专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08504849B2 Method for versatile content control 有权
标题翻译：多用途内容控制方法
公开(公告)号：US08504849B2
公开(公告)日：2013-08-06
申请号：US11314411
申请日：2005-12-20
申请人： Fabrice Jogand-Coulomb , Michael Holtzman , Bahman Qawami , Ron Barzilai , Hagai Bar-El
发明人： Fabrice Jogand-Coulomb , Michael Holtzman , Bahman Qawami , Ron Barzilai , Hagai Bar-El
IPC分类号： G06Q99/00 , G06F11/30 , G06F12/14
CPC分类号： G06F21/6218 , G06F21/78
摘要： Many storage devices are not aware of file systems while many computer host devices read and write data in the form of files. The host device provides a key reference or ID, while the memory system generates a key value in response which is associated with the key ID, which is used as the handle through which the memory retains complete and exclusive control over the generation and use of the key value for cryptographic processes, while the host retains control of files.
摘要翻译：许多存储设备不知道文件系统，而许多计算机主机设备以文件的形式读取和写入数据。主机设备提供密钥引用或ID，而存储器系统生成响应中的密钥值，该密钥值与密钥ID相关联，该密钥ID用作存储器保持完整的句柄，并且专用于控制生成和使用密码过程的关键值，而主机保留对文件的控制。

2. 发明授权

US08051052B2 Method for creating control structure for versatile content control 有权
标题翻译：创建多功能内容控制的控制结构的方法
公开(公告)号：US08051052B2
公开(公告)日：2011-11-01
申请号：US11313538
申请日：2005-12-20
申请人： Fabrice Jogand-Coulomb , Michael Holtzman , Bahman Qawami , Ron Barzilai
发明人： Fabrice Jogand-Coulomb , Michael Holtzman , Bahman Qawami , Ron Barzilai
IPC分类号： G06F17/30
CPC分类号： G06F21/10 , G06F21/6218 , G06F21/78 , G06F2221/2145
摘要： The mobile storage device may be provided with a system agent that is able to create at least one hierarchical tree comprising nodes at different levels for controlling access to data stored in the memory by corresponding entities. Each node of the tree specifies permission or permissions of a corresponding entity or entities for accessing memory data. The permission or permissions at the node of each of the trees has a predetermined relationship to permission or permissions at nodes at a higher or lower or the same level in the same tree. Thus, the mobile storage devices may be issued without any trees already created so that the purchaser of the devices has a free hand in creating hierarchical trees adapted to the applications the purchaser has in mind. Alternatively, the mobile storage devices may also be issued with the trees already created so that a purchaser does not have to go through the trouble of creating the trees. In both situations, preferably certain functionalities of the trees can become fixed after the devices are made so that they cannot be further changed or altered. This provides greater control over access to the content in the device by the content owner. Thus, in one embodiment, the system agent can preferably be disabled so that no additional trees can be created.
摘要翻译：移动存储设备可以被提供有能够创建包括不同级别的节点的至少一个分层树的系统代理，用于控制对相应实体存储在存储器中的数据的访问。树的每个节点指定用于访问存储器数据的相应实体或实体的许可或许可。每个树的节点的权限或权限与同一树中较高或较低或相同级别的节点处的许可或许可具有预定关系。因此，移动存储设备可以在没有任何已经创建的树的情况下被发布，使得设备的购买者可以自由地创建适应购买者所考虑的应用的分层树。或者，移动存储设备也可以被发布已经创建的树，使得购买者不必经历创建树的麻烦。在这两种情况下，优选地，在制造装置之后，树的某些功能可以变得固定，使得它们不能被进一步改变或改变。这可以更好地控制内容所有者对设备内容的访问。因此，在一个实施例中，系统代理可以优选地被禁用，使得不能创建额外的树。

