US9270447B2 - Demand based encryption and key generation and distribution systems and methods - Google Patents

Demand based encryption and key generation and distribution systems and methods Download PDF

Info

Publication number
US9270447B2
US9270447B2 US14/460,466 US201414460466A US9270447B2 US 9270447 B2 US9270447 B2 US 9270447B2 US 201414460466 A US201414460466 A US 201414460466A US 9270447 B2 US9270447 B2 US 9270447B2
Authority
US
United States
Prior art keywords
data file
requester
encryption key
key management
processor
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
US14/460,466
Other versions
US20140369501A1 (en
Inventor
Arvind Gidwani
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to US14/460,466 priority Critical patent/US9270447B2/en
Publication of US20140369501A1 publication Critical patent/US20140369501A1/en
Priority to US15/040,454 priority patent/US20160219021A1/en
Application granted granted Critical
Publication of US9270447B2 publication Critical patent/US9270447B2/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash

Definitions

  • the disclosure relates generally to systems and methods providing a key management platform that generates and distributes demand-based encryption and decryption keys.
  • a computer-implemented method, a system and a computer program product comprising a computer usable medium having a computer readable program code embodied therein that is adapted to be executed to implement a method for providing on-demand encryption and key generation and distribution are described.
  • Certain methods, systems and computer program products may generate a request, identification information identifying a receiver system, and one or more use parameters associate with a data file; send the request to a key management system, wherein the sending of the request is configured to cause the key management system to generate a private encryption key and a public encryption key; send the identification information to the key management system, wherein the sending of the identification information is configured to cause the key management system to send the public encryption key to the receiver system; send the use parameters to the key management system, wherein the sending of the use parameters is configured to cause the key management system to generate the public encryption key based on the use parameters; generate payment information; send the payment information to the key management system, wherein the sending of the payment information is configured to cause the key management system to generate the private encryption key and the public encryption key upon authentication of the payment information; receive the private encryption key from the key management system; modify the data file with the use parameters before the data file is encrypted; encrypt the data file using the private encryption key; send the encrypted data file to the receiving system; send an access instruction to the receiving
  • Other methods, systems and computer program products may receive, from a requester system, a request to generate a private encryption key and a public encryption key; receive, from the requester system, identification information identifying a receiver system; generate a first private encryption key and a first public encryption key in response to receiving the request; send the first private encryption key to the requester system; receive, from the requester system, use parameters; generate, based on the use parameters, the first public encryption key; send the first public encryption key to the receiver system; send an instruction specifying the use parameters to an application running on the receiving system, wherein the application controls access to an encrypted data file that was received from the requester system by the receiver system based on the instruction specifying the use parameters; generate one or more passcodes associated with the first private encryption key and the first public encryption key; send at least one of the passcodes to the requester system; and/or send at least one of the passcodes to the receiver system.
  • FIG. 1 shows a block diagram depicting an on-demand encryption system for generating and distributing encryption information in response to user request.
  • FIG. 2 illustrates a process flow diagram detailing a process relating to the on-demand encryption system of FIG. 1 .
  • FIG. 3 illustrates a process flow diagram detailing a process relating to the on-demand encryption system of FIG. 1 .
  • This disclosure relates generally to one or more systems, methods, and computer program products for distributing encryption information.
  • the disclosure may be implemented to provide services to a user to generate encryption keys to protect content and to communicate the associated encryption keys to one or more appropriate users.
  • the disclosed system may be used to incorporate other security features, such as temporal, geographical, and usage restrictions into the encrypted file.
  • Each of these services may be provided on-demand and in response to user selected inputs.
  • Encryption of any type of content is contemplated, including content stored in any format (e.g., PDG, JPEG, WORD, EXCEL, and others) and containing any type of information (e.g., video, audio, text, and others).
  • FIG. 1 depicts certain aspects of the disclosure relating to an on-demand encryption system 100 for generating and distributing encryption information in response to user request.
  • the system 100 may be configured to include a communication platform 110 , a requester platform 120 , a receiver platform 130 , and a key management platform 140 .
  • the term “platform” as used herein may refer to a single component, a grouping of remote components at multiple locations, or a centralized grouping of components at a single location.
  • a platform may include components that may be hosted by, or services that may be offered by parties other than those directly associated with each platform.
  • a platform may further include hardware, software, or other solutions and other components configured to exchange and process data and instructions using various protocols across various network communication pathways. Certain aspects of each platform are described in more detail below. It is to be understood that the description herein is not intended to be limiting, and alternative embodiments are contemplated as understood by one of skill in the art.
  • the communication platform 110 may be configured to provide communication links among the various other platforms.
  • the communication platform 110 may utilize any one or a combination of known communication networks and connections to facilitate communication in the system 100 , including the Internet, private networks, local area networks, cellular or other over-the-air wireless carrier interfaces (e.g., CDMA, UMTS, GSM, LTE), Bluetooth, Wi-Fi, and other wired and wireless communication pathways.
  • Any communication network may be utilized alone or in combination to provide connectivity for the system 100 .
  • the requester platform 120 may include any suitable computing device that is configured to allow a user to interact with other platforms of the system 100 .
  • the user device may be any of numerous general purpose or special purpose computing system environments or configurations. Examples of well-known computing devices, systems, environments, and/or configurations thereof that may be suitable for use in accordance with particular embodiments of the disclosure include, but are not limited to, personal computers, hand-held or laptop devices, mobile phones, tablet and e-readers, and programmable consumer electronics.
  • the requester platform 120 may include various components, including a processor 121 , a display 123 , a database 124 , a camera (not shown), an input/output interface (e.g., a touch screen, keyboard, mouse) (not shown), and memory 122 from which software may be executed.
  • the requester platform 120 may also include various software applications, including those that operate in conjunction with a web browser (e.g., through a LAN connection or radio link), and those that operate without web connectivity.
  • the receiver platform 130 may include any suitable computing device that is configured to allow a user to interact with other platforms of the system 100 .
  • the user device may be any of numerous general purpose or special purpose computing system environments or configurations. Examples of well-known computing devices, systems, environments, and/or configurations thereof that may be suitable for use in accordance with particular embodiments of the disclosure include, but are not limited to, personal computers, hand-held or laptop devices, mobile phones, tablet and e-readers, and programmable consumer electronics.
  • the receiver platform 130 may also include the various components (e.g., processor, display, database, input/output interfaces, memory, etc.) described in the requester platform 120 , although not shown in the receiver platform 130 of FIG. 1 .
  • the receiver platform 130 may also include various software applications, including those that operate in conjunction with a web browser (e.g., through a LAN connection or radio link), and those that operate without web connectivity.
  • the requester platform 120 and the receiver platform 130 may each be implemented on a mobile phone device.
  • An application stored in the phone's memory, may be utilized by a user to choose encryption and decryption methods (where additional applications may perform the actual encryption and decryption), set or monitor expiration and usage parameters relating to encrypted or decrypted content, and to interact with the key management platform 140 .
  • the application may be further configured to provide other features of the system 100 as described in more detail below.
  • the requester and receiver platforms may be configured to operate on other similar devices such as computers, notebooks, PDAs, web browsers, and other peer to peer environments.
  • the key management platform 140 may be configured to control the generation and distribution of encryption information for the system.
  • the key management platform 140 may reside on the requester platform 120 (e.g., in a secure location of the requester platform 120 ).
  • the key management platform 140 may generate encryption information, such as private and public keys, in response to user requests (e.g., from the requester platform 120 ).
  • the key management platform 140 may set parameters relating to use of encrypted content.
  • the key management platform 140 may be further configured to serve as a central provider of encryption services to both requester and receiver users, and may control the encryption and distribution of files.
  • the management platform 140 may include, one or more input/output interfaces (not shown), processors 141 , servers 142 , databases 143 , memory 144 , or similar components.
  • processors 141 may include, one or more input/output interfaces (not shown), processors 141 , servers 142 , databases 143 , memory 144 , or similar components.
  • processors 141 may include, one or more input/output interfaces (not shown), processors 141 , servers 142 , databases 143 , memory 144 , or similar components.
  • the database 143 may be referred to herein as a hard disk drive for convenience, but this is not required, and one of ordinary skill in the art will recognize that other storage media may be utilized without departing from the scope of the disclosure. In addition, one of ordinary skill in the art will recognize that the database 143 which is depicted as a single storage device, may be realized by multiple (e.g., distributed) storage devices.
  • the database 143 may include one or more types of a databases, including hierarchical databases, network databases, relational databases, non-relational databases, object-oriented databases, or another type of database able to handle various data types (e.g., structured data that fits nicely into fields, rows, and columns, or data from various media sources such as graphics, photographs, audio, and video structured data.
  • the database 143 may store data in a fixed file format, such as XML, comma separated values, tab separated values, or fixed length fields.
  • the database 143 may store data in a non-fixed file format (e.g., a NoSQL database).
  • the key management platform 140 may comprise a software solution 145 with various modules implemented in software, including: (i) a user profile module 145 A; (ii) encryption module 145 B; (iii) communication module 145 C; and (iv) validation module 145 D.
  • the processor 141 may be configured to execute instructions embodied in the software solution 145 , which may be stored in memory 144 .
  • the software solution 145 may be configured to operate on personal computers (e.g., handheld, notebook or desktop, cell phones, PDA, consumer electronics, etc.), servers (e.g., a single server configuration or a multiple server configuration), or any device capable of processing instructions embodied in executable code.
  • personal computers e.g., handheld, notebook or desktop, cell phones, PDA, consumer electronics, etc.
  • servers e.g., a single server configuration or a multiple server configuration
  • any device capable of processing instructions embodied in executable code e.g., a single server configuration or a multiple server configuration
  • Modules 145 A-D may operate in concert with each other to perform certain functions of the software solution 145 , as described herein.
  • the user profile module 145 A may be configured to collect and organize information on users who interact with the system.
  • the user profile module 145 A may prompt appropriate user data at the user devices (e.g., at the requester platform 120 and the receiver platform 130 ).
  • user data may include name, address, payment information, and other related user information.
  • the data may then be organized into a user profile which a user may utilize to make subsequent encryption purchases or other interactions with the key management platform 140 .
  • a user may be provided with a user name and password associated with the user's profile to enable the key management platform 140 to authenticate the user and access any profile data or stored encryption data.
  • the user profile module 145 A may be further configured to associate encryption with particular devices or other security options which may apply to future encryption requests.
  • the encryption module 145 B may be configured to generate encryption information in accordance with many available encryption protocols. Specifically, the encryption module 145 B controls the generation of encryption keys that incorporate use parameters concerning the encryption.
  • use parameters may form part of the encryption key, may be embedded into the encrypted content (e.g., as part of metadata), or may be set forth in a separate file.
  • the use parameters may be operated on by various means, including computer applications that interpret the use parameters, monitor conditions associated with the use parameters, and control access to encrypted or decrypted content based on the use parameters.
  • content received by a receiver platform 130 may “self-destruct” when an application running on the receiver platform 130 in a protected determines that certain use parameters have been met, and then deletes the content.
  • Encryption keys may also employ digital rights management (DRM) access control technologies that limit the use of the content after receipt (e.g., using persistent online authentication, using metadata in the key or the encrypted content that includes information relating to use parameters, and other technologies).
  • DRM digital rights management
  • the encryption module 145 B may generate a private and public encryption key pair, and then send one key of the pair to the requester platform 120 , where that key is used to encrypt a file residing at the requester platform 120 , and also send the other key of the pair to the receiver platform 130 .
  • a user may provide the file to be encrypted to the key management platform 140 and the encryption module may prepare (e.g., security scan) and encrypt the file into a format to be sent back to the requester.
  • the encrypted file may instead be kept at the key management platform 140 so it may be downloaded and decrypted at a later time.
  • the encryption module may also provide decryption services to a receiving user either through upload of an encrypted file with the correct associated public key or a user may download the encrypted file from the key management platform 140 after correctly providing the associated public key.
  • the communication module 145 C may be configured to provide communication services from the key management platform 140 to the other platforms.
  • the communication module 145 C may be further configured to utilize encrypted communications to allow secure transmission of information from the key management platform 140 . Private and public key security may be compromised if the communication of the keys and other associated information is not protected during transmission to the user platforms 120 - 130 .
  • the communication module 145 C may provide security when transmitting sensitive data over the communications platform 110 .
  • One skilled in the art will appreciate the many known methods for data security and encryption over communication networks and should not be read in a limiting sense.
  • the validation module 145 D may be configured to validate keys that have been transmitted to users.
  • the validation module 145 D may store information about each encryption which may be utilized by users to verify that the correct key has been provided.
  • the validation module 145 D may also provide other known validation techniques to ensure that keys are transmitted to users error free.
  • FIG. 2 illustrates a high level process flow diagram detailing the data communication process flow for implementing certain features of the system 100 of FIG. 1 .
  • the process flow may be executed through data exchange between several components, including a requester platform 120 , a receiver platform 130 , and a key management platform 140 .
  • a user of the requester platform 120 may launch a secure content exchange application.
  • the launched application may initiate an encryption service and communicate with the key management platform 140 .
  • a user may be presented with options for acquiring a particular type of encryption, for setting use parameters, and for setting an intended recipient at the receiver platform 130 .
  • different types of encryption e.g., hash, RSA, etc.
  • Each type of standard encryption algorithm may offer unique benefits to a particular user.
  • a user may choose additional security features such as a pass phrase to further protect the user's content.
  • a user may be presented with options regarding any usage parameters the user wishes to set, where access privileges to encrypted or decrypted content may become invalid based on various conditions. For instance, a user may limit decryption by a particular device identified by, for example, its IP address, MAC address, serial number, or other unique identifying information associated with a particular device, which may prevent unauthorized copying or moving of encrypted or decrypted content to unauthorized devices. Particular information about a user may also be used, including date of birth, social security numbers, phone number, residence address, email address, driver license number or other digital fingerprints.
  • a user may limit whether the content may be copied or altered and may restrict the number of times the content may be viewed or decrypted.
  • the restrictions may also be temporal (e.g., content may only be decrypted within a particular time period accounting for time zones associated with users), or the restrictions may be geographically (e.g., content may only be decrypted by a device within a certain geographic area of the world as determined by geo-fencing technologies and other location technologies).
  • the restrictions may also require re-encryption of the information, its subparts, or its subsequent versions, before it can be forwarded to another user or device.
  • the restrictions may further require action on the part of the receiving user (e.g., the decrypted information must be moved to a secure file identified by the requesting user).
  • a user may choose to request encryption which may be opened by either a single receiver or multiple receivers, and may wish to set different use parameters for each receiver, or may wish to set use parameters that are dependent upon certain actions associated with use of the encrypted content over time and by some or all of the receivers.
  • Status updates and alerts may also be sent to requester platform 120 or key management platform 140 .
  • the platforms 120 and 140 may, in response to the updates and alerts, initiate control over use of the originally encrypted content.
  • the application may communicate a request to the key management platform 140 . All of the information communicated concerning the user's encryption request may be included in the communication.
  • the key management platform 140 receives a request for encryption and determines whether the user is a known user or new user. If the user is unknown, the key management platform 140 may communicate with the requester platform 120 to facilitate an exchange of new user information. For example, a new user may input their name, address, billing information, and other user related information as well as agree to appropriate documentation before the key management platform 140 will distribute any encryption information to the requester 120 or receiver devices 130 . Once the user information is gathered, the key management platform 140 generates a user profile for the new user which may be used in the future to identify the particular user. As previously discussed the user profile may be stored in the database 143 .
  • the key management platform 140 may authenticate a user, utilizing the user's profile generated at step 230 . Once authenticated, the key management platform 140 may also communicate with the requester platform 120 to gather any additional data or configuration options as needed.
  • Payment options may also be presented to the user to pay for the encryption service.
  • a user may choose to pay on monthly installments for limited or unlimited use, or may choose to purchase individual, upon-use encryption services as needed.
  • Alternative subscription services known in the art are also contemplated.
  • the price may vary with the type of encryption requested and the additional security and usage parameters selected by the user.
  • the user may input appropriate payment information (e.g., credit card, checking account, etc.) and the key management platform 140 may process the payment.
  • the key management platform generates the encryption information according to the user's request.
  • encryption requires different types of data to be generated.
  • RSA encryption involves the generation of a public and private key. Encrypted content may only be decrypted by matching the appropriate public key with the private key.
  • the key management platform 140 may utilize a number of different methods for providing encryption services depending on the particular demands.
  • the generated private and public keys may be distributed to the requester platform 120 as well as to the receiver platform 130 , where the actual encryption and decryption of content occurs at those platforms.
  • the requesting user may communicate or “upload” the content to be encrypted to the key management platform 140 for encryption using the requester platform 120 . Since the uploaded content (e.g., file) is available to the key management platform 140 , the file may be scanned for security issues and the selected encryption method may be embedded into the content's file itself.
  • the uploaded content e.g., file
  • This method may increase security because, in the case of RSA encryption, the private key may be encapsulated into the file at the key management platform 140 eliminating the need to transmit the private key to the requester platform 120 and reducing the risk of security compromise. Moreover, by limiting the availability of the private key to the users of the system, the encryption key generation method may be better protected from unscrupulous individuals gathering, or “mining,” public and private keys in an attempt to break the key generation algorithm. This method may also help protect against a user that misplaces the private key or, for some reason, does not encrypt the user's file using the correct private key (e.g., input mistakes, copy errors, etc.). Generally, the key management platform 140 may act as a central hub which may control the encryption and distribution of user files.
  • the generated keys are communicated to the appropriate users at associated platforms.
  • a private key may be distributed to the requesting user at the requester platform 120 .
  • the associated public key may be distributed to the receiving user at the receiver platform 130 .
  • Any communication link or protocol may be used to transmit the keys; however, a secure encrypted communication link may be used to increase security.
  • the requester user may validate the private key which has been transmitted. Any error in the private key may prevent the encryption algorithm from successfully encrypting or decrypting a file. Validation of the keys, once received at the requester platform 120 may help to ensure that the private key has been accurately transmitted. In one embodiment, verification of the private key may be facilitated by communicating with the key management platform 140 to check that the private key received matches the private key which was transmitted. (Similar validation may occur in relation to the public key between the receiver platform 130 and the key management platform 140 .)
  • a user at the requester platform 120 may encrypt the content file using the private key which was provided by the key management platform 140 . Once encrypted the file may be transmitted to the receiver platform 130 . Transmission may occur over various means, including ftp, sftp, https, http, tcp stack applicaitons, and other peer-to-peer technologies known in the art. Use parameters may also be set by a user at the requester platform 120 (as opposed to at the key management platform 140 ).
  • the receiver user may decrypt the file at the receiver platform 130 .
  • the content may be viewed or otherwise interacted with by the receiver user.
  • the other security options chosen by the requester such as temporal or geographical restrictions, may take effect and limit how the receiver user interacts with the content.
  • Such restrictions may be autonomously enforced at the receiver platform 130 (e.g., via a software module for controlling access to encrypted or decrypted content), or may be enforced by instructions/permissions received from the requester 120 or the key management platform 140 via the communication platform 110 .
  • FIG. 3 illustrates a high level process flow diagram detailing the encryption process for implementing certain features of the requester 120 and receiver platforms 130 .
  • the flow of FIG. 3 is similar to that of FIG. 2 .
  • a user may launch a secure content exchange application.
  • the user may select options regarding encryption methods and security features and may communicate a request to the key management platform 140 .
  • the system may attempt to authenticate a user. If the user is unknown to the system, it may generate prompts to gather appropriate user data.
  • the user inputs the appropriate information and registers as a new user to the system. A user may be provided with a username and password.
  • the user data is organized and stored to generate a user profile which may be utilized in the future to authenticate a particular user.
  • encryption information such as private and public key pairs are generated in accordance with the user's preferences.
  • the private and public keys are transmitted to the requester and receiver user's respectively.
  • a user may use the provided private key to encrypt content to be transmitted to the receiver.
  • a receiver user acquires the encrypted content and may use the previously received public key to decrypt and access the content.
  • the encryption keys may become invalidated in accordance with user selected security protocols or in response to user actions.
  • DSP digital signal processor
  • ASIC application specific integrated circuit
  • FPGA field programmable gate array
  • a general purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine.
  • a processor may also be implemented as a combination of computing devices, e.g., a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration.
  • one or more of the process steps described herein may be stored in memory as computer program instructions. These instructions may be executed by a digital signal processor, an analog signal processor, and/or another processor, to perform the methods described herein. Further, the processor(s), the memory, the instructions stored therein, or a combination thereof may serve as a means for performing one or more of the method steps described herein.
  • the functions described may be implemented in hardware, software, firmware, or any combination thereof. If implemented in software, the functions may be stored on or encoded as one or more instructions or code on a computer-readable medium.
  • Computer-readable media includes computer storage media. Storage media may be any available media that can be accessed by a computer. By way of example, and not limitation, such computer-readable media can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer.
  • Disk and disc includes compact disc (CD), laser disc, optical disc, digital versatile disc (DVD), floppy disk and Blu-ray disc where disks usually reproduce data magnetically, while discs reproduce data optically with lasers. Combinations of the above should also be included within the scope of computer-readable media.
  • Any processor and the storage medium may reside in an ASIC.
  • the ASIC may reside in a user terminal.
  • the processor and the storage medium may reside as discrete components in a user terminal.
  • the computing network generally includes computer hardware components such as servers, monitors, I/O devices, network connection devices, as well as other associated hardware.
  • the aspects and features described below may include one or more application programs configured to receive, convert, process, store, retrieve, transfer and/or export data and other content and information.
  • these aspects and features may include one or more processors that may be coupled to a memory space comprising SRAM, DRAM, Flash and/or other physical memory devices.
  • Memory space may be configured to store an operating system (OS), one or more application programs, such as a UI program, data associated with the pertinent aspect or feature, applications running on processors in the device, user information, or other data or content.
  • OS operating system
  • application programs such as a UI program
  • the various aspects and features of the present disclosure may further include one or more User I/O interfaces, such as keypads, touch screen inputs, mice, Bluetooth devices or other I/O devices.
  • the certain aspects and features may include a cellular or other over the air wireless carrier interface, as well as a network interface that may be configured to communicate via a LAN or wireless LAN (WiLAN), such as a Wi-Fi network.
  • WiLAN wireless LAN
  • Other interfaces, such as USB or other wired interfaces may also be included.
  • computer program products comprising computer-readable media including all forms of computer-readable medium except, to the extent that such media is deemed to be non-statutory, transitory propagating signals.

