公开(公告)号：WO02060118A2

公开(公告)日：2002-08-01

申请号：PCT/GB0200312

申请日：2002-01-23

Applicant: IBM ,  IBM UK

Inventor： LOTSPIECH JEFFREY BRUCE ,  NAOR DALIT ,  NAOR SIMEON

IPC: H04L9/08 ,  H04N7/167 ,  H04N21/266 ,  H04N21/418 ,  H04N21/433 ,  H04N21/4623

CPC classification number: G11B20/00086 ,  G11B20/0021 ,  G11B20/00224 ,  G11B20/00246 ,  G11B20/00253 ,  G11B20/00492 ,  G11B2220/2537 ,  H04L9/0836 ,  H04L9/0891 ,  H04L2209/601 ,  H04L2209/606 ,  H04N7/1675 ,  H04N21/26606 ,  H04N21/4181 ,  H04N21/4331 ,  H04N21/4623

Abstract: A method for tracing traitor receivers in a broadcast encryption system. The method includes using a false key to encode plural subsets representing receivers in the system. The subsets are derived from a tree using a Subset-Cover system, and the traitor receiver is associated with one or more compromised keys that have been obtained by a potentially cloned pirate receiver. Using a clone of the pirate receiver, the identity of the traitor receiver is determined, or the pirate receiver clones are rendered useless for decrypting data using the compromised key by generating an appropriate set of subsets.

Abstract translation: 用于跟踪广播加密系统中的叛徒接收器的方法。 该方法包括使用假密钥对表示系统中接收机的多个子集进行编码。 这些子集是使用子集覆盖系统从树中导出的，并且叛逆者接收者与由潜在的克隆的海盗接收者获得的一个或多个受损密钥相关联。 使用盗版接收机的克隆，确定叛徒接收者的身份，或者通过生成适当的一组子集，使用所述受损密钥来解密数据，使得盗版接收机克隆变得无用。

公开(公告)号：WO2006056549A3

公开(公告)日：2007-02-22

申请号：PCT/EP2005056010

申请日：2005-11-16

Applicant: IBM ,  IBM UK ,  LOTSPIECH JEFFREY BRUCE

Inventor： LOTSPIECH JEFFREY BRUCE

IPC: H04L9/08

CPC classification number: H04L9/0836 ,  H04L9/0891 ,  H04L2209/601

Abstract: A method, system, and computer program product for broadcast encryption key management. The invention eliminates the need for pre-specification of a maximum number of keys that can be employed in a given broadcast encryption system by enabling an initial key to be extended by a link key. New receiver devices are modified to validate the extended keys, while older devices ignore them and process initial keys as usual. Compromised link keys can be revoked, though revocation preferably uses a unique syntax for link key revocation.

Abstract translation: 一种用于广播加密密钥管理的方法，系统和计算机程序产品。 本发明消除了通过使得能够通过链路密钥来扩展初始密钥而在给定的广播加密系统中可以采用的最大数目的密钥的预先规定的需要。 新的接收机设备被修改以验证扩展密钥，而较旧的设备忽略它们并像往常一样处理初始密钥。 妥协链接密钥可以被撤消，尽管撤销优选地使用用于链接密钥撤销的唯一语法。

公开(公告)号：WO2006074987A3

公开(公告)日：2006-12-28

申请号：PCT/EP2006050099

申请日：2006-01-09

Applicant: IBM ,  WALT DISNEY PROD ,  IBM UK ,  LOTSPIECH JEFFREY BRUCE ,  WATSON SCOTT FRAZIER

Inventor： LOTSPIECH JEFFREY BRUCE ,  WATSON SCOTT FRAZIER

IPC: H04L9/00 ,  H04L9/08

CPC classification number: G11B20/00086 ,  G11B20/00362 ,  G11B20/00427 ,  G11B20/00528 ,  H04N5/913 ,  H04N21/4334 ,  H04N21/4627 ,  H04N21/8355 ,  H04N2005/91364

Abstract: A recorder system contains a media key block (MKB) and selectively writes protected content into a recording medium according to the following content protection logic, to combat theft of the protected content: If the medium does not have a MKB, then the recorder writes its stored MKB into the medium and writes protected content into the medium. If the medium has a MKB that is older than the stored MKB in the recorder, then the recorder writes its stored MKB into the medium before re-encrypting and writing protected content into the medium. If the medium has a MKB that is newer than the stored MKB, then the MKB in the medium is used for content protection. The recorder may store the newer MKB in non-volatile memory, effectively updating its previous stored MKB, so the recorder will have the most recently observed MKB for content protection use.

