公开(公告)号：CA2543572C

公开(公告)日：2012-01-17

申请号：CA2543572

申请日：2004-11-09

Applicant: IBM

Inventor： JIN HONXIA ,  LEAKE DONALD JR ,  LOTSPIECH JEFFREY ,  NIN SIGFREDO ,  PLOUFFE WILFRED

IPC: G06F1/00 ,  G06F21/00

Abstract: A trusted Java virtual machine provides a method for supporting tamper-resistant applications, ensuring the integrity of an application and its secrets such as keys. The trusted Java virtual machine verifies the integrity of the Java application, prevents debugging of the Java application, and allows the Java application to securely store and retrieve secrets. The trusted Java virtual machine environment comprises a TrustedDictionary, a TrustedBundle, an optional encryption method for encrypting and decrypting byte codes, and an underlying trusted Java virtual machine. The encrypted TrustedDictionary protects data while the TrustedBundle protects programming code, allowing applications to store secret data and secure counters. The application designer can restrict TrustedBundle access to only those interfaces that the application designer explicitly exports. The open source code may optionally be encrypted. Secrets required by the open source programming code of the application are encrypted in TrustedDictionary.

公开(公告)号：AT432560T

公开(公告)日：2009-06-15

申请号：AT06793423

申请日：2006-09-11

Applicant: IBM

Inventor： LOTSPIECH JEFFREY ,  NIN SIGFREDO ,  JIN HONGXIA

IPC: H04L9/08

Abstract: A system, method, and computer program product to renewably prevent traitors in a broadcast encryption system from re-using compromised keys. A license agency assigns individual receivers a set of Sequence Keys preferably at manufacture, and assigns Sequence Key Blocks (SKBs) to protected content files to be distributed. The files may be distributed on prerecorded media and typically include several file modifications. The particular modifications in a pirated version of a file can help identify which traitors contributed to its theft. SKBs assigned to new files distributed after traitors have been identified cannot be usefully processed using the compromised keys employed in previous content piracy. Innocent receivers that happen to have compromised key(s) in common with traitors can use a replacement uncompromised Sequence Key from the set to usefully decrypt content. Traitors will however step through all their Sequence Keys without reaching one that will work.

公开(公告)号：AT486421T

公开(公告)日：2010-11-15

申请号：AT06701255

申请日：2006-01-09

Applicant: IBM ,  WALT DISNEY PROD

Inventor： LOTSPIECH JEFFREY ,  WATSON SCOTT

IPC: H04L9/00 ,  G06F21/00 ,  G11B20/00 ,  H04L9/08

Abstract: A recorder system contains a media key block (MKB) and selectively writes protected content into a recording medium according to the following content protection logic, to combat theft of the protected content: If the medium does not have a MKB, then the recorder writes its stored MKB into the medium and writes protected content into the medium. If the medium has a MKB that is older than the stored MKB in the recorder, then the recorder writes its stored MKB into the medium before re-encrypting and writing protected content into the medium. If the medium has a MKB that is newer than the stored MKB, then the MKB in the medium is used for content protection. The recorder may store the newer MKB in non-volatile memory, effectively updating its previous stored MKB, so the recorder will have the most recently observed MKB for content protection use.

公开(公告)号：CA2467974A1

公开(公告)日：2000-02-24

申请号：CA2467974

申请日：1999-08-12

Applicant: IBM

Inventor： MILSTED KENNETH ,  LEHAMN CHRISTOPHER ,  LOTSPIECH JEFFREY ,  DOWNS EDGAR ,  GRUSE GEORGE GREGORY ,  HURTADO MARCO ,  MEDINA CESAR ,  DORAK JOHN

IPC: G06F21/00 ,  G06F12/14 ,  G06F21/10 ,  G06Q30/00 ,  H04L9/14 ,  H04L9/28 ,  H04L9/30 ,  H04L12/16 ,  G06F17/60

Abstract: A system for tracking usage of digital content on user devices. Electronic stores coupled to a network sell licenses to play digital content data to users. Content players , which receive from the network the licensed content data, are used to play the licensed content dat a. Additionally, a logging site that is coupled to the network tracks the playing of the content data. In particular, the logging site receives play information from the network, and the play information includes the number of times that the content data has been played by the associated content player . Also provided is a method for tracking usage of digital content on user devices. According to t he method, a license to play digital content data is sold to a user, and the licensed content data i s transmitted to a content player for the user. Further, information is transmitted to a logging site whenever the content data is played by the content player or copied from the content player to an external medium so that usage of the licensed content data can be tracked.

公开(公告)号：CA2338414A1

公开(公告)日：2000-02-24

申请号：CA2338414

申请日：1999-08-12

Applicant: IBM

Inventor： DORAK JOHN JR ,  DOWNS EDGAR ,  GRUSE GEORGE GREGORY ,  MILSTED KENNETH ,  LEHMAN CHRISTOPHER ,  LOTSPIECH JEFFREY ,  MEDINA CESAR ,  HURTADO MARCO

IPC: G06F21/00 ,  G06F12/14 ,  G06F21/10 ,  G06Q30/00 ,  H04L9/14 ,  H04L9/28 ,  H04L9/30 ,  H04L12/16 ,  G06F1/00 ,  G06F17/60 ,  H04L29/06

Abstract: A system for tracking usage of digital content on user devices. Electronic stores coupled to a network sell licenses to play digital content data to users. A system for securely providing data, the system being capable of receiving both data encrypted with a first encryption key and a encrypted first encryption key.

