公开(公告)号：US09124770B2

公开(公告)日：2015-09-01

申请号：US14017016

申请日：2013-09-03

Applicant: Cisco Technology Inc.

Inventor： Erez Waisbard ,  Hillel Solow

IPC: H04L29/06 ,  H04N7/167 ,  H04N21/266 ,  H04N21/418 ,  H04N21/4405

CPC classification number: H04N7/167 ,  H04H60/15 ,  H04H60/23 ,  H04N21/26606 ,  H04N21/4181 ,  H04N21/4405 ,  H04N21/4408 ,  H04N21/4623

Abstract: A method and system of preventing control word sharing, the method and system including receiving a temporal key, denoted TKi, at a removable security element, receiving an entitlement control message (ECM), the ECM including a control word derivable by the removable security element, deriving the control word from the ECM at the removable security element, combining at least the control word and a value associated with an ID of the removable security element, thereby producing combined control word and removable security element ID data, encrypting the combined control word and removable security element ID data according to an encryption function, wherein the encrypting includes using TKi as an encryption key, and at a time after a removable security element interface has received TKi, but prior to a start of a crypto period with which the control word is associated, sending the encrypted combined control word and removable security element ID data to the removable security element interface. Related apparatus, methods and systems are also described.

Abstract translation: 一种防止控制字共享的方法和系统，所述方法和系统包括在可移动安全元件处接收表示为TKi的时间密钥，接收授权控制消息（ECM），所述ECM包括可移除安全元件可导出的控制字 从可移除安全元件的ECM导出控制字，至少组合控制字和与可拆卸安全元件的ID相关联的值，从而产生组合的控制字和可移除的安全元件ID数据，对组合的控制字进行加密 以及根据加密功能的可移动安全元素ID数据，其中所述加密包括使用TKi作为加密密钥，并且在可移除安全元素接口已经接收到TKi之后但是在所述控制 字相关联，将加密的组合控制字和可移除安全元素ID数据发送到可移除安全元件i 接口 还描述了相关装置，方法和系统。

公开(公告)号：US08751821B2

公开(公告)日：2014-06-10

申请号：US13774578

申请日：2013-02-22

Applicant: Cisco Technology, Inc.

Inventor： Itsik Mantin ,  Perry Smith ,  Yaron Sella ,  Erez Waisbard

IPC: H04L29/06 ,  G06F21/55 ,  G06F21/62 ,  G06F21/57 ,  G06F21/78 ,  H04L9/08 ,  H04L9/30

CPC classification number: G06F21/6218 ,  G06F21/55 ,  G06F21/554 ,  G06F21/575 ,  G06F21/62 ,  G06F21/78 ,  G06F2221/2143 ,  G11B20/00086 ,  G11B20/00666 ,  G11B20/00826 ,  H04L9/0886 ,  H04L9/0894 ,  H04L9/30 ,  H04N9/8205

Abstract: A method and system for securing a read write storage (RWS) device, the method comprising, providing the RWS device, the RWS device comprising a controller comprising a processor and a bit bucket storing data, and employing the controller to corrupt at least a portion of the data.

Abstract translation: 一种用于保护读写存储（RWS）设备的方法和系统，所述方法包括：提供所述RWS设备，所述RWS设备包括控制器，所述RWS设备包括控制器，所述控制器包括处理器和存储数据的位桶，并且使用所述控制器将至少一部分 的数据。

公开(公告)号：US09407434B2

公开(公告)日：2016-08-02

申请号：US14759417

申请日：2013-07-10

Applicant: Cisco Technology, Inc.

Inventor： Michael Kara-Ivanov ,  Aviad Kipnis ,  Tzachy Reinman ,  Efraim Mangell ,  Erez Waisbard ,  Yaacov Belenky

IPC: H04L9/08

CPC classification number: H04L9/0861 ,  H04L9/0869

Abstract: A method, system and apparatus for deriving a secondary secret from a root secret are described, the method, system and apparatus including reserving a memory buffer included in an integrated circuit, the memory buffer being large enough to contain all of the bits which will include the secondary secret, receiving a plurality of bits from a root secret, the root secret being stored in a secure memory of the integrated circuit, inputting the plurality of bits from the root secret and at least one control bit into a permutation network, and thereby producing a multiplicity of output bits, the at least one control bit including one of one bit of a value g, and one bit an output of a function which receives g as an input, receiving the multiplicity of output bits from the permutation network, inputting the multiplicity of output bits from the permutation network into a plurality of logic gates, thereby combining the multiplicity of output bits, wherein a fixed number of bits is output from the logic gates, inputting the fixed number of bits output by the logic gates into an error correcting code module, the fixed number of bits output by the logic gates including a first group of intermediate output bits and a second group of intermediate output bits and receiving output bits from the error correcting code module, the output bits of the error correcting code module including the first group of intermediate output bits as changed by the error correcting code module, where the change depends on the second group of intermediate output bits, filling non-filled registers in the reserved memory buffer with the first group of intermediate output bits as changed by the error correcting code module, and repeating the steps of “receiving a plurality of bits from a root secret” through “filling non-filled registers in the reserved memory buffer” until the entire secondary secret is derived, wherein the steps of “receiving a plurality of bits from a root secret” through “filling non-filled registers in the reserved memory buffer” are performed in a single clock cycle of the integrated circuit. Related apparatus, methods and systems are also described.

公开(公告)号：US10095882B2

公开(公告)日：2018-10-09

申请号：US14462012

申请日：2014-08-18

Applicant: Cisco Technology Inc.