Abstract

Systems and methods providing a key management platform that generates and distributes demand-based encryption and decryption keys are described.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS
This is a continuation application of U.S. application Ser. No. 13/667,980, entitled “DEMAND BASED ENCRYPTION AND KEY GENERATION AND DISTRIBUTION SYSTEMS AND METHODS”, filed Nov. 2, 2012, which is hereby icorporated by reference herein in its entirety for all purposes and which application claims priority under 35 U.S.C. §119(e) to U.S. Provisional Patent Application Ser. No. 61/555,124, filed Nov. 3, 2011, entitled DEMAND BASED ENCRYPTION AND KEY GENERATION AND DISTRIBUTION, which are hereby incorporated by reference herein in their entirety for all purposes.
FIELD OF THE DISCLOSURE
The disclosure relates generally to systems and methods providing a key management platform that generates and distributes demand-based encryption and decryption keys.
BACKGROUND OF THE DISCLOSURE
Current encryption standards are predominantly implemented in server-type resources in which data is sent to a central server and encrypted as a backend process. A decryption key is then sent to the end user for local use. Such methods fail to address direct peer-to-peer environments such as communication between mobile devices, including CDMA, UMTS, GSM, LTE and other formats as well as communications over WIFI, WI-MAX, variants of 802.11x, and emerging standards.
SUMMARY OF THE DISCLOSURE
In accordance with the present disclosure, a computer-implemented method, a system and a computer program product comprising a computer usable medium having a computer readable program code embodied therein that is adapted to be executed to implement a method for providing on-demand encryption and key generation and distribution are described.
Certain methods, systems and computer program products may generate a request, identification information identifying a receiver system, and one or more use parameters associate with a data file; send the request to a key management system, wherein the sending of the request is configured to cause the key management system to generate a private encryption key and a public encryption key; send the identification information to the key management system, wherein the sending of the identification information is configured to cause the key management system to send the public encryption key to the receiver system; send the use parameters to the key management system, wherein the sending of the use parameters is configured to cause the key management system to generate the public encryption key based on the use parameters; generate payment information; send the payment information to the key management system, wherein the sending of the payment information is configured to cause the key management system to generate the private encryption key and the public encryption key upon authentication of the payment information; receive the private encryption key from the key management system; modify the data file with the use parameters before the data file is encrypted; encrypt the data file using the private encryption key; send the encrypted data file to the receiving system; send an access instruction to the receiving system, wherein the sending of the access instruction is configured to prohibit the receiving system from accessing the data file after a first number of access attempts by the receiving system and after an elapsed time period from when the encrypted data file was sent to the receiving system; receive a notification relating to an attempt, by the receiving system, at taking an action in relation to the data file; generate, based on the notification, an instruction configured to deny the action; and/or send the instruction to the receiving system, wherein the sending of the instruction is configured to prevent the receiving system from completing the action. A processing component may encrypt the data file based on the use parameters. Use parameters may specify an expiration date of the public encryption key.
Other methods, systems and computer program products may receive, from a requester system, a request to generate a private encryption key and a public encryption key; receive, from the requester system, identification information identifying a receiver system; generate a first private encryption key and a first public encryption key in response to receiving the request; send the first private encryption key to the requester system; receive, from the requester system, use parameters; generate, based on the use parameters, the first public encryption key; send the first public encryption key to the receiver system; send an instruction specifying the use parameters to an application running on the receiving system, wherein the application controls access to an encrypted data file that was received from the requester system by the receiver system based on the instruction specifying the use parameters; generate one or more passcodes associated with the first private encryption key and the first public encryption key; send at least one of the passcodes to the requester system; and/or send at least one of the passcodes to the receiver system.
BRIEF DESCRIPTION OF THE DRAWINGS
The present application may be more fully appreciated in connection with the following detailed description taken in conjunction with the accompanying drawings:
FIG. 1 shows a block diagram depicting an on-demand encryption system for generating and distributing encryption information in response to user request.
FIG. 2 illustrates a process flow diagram detailing a process relating to the on-demand encryption system of FIG. 1.
FIG. 3 illustrates a process flow diagram detailing a process relating to the on-demand encryption system of FIG. 1.
DETAILED DESCRIPTION OF THE DISCLOSURE
Various aspects of the disclosure are described below. It should be apparent that the teachings herein may be embodied in a wide variety of forms and that any specific structure, function, or both, being disclosed herein is merely representative. Based on the teachings herein one skilled in the art should appreciate that any aspect disclosed may be implemented independently of any other aspects and that two or more of these aspects may be combined in various ways. For example, a system may be implemented or a method may be practiced using any number of the aspects set forth herein.
This disclosure relates generally to one or more systems, methods, and computer program products for distributing encryption information. Generally, the disclosure may be implemented to provide services to a user to generate encryption keys to protect content and to communicate the associated encryption keys to one or more appropriate users. Furthermore, the disclosed system may be used to incorporate other security features, such as temporal, geographical, and usage restrictions into the encrypted file. Each of these services may be provided on-demand and in response to user selected inputs. Encryption of any type of content is contemplated, including content stored in any format (e.g., PDG, JPEG, WORD, EXCEL, and others) and containing any type of information (e.g., video, audio, text, and others).
Additional details are provided in the examples below.
Example Systems
Attention is first drawn to FIG. 1, which depicts certain aspects of the disclosure relating to an on-demand encryption system 100 for generating and distributing encryption information in response to user request. The system 100 may be configured to include a communication platform 110, a requester platform 120, a receiver platform 130, and a key management platform 140. The term “platform” as used herein may refer to a single component, a grouping of remote components at multiple locations, or a centralized grouping of components at a single location. A platform may include components that may be hosted by, or services that may be offered by parties other than those directly associated with each platform. A platform may further include hardware, software, or other solutions and other components configured to exchange and process data and instructions using various protocols across various network communication pathways. Certain aspects of each platform are described in more detail below. It is to be understood that the description herein is not intended to be limiting, and alternative embodiments are contemplated as understood by one of skill in the art.
Communication Platform 110
The communication platform 110 may be configured to provide communication links among the various other platforms. For example, the communication platform 110 may utilize any one or a combination of known communication networks and connections to facilitate communication in the system 100, including the Internet, private networks, local area networks, cellular or other over-the-air wireless carrier interfaces (e.g., CDMA, UMTS, GSM, LTE), Bluetooth, Wi-Fi, and other wired and wireless communication pathways. Any communication network may be utilized alone or in combination to provide connectivity for the system 100.
Requester Platform 120
The requester platform 120 may include any suitable computing device that is configured to allow a user to interact with other platforms of the system 100. For example, the user device may be any of numerous general purpose or special purpose computing system environments or configurations. Examples of well-known computing devices, systems, environments, and/or configurations thereof that may be suitable for use in accordance with particular embodiments of the disclosure include, but are not limited to, personal computers, hand-held or laptop devices, mobile phones, tablet and e-readers, and programmable consumer electronics. The requester platform 120 may include various components, including a processor 121, a display 123, a database 124, a camera (not shown), an input/output interface (e.g., a touch screen, keyboard, mouse) (not shown), and memory 122 from which software may be executed. The requester platform 120 may also include various software applications, including those that operate in conjunction with a web browser (e.g., through a LAN connection or radio link), and those that operate without web connectivity.
Receiver Platform 130
Similar to the requester platform 120, the receiver platform 130 may include any suitable computing device that is configured to allow a user to interact with other platforms of the system 100. For example, the user device may be any of numerous general purpose or special purpose computing system environments or configurations. Examples of well-known computing devices, systems, environments, and/or configurations thereof that may be suitable for use in accordance with particular embodiments of the disclosure include, but are not limited to, personal computers, hand-held or laptop devices, mobile phones, tablet and e-readers, and programmable consumer electronics. Moreover, the receiver platform 130 may also include the various components (e.g., processor, display, database, input/output interfaces, memory, etc.) described in the requester platform 120, although not shown in the receiver platform 130 of FIG. 1. The receiver platform 130 may also include various software applications, including those that operate in conjunction with a web browser (e.g., through a LAN connection or radio link), and those that operate without web connectivity.
In one embodiment, the requester platform 120 and the receiver platform 130 may each be implemented on a mobile phone device. An application, stored in the phone's memory, may be utilized by a user to choose encryption and decryption methods (where additional applications may perform the actual encryption and decryption), set or monitor expiration and usage parameters relating to encrypted or decrypted content, and to interact with the key management platform 140. The application may be further configured to provide other features of the system 100 as described in more detail below. One skilled in the art will appreciate that the requester and receiver platforms may be configured to operate on other similar devices such as computers, notebooks, PDAs, web browsers, and other peer to peer environments.
Key Management Platform 140
In general, the key management platform 140 may be configured to control the generation and distribution of encryption information for the system. Although not shown, the key management platform 140 may reside on the requester platform 120 (e.g., in a secure location of the requester platform 120). Specifically, the key management platform 140 may generate encryption information, such as private and public keys, in response to user requests (e.g., from the requester platform 120). Moreover, the key management platform 140 may set parameters relating to use of encrypted content. The key management platform 140 may be further configured to serve as a central provider of encryption services to both requester and receiver users, and may control the encryption and distribution of files.
In accordance with certain aspects of the disclosure, the management platform 140 may include, one or more input/output interfaces (not shown), processors 141, servers 142, databases 143, memory 144, or similar components. One of skill in the art will appreciate that some or all of the functionality of the management platform 140 described in further detail below may be performed at one or a combination of the other platforms.
The database 143 may be referred to herein as a hard disk drive for convenience, but this is not required, and one of ordinary skill in the art will recognize that other storage media may be utilized without departing from the scope of the disclosure. In addition, one of ordinary skill in the art will recognize that the database 143 which is depicted as a single storage device, may be realized by multiple (e.g., distributed) storage devices. It is further contemplated that the database 143 may include one or more types of a databases, including hierarchical databases, network databases, relational databases, non-relational databases, object-oriented databases, or another type of database able to handle various data types (e.g., structured data that fits nicely into fields, rows, and columns, or data from various media sources such as graphics, photographs, audio, and video structured data. For example, the database 143 may store data in a fixed file format, such as XML, comma separated values, tab separated values, or fixed length fields. Alternatively, the database 143 may store data in a non-fixed file format (e.g., a NoSQL database).
As further shown in FIG. 1, the key management platform 140 may comprise a software solution 145 with various modules implemented in software, including: (i) a user profile module 145A; (ii) encryption module 145B; (iii) communication module 145C; and (iv) validation module 145D.
The processor 141 may be configured to execute instructions embodied in the software solution 145, which may be stored in memory 144. One of skill in the art will appreciate that the software solution 145 may be configured to operate on personal computers (e.g., handheld, notebook or desktop, cell phones, PDA, consumer electronics, etc.), servers (e.g., a single server configuration or a multiple server configuration), or any device capable of processing instructions embodied in executable code. Moreover, one of ordinary skill in the art will recognize that alternative embodiments, which implement one or more components of the disclosure in hardware, are within the scope of the disclosure.
Attention is now drawn to modules 145A-D of the software solution 145. Modules 145A-D may operate in concert with each other to perform certain functions of the software solution 145, as described herein.
User Profile Module 145A
The user profile module 145A may be configured to collect and organize information on users who interact with the system. The user profile module 145A may prompt appropriate user data at the user devices (e.g., at the requester platform 120 and the receiver platform 130). For example, user data may include name, address, payment information, and other related user information. The data may then be organized into a user profile which a user may utilize to make subsequent encryption purchases or other interactions with the key management platform 140. A user may be provided with a user name and password associated with the user's profile to enable the key management platform 140 to authenticate the user and access any profile data or stored encryption data. The user profile module 145A may be further configured to associate encryption with particular devices or other security options which may apply to future encryption requests.
Encryption Module 145E
The encryption module 145B may be configured to generate encryption information in accordance with many available encryption protocols. Specifically, the encryption module 145B controls the generation of encryption keys that incorporate use parameters concerning the encryption. One skilled in the art will appreciate that many encryption algorithms exist and may include, but is not limited to, for example, hash encryption and RSA encryption standards. The use parameters may form part of the encryption key, may be embedded into the encrypted content (e.g., as part of metadata), or may be set forth in a separate file. The use parameters may be operated on by various means, including computer applications that interpret the use parameters, monitor conditions associated with the use parameters, and control access to encrypted or decrypted content based on the use parameters. In accordance with some aspects, content received by a receiver platform 130 may “self-destruct” when an application running on the receiver platform 130 in a protected determines that certain use parameters have been met, and then deletes the content. Encryption keys may also employ digital rights management (DRM) access control technologies that limit the use of the content after receipt (e.g., using persistent online authentication, using metadata in the key or the encrypted content that includes information relating to use parameters, and other technologies).
In one embodiment, the encryption module 145B may generate a private and public encryption key pair, and then send one key of the pair to the requester platform 120, where that key is used to encrypt a file residing at the requester platform 120, and also send the other key of the pair to the receiver platform 130. Alternatively, a user may provide the file to be encrypted to the key management platform 140 and the encryption module may prepare (e.g., security scan) and encrypt the file into a format to be sent back to the requester. The encrypted file may instead be kept at the key management platform 140 so it may be downloaded and decrypted at a later time. The encryption module may also provide decryption services to a receiving user either through upload of an encrypted file with the correct associated public key or a user may download the encrypted file from the key management platform 140 after correctly providing the associated public key.
Communication Module 145C
The communication module 145C may be configured to provide communication services from the key management platform 140 to the other platforms. The communication module 145C may be further configured to utilize encrypted communications to allow secure transmission of information from the key management platform 140. Private and public key security may be compromised if the communication of the keys and other associated information is not protected during transmission to the user platforms 120-130. The communication module 145C may provide security when transmitting sensitive data over the communications platform 110. One skilled in the art will appreciate the many known methods for data security and encryption over communication networks and should not be read in a limiting sense.
Validation Module 145D
The validation module 145D may be configured to validate keys that have been transmitted to users. The validation module 145D may store information about each encryption which may be utilized by users to verify that the correct key has been provided. The validation module 145D may also provide other known validation techniques to ensure that keys are transmitted to users error free.
Example Processes
Attention may now be drawn to FIG. 2, which illustrates a high level process flow diagram detailing the data communication process flow for implementing certain features of the system 100 of FIG. 1. As shown, the process flow may be executed through data exchange between several components, including a requester platform 120, a receiver platform 130, and a key management platform 140.
At step 210, a user of the requester platform 120 may launch a secure content exchange application. At step 220, the launched application may initiate an encryption service and communicate with the key management platform 140. Once communication between the requester platform 120 and the key management platform 140 is established, a user may be presented with options for acquiring a particular type of encryption, for setting use parameters, and for setting an intended recipient at the receiver platform 130. For example, different types of encryption (e.g., hash, RSA, etc.) may be made available to the user. Each type of standard encryption algorithm may offer unique benefits to a particular user. Additionally, a user may choose additional security features such as a pass phrase to further protect the user's content.
In addition to security features, a user may be presented with options regarding any usage parameters the user wishes to set, where access privileges to encrypted or decrypted content may become invalid based on various conditions. For instance, a user may limit decryption by a particular device identified by, for example, its IP address, MAC address, serial number, or other unique identifying information associated with a particular device, which may prevent unauthorized copying or moving of encrypted or decrypted content to unauthorized devices. Particular information about a user may also be used, including date of birth, social security numbers, phone number, residence address, email address, driver license number or other digital fingerprints.
Moreover, a user may limit whether the content may be copied or altered and may restrict the number of times the content may be viewed or decrypted. The restrictions may also be temporal (e.g., content may only be decrypted within a particular time period accounting for time zones associated with users), or the restrictions may be geographically (e.g., content may only be decrypted by a device within a certain geographic area of the world as determined by geo-fencing technologies and other location technologies). The restrictions may also require re-encryption of the information, its subparts, or its subsequent versions, before it can be forwarded to another user or device. The restrictions may further require action on the part of the receiving user (e.g., the decrypted information must be moved to a secure file identified by the requesting user). Finally, a user may choose to request encryption which may be opened by either a single receiver or multiple receivers, and may wish to set different use parameters for each receiver, or may wish to set use parameters that are dependent upon certain actions associated with use of the encrypted content over time and by some or all of the receivers.
Status updates and alerts may also be sent to requester platform 120 or key management platform 140. The platforms 120 and 140 may, in response to the updates and alerts, initiate control over use of the originally encrypted content.
Once a user has selected the type of encryption desired and the appropriate options, the application may communicate a request to the key management platform 140. All of the information communicated concerning the user's encryption request may be included in the communication.
At step 230, the key management platform 140 receives a request for encryption and determines whether the user is a known user or new user. If the user is unknown, the key management platform 140 may communicate with the requester platform 120 to facilitate an exchange of new user information. For example, a new user may input their name, address, billing information, and other user related information as well as agree to appropriate documentation before the key management platform 140 will distribute any encryption information to the requester 120 or receiver devices 130. Once the user information is gathered, the key management platform 140 generates a user profile for the new user which may be used in the future to identify the particular user. As previously discussed the user profile may be stored in the database 143.
At step 240, the key management platform 140 may authenticate a user, utilizing the user's profile generated at step 230. Once authenticated, the key management platform 140 may also communicate with the requester platform 120 to gather any additional data or configuration options as needed.
Payment options may also be presented to the user to pay for the encryption service. A user may choose to pay on monthly installments for limited or unlimited use, or may choose to purchase individual, upon-use encryption services as needed. Alternative subscription services known in the art are also contemplated. Depending on the subscription service, the price may vary with the type of encryption requested and the additional security and usage parameters selected by the user. Using the requester platform 120, the user may input appropriate payment information (e.g., credit card, checking account, etc.) and the key management platform 140 may process the payment.
At step 250, the key management platform generates the encryption information according to the user's request. One skilled in the art will appreciate that different types of encryption require different types of data to be generated. For example, RSA encryption involves the generation of a public and private key. Encrypted content may only be decrypted by matching the appropriate public key with the private key.
Due to the differences in encryption methods and the required data associated with each, the key management platform 140 may utilize a number of different methods for providing encryption services depending on the particular demands. In one embodiment, the generated private and public keys may be distributed to the requester platform 120 as well as to the receiver platform 130, where the actual encryption and decryption of content occurs at those platforms. However, in another embodiment the requesting user may communicate or “upload” the content to be encrypted to the key management platform 140 for encryption using the requester platform 120. Since the uploaded content (e.g., file) is available to the key management platform 140, the file may be scanned for security issues and the selected encryption method may be embedded into the content's file itself. This method may increase security because, in the case of RSA encryption, the private key may be encapsulated into the file at the key management platform 140 eliminating the need to transmit the private key to the requester platform 120 and reducing the risk of security compromise. Moreover, by limiting the availability of the private key to the users of the system, the encryption key generation method may be better protected from unscrupulous individuals gathering, or “mining,” public and private keys in an attempt to break the key generation algorithm. This method may also help protect against a user that misplaces the private key or, for some reason, does not encrypt the user's file using the correct private key (e.g., input mistakes, copy errors, etc.). Generally, the key management platform 140 may act as a central hub which may control the encryption and distribution of user files.
At step 260, the generated keys are communicated to the appropriate users at associated platforms. A private key may be distributed to the requesting user at the requester platform 120. Similarly, the associated public key may be distributed to the receiving user at the receiver platform 130. Any communication link or protocol may be used to transmit the keys; however, a secure encrypted communication link may be used to increase security.
At step 270, the requester user may validate the private key which has been transmitted. Any error in the private key may prevent the encryption algorithm from successfully encrypting or decrypting a file. Validation of the keys, once received at the requester platform 120 may help to ensure that the private key has been accurately transmitted. In one embodiment, verification of the private key may be facilitated by communicating with the key management platform 140 to check that the private key received matches the private key which was transmitted. (Similar validation may occur in relation to the public key between the receiver platform 130 and the key management platform 140.)
At step 280, a user at the requester platform 120 may encrypt the content file using the private key which was provided by the key management platform 140. Once encrypted the file may be transmitted to the receiver platform 130. Transmission may occur over various means, including ftp, sftp, https, http, tcp stack applicaitons, and other peer-to-peer technologies known in the art. Use parameters may also be set by a user at the requester platform 120 (as opposed to at the key management platform 140).
At step 290, the receiver user may decrypt the file at the receiver platform 130. Once decrypted the content may be viewed or otherwise interacted with by the receiver user. The other security options chosen by the requester, such as temporal or geographical restrictions, may take effect and limit how the receiver user interacts with the content. Such restrictions may be autonomously enforced at the receiver platform 130 (e.g., via a software module for controlling access to encrypted or decrypted content), or may be enforced by instructions/permissions received from the requester 120 or the key management platform 140 via the communication platform 110.
Attention may now be drawn to FIG. 3, which illustrates a high level process flow diagram detailing the encryption process for implementing certain features of the requester 120 and receiver platforms 130. The flow of FIG. 3 is similar to that of FIG. 2.
At step 310, a user may launch a secure content exchange application. At step 320, the user may select options regarding encryption methods and security features and may communicate a request to the key management platform 140.
At step 330, the system may attempt to authenticate a user. If the user is unknown to the system, it may generate prompts to gather appropriate user data. At step 340 a, the user inputs the appropriate information and registers as a new user to the system. A user may be provided with a username and password. At step 340 b, the user data is organized and stored to generate a user profile which may be utilized in the future to authenticate a particular user.
At step 350, encryption information such as private and public key pairs are generated in accordance with the user's preferences. At step 360, the private and public keys are transmitted to the requester and receiver user's respectively.
At step 370, a user may use the provided private key to encrypt content to be transmitted to the receiver. At step 380, a receiver user acquires the encrypted content and may use the previously received public key to decrypt and access the content. Finally, at step 390, the encryption keys may become invalidated in accordance with user selected security protocols or in response to user actions.
Variations to Embodiments
It is understood that the specific order components disclosed herein are examples of exemplary approaches. Based upon design preferences, it is understood that the specific order components may be rearranged, and/or components may be omitted, while remaining within the scope of the present disclosure unless noted otherwise. The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present disclosure. Various modifications to these embodiments may be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
The disclosure is not intended to be limited to the aspects shown herein, but is to be accorded the full scope consistent with the specification and drawings, wherein reference to an element in the singular is not intended to mean “one and only one” unless specifically so stated, but rather “one or more.” Unless specifically stated otherwise, the term “some” refers to one or more. A phrase referring to “at least one of” a list of items refers to any combination of those items, including single members. As an example, “at least one of: a, b, or c” is intended to cover: a; b; c; a and b; a and c; b and c; and a, b and c.
The various illustrative logical blocks, modules, and circuits described in connection with the embodiments disclosed herein may be implemented or performed with a general purpose processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a field programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described herein. A general purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration.
In accordance with certain aspects of the present disclosure, one or more of the process steps described herein may be stored in memory as computer program instructions. These instructions may be executed by a digital signal processor, an analog signal processor, and/or another processor, to perform the methods described herein. Further, the processor(s), the memory, the instructions stored therein, or a combination thereof may serve as a means for performing one or more of the method steps described herein.
Those of skill in the art would understand that information and signals may be represented using any of a variety of different technologies and techniques. For example, data, instructions, commands, information, signals, bits, symbols, and chips that may be referenced throughout the above description may be represented by voltages, currents, electromagnetic waves, magnetic fields or particles, optical fields or particles, or any combination thereof.
Those of skill would further appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components, blocks, modules, circuits, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present disclosure.
In one or more exemplary embodiments, the functions described may be implemented in hardware, software, firmware, or any combination thereof. If implemented in software, the functions may be stored on or encoded as one or more instructions or code on a computer-readable medium. Computer-readable media includes computer storage media. Storage media may be any available media that can be accessed by a computer. By way of example, and not limitation, such computer-readable media can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. Disk and disc, as used herein, includes compact disc (CD), laser disc, optical disc, digital versatile disc (DVD), floppy disk and Blu-ray disc where disks usually reproduce data magnetically, while discs reproduce data optically with lasers. Combinations of the above should also be included within the scope of computer-readable media. Any processor and the storage medium may reside in an ASIC. The ASIC may reside in a user terminal. In the alternative, the processor and the storage medium may reside as discrete components in a user terminal.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present disclosure. Various modifications to these embodiments may be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein. It is intended that the following claims and their equivalents define the scope of the disclosure.
Aspects of the present disclosure are typically carried out in or resident on a computing network. The computing network generally includes computer hardware components such as servers, monitors, I/O devices, network connection devices, as well as other associated hardware. In addition, the aspects and features described below may include one or more application programs configured to receive, convert, process, store, retrieve, transfer and/or export data and other content and information. As an example, these aspects and features may include one or more processors that may be coupled to a memory space comprising SRAM, DRAM, Flash and/or other physical memory devices. Memory space may be configured to store an operating system (OS), one or more application programs, such as a UI program, data associated with the pertinent aspect or feature, applications running on processors in the device, user information, or other data or content. The various aspects and features of the present disclosure may further include one or more User I/O interfaces, such as keypads, touch screen inputs, mice, Bluetooth devices or other I/O devices. In addition, the certain aspects and features may include a cellular or other over the air wireless carrier interface, as well as a network interface that may be configured to communicate via a LAN or wireless LAN (WiLAN), such as a Wi-Fi network. Other interfaces, such as USB or other wired interfaces may also be included.
As used herein, computer program products comprising computer-readable media including all forms of computer-readable medium except, to the extent that such media is deemed to be non-statutory, transitory propagating signals.
While various embodiments of the present disclosure have been described in detail, it may be apparent to those skilled in the art that the present disclosure can be embodied in various other forms not specifically described herein.

