[특허]Cryptographic audit

Cryptographic audit 원문보기

IPC분류정보
국가/구분	United States(US) Patent 등록
국제특허분류(IPC7판)	H04L-029/00 H04L-029/12 H04L-029/06
출원번호	UP-0163223 (2002-06-05)
등록번호	US-7596692 (2009-10-12)
발명자 / 주소	Fox, Barbara Lynch Conroy, David G. LaMacchia, Brian A.
출원인 / 주소	Microsoft Corporation
대리인 / 주소	Workman Nydegger
인용정보	피인용 횟수 : 20 인용 특허 : 25

초록 ▼

Method, system, and computer program products for identifying potentially fraudulent receivers of digital content. A receiver authenticates to an auditing service with data that should be unique to the receiver. The auditing service detects when multiple receivers attempt to authenticate with the same data, suggesting that a receiver has been cloned or duplicated. The audit service also detects when a receiver authenticates improperly, suggesting an unsuccessful and unauthorized attempt to duplicate an authorized receiver. Individual receivers may be networked together. To help protect a receiver's authentication data from tampering, at least a portion of the data may be digitally signed with a private key. The audit service may then verify the digital signature with a corresponding public key. Varying the order in which data is signed or where the data is stored from one receiver or group of receivers to another may provide an additional level of security.

