scispace - formally typeset
Search or ask a question
Patent

System and method for protection of digital works

Xin Wang1
26 Mar 2001-
TL;DR: An additive encryption scheme is a particular type of encryption scheme which preserves formatting of a digital work as mentioned in this paper, which enables the rendering or replay application to process the encrypted document into encrypted presentation data without decrypting it first.
Abstract: A method of protecting a digital work uses a format preserving encryption scheme to encrypt the digital work. This enables any native replay application or rendering application to transform an encrypted digital work into encrypted presentation data. The originator's digital content is protected in its original form by not being decrypted. This method enables the rendering or replay application to process the encrypted document into encrypted presentation data without decrypting it first. Encrypted presentation data is then decrypted just before it is displayed to the user. An additive encryption scheme is a particular type of encryption scheme which preserves formatting of a digital work.
Citations
More filters
Patent
21 Nov 2001
TL;DR: In this paper, a set top box (STB) accesses a verification entity via a persistent network connection, and the STB receives an encrypted access key from an access key source corresponding to a segment of encrypted digital content.
Abstract: In response to a user request to view specific digital content, the user's set top box (STB) accesses a verification entity via a persistent network connection. The STB establishes the user's identity with the verification entity, for instance, by reading identity credentials from a smart card. In response to the verification entity having stored a license for the user to view the digital content, the STB receives a license key from the verification entity. In addition, the STB receives an encrypted access key from an access key source corresponding to a segment of encrypted digital content. The license key is used to decrypt the encrypted access key, which is, in turn, used to decrypt the segment of encrypted digital content. A user may transfer his or her license in whole or in part to another user by sending a transfer request to the verification entity.

281 citations

Patent
13 Jun 2003
TL;DR: In this article, fault information relating to a fault associated with the operation of guest software is received, and a determination is made as to whether the fault information satisfies one or more filtering criterion.
Abstract: In one embodiment, fault information relating to a fault associated with the operation of guest software is received. Further, a determination is made as to whether the fault information satisfies one or more filtering criterion. If the determination is positive, control remains with the guest software and is not transferred to the virtual machine monitor (VMM).

222 citations

Patent
15 Aug 2001
TL;DR: In this article, the transitions among schedulable entities executing in a computer system are tracked in computer hardware or in a virtual machine monitor, and the virtual machine monitors derive scheduling information from the transitions to enable a VM system to guarantee adequate scheduling quality of service to real-time applications executing in virtual machines that contain both realtime and non-realtime applications.
Abstract: Transitions among schedulable entities executing in a computer system are tracked in computer hardware or in a virtual machine monitor. In one aspect, the schedulable entities are operating system processes and threads, virtual machines, and instruction streams executing on the hardware. In another aspect, the schedulable entities are processes or threads executing within the virtual machines under the control of the virtual machine monitor. The virtual machine monitor derives scheduling information from the transitions to enable a virtual machine system to guarantee adequate scheduling quality of service to real-time applications executing in virtual machines that contain both real-time and non-real-time applications. In still another aspect, a parent virtual machine monitor in a recursive virtualization system can use the scheduling information to schedule a child virtual machine monitor that controls multiple virtual machines.

206 citations

Patent
Robert Knauerhase1, Vijay Tewari1
26 Jun 2003
TL;DR: In this article, a method, system, and apparatus for virtual machine management is described, where the processor state information associated with a processor is evaluated and used to manage one or more virtual machines.
Abstract: A method, system, and apparatus are provided for virtual machine management. According to one embodiment, processor state information associated with a processor is evaluated, and the processor state information is used to manage one or more virtual machines.

205 citations

Patent
27 Dec 2000
TL;DR: In this article, a method for supporting address translation in a virtual-machine environment includes creating a guest translation data structure to be used by a guest operating system for address translation operations, and creating an active translation data structures based on the guest data structure.
Abstract: In one embodiment, a method for supporting address translation in a virtual-machine environment includes creating a guest translation data structure to be used by a guest operating system for address translation operations, creating an active translation data structure based on the guest translation data structure, and periodically modifying the content of the active translation data structure to conform to the content of the guest translations data structure. The content of the active translation data structure is used by a processor to cache address translations in a translation-lookaside buffer (TLB).

