公开(公告)号：WO03005175A3

公开(公告)日：2003-04-10

申请号：PCT/US0221558

申请日：2002-06-28

Applicant: INTEL CORP

Inventor： GRAUNKE GARY ,  RIPLEY MIKE ,  BRICKELL ERNEST

IPC: G06F21/00 ,  G11B20/00 ,  H04L29/06 ,  H04N5/913 ,  H04N7/167 ,  H04N21/2347 ,  H04N21/266

CPC classification number: H04L63/04 ,  G06F21/10 ,  G06F2221/2113 ,  G11B20/00086 ,  G11B20/0021 ,  G11B20/00731 ,  H04L9/0836 ,  H04L63/105 ,  H04L2209/60 ,  H04L2463/101 ,  H04N5/913 ,  H04N7/1675 ,  H04N21/2347 ,  H04N21/26613 ,  H04N2005/91364

Abstract: In one aspect of the invention is a method for a multi-level, and multi-dimensional scheme of content protection. Content having one or more attributes is encrypted using separate keys for each level of protection, where each level corresponds to an assurance of protection for each attribute. The content may be distributed to a number of environments having different levels fo protection by transmitting a base key commensurate with the environment's subscription level. The base key may then be used generate lower level keys for accessing content at a level of protection less than or equal to that subscribed to.

Abstract translation: 本发明的一个方面是一种用于内容保护的多层次和多维方案的方法。 具有一个或多个属性的内容使用用于每个级别的保护的单独的密钥进行加密，其中每个级别对应于对每个属性的保护的保证。 可以通过发送与环境订阅级别相称的基本密钥来将内容分发到具有不同级别的环境的多个环境。 然后可以使用基本密钥生成较低级别的密钥，用于以小于或等于所订阅的级别的保护级别访问内容。

公开(公告)号：WO2006025952A2

公开(公告)日：2006-03-09

申请号：PCT/US2005024486

申请日：2005-07-08

Applicant: INTEL CORP ,  BRICKELL ERNEST ,  SUTTON JAMES II ,  HALL CLIFFORD ,  GRAWROCK DAVID

Inventor： BRICKELL ERNEST ,  SUTTON JAMES II ,  HALL CLIFFORD ,  GRAWROCK DAVID

CPC classification number: H04L63/062 ,  G06F21/57 ,  G06F21/73 ,  H04L9/0841 ,  H04L63/0853 ,  H04L2209/125

Abstract: Delivering a Direct Proof private key to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored in the device at manufacturing time. The pseudo­random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored on a removable storage medium (such as a CD), and distributed to the owner of the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system. If not, the system obtains the associated encrypted data structure from the removable storage medium. The device decrypts the encrypted data structure using a symmetric key regenerated from its stored pseudo-random value to obtain the Direct Proof private key. If the private key is valid, it may be used for subsequent authentication processing by the device in the client computer system.

Abstract translation: 将直接证明私钥提供给安装在该领域中的客户端计算机系统中的设备可以以安全的方式来实现，而不需要设备中的显着的非易失性存储。 在制造时产生并存储在设备中的唯一伪随机值。 伪随机值用于生成用于加密持有直接证明私钥和与该设备相关联的私钥摘要的数据结构的对称密钥。 所得到的加密数据结构存储在可移动存储介质（例如CD）上，并被分发给客户端计算机系统的所有者。 当在客户端计算机系统上初始化设备时，系统会检查系统中是否存在本地化的加密数据结构。 如果不是，系统从可移动存储介质中获得相关联的加密数据结构。 设备使用从其存储的伪随机值重新生成的对称密钥来解密加密数据结构，以获得直接证明私钥。 如果私钥有效，则可以用于客户端计算机系统中的设备的后续认证处理。

