Abstract:
A method of enabling a proxy to participate in a secure communication between a client and a set of servers. The method begins by establishing a first secure session between the client and the proxy. Upon verifying the first secure session, the method continues by establishing a second secure session between the client and the proxy. In the second secure session, the client requests the proxy to act as a conduit to a first server. Thereafter, the client and the first server negotiate a first session master secret. Using the first secure session, this first session master secret is then provided by the client to the proxy to enable the proxy to participate in secure communications between the client and the first server. After receiving the first session master secret, the proxy generates cryptographic information that enables it to provide a given service (e.g., transcoding) on the client's behalf and without the first server's knowledge or participation. If data from a second server is required during the processing of a given client request to the first server, the proxy issues a request to the client to tunnel back through the proxy to the second server using the same protocol.
Abstract:
A method isprovided for augmentingprogramming content at a remote location, such as a hotel, with the programming content ordinarily provided under subscription to a home location, such as a user's home. A user agreement is formed between a user and a home service provider, delineating the content provided by the home service provider to the home location. A service provider agreement is formed between the home service provider and a remote service provider, delineating content to be broadcast from the home location to the remote location. Local content is selectively augmented by the home content and displayed on a viewing device at the remote location. The user may remotely access settings and functions of a home set top box while at the remote location.
Abstract:
An apparatus and a method are provided for selectively accessing digital content carried on a distribution medium such as a physical medium or a broadcast medium. In one embodiment, a plurality of digital content items are encrypted under a plurality of different key management blocks, wherein each key management block is associated with a different set of device keys. The plurality of content items may be provided together on a single distribution medium to devices having assigned device keys, so that devices may selectively access content as determined by the different key management block used to encrypt the various content items and by the device keys assigned to the devices. Depending on the association between the device key and the key management blocks, the decoding device may decode all of the content items, some of the content items, or none of the content items. To provide greater security, each content item may be multiple encrypted using multiple key management blocks per content item.
Abstract:
PROBLEM TO BE SOLVED: To enable a proxy to participate in a secure communication between a client and a set of servers. SOLUTION: This method includes steps of: requesting a client for a first secure connection to a proxy; requesting the client for a second secure connection to the proxy when a certificate received from the proxy is authenticated to be valid, that is a step of requesting the proxy so that the second secure connection works as a conduit to the server and negotiating respective session master secrets to the client and the server through the conduit; using the first secure connection for the client to deliver the secret to the proxy at the end of the negotiation; and enabling the proxy to use the secret to generate prescribed code information useful for joining the secure communication. COPYRIGHT: (C)2010,JPO&INPIT
Abstract:
Mandanten in einer mandantenfähigen, gemeinsam genutzten Implementierung werden ihre eigenen, einzigartigen Schlüsselbereiche bereitgestellt, über die sie ein Schlüsselverwaltungssystem steuern. Auf diese Weise werden virtuelle Schlüsselverwaltungsdomänen je Mandant (je Kunde) so erstellt, dass, wenn Daten eines bestimmten Kunden in der IT-Infrastruktur des Rechenzentrums/der Rechenzentren des Anbieters in ein Mehrmandantensystem eingebracht, gespeichert, übertragen oder virtualisiert werden, sie mithilfe von Schlüsselverwaltungsmaterialien gesichert werden, die für diesen Kunden spezifisch sind. Dies gewährleistet, dass die Gesamtheit der Daten eines Mandanten sicher bleibt, indem sie gegenüber Anwendungen anderer Mandanten kryptographisch isoliert wird. Die virtuellen Schlüsselverwaltungsdomänen werden mithilfe eines Übertragungsverschlüsselungs(BE)-Protokolls und im Besonderen eines Schemas mit mehreren Verwaltungsschlüsselvarianten dieses Protokolls festgelegt. Das virtuelle Schlüsselverwaltungssystem (VKMS) und -protokoll auf Grundlage von Übertragungsverschlüsselung erzielen eine je Mandant (wie auch je Anwendung) gesicherte Isolierung von Daten und können in jeglicher Kombination von Ressourcen in oder über sämtlichen) Ebenen einer IT-Infrastruktur mit mehreren Mandanten hinweg verwendet werden.
Abstract:
The present invention provides a means for managing title keys by establishing logical partitions of title keys encrypted with the same binding information. The invention supports delayed and background processing of title keys when binding information changes. This invention supports proper accounting for devices required to recover rebinding processing when devices fail or go offline unexpectedly during processing. The invention uses binding context which represents a set of data that can be used to determine if the binding information used to encrypt a set of title keys is outdated and allow for rebinding to the current cluster binding information level.
Abstract:
A set of program elements (e.g., transcoders) are grouped together as an administrative unit. Instead of caching the individual outputs of each program element, preferably only the aggregate output of the set of program elements, taken as a whole, is cached. The inventive technique enables the effective re-use of intermediate content. In an illustrative client-server based implementation involving a transcoding service located at a server, the cached information may be shared across multiple server instances to obviate redundant processing. With the present invention, a caching mechanism in a complex software system may be extended in a user-configurable manner by setting up optimal intermediate caching points that are defined by groups of programs used in long computations.
Abstract:
A method of enabling a proxy to participate in a secure communication between a client and a set of servers. The method begins by establishing a first secure session between the client and the proxy. Upon verifying the first secure session, the method continues by establishing a second secure session between the client and the proxy. In the second secure session, the client requests the proxy to act as a conduit to a first server. Thereafter, the client and the first server negotiate a first session master secret. Using the first secure session, this first session master secret is then provided by the client to the proxy to enable the proxy to participate in secure communications between the client and the first server. After receiving the first session master secret, the proxy generates cryptographic information that enables it to provide a given service (e.g., transcoding) on the client's behalf and without the first server's knowledge or participation. If data from a second server is required during the processing of a given client request to the first server, the proxy issues a request to the client to tunnel back through the proxy to the second server using the same protocol.
Abstract:
Tenants in a multi-tenant shared deployment are provided their own distinct key spaces over which they control a key management system. In this manner, virtual key management domains are created on a per-tenant (per-customer) basis so that, whenever a particular customer's data is co-tenanted, stored, transmitted or virtualized in the IT infrastructure of the provider's datacenter(s), it is secured using key management materials specific to that customer. This assures that the entirety of a tenant's data remains secure by cryptographically isolating it from other tenants' applications. The virtual key management domains are established using a broadcast encryption (BE) protocol and, in particular, a multiple management key variant scheme of that protocol. The broadcast encryption- based virtual key management system (VKMS) and protocol achieves per-tenant (as well as per-application) secured isolation of data and can be used across any combination of resources in or across all levels of a co-tenanted IT infrastructure.
Abstract:
A method of enabling a proxy to participate in a secure communication between a client and a set of servers. The method begins by establishing a first secure session between the client and the proxy. Upon verifying the first secure session, the method continues by establishing a second secure session between the client and the proxy. In the second secure session, the client requests the proxy to act as a conduit to a first server. Thereafter, the client and the first server negotiate a first session master secret. Using the first secure session, this first session master secret is then provided by the client to the proxy to enable the proxy to participate in secure communications between the client and the first server. After receiving the first session master secret, the proxy generates cryptographic information that enables it to provide a given service (e.g., transcoding) on the client's behalf and without the first server's knowledge or participation. If data from a second server is required during the processing of a given client request to the first server, the proxy issues a request to the client to tunnel back through the proxy to the second server using the same protocol.