Presentation of protected digital content in computer network or similar

FIELD: physics; computer engineering.

SUBSTANCE: invention relates to architecture and a method of permitting display of digital content with the corresponding digital license, associated with a specific computer device. Transmitting and receiving computer devices are connected to each other over a network. A transmitting device transmits protected digital content to a receiving device such that, the receiving device can access that content even if the content is directly licensed to the transmitting device and not to the receiving device.

EFFECT: coordinated access to content between computer devices on a network.

20 cl, 6 dwg

 

The technical field to which the invention relates

The present invention relates to an architecture and method allow playback of digital content (information meaningful content) with a corresponding digital license bound to a specific computing device within the network, or the like, other computing device within the network. More specifically, the present invention relates to an architecture and method by which computing devices within the network coordinate access to the content among themselves.

Prior art

As you know, and referring now to Fig 1, a rights management (RM) and the realization of the rights is extremely necessary in connection with the digital content 12, such as digital audio, digital video, digital text, digital data, digital multimedia, and so on, where such digital content 12 is to be distributed to users. After receiving the user-this user plays or "loses" digital content using the playback device, such as a media player on a personal computer 14, the portable device playback, etc.

In a typical case, the content owner, distributor of such digital content 12, wants to restrict what the user can cause the so common digital content 12. For example, the content owner may wish to restrict the user from copying and redistribution of this content 12 to the second user, or may want to allow the playback of the distributed digital content 12 only a limited number of times, only for a certain total time, only a certain type of machine, only a certain type of player, only a certain type of user, etc.

However, once the distribution has occurred, the content owner may have very little control or do not have control over the digital content 12. The system 10 RM in this case provides controlled playback or playback of arbitrary forms of digital content 12, this control is flexible and definable by the holder of such digital content 12. In a typical case, the content 12 is distributed to the user in the form of a package 13 by any suitable distribution channel. A package of 13 digital content distribution may include digital content 12 is encrypted using a symmetric key encryption/decryption (KD), (i.e., (KD(CONTENT))), as well as other information identifying the content, how to purchase a license for this content, etc.

Based on the trust system is 10 RM allows the owner of the digital content 12 to set the rules, which must be satisfied before such digital content 12 is allowed to play. These rules may include the above and/or other requirements and can be implemented within a digital license 16 that the user/computing device 14 of the user (these terms are used interchangeably, unless the circumstances require otherwise) must obtain from the content owner or his agent, or these rules may already be attached to the content 12. This license 16 and/or rules may, for example, to include the decryption key (KD) for decrypting the digital content 12 may, encrypted under another key, the decrypted computing device or other device playback.

The content owner for a portion of the digital content 12 preferably will not extend the content 12 to the user while the owner will not trust what the user will follow the rules defined by this content owner in the license 16 or elsewhere. Preferably in this case, the computing device 14 of the user or other device playback with a trusted component or means 18, which will not play digital content 12 otherwise than in accordance with these rules.

Trusted to the ponent 18 typically has a unit 20 estimates which looking at the rules and determines based on the accessed rules, whether the requesting user the right to reproduce the requested digital content 12 the same way, among other things. It should be understood that the block 20 evaluation is trusted by the system 10 RM to perform the wishes of the owner of the digital content 12 according to the rules and the user should not be able to easily make changes in this trusted component 18 and/or the block 20 assessment for any purpose, lawful or unlawful.

It should be understood that the rules for playing the content 12 can specify whether the user has rights to reproduce, on the basis of several factors, including who the user is, where the user is located, what type of computing device 14 or other playback device the user is using, what the playback application queries the system 10 RM, date, time, etc. in Addition, rules can restrict playback of the predetermined number of playbacks or predetermined playing time, for example.

Rules can be defined according to any suitable language and syntax. For example, the language may simply specify attributes and values that must be satisfied (the DATE must be less than X, for example), and you might have to perform functions according to a set script (script) (IF the DATE is greater than X, THEN RUN..., for example).

After determining unit 20 estimates that the user satisfies the rules, the digital content 12 may in this case be reproduced. In particular, in order to reproduce the content 12, the decryption key (KD) is obtained from a predetermined source, such as the aforementioned license 16, and applied to (KD(CONTENT)) from the package 13 of content to get to the actual content 12, and the actual content 12 is then actually playing.

In the system 10 RM content 12 is formed in the form of a package for use by a user through encryption of the content 12 and associate the rule set with the content 12, the content 12 may be reproduced only in accordance with the rules. Because the content 12 may be reproduced only in accordance with the rules, in this case, the content 12 may be freely distributed. In a typical case, the content 12 encrypted according to a symmetric key, such as the aforementioned key (KD), in order to get the result in (KD(content)), and (KD(content)), hence also is decrypted according to (KD) to get the content 12. This (KD) in turn is included in the license 16 corresponding to the content 12.

