide their own direct interface with users.

公开(公告)号：WO2006115533A2

公开(公告)日：2006-11-02

申请号：PCT/US2005/030490

申请日：2005-08-26

Applicant: MICROSOFT CORPORATION

Inventor： BARDE, Sumedh, N. ,  SCHWARTZ, Jonathan, D. ,  KUHN, Reid, Joseph ,  GRIGOROVITCH, Alexandre, Vicktorovich ,  DEBIQUE, Kirt, A. ,  KNOWLTON, Chadd, B. ,  ALKOVE, James, M. ,  DUNBAR, Geoffrey, T. ,  GRIER, Michael, J. ,  MA, Ming ,  UPADHYAY, Chaitanya, D. ,  SHERWANI, Adil, Ahmed ,  KISHAN, Arun, Upadhyaya

IPC: H04L9/00

CPC classification number: G06F21/10 ,  G06F21/57 ,  G06F2221/0735 ,  H04L9/3247 ,  H04L9/3263 ,  H04L2209/603

Abstract: A method of establishing a protected environment within a computing device including validating a kernel component loaded into a kernel of the computing device, establishing a security state for the kernel based on the validation, creating a secure process and loading a software component into the secure process, periodically checking the security state of the kernel, and notifying the secure process when the security state of the kernel has changed.

Abstract translation: 一种在计算设备内建立受保护环境的方法，包括验证加载到计算设备的内核中的内核组件，基于验证建立内核的安全状态，创建安全过程并将软件组件加载到安全过程中 定期检查内核的安全状态，并在内核的安全状态发生变化时通知安全进程。

公开(公告)号：WO2010098910A2

公开(公告)日：2010-09-02

申请号：PCT/US2010/021563

申请日：2010-01-21

Applicant: MICROSOFT CORPORATION

Inventor： RAY, Kenneth, D. ,  ALKOVE, James, M. ,  MCMICHAEL, Lonny, Dean ,  LEWIS, Nathan, T. ,  SCHNELL, Patrik

IPC: G06Q50/00

CPC classification number: G06F21/57 ,  A63F13/73 ,  A63F13/75 ,  G06F21/51 ,  G06F21/575 ,  G06F2221/2149 ,  G09C1/00 ,  H04L9/3234 ,  H04L9/3239 ,  H04L9/3271

Abstract: An anti-cheating system may comprise a combination of a modified environment, such as a modified operating system, in conjunction with a trusted external entity to verify that the modified environment is running on a particular device. The modified environment may be may be modified in a particular manner to create a restricted environment as compared with an original environment which is replaced by the modified environment. The modifications to the modified environment may comprise alternations to the original environment to, for example, detect and/or prevent changes to the hardware and/or software intended to allow cheating or undesirable user behavior.

Abstract translation: 防欺骗系统可以包括经修改的环境（诸如经修改的操作系统）与可信外部实体的组合，以验证修改后的环境是否在特定设备上运行。 修改后的环境可以以特定方式修改，以便与被修改的环境替换的原始环境相比创建受限环境。 对修改的环境的修改可以包括对原始环境的改变，以便例如检测和/或防止旨在允许作弊或不期望的用户行为的硬件和/或软件的改变。

公开(公告)号：WO2007022039A1

公开(公告)日：2007-02-22

申请号：PCT/US2006/031557

申请日：2006-08-10

Applicant: MICROSOFT CORPORATION

Inventor： ALKOVE, James, M. ,  RENERIS, Ken

IPC: G06F17/00

CPC classification number: H04L9/3263 ,  G06F21/10 ,  H04L63/0428 ,  H04L63/101 ,  H04L2209/603 ,  H04L2463/101

Abstract: Systems and/or methods ("tools") are described that enable encrypted media files to be sent without revocation lists while permitting the encrypted media files to be passed to trusted entities. The tools may also ensure continuation of protection when media files are passed between different protection systems.

Abstract translation: 描述了使允许加密的媒体文件被传送到受信任的实体的系统和/或方法（“工具”），而不需要撤消列表而发送加密的媒体文件。 当媒体文件在不同的保护系统之间通过时，工具还可以确保继续保护。

公开(公告)号：WO2005045704A1

公开(公告)日：2005-05-19

申请号：PCT/US2004/024065

申请日：2004-07-28

Applicant: MICROSOFT CORPORATION

Inventor： KLEMETS, Anders, E. ,  OLIVEIRA, Eduardo, P. ,  ALKOVE, James, M.