3. 发明申请

US20080010455A1 Control Method Using Identity Objects 有权
公开(公告)号：US20080010455A1
公开(公告)日：2008-01-10
申请号：US11557041
申请日：2006-11-06
申请人： Michael Holtzman , Ron Barzilai , Fabrice Jogand-Coulomb
发明人： Michael Holtzman , Ron Barzilai , Fabrice Jogand-Coulomb
IPC分类号： H04L9/00
CPC分类号： H04L9/3228 , H04L9/3263 , H04L9/3273 , H04L2209/603
摘要： An object known as an identity object comprises a public key and a private key pair and at least one certificate issued by a certificate authority that certifies that the public key of the pair is genuine. In one embodiment, this object may be used as proof of identification by using the private key to sign data provided to it or signals derived from the data. An identity object may be stored in a non-volatile memory as proof of identity, where the memory is controlled by a controller. Preferably, a housing encloses the memory and the controller. In another embodiment, an identity object may be stored in a non-volatile memory of a memory system as proof of identity. The memory system is removably connected to a host device. After the host device has been successfully authenticated, the private key of the object is used to encrypt data from the host device or signals derived from said data, and the at least one certificate and the encrypted data or signals are sent to the host device. In yet another embodiment, after an entity has been authenticated by a control data structure of the memory system, the public key of the identity object and the at least one certificate to certify the public key are provided to the entity. In one practical application of this embodiment, if encrypted data encrypted by means of the public key of the identity object is received from the entity, the memory system will then be able to decrypt the encrypted data using the private key in the identity object. The identity object and the at least one certificate are stored in a non-volatile memory where the memory is controlled by a controller. Preferably, a housing encloses the memory and the controller. In one more embodiment, an identity object may be stored in a non-volatile memory of a memory system. The memory system is removably connected to a host device. After the host device has been successfully authenticated, the public key of the identity object and the at least one certificate to certify the public key are provided to the host device. When encrypted data encrypted by means of the public key of the identity object is received from the host device, the memory system decrypts the encrypted data using the private key in the identity object.

4. 发明申请

US20080010452A1 Content Control System Using Certificate Revocation Lists 审中-公开
标题翻译：内容控制系统使用证书吊销列表
公开(公告)号：US20080010452A1
公开(公告)日：2008-01-10
申请号：US11557026
申请日：2006-11-06
申请人： Michael Holtzman , Ron Barzilai , Rotem Sela , Fabrice Jogand-Coulomb
发明人： Michael Holtzman , Ron Barzilai , Rotem Sela , Fabrice Jogand-Coulomb
IPC分类号： H04L9/00
CPC分类号： H04L9/3228 , H04L9/3263 , H04L9/3273 , H04L2209/603
摘要： Host devices present both the host certificate and the pertinent certificate revocation lists to the memory device for authentication so that the memory device need not obtain the list on its own. Processing of the certificate revocation list and searching for the certificate identification may be performed concurrently by the memory device. The certificate revocation lists for authenticating host devices to memory devices may be stored in an unsecured area of the memory device for convenience of users.
摘要翻译：主机设备将主机证书和相关证书吊销列表呈现给存储器设备以进行认证，使得存储器设备不需要自己获得列表。证书撤销列表的处理和搜索证书标识可以由存储设备同时执行。用于将存储设备的主机设备认证的证书吊销列表可以存储在存储设备的不安全区域中，以方便用户。

