[특허]Secure device authentication system and method

Secure device authentication system and method 원문보기

IPC분류정보
국가/구분	United States(US) Patent 등록
국제특허분류(IPC7판)	G06F-021/00
출원번호	UP-0586446 (2006-10-24)
등록번호	US-7624276 (2009-12-02)
발명자 / 주소	Princen, John Srinivasan, Pramila Anderson, Craig Steven
출원인 / 주소	BroadOn Communications Corp.
대리인 / 주소	Perkins Coie LLP
인용정보	피인용 횟수 : 5 인용 특허 : 91

초록 ▼

A technique for security and authentication on block-based media includes involves the use of protected keys, providing authentication and encryption primitives. A system according to the technique may include a secure device having a security kernel with protected keys. A disk drive security mechanism may support authentication of data, secrecy, and ticket validation using the security kernel and, for example, a ticket services module (e.g., a shared service that may or may not be used by other storage devices like flash).

대표청구항 ▼

The invention claimed is: 1. A method comprising: accessing a header including a data structure and a set of hash values; obtaining from the data structure a first root hash of a hierarchical hash tree; computing a second root hash from the set of hash values; comparing the first root hash to the second root hash; if the first root hash and the second root hash match, obtaining an encrypted key from the data structure; securely decrypting the encrypted key; securely storing the key such that the key is not passed in the clear; providing a reference to the key; decrypting a data block with the reference to the key; loading authentication data from a sub-block associated with the data block; identifying, in the authentication data, a first set of hash values associated with a first level of the hierarchical hash tree; computing a cryptographic hash of the data block to determine a first hash value; comparing the first hash value to a corresponding value in the first set of hash values; rejecting a block data request if the first hash value and the corresponding value in the first set of hash values do not match. 2. The method of claim 1, wherein the data structure is public key signed. 3. The method of claim 1, further comprising authenticating the data structure. 4. The method of claim 1, further comprising securely storing the set of hash values included in the header. 5. The method of claim 1, further comprising caching the hierarchical hash tree. 6. The method of claim 1, further comprising rejecting the header if the first root hash and the second root hash do not match. 7. The method of claim 1, further comprising validating a rights management ticket from a source other than the header. 8. The method of claim 1, wherein the reference to the key is provided in the clear. 9. The method of claim 1, wherein decrypting a data block with the reference to the key further comprises: providing the reference to the key to a secure decryption engine; decrypting the data block such that the key is not passed in the clear. 10. The method of claim 1, further comprising decrypting at least a portion of the sub-block. 11. The method of claim 1, further comprising, in each hash block: inserting a calculated hash in an appropriate location; computing the hash of the hash block. 12. The method of claim 1, if the first hash value matches the corresponding value in the first set of hash values, further comprising: computing a second hash value corresponding to the first set of hash values; identifying, in the authentication data, a second set of hash values associated with a second level of the hierarchical hash tree; comparing the second hash value to a corresponding value in the second set of hash values; rejecting the block data request if the second hash value and the corresponding value in the second set of hash values do not match. 13. The method of claim 12, if the second hash value matches the corresponding value in the second set of hash values, further comprising: computing a third hash value corresponding to the second set of hash values; identifying, in the authentication data, a third set of hash values associated with a third level of the hierarchical hash tree; comparing the third hash value to a corresponding value in the third set of hash values; rejecting the block data request if the third hash value and the corresponding value in the third set of hash values do not match. 