公开(公告)号：US20140123242A1

公开(公告)日：2014-05-01

申请号：US14066636

申请日：2013-10-29

Applicant: General Instrument Corporation

Inventor： Eric J. Sprunk ,  Mark G. Depietro

IPC: G06F21/10

CPC classification number: H04N21/2351 ,  G06F21/10 ,  G06F21/105 ,  G06F21/121 ,  G06F21/57 ,  G06F21/629 ,  H04L63/126 ,  H04N21/4353 ,  H04N21/4431 ,  H04N21/4433 ,  H04N21/64715

Abstract: A system for securely authenticating software Application Program Interfaces (APIs) includes a handshake protocol that enables promulgation of licensing rights controlling Intellectual Property (IP) to multiple Actors. The handshake is a Challenge-Response protocol that includes a Challenge issued by one Actor who controls IP rights to verify a second Actor has Licensed IP rights when the second Actor Response includes use of a function IPF1. The function e.g. IPF1 is provided through the IP licensing agreement. Other Actors who wish to use software that the first Actor provides will be encouraged to acquire rights to the IP License to obtain the function IPF1 for access. Subsequent Actors who have IP rights controlled by another function IPF2 can be pulled into the same IP Licensing system, or another IP License that becomes part of the same ecosystem with the system controlled using function IPF1.

Abstract translation: 用于安全认证软件的系统应用程序接口（API）包括一个握手协议，可以向多个演员发布控制知识产权（IP）的许可权。 握手是一个挑战 - 响应协议，其中包括一名演员发出的挑战，该演员控制IP权限，以验证第二名演员在第二名演员回应包含使用功能IPF1时具有许可IP权限。 功能例如 IPF1通过知识产权许可协议提供。 希望使用第一名演员提供的软件的其他演员将被鼓励获得IP许可证获得IPF1访问权限。 具有由另一个功能IPF2控制的知识产权的后续演员可以被拉入相同的IP许可系统，或另一个IP许可证，该许可证成为使用功能IPF1进行系统控制的相同生态系统的一部分。

公开(公告)号：US20140123321A1

公开(公告)日：2014-05-01

申请号：US14066657

申请日：2013-10-29

Applicant: General Instrument Corporation

Inventor： Eric J. Sprunk ,  Mark G. Depietro

IPC: H04L29/06

CPC classification number: H04N21/2351 ,  G06F21/10 ,  G06F21/105 ,  G06F21/121 ,  G06F21/57 ,  G06F21/629 ,  H04L63/126 ,  H04N21/4353 ,  H04N21/4431 ,  H04N21/4433 ,  H04N21/64715

Abstract: A system for securely authenticating software Application Program Interfaces (APIs) includes a handshake protocol that enables promulgation of licensing rights controlling Intellectual Property (IP) to multiple Actors. The Actors include components of a cable system that can include a Conditional Access System, Middleware, a Browser for a Set-Top-Box, a Guide and a Guide Data Provider. The handshake is a Challenge-Response protocol that includes a Challenge issued by one Actor who controls IP rights to verify a second Actor has Licensed IP rights when the second Actor Response includes a Hook IP function IPF1. Other Actors who wish to use software functions F that the first Actor provides will be encouraged to acquire rights to the IP License to obtain the function IPF1 for access. Subsequent Actors who have IP rights controlled by another function IPF2 can be pulled into the same IP Licensing system, or another IP License that becomes part of the same ecosystem with the system controlled using function IPF1.