IPC: G06F17/30

CPC classification number: H04L65/608 ,  H04L29/06027

Abstract: Embedded within at least some Real-Time Control Protocol (RTCP) messages sent from a media content source to a recipient is a session description message (186) that describes a media presentation (186) being streamed to the recipient (102). The session description message (186) can be associated, for example, with one of a plurality of pieces of media content in a play list of media content (186) being streamed from the device (104) to the recipient (102). In accordance with certain aspects, an RTCP message that embeds a session description message (186) includes at least three fields: a first field containing data identifying the RTCP message as being a type that embeds a session description message (186); a second field containing data that is the session description message (186) for a media presentation; and a third field containing data identifying a length of the RTCP message, generated by summing the length of the first, second, and third fields.

Abstract translation: 将从媒体内容源发送到接收者的至少一些实时控制协议（RTCP）消息中嵌入的会话描述消息（186）描述流式传输到接收者（102）的媒体呈现（186）。 会话描述消息（186）可以例如与从设备（104）流向接收者（102）的媒体内容（186）的播放列表中的多个媒体内容之一相关联。 根据某些方面，嵌入会话描述消息（186）的RTCP消息包括至少三个字段：包含标识RTCP消息的数据的第一字段是嵌入会话描述消息（186）的类型; 包含作为媒体呈现的会话描述消息（186）的数据的第二字段; 以及第三字段，其包含标识通过对第一，第二和第三字段的长度求和而生成的RTCP消息的长度的数据。

公开(公告)号：WO2005045583A2

公开(公告)日：2005-05-19

申请号：PCT/US2004/024529

申请日：2004-07-29

Applicant: MICROSOFT CORPORATION ,  ALKOVE, James, M. ,  KWOLTON, Chadd ,  DUNBAR, Geoffrey

Inventor： ALKOVE, James, M. ,  KWOLTON, Chadd ,  DUNBAR, Geoffrey

IPC: G06F

CPC classification number: H04L63/102 ,  G06F21/10 ,  G06F21/57 ,  G06F2221/2141

Abstract: A computing device has instantiated thereon a protected media path for delivering content from a source to a sink. In the protected media path, a media base provides a protected environment in the computing device and includes a common infrastructure of core components effectuating processing of content from any particular source and delivering the processed content to any particular sink, and also includes a policy engine enforcing policy on behalf of the source. The policy corresponds to the content from the source and includes rules and requirements for accessing and rendering the content, whereby the media base allows content to flow through the computing device in a protected fashion, and allows for arbitrary processing of the protected content in the computing device.

Abstract translation: 计算设备已经在其上实例化了用于将内容从源传送到宿的受保护媒体路径。 在受保护的媒体路径中，媒体基础在计算设备中提供受保护的环境，并且包括核心组件的公共基础设施，从而实现来自任何特定源的内容的处理，并将处理后的内容传送到任何特定的接收器，并且还包括执行策略引擎 政策代表来源。 该策略对应于来自源的内容，并且包括用于访问和呈现内容的规则和要求，由此媒体库允许内容以受保护的方式流过计算设备，并且允许对计算中的受保护内容进行任意处理 设备。

公开(公告)号：WO2005045581A2

公开(公告)日：2005-05-19

申请号：PCT/US2004/024433

申请日：2004-07-29

Applicant: MICROSOFT CORPORATION ,  DUNBAR, Geoffrey ,  CHU, Chengyun ,  ALKOVE, James, M.

Inventor： DUNBAR, Geoffrey ,  CHU, Chengyun ,  ALKOVE, James, M.

IPC: G06F

CPC classification number: H04L63/102 ,  G06F21/10 ,  G06F2221/0797 ,  G06F2221/2115 ,  H04L63/0823

Abstract: In a protected media path for delivering content from a source to a sink, a source authority (SOTA) on behalf of the source decides with regard to a policy corresponding to the content that a particular type of action with the content is to be refused, and provides a particular enabler to an application. The provided enabler includes information and methods necessary for the application to obtain data necessary to respond to the refusal. The application receives the enabler at an interface thereof and the interface applies a common interaction procedure to run the enabler to obtain the data necessary to respond to the refusal.

Abstract translation: 在用于将内容从源传送到接收器的受保护的媒体路径中，代表源的源代理（SOTA）关于与内容相对应的策略来决定将拒绝具有内容的特定类型的动作， 并为应用程序提供了特定的启用器。 提供的使能者包括应用程序获取必要的数据和方法来获取拒绝所需的数据。 应用程序在其接口处接收到启动器，并且接口应用通用交互过程来运行使能器以获得响应拒绝所需的数据。