5. 发明申请

US20100077214A1 Host Device and Method for Protecting Data Stored in a Storage Device 审中-公开
标题翻译：用于保护存储在存储设备中的数据的主机设备和方法
公开(公告)号：US20100077214A1
公开(公告)日：2010-03-25
申请号：US12624036
申请日：2009-11-23
申请人： Fabrice Jogand-Coulomb , Michael Holtzman , Bahman Qawami , Ron Barzilai , Hagai Bar-El
发明人： Fabrice Jogand-Coulomb , Michael Holtzman , Bahman Qawami , Ron Barzilai , Hagai Bar-El
IPC分类号： H04L9/32 , G06F12/14 , H04L9/06
CPC分类号： G06F21/6218 , G06F2221/2113 , G06F2221/2141
摘要： The owner of proprietor interest is in a better position to control access to the encrypted content in the medium if the encryption-decryption key is stored in the medium itself and substantially inaccessible to external devices. Only those host devices with the proper credentials are able to access the key. An access policy may be stored which grants different permissions (e.g. to different authorized entities) for accessing data stored in the medium. A system incorporating a combination of the two above features is particularly advantageous. On the one hand, the content owner or proprietor has the ability to control access to the content by using keys that are substantially inaccessible to external devices and at the same time has the ability to grant different permissions for accessing content in the medium. Thus, even where external devices gain access, their access may still be subject to the different permissions set by the content owner or proprietor recorded in the storage medium. When implemented in a flash memory, the above features result in a particularly useful medium for content protection. Many storage devices are not aware of file systems while many computer host devices read and write data in the form of files. The host device provides a key reference or ID, while the storage device generates a key value in response which is associated with the key ID, which is used as the handle through which the memory retains complete and exclusive control over the generation and use of the key value for cryptographic processes, while the host retains control of files.
摘要翻译：如果加密解密密钥存储在介质本身并且对外部设备基本不可访问，则所有者利益的所有者处于更好的位置以控制对介质中的加密内容的访问。只有那些具有正确凭据的主机才能访问密钥。可以存储访问策略，其授予不同的权限（例如，到不同的授权实体）以访问存储在介质中的数据。结合上述两个特征的组合的系统是特别有利的。一方面，内容所有者或所有者具有通过使用外部设备基本上不可访问的密钥来控制对内容的访问的能力，并且同时具有授予访问媒体中的内容的不同权限的能力。因此，即使在外部设备获得访问的情况下，他们的访问仍然可能受到记录在存储介质中的内容所有者或所有者设置的不同权限。当在闪存中实现时，上述特征导致用于内容保护的特别有用的介质。许多存储设备不知道文件系统，而许多计算机主机设备以文件的形式读取和写入数据。主机设备提供密钥参考或ID，而存储设备生成响应中的密钥值，该密钥值与密钥ID相关联，该密钥ID用作存储器保留完整的句柄，并且专用于控制生成和使用密码过程的关键值，而主机保留对文件的控制。

6. 发明申请

US20080034440A1 Content Control System Using Versatile Control Structure 审中-公开
标题翻译：使用多功能控制结构的内容控制系统
公开(公告)号：US20080034440A1
公开(公告)日：2008-02-07
申请号：US11557056
申请日：2006-11-06
申请人： Michael Holtzman , Ron Barzilai , Fabrice Jogand-Coulomb
发明人： Michael Holtzman , Ron Barzilai , Fabrice Jogand-Coulomb
IPC分类号： H04L9/32 , H04L9/00 , G06F12/14 , G06K9/00 , G06F17/30 , G06F7/04 , G06F11/30 , H03M1/68 , H04K1/00 , H04N7/16
CPC分类号： G06F21/10 , H04L9/3228 , H04L9/3263 , H04L9/3273 , H04L2209/603
摘要： At least one software application is stored in a memory device, where a security data structure controls access to information obtainable from data stored in the device and to the at least one software application. A set of protocols control communication between a host and a memory device. Invocation of at least one software application stored in the memory device modifies the protocol. A security data structure controls access to data stored in the memory device according to an access policy. Invocation of at least one software application stored in the memory device imposes at least one condition in addition to the access policy for accessing the data. A data object storing data in the memory device is associated with at least one software application. Accessing the object will invoke the at least one software application which processes the data in the object. Individual ones of a plurality of first sets of protocols are selectable for enabling data to be provided and stored in a data object. A second set of protocols can be used to retrieve data from the data object, or data derived from such data, irrespective of which of the first set of protocols was used to enable the provision and storing of data in the object.
摘要翻译：至少一个软件应用程序存储在存储器设备中，其中安全数据结构控制对从存储在设备中的数据和至少一个软件应用程序可获得的信息的访问。一组协议控制主机和存储设备之间的通信。对存储在存储设备中的至少一个软件应用的调用修改协议。安全数据结构根据访问策略控制对存储设备中存储的数据的访问。存储在存储设备中的至少一个软件应用的调用除了用于访问数据的访问策略之外还施加至少一个条件。存储设备中存储数据的数据对象与至少一个软件应用相关联。访问对象将调用处理对象中的数据的至少一个软件应用程序。多个第一组协议中的各个可选择用于使数据能够被提供并存储在数据对象中。可以使用第二组协议来从数据对象或从这样的数据导出的数据中检索数据，而不管第一组协议中哪一个被用于使得能够在对象中提供和存储数据。

