公开(公告)号：WO2015183967A1

公开(公告)日：2015-12-03

申请号：PCT/US2015/032693

申请日：2015-05-27

Applicant: APPLE INC.

Inventor： ALSINA, Thomas ,  FARRUGIA, Augustin J. ,  SCHMIDT, Edward T. ,  FASOLI, Gianpaolo ,  KELLY, Sean B.

IPC: G06Q10/06 ,  G06F21/10

CPC classification number: G06Q20/1235 ,  G06F21/10 ,  G06F2221/0717 ,  G06F2221/0771 ,  G06F2221/0777 ,  G06Q10/063114 ,  G06Q20/29 ,  G06Q20/405 ,  H04L67/306 ,  H04L67/42

Abstract: One or more user accounts can be linked together to form a group of linked user accounts to access content items assigned to the other user accounts in the group of linked user accounts. Prior to completing a purchase for a content item, a requesting user can be alerted that a member of the group of linked user accounts has access to the content item. Content items assigned to a member of a group of linked user accounts can be downloaded by one or more other members of the group of linked user accounts along with a Digital Rights Management (DRM) key that enables use of the content item. The DRM key can represent the group relationship between the downloading user account and the content owner's user account to which the content item is assigned.

Abstract translation: 一个或多个用户帐户可以链接在一起以形成一组链接的用户帐户，以访问分配给链接的用户帐户组中的其他用户帐户的内容项。 在完成对内容项目的购买之前，请求用户可以被警告该链接的用户帐户组的成员可以访问该内容项目。 分配给一组链接的用户帐户的成员的内容项可以被连接的用户帐户组的一个或多个其他成员以及能够使用内容项的数字版权管理（DRM）密钥一起下载。 DRM密钥可以表示下载用户帐户与分配内容项目的内容所有者的用户帐户之间的组关系。

公开(公告)号：WO2013130609A1

公开(公告)日：2013-09-06

申请号：PCT/US2013/028023

申请日：2013-02-27

Applicant: APPLE INC.

Inventor： FARRUGIA, Augustin J. ,  REYNAUD, Daniel F. ,  FASOLI, Gianpaolo ,  MCLACHLAN, Jonathan Gregory ,  LEROUGE, Julien

IPC: G06F9/44 ,  G06F21/00

CPC classification number: G06F9/4423 ,  G06F9/4482 ,  G06F21/14 ,  G06F21/52

Abstract: Methods, media and systems that use an encoded opaque pointer in an API between a client process and a library process. An encoded opaque pointer, in one embodiment, can be received by the library process from the client process, and the library process can decode the opaque pointer to obtain an address in memory containing a data structure pointed to by the opaque pointer. The library process can operate on the data structure to create a revised or processed data structure, stored in the same or different address in heap memory or stack memory, and the library process can encode and return a new opaque pointer, for the processed data structure, to the client process.

Abstract translation: 在客户端进程和库进程之间的API中使用编码的不透明指针的方法，介质和系统。 在一个实施例中，编码的不透明指针可以由库进程从客户端进程接收，并且库进程可以对不透明指针进行解码以获得包含由不透明指针指向的数据结构的存储器中的地址。 库过程可以对数据结构进行操作以创建存储在堆存储器或堆栈存储器中的相同或不同地址中的修改或处理的数据结构，并且库过程可以编码并返回新的不透明指针，用于处理的数据结构 ，到客户端进程。

公开(公告)号：WO2008147617A1

公开(公告)日：2008-12-04

申请号：PCT/US2008/061817

申请日：2008-04-28

Applicant: APPLE INC. ,  FARRUGIA, Augustin, J. ,  FASOLI, Gianpaolo ,  TOUBLET, Bertrand, Mollinier ,  CIET, Mathieu

Inventor： FARRUGIA, Augustin, J. ,  FASOLI, Gianpaolo ,  TOUBLET, Bertrand, Mollinier ,  CIET, Mathieu

IPC: G06F21/00

CPC classification number: G06F21/10

Abstract: Some embodiments of the invention provide a content-distribution system for distributing content under a variety of different basis. For instance, in some embodiments, the content- distribution system distributes device-restricted content and device-unrestricted content. Device- restricted content is content that can only be played on devices that the system associates with the particular user. However, for at least one operation or service other than playback, device-unrestricted content has to be authenticated before this operation or service can be performed on the content. In some embodiments, the system facilitates this authentication by specifying a verification parameter for a piece of device-unrestricted content. The content-distribution system of some embodiments has a set of servers that supply (1) media storage structures that store content, (2) cryptographic keys that are needed to decrypt device-restricted content, and (3) verification parameters that are needed to verify device-unrestricted content.