160 citations

References
More filters
Patent
30 Sep 2010
TL;DR: In this article, the authors proposed a secure content distribution method for a configurable general-purpose electronic commercial transaction/distribution control system, which includes a process for encapsulating digital information in one or more digital containers, a process of encrypting at least a portion of digital information, a protocol for associating at least partially secure control information for managing interactions with encrypted digital information and/or digital container, and a process that delivering one or multiple digital containers to a digital information user.
Abstract: PROBLEM TO BE SOLVED: To solve the problem, wherein it is impossible for an electronic content information provider to provide commercially secure and effective method, for a configurable general-purpose electronic commercial transaction/distribution control system. SOLUTION: In this system, having at least one protected processing environment for safely controlling at least one portion of decoding of digital information, a secure content distribution method comprises a process for encapsulating digital information in one or more digital containers; a process for encrypting at least a portion of digital information; a process for associating at least partially secure control information for managing interactions with encrypted digital information and/or digital container; a process for delivering one or more digital containers to a digital information user; and a process for using a protected processing environment, for safely controlling at least a portion of the decoding of the digital information. COPYRIGHT: (C)2006,JPO&NCIPI

7,643 citations

Patent
13 Aug 1998
TL;DR: In this article, the authors describe a method and apparatus of securely providing data to a user's system, where the data is encrypted so as to only be decryptable by a data decrypting key.
Abstract: Disclosed is a method and apparatus of securely providing data to a user's system. The data is encrypted so as to only be decryptable by a data decrypting key, the data decrypting key being encrypted using a first public key, and the encrypted data being accessible to the user's system, the method comprising the steps of: transferring the encrypted data decrypting key to a clearing house that possesses a first private key, which corresponds to the first public key; decrypting the data decrypting key using the first private key; re-encrypting the data decrypting key using a second public key; transferring the re-encrypted data decrypting key to the user's system, the user's system possessing a second private key, which corresponds to the second public key; and decrypting the re-encrypted data decrypting key using the second private key.

1,610 citations

Patent
23 Nov 1995
TL;DR: In this article, a system for controlling use and distribution of digital works, in which the owner of a digital work attaches usage rights to that work, is presented, where each right has associated with it certain optional specifications which outline the conditions and fees upon which the right may be exercised.
Abstract: A system for controlling use and distribution of digital works, in which the owner of a digital work (101) attaches usage rights (102) to that work. Usage rights are granted by the "owner" of a digital work to "buyers" of the digital work. The usage rights define how a digital work may be used and further distributed by the buyer. Each right has associated with it certain optional specifications which outline the conditions and fees upon which the right may be exercised. Digital works are stored in a repository. A repository will process each request (103,104) to access a digital work by examining the corresponding usage rights (105). Digital work playback devices, coupled to the repository containing the work, are used to play, display or print the work. Access to digital works for the purposes of transporting between repositories (e.g. copying, borrowing or transfer) is carried out using a digital work transport protocol. Access to digital works for the purposes of replay by a digital work playback device(e.g. printing, displaying or executing) is carried out using a digital work playback protocol. Access is denied (106) or granted (107) depending whether the requesting repository has the required usage rights.

1,279 citations

Patent
Sholom S. Rosen1
13 Nov 1992
TL;DR: In this article, an electronic-monetary system has been proposed, where banks or financial institutions are coupled to a money generator device for generating and issuing to subscribing customers electronic money including electronic currency backed by demand deposits and electronic credit authorizations.
Abstract: An electronic-monetary system having (1) banks or financial institutions that are coupled to a money generator device for generating and issuing to subscribing customers electronic money including electronic currency backed by demand deposits and electronic credit authorizations; (2) correspondent banks that accept and distribute the electronic money; (3) a plurality of transaction devices that are used by subscribers for storing electronic money, for performing money transactions with the on-line systems of the participating banks or for exchanging electronic money with other like transaction devices in off-line transactions; (4) teller devices, associated with the issuing and correspondent banks, for process handling and interfacing the transaction devices to the issuing and correspondent banks, and for interfacing between the issuing and correspondent banks themselves; (5) a clearing bank for balancing the electronic money accounts of the different issuing banks; (6) a data communications network for providing communications services to all components of the system; and (7) a security arrangement for maintaining the integrity of the system, and for detecting counterfeiting and tampering within the system. An embodiment of the invention includes a customer service module which handles lost money claims and links accounts to money modules for providing bank access.

1,184 citations

Patent
08 Oct 1987
TL;DR: In this article, a "return on investment" digital database usage metering, billing, and security system includes a hardware device which is plugged into a computer system bus (or into a serial or other functionally adequate connector) and a software program resident in the hardware device.
Abstract: A "return on investment" digital database usage metering, billing, and security system includes a hardware device which is plugged into a computer system bus (or into a serial or other functionally adequate connector) and a software program system resident in the hardware device. One or more databases are encrypted and stored on a non-volatile mass storage device (e.g., an optical disk). A tamper-proof decrypting device and associated controller decrypts selected portions of the stored database and measures the quantity of information which is decrypted. This measured quantity information is communicated to a remote centralized billing facility and used to charge the user a fee based on database usage. A system may include a "self-destruct" feature which .disables system operation upon occurrence of a predetermined event unless the user implements an "antidote"--instructions for implementing the antidote being given to him by the database owner only if the user pays his bill. Absolute database security and billing based on database usage are thus provided in a system environment wherein all database access tasks are performed at the user's site. Moreover, a free market competitive environment is supported because literary property royalties can be calculated based on actual data use.

1,132 citations