Claims (30)

The invention claimed is:
1. A requester system, comprising:
a memory designed to store computer program code; and
a processor communicatively coupled to the memory;
wherein when the processor executes the computer program code, the processor is operable to at least:
generate a request, identification information identifying a receiver system, and one or more use parameters associate with a data file;
send the request to a key management system, wherein the sending of the request is configured to cause the key management system to generate a private encryption key and a public encryption key;
send the identification information to the key management system, wherein the sending of the identification information is configured to cause the key management system to send the public encryption key to the receiver system;
receive the private encryption key from the key management system;
modify the data file with the use parameters before the data file is encrypted;
encrypt the data file using the private encryption key; and
send the encrypted data file to the receiver system.
2. The requester system of claim 1, wherein the processor encrypts the data file based on the use parameters.
3. The requester system of claim 1, wherein the processor is further operable to send the use parameters to the key management system, wherein the sending of the use parameters is configured to cause the key management system to generate the public encryption key based on the use parameters.
4. The requester system of claim 1, wherein the use parameters specify an expiration date of the public encryption key.
5. The requester system of claim 1, wherein the processor is further operable to:
generate payment information; and
send the payment information to the key management system, wherein the sending of the payment information is configured to cause the key management system to generate the private encryption key and the public encryption key upon authentication of the payment information.
6. The requester system of claim 1, wherein the processor is further operable to send an access instruction to the receiver system, wherein the sending of the access instruction is configured to prohibit the receiver system from accessing the data file after a first number of access attempts by the receiver system and after an elapsed time period from when the encrypted data file was sent to the receiver system.
7. The requester system of claim 1, wherein the processor is further operable to:
receive a notification relating to an attempt, by the receiver system, at taking an action in relation to the data file;
generate, based on the notification, an instruction configured to deny the action; and send the instruction to the receiver system, wherein the sending of the instruction is configured to prevent the receiver system from completing the action.
8. The requester system of claim 1, wherein the use parameters specify security restrictions of the data file.
9. The requester system of claim 1, wherein the use parameters restrict operation of the data file.
10. The requester system of claim 1, wherein the encryption is embedded in the data file.
11. The requester system of claim 1, wherein the processor is further operable to validate the private encryption key.
12. A requester system, comprising:
a memory designed to store computer program code; and
a processor communicatively coupled to the memory;
wherein when the processor executes the computer program code, the processor is operable to at least:
generate a request, identification information identifying a receiver system, and one or more use parameters associate with a data file;
send the request to a key management system, wherein the sending of the request is configured to cause the key management system to generate a private encryption key and a public encryption key;
send the identification information to the key management system, wherein the sending of the identification information is configured to cause the key management system to send the public encryption key to the receiver system;
receive the private encryption key from the key management system;
encrypt the data file using the private encryption key;
send the encrypted data file to the receiver system; and
send an access instruction to the receiver system, wherein the sending of the access instruction is configured to prohibit the receiver system from accessing the data file after a first number of access attempts by the receiver system and after an elapsed time period from when the encrypted data file was sent to the receiver system.
13. The requester system of claim 12, wherein the processor encrypts the data file based on the use parameters.
14. The requester system of claim 12, wherein the processor is further operable to send the use parameters to the key management system, wherein the sending of the use parameters is configured to cause the key management system to generate the public encryption key based on the use parameters.
15. The requester system of claim 12, wherein the use parameters specify an expiration date of the public encryption key.
16. The requester system of claim 12, wherein the processor is further operable to modify the data file with the use parameters before the data file is encrypted.
17. The requester system of claim 12, wherein the processor is further operable to:
generate payment information; and
send the payment information to the key management system, wherein the sending of the payment information is configured to cause the key management system to generate the private encryption key and the public encryption key upon authentication of the payment information.
18. The requester system of claim 12, wherein the processor is further operable to:
receive a notification relating to an attempt, by the receiver system, at taking an action in relation to the data file;
generate, based on the notification, an instruction configured to deny the action; and send the instruction to the receiver system, wherein the sending of the instruction is configured to prevent the receiver system from completing the action.
19. The requester system of claim 12, wherein the use parameters specify security restrictions of the data file.
20. The requester system of claim 12, wherein the use parameters restrict operation of the data file.
21. The requester system of claim 12, wherein the encryption is embedded in the data file.
22. The requester system of claim 12, wherein the processor is further operable to validate the private encryption key.
23. A key management system, the system comprising:
a memory designed to store computer program code; and
a processor communicatively coupled to the memory;
wherein when the processor executes the computer program code, the processor is operable to at least:
receive, from a requester system, a request to generate a private encryption key and a public encryption key;
receive, from the requester system, identification information identifying a receiver system;
generate a first private encryption key and a first public encryption key in response to receiving the request;
send the first private encryption key to the requester system;
send the first public encryption key to the receiver system; and
send an instruction specifying the use parameters to an application running on the receiver system, wherein the application controls access to an encrypted data file that was received from the system by the receiver system based on the instruction specifying the use parameters.
24. The key management system of claim 23, wherein the processor is further operable to:
receive, from the requester system, use parameters; and
generate, based on the use parameters, the first public encryption key.
25. The key management system of claim 23, wherein the use parameters specify an expiration date for the public encryption key.
26. The key management system of claim 23, wherein the processor is further operable to:
generate one or more passcodes associated with the first private encryption key and the first public encryption key; and
send at least one of the passcodes to the system; and send at least one of the passcodes to the receiver system.
27. The key management system of claim 23, wherein the processor is further operable to:
receive payment information from the requester system; and
wherein the generation of the private encryption key and the public encryption key is based at least in part upon authentication of the payment information.
28. The key management system of claim 23, wherein the use parameters specify security restrictions of the data file.
29. The key management system of claim 23, wherein the use parameters restrict operation of the data file.
30. The key management system of claim 23, wherein the encryption is embedded in the data file.
US14/460,466 2011-11-03 2014-08-15 Demand based encryption and key generation and distribution systems and methods Active US9270447B2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US14/460,466 US9270447B2 (en) 2011-11-03 2014-08-15 Demand based encryption and key generation and distribution systems and methods
US15/040,454 US20160219021A1 (en) 2011-11-03 2016-02-10 Demand Based Encryption and Key Generation and Distribution Systems and Methods

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US201161555124P 2011-11-03 2011-11-03
US13/667,980 US8842840B2 (en) 2011-11-03 2012-11-02 Demand based encryption and key generation and distribution systems and methods
US14/460,466 US9270447B2 (en) 2011-11-03 2014-08-15 Demand based encryption and key generation and distribution systems and methods

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US13/667,980 Continuation US8842840B2 (en) 2011-11-03 2012-11-02 Demand based encryption and key generation and distribution systems and methods

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US15/040,454 Continuation US20160219021A1 (en) 2011-11-03 2016-02-10 Demand Based Encryption and Key Generation and Distribution Systems and Methods

Publications (2)

Publication Number Publication Date
US20140369501A1 US20140369501A1 (en) 2014-12-18
US9270447B2 true US9270447B2 (en) 2016-02-23

Family

ID=48223724

Family Applications (3)

Application Number Title Priority Date Filing Date
US13/667,980 Active 2032-11-30 US8842840B2 (en) 2011-11-03 2012-11-02 Demand based encryption and key generation and distribution systems and methods
US14/460,466 Active US9270447B2 (en) 2011-11-03 2014-08-15 Demand based encryption and key generation and distribution systems and methods
US15/040,454 Abandoned US20160219021A1 (en) 2011-11-03 2016-02-10 Demand Based Encryption and Key Generation and Distribution Systems and Methods

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US13/667,980 Active 2032-11-30 US8842840B2 (en) 2011-11-03 2012-11-02 Demand based encryption and key generation and distribution systems and methods

Family Applications After (1)

Application Number Title Priority Date Filing Date
US15/040,454 Abandoned US20160219021A1 (en) 2011-11-03 2016-02-10 Demand Based Encryption and Key Generation and Distribution Systems and Methods

Country Status (1)

Country Link
US (3) US8842840B2 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11250170B2 (en) * 2016-12-23 2022-02-15 DISH Technologies L.L.C. Secure activation of client receiver by host receiver smart card
US11259065B2 (en) 2016-12-23 2022-02-22 DISH Technologies L.L.C. Securely paired delivery of activation codes between removable and integrated security processors