Often this (KD) encrypted according to a public key, for example the public key is the computing device 14 (PU-C), whereby the content 12 is to be reproduced, with the result (PU-C(KD)). Note, however, that can be used by other public keys, such as, for example, the user's public key, the public key of the group member is a user, etc. So and provided that the public key (PU-C), the license 16 with (PU-C(KD)) is bound to the computing device 14 and may be used only in connection with this computing device 14, because only this computing device 14 should have access to the private key (PR-C)corresponding to (PU-C). You should take into account that this (PR-C) is required in order to decrypt (PU-C(KD)) to obtain (KD), and need a secure way to store this computing device 14.

You should take into account that the user may sometimes have multiple computing devices 14 that are networked or otherwise connected in the network 17 or the like In such a case may occur that the user can obtain a license 16 to reproduce the relevant portions of the content 12, the license 16 includes (KD) for that piece of content 12 encrypted under the public key of the first computing device 14 (PU-C1), in order to obtain the result (PU-C1(KD)), and thus this license 16 PR is vyzyvaetsya to this the first computing device 14. Moreover, this situation may optionally be what the user wants to reproduce the content 12 on the second computing device 14, which is in network 17 with the first computing device 14. However, it is critical that such second computing device 14 does not have access to the private key of the first computing device 14 (PR-C1), because the first computing device 14 should not be able to show that (PR-C1) to the second computing device 14. Instead, this second computing device 14 has access only to the private key of such a second computing device 14 (PR-C2), which, of course, cannot be applied to (PU-C1(KD)) to reveal (KD).

Thus, without additional architecture second computing device 14 is unable to obtain (KD) from (PU-C1(KD)) and, thus, to decrypt (KD(content))that is required to play this content 12. It is impossible, even if the user can reproduce the content 12 by the first computing device 14, second computing device 14 is in the network 17 with the first computing device 14, and the first and second computing devices are managed by a single user.

Accordingly there is a need in and is the architecture and the way who is allowed to reproduce the content 12 with a corresponding license 16, tied to a single computing device 14 in the network 17 or the like, by means of other suitable computing device 14 in the network 17, provided that the license 16 permits this. In particular, there is a need in the way of negotiating access to the content 12 between computing devices 14 in the network 17.

The invention

The aforementioned needs are satisfied at least partially by the present invention, which provides a method in connection with the first computing device ("transmitter") and the second computing device ("host device"), all interconnected by a network, where the transmitting device transmits the protected digital content to the receiving device so that the receiving device could access this content. The content is encrypted and decrypted according to the key content (KD).

According to the method, the receiving device sends a request to establish a session transmitting device, and the establishment request of the session includes a content identifier for the transmitting device, the action that should be taken regarding the content and the unique identifier of the receiving device. Sending us the device accepts the request to establish a session from the host device, determines on the basis of the unique identifier of the receiving device in the establishment request of the session that the receiving device is actually registered in the sending device receives a digital license corresponding to the identified content in the establishment request of the session analyzes the policy set out in the license to determine that the license allows the transmitting device to provide access to the content receiving device and also permits the action in the establishment request of the session, and sends a response to the establishment request of the session to the host device, when the response to the establishment request of the session includes the policy of the license, the unique identifier of the receiving device and key content (KD) for decrypting the encrypted content, (KD) is secured in a form accessible to the host device.

The transmitting device receives content encrypted according to (KD) to get the result (KD(content)), and sends (KD(content) to the receiving device. The receiving device receives the response to the establishment request of the session and (KD(content)), retrieves the policy and the protected key content (KD) for decrypting the encrypted content in response to the establishment request of the session, confirms that olitica allows the receiving device to reproduce the content, gets the key content (KD), applies (KD(content)) to highlight the content, and then actually plays the content in accordance with the policy.

Brief description of drawings

The preceding summary of the invention and the following detailed description of embodiments of the present invention will be more understandable when it is considered together with the accompanying drawings. In order to illustrate the invention the drawings shown embodiments of which are currently preferred. It should be understood, however, that the invention is not limited to the illustrated precise devices and means. In the drawings:

figure 1 - block diagram showing the architecture of an example implementation based on the trust system;

figure 2 - block diagram representing computational General-purpose system that can be integrated with aspects of the present invention and/or its parts;

figure 3 is a block diagram showing the transmitting device and the receiving device of figure 1;

4, 5 and 6 are block flow diagrams showing the main steps performed by transmitting and receiving devices according to figure 3 when registering the receiving device to the transmitting device (figure 4), establishing a session between the receiving device and the transmitting device (figure 5) the transfer of the content from the transmitting device to the receiving device (6), in accordance with one embodiment of the present invention.

