公开(公告)号：WO2017223000A1

公开(公告)日：2017-12-28

申请号：PCT/US2017/038185

申请日：2017-06-19

Applicant: CISCO TECHNOLOGY, INC.

Inventor： WOOD, Christopher A.

IPC: G06F7/76 ,  H04L9/06 ,  H04L9/14

CPC classification number: H04L63/0428 ,  G06F7/766 ,  H04L9/06 ,  H04L9/0618 ,  H04L9/14 ,  H04L2209/34 ,  H04L2209/60 ,  H04L2209/64

Abstract: One embodiment provides a system that facilitates encryption of manifest content based on permutation. During operation, the system partitions, by a computer system, a collection of data into a first set of content objects, wherein a content object is a chunk comprised of a plurality of bytes. The system performs a first permutation function on the first set of content objects to obtain a first set of permuted content objects. The system creates a manifest based on the permuted content objects, wherein a manifest is a content object which indicates a second set of content objects, wherein a respective content object of the second set is a data object or another manifest. The system encodes the first permutation function and the permuted content objects in the manifest, thereby facilitating an authorized entity that receives the manifest to reassemble the manifest contents based on the permutation function.

Abstract translation: 一个实施例提供了一种有助于基于置换对清单内容进行加密的系统。 在操作期间，系统通过计算机系统将数据集合分割成第一组内容对象，其中内容对象是由多个字节组成的组块。 系统对第一组内容对象执行第一置换功能以获得第一组置换内容对象。 系统基于置换的内容对象创建清单，其中清单是指示第二组内容对象的内容对象，其中第二组的相应内容对象是数据对象或另一清单。 系统对清单中的第一置换函数和置换后的内容对象进行编码，从而便于接收清单的授权实体根据置换函数重新组装清单内容。

公开(公告)号：WO2015163967A3

公开(公告)日：2015-12-23

申请号：PCT/US2015014471

申请日：2015-02-04

Applicant: EXPONENTIAL HORIZONS

Inventor： HOSELEY RANTZ ,  KLOOR HARRY THOMAS

IPC: G06F21/00

CPC classification number: H04L9/3263 ,  G06F21/10 ,  G06F21/335 ,  H04L9/0822 ,  H04L9/0866 ,  H04L2209/60

Abstract: A computer-implemented method and related system controls access to protected content with certificate-based access authorization. Protected content stored in a memory of a computer is enciphered using a content key to produce a quantity of enciphered, protected content, wherein the content key is derived from a content encryption algorithm. A user key is derived from user credentials using a credential encryption algorithm. The content key is enciphered with the user key using a content key encryption algorithm to produce a certificate, wherein the certificate contains the enciphered content key. Access to the protected content is controlled by the user credentials and the certificate containing a second enciphered content key. A decryption user key is generated and access authorization to the protected content is determined based on the decryption user key in response to a match of the decryption user key with the user key.

Abstract translation: 计算机实现的方法和相关系统利用基于证书的访问授权来控制对受保护内容的访问。 存储在计算机的存储器中的受保护内容使用内容密钥加密以产生一定数量的加密的受保护内容，其中内容密钥是从内容加密算法导出的。 用户密钥是使用凭证加密算法从用户凭证导出的。 内容密钥用用户密钥使用内容密钥加密算法加密以产生证书，其中证书包含加密的内容密钥。 访问受保护的内容由用户凭证和包含第二个加密内容密钥的证书控制。 生成解密用户密钥，并且响应于解密用户密钥与用户密钥的匹配，基于解密用户密钥确定对受保护内容的访问授权。

公开(公告)号：WO2015143235A3

公开(公告)日：2015-11-19

申请号：PCT/US2015021595

申请日：2015-03-19

Applicant: BLUEFIN PAYMENT SYSTEMS LLC

Inventor： BARNETT TIMOTHY WILLIAM ,  KASATKIN ALEXANDER I ,  MIYATA CHRISTOPHER HOZUMI ,  RUEHLE DANIEL

IPC: H04L29/06

CPC classification number: G06Q20/3823 ,  G06F21/602 ,  G06F21/77 ,  G06Q10/00 ,  G06Q20/20 ,  G06Q20/382 ,  G06Q20/409 ,  G06Q2220/00 ,  G06Q2220/10 ,  H04L9/0861 ,  H04L9/0877 ,  H04L63/0428 ,  H04L63/12 ,  H04L2209/24 ,  H04L2209/60

Abstract: Systems and methods for decryption of payloads are disclosed herein. In various embodiments, systems and methods herein are configured for decrypting thousands of transactions per second. Further, in particular embodiments, the systems and methods herein are scalable, such that many thousands of transactions can be processed per second upon replicating particular architectural components.