대표청구항 ▼

What is claimed is: 1. A method of authenticating a receiver device so that potentially fraudulent receiver devices may be identified, the method comprising acts of: receiving by an audit service authentication data from a first receiver, wherein the authentication data comprises data which should be unique to the first receiver, and comprises data from a receiver system data store, and wherein the data which should be unique to the receiver is stored in a memory that is arranged in accordance with a cyclic permutation algorithm, the system data store comprising a device birthmark, a service provider public key, and a certificate, the device birthmark being a signed hash of the system data store contents, and the certificate being a signed hash of the first receiver'serial number and public key and wherein the signed hash is signed by a private key corresponding to the service provider's public key; storing by the audit service authentication information derived from the authentication data received from the first receiver; receiving by the audit service from a second receiver, authentication data; comparing authentication information derived from the authentication data received from the second receiver with the authentication information derived from the authentication data received from the first receiver; when the authentication information derived from the authentication data received from the second receiver is the same as the authentication information derived from the authentication data received from the first receiver, determining that a receiver has been cloned or is being used for unauthorized purposes. 2. A method as recited in claim 1, wherein the data received by the audit service is encrypted. 3. A method as recited in claim 1, wherein the authentication data comprises a digital signature created by digitally signing at least a portion of the data which should be unique to the receiver with a private key, and wherein the audit service is capable of verifying the digital signature. 4. A method as recited in claim 1, wherein the data which should be unique to the receiver is stored in a memory, and wherein a storage location of at least a portion of the data varies from one group of one or more receivers to another. 5. A method as recited in claim 1, wherein the data which should be unique to the receiver and received by the audit service comprises: a hard disk encryption key, a private/public key pair, a serial number, a public key for authenticating the audit server, and a receiver certificate. 6. A method as recited in claim 1, wherein authorized receivers are receiver devices with a valid subscription to receive the at least some digital content. 7. A method as recited in claim 1, wherein the authentication data is stored in either a read only memory or a write-once memory, and wherein the method further comprises an act of retrieving the authentication data from either the read only memory or the write-once memory. 8. A method as recited in claim 1, wherein a gateway receiver is coupled to one or more local receiver devices, the method further comprising acts of: the gateway receiver receiving local receiver authentication data from each of the one or more local receiver devices, wherein the local receiver authentication data comprises data which should be unique to each of the one or more local receiver devices; storing, by the gateway receiver, a representation of the local receiver authentication data; and sending the representation of the local receiver authentication data to the audit service, whereby the audit service is able to identify the one or more local receiver devices coupled to the gateway receiver. 9. A method as recited in claim 1, further comprising an act of either (i) storing digital content on a nonvolatile storage device, or (ii) if the digital content is digital video data, then displaying the digital content on a video display device. 10. A method as recited in claim 1, wherein the digital content comprises subscription-based content that is broadcast to one or more receivers over a satellite or cable link, and wherein the authentication data is sent to the audit service over an Internet connection. 11. A method as recited in claim 1, where in the system data store is physically packaged in a manner to inhibit reverse engineering. 12. A method as recited in claim 3, wherein the order in which data is signed to create the digital signature varies from one group of one or more receivers to another. 13. A method as recited in claim 4 wherein the storage location of at least a portion of the data varies from one group of one or more receivers to another varies according to geographic market. 14. A method as recited in claim 12 wherein the order in which data is signed to create the digital signature varies from one group of one or more receivers to another varies according to geographic market. 15. A computer program product for authenticating a receiver device so that potentially fraudulent receiver devices may be identified, the computer program product comprising a computer-readable storage medium having encoded thereon machine-executable instructions which, when executed, performs: receiving by an audit service authentication data from a first receiver, wherein the authentication data comprises data which should be unique to the first receiver, and comprises data from a receiver system data store, and wherein the data which should be unique to the receiver is stored in a memory that is arranged in accordance with a cyclic permutation algorithm, the system data store comprising a device birthmark, a service provider public key, and a certificate, the device birthmark being a signed hash of the system data store contents, and the certificate being a signed hash of the first receiver'serial number and public key and wherein the signed hash is signed by a private key corresponding to the service provider's public key; storing by the audit service authentication information derived from the authentication data received from the first receiver; receiving by the audit service from a second receiver, authentication data; comparing authentication information derived from the authentication data received from the second receiver with the authentication information derived from the authentication data received from the first receiver; when the authentication information derived from the authentication data received from the second receiver is the same as the authentication information derived from the authentication data received from the first receiver, determining that a receiver has been cloned or is being used for unauthorized purposes. 16. A computer program product as recited in claim 15, wherein the data received by the audit service is encrypted. 17. A computer program product as recited in claim 15, wherein the authentication data comprises a digital signature created by digitally signing at least a portion of the data which should be unique to the receiver with a private key, and wherein the audit service is capable of verifying the digital signature. 18. A computer program product as recited in claim 15, wherein the order in which data is signed to create the digital signature varies from one group of one or more receivers to another. 