14. The method of claim 13, if the third hash value matches the corresponding value in the third set of hash values, wherein the set of hash values of the header are a fourth set of hash values, and wherein the fourth set of hash values are associated with a fourth level of the hierarchical hash tree, further comprising: computing a fourth hash value corresponding to the third set of hash values; providing a fourth set of hash values associated with a fourth level of the hierarchical hash tree; comparing the fourth hash value to a corresponding value in the fourth set of hash values; rejecting the block data request if the fourth hash value and the corresponding value in the fourth set of hash values do not match; returning the data block if the fourth hash value and the corresponding value in the fourth set of hash values match. 15. A system comprising: a block-based media driver coupled to a security API, wherein, in operation, the block-based media driver accesses a header associated with a block-based media device and extracts authentication data from the header; ticket services coupled to the block-based media driver and the security API, wherein, in operation, the ticket services receive the authentication data from the block-based media driver and send a key decryption request to the security API; a security kernel including the security API, an encryption/decryption engine, and a key store accessible to the security API, wherein, in operation, the encryption/decryption engine decrypts the key, the key is stored in the key store, and the security API returns a reference to the key to the ticket services; wherein, in operation, the ticket services validates the authentication data and returns the reference to the key to the block-based media driver; wherein, in operation, the block-based media driver accesses data blocks of the block-based media device, sends a block decryption request to the security API, and the security kernel decrypts the blocks and validates a hierarchical hash tree associated with the data blocks. 16. The system of claim 15, further comprising the block-based media device, wherein the header associated with the block-based media device includes a root hash value and a plurality of root-child hash values. 17. The system of claim 15, further comprising the block-based media device, wherein the data blocks each include a hash sub-block and a plurality of content data blocks. 18. A system having a means for secure content delivery with block-based media, comprising: a secure key store means; a means for accessing an encrypted key from a header of a block-based media device; a means for securely decrypting the encrypted key; a means for securely storing the key in the key store; a means for referencing the key to securely decrypt data blocks of the block-based media device; a means for providing hash values in association with the block-based media device and each data block of the block-based media device. 19. The system of claim 18, further comprising a means for aborting block-based media device access if hash values in the header are rejected. 20. The system of claim 18, further comprising a means for aborting data block access if hash values in the data block are rejected. 21. A method comprising: accessing a header including a data structure and a set of hash values; obtaining from the data structure a first root hash of a hierarchical hash tree; computing a second root hash from the set of hash values; comparing the first root hash to the second root hash; if the first root hash and the second root has match, obtaining an encrypted key from the data structure; securely decrypting the encrypted key; securely storing the key such that the key is not passed in the clear; providing a reference to the key; loading authentication data from a sub-block associated with an encrypted data block; identifying, in the authentication data, a first set of hash values associated with a first level of the hierarchical hash tree; computing a cryptographic hash of the encrypted data block to determine a first hash value; comparing the first hash value to a corresponding value in the first set of hash values; rejecting a block data request if the first hash value and the corresponding value in the first set of hash values do not match; decrypting the encrypted data block with the reference to the key.