Abstract translation: 记录器系统包含媒体密钥块（MKB），并根据以下内容保护逻辑选择性地将受保护内容写入记录介质，以防止受保护内容的盗窃：如果介质没有MKB，则记录器将其写入 将MKB存储到介质中，并将受保护的内容写入介质。 如果介质的MKB比存储器中存储的MKB更早，则记录器将其存储的MKB写入介质，然后再重新加密并将受保护的内容写入介质。 如果介质的MKB比存储的MKB更新，则介质中的MKB用于内容保护。 录音机可以将更新的MKB存储在非易失性存储器中，有效地更新其以前存储的MKB，因此录音机将具有最近观察到的MKB以进行内容保护。

公开(公告)号：WO2004030269A3

公开(公告)日：2004-08-12

申请号：PCT/GB0304064

申请日：2003-09-22

Applicant: IBM ,  IBM UK

Inventor： LOTSPIECH JEFFREY BRUCE

IPC: G06F21/00 ,  G06Q10/08 ,  H04L9/32

CPC classification number: H04L9/3249 ,  G06F21/64 ,  G06Q10/087 ,  H04L9/302 ,  H04L9/3236 ,  H04L2209/127 ,  H04L2209/56 ,  H04L2209/603

Abstract: A system, method, and computer program product enabling user devices to authenticate and validate a digital message sent by a distribution centre, without requiring transmissions to the distribution centre. The centre transmits the message with an appended modulus that is the product of two specially selected primes. The transmission includes an appended authentication value based on an original message hash value, a new message hash value, and the modulus. The new message hash value is the centre's public RSA key; a corresponding private RSA key is also computed. Individual user devices combine a digital signet, a public modulus, unique secret numbers, and an original message hash to compute a unique integrity value K. Subsequent messages are similarly processed to determine new integrity values K', which equal K if and only if new messages originated from the centre and have not been corrupted.

Abstract translation: 一种系统，方法和计算机程序产品，使得用户设备能够认证和验证由配送中心发送的数字消息，而不需要向配送中心进行传输。 中心传输具有两个特别选择的素数的乘积的附加模数的消息。 传输包括基于原始消息散列值，新消息散列值和模数的附加认证值。 新消息哈希值是中心的公共RSA密钥; 还计算相应的专用RSA密钥。 单个用户设备组合数字签名，公共模数，唯一秘密号码和原始消息散列以计算唯一的完整性值K.后续消息被类似地处理以确定新的完整性值K'，当且仅当新的 消息源于中心，并没有被破坏。

公开(公告)号：WO02060116A3

公开(公告)日：2002-09-26

申请号：PCT/GB0200305

申请日：2002-01-23

Applicant: IBM ,  IBM UK

Inventor： LOTSPIECH JEFFREY BRUCE ,  NAOR DALIT ,  NAOR SIMEON

IPC: H04L9/08 ,  H04L12/18 ,  H04L29/06

CPC classification number: H04L63/0428 ,  G11B20/0021 ,  H04L9/0836 ,  H04L9/0891 ,  H04L12/18 ,  H04L2209/605 ,  H04L2209/606

Abstract: A tree is used to partition stateless receivers in a broadcast content encryption system into subsets. Two different methods of partitioning are disclosed. When a set of revoked receivers is identified, the revoked receivers define a relatively small cover of the non-revoked receivers by disjoint subsets. Subset keys associated with the subsets are then used to encrypt a session key that in turn is used to encrypt the broadcast content. Only non-revoked receivers can decrypt the session key and, hence, the content.

Abstract translation: 一棵树用于将广播内容加密系统中的无状态接收器分成子集。 公开了两种不同的分割方法。 当识别出一组撤销的接收者时，撤销的接收者通过不相交的子集定义非撤销的接收者的相对较小的覆盖。 与子集相关联的子集密钥然后用于加密会话密钥，会话密钥又用于加密广播内容。 只有非撤销的接收者可以解密会话密钥，因此可以解密内容。

公开(公告)号：CA2623182C

公开(公告)日：2014-10-07

申请号：CA2623182

申请日：2006-09-11

Applicant: IBM

Inventor： LOTSPIECH JEFFREY BRUCE ,  NIN SIGFREDO ISMAEL ,  JIN HONGXIA

IPC: H04L9/08

Abstract: A system, method, and computer program product to renewably prevent traitors in a broadcast encryption system from re-using compromised keys. A license agency assigns individual receivers a set of Sequence Keys preferably at manufacture, and assigns Sequence Key Blocks (SKBs) to protected content files to be distributed. The files may be distributed on prerecorded media and typically include several file modifications . The particular modifications in a pirated version of a file can help identify which traitors contributed to its theft. SKBs assigned to new files distributed after traitors have been identified cannot be usefully processed using the compromised keys employed in previous content piracy. Innocent receivers that happen to have compromised key(s) in common with traitors can use a replacement uncompromised Sequence Key from the set to usefully decrypt content. Traitors will however step through all their Sequence Keys without reaching one that will work.