公开(公告)号：WO2006023151A2

公开(公告)日：2006-03-02

申请号：PCT/US2005024374

申请日：2005-07-08

Applicant: INTEL CORP ,  SUTTON JAMES II ,  BRICKELL ERNEST ,  HALL CLIFFORD ,  GRAWROCK DAVID

Inventor： SUTTON JAMES II ,  BRICKELL ERNEST ,  HALL CLIFFORD ,  GRAWROCK DAVID

CPC classification number: H04L9/0844 ,  H04L2209/127

Abstract: Delivering a Direct Proof private key to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored in the device at manufacturing time. The pseudo­random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored on a protected on-liner server accessible by the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system. If not, the system obtains the associated encrypted data structure from the protected on-line server using a secure protocol. The device decrypts the encrypted data structure using a symmetric key regenerated from its stored pseudo-random value to obtain the Direct Proof private key. If the private key is valid, it may be used for subsequent authentication processing by the device in the client computer system.

Abstract translation: 将直接证明私钥提供给安装在该领域中的客户端计算机系统中的设备可以以安全的方式来实现，而不需要设备中的显着的非易失性存储。 在制造时产生并存储在设备中的唯一伪随机值。 伪随机值用于生成用于加密持有直接证明私钥和与该设备相关联的私钥摘要的数据结构的对称密钥。 所得到的加密数据结构存储在由客户端计算机系统可访问的受保护的在线服务器上。 当在客户端计算机系统上初始化设备时，系统会检查系统中是否存在本地化的加密数据结构。 如果没有，系统将使用安全协议从受保护的在线服务器获取相关联的加密数据结构。 设备使用从其存储的伪随机值重新生成的对称密钥来解密加密数据结构，以获得直接证明私钥。 如果私钥有效，则可以用于客户端计算机系统中的设备的后续认证处理。

公开(公告)号：WO2006001916A3

公开(公告)日：2006-02-23

申请号：PCT/US2005016559

申请日：2005-05-13

Applicant: INTEL CORP ,  BRICKELL ERNEST

Inventor： BRICKELL ERNEST

IPC: H04L9/32

CPC classification number: H04L9/3221 ,  G06Q20/3674 ,  G06Q20/401 ,  H04L9/3013 ,  H04L9/3234 ,  H04L2209/42 ,  H04L2209/56

Abstract: In some embodiments, a method and apparatus for proving the denial of a direct proof signature are described. In one embodiment, a trusted hardware device convinces a verifier that the trusted hardware device possesses cryptographic information without revealing unique, device identification information of the trusted hardware device or the cryptographic information. Once the verifier is convinced that the hardware device possesses the cryptographic information, the verifier may issue a denial of signature request to the trusted hardware device, including at least one compromised direct proof signature. In response, the trusted hardware device issues a denial of the compromised direct proof signature by proving to the verifier that a cryptographic key held by the trusted hardware device was not used to form the at least one compromised direct proof signature. Other embodiments are described and claims.

Abstract translation: 在一些实施例中，描述了用于证明否认直接证明签名的方法和装置。 在一个实施例中，可信硬件设备说服验证者可信硬件设备拥有密码信息而不泄露可信硬件设备的独特设备识别信息或密码信息。 一旦验证者确信硬件设备拥有密码信息，验证者就可以向可信硬件设备发出拒绝签名请求，包括至少一个泄露的直接证明签名。 作为响应，可信硬件设备通过向验证者证明由可信硬件设备持有的密码密钥未被用于形成至少一个受损直接证明签名来发布拒绝妥协的直接证明签名。 其他实施例被描述和权利要求。