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10055595B2 (en) 2007-08-30 2018-08-21 Baimmt, Llc Secure credentials control method
US8880030B2 (en) * 2012-03-12 2014-11-04 International Business Machines Corporation Serving time critical information to mobile devices
US9767299B2 (en) * 2013-03-15 2017-09-19 Mymail Technology, Llc Secure cloud data sharing
US9124430B2 (en) 2013-09-23 2015-09-01 Venafi, Inc. Centralized policy management for security keys
US9369279B2 (en) 2013-09-23 2016-06-14 Venafi, Inc. Handling key rotation problems
EA035011B1 (en) 2013-10-07 2020-04-16 ФОРНЕТИКС ЭлЭлСи Method for encryption key management, federation and distribution
US10108692B1 (en) * 2013-10-15 2018-10-23 Amazon Technologies, Inc. Data set distribution
US9817990B2 (en) 2014-03-12 2017-11-14 Samsung Electronics Co., Ltd. System and method of encrypting folder in device
US9607159B2 (en) 2014-12-10 2017-03-28 International Business Machines Corporation Intelligent key selection and generation
WO2017184160A1 (en) 2016-04-22 2017-10-26 Entit Software Llc Authorization of use of cryptographic keys
US10509733B2 (en) 2017-03-24 2019-12-17 Red Hat, Inc. Kernel same-page merging for encrypted memory
US11140173B2 (en) 2017-03-31 2021-10-05 Baimmt, Llc System and method for secure access control
US10209917B2 (en) 2017-04-20 2019-02-19 Red Hat, Inc. Physical memory migration for secure encrypted virtual machines
US10379764B2 (en) 2017-05-11 2019-08-13 Red Hat, Inc. Virtual machine page movement for encrypted memory
US11354420B2 (en) * 2017-07-21 2022-06-07 Red Hat, Inc. Re-duplication of de-duplicated encrypted memory
US11614956B2 (en) 2019-12-06 2023-03-28 Red Hat, Inc. Multicast live migration for encrypted virtual machines
US11829505B2 (en) * 2021-09-22 2023-11-28 Citrix Systems, Inc. High security one-time encryption
CN113868682A (en) * 2021-09-28 2021-12-31 山东云缦智能科技有限公司 Multimedia file encryption and decryption method based on RSA