7. 发明申请

US20060242067A1 System for creating control structure for versatile content control 审中-公开
标题翻译：用于创建多功能内容控制的控制结构的系统
公开(公告)号：US20060242067A1
公开(公告)日：2006-10-26
申请号：US11314055
申请日：2005-12-20
申请人： Fabrice Jogand-Coulomb , Michael Holtzman , Bahman Qawami , Ron Barzilai
发明人： Fabrice Jogand-Coulomb , Michael Holtzman , Bahman Qawami , Ron Barzilai
IPC分类号： G06Q99/00
CPC分类号： G06F21/6218 , G06F21/78 , G06F2221/2145
摘要： The mobile storage device may be provided with a system agent that is able to create at least one hierarchical tree comprising nodes at different levels for controlling access to data stored in the memory by corresponding entities. Each node of the tree specifies permission or permissions of a corresponding entity or entities for accessing memory data. The permission or permissions at the node of each of the trees has, a predetermined relationship to permission or permissions at nodes at a higher or lower or the same level in the same tree. Thus, the mobile storage devices may be issued without any trees already created so that the purchaser of the devices has a free hand in creating hierarchical trees adapted to the applications the purchaser has in mind. Alternatively, the mobile storage devices may also be issued with the trees already created so that a purchaser does not have to go through the trouble of creating the trees. In both situations, preferably certain functionalities of the trees can become fixed after the devices are made so that they cannot be further changed or altered. This provides greater control over access to the content in the device by the content owner. Thus, in one embodiment, the system agent can preferably be disabled so that no additional trees can be created.
摘要翻译：移动存储设备可以被提供有能够创建包括不同级别的节点的至少一个分层树的系统代理，用于控制对相应实体存储在存储器中的数据的访问。树的每个节点指定用于访问存储器数据的相应实体或实体的许可或许可。每个树的节点上的权限或权限具有与同一树中较高或较低或相同级别的节点处的许可或许可的预定关系。因此，移动存储设备可以在没有任何已经创建的树的情况下被发布，使得设备的购买者可以自由地创建适应购买者所考虑的应用的分层树。或者，移动存储设备也可以被发布已经创建的树，使得购买者不必经历创建树的麻烦。在这两种情况下，优选地，在制造装置之后，树的某些功能可以变得固定，使得它们不能被进一步改变或改变。这可以更好地控制内容所有者对设备内容的访问。因此，在一个实施例中，系统代理可以优选地被禁用，使得不能创建额外的树。

8. 发明授权

US08639939B2 Control method using identity objects 有权
标题翻译：使用身份对象的控制方法
公开(公告)号：US08639939B2
公开(公告)日：2014-01-28
申请号：US11557041
申请日：2006-11-06
申请人： Michael Holtzman , Ron Barzilai , Fabrice Jogand-Coulomb
发明人： Michael Holtzman , Ron Barzilai , Fabrice Jogand-Coulomb
IPC分类号： G06F21/00
CPC分类号： H04L9/3228 , H04L9/3263 , H04L9/3273 , H04L2209/603
摘要： An object known as an identity object comprises a public key and a private key pair and at least one certificate issued by a certificate authority that certifies that the public key of the pair is genuine. In one embodiment, this object may be used as proof of identification by using the private key to sign data provided to it or signals derived from the data. An identity object may be stored in a non-volatile memory as proof of identity, where the memory is controlled by a controller. Preferably, a housing encloses the memory and the controller.
摘要翻译：被称为身份对象的对象包括公开密钥对和私钥对以及证书颁发机构颁发的至少一个证书，证明该对的公钥是真实的。在一个实施例中，该对象可以通过使用私钥对其提供的数据进行签名或从数据导出的信号被用作识别证明。身份对象可以作为身份证明存储在非易失性存储器中，其中存储器由控制器控制。优选地，壳体包围存储器和控制器。