이 특허에 인용된 특허 (91)

Hogan, Kenneth; Polucha, Micheal; Pham, Trieu; Vollum, Steve; Johnston, Jessee, Airborne e-mail data transfer protocol.
상세보기
Durham Peter Emmanuel, Apparatus and method for optimizing client-state data storage.
상세보기
Bright Michael W. ; Fuchs Kenneth Carl ; Marquardt Kelly Jo, Apparatus and method of reading a program into a processor.
상세보기
Haynes,Ramond M., Apparatus and methods for intellectual property database navigation.
상세보기
Peters Wolfgang,DEX ; Schneider Gerhard,DEX, Apparatus and service for transmitting video data.
상세보기
Peterson, Leonard J.; Freedman, Steven J.; Partovi, Hadi; Endres, Raymond E.; D'Souza, David J.; Ellerman, Erik Castedo; Jiggins, Julian P., Client-side system for scheduling delivery of web content and locally managing the web content.
상세보기
Akio Ikeda JP; Toshikazu Tomizawa JP, Combined game system.
상세보기
Toshikazu Tomizawa JP; Akio Ikeda JP, Combined game system of portable and video game machines.
상세보기
Karolak Dale W. (Ft. Wayne IN) Shirey Carl L. (Ft. Wayne IN) Steiner Wesley D. (Ft. Wayne IN) Rue Robert T. (Ft. Wayne IN), Communications management system architecture.
상세보기
Okada Satoru (Kyoto JPX) Kojo Shin (Kyoto JPX), Compact hand-held video game system.
상세보기
Leung Yiu C. (Hong Kong HKX) Leung Iu S. (Hong Kong HKX), Computer game control apparatus.
상세보기
Acharya, Swarup; Korth, Henry F.; Poosala, Viswanath, Computer implemented method and apparatus for fulfilling a request for information content with a user-selectable version of a file containing that information content.
상세보기
Hatakeyama, Takahisa; Yoshioka, Makoto; Miyazawa, Yuji, Content usage control system, content usage apparatus, computer readable recording medium with program recorded for computer to execute usage method.
상세보기
Yen,Wei, Creation of customized web pages for use in a system of dynamic trading of knowledge, goods and services.
상세보기
Himmel Maria Azua, Customization of web pages based on requester type.
상세보기
Ikuta Masanao,JPX ; Kambe Tomoaki,JPX ; Takida Satoshi,JPX, Data caching apparatus, data caching method and medium recorded with data caching program in client/server distributed system.
상세보기
Blatter Harold ; Horlander Thomas Edward ; Bridgewater Kevin Elliott ; Deiss Michael Scott, Decoding system and data format for processing and storing encrypted broadcast, cable or satellite video data.
상세보기
Tracton, Kenneth; Jaff, Kosar; Shands, Walter, Dynamic content customization in a client-server environment.
상세보기
Nazem Farzad ; Patel Ashvinkumar P, Dynamic page generator.
상세보기
Dedrick, Rick; Shine, Laura I.; Koski, Jeanne M., Electronic asset lending library method and apparatus.
상세보기
Downs Edgar ; Gruse George Gregory ; Hurtado Marco M. ; Lehman Christopher T. ; Milsted Kenneth Louis ; Lotspiech Jeffrey B., Electronic content delivery system.
상세보기
Okada Saturo (Kyoto JPX) Tanaka Hirokazu (Kyoto JPX), Electronic gaming device with pseudo-stereophonic sound generating capabilities.
상세보기
Krajewski ; Jr. Marjan (Acton MA) Chipchak John C. (Dracut MA) Chodorow David A. (Groton MA) Trostle Jonathan T. (Lexington MA) Baldwin Peter T. (Rowley MA), Electronic information network user authentication and authorization system.
상세보기
Shaw David E. ; Ardai Charles E. ; Marsh Brian D. ; Moraes Mark A. ; Rudolph Dana B. ; Mc Auliffe Jon D., Electronic mail system for displaying advertisement at local computer received from remote system while the local compu.
상세보기
Olsen James E. ; Bringhurst Adam L., Fault tolerant electronic licensing system.
상세보기
Weiss, Steven A., Gaming device and method.
상세보기
Traversat Bernard A. ; Saulpaugh Tom ; Schmidt Jeffrey A. ; Slaughter Gregory L. ; Tracey William J. ; Woodward Steve, Generic schema for storing configuration information on a server computer.
상세보기
Katherine Hua Guo ; Markus Andreas Hofmann ; Tze Sing Eugene Ng ; Sanjoy Paul ; Hui Zhang, High quality streaming multimedia.
상세보기
Shimizu, Yusuke, Information processing device and method for reading information recorded on an information recording medium.
상세보기
Ishibashi,Yoshihito; Oishi,Tateo; Matsuyama,Shinako; Asano,Tomoyuki; Muto,Akihiro; Kitahara,Jun, Information transmission system, transmitter, and transmission method as well as information reception system, receiver and reception method.
상세보기