Abstract translation: 这里公开了用于解密有效载荷的系统和方法。 在各种实施例中，这里的系统和方法被配置用于每秒解密数千次事务。 此外，在特定实施例中，本文的系统和方法是可缩放的，使得可以在复制特定架构组件时每秒处理数千个事务。

公开(公告)号：WO2015020910A3

公开(公告)日：2015-11-12

申请号：PCT/US2014049477

申请日：2014-08-01

Applicant: RISOFTDEV INC

Inventor： GILBERT VINCENT LOGAN

IPC: H04L9/12 ,  G06F21/00

CPC classification number: G06F15/167 ,  G06F21/10 ,  G06F2221/0713 ,  G06F2221/0733 ,  G06F2221/0788 ,  H04L9/083 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/083 ,  H04L63/108 ,  H04L67/06 ,  H04L2209/60

Abstract: A system and associated methods for managing digital content in an extensible media format ("EMF") are disclosed. In at least one embodiment, an initial request server is located in memory on a computing device and configured for receiving and processing content requests from an at least one client device in the possession of a user. A content server is also located in memory on a computing device and is configured for storing and selectively distributing the content. The content server stores the content in an at least one EMF file, each EMF file comprising a frame page containing a frame page identifier and an at least one frame; each frame containing at least a portion of the content along with a frame identifier. Upon the initial request server receiving a content request from the user via the associated client device, the content server transmits the associated EMF files.

Abstract translation: 公开了一种用于以可扩展媒体格式（“EMF”）管理数字内容的系统和相关方法。 在至少一个实施例中，初始请求服务器位于计算设备上的存储器中，并且被配置为接收和处理来自用户拥有的至少一个客户端设备的内容请求。 内容服务器还位于计算设备上的存储器中，并且被配置为存储和选择性地分发内容。 内容服务器将内容存储在至少一个EMF文件中，每个EMF文件包括包含帧页标识符和至少一个帧的帧页; 每个帧包含内容的至少一部分以及帧标识符。 当初始请求服务器经由相关联的客户端设备从用户接收到内容请求时，内容服务器发送关联的EMF文件。

公开(公告)号：WO2015020910A2

公开(公告)日：2015-02-12

申请号：PCT/US2014/049477

申请日：2014-08-01

Applicant: RISOFTDEV, INC.

Inventor： GILBERT, Vincent, Logan

IPC: H04L9/12

CPC classification number: G06F15/167 ,  G06F21/10 ,  G06F2221/0713 ,  G06F2221/0733 ,  G06F2221/0788 ,  H04L9/083 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/083 ,  H04L63/108 ,  H04L67/06 ,  H04L2209/60

Abstract: A system and associated methods for managing digital content in an extensible media format ("EMF") are disclosed. In at least one embodiment, an initial request server is located in memory on a computing device and configured for receiving and processing content requests from an at least one client device in the possession of a user. A content server is also located in memory on a computing device and is configured for storing and selectively distributing the content. The content server stores the content in an at least one EMF file, each EMF file comprising a frame page containing a frame page identifier and an at least one frame; each frame containing at least a portion of the content along with a frame identifier. Upon the initial request server receiving a content request from the user via the associated client device, the content server transmits the associated EMF files.

Abstract translation: 公开了用于管理可扩展媒体格式（“EMF”）中的数字内容的系统和相关方法。 在至少一个实施例中，初始请求服务器位于计算设备上的存储器中，并被配置用于接收和处理来自用户拥有的至少一个客户端设备的内容请求。 内容服务器也位于计算设备上的存储器中，并被配置为存储和选择性地分发内容。 内容服务器将内容存储在至少一个EMF文件中，每个EMF文件包括包含帧页面标识符和至少一个帧的帧页面; 每个帧至少包含内容的一部分以及帧标识符。 在初始请求服务器通过相关联的客户端设备从用户接收内容请求时，内容服务器传送相关联的EMF文件。

公开(公告)号：WO2014205450A2

公开(公告)日：2014-12-24

申请号：PCT/US2014043728

申请日：2014-06-23

Applicant: GEN INSTRUMENT CORP

Inventor： MORONEY PAUL ,  MANGALORE GEETHA ,  FRANKS WILLIAM P

IPC: H04N21/845

CPC classification number: H04N21/64715 ,  H04L9/0861 ,  H04L63/00 ,  H04L63/061 ,  H04L63/123 ,  H04L65/1026 ,  H04L65/608 ,  H04L65/80 ,  H04L69/16 ,  H04L2209/20 ,  H04L2209/60 ,  H04N7/1675 ,  H04N7/17318 ,  H04N21/23439 ,  H04N21/2351 ,  H04N21/2381 ,  H04N21/26258 ,  H04N21/26613 ,  H04N21/4126 ,  H04N21/4181 ,  H04N21/433 ,  H04N21/435 ,  H04N21/4363 ,  H04N21/440218 ,  H04N21/4408 ,  H04N21/47217 ,  H04N21/4825 ,  H04N21/6118 ,  H04N21/6131 ,  H04N21/64322 ,  H04N21/6587 ,  H04N21/8355 ,  H04N21/8456