Citations (191)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4200770A (en) 1977-09-06 1980-04-29 Stanford University Cryptographic apparatus and method
US4323921A (en) 1979-02-06 1982-04-06 Etablissement Public De Diffusion Dit "Telediffusion De France" System for transmitting information provided with means for controlling access to the information transmitted
US4337483A (en) 1979-02-06 1982-06-29 Etablissement Public De Diffusion Dit "Telediffusion De France" Text video-transmission system provided with means for controlling access to the information
US4405829A (en) 1977-12-14 1983-09-20 Massachusetts Institute Of Technology Cryptographic communications system and method
US4450535A (en) 1980-09-16 1984-05-22 Compagnie Internationale Pour L'informatique Cii-Honeywell Bull (Societe Anonyme) System and method for authorizing access to an article distribution or service acquisition machine
US4996642A (en) 1987-10-01 1991-02-26 Neonics, Inc. System and method for recommending items
US5774551A (en) 1995-08-07 1998-06-30 Sun Microsystems, Inc. Pluggable account management interface with unified login and logout and multiple user authentication services
US5974454A (en) 1997-11-14 1999-10-26 Microsoft Corporation Method and system for installing and updating program module components
US6233687B1 (en) 1998-01-21 2001-05-15 Nortel Networks Limited Method and apparatus for providing configuration information in a network
US6240401B1 (en) 1998-06-05 2001-05-29 Digital Video Express, L.P. System and method for movie transaction processing
US20010027558A1 (en) 2000-03-31 2001-10-04 Marco Sasselli Method for managing subscriber credits in a paytv system
US6308328B1 (en) 1997-01-17 2001-10-23 Scientific-Atlanta, Inc. Usage statistics collection for a cable data delivery system
US6314566B1 (en) 1998-09-29 2001-11-06 Apple Computer, Inc. Method and apparatus for “Just-in-Time” dynamic loading and unloading of computer software libraries
US6334127B1 (en) 1998-07-17 2001-12-25 Net Perceptions, Inc. System, method and article of manufacture for making serendipity-weighted recommendations to a user
US20020010864A1 (en) 2000-07-18 2002-01-24 Safa John Aram Transaction verification
US20020042923A1 (en) 1992-12-09 2002-04-11 Asmussen Michael L. Video and digital multimedia aggregator content suggestion engine
US20020049679A1 (en) 2000-04-07 2002-04-25 Chris Russell Secure digital content licensing system and method
US6381695B2 (en) * 1997-08-22 2002-04-30 International Business Machines Corporation Encryption system with time-dependent decryption
US20020056126A1 (en) 2000-04-08 2002-05-09 Geetha Srikantan Streaming a single media track to multiple clients
US20020067832A1 (en) 2000-06-05 2002-06-06 Jablon David P. Systems, methods and software for remote password authentication using multiple servers
US20020078360A1 (en) 2000-12-16 2002-06-20 Ncr Corporation Method of conducting transactions
US20020083124A1 (en) 2000-10-04 2002-06-27 Knox Christopher R. Systems and methods for supporting the delivery of streamed content
US6434695B1 (en) 1998-12-23 2002-08-13 Apple Computer, Inc. Computer operating system using compressed ROM image in RAM
US6436579B1 (en) 2000-04-21 2002-08-20 Renal Tech International Llc Electrical energy generation
US20020116291A1 (en) 2000-12-22 2002-08-22 Xerox Corporation Recommender system and method
US20020124182A1 (en) 2000-11-20 2002-09-05 Bacso Stephen R. Method and system for targeted content delivery, presentation, management and reporting in a communications nertwork
US20020128984A1 (en) 2001-02-26 2002-09-12 4Thpass Inc. Method and system for transmission-based billing of applications
US20020131601A1 (en) 2001-03-14 2002-09-19 Toshihiko Ninomiya Cryptographic key management method
US20020143565A1 (en) 2001-03-30 2002-10-03 Intertainer, Inc. Digital entertainment service platform
US20020152224A1 (en) 2001-03-06 2002-10-17 Cliff Roth System and method for generating a recommendation guide for use with an EPG
US20020152305A1 (en) 2000-03-03 2002-10-17 Jackson Gregory J. Systems and methods for resource utilization analysis in information management environments
US20020178370A1 (en) 1999-12-30 2002-11-28 Gurevich Michael N. Method and apparatus for secure authentication and sensitive data management
US20020184195A1 (en) 2001-05-30 2002-12-05 Qian Richard J. Integrating content from media sources
US20020194251A1 (en) 2000-03-03 2002-12-19 Richter Roger K. Systems and methods for resource usage accounting in information management environments
US20030028890A1 (en) 2001-08-03 2003-02-06 Swart William D. Video and digital multimedia acquisition and delivery system and method
US20030061611A1 (en) 2001-09-26 2003-03-27 Ramesh Pendakur Notifying users of available content and content reception based on user profiles
US6546555B1 (en) 1998-07-23 2003-04-08 Siemens Corporate Research, Inc. System for hypervideo filtering based on end-user payment interest and capability
US20030093341A1 (en) 2001-11-14 2003-05-15 International Business Machines Corporation Mechanism for tracking traffic statistics on a per packet basis to enable variable price billing
US20030093799A1 (en) 2001-11-14 2003-05-15 Kauffman Marc W. Streamed content Delivery
US6567657B1 (en) 1998-10-07 2003-05-20 Telefonaktiebolaget L M Ericsson SCP and MSC fault recovery process and signaling node failure reporting mechanism
US20030131001A1 (en) 2002-01-04 2003-07-10 Masanobu Matsuo System, method and computer program product for setting access rights to information in an information exchange framework
US6601061B1 (en) 1999-06-18 2003-07-29 Surfwax, Inc. Scalable information search and retrieval including use of special purpose searching resources
US20030149777A1 (en) 2002-02-07 2003-08-07 Micah Adler Probabalistic packet marking
US20030154487A1 (en) 2002-02-06 2003-08-14 Dainippon Screen Mfg. Co., Ltd. Digital content providing system
US6615355B2 (en) 1996-06-28 2003-09-02 Intel Corporation Method and apparatus for protecting flash memory
US20030167409A1 (en) 2002-03-04 2003-09-04 Lester Sussman Secure electronic directory and catalog synchronization using email to trigger synchronization
US20030182435A1 (en) 2000-11-13 2003-09-25 Digital Doors, Inc. Data security system and method for portable device
US6628314B1 (en) 1998-07-17 2003-09-30 B.E. Technology, Llc Computer interface method and apparatus with targeted advertising
US20030187794A1 (en) 2002-03-27 2003-10-02 Convergys Cmg Utah Inc. System and method for a flexible device-based rating engine
US6647494B1 (en) 1999-06-14 2003-11-11 Intel Corporation System and method for checking authorization of remote configuration operations
US6665659B1 (en) 2000-02-01 2003-12-16 James D. Logan Methods and apparatus for distributing and using metadata via the internet
US20030233241A1 (en) 2002-06-06 2003-12-18 Marsh David J. Methods and systems for generating electronic program guides
US20030236905A1 (en) 2002-06-25 2003-12-25 Microsoft Corporation System and method for automatically recovering from failed network connections in streaming media scenarios
US20030236745A1 (en) 2000-03-03 2003-12-25 Hartsell Neal D Systems and methods for billing in information management environments
US20040008688A1 (en) 2002-07-11 2004-01-15 Hitachi, Ltd. Business method and apparatus for path configuration in networks
US20040025186A1 (en) 2001-01-19 2004-02-05 Jennings Charles A. System and method for managing media
US20040028055A1 (en) 2002-07-26 2004-02-12 Lila Madour Differentiated accounting in a packet data network
US20040039911A1 (en) 2001-09-11 2004-02-26 Makoto Oka Content usage authority management system and management method
US20040038675A1 (en) 1996-08-07 2004-02-26 Criss Mark A. Wireless software upgrades with version control
US20040044677A1 (en) 2000-03-08 2004-03-04 Better T.V. Technologies Ltd. Method for personalizing information and services from various media sources
US6715075B1 (en) 1999-07-08 2004-03-30 Intel Corporation Providing a configuration file to a communication device
US20040064579A1 (en) 2001-01-19 2004-04-01 World Streaming Network, Inc. System and method for streaming media
US6732366B1 (en) 1995-02-24 2004-05-04 James Russo Stored program pay-per-play
US20040088558A1 (en) 2002-11-05 2004-05-06 Candelore Brant L. Descrambler
US20040102182A1 (en) 2001-03-22 2004-05-27 Lothar Reith Method of providing networks services
US20040101141A1 (en) 2002-11-27 2004-05-27 Jukka Alve System and method for securely installing a cryptographic system on a secure device
US20040117836A1 (en) 2002-12-11 2004-06-17 Jeyhan Karaoguz Method and system for network storage in a media exchange network
US20040117500A1 (en) 2001-04-10 2004-06-17 Fredrik Lindholm Method and network for delivering streaming data
US20040133923A1 (en) 2002-08-21 2004-07-08 Watson Scott F. Digital home movie library
US6769127B1 (en) 2000-06-16 2004-07-27 Minerva Networks, Inc. Method and system for delivering media services and application over networks
US20040145773A1 (en) 2003-01-29 2004-07-29 Oakeson Kenneth L. Message authorization system and method
US20040167791A1 (en) 2001-03-30 2004-08-26 Anthony Rodrigo Processing transactions
US20040167859A1 (en) 2003-02-14 2004-08-26 Richard Mirabella Software license management system configurable for post-use payment business models
US6789195B1 (en) * 1999-06-07 2004-09-07 Siemens Aktiengesellschaft Secure data processing method
US6789255B1 (en) 1997-12-19 2004-09-07 Microsoft Corporation Determining update availability via set intersection over a sub-optimal pathway
US20040192253A1 (en) 2003-03-28 2004-09-30 Motoharu Usumi Content delivery system
US20040193550A1 (en) 2003-03-28 2004-09-30 Jaime A. Siegel Method and apparatus for implementing digital rights management
US20040205043A1 (en) 2001-06-29 2004-10-14 Marzio Alessi Identification and documentation of accesses to a communication network
US20040215735A1 (en) 2002-12-20 2004-10-28 Tohru Nakahara Information management system
US20040243994A1 (en) 2003-03-28 2004-12-02 Masami Nasu Communication device, software update device, software update system, software update method, and program
US20040267812A1 (en) 2003-06-26 2004-12-30 Microsoft Corporation Media platform
US20050004875A1 (en) 2001-07-06 2005-01-06 Markku Kontio Digital rights management in a mobile communications environment
US20050009541A1 (en) 2003-06-25 2005-01-13 Oracle International Corporation Intelligent messaging
US20050009500A1 (en) 2003-06-24 2005-01-13 Openwave Systems Inc. System and method for extending billing services to applications on a carrier's network
US6847969B1 (en) 1999-05-03 2005-01-25 Streetspace, Inc. Method and system for providing personalized online services and advertisements in public spaces
US20050021765A1 (en) 2003-04-22 2005-01-27 International Business Machines Corporation Context sensitive portlets
US20050022229A1 (en) 2003-07-25 2005-01-27 Michael Gabriel Content access control
US6854010B1 (en) 2001-04-05 2005-02-08 Bluecube Software, Inc. Multi-location management system
US20050043997A1 (en) 2003-08-18 2005-02-24 Sahota Jagdeep Singh Method and system for generating a dynamic verification value
US20050044481A1 (en) 1999-04-21 2005-02-24 Interactual Technologies, Inc. Controlling playback of content stored on a portable storage medium
US20050064875A1 (en) 2003-09-23 2005-03-24 Sbc Knowledge Ventures, L.P. System and method for providing managed point to point services
US20050071839A1 (en) 2003-09-25 2005-03-31 Curitel Communications, Inc. Communication terminal and communication network for partially updating software, software update method, and software creation device and method therefor
US20050076365A1 (en) 2003-08-28 2005-04-07 Samsung Electronics Co., Ltd. Method and system for recommending content
US6880079B2 (en) 2002-04-25 2005-04-12 Vasco Data Security, Inc. Methods and systems for secure transmission of information using a mobile device
US6892228B1 (en) 2000-08-23 2005-05-10 Pure Matrix, Inc. System and method for on-line service creation
US20050111663A1 (en) 2003-11-26 2005-05-26 International Business Machines Corporation System, method, and service for delivering enhanced multimedia content on physical media
US20050127164A1 (en) 2002-03-19 2005-06-16 John Wankmueller Method and system for conducting a transaction using a proximity device and an identifier
US20050132204A1 (en) 2003-12-10 2005-06-16 Christoph Gouguenheim Trusted system for file distribution
US20050144465A1 (en) 2002-11-20 2005-06-30 Susumu Senshu Recording system and method, recording device and method, input device and method, reproduction system and method, reproduction device and method, recording medium, and program
US20050144437A1 (en) 1994-12-30 2005-06-30 Ransom Douglas S. System and method for assigning an identity to an intelligent electronic device
US20050141720A1 (en) * 2002-04-30 2005-06-30 Yuji Watanabe Encrypted communication system, key delivery server thereof, terminal device and key sharing method
US20050154764A1 (en) 2003-11-26 2005-07-14 Andreas Riegler System for accessing content items over a network
US6925182B1 (en) 1997-12-19 2005-08-02 Koninklijke Philips Electronics N.V. Administration and utilization of private keys in a networked environment
US20050172137A1 (en) 2004-02-03 2005-08-04 Hewlett-Packard Development Company, L.P. Key management technique for establishing a secure channel
US20050198332A1 (en) 2004-03-04 2005-09-08 International Business Machines Corporation Controlling access of a client system to an access protected remote resource
US20050223218A1 (en) 2004-03-19 2005-10-06 Nokia Corporation Storing of data in a device
US20050246282A1 (en) 2002-08-15 2005-11-03 Mats Naslund Monitoring of digital content provided from a content provider over a network
US20050278787A1 (en) 2002-08-15 2005-12-15 Mats Naslund Robust and flexible digital rights management involving a tamper-resistant identity module
US20050283791A1 (en) 2003-12-23 2005-12-22 Digital Networks North America, Inc. Method and apparatus for distributing media in a pay per play architecture with remote playback within an enterprise
US20050283826A1 (en) 2004-06-22 2005-12-22 Sun Microsystems, Inc. Systems and methods for performing secure communications between an authorized computing platform and a hardware component
US20060010324A1 (en) 2004-07-09 2006-01-12 Guido Appenzeller Secure messaging system with derived keys
US20060026304A1 (en) 2004-05-04 2006-02-02 Price Robert M System and method for updating software in electronic devices
US7003667B1 (en) 1999-10-04 2006-02-21 Canon Kabushiki Kaisha Targeted secure printing
US20060090187A1 (en) 2003-12-27 2006-04-27 Sk Telecom Co., Ltd. Rtsp-based multimedia control method
US20060100987A1 (en) 2002-11-08 2006-05-11 Leurs Nathalie D P Apparatus and method to provide a recommedation of content
US20060107071A1 (en) 2004-11-12 2006-05-18 Apple Computer, Inc. Method and system for updating firmware stored in non-volatile memory
US20060111077A1 (en) 2002-11-12 2006-05-25 Nokia Corporation Method for avoiding double charging of a service in a telecommunication system
US20060141984A1 (en) 2004-12-29 2006-06-29 Claudio Taglienti Client-based context-based billing for wireless networks
US20060153160A1 (en) 2002-07-12 2006-07-13 Comptel Oyj Method, means and computer program product for controlling and/or restricting use of telecommunications connection
US20060168253A1 (en) 2003-03-10 2006-07-27 Sony Corporation Access control processing method
US20060168288A1 (en) 2004-12-16 2006-07-27 Michele Covell Identifying failure of a streaming media server to satisfy quality-of-service criteria
US20060206617A1 (en) 2003-02-25 2006-09-14 Matsushita Electric Industrial Co., Ltd. Method of reporting quality metrics for packet switched streaming
US7114021B2 (en) 2001-03-01 2006-09-26 Symbol Technologies, Inc. System and method providing configuration services for communications devices
US20060230124A1 (en) 2000-06-22 2006-10-12 Microsoft Corporation Distributed computing services platform
US20060229988A1 (en) 2003-01-21 2006-10-12 Shunichi Oshima Card settlement method using portable electronic device having fingerprint sensor
US20060242038A1 (en) 2003-07-14 2006-10-26 Michele Giudilli Method for charging costs of enjoying contents transmitted over a telecommunications network, preferably by the internet network, and related system
US20060272031A1 (en) 2005-05-24 2006-11-30 Napster Llc System and method for unlimited licensing to a fixed number of devices
US20060271485A1 (en) 2005-03-12 2006-11-30 Jiwire, Inc. Wireless connectivity security technique
US20060271488A1 (en) 2005-05-25 2006-11-30 Oracle International Corporation Techniques for analyzing commands during streaming media to confirm delivery
US20060271548A1 (en) 2005-05-25 2006-11-30 Oracle International Corporation Personalization and recommendations of aggregated data not owned by the aggregator
US7149797B1 (en) 2001-04-02 2006-12-12 Akamai Technologies, Inc. Content delivery network service provider (CDNSP)-managed content delivery network (CDN) for network service provider (NSP)
US20060294378A1 (en) 2005-06-23 2006-12-28 Lumsden Ian A Key loading systems and methods
US20070005974A1 (en) 2005-06-29 2007-01-04 Fujitsu Limited Method for transferring encrypted data and information processing system
US20070014403A1 (en) 2005-07-18 2007-01-18 Creative Technology Ltd. Controlling distribution of protected content
US20070028120A1 (en) 2004-11-12 2007-02-01 Apple Computer, Inc. Secure software updates
US20070028109A1 (en) 2005-07-26 2007-02-01 Apple Computer, Inc. Configuration of a computing device in a secure manner
US7181523B2 (en) 2000-10-26 2007-02-20 Intel Corporation Method and apparatus for managing a plurality of servers in a content delivery network
US20070055853A1 (en) 2005-09-02 2007-03-08 Hitachi, Ltd. Method for changing booting configuration and computer system capable of booting OS
US7197570B2 (en) 1998-07-22 2007-03-27 Appstream Inc. System and method to send predicted application streamlets to a client device
US20070083759A1 (en) 2005-10-11 2007-04-12 Drew John W Data transfer system
US20070088947A1 (en) 2003-01-27 2007-04-19 Microsoft Corporation Deriving a Symmetric Key from an Asymmetric Key for File Encryption or Decryption
US20070106892A1 (en) 2003-10-08 2007-05-10 Engberg Stephan J Method and system for establishing a communication using privacy enhancing techniques
US20070119918A1 (en) 2005-07-15 2007-05-31 Hogg Jason J System and method for new execution and management of financial and data transactions
US7233790B2 (en) 2002-06-28 2007-06-19 Openwave Systems, Inc. Device capability based discovery, packaging and provisioning of content for wireless mobile devices
US20070150724A1 (en) 2005-12-27 2007-06-28 Taiwan Semiconductor Manufacturing Co., Ltd. Data archiving and accessing methods and systems
US20070160209A1 (en) 2004-07-02 2007-07-12 Kabushiki Kaisha Toshiba Content management method, content management program, and electronic device
US20070165860A1 (en) 2004-05-06 2007-07-19 Fukio Handa Method for issuing ic card storing encryption key information
US20070170243A1 (en) 2006-01-24 2007-07-26 First Data Corporation Contactless-chip-initiated transaction system
US7272651B1 (en) 2001-08-28 2007-09-18 Cisco Technology, Inc. RSVP transmitter proxy
US20070226513A1 (en) 2004-05-06 2007-09-27 Fukio Handa Ic Card for Encryption or Decryption Process and Encrypted Communication System and Encrypted Communication Method Using the Same
US20070255943A1 (en) 2006-04-18 2007-11-01 Kern David S Method and system for automating the recovery of a credential store
US20070280483A1 (en) 2006-06-06 2007-12-06 Red Hat, Inc. Methods and systems for key recovery for a token
US20070288713A1 (en) 2004-08-26 2007-12-13 Hiroshi Sugimoto Data Recording/Reproducing Device and Method
US20070290034A1 (en) 2001-09-21 2007-12-20 Larry Routhenstein Method for generating customer secure card numbers
US20070299781A1 (en) 2000-09-07 2007-12-27 Rodriguez Alan F Jr System and apparatus for credit data transmission
US20070297340A1 (en) 2006-06-26 2007-12-27 Oracle International Corporation Techniques for correlation of charges in multiple layers for content and service delivery
US20080029593A1 (en) 2003-08-18 2008-02-07 Ayman Hammad Method and System for Generating a Dynamic Verification Value
US20080065554A1 (en) 2000-04-11 2008-03-13 Hogan Edward J Method and system for conducting secure payments over a computer network
US20080076572A1 (en) 2006-09-08 2008-03-27 Igt, Inc. Mobile gaming devices for use in a gaming network having gaming and non-gaming zones
US7360210B1 (en) 2002-07-03 2008-04-15 Sprint Spectrum L.P. Method and system for dynamically varying intermediation functions in a communication path between a content server and a client station
US7363384B2 (en) 2001-07-11 2008-04-22 Sony Computer Entertainment America Inc. Selection of content in response to communication environment
US7366495B1 (en) 2001-06-21 2008-04-29 Michael Joseph Magnotta Prepaid reservation-based rating system
US20080100987A1 (en) 2006-10-31 2008-05-01 Tdk Corporation Multilayer capacitor, manufacturing method thereof
US20080104399A1 (en) 2002-10-08 2008-05-01 Koolspan, Inc. Localized network authentication and security using tamper-resistant keys
US20080120504A1 (en) 2006-10-31 2008-05-22 Research In Motion Limited System and method for protecting a password against brute force attacks
US20080120511A1 (en) 2006-11-17 2008-05-22 Electronic Data Systems Corporation Apparatus, and associated method, for providing secure data entry of confidential information
US7386623B2 (en) 2000-08-31 2008-06-10 Sony Corporation Content distribution notification method, reservation control apparatus and program storage medium
US7386877B2 (en) 2002-07-12 2008-06-10 Sun Microsystems, Inc. Specifying a repository for an authentication token in a distributed computing system
US20080148067A1 (en) 2006-10-11 2008-06-19 David H. Sitrick Method and system for secure distribution of selected content to be protected on an appliance-specific basis with definable permitted associated usage rights for the selected content
US20080152140A1 (en) 2003-10-07 2008-06-26 Koolspan, Inc. Mass subscriber management
US7395551B2 (en) 1999-12-20 2008-07-01 Sony Corporation Method and apparatus for managing software use
US20080183622A1 (en) 2007-01-30 2008-07-31 Phil Dixon Signature based negative list for off line payment device validation
US20080189214A1 (en) 2006-10-17 2008-08-07 Clay Von Mueller Pin block replacement
US20080215704A1 (en) 2003-09-02 2008-09-04 Igor Danilo Diego Curcio Transmission of Information Relating to a Quality of Service
US20080240433A1 (en) 2007-01-22 2008-10-02 Samsung Electronics Co., Ltd. Lightweight secure authentication channel
US7444508B2 (en) 2003-06-30 2008-10-28 Nokia Corporation Method of implementing secure access
US20080273697A1 (en) 2007-05-01 2008-11-06 Greco Paul M Use of Indirect Data Keys for Encrypted Tape Cartridges
US20080301461A1 (en) 2007-05-31 2008-12-04 Vasco Data Security International, Inc. Remote authentication and transaction signatures
US20090016264A1 (en) 2005-02-02 2009-01-15 Matsushita Electric Industrial Co., Ltd. Packet transfer method in communication network system and packet processing method in communication device constituting the system
US20090063345A1 (en) 2007-08-29 2009-03-05 American Express Travel Related Services Company, Inc. System and Method for Facilitating a Financial Transaction with a Dynamically Generated Identifier
US20090094123A1 (en) 2007-10-03 2009-04-09 Patrick Killian Payment services provider methods in connection with personalized payments system
US7552233B2 (en) 2000-03-16 2009-06-23 Adara Networks, Inc. System and method for information object routing in computer networks
US7552196B2 (en) 1999-04-15 2009-06-23 Breach Security, Inc. Detecting corrupted data before transmission to a client
US20090185687A1 (en) 2008-01-23 2009-07-23 John Wankmueller Systems and Methods for Mutual Authentication Using One Time Codes
US20090202081A1 (en) 2008-02-08 2009-08-13 Ayman Hammad Key delivery system and method
US20100228972A1 (en) * 2009-03-04 2010-09-09 Hong Kong Applied Science and Technology Research Institute Company Limited System and Method for Content Distribution with Broadcast Encryption
US20100325428A1 (en) 2004-02-27 2010-12-23 International Business Machines Corporation System and Method for Authentication of a Hardware Token
US20100325423A1 (en) 2009-06-22 2010-12-23 Craig Stephen Etchegoyen System and Method for Securing an Electronic Communication
US7870273B2 (en) 2007-09-28 2011-01-11 Disney Enterprises, Inc. Method and system for indentifying a device implementing a digital rights management protocol
US7975147B1 (en) 2003-03-31 2011-07-05 Hewlett-Packard Development Company, L.P. Electronic device network supporting enciphering and deciphering and update generation in electronic devices
US20110246767A1 (en) 2010-03-30 2011-10-06 Pradeep Kumar Chaturvedi Secure virtual machine memory

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8365306B2 (en) * 2005-05-25 2013-01-29 Oracle International Corporation Platform and service for management and multi-channel delivery of multi-types of contents