Maissel, Jonathan; Eilat, Amir; Tsuria, Yossef; Kranc, Moshe; Sered, Yishai; Bar-On, Gershon; Atlow, Shabtai; Zviel, David, Intelligent electronic program guide.
상세보기
Herz, Fredrick; Smith, Jonathan M.; Parkes, David C., Location enhanced information delivery system.
상세보기
Okada Satoru (Kyoto JPX), Memory cartridge including a key detector for inhibiting memory access and preventing undesirable write operations.
상세보기
Jack E. Ozzie ; Raymond E. Ozzie, Method and apparatus for activity-based collaboration by a computer system equipped with a dynamics manager.
상세보기
Lexenberg, Robert A.; Huang, Yifei C., Method and apparatus for automatically determining allocation of voice and data channels on T1/E1 line.
상세보기
Christopher H. Stewart ; Svilen B. Pronev ; Darrell J. Starnes, Method and apparatus for efficient storage and retrieval of objects in and from an object storage device.
상세보기
Luciano, Jr., Robert Anthony, Method and apparatus for enhancing game play through savable game play state.
상세보기
Vu, Son Trung; Phan, Quang, Method and apparatus for secure processing of cryptographic keys.
상세보기
Lee, Larry A.; Kilmer, Jr., Robert L.; Menigoz, David R., Method and apparatus for selectively denying access to encoded data.
상세보기
Lambert Mark L. ; van der Rijn Daniel J. G. ; Kemper David J. ; Verkler Jay L., Method and apparatus for storing and delivering documents on the internet.
상세보기
James Goodman CA, Method and apparatus for switchably selecting an integrated circuit operating mode.
상세보기
Beck Robert D. ; Richardson John, Method and apparatus for transmitting electronic mail attachments with attachment references.
상세보기
Sanjay Agraharam ; Robert Edward Markowitz ; Kenneth H. Rosen ; David Hilton Shur ; Joel A. Winthrop, Method and apparatus to enhance a multicast information stream in a communication network.
상세보기
Arnold Thomas Andrew ; Pettitt John Philip ; Rendleman ; Jr. Jesse Noel ; Lewis ; Jr. Robert Lincoln, Method and system for delivering digital products electronically.
상세보기
Bittinger Reed ; Brubaker Nils C. ; Housel ; III Barron Cornelius ; Wang Steve, Method and system for differencing container files.
상세보기
Fields, Duane Kimbell; Gregg, Thomas Preston; Hassinger, Sebastian Daniel; Hurley, II, William Walter; Kolb, Mark Andrew; Vu, Stacy Braden, Method and system for distributing image-based content on the internet.
상세보기
Malkin Peter Kenneth ; Yu Philip Shi-lung, Method and system for dynamically prefetching information via a server hierarchy.
상세보기
Sanders, Barbara; Robb, Curtis; Gau, Jet, Method and system for strategic services enterprise workload management.
상세보기
Wilkinson W. Kevin (Sunnyvale CA) Neimat Marie-Anne (Atherton CA), Method of maintaining consistency of cached data in a database system.
상세보기
Rabin, Michael O.; Shasha, Dennis E., Methods and apparatus for protecting information.
상세보기
Uesaka Yasushi,JPX ; Yamauchi Kazuhiko,JPX ; Kozuka Masayuki,JPX ; Higaki Nobuo,JPX ; Horiuchi Koichi,JPX ; Haruna Syusuke,JPX, Microprocessor suitable for reproducing AV data while protecting the AV data from illegal copy and image information processing system using the microprocessor.
상세보기
Andrew Goodman ; Jean Rene Menand, Module manager for interactive television system.
상세보기
Edson, Richard, Multi-service in-home network with an open interface.
상세보기
Sen, Subhabrata; Towsley, Don; Zhang, Zhi-Li; Dey, Jayanta Kumar, Multicasting video.
상세보기
Webber Neil F. (Hudson MA) Israel Robert K. (Westford MA) Kenley Gregory (Northborough MA) Taylor Tracy M. (Upton MA) Foster Antony W. (Framingham MA), Network file migration system.
상세보기
Tzelnic Percy ; Dunham Scott R., On-line tape backup using an integrated cached disk array.
상세보기
Sawano, Takao; Kawase, Tomohiro, Portable game machine with download capability.
상세보기
Ong Lance, Predictive memory caching for media-on-demand systems.
상세보기
Lin Mengjou, Process scheduling for streaming data through scheduling of disk jobs and network jobs and the relationship of the scheduling between these types of jobs.
상세보기
Theriault Roger ; Lockhart Thomas Wayne,CAX ; Battin Robert D., Proxy host computer and method for accessing and retrieving information between a browser and a proxy.
상세보기
Hideyuki Tsutsumitake JP, Real-time information transmission system.
상세보기