公开(公告)号：AU2003264906A8

公开(公告)日：2004-04-19

申请号：AU2003264906

申请日：2003-09-22

Applicant: IBM

Inventor： LOTSPIECH JEFFREY BRUCE

IPC: G06F21/00 ,  G06Q10/08 ,  H04L9/32

Abstract: A system, method, and computer program product enabling individual user devices to authenticate and validate a digital message sent by a distribution center, without requiring transmissions to the distribution center. The center transmits the message with an appended modulus that is the product of two specially selected primes. The transmission also includes an appended authentication value that is based on an original message hash value, a new message hash value, and the modulus. The new message hash value is designed to be the center's public RSA key; a corresponding private RSA key is also computed. Individual user devices combine a digital signet, a public modulus, preferably unique hardware-based numbers, and an original message hash to compute a unique integrity value K. Subsequent messages are similarly processed to determine new integrity values K′, which equal K if and only if new messages originated from the center and have not been corrupted.

公开(公告)号：AU2002228163A1

公开(公告)日：2002-08-06

申请号：AU2002228163

申请日：2002-01-23

Applicant: IBM

Inventor： LOTSPIECH JEFFREY BRUCE ,  NAOR DALIT ,  NAOR SIMEON

IPC: H04L9/08 ,  H04L12/18 ,  H04L29/06

Abstract: A tree is used to partition stateless receivers in a broadcast content encryption system into subsets. Two different methods of partitioning are disclosed. When a set of revoked receivers is identified, the revoked receivers define a relatively small cover of the non-revoked receivers by disjoint subsets. Subset keys associated with the subsets are then used to encrypt a session key that in turn is used to encrypt the broadcast content. Only non-revoked receivers can decrypt the session key and, hence, the content.

公开(公告)号：ES2327273T3

公开(公告)日：2009-10-27

申请号：ES06793423

申请日：2006-09-11

Applicant: IBM

Inventor： LOTSPIECH JEFFREY BRUCE ,  NIN SIGFREDO ISMAEL ,  JIN HONGXIA

IPC: H04L9/08

Abstract: Un método para prevenir la reutilización de claves comprometidas en un sistema de codificación de emisión, caracterizado por: (a) incorporar un conjunto particular de claves de secuencia asignadas por una agencia de licenciamiento a receptores individuales; (b) asignar un bloque de claves de secuencia (en adelante SKB) por la agencia de licenciamiento al menos a un archivo protegido distribuido; (c) pruebas criptográficas incrementales por los receptores individuales para determinar (200) si una clave de secuencia seleccionada está comprometida; (d1) si la clave de secuencia seleccionada no está comprometida, entonces descodificar adecuadamente en respuesta (202) el archivo y finalizar el método; (d2) si la clave de secuencia seleccionada está comprometida, entonces determinar en respuesta (204) si se dispone de una clave de secuencia subsiguiente del conjunto; (e1) si está disponible una clave de secuencia subsiguiente, entonces seleccionar (206) esa clave de secuencia subsiguiente y volver a la etapa (c); y (e2) si no está disponible una clave de secuencia subsiguiente, entonces el método termina (208) sin descodificar apropiadamente el archivo.

公开(公告)号：CA2623182A1

公开(公告)日：2007-04-12

申请号：CA2623182

申请日：2006-09-11

Applicant: IBM

Inventor： LOTSPIECH JEFFREY BRUCE ,  NIN SIGFREDO ISMAEL ,  JIN HONGXIA

IPC: H04L9/08

Abstract: A system, method, and computer program product to renewably prevent traitors in a broadcast encryption system from re-using compromised keys. A license agency assigns individual receivers a set of Sequence Keys preferably at manufacture, and assigns Sequence Key Blocks (SKBs) to protected content files to be distributed. The files may be distributed on prerecorded media and typically include several file modifications. The particular modifications in a pirated version of a file can help identify which traitors contributed to its theft. SKBs assigned to new files distributed after traitors have been identified cannot be usefully processed using the compromised keys employed in previous content piracy. Innocent receivers that happen to have compromised key(s) in common with traitors can use a replacement uncompromised Sequence Key from the set to usefully decrypt content. Traitors will however step through all their Sequence Keys without reaching one that will work.