9. 发明申请

US20060242066A1 Versatile content control with partitioning 审中-公开
标题翻译：多功能内容控制与分区
公开(公告)号：US20060242066A1
公开(公告)日：2006-10-26
申请号：US11314053
申请日：2005-12-20
申请人： Fabrice Jogand-Coulomb , Michael Holtzman , Bahman Qawami , Ron Barzilai
发明人： Fabrice Jogand-Coulomb , Michael Holtzman , Bahman Qawami , Ron Barzilai
IPC分类号： G06Q99/00
CPC分类号： G06F21/6218 , G06F21/10 , G06F21/78 , G06F2221/2145
摘要： In some mobile storage devices, content protection is afforded by dividing the memory into separate areas where access to protected areas requires prior authentication. While such feature does provide some protection, it does not protect against a user who obtained a password by illicit means. Thus, another aspect of the invention is based on the recognition that a mechanism or structure may be provided to divide a memory into partitions and so that at least some data in the partitions can be encrypted with a key, so that in addition to authentication that is required for accessing some of the partitions, access to one or more keys may be required to decrypt the encrypted data in such partitions. In some applications, it may be more convenient to the user to be able to log in the memory system using one application, and then be able to use different applications to access protected content without having to log in again. In such event, all of the content that the user wishes to access in this manner may be associated with a first account, so that all such content can be accessed via different applications (e.g. music player, email, cellular communication etc.) without having to log in multiple times. Then a different set of authentication information may then be used for logging in to access protected content that is in an account different from the first account, even where the different accounts are for the same user or entity.
摘要翻译：在一些移动存储设备中，通过将存储器划分成对保护区的访问需要事先认证的单独区域来提供内容保护。虽然这样的功能确实提供了一些保护，但是它不能防止以非法手段获得密码的用户。因此，本发明的另一方面基于这样的认识：可以提供机制或结构来将存储器划分成分区，并且使得可以用密钥对分区中的至少一些数据进行加密，使得除了认证是访问某些分区所必需的，可能需要访问一个或多个密钥来对这些分区中的加密数据进行解密。在某些应用中，用户可以使用一个应用程序登录存储系统更方便，然后能够使用不同的应用来访问受保护的内容，而无需再次登录。在这种情况下，用户希望以这种方式访问的所有内容可以与第一帐户相关联，使得可以通过不同的应用（例如，音乐播放器，电子邮件，蜂窝通信等）来访问所有这样的内容，而没有多次登录。然后可以使用一组不同的身份验证信息来登录访问与第一帐户不同的帐户的受保护内容，即使不同帐户是针对同一用户或实体的。

10. 发明授权

US08601283B2 Method for versatile content control with partitioning 有权
标题翻译：具有分区功能的多功能内容控制方法
公开(公告)号：US08601283B2
公开(公告)日：2013-12-03
申请号：US11314052
申请日：2005-12-20
申请人： Fabrice Jogand-Coulomb , Michael Holtzman , Bahman Qawami , Ron Barzilai
发明人： Fabrice Jogand-Coulomb , Michael Holtzman , Bahman Qawami , Ron Barzilai
IPC分类号： G06F21/00 , G06F11/30 , G06F12/14 , G06F11/00 , G06F12/16 , H04L9/32 , H04L29/06
CPC分类号： G06F21/62 , G06F21/10 , G06F21/6218 , G06F21/78 , G06F2221/2145
摘要： In some applications, it may be more convenient to the user to be able to log in the memory system using one application, and then be able to use different applications to access protected content without having to log in again. In such event, all of the content that the user wishes to access in this manner may be associated with a first account, so that all such content can be accessed via different applications (e.g. music player, email, cellular communication etc.) without having to log in multiple times. Then a different set of authentication information may then be used for logging in to access protected content that is in an account different from the first account, even where the different accounts are for the same user or entity.
摘要翻译：在某些应用中，用户可以使用一个应用程序登录存储系统更方便，然后能够使用不同的应用来访问受保护的内容，而无需再次登录。在这种情况下，用户希望以这种方式访问的所有内容可以与第一帐户相关联，使得可以通过不同的应用（例如，音乐播放器，电子邮件，蜂窝通信等）来访问所有这样的内容，而没有多次登录。然后可以使用一组不同的身份验证信息来登录访问与第一帐户不同的帐户的受保护内容，即使不同帐户是针对同一用户或实体的。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式