Pitts William Michael, Request interceptor in network nodes for determining local storage of file image satisfying predetermined criteria.
상세보기
Tso Michael Man-Hak ; Jing Jin ; Knauerhase Robert Conrad ; Romrell David Alfred ; Gillespie Daniel Joshua ; Bakshi Bikram Singh ; Sathyanarayan Seshardi, Scaling proxy server sending to the client a graphical user interface for establishing object encoding preferences after receiving the client's request for the object.
상세보기
Vaitzblit Lev (Concord MA) Ramakrishnan Kadangode K. (Maynard MA) Tzelnic Percy (Concord MA), Scheduling and admission control policy for a continuous media server.
상세보기
Saphar, Louis-Pierre; Karlisch, Thierry, Smart card reader with microcontroller and security component.
상세보기
Doherty, Robert J.; Tierney, Peter L.; Arnaoutoglou-Andreou, Marios, System and embedded license control mechanism for the creation and distribution of digital content files and enforcement of licensed use of the digital content files.
상세보기
Bernardo Richard S. ; Scanell Jane ; Zepf Diedre, System and method for building a web site for use in E-commerce with user specific pricing.
상세보기
Duane Kimbell Fields ; Thomas Preston Gregg ; Sebastian Daniel Hassinger ; William Walter Hurley, System and method for cooperative client/server customization of web pages.
상세보기
Erickson John S., System and method for managing copyrighted electronic media.
상세보기
Pasquali Sandro, System and method for providing a dynamic advertising content window within a window based content manifestation environment provided in a browser.
상세보기
Jeffrey Conklin ; David Foucher ; Daniel Foucher, System and method for providing and updating user supplied context for a negotiations system.
상세보기
Wang Pong-sheng ; Hsu Ching-San, System and process for delivering digital data on demand.
상세보기
Ford, Daniel A.; Kraft, Reiner; Tewari, Gaurav, System and technique for dynamic information gathering and targeted advertising in a web based model using a live information selection and analysis tool.
상세보기
Schindler Jeffrey ; Forrest Bradley A., System for assigning multichannel audio signals to independent wireless audio output devices.
상세보기
Abrams, Steven R.; Jameson, David H., System for collecting and displaying summary information from disparate sources.
상세보기
Schneck Paul B. ; Abrams Marshall D., System for controlling access and distribution of digital property.
상세보기
Stefik Mark J. (Woodside CA) Bobrow Daniel G. (Palo Alto CA) Pirolli Peter L. T. (El Cerrito CA), System for controlling the distribution and use of composite digital works.
상세보기
Stefik Mark J., System for controlling the distribution and use of digital works having attached usage rights where the usage rights are.
상세보기
Lubenow Josef K. ; Albright Charles T., System for distributing items from an origin to a plurality of destinations.
상세보기
Garfinkle Norton (2800 S. Ocean Blvd. Boca Raton FL 33432), System for limiting use of down-loaded video-on-demand data.
상세보기
Martenson Dale Warner, System for network resource management.
상세보기
Levinson Frank H. (Palo Alto CA), System for scheduling transmission of indexed and requested database tiers on demand at varying repetition rates.
상세보기
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
상세보기
Shear Victor H. ; Sibert W. Olin ; Van Wie David M., Systems and methods using cryptography to protect secure computing environments.
상세보기
Venkatesh Ramachandran ; Otis Allen J. ; Bretl Robert F., Transactional virtual machine architecture.
상세보기
Kuzma Andrew J., Transmitting electronic mail attachment over a network using a e-mail page.
상세보기
Suzuki Mitsuhiro,JPX, Two-way information transmission system and two-way information transmission method.
상세보기
Fuller William H., Video distribution system.
상세보기
Nakamura Hiroki,JPX ; Kusumi Yuki,JPX ; Oashi Masahiro,JPX ; Shimoji Tatsuya,JPX, Video on demand system with a transmission schedule table in the video server including entries for client identifiers,.
상세보기
Belknap William R. (San Jose CA) Henley Martha R. (Morgan Hill CA) Falcon ; Jr. Lorenzo (San Jose CA) Frayne Thomas E. (San Jose CA) Luo Mei-Lan (San Jose CA) Saxena Ashok R. (San Jose CA), Video optimized media streamer with cache management.
상세보기
McBride Randall C., Volatile key apparatus for safeguarding confidential data stored in a computer system memory.
상세보기