Detailed description of the invention

COMPUTING ENVIRONMENT

Figure 1 and the subsequent discussion are intended to provide a brief General description of a suitable computing environment in which the present invention and/or parts thereof can be implemented. Although not required, the invention described in the General context mashinostryenia instructions, such as program modules, executed by the machine, such as a client workstation or a server. Generally, program modules include procedures, programs, objects, components, data structures, etc. that perform particular tasks or implement certain abstract data types. Furthermore, it should be taken into account that the invention and/or parts thereof can be implemented with other configurations of computing systems, including handheld devices, multiprocessor systems, microprocessor-based or programmable consumer electronics, network personal computers (PCs), minicomputers, universal computing machines and the like, the Invention can be implemented in distributed computing environments where tasks are performed by remote processing device is AMI, which are connected through a communication network. In a distributed computing environment, program modules may be stored on a local or remote storage devices.

As shown in figure 2, a typical computer system General purpose includes a conventional personal computer 120 or the like, comprising a block 121 data processing system memory 122, and a system bus 123 that couples various system components including the system memory unit 121 data processing. The system bus 123 may be any of several types of bus structures including a memory bus or memory controller, a peripheral bus and a local bus using any of a variety of bus architectures. The system memory includes a persistent storage device 124 (ROM) and random access memory 125 (RAM). Basic system 126 input / output system (BIOS), containing basic routines that help to transfer information between elements within the personal computer 120, for example, during startup, is stored in ROM 124.

The personal computer 120 may further include a drive 127 on hard drives for reading and writing to a hard disk (not shown), a magnetic disk drive 128 for reading and writing to a removable magnetic disk 129, and an optical disk drive 130 for SGAs is ivania and writing to removable optical disk 131, for example, CD-ROM or other optical medium. Drive 127 on the hard disk, magnetic disk drive 128, and optical disk drive 130 is connected to the system bus 123 via an interface 132 of the hard drive, interface 133 of the magnetic disk drive and interface 134 optical drive, respectively. Drives and drives and their associated computer-readable media provide nonvolatile storage of computer-readable commands, data structures, program modules and other data for the personal computer 120.

Although illustrative environment described herein employs the hard disk drive 127, a removable magnetic disk 129 and a removable optical disk 131, it should be taken into account that other types of computer-readable media that can store data, to which a personal computer can access, can be used in the illustrative operating environment. Such other types of media include a magnetic disk, flash memory card, digital videodisc cartridge Bernoulli, random access memory (RAM), a persistent storage device (ROM), etc.

A number of program modules may be stored on the hard disk, magnetic disk 129, optical disk 131, ROM 124 or RAM 125, including an operating system (OS) 135, one or more application programs 136, other program modules 137, and data 138 programs. The user can enter commands and information into the personal computer 120 through input devices such as a keyboard 140 and a pointing device 142. Other input devices (not shown) may include a microphone, joystick, game pad, satellite dish, scanner, etc. These and other input devices are often connected to the block 121 data via the interface 146 user input, which is connected to the system bus 121, but may be connected by other interfaces such as a parallel port, game port or a universal serial bus (USB). Monitor 147 or another type of display device is also connected to system bus 123 via an interface, such as a video adapter 148. In addition to the monitor 147, a personal computer typically includes other peripheral output devices (not shown), such as speakers and printers. The illustrative system of figure 2 also includes adapter 155 master device bus 156 small computer system interface (SCSI) and the external storage device 162, connected to the bus 156 SCSI.

The personal computer 120 may operate in a networked environment using logical connections to one or more remote computers, such as remote computer 149. Remote computer 149 may be another personal computer is lately, the server, a router, a network PC, a peer device or other common network node, and typically includes many or all of the elements described above relative to the personal computer 120, although only storage device 150 is illustrated in figure 2. Logical connections are shown in figure 2, include a local area network (LAN) 151 and a wide area network (WAN) 152. Such networking environments are commonplace in offices, enterprise computer networks, intranets (internal networks use technology to the Internet) and the Internet.

When using in a network environment LAN personal computer 120 is connected to a LAN 151 through a network interface or adapter 153. When used in a WAN network environment, the personal computer 120 typically includes a modem 154 or other means for establishing communications over the WAN 152, such as the Internet. The modem 154, which may be internal or external, is connected to system bus 123 via an interface 146 serial port. In a networked environment, program modules, shown relative to the personal computer 120, or portions thereof may be stored in a remote storage device. You should take into account that shows the network connections are illustrative and can use other means of establishing lines of the ligature between computers.