Abstract translation: 用于安全认证软件的系统应用程序接口（API）包括一个握手协议，可以向多个演员发布控制知识产权（IP）的许可权。 演员包括有线系统的组件，可以包括条件访问系统，中间件，机顶盒的浏览器，指南和指南数据提供者。 握手是一个挑战 - 响应协议，其中包括由一名演员发出的挑战，该演员控制IP权限，以便在第二名演员回应包含Hook IP功能IPF1时，具有许可IP权限。 希望使用第一名Actor提供的软件功能F的其他演员将被鼓励获得IP许可证的权限，以获取IPF1的访问权限。 具有由另一个功能IPF2控制的知识产权的后续演员可以被拉入相同的IP许可系统，或另一个IP许可证，该许可证成为使用功能IPF1进行系统控制的相同生态系统的一部分。

公开(公告)号：US20140123220A1

公开(公告)日：2014-05-01

申请号：US14066591

申请日：2013-10-29

Applicant: General Instrument Corporation

Inventor： Eric J. Sprunk ,  Mark G. Depietro ,  Alexander Medvinsky ,  Paul Moroney ,  Xin Qiu

IPC: G06F21/10

CPC classification number: H04N21/2351 ,  G06F21/10 ,  G06F21/105 ,  G06F21/121 ,  G06F21/57 ,  G06F21/629 ,  H04L63/126 ,  H04N21/4353 ,  H04N21/4431 ,  H04N21/4433 ,  H04N21/64715

Abstract: A system for securely authenticating software Application Program Interfaces (APIs) includes a handshake protocol that is provided to validate whether the parties involved are licensed to use the system which includes rights to Intellectual Property (IP) and corresponding obligations. The handshake is a Challenge-Response protocol that includes several steps. First, a Claimant sends a request to a Verifier requesting access to a function through an API. The Verifier reacts to the request by outputting a Challenge that is sent to the Claimant. The Challenge is also retained by the Verifier for use in its internal calculation to verify the Claimant's response. The Claimant next processes the Challenge using components under the license, known as Hook IP, and issues a Response to the Verifier. The Verifier compares the possibly-correct Candidate Response from the Claimant to the known-correct Target Response and if a match occurs the Verifier allows the Claimant access to the API.

Abstract translation: 用于安全认证软件的系统应用程序接口（API）包括一个握手协议，用于验证所涉各方是否被许可使用包括知识产权（IP）权利和相应义务的系统。 握手是一个挑战 - 响应协议，包括几个步骤。 首先，索赔人通过API向验证者发送请求访问功能的请求。 验证者通过输出发送给索赔人的质询来对请求做出反应。 验证者也保留挑战，用于内部计算，以验证索赔人的回应。 索赔人接下来使用许可证下的组件（称为Hook IP）处理挑战，并向验证者发出响应。 验证者将来自索赔人的可能正确的候选响应与已知正确的目标响应进行比较，如果匹配发生，则验证者允许Claimant访问API。

公开(公告)号：US20140123172A1

公开(公告)日：2014-05-01

申请号：US14066653

申请日：2013-10-29

Applicant: General Instrument Corporation

Inventor： Eric J. Sprunk ,  Mark G. Depietro ,  Alexander Medvinsky ,  Paul Moroney ,  Xin Qiu

IPC: H04N21/235 ,  H04N21/647 ,  H04N21/435

CPC classification number: H04N21/2351 ,  G06F21/10 ,  G06F21/105 ,  G06F21/121 ,  G06F21/57 ,  G06F21/629 ,  H04L63/126 ,  H04N21/4353 ,  H04N21/4431 ,  H04N21/4433 ,  H04N21/64715

Abstract: A system for securely authenticating software Application Program Interfaces (APIs) includes a handshake protocol provided between a Conditional Access System (CAS) and Middleware running on a Set-Top-Box. The handshake is a Challenge-Response protocol that includes several steps. The CAS or the Middleware can either act as a Claimant or Verifier in Challenge-Response process. First, a Claimant sends a request to a Verifier requesting access to a function F through the API. The Verifier reacts to the request by outputting a Challenge that is sent to the Claimant The Challenge is also retained by the Verifier for use in its internal calculation to verify the Claimant's response. The Claimant next processes the Challenge using components under a patent License Agreement, known as Hook IP, and issues a Response to the Verifier. The Verifier can then verify the Response to allow the Claimant access to the API.