Patent Citations (198)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4200770A (en) 1977-09-06 1980-04-29 Stanford University Cryptographic apparatus and method
US4405829A (en) 1977-12-14 1983-09-20 Massachusetts Institute Of Technology Cryptographic communications system and method
US4323921A (en) 1979-02-06 1982-04-06 Etablissement Public De Diffusion Dit "Telediffusion De France" System for transmitting information provided with means for controlling access to the information transmitted
US4337483A (en) 1979-02-06 1982-06-29 Etablissement Public De Diffusion Dit "Telediffusion De France" Text video-transmission system provided with means for controlling access to the information
US4450535A (en) 1980-09-16 1984-05-22 Compagnie Internationale Pour L'informatique Cii-Honeywell Bull (Societe Anonyme) System and method for authorizing access to an article distribution or service acquisition machine
US4996642A (en) 1987-10-01 1991-02-26 Neonics, Inc. System and method for recommending items
US20020042923A1 (en) 1992-12-09 2002-04-11 Asmussen Michael L. Video and digital multimedia aggregator content suggestion engine
US20050144437A1 (en) 1994-12-30 2005-06-30 Ransom Douglas S. System and method for assigning an identity to an intelligent electronic device
US6732366B1 (en) 1995-02-24 2004-05-04 James Russo Stored program pay-per-play
US5774551A (en) 1995-08-07 1998-06-30 Sun Microsystems, Inc. Pluggable account management interface with unified login and logout and multiple user authentication services
US6615355B2 (en) 1996-06-28 2003-09-02 Intel Corporation Method and apparatus for protecting flash memory
US20040038675A1 (en) 1996-08-07 2004-02-26 Criss Mark A. Wireless software upgrades with version control
US6308328B1 (en) 1997-01-17 2001-10-23 Scientific-Atlanta, Inc. Usage statistics collection for a cable data delivery system
US6381695B2 (en) * 1997-08-22 2002-04-30 International Business Machines Corporation Encryption system with time-dependent decryption
US5974454A (en) 1997-11-14 1999-10-26 Microsoft Corporation Method and system for installing and updating program module components
US6925182B1 (en) 1997-12-19 2005-08-02 Koninklijke Philips Electronics N.V. Administration and utilization of private keys in a networked environment
US6789255B1 (en) 1997-12-19 2004-09-07 Microsoft Corporation Determining update availability via set intersection over a sub-optimal pathway
US6233687B1 (en) 1998-01-21 2001-05-15 Nortel Networks Limited Method and apparatus for providing configuration information in a network
US6240401B1 (en) 1998-06-05 2001-05-29 Digital Video Express, L.P. System and method for movie transaction processing
US6334127B1 (en) 1998-07-17 2001-12-25 Net Perceptions, Inc. System, method and article of manufacture for making serendipity-weighted recommendations to a user
US6628314B1 (en) 1998-07-17 2003-09-30 B.E. Technology, Llc Computer interface method and apparatus with targeted advertising
US7197570B2 (en) 1998-07-22 2007-03-27 Appstream Inc. System and method to send predicted application streamlets to a client device
US20030145333A1 (en) 1998-07-23 2003-07-31 Siemens Corporate Research, Inc. System for hypervideo filtering based on end-user payment interest and capability
US6546555B1 (en) 1998-07-23 2003-04-08 Siemens Corporate Research, Inc. System for hypervideo filtering based on end-user payment interest and capability
US6314566B1 (en) 1998-09-29 2001-11-06 Apple Computer, Inc. Method and apparatus for “Just-in-Time” dynamic loading and unloading of computer software libraries
US6567657B1 (en) 1998-10-07 2003-05-20 Telefonaktiebolaget L M Ericsson SCP and MSC fault recovery process and signaling node failure reporting mechanism
US6434695B1 (en) 1998-12-23 2002-08-13 Apple Computer, Inc. Computer operating system using compressed ROM image in RAM
US7552196B2 (en) 1999-04-15 2009-06-23 Breach Security, Inc. Detecting corrupted data before transmission to a client
US20050044481A1 (en) 1999-04-21 2005-02-24 Interactual Technologies, Inc. Controlling playback of content stored on a portable storage medium
US6847969B1 (en) 1999-05-03 2005-01-25 Streetspace, Inc. Method and system for providing personalized online services and advertisements in public spaces
US6789195B1 (en) * 1999-06-07 2004-09-07 Siemens Aktiengesellschaft Secure data processing method
US6647494B1 (en) 1999-06-14 2003-11-11 Intel Corporation System and method for checking authorization of remote configuration operations
US6601061B1 (en) 1999-06-18 2003-07-29 Surfwax, Inc. Scalable information search and retrieval including use of special purpose searching resources
US6715075B1 (en) 1999-07-08 2004-03-30 Intel Corporation Providing a configuration file to a communication device
US7003667B1 (en) 1999-10-04 2006-02-21 Canon Kabushiki Kaisha Targeted secure printing
US7395551B2 (en) 1999-12-20 2008-07-01 Sony Corporation Method and apparatus for managing software use
US20020178370A1 (en) 1999-12-30 2002-11-28 Gurevich Michael N. Method and apparatus for secure authentication and sensitive data management
US6665659B1 (en) 2000-02-01 2003-12-16 James D. Logan Methods and apparatus for distributing and using metadata via the internet
US20020152305A1 (en) 2000-03-03 2002-10-17 Jackson Gregory J. Systems and methods for resource utilization analysis in information management environments
US20020194251A1 (en) 2000-03-03 2002-12-19 Richter Roger K. Systems and methods for resource usage accounting in information management environments
US20030236745A1 (en) 2000-03-03 2003-12-25 Hartsell Neal D Systems and methods for billing in information management environments
US20040044677A1 (en) 2000-03-08 2004-03-04 Better T.V. Technologies Ltd. Method for personalizing information and services from various media sources
US7552233B2 (en) 2000-03-16 2009-06-23 Adara Networks, Inc. System and method for information object routing in computer networks
US20010027558A1 (en) 2000-03-31 2001-10-04 Marco Sasselli Method for managing subscriber credits in a paytv system
US20020049679A1 (en) 2000-04-07 2002-04-25 Chris Russell Secure digital content licensing system and method
US20020056126A1 (en) 2000-04-08 2002-05-09 Geetha Srikantan Streaming a single media track to multiple clients
US20080065554A1 (en) 2000-04-11 2008-03-13 Hogan Edward J Method and system for conducting secure payments over a computer network
US6436579B1 (en) 2000-04-21 2002-08-20 Renal Tech International Llc Electrical energy generation
US20020067832A1 (en) 2000-06-05 2002-06-06 Jablon David P. Systems, methods and software for remote password authentication using multiple servers
US6769127B1 (en) 2000-06-16 2004-07-27 Minerva Networks, Inc. Method and system for delivering media services and application over networks
US20060230124A1 (en) 2000-06-22 2006-10-12 Microsoft Corporation Distributed computing services platform
US20020010864A1 (en) 2000-07-18 2002-01-24 Safa John Aram Transaction verification
US6892228B1 (en) 2000-08-23 2005-05-10 Pure Matrix, Inc. System and method for on-line service creation
US7386623B2 (en) 2000-08-31 2008-06-10 Sony Corporation Content distribution notification method, reservation control apparatus and program storage medium
US20070299781A1 (en) 2000-09-07 2007-12-27 Rodriguez Alan F Jr System and apparatus for credit data transmission
US20020083124A1 (en) 2000-10-04 2002-06-27 Knox Christopher R. Systems and methods for supporting the delivery of streamed content
US7181523B2 (en) 2000-10-26 2007-02-20 Intel Corporation Method and apparatus for managing a plurality of servers in a content delivery network
US20030182435A1 (en) 2000-11-13 2003-09-25 Digital Doors, Inc. Data security system and method for portable device
US20020124182A1 (en) 2000-11-20 2002-09-05 Bacso Stephen R. Method and system for targeted content delivery, presentation, management and reporting in a communications nertwork
US20020078360A1 (en) 2000-12-16 2002-06-20 Ncr Corporation Method of conducting transactions
US20020116291A1 (en) 2000-12-22 2002-08-22 Xerox Corporation Recommender system and method
US20040025186A1 (en) 2001-01-19 2004-02-05 Jennings Charles A. System and method for managing media
US20040064579A1 (en) 2001-01-19 2004-04-01 World Streaming Network, Inc. System and method for streaming media
US20020128984A1 (en) 2001-02-26 2002-09-12 4Thpass Inc. Method and system for transmission-based billing of applications
US7114021B2 (en) 2001-03-01 2006-09-26 Symbol Technologies, Inc. System and method providing configuration services for communications devices
US20020152224A1 (en) 2001-03-06 2002-10-17 Cliff Roth System and method for generating a recommendation guide for use with an EPG
US20020131601A1 (en) 2001-03-14 2002-09-19 Toshihiko Ninomiya Cryptographic key management method
US20040102182A1 (en) 2001-03-22 2004-05-27 Lothar Reith Method of providing networks services
US20020143565A1 (en) 2001-03-30 2002-10-03 Intertainer, Inc. Digital entertainment service platform
US20040167791A1 (en) 2001-03-30 2004-08-26 Anthony Rodrigo Processing transactions
US7149797B1 (en) 2001-04-02 2006-12-12 Akamai Technologies, Inc. Content delivery network service provider (CDNSP)-managed content delivery network (CDN) for network service provider (NSP)
US6854010B1 (en) 2001-04-05 2005-02-08 Bluecube Software, Inc. Multi-location management system
US20040117500A1 (en) 2001-04-10 2004-06-17 Fredrik Lindholm Method and network for delivering streaming data
US20020184195A1 (en) 2001-05-30 2002-12-05 Qian Richard J. Integrating content from media sources
US7366495B1 (en) 2001-06-21 2008-04-29 Michael Joseph Magnotta Prepaid reservation-based rating system
US20040205043A1 (en) 2001-06-29 2004-10-14 Marzio Alessi Identification and documentation of accesses to a communication network
US20050004875A1 (en) 2001-07-06 2005-01-06 Markku Kontio Digital rights management in a mobile communications environment
US7363384B2 (en) 2001-07-11 2008-04-22 Sony Computer Entertainment America Inc. Selection of content in response to communication environment
US20030028890A1 (en) 2001-08-03 2003-02-06 Swart William D. Video and digital multimedia acquisition and delivery system and method
US7272651B1 (en) 2001-08-28 2007-09-18 Cisco Technology, Inc. RSVP transmitter proxy
US20040039911A1 (en) 2001-09-11 2004-02-26 Makoto Oka Content usage authority management system and management method
US20070290034A1 (en) 2001-09-21 2007-12-20 Larry Routhenstein Method for generating customer secure card numbers
US20030061611A1 (en) 2001-09-26 2003-03-27 Ramesh Pendakur Notifying users of available content and content reception based on user profiles
US20030093341A1 (en) 2001-11-14 2003-05-15 International Business Machines Corporation Mechanism for tracking traffic statistics on a per packet basis to enable variable price billing
US20030093799A1 (en) 2001-11-14 2003-05-15 Kauffman Marc W. Streamed content Delivery
US20030131001A1 (en) 2002-01-04 2003-07-10 Masanobu Matsuo System, method and computer program product for setting access rights to information in an information exchange framework
US20030154487A1 (en) 2002-02-06 2003-08-14 Dainippon Screen Mfg. Co., Ltd. Digital content providing system
US20030149777A1 (en) 2002-02-07 2003-08-07 Micah Adler Probabalistic packet marking
US20030167409A1 (en) 2002-03-04 2003-09-04 Lester Sussman Secure electronic directory and catalog synchronization using email to trigger synchronization
US20050127164A1 (en) 2002-03-19 2005-06-16 John Wankmueller Method and system for conducting a transaction using a proximity device and an identifier
US20030187794A1 (en) 2002-03-27 2003-10-02 Convergys Cmg Utah Inc. System and method for a flexible device-based rating engine
US6880079B2 (en) 2002-04-25 2005-04-12 Vasco Data Security, Inc. Methods and systems for secure transmission of information using a mobile device
US20050141720A1 (en) * 2002-04-30 2005-06-30 Yuji Watanabe Encrypted communication system, key delivery server thereof, terminal device and key sharing method
US20030233241A1 (en) 2002-06-06 2003-12-18 Marsh David J. Methods and systems for generating electronic program guides
US20030236905A1 (en) 2002-06-25 2003-12-25 Microsoft Corporation System and method for automatically recovering from failed network connections in streaming media scenarios
US7233790B2 (en) 2002-06-28 2007-06-19 Openwave Systems, Inc. Device capability based discovery, packaging and provisioning of content for wireless mobile devices
US7360210B1 (en) 2002-07-03 2008-04-15 Sprint Spectrum L.P. Method and system for dynamically varying intermediation functions in a communication path between a content server and a client station
US20040008688A1 (en) 2002-07-11 2004-01-15 Hitachi, Ltd. Business method and apparatus for path configuration in networks
US7386877B2 (en) 2002-07-12 2008-06-10 Sun Microsystems, Inc. Specifying a repository for an authentication token in a distributed computing system