Abstract: A method for DTCP to HLS conversion is provided that starts with a standard DTCP Protected Content Packet (PCP) structure. The PCP payload data is chunked at defined chunk boundaries. Each chunk is then appended with a pad to be compatible with HLS. An HLS playlist is then provided using the PCP header with identification of the chunks and a keytag. The chunk is encrypted with a DTCP key calculated by the DTCP standard using: (a) copy control bits; (b) a nonce, and (c) an exchange key ID. Relevant PCP header fields are provided in the keytag for the HLS playlist supporting the transaction that enables calculation of the DTCP content key to enable later decryption of the chunks. The system further provides a revised HLS GET for DLNA to enable trick play seek operations to be performed on the converted HLS.

Abstract translation: 提供了一种以标准DTCP保护内容分组（PCP）结构为起点的DTCP到HLS转换的方法。 PCP有效载荷数据在定义的块边界处分块。 然后每个块都附加一个与HLS兼容的焊盘。 然后使用具有块的标识和密钥标签的PCP头提供HLS播放列表。 使用以下方式由DTCP标准计算的DTCP密钥对该块进行加密：（a）复制控制位; （b）随机数，和（c）交换密钥ID。 在支持该事务的HLS播放列表的密钥标签中提供相关的PCP头字段，该消息能够计算DTCP内容密钥以便稍后解密该块。 该系统进一步提供用于DLNA的经修订的HLS GET，以便在转换的HLS上执行特技播放搜索操作。

公开(公告)号：WO2014196963A1

公开(公告)日：2014-12-11

申请号：PCT/US2013/044112

申请日：2013-06-04

Applicant: INTEL CORPORATION ,  LAL, Reshma ,  ZMUDZINSKI, Krystof, C. ,  PAPPACHAN, Pradeep, M. ,  SHELLER, Micah, J.

Inventor： LAL, Reshma ,  ZMUDZINSKI, Krystof, C. ,  PAPPACHAN, Pradeep, M. ,  SHELLER, Micah, J.

IPC: H04L9/00

CPC classification number: H04L63/0428 ,  H04L9/14 ,  H04L9/3223 ,  H04L63/062 ,  H04L63/08 ,  H04L2209/60

Abstract: The present disclosure is directed to an end-to-end secure communication system wherein, in addition to encrypting transmissions between clients, communication-related operations occurring within each client may also be secured. Each client may comprise a secure processing environment to process encrypted communication information received from other clients and locally-captured media information for transmission to other clients. The secure processing environment may include resources to decrypt received encrypted communication information and to process the communication information into media information for presentation by the client. The secure processing environment may also operate in reverse to provide locally recorded audio, image, video, etc. to other clients. Encryption protocols may be employed at various stages of information processing in the client to help ensure that information being transferred between the processing resources cannot be read, copied, altered, etc. In one example implementation, a server may manage interaction between clients, provision encryption keys, etc.

Abstract translation: 本公开涉及一种端到端安全通信系统，其中除了加密客户端之间的传输之外，还可以确保在每个客户端内发生的与通信相关的操作。 每个客户端可以包括用于处理从其他客户端接收的加密通信信息和本地捕获的媒体信息以便传输到其他客户端的安全处理环境。 安全处理环境可以包括用于解密所接收的加密通信信息并将通信信息处理成媒体信息以供客户呈现的资源。 安全处理环境也可以相反地操作，以向其他客户端提供本地记录的音频，图像，视频等。 可以在客户端的信息处理的各个阶段采用加密协议，以帮助确保在处理资源之间传递的信息不能被读取，复制，改变等。在一个示例实现中，服务器可以管理客户端之间的交互，提供加密 钥匙等

公开(公告)号：WO2014178853A1

公开(公告)日：2014-11-06

申请号：PCT/US2013/038909

申请日：2013-04-30

Applicant: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.

