公开(公告)号：WO0221243A3

公开(公告)日：2003-10-09

申请号：PCT/GB0103962

申请日：2001-09-05

Applicant: IBM ,  IBM UK

Inventor： LOTSPIECH JEFFREY ,  NUSSER STEFAN

IPC: G06F1/00 ,  G06F21/44 ,  G06F21/64 ,  G06F12/14

CPC classification number: G06F21/64 ,  G06F21/445

Abstract: Software manufacturers examine their module and determine a range of addresses in memory which the module occupies. A protected range of addresses in memory is predefined to not allow changes, such as patching by hackers. Each manufacturer delivers the range of addresses describing the protected area and a known good version of their module to other manufacturers that they want to interoperate with. The other manufacturers return digital signatures on the protected area, and these digital signatures are stored in the first manufacturer's module. Correspondingly, the other manufacturers do the same with their own modules. Then, in order to effect a secure communication channel between two modules the modules first pass each other the signatures previously produced. Then, to ensure that communication is being effected with an authentic authorized module, through the use of the signature and the address ranges in the protected area, each module checks that the other module has not been patched. They each further verify that all the entry points in the other module they intend to call are in fact within the protected area. In the event that both modules are verified as being trustworthy, the modules now call each other freely. However, each module, when it is called must verify that it was called from within the protected area of the other module.

Abstract translation: 软件制造商检查其模块并确定模块占用的内存中的一系列地址。 内存中保护的地址范围被预先定义为不允许更改，例如黑客修补。 每个制造商提供描述保护区域的一系列地址和其模块的已知良好版本，以供他们想要互操作的其他制造商。 其他制造商在保护区域返回数字签名，这些数字签名存储在第一个制造商的模块中。 相应地，其他制造商也用自己的模块做同样的事情。 然后，为了实现两个模块之间的安全通信信道，模块首先通过彼此之前产生的签名。 然后，为了确保通过真实的授权模块进行通信，通过使用保护区域中的签名和地址范围，每个模块检查另一个模块未被修补。 他们每个进一步验证他们打算打电话的其他模块中的所有入口点实际上在保护区内。 如果两个模块都被验证为可靠的，那么这些模块现在可以自由地相互呼叫。 然而，每个模块在被调用时都必须验证它是否在另一个模块的保护区内被调用。

公开(公告)号：JP2004007476A

公开(公告)日：2004-01-08

申请号：JP2003071645

申请日：2003-03-17

Applicant: IBM

Inventor： BELKNAP WILLIAM R ,  BREW GLENN E ,  LOTSPIECH JEFFREY B ,  NUSSER STEFAN ,  WESTERINK PETER

IPC: H04N7/173 ,  H04L29/06

Abstract: PROBLEM TO BE SOLVED: To provide a system, a method and a computer readable medium for securely realizing the streaming of an IP(Internet Protcol) base by a method independent of a format. SOLUTION: Metadata are read out from an encoded medium file 402. Then the encoded medium file 402 including the metadta subsidiary to contents data is ciphered. A steaming server system divides the encoded/ciphered medium file into a plurality of data packets and performs streaming in accordance with at least one parameter in the metadata. Then the streaming server system streams the data packets to a client information processing system (i.e. a client) through a network. COPYRIGHT: (C)2004,JPO

公开(公告)号：AU8425901A

公开(公告)日：2002-03-22

申请号：AU8425901

申请日：2001-09-05

Applicant: IBM

Inventor： NUSSER STEFAN

IPC: G06F1/00 ,  G06F21/44 ,  G06F21/64

Abstract: Software manufacturers examine their module and determine a range of addresses in memory which the module occupies. A protected range of addresses in memory is predefined to not allow changes, such as patching by hackers. Each manufacturer delivers the range of addresses describing the protected area and a known good version of their module to other manufacturers that they want to interoperate with. The other manufacturers return digital signatures on the protected area, and these digital signatures are stored in the first manufacturer's module. Correspondingly, the other manufacturers do the same with their own modules. Then, in order to effect a secure communication channel between two modules the modules first pass each other the signatures previously produced. Then, to ensure that communication is being effected with an authentic authorized module, through the use of the signature and the address ranges in the protected area, each module checks that the other module has not been patched. They each further verify that all the entry points in the other module they intend to call are in fact within the protected area. In the event that both modules are verified as being trustworthy, the modules now call each other freely. However, each module, when it is called must verify that it was called from within the protected area of the other module.

公开(公告)号：AT295989T

公开(公告)日：2005-06-15

申请号：AT02755205

申请日：2002-08-19

Applicant: IBM

Inventor： LISANKE MICHAEL ,  MILSTED KENNETH ,  NUSSER STEFAN ,  TANTLINGER BRUCE ,  WILHELM GEORGE JR

IPC: G06F21/24 ,  G06F1/00 ,  G06F21/00 ,  G06T1/00 ,  G11B20/00 ,  G11B20/10 ,  H04L29/06 ,  H04L29/08

Abstract: A method, system and computer readable medium for the blocking of recording digital content at an end user multimedia end-user-system during the rendering of encrypted digital multimedia files. Before the process of rendering of encrypted digital multimedia can be started all rendered media stream during playback are opened to ensure that this multimedia content is not recorded. This blocks the usage of the devices and/or ports that can be used to store un-encrypted content that has been decrypted for the purposes of playing or rendering. The method also includes an exception, which allows recording with permission from the present invention.