19. A computer program product as recited in claim 15, wherein the data which should be unique to the receiver is stored in a memory, and wherein a storage location of a least a portion of the data varies from one group of one or more receivers to another. 20. A computer program product as recited in claim 15, wherein the data which should be unique to the receiver and received by the audit service comprises a hard disk encryption key, a private/public key pair, a serial number, a public key for authenticating the audit server, and a receiver certificate. 21. A computer program product as recited in claim 15, wherein authorized receivers are receiver devices with a valid subscription to receive the at least some digital content. 22. A computer program product as recited in claim 15, wherein the authentication data is stored in either a read only memory or a write-once memory, and wherein the method further comprises an act of retrieving the authentication data from either the read only memory or the write-once memory. 23. A computer program product as recited in claim 15, wherein a gateway receiver is coupled to one or more local receiver devices, the method further comprising acts of: the gateway receiver receiving local receiver authentication data from each of the one or more local receiver devices, wherein the local receiver authentication data comprises data which should be unique to each of the one or more local receiver devices; storing a representation of the local receiver authentication data; and sending the representation of the local receiver authentication data to the audit service, whereby the audit service is able to identify the one or more local receiver devices coupled to the gateway receiver. 24. A computer program product as recited in claim 15, the method further comprising an act of either (i) storing the digital content on a nonvolatile storage device, or (ii) displaying the digital video content on a display device. 25. A computer program product as recited in claim 15, wherein the digital content comprises subscription-based content that is broadcast to the one or more receivers over a satellite or cable link, and wherein the authentication data is sent to the audit service over an Internet connection. 26. A method of authenticating a receiver device so that potentially receiver devices may be identified, the method comprising steps for: at a gateway receiver, receiving digital content that is broadcast from at least one content source; providing access to the received digital content through the gateway receiver; establishing an encrypted communication channel with an audit service that is enabled to authenticate the gateway receiver; and authenticating to the audit service, wherein authentication permits the audit service to identify potentially fraudulent receiver devices by the audit service comparing authentication information derived from authentication data received from a second receiver with authentication information derived from authentication data having been received from a first receiver, wherein the authentication data comprises data which should be unique to each receiver, comprises data from a receiver system data store, the system data store comprising a device birthmark, a service provider public key, and a certificate, the device birthmark being a signed hash of the system data store contents, and the certificate being a signed hash of the first receiver's serial number and public key and wherein the signed hash is signed by a private key corresponding to the service provider's public key; and when the authentication information derived from the authentication data received from the second receiver is the same as the authentication information derived from the authentication data received from the first receiver, determining that a receiver has been cloned or is being used for unauthorized purposes; wherein the step for authenticating to the audit service comprises an act of sending authentication data to the audit service, the authentication data comprising a digital signature created by digitally signing at least a portion of data which should be unique to the gateway receiver with a private key, and wherein the audit service is capable of verifying the digital signature wherein the authentication data is stored in a memory with the order of use for one or more individual memory locations being scrambled by a cyclic permutation algorithm; and wherein a prime number unique to the receiver is stored in the system data store and the prime number is larger than the size of the data region to be scrambled. 27. A method as recited in claim 26, wherein the prime number is used to generate a cyclic permutation group. 28. A computer program product comprising a computer-readable storage medium having encoded thereon machine-executable instructions, for authenticating a receiver device so that potentially fraudulent receiver devices may be identified, the machine-executable instructions, when executed performing: at a gateway receiver, receiving digital content that is broadcast from at least one content source; providing access to the received digital content through the gateway receiver; establishing an encrypted communication channel with an audit service that is enabled to authenticate the gateway receiver; and authenticating to the audit service, wherein authentication permits the audit service to identify potentially fraudulent receiver devices by the audit service comparing authentication information derived from authentication data received from a second receiver with authentication information derived from authentication data having been received from a first receiver, wherein the authentication data comprises data which should be unique to each receiver, comprises data from a receiver system data store, the system data store comprising a device birthmark, a service provider public key, and a certificate, the device birthmark being a signed hash of the system data store contents, and the certificate being a signed hash of the first receiver's serial number and public key and wherein the signed hash is signed by a private key corresponding to the service provider's public key; and when the authentication information derived from the authentication data received from the second receiver is the same as the authentication information derived from the authentication data received from the first receiver, determining that a receiver has been cloned or is being used for unauthorized purposes; wherein the step for authenticating to the audit service comprises an act of sending authentication data to the audit service, the authentication data comprising a digital signature created by digitally signing at least a portion of data which should be unique to the gateway receiver with a private key, and wherein the audit service is capable of verifying the digital signature; wherein the authentication data is stored in a memory with the order of use for one or more individual memory locations being scrambled by a cyclic permutation algorithm; and wherein a prime number unique to the receiver is stored in the system data store and the prime number is larger than the size of the data to be scrambled. 29. A computer program product as recited in claim 28, wherein the prime number is used to generate a cyclic permutation group.