이 특허를 인용한 특허 (5)

Hars, Laszlo, Method and apparatus for authenticated data storage.
상세보기
Li, Jun, Security protocols for hybrid peer-to-peer file sharing networks.
상세보기
Li, Jun, Security protocols for hybrid peer-to-peer file sharing networks.
상세보기
DeTreville, John, State reference.
상세보기
Pang, Jon L., System and method for securing data while minimizing bandwidth.
상세보기

IPC	Description
A	생활필수품
A62	인명구조; 소방(사다리 E06C)
A62B	인명구조용의 기구, 장치 또는 방법(특히 의료용에 사용되는 밸브 A61M 39/00; 특히 물에서 쓰이는 인명구조 장치 또는 방법 B63C 9/00; 잠수장비 B63C 11/00; 특히 항공기에 쓰는 것, 예. 낙하산, 투출좌석 B64D; 특히 광산에서 쓰이는 구조장치 E21F 11/00)
A62B-1/08	.. 윈치 또는 풀리에 제동기구가 있는 것

내보내기 구분	파일저장 인쇄 메일전송
구성항목	기본정보 상세정보 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표IPC 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 공고번호, 공고일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표출원인, 출원인국적, 출원인주소, 발명자, 발명자E, 발명자코드, 발명자주소, 발명자 우편번호, 발명자국적, 대표IPC, IPC코드, 요약, 미국특허분류, 대리인주소, 대리인코드, 대리인(한글), 대리인(영문), 국제공개일자, 국제공개번호, 국제출원일자, 국제출원번호, 우선권, 우선권주장일, 우선권국가, 우선권출원번호, 원출원일자, 원출원번호, 지정국, Citing Patents, Cited Patents
저장형식	Text(ASCII format) Excel format PIAS분석(.xls)
메일정보	받는사람 (필수) @ 보내는사람 (선택) @ 제목 내용 KISTI 검색결과 이메일 서비스
안내	총 건의 자료가 검색되었습니다. 다운받으실 자료의 인덱스를 입력하세요. (1-10,000) 검색결과의 순서대로 최대 10,000건 까지 다운로드가 가능합니다. 데이타가 많을 경우 속도가 느려질 수 있습니다.(최대 2~3분 소요) 다운로드 파일은 UTF-8 형태로 저장됩니다. 파일의 내용이 제대로 보이지 않을실 때는 웹브라우저 상단의 보기 -> 인코딩 -> 자동선택 여부를 확인하십시오. ~ Text(ASCII format) Excel format

연합인증

Secure device authentication system and method 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

이 특허에 인용된 특허 (91)

이 특허를 인용한 특허 (5)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트

연합인증

Secure device authentication system and method 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

전체(0) 논문(0) 특허(0) 보고서(0)

전체(0) 논문(0) 특허(0) 보고서(0)

이 특허에 인용된 특허 (91)

이 특허를 인용한 특허 (5)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트