Abstract translation: 用于安全认证软件的系统应用程序接口（API）包括在条件访问系统（CAS）和在机顶盒上运行的中间件之间提供的握手协议。 握手是一个挑战 - 响应协议，包括几个步骤。 CAS或中间件可以在“挑战响应”过程中充当索赔人或验证者。 首先，索赔人通过API向验证者发送请求访问函数F的请求。 验证者通过输出发送到索赔人的挑战来对请求做出反应。验证者还保留挑战，以便在其内部计算中使用以验证索赔人的回复。 索赔人接下来使用专利许可协议（称为Hook IP）的组件处理挑战，并向验证者发出回复。 然后，验证者可以验证响应以允许Claimant访问API。

公开(公告)号：US20130104199A1

公开(公告)日：2013-04-25

申请号：US13713918

申请日：2012-12-13

Applicant: General Instrument Corporation

Inventor： Eric J. Sprunk

IPC: H04L29/06

CPC classification number: H04L63/08 ,  H04N7/1675 ,  H04N21/23476 ,  H04N21/2541 ,  H04N21/4117 ,  H04N21/435 ,  H04N21/4424 ,  H04N21/4623 ,  H04N21/8166 ,  H04N21/835 ,  H04N21/8355 ,  H04N2005/91364

Abstract: According to the invention, a method for securing a plaintext object within a content receiver is disclosed. In one step, a secure portion of a secure object and a plaintext remainder of the secure object are received. Which portion of the secure object is the secure portion is determined. The secure portion is decrypted to provide a plaintext portion. The plaintext object that comprises the plaintext portion and the plaintext remainder is formed. The plaintext object is stored including authentication and authorization.

Abstract translation: 根据本发明，公开了一种用于保护内容接收器内的明文对象的方法。 在一个步骤中，接收安全对象的安全部分和安全对象的明文剩余部分。 确定安全对象的哪个部分是安全部分。 解密安全部分以提供明文部分。 形成包含明文部分和明文余数的明文对象。 存储明文对象，包括认证和授权。

公开(公告)号：US09027159B2

公开(公告)日：2015-05-05

申请号：US14066657

申请日：2013-10-29

Applicant: General Instrument Corporation

Inventor： Eric J. Sprunk ,  Mark G. Depietro

IPC: H04L29/06 ,  H04N21/235 ,  H04N21/435 ,  H04N21/647 ,  G06F21/10 ,  G06F21/12

CPC classification number: H04N21/2351 ,  G06F21/10 ,  G06F21/105 ,  G06F21/121 ,  G06F21/57 ,  G06F21/629 ,  H04L63/126 ,  H04N21/4353 ,  H04N21/4431 ,  H04N21/4433 ,  H04N21/64715

Abstract: A system for securely authenticating software Application Program Interfaces (APIs) includes a handshake protocol that enables promulgation of licensing rights controlling Intellectual Property (IP) to multiple Actors. The Actors include components of a cable system that can include a Conditional Access System, Middleware, a Browser for a Set-Top-Box, a Guide and a Guide Data Provider. The handshake is a Challenge-Response protocol that includes a Challenge issued by one Actor who controls IP rights to verify a second Actor has Licensed IP rights when the second Actor Response includes a Hook IP function IPF1. Other Actors who wish to use software functions F that the first Actor provides will be encouraged to acquire rights to the IP License to obtain the function IPF1 for access. Subsequent Actors who have IP rights controlled by another function IPF2 can be pulled into the same IP Licensing system, or another IP License that becomes part of the same ecosystem with the system controlled using function IPF1.