이 특허에 인용된 특허 (25)

Rhoads Geoffrey B., Anti-piracy system for wireless telephony.
상세보기
Mann, Daniel; Cohen, Andrew, Apparatus for delivery of multiple media data streams, and method therefor.
상세보기
Russ, Samuel H.; Gaul, Michael A.; Wasilewski, Anthony J.; Pinder, Howard G., Apparatus for entitling remote client devices.
상세보기
Frederick Max B., Cellular telephone anti-fraud system.
상세보기
Frederick Max B., Cellular telephone anti-fraud system.
상세보기
Amin Umesh J. ; Rowe Lorin B. ; Waughman Russell John, Detection of fraudulently registered mobile phones.
상세보기
Le An Van ; Sweet William B. ; Herbert Howard Crompton, Dynamic configuration of a secure processing unit for operations in various environments.
상세보기
Isomichi, Kousei; Gomyo, Hisayuki; Makino, Yasushi; Horiguchi, Hiroshi; Nakamoto, Toyoaki; Nakai, Takahiro, Gateway system and recording medium.
상세보기
Rakib, Selim Shlomo; Quinard, Fabrice Michel Raymond; Monta, Peter Albert, Home network for receiving video-on-demand and other requested programs and services.
상세보기
Maruo, Jun; Kagami, Atsushi, Internet set-top box having an in-band tuner and cable modem.
상세보기
Wood, David L.; Weschler, Paul; Norton, Derk; Ferris, Chris; Wilson, Yvonne; Soley, William R., Log-on service providing credential level change without loss of session continuity.
상세보기
Schorman Eric R. (Bedford TX), Method and apparatus for clone detection in a communication system.
상세보기
Graunke,Gary L., Method and apparatus for distributing keys for decrypting and re-encrypting publicly distributed media.
상세보기
Beesley,Neil; Gaertner,Dietmar; Holme,James; Kennedy,Terence; Kessler,Dieter; Vogler,Thomas, Method for checking user access.
상세보기
Wyatt Stuart Alan, Method for defining and verifying user access rights to a computer information.
상세보기
Howard, Brett; Robison, Andrew; Pereira, Roy; Kierstead, Paul; Solymar, Gabor, Method of using static maps in a virtual private network.
상세보기
Asokan,Nadarajah; Debar,Herve C.; Steiner,Michael; Waidner,Michael, Personal device, terminal, server and methods for establishing a trustworthy connection between a user and a terminal.
상세보기
Thomlinson Matthew W. ; Field Scott ; Cooper Allan, Protected storage of core data secrets.
상세보기
Akins, III, Glendon L.; Banker, Robert O.; Palgon, Michael S.; Pinder, Howard G.; Wasilewski, Anthony J., Representing entitlements to service in a conditional access system.
상세보기
Puhl Larry C. ; Vogler Dean H. ; Dabbish Ezzat A., Secure wireless electronic-commerce system with digital product certificates and digital license certificates.
상세보기
Mital Amit, System and apparatus for monitoring secure information in a computer network.
상세보기
Spies Terence R. ; Simon Daniel R., System and method for secure purchase and delivery of video content programs.
상세보기
Walsh Joe (Lynnwood WA), System for detecting unauthorized account access.
상세보기
Kittirutsunetorn Kitti (957 Durlane Ct. Sunnyvale CA 94087), System for protection of software in memory against unauthorized use.
상세보기
Okimoto, John I.; Tang, Lawrence W., System for securing encryption renewal system and for registration and remote activation of encryption device.
상세보기

이 특허를 인용한 특허 (20)

Ansari, Amir; Cowgill, George A.; Masina, Ramprakash; Ramayya, Jude P.; McQuarters, Alvin R.; Raissyan, Atousa; Nicholls, Leon E.; Erhart, Wesley R.; Cooper, Michael P., Activation, initialization, authentication, and authorization for a multi-services gateway device at user premises.
상세보기
Hobbs, David Victor; Main, Ian Cameron; Tucker, Kimberly Marie, Apparatus and method for encoding an image generated in part by graphical commands.
상세보기
Janjua, Muhammad Umar; Mehta, Yogesh A.; Van Horenbeeck, Maarten; Saboori, Anooshiravan; Porter, Nelly; Bakalov, Vassil D.; Nitta, Bryston, Automatic fraudulent digital certificate detection.
상세보기
Böhler, Detlef; Grill, Thomas; Hess, Erwin; Meyer, Bernd; Plankenhorn, Horst, Data transmission method, and tachograph system.
상세보기
Ansari, Amir; Cowgill, George A.; Nicholls, Leon E.; Raissyan, Atousa; Ramayya, Jude P.; Masina, Ramprakash; McQuarters, Alvin R., Display inserts, overlays, and graphical user interfaces for multimedia systems.
상세보기
Ansari, Amir; Cowgill, George A.; Nicholls, Leon E.; Raissyan, Atousa; Ramayya, Jude P.; Masina, Ramprakash; McQuarters, Alvin R., Display inserts, overlays, and graphical user interfaces for multimedia systems.
상세보기
Ansari, Amir; Cowgill, George A.; Nicholls, Leon E.; Raissyan, Atousa; Ramayya, Jude P.; Masina, Ramprakash; McQuarters, Alvin R., Display inserts, overlays, and graphical user interfaces for multimedia systems.
상세보기
Ansari, Amir; Cowgill, George A.; Nicholls, Leon E.; Raissyan, Atousa; Ramayya, Jude P.; Masina, Ramprakash; McQuarters, Alvin R., Display inserts, overlays, and graphical user interfaces for multimedia systems.
상세보기
Reinauer, Stefan, Indicating whether a system has booted up from an untrusted image.
상세보기
Hobbs, David Victor; Main, Ian Cameron, Method and apparatus for remote input/output in a computer system.
상세보기
Catherman, Ryan Charles; Challener, David Carroll; Hoff, James Patrick, Method for securely creating an endorsement certificate in an insecure environment.
상세보기
Hobbs, David Victor; Main, Ian Cameron, Methods and apparatus for encoding a shared drawing memory.
상세보기
Hobbs, David Victor; Ratto, Patrick, Methods for encoding an image.
상세보기
Connelly, Jeffrey A.; O'Rourke, David M.; Patenaude, Matthew M., Recipient blind cryptographic access control for publicly hosted message and data streams.
상세보기
Catherman, Ryan Charles; Challener, David Carroll; Hoff, James Patrick, Securely creating an endorsement certificate in an insecure environment.
상세보기
Ansari, Amir; Cowgill, George A.; Nicholls, Leon E.; Ramayya, Jude P.; Masina, Ramprakash; McQuarters, Alvin R.; Raissyan, Atousa, System and method for providing network support services and premises gateway support infrastructure.
상세보기
Ansari, Amir; Cowgill, George A.; Nicholls, Leon E.; Ramayya, Jude P.; Masina, Ramprakash; McQuarters, Alvin R.; Raissyan, Atousa, System and method for providing network support services and premises gateway support infrastructure.
상세보기
Ansari, Amir; Cowgill, George A.; Nicholls, Leon E.; Ramayya, Jude P.; Masina, Ramprakash; McQuarters, Alvin R.; Raissyan, Atousa, System and method for providing network support services and premises gateway support infrastructure.
상세보기
Ansari, Amir; Cowgill, George A.; Nicholls, Leon E.; Ramayya, Jude P.; Masina, Ramprakash; McQuarters, Alvin R.; Raissyan, Atousa, System and method for providing network support services and premises gateway support infrastructure.
상세보기
Ansari, Amir; Cowgill, George A.; Nicholls, Leon E.; Ramayya, Jude P.; Masina, Ramprakash; McQuarters, Alvin R.; Raissyan, Atousa, System and method for providing network support services and premises gateway support infrastructure.
상세보기