公开(公告)号：DE112005001654B4

公开(公告)日：2011-07-21

申请号：DE112005001654

申请日：2005-07-08

Applicant: INTEL CORP

Inventor： BRICKELL ERNEST ,  SUTTON JAMES II ,  HALL CLIFFORD ,  GRAWROCK DAVID

IPC: H04L9/30

Abstract: Verfahren, das umfaßt: Erzeugen einer verschlüsselten Datenstruktur (514), die einer Vorrichtung (506) zugeordnet ist, wobei die verschlüsselte Datenstruktur (514) einen Privatschlüssel (516) und einen Privatschlüssel-Digest (518) umfaßt; Erzeugen eines Kennzeichners anhand eines pseudozufällig erzeugten Werts (508) für die verschlüsselte Datenstruktur (514); Speichern des Kennzeichners und der verschlüsselten Datenstruktur (514) auf einem entnehmbaren Speichermedium (522) zur Verteilung mit einem System (504), das die Vorrichtung (506) umfasst, wobei das entnehmbare Speichermedium (522) eine Vielzahl von Kennzeichnern und verschlüsselten Datenstrukturen (514) für Vorrichtungen aus einer Klasse von Vorrichtungen umfasst, die die Vorrichtung (506) umfasst; und Speichern des pseudozufälligen Werts (508) in einem nichtflüchtigen Speicher in der Vorrichtung (506), wobei der pseudozufällige Wert (508) zum Erzeugen des Kennzeichners im System (504) verwendet wird, um die verschlüsselte Daten (522) zu extrahieren.

公开(公告)号：DE112005001672B4

公开(公告)日：2010-12-09

申请号：DE112005001672

申请日：2005-07-08

Applicant: INTEL CORP

Inventor： SUTTON JAMES ,  BRICKELL ERNEST ,  HALL CLIFFORD ,  GRAWROCK DAVID

IPC: H04L9/08

公开(公告)号：GB2439160A

公开(公告)日：2007-12-19

申请号：GB0700525

申请日：2005-07-08

Applicant: INTEL CORP

Inventor： SUTTON JAMES II ,  HALL CLIFFORD ,  BRICKELL ERNEST ,  GRAWROCK DAVID

IPC: H04L9/08 ,  H04L9/32

Abstract: Delivering a Direct Proof private key in a signed group of keys to a device installed in a client computer system in the field may he accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored along with a group number in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored in a signed group of keys (e.g., a signed group record) on a removable storage medium (such as a CD or DVD), and distributed to the owner of the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system. If not, the system obtains the associated signed group record of encrypted data structures from the removable storage medium, and verifies the signed group record. The device decrypts the encrypted data structure using a symmetric key regenerated from its stored pseudo-random value to obtain the Direct Proof private key, when the group record is valid. If the private key is valid, it may be used for subsequent authentication processing by the device in the client computer system.

公开(公告)号：DE112005001654T5

公开(公告)日：2007-11-22

申请号：DE112005001654

申请日：2005-07-08

Applicant: INTEL CORP

Inventor： BRICKELL ERNEST ,  SUTTON JAMES II ,  HALL CLIFFORD ,  GRAWROCK DAVID

IPC: H04L9/30

公开(公告)号：DE112005001672T5

公开(公告)日：2007-05-31

申请号：DE112005001672

申请日：2005-07-08

Applicant: INTEL CORP

Inventor： SUTTON JAMES ,  BRICKELL ERNEST ,  HALL CLIFFORD ,  GRAWROCK DAVID

IPC: H04L9/08

Abstract: Delivering a Direct Proof private key to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored on a protected on-line server accessible by the client computer system.

公开(公告)号：HK1069500A1

公开(公告)日：2005-05-20

申请号：HK05101787

申请日：2005-03-01

Applicant: INTEL CORP

Inventor： GRAUNKE GARY ,  RIPLEY MIKE ,  BRICKELL ERNEST

IPC: G06F21/00 ,  G11B20/00 ,  H04L29/06 ,  H04N5/913 ,  H04N7/167 ,  H04N21/2347 ,  H04N21/266

Abstract: In one aspect of the invention is a method for a multi-level, and multi-dimensional scheme of content protection. Content having one or more attributes is encrypted using separate keys for each level of protection, where each level corresponds to an assurance of protection for each attribute. The content may be distributed to a number of environments having different levels of protection by transmitting a base key commensurate with the environment's subscription level. The base key may then be used generate lower level keys for accessing content at a level of protection less than or equal to that subscribed to.