公开(公告)号：CA2467974C

公开(公告)日：2010-03-30

申请号：CA2467974

申请日：1999-08-12

Applicant: IBM

Inventor： DORAK JOHN ,  DOWNS EDGAR ,  GRUSE GEORGE GREGORY ,  HURTADO MARCO ,  LEHAMN CHRISTOPHER ,  LOTSPIECH JEFFREY ,  MEDINA CESAR ,  MILSTED KENNETH

IPC: G06F21/00 ,  H04L12/16 ,  G06F12/14 ,  G06F21/10 ,  G06Q30/00 ,  H04L9/14 ,  H04L9/28 ,  H04L9/30

Abstract: A system for tracking usage of digital content on user devices. Electronic stores coupled to a network sell licenses to play digital content data to users. Content players, which receive from the network the licensed content data, are used to play the licensed content data. Additionally, a logging site that is coupled to the network tracks the playing of the content data. In particular, the logging site receives play information from the network, and the play information includes the number of times that the content data has been played by the associated content player. Also provided is a method for tracking usage of digital content on user devices. According to the method, a license to play digital content data is sold to a user, and the licensed content data is transmitted to a content player for the user. Further, information is transmitted to a logging site whenever the content data is played by the content player or copied from the content player to an external medium so that usage of the licensed content data can be tracked.

公开(公告)号：AT455409T

公开(公告)日：2010-01-15

申请号：AT03798246

申请日：2003-09-22

Applicant: IBM

Inventor： LOTSPIECH JEFFREY

IPC: H04L9/32 ,  G06F21/00 ,  G06Q10/08

Abstract: A system, method, and computer program product enabling individual user devices to authenticate and validate a digital message sent by a distribution center, without requiring transmissions to the distribution center. The center transmits the message with an appended modulus that is the product of two specially selected primes. The transmission also includes an appended authentication value that is based on an original message hash value, a new message hash value, and the modulus. The new message hash value is designed to be the center's public RSA key; a corresponding private RSA key is also computed. Individual user devices combine a digital signet, a public modulus, preferably unique hardware-based numbers, and an original message hash to compute a unique integrity value K. Subsequent messages are similarly processed to determine new integrity values K′, which equal K if and only if new messages originated from the center and have not been corrupted.

公开(公告)号：AT445269T

公开(公告)日：2009-10-15

申请号：AT02710108

申请日：2002-01-23

Applicant: IBM

Inventor： LOTSPIECH JEFFREY ,  NAOR DALIT ,  NAOR SIMEON

IPC: H04L9/08 ,  H04L12/18 ,  H04L29/06

Abstract: A tree is used to partition stateless receivers in a broadcast content encryption system into subsets. Two different methods of partitioning are disclosed. When a set of revoked receivers is identified, the revoked receivers define a relatively small cover of the non-revoked receivers by disjoint subsets. Subset keys associated with the subsets are then used to encrypt a session key that in turn is used to encrypt the broadcast content. Only non-revoked receivers can decrypt the session key and, hence, the content.

公开(公告)号：AT370479T

公开(公告)日：2007-09-15

申请号：AT03799521

申请日：2003-12-19

Applicant: IBM

Inventor： LOTSPIECH JEFFREY ,  SRINIVASAN SAVITHA ,  SIGFREDO NIN ,  DALIT NAOR ,  RAM REDDY ,  BLAKELEY BURNETTE

IPC: G07F19/00 ,  G06Q20/00 ,  G07F7/00 ,  H04L9/00 ,  H04L29/06

Abstract: A system, method, business method, and computer program product for conducting electronic transactions with a potentially untrusted server while maintaining user anonymity and transaction privacy, yet allowing the server to verify the user is a valid subscriber entitled to participate in the transaction. Anonymous service requests are sent to the server. The server transmits responses that have been encrypted such that only valid subscribers can decrypt them. Broadcast encryption schemes that enable selective revocation of misbehaving subscribers will tip off requestors that the server is trying to identify them. Transaction and content quantity can be monitored for usage-based billing while maintaining anonymity. Each content item may be uniquely encrypted with a content key that is then encrypted by a session key and included in encrypted form with a response, to reduce the computational workload.

公开(公告)号：AT411665T

公开(公告)日：2008-10-15

申请号：AT02710110

申请日：2002-01-23

Applicant: IBM

Inventor： LOTSPIECH JEFFREY ,  NAOR DALIT ,  NAOR SIMEON

IPC: H04L9/08 ,  H04N7/167 ,  H04N21/266 ,  H04N21/418 ,  H04N21/433 ,  H04N21/4623

Abstract: A method for tracing traitor receivers in a broadcast encryption system. The method includes using a false key to encode plural subsets representing receivers in the system. The subsets are derived from a tree using a Subset-Cover system, and the traitor receiver is associated with one or more compromised keys that have been obtained by a potentially cloned pirate receiver. Using a clone of the pirate receiver, the identity of the traitor receiver is determined, or the pirate receiver clones are rendered useless for decrypting data using the compromised key by generating an appropriate set of subsets.