US20060153160A1 (en) 2002-07-12 2006-07-13 Comptel Oyj Method, means and computer program product for controlling and/or restricting use of telecommunications connection
US20040028055A1 (en) 2002-07-26 2004-02-12 Lila Madour Differentiated accounting in a packet data network
US20050246282A1 (en) 2002-08-15 2005-11-03 Mats Naslund Monitoring of digital content provided from a content provider over a network
US20050278787A1 (en) 2002-08-15 2005-12-15 Mats Naslund Robust and flexible digital rights management involving a tamper-resistant identity module
US20040133923A1 (en) 2002-08-21 2004-07-08 Watson Scott F. Digital home movie library
US20080104399A1 (en) 2002-10-08 2008-05-01 Koolspan, Inc. Localized network authentication and security using tamper-resistant keys
US20090168996A1 (en) 2002-11-05 2009-07-02 Sony Corporation Descrambler
US20040088558A1 (en) 2002-11-05 2004-05-06 Candelore Brant L. Descrambler
US20060100987A1 (en) 2002-11-08 2006-05-11 Leurs Nathalie D P Apparatus and method to provide a recommedation of content
US20060111077A1 (en) 2002-11-12 2006-05-25 Nokia Corporation Method for avoiding double charging of a service in a telecommunication system
US20050144465A1 (en) 2002-11-20 2005-06-30 Susumu Senshu Recording system and method, recording device and method, input device and method, reproduction system and method, reproduction device and method, recording medium, and program
US20040101141A1 (en) 2002-11-27 2004-05-27 Jukka Alve System and method for securely installing a cryptographic system on a secure device
US20040117836A1 (en) 2002-12-11 2004-06-17 Jeyhan Karaoguz Method and system for network storage in a media exchange network
US20040215735A1 (en) 2002-12-20 2004-10-28 Tohru Nakahara Information management system
US20060229988A1 (en) 2003-01-21 2006-10-12 Shunichi Oshima Card settlement method using portable electronic device having fingerprint sensor
US20070088947A1 (en) 2003-01-27 2007-04-19 Microsoft Corporation Deriving a Symmetric Key from an Asymmetric Key for File Encryption or Decryption
US20040145773A1 (en) 2003-01-29 2004-07-29 Oakeson Kenneth L. Message authorization system and method
US20040167859A1 (en) 2003-02-14 2004-08-26 Richard Mirabella Software license management system configurable for post-use payment business models
US20060206617A1 (en) 2003-02-25 2006-09-14 Matsushita Electric Industrial Co., Ltd. Method of reporting quality metrics for packet switched streaming
US20060168253A1 (en) 2003-03-10 2006-07-27 Sony Corporation Access control processing method
US20040243994A1 (en) 2003-03-28 2004-12-02 Masami Nasu Communication device, software update device, software update system, software update method, and program
US20040193550A1 (en) 2003-03-28 2004-09-30 Jaime A. Siegel Method and apparatus for implementing digital rights management
US20040192253A1 (en) 2003-03-28 2004-09-30 Motoharu Usumi Content delivery system
US7975147B1 (en) 2003-03-31 2011-07-05 Hewlett-Packard Development Company, L.P. Electronic device network supporting enciphering and deciphering and update generation in electronic devices
US20050021765A1 (en) 2003-04-22 2005-01-27 International Business Machines Corporation Context sensitive portlets
US20050009500A1 (en) 2003-06-24 2005-01-13 Openwave Systems Inc. System and method for extending billing services to applications on a carrier's network
US20050009541A1 (en) 2003-06-25 2005-01-13 Oracle International Corporation Intelligent messaging
US20040267812A1 (en) 2003-06-26 2004-12-30 Microsoft Corporation Media platform
US7444508B2 (en) 2003-06-30 2008-10-28 Nokia Corporation Method of implementing secure access
US20060242038A1 (en) 2003-07-14 2006-10-26 Michele Giudilli Method for charging costs of enjoying contents transmitted over a telecommunications network, preferably by the internet network, and related system
US20050022229A1 (en) 2003-07-25 2005-01-27 Michael Gabriel Content access control
US20080029593A1 (en) 2003-08-18 2008-02-07 Ayman Hammad Method and System for Generating a Dynamic Verification Value
US20050043997A1 (en) 2003-08-18 2005-02-24 Sahota Jagdeep Singh Method and system for generating a dynamic verification value
US20050076365A1 (en) 2003-08-28 2005-04-07 Samsung Electronics Co., Ltd. Method and system for recommending content
US20080215704A1 (en) 2003-09-02 2008-09-04 Igor Danilo Diego Curcio Transmission of Information Relating to a Quality of Service
US20050064875A1 (en) 2003-09-23 2005-03-24 Sbc Knowledge Ventures, L.P. System and method for providing managed point to point services
US20050071839A1 (en) 2003-09-25 2005-03-31 Curitel Communications, Inc. Communication terminal and communication network for partially updating software, software update method, and software creation device and method therefor
US20080152140A1 (en) 2003-10-07 2008-06-26 Koolspan, Inc. Mass subscriber management
US20070106892A1 (en) 2003-10-08 2007-05-10 Engberg Stephan J Method and system for establishing a communication using privacy enhancing techniques
US20050154764A1 (en) 2003-11-26 2005-07-14 Andreas Riegler System for accessing content items over a network
US20050111663A1 (en) 2003-11-26 2005-05-26 International Business Machines Corporation System, method, and service for delivering enhanced multimedia content on physical media
US20050132204A1 (en) 2003-12-10 2005-06-16 Christoph Gouguenheim Trusted system for file distribution
US20050283791A1 (en) 2003-12-23 2005-12-22 Digital Networks North America, Inc. Method and apparatus for distributing media in a pay per play architecture with remote playback within an enterprise
US20060090187A1 (en) 2003-12-27 2006-04-27 Sk Telecom Co., Ltd. Rtsp-based multimedia control method
US20050172137A1 (en) 2004-02-03 2005-08-04 Hewlett-Packard Development Company, L.P. Key management technique for establishing a secure channel
US7512800B2 (en) 2004-02-03 2009-03-31 Hewlett-Packard Development Company, L.P. Key management technique for establishing a secure channel
US20100325428A1 (en) 2004-02-27 2010-12-23 International Business Machines Corporation System and Method for Authentication of a Hardware Token
US20050198332A1 (en) 2004-03-04 2005-09-08 International Business Machines Corporation Controlling access of a client system to an access protected remote resource
US20050223218A1 (en) 2004-03-19 2005-10-06 Nokia Corporation Storing of data in a device
US20060026304A1 (en) 2004-05-04 2006-02-02 Price Robert M System and method for updating software in electronic devices
US20070165860A1 (en) 2004-05-06 2007-07-19 Fukio Handa Method for issuing ic card storing encryption key information
US20070226513A1 (en) 2004-05-06 2007-09-27 Fukio Handa Ic Card for Encryption or Decryption Process and Encrypted Communication System and Encrypted Communication Method Using the Same
US20050283826A1 (en) 2004-06-22 2005-12-22 Sun Microsystems, Inc. Systems and methods for performing secure communications between an authorized computing platform and a hardware component
US20070160209A1 (en) 2004-07-02 2007-07-12 Kabushiki Kaisha Toshiba Content management method, content management program, and electronic device
US20060010324A1 (en) 2004-07-09 2006-01-12 Guido Appenzeller Secure messaging system with derived keys
US20070288713A1 (en) 2004-08-26 2007-12-13 Hiroshi Sugimoto Data Recording/Reproducing Device and Method
US20060107071A1 (en) 2004-11-12 2006-05-18 Apple Computer, Inc. Method and system for updating firmware stored in non-volatile memory
US20070028120A1 (en) 2004-11-12 2007-02-01 Apple Computer, Inc. Secure software updates
US20060168288A1 (en) 2004-12-16 2006-07-27 Michele Covell Identifying failure of a streaming media server to satisfy quality-of-service criteria
US20060141984A1 (en) 2004-12-29 2006-06-29 Claudio Taglienti Client-based context-based billing for wireless networks
US20090016264A1 (en) 2005-02-02 2009-01-15 Matsushita Electric Industrial Co., Ltd. Packet transfer method in communication network system and packet processing method in communication device constituting the system
US20060271485A1 (en) 2005-03-12 2006-11-30 Jiwire, Inc. Wireless connectivity security technique
US20060272031A1 (en) 2005-05-24 2006-11-30 Napster Llc System and method for unlimited licensing to a fixed number of devices
US7783635B2 (en) 2005-05-25 2010-08-24 Oracle International Corporation Personalization and recommendations of aggregated data not owned by the aggregator
US20060271488A1 (en) 2005-05-25 2006-11-30 Oracle International Corporation Techniques for analyzing commands during streaming media to confirm delivery
US20060271548A1 (en) 2005-05-25 2006-11-30 Oracle International Corporation Personalization and recommendations of aggregated data not owned by the aggregator
US7917612B2 (en) 2005-05-25 2011-03-29 Oracle International Corporation Techniques for analyzing commands during streaming media to confirm delivery
US20060294378A1 (en) 2005-06-23 2006-12-28 Lumsden Ian A Key loading systems and methods
US20070005974A1 (en) 2005-06-29 2007-01-04 Fujitsu Limited Method for transferring encrypted data and information processing system
US20070119918A1 (en) 2005-07-15 2007-05-31 Hogg Jason J System and method for new execution and management of financial and data transactions
US20070014403A1 (en) 2005-07-18 2007-01-18 Creative Technology Ltd. Controlling distribution of protected content
US20110007895A1 (en) 2005-07-26 2011-01-13 Wysocki Christopher R Secure Configuration of a Computing Device
US20070028109A1 (en) 2005-07-26 2007-02-01 Apple Computer, Inc. Configuration of a computing device in a secure manner
US7809949B2 (en) 2005-07-26 2010-10-05 Apple Inc. Configuration of a computing device in a secure manner
US20070055853A1 (en) 2005-09-02 2007-03-08 Hitachi, Ltd. Method for changing booting configuration and computer system capable of booting OS
US20070083759A1 (en) 2005-10-11 2007-04-12 Drew John W Data transfer system
US20070150724A1 (en) 2005-12-27 2007-06-28 Taiwan Semiconductor Manufacturing Co., Ltd. Data archiving and accessing methods and systems
US20070170243A1 (en) 2006-01-24 2007-07-26 First Data Corporation Contactless-chip-initiated transaction system
US20070255943A1 (en) 2006-04-18 2007-11-01 Kern David S Method and system for automating the recovery of a credential store
US20070280483A1 (en) 2006-06-06 2007-12-06 Red Hat, Inc. Methods and systems for key recovery for a token
US20070297340A1 (en) 2006-06-26 2007-12-27 Oracle International Corporation Techniques for correlation of charges in multiple layers for content and service delivery
US20080076572A1 (en) 2006-09-08 2008-03-27 Igt, Inc. Mobile gaming devices for use in a gaming network having gaming and non-gaming zones
US20080148067A1 (en) 2006-10-11 2008-06-19 David H. Sitrick Method and system for secure distribution of selected content to be protected on an appliance-specific basis with definable permitted associated usage rights for the selected content
US20080189214A1 (en) 2006-10-17 2008-08-07 Clay Von Mueller Pin block replacement
US20080120504A1 (en) 2006-10-31 2008-05-22 Research In Motion Limited System and method for protecting a password against brute force attacks
US20080100987A1 (en) 2006-10-31 2008-05-01 Tdk Corporation Multilayer capacitor, manufacturing method thereof
US20080120511A1 (en) 2006-11-17 2008-05-22 Electronic Data Systems Corporation Apparatus, and associated method, for providing secure data entry of confidential information
US20080240433A1 (en) 2007-01-22 2008-10-02 Samsung Electronics Co., Ltd. Lightweight secure authentication channel
US20080183622A1 (en) 2007-01-30 2008-07-31 Phil Dixon Signature based negative list for off line payment device validation
US20080273697A1 (en) 2007-05-01 2008-11-06 Greco Paul M Use of Indirect Data Keys for Encrypted Tape Cartridges
US20080301461A1 (en) 2007-05-31 2008-12-04 Vasco Data Security International, Inc. Remote authentication and transaction signatures
US20090063345A1 (en) 2007-08-29 2009-03-05 American Express Travel Related Services Company, Inc. System and Method for Facilitating a Financial Transaction with a Dynamically Generated Identifier
US7870273B2 (en) 2007-09-28 2011-01-11 Disney Enterprises, Inc. Method and system for indentifying a device implementing a digital rights management protocol
US20090094123A1 (en) 2007-10-03 2009-04-09 Patrick Killian Payment services provider methods in connection with personalized payments system
US20090185687A1 (en) 2008-01-23 2009-07-23 John Wankmueller Systems and Methods for Mutual Authentication Using One Time Codes
US20090202081A1 (en) 2008-02-08 2009-08-13 Ayman Hammad Key delivery system and method
US20100228972A1 (en) * 2009-03-04 2010-09-09 Hong Kong Applied Science and Technology Research Institute Company Limited System and Method for Content Distribution with Broadcast Encryption
US20100325423A1 (en) 2009-06-22 2010-12-23 Craig Stephen Etchegoyen System and Method for Securing an Electronic Communication
US20110246767A1 (en) 2010-03-30 2011-10-06 Pradeep Kumar Chaturvedi Secure virtual machine memory