Abstract translation: 用于安全认证软件的系统应用程序接口（API）包括一个握手协议，可以向多个演员发布控制知识产权（IP）的许可权。 演员包括有线系统的组件，可以包括条件访问系统，中间件，机顶盒的浏览器，指南和指南数据提供者。 握手是一个挑战 - 响应协议，其中包括由一名演员发出的挑战，该演员控制IP权限，以便在第二名演员回应包含Hook IP功能IPF1时，具有许可IP权限。 希望使用第一名Actor提供的软件功能F的其他演员将被鼓励获得IP许可证的权限，以获取IPF1的访问权限。 具有由另一个功能IPF2控制的知识产权的后续演员可以被拉入相同的IP许可系统，或另一个IP许可证，该许可证成为使用功能IPF1进行系统控制的相同生态系统的一部分。

公开(公告)号：US20140082359A1

公开(公告)日：2014-03-20

申请号：US13865078

申请日：2013-04-17

Applicant: GENERAL INSTRUMENT CORPORATION

Inventor： Madjid Nakhjiri ,  Tat Keung Chan ,  Alexander Medvinsky ,  Eric J. Sprunk

IPC: H04L29/06

CPC classification number: H04L63/0435 ,  H04L9/0822 ,  H04L9/0841 ,  H04L9/0844 ,  H04L9/3066 ,  H04L63/0442 ,  H04L63/0478 ,  H04L63/061 ,  H04L2209/80 ,  H04L2463/061 ,  H04W8/205 ,  H04W12/02 ,  H04W12/04

Abstract: A method provides end-to-end security for transport of a profile to a target device (e.g., a mobile computing device) over at least one communications network that includes a plurality of nodes. In accordance with the method, the profile is encrypted for transport between the target device and an initial node of the network through which the profile is transported. The encryption is an end-to-end inner layer encryption performed prior to hop-to-hop encryption. The encrypting uses a public key of a public, private key pair. The private key is derivable from a seed securely provisioned in the target device using a public key algorithm. The encrypted profile is transmitted over the communications network to the target device.

Abstract translation: 一种方法提供用于通过包括多个节点的至少一个通信网络将简档传送到目标设备（例如，移动计算设备）的端到端安全性。 根据该方法，该配置文件被加密以在目标设备和通过其传送该配置文件的网络的初始节点之间进行传输。 加密是在跳转到加密之前执行的端到端内层加密。 加密使用公共密钥对的公开密钥。 私钥可以从使用公钥算法的目标设备中安全地提供的种子派生。 加密的配置文件通过通信网络发送到目标设备。

公开(公告)号：US20140082358A1

公开(公告)日：2014-03-20

申请号：US13859580

申请日：2013-04-09

Applicant: GENERAL INSTRUMENT CORPORATION

Inventor： Madjid Nakhjiri ,  Tat Keung Chan ,  Alexander Medvinsky ,  Eric J. Sprunk

IPC: H04L29/06

CPC classification number: H04L63/0435 ,  H04L9/0822 ,  H04L9/0841 ,  H04L9/0844 ,  H04L9/3066 ,  H04L63/0442 ,  H04L63/0478 ,  H04L63/061 ,  H04L2209/80 ,  H04L2463/061 ,  H04W8/205 ,  H04W12/0023 ,  H04W12/00512 ,  H04W12/02 ,  H04W12/04

Abstract: A method provides end-to-end security for transport of a profile to a target device (e.g., a mobile computing device) over at least one communications network that includes a plurality of nodes. In accordance with the method, the profile is encrypted for transport between the target device and an initial node of the network through which the profile is transported. The encryption is an end-to-end inner layer encryption performed prior to hop-to-hop encryption. The encrypting uses a public key of a public, private key pair. The private key is derivable from a seed securely provisioned in the target device using a public key algorithm. The encrypted profile is transmitted over the communications network to the target device.

Abstract translation: 一种方法提供用于通过包括多个节点的至少一个通信网络将简档传送到目标设备（例如，移动计算设备）的端到端安全性。 根据该方法，该配置文件被加密以在目标设备和通过其传送该配置文件的网络的初始节点之间进行传输。 加密是在跳转到加密之前执行的端到端内层加密。 加密使用公共密钥对的公开密钥。 私钥可以从使用公钥算法的目标设备中安全地提供的种子派生。 加密的配置文件通过通信网络发送到目标设备。