Inventor： SANDHOLM, Thomas E ,  ANKOLEKAR, Anupriya

IPC: H04L9/32 ,  G06F21/32 ,  G06K9/20

CPC classification number: G06K9/00288 ,  G06F17/30256 ,  G06F21/32 ,  G06F21/6218 ,  G06F2221/2141 ,  G06K9/00221 ,  G06K9/00268 ,  G06K9/66 ,  H04L9/3231 ,  H04L63/0861 ,  H04L65/403 ,  H04L2209/60 ,  H04N21/23418 ,  H04N21/4223 ,  H04N21/44008 ,  H04N21/4415 ,  H04N21/44218 ,  H04N21/4788

Abstract: Example embodiments relate to ad-hoc, face-recognition-driven content sharing. In example embodiments, a system matches a face in a face image extracted from a video stream from a sharing device to a face profile of a receiving user, where the face profile of the receiving user is generated based on a training face image that is extracted from a training video stream of a training device of the receiving user. In response to generating a temporary token that is associated with the face profile, the system sends the temporary token and an arbitrary handle from the face profile to the sharing device. At this stage, the system receives a context identifier from the sharing device and provides the context identifier to the receiving device of the receiving user.

Abstract translation: 示例性实施例涉及自组织，面部识别驱动的内容共享。 在示例实施例中，系统将从从共享设备的视频流提取的面部图像中的脸部匹配到接收用户的面部轮廓，其中基于提取的训练面部图像来生成接收用户的面部轮廓 来自接收用户的训练装置的训练视频流。 响应于生成与面部轮廓相关联的临时令牌，系统将临时令牌和任意句柄从面部轮廓发送到共享装置。 在这个阶段，系统从共享设备接收上下文标识符，并向接收用户的接收设备提供上下文标识符。

公开(公告)号：WO2014158604A1

公开(公告)日：2014-10-02

申请号：PCT/US2014/018669

申请日：2014-02-26

Applicant: INTEL CORPORATION ,  NAYSHTUT, Alex ,  BEN-SHALOM, Omer ,  YOSHII, Terry H.

Inventor： NAYSHTUT, Alex ,  BEN-SHALOM, Omer ,  YOSHII, Terry H.

IPC: G06F21/60 ,  G06F15/16

CPC classification number: G06F21/60 ,  G06F11/1453 ,  G06F21/6227 ,  H04L9/083 ,  H04L9/0894 ,  H04L9/14 ,  H04L9/3242 ,  H04L63/0435 ,  H04L63/061 ,  H04L63/062 ,  H04L63/0876 ,  H04L2209/60

Abstract: Technologies for de-duplicating encrypted content include fragmenting a file into blocks on a computing device, encrypting each block, and storing each encrypted block on a content data server with associated keyed hashes and member identifications. The computing device additionally transmits each encrypted block with an associated member encryption key and member identification to a key server. As part of the de-duplication process, the content data server stores only one copy of the encrypted data for a particular associated keyed hash, and the key server similarly associates a single member encryption key with the keyed hash. To retrieve the file, the computing device receives the encrypted blocks with their associated keyed hashes and member identifications from the content data server and receives the corresponding member decryption key from the key server. The computing device decrypts each block using the member decryption keys and combines to blocks to generate the file.

Abstract translation: 用于解密加密内容的技术包括将文件分解成计算设备上的块，加密每个块，以及将每个加密的块存储在具有相关联的密钥哈希和成员标识的内容数据服务器上。 计算设备另外向密钥服务器发送具有相关联的成员加密密钥和成员标识的每个加密块。 作为重复数据删除过程的一部分，内容数据服务器仅存储用于特定关联密钥哈希的加密数据的一个副本，并且密钥服务器类似地将单个成员加密密钥与密钥哈希相关联。 为了检索文件，计算设备从内容数据服务器接收具有相关联的密钥哈希和成员标识的加密块，并从密钥服务器接收相应的成员解密密钥。 计算设备使用成员解密密钥对每个块进行解密，并组合到块以生成该文件。

公开(公告)号：WO2014026462A1

公开(公告)日：2014-02-20

申请号：PCT/CN2013/000698

申请日：2013-06-14

Applicant: 福州福昕软件开发有限公司北京分公司

Inventor： 王国家

IPC: G06F21/00 ,  H04L9/32

CPC classification number: G06F21/10 ,  G06F21/6209 ,  H04L9/32 ,  H04L2209/60

Abstract: 本发明公开一种数字权益管理方法，其包括如下步骤：步骤S1：服务器端对原始电子文件进行加密，加密时同时对流程码、文件唯一标识、授权位置和校验信息注入；步骤S2：从加密文件中获取流程码、文件标识、授权位置和校验信息，进行完整性验证，步骤S3：验证无误后，将相关信息发送给授权服务器；步骤S4：授权服务器收到加密文件注入信息，先进行完整性验证，接着根据流程码，来判断加密文件类型，根据类型，进行授权文件生成和发送；步驟S5：解密工具获取授权文件，进行授权信息的完整性验证，然后进行解密、解析、在权限控制下使用。本发明的方法是在不改变或很少改变加/解密工具情况下，用户可以自定义文件加密强度。