IPC	Description
A	생활필수품
A62	인명구조; 소방(사다리 E06C)
A62B	인명구조용의 기구, 장치 또는 방법(특히 의료용에 사용되는 밸브 A61M 39/00; 특히 물에서 쓰이는 인명구조 장치 또는 방법 B63C 9/00; 잠수장비 B63C 11/00; 특히 항공기에 쓰는 것, 예. 낙하산, 투출좌석 B64D; 특히 광산에서 쓰이는 구조장치 E21F 11/00)
A62B-1/08	.. 윈치 또는 풀리에 제동기구가 있는 것

내보내기 구분	파일저장 인쇄 메일전송
구성항목	기본정보 상세정보 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표IPC 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 공고번호, 공고일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표출원인, 출원인국적, 출원인주소, 발명자, 발명자E, 발명자코드, 발명자주소, 발명자 우편번호, 발명자국적, 대표IPC, IPC코드, 요약, 미국특허분류, 대리인주소, 대리인코드, 대리인(한글), 대리인(영문), 국제공개일자, 국제공개번호, 국제출원일자, 국제출원번호, 우선권, 우선권주장일, 우선권국가, 우선권출원번호, 원출원일자, 원출원번호, 지정국, Citing Patents, Cited Patents
저장형식	Text(ASCII format) Excel format PIAS분석(.xls)
메일정보	받는사람 (필수) @ 보내는사람 (선택) @ 제목 내용 KISTI 검색결과 이메일 서비스
안내	총 건의 자료가 검색되었습니다. 다운받으실 자료의 인덱스를 입력하세요. (1-10,000) 검색결과의 순서대로 최대 10,000건 까지 다운로드가 가능합니다. 데이타가 많을 경우 속도가 느려질 수 있습니다.(최대 2~3분 소요) 다운로드 파일은 UTF-8 형태로 저장됩니다. 파일의 내용이 제대로 보이지 않을실 때는 웹브라우저 상단의 보기 -> 인코딩 -> 자동선택 여부를 확인하십시오. ~ Text(ASCII format) Excel format

연합인증

Cryptographic audit 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

이 특허에 인용된 특허 (25)

이 특허를 인용한 특허 (20)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트

연합인증

Cryptographic audit 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

전체(0) 논문(0) 특허(0) 보고서(0)

전체(0) 논문(0) 특허(0) 보고서(0)

이 특허에 인용된 특허 (25)

이 특허를 인용한 특허 (20)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트