Inventor： Erez Waisbard ,  Anna Schnaiderman

IPC: H04L29/06 ,  G06F21/62

Abstract: In one embodiment, a method for securing data on a semi-trusted server is implemented on a computing device and includes: receiving at least a current session key from a user device for use during a current session, where the current session key is suitable for encrypting data and for decrypting data encrypted with the current session key, decrypting communications received from the user device during the session with said session key, encrypting with the session key at least one of communications to be sent to said user device and personal data generated during the session, storing the encrypted personal data, and discarding the current session key upon completion of the session, thereby limiting possible access to the stored encrypted personal data other than during the session. Related apparatus and methods are also described.

公开(公告)号：US09918143B2

公开(公告)日：2018-03-13

申请号：US14749667

申请日：2015-06-25

Applicant: Cisco Technology, Inc.

Inventor： Erez Waisbard ,  Dan Revital

IPC: H04N7/167 ,  H04N21/8358 ,  H04N21/435 ,  H04N21/2347 ,  H04N21/235 ,  H04N21/266

CPC classification number: H04N21/8358 ,  H04N21/2347 ,  H04N21/2351 ,  H04N21/26613 ,  H04N21/4353

Abstract: In one embodiment, a method for providing media content implemented on a broadcast headend includes defining at least one metablock of media content according to a number of media content data blocks, where the media content data blocks are ordered in accordance with associated serial numbers, reordering the media content data blocks in the at least one metablock of media content to generate reordered data blocks, obfuscating the associated serial numbers in the reordered data blocks, providing details of the reordering to a receiving device, and transmitting the reordered data blocks to a receiving device.

公开(公告)号：US10469266B2

公开(公告)日：2019-11-05

申请号：US15595980

申请日：2017-05-16

Applicant: Cisco Technology, Inc.

Inventor： Aviad Kipnis ,  Erez Waisbard ,  Eliphaz Hibshoosh

IPC: H04L9/32 ,  H04L9/08

Abstract: In one embodiment, a first signature template is received, the first signature template being one of a signature template of a first message or a null template, the first signature template comprising at least the following fields: an aggregation depth field, a message identifier, one of the first message or a result of applying a one way hash function to the first message, a bit vector, an aggregated square random integer mod N, a signature of the first message. A second signature template is created based on the first signature template, the second signature template created as follows: increment the aggregation depth of the first signature template, determine a unique message identifier for a second message, determine a second bit vector, determine an second aggregated square random integer mod N, and calculate a new signature for the second message. Related methods, apparatus, and systems are also disclosed.

公开(公告)号：US20140079216A1

公开(公告)日：2014-03-20

申请号：US14017016

申请日：2013-09-03

Applicant: Cisco Technology Inc.

Inventor： Erez Waisbard ,  Hillel Solow

IPC: H04N7/167

CPC classification number: H04N7/167 ,  H04H60/15 ,  H04H60/23 ,  H04N21/26606 ,  H04N21/4181 ,  H04N21/4405 ,  H04N21/4408 ,  H04N21/4623

Abstract: A method and system of preventing control word sharing, the method and system including receiving a temporal key, denoted TKi, at a removable security element, receiving an entitlement control message (ECM), the ECM including a control word derivable by the removable security element, deriving the control word from the ECM at the removable security element, combining at least the control word and a value associated with an ID of the removable security element, thereby producing combined control word and removable security element ID data, encrypting the combined control word and removable security element ID data according to an encryption function, wherein the encrypting includes using TKi as an encryption key, and at a time after a removable security element interface has received TKi, but prior to a start of a crypto period with which the control word is associated, sending the encrypted combined control word and removable security element ID data to the removable security element interface. Related apparatus, methods and systems are also described.

Abstract translation: 一种防止控制字共享的方法和系统，所述方法和系统包括在可移动安全元件处接收表示为TKi的时间密钥，接收授权控制消息（ECM），所述ECM包括可移除安全元件可导出的控制字 从可移除安全元件的ECM导出控制字，至少组合控制字和与可拆卸安全元件的ID相关联的值，从而产生组合的控制字和可移除的安全元件ID数据，对组合的控制字进行加密 以及根据加密功能的可移动安全元素ID数据，其中所述加密包括使用TKi作为加密密钥，并且在可移除安全元素接口已经接收到TKi之后但是在所述控制 字相关联，将加密的组合控制字和可移除安全元素ID数据发送到可移除安全元件i 接口 还描述了相关装置，方法和系统。

公开(公告)号：US20150082019A1

公开(公告)日：2015-03-19

申请号：US14462012

申请日：2014-08-18

Applicant: Cisco Technology Inc.

Inventor： Erez Waisbard ,  Anna Schnaiderman

IPC: H04L29/06 ,  G06F21/62

CPC classification number: G06F21/6245 ,  H04L63/0435 ,  H04L63/068

Abstract: In one embodiment, a method for securing data on a semi-trusted server is implemented on a computing device and includes: receiving at least a current session key from a user device for use during a current session, where the current session key is suitable for encrypting data and for decrypting data encrypted with the current session key, decrypting communications received from the user device during the session with said session key, encrypting with the session key at least one of communications to be sent to said user device and personal data generated during the session, storing the encrypted personal data, and discarding the current session key upon completion of the session, thereby limiting possible access to the stored encrypted personal data other than during the session. Related apparatus and methods are also described.

Abstract translation: 在一个实施例中，在计算设备上实现用于保护半信任服务器上的数据的方法，并且包括：从用户设备至少接收当前会话密钥以在当前会话期间使用，其中当前会话密钥适合于 加密数据和解密利用当前会话密钥加密的数据，解密在与会话密钥的会话期间从用户设备接收到的通信，用会话密钥加密要发送给所述用户设备的通信中的至少一个以及在 会话，存储加密的个人数据，以及在会话完成时丢弃当前会话密钥，从而限制对于在会话期间以外的所存储的加密个人数据的可能访问。 还描述了相关装置和方法。