Abstract translation: 本发明的一些实施例提供了一种用于在各种不同基础下分发内容的内容分发系统。 例如，在一些实施例中，内容分配系统分发受设备限制的内容和设备无限制的内容。 设备限制内容是只能在系统与特定用户关联的设备上播放的内容。 然而，对于除播放之外的至少一个操作或服务，在可以对内容执行该操作或服务之前必须对设备无限制内容进行认证。 在一些实施例中，系统通过为一片设备无限制内容指定验证参数来促进该认证。 一些实施例的内容分发系统具有一组服务器，其提供（1）存储内容的媒体存储结构，（2）解密设备限制内容所需的密码密钥，以及（3）需要的验证参数 验证设备无限制的内容。

公开(公告)号：WO2008143718A1

公开(公告)日：2008-11-27

申请号：PCT/US2008/000653

申请日：2008-01-17

Applicant: APPLE INC. ,  LEROUGE, Julien ,  FARRUGIA, Augustin J. ,  RIENDEAU, Jean-Francois ,  FASOLI, Gianpaolo

Inventor： LEROUGE, Julien ,  FARRUGIA, Augustin J. ,  RIENDEAU, Jean-Francois ,  FASOLI, Gianpaolo

IPC: H04B1/66

CPC classification number: H04N7/1675 ,  H04N21/23608 ,  H04N21/23614 ,  H04N21/23895 ,  H04N21/8455

Abstract: Method and apparatus for marking individual video frames of an H.264/ AVC standard compliant or equivalent digital video stream. Each video frame in a H.264/AVC video stream is conventionally divided into NAL units. There are typically a number of NAL units for each video frame. There is specified in the H.264/AVC standard the SEI (Supplemental Enhancement Information) type. This type includes the user data unregistered type, which can contain arbitrary data. In the present method and apparatus, an NAL unit of this type is provided at the beginning of each video frame, preceding the other NAL units associated with that video frame. The data contained in that special SEI unit is typically control information for downstream control of use of the video content. Examples of the type of control information are stream positioning data such as a video frame number; stream bit rate, such as normal, fast forward; decryption data, such as a decryption key or key derivation seed; and validation elements, such as a checksum or hash function value or signature.

Abstract translation: 用于标记H.264 / AVC标准兼容或等效数字视频流的各个视频帧的方法和装置。 H.264 / AVC视频流中的每个视频帧通常被划分成NAL个单元。 每个视频帧通常有多个NAL单元。 在H.264 / AVC标准中规定了SEI（补充增强信息）类型。 这种类型包括可以包含任意数据的用户数据未注册类型。 在本方法和装置中，这种类型的NAL单元在与该视频帧相关联的其他NAL单元之前的每个视频帧的开始处被提供。 包含在该特殊SEI单元中的数据通常是下游控制视频内容的使用的控制信息。 控制信息类型的示例是诸如视频帧号的流定位数据; 流比特率，如正常，快进; 解密数据，如解密密钥或密钥导出种子; 和验证元素，例如校验和或散列函数值或签名。

公开(公告)号：WO2008085922A2

公开(公告)日：2008-07-17

申请号：PCT/US2008/000169

申请日：2008-01-03

Applicant: APPLE INC. ,  LEROUGE, Julien ,  BETOUIN, Pierre ,  FASOLI, Gianpaolo ,  FARRUGIA, Augustin, J.

Inventor： LEROUGE, Julien ,  BETOUIN, Pierre ,  FASOLI, Gianpaolo ,  FARRUGIA, Augustin, J.

IPC: G06F12/14

CPC classification number: G06F21/64

Abstract: An integrity verification process and associated apparatus to detect tampering or other alterations to computer code (software) or other computer files, and especially useful to detect tampering with code by hackers who might try to plant their own malicious code in the software. To make the verification process more robust versus hackers, each e.g., object code file to be protected is first selected using some sort of rule, then partitioned into variable length blocks or portions, the lengths varying in an unpredictable manner. Each portion has its checksum or hash value computed. An accompanying verification file is created which includes a vector for each portion including the portion's start address in memory, length, and the computed checksum or hash value. When the code is later to be run (executed) the verification file is conventionally read and each portion is verified by computing its checksum or hash value using the same algorithm as before, and comparing that to the value in the associated verification file vector. Lack of a match in the two values indicates tampering, so execution of the code can be halted.

Abstract translation: 完整性验证过程和相关联的设备，用于检测对计算机代码（软件）或其他计算机文件的篡改或其他更改，并且特别有用于检测骇客可能尝试在软件中种植自己的恶意代码的篡改代码。 为了使验证过程比黑客更健壮，每个例如待保护的目标代码文件首先使用某种规则来选择，然后被分割成可变长度的块或部分，长度以不可预测的方式变化。 每个部分都有其计算的校验和或散列值。 创建伴随的验证文件，其中包括每个部分的向量，包括部分在内存中的起始地址，长度以及计算的校验和或哈希值。 当代码稍后运行（执行）时，常规地读取验证文件，并且通过使用与之前相同的算法计算其校验和或散列值来验证每个部分，并将其与相关联的验证文件向量中的值进行比较。 两个值中缺少匹配表示篡改，因此可以停止执行代码。

公开(公告)号：WO2007134139A2

公开(公告)日：2007-11-22

申请号：PCT/US2007/068613

申请日：2007-05-09

Applicant: APPLE INC. ,  FARRUGIA, Augustin, J. ,  FASOLI, Gianpaolo

Inventor： FARRUGIA, Augustin, J. ,  FASOLI, Gianpaolo

IPC: G06F21/00

CPC classification number: G06F21/10 ,  G06F2221/2135 ,  G06F2221/2137

Abstract: Some embodiments provide a method for determining whether a subscription for using digital content on a user device has elapsed. The method compares a first collision free image of a first set of entities in the user device with a second collision free image for a second set of entities in the user device at a second instance in time. Based on the comparison, the method determines whether the subscription has elapsed.