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
A DRM Framework for Distributing Digital Contents through the Internet. Lee et al. ETRI Journal(Dec. 2003). *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11250170B2 (en) * 2016-12-23 2022-02-15 DISH Technologies L.L.C. Secure activation of client receiver by host receiver smart card
US11259065B2 (en) 2016-12-23 2022-02-22 DISH Technologies L.L.C. Securely paired delivery of activation codes between removable and integrated security processors

Also Published As

Publication number Publication date
US8842840B2 (en) 2014-09-23
US20130114812A1 (en) 2013-05-09
US20160219021A1 (en) 2016-07-28
US20140369501A1 (en) 2014-12-18

Similar Documents

Publication Publication Date Title
US9270447B2 (en) Demand based encryption and key generation and distribution systems and methods
US11818272B2 (en) Methods and systems for device authentication
US11470054B2 (en) Key rotation techniques
US11374916B2 (en) Key export techniques
US11451392B2 (en) Token-based secure data management
EP2956852B1 (en) Data security service
CN111277573B (en) Resource locator with key
US9424439B2 (en) Secure data synchronization
US10721075B2 (en) Web of trust management in a distributed system
CN111199045A (en) Method and system for encrypted private key management for secure multiparty storage and delivery of information
US9300639B1 (en) Device coordination
US20120303967A1 (en) Digital rights management system and method for protecting digital content
WO2023030450A1 (en) Data sharing method and electronic device
WO2023005838A1 (en) Data sharing method and electronic device
US20240086549A1 (en) Systems and methods for user characteristic determination through cryptographic tokenized data
US20240089105A1 (en) Systems and methods for user control and exclusion of cryptographic tokenized data
WO2013044307A1 (en) A system and method for distributing secured data
WO2024026428A1 (en) Digital identity allocation, assignment, and management
WO2013044311A1 (en) A system and method for distributing secured data

Legal Events

Date Code Title Description
STCF Information on status: patent grant

Free format text: PATENTED CASE

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YR, SMALL ENTITY (ORIGINAL EVENT CODE: M2551); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

Year of fee payment: 4

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YR, SMALL ENTITY (ORIGINAL EVENT CODE: M2552); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

Year of fee payment: 8