Abstract translation: 一些实施例提供了一种用于确定在用户设备上使用数字内容的订阅是否已经过去的方法。 该方法将用户设备中的第一组实体的第一无冲突图像与用户设备中的第二实例的第二无冲突图像在第二时间进行比较。 基于比较，该方法确定订阅是否已经过去。

公开(公告)号：WO2007101226A2

公开(公告)日：2007-09-07

申请号：PCT/US2007/062919

申请日：2007-02-27

Applicant: APPLE, INC. ,  FARRUGIA, Augustin, J. ,  FASOLI, Gianpaolo ,  RIENDEAU, Jean-Francois

Inventor： FARRUGIA, Augustin, J. ,  FASOLI, Gianpaolo ,  RIENDEAU, Jean-Francois

CPC classification number: G06F21/10

Abstract: Some embodiments of the invention provide a digital rights management (DRM) method for distributing content to users over a network. Based on a first set of diversity indicia, the method identifies a first security element for distributing a set of content to s first computer. The set of content includes one or more pieces of content. Based on a second set of diversity indicia, the method identifies a second security element for distributing the set of content to $ second computer. Based on the first security element, the method protects the set of comem for the first computer and sends the protected set of content to the first computer through the network. Based on the second security element, the method protects the set of content for the second computet and sends the protected set of content to the second computer through the network.

Abstract translation: 本发明的一些实施例提供了一种用于通过网络向用户分发内容的数字版权管理（DRM）方法。 基于第一组分集标记，该方法识别用于将一组内容分发给第一计算机的第一安全元件。 该组内容包括一个或多个内容。 基于第二组分集标记，该方法识别用于将内容集合分发给第二计算机的第二安全元件。 基于第一安全元件，该方法保护第一台计算机的comem集合，并通过网络将受保护的内容集合发送到第一台计算机。 基于第二安全元件，该方法保护第二计算机的内容集合，并通过网络将受保护的内容集合发送到第二计算机。

公开(公告)号：EP3903518A1

公开(公告)日：2021-11-03

申请号：EP19824131.7

申请日：2019-11-27

Applicant: Apple Inc.

Inventor： SAHA, Rupamay ,  LEVENTHAL, Brandon K. ,  SHARP, Christopher ,  JANARDHANAN PILLAI, Vishnu ,  FASOLI, Gianpaolo

IPC: H04W12/06 ,  H04L29/06 ,  H04L9/32

公开(公告)号：EP3118759B1

公开(公告)日：2020-07-08

申请号：EP16181889.3

申请日：2006-10-10

Applicant: Apple Inc.

Inventor： FARRUGIA, Augustin J. ,  DOWDY, Thomas ,  FASOLI, Gianpaolo

IPC: G06F21/00 ,  G06F21/10 ,  G06F21/62

公开(公告)号：EP3118759A1

公开(公告)日：2017-01-18

申请号：EP16181889.3

申请日：2006-10-10

Applicant: Apple Inc.

Inventor： FARRUGIA, Augustin J. ,  DOWDY, Thomas ,  FASOLI, Gianpaolo

IPC: G06F21/00 ,  G06F21/10 ,  G06F21/62

Abstract: Some embodiments of the invention provide a method for distributing content over a network. The method distributes a single media storage structure to a device (e.g., a computer, portable player, etc.) that connects to the network. The media storage structure includes first and second pieces of encrypted content. Based on whether the device is allowed to access the first piece of content, the second piece of content, or both, the method provides the device with a set of keys for decrypting the pieces of the content that the device is able to access. The provided set of keys might include one or more keys for decrypting only one of the two encrypted pieces of content. Alternatively, it might include one or more keys for decrypting both encrypted pieces of content. For instance, the selected set of keys might include a first key for decrypting the first encrypted piece and a second key for decrypting the second encrypted piece. Based on the provided set of keys, the device can then decrypt and access either one of the two pieces of content in the media storage structure or both pieces of encrypted content in the media storage structure.

Abstract translation: 本发明的一些实施例提供了一种通过网络分发内容的方法。 该方法将单个媒体存储结构分发到连接到网络的设备（例如，计算机，便携式播放器等）。 媒体存储结构包括第一和第二片加密内容。 基于该设备是允许访问第一条内容，第二条内容还是两者，该方法向设备提供一组密钥，用于解密设备能够访问的内容片段。 所提供的密钥集可以包括用于仅解密两个加密的内容中的一个的一个或多个密钥。 或者，它可以包括用于解密加密的内容片段的一个或多个密钥。 例如，所选择的密钥集合可以包括用于解密第一加密片段的第一密钥和用于解密第二加密片段的第二密钥。 基于所提供的一组密钥，设备然后可以解密和访问媒体存储结构中的两条内容中的任一个，或者在媒体存储结构中访问两条加密的内容。