The PLAYBACK of the CONTENT 12 IN the networked COMPUTING DEVICE 14

Content protection is a range of methods and technologies to protect digital content 12, so that the content 12 could not be used in a manner incompatible with the wishes of the owner and/or content provider. The methods include copy protection (CP), protection of lines of communication (LP), conditional access (CA), rights management (RM) and digital rights management (DRM) among other things. The basis of any content protection is that only trusted application, which ensures proper functioning of implicit and/or explicit rules for the use of protected content 12 can access it in an unprotected form. In a typical case, the content 12 is protected through encryption in any way, only trusted parties can decrypt it.

Copy protection is literally specifically applies to the content 12 that is stored on the storage device, while protecting the communication line is applied to the content 12, transmitted between applications/devices on the transmission medium. Conditional access can be considered as the most complex form of protection of the communication line, when the main program, the TV and/or movies are encrypted during transmission. Only subscribers who have paid for access to this content 1, feature keys needed to decrypt it.

Digital rights management is an extensible architecture in which the rules relating to the authorized use of specific portions of the content 12 are clearly linked or associated with the content 12. The DRM mechanisms can support more detailed and accurate than other methods, while providing greater control and flexibility at the level of individual portions of the content or even sub-components of such content. An example of a system digital rights management set forth in the application for U.S. patent number 09/290363 filed April 12, 1999, Provisional application for U.S. patent number 60/126614 filed March 27, 1999, each of which is fully incorporated herein by reference.

Rights management is a form of DRM, which organizationally is based on the fact that the content 12 may be secured so as to be accessible only within the organization or its subset. An example of a control system of rights set forth in the application for U.S. patent numbers 10/185527, 10/185278 and 10/185511 who filed July 28, 2002 and fully incorporated herein by reference.

In the present invention to the content 12 with a corresponding license 16 attached to the first computing device 14 in the network 17, may sestultima access by the second computing device 14 in the network 17, of course, provided that the license 16 allows it. In a typical case, the network 17 is a home or office network 17, limited to a relatively small number of users, although it should be taken into account that the network 17 may be any suitable network interconnected computing devices 14 without departure from the essence and scope of the present invention. For example, the network 17 may be a simple cable that connects the computing device 14 to each other. Note, however, that the owner of the content 12 may wish to restrict access to this content 12 to a relatively large network 17, such as, for example, the Internet, and may even want to restrict access to this content 12 on any network 17, for example, when such access may harm the owner, receiving the license fee for a license 16 for the content 12, or if such access may increase the likelihood that the content 12 to be stolen by a malicious object.

The computing devices 14 in the network 17 may be any suitable computing device 14 without departure from the essence and scope of the present invention. In a typical case, at least some of the computing device 14 in the network is a personal computing device, such as a road or desktop computers, and it should be understood that at least some the mi of such computing device 14 may also be a portable computing device, which is connected to the network 17 to only download the content for later playback, the playback computing device 14, such as printers, monitors, speakers, etc., portable storage devices, etc. of the Present invention can also be used to extend the range of RM-protected content 12 to the portable electronic device 14 play, connected to the computer 14 over a home network 17. Importantly, the present invention enables access to the protected content 12 along with the realization of the rights specified by the content owner in the license 16 corresponding to them.

Then, using the present invention store digital media can centrally store a library of content on a personal computer 14, while still allowing remote access from any point in a limited area, such as at home, even if the device 14 implementing remote access to the content 12, does not receive a license 16, attached to it, for the content 12. Using the present invention, the content 12 is securely transmitted over the network 17 at the same time preserving the rights of the owner of the content 12.

In one embodiment of the present invention, the method of delivery of content 12 from the first, the transmitting computing device 14 (the alley "transmitting device") second, the host computing device 14 (hereinafter "receiving device") is agnosticism in relation to the actual protocols used for transmission of the content 12. Thus, the specific way in which the transmitting device and the receiving device communicate, no matter for how. In addition, in one embodiment of the present invention, the method of delivery of content 12 from the transmitting device to the receiving device is agnosticism in relation to the format of the content 12. Thus, any specific type of content 12 may be sent from the transmitting device to the receiving device via this method.

Referring now to figure 3, it can be seen that in one embodiment of the present invention the transmitting device 14x transmits the content 12 to the receiving device 14r for connecting the network 17, while the transmitting device already has the content 12 and the license 16 corresponding to it, and the transmitting device 14x has a pair of public/private key (PU-X PR X), associated with it, and the transmitting device 14r also has a pair of public/private key (PU-R PR-R), associated with it. As shown, the content 12 is in the form of package 13 content content 12 encrypted under the symmetric key content (KD) for th is would get the result (KD(content)), and the license 16 includes a description of the rights and conditions (hereinafter "policy"), may include whether the receiving device 14r to access the content 12 by means of the transmitting device 14x and the network 17, and also includes key content (KD)encrypted according to a private key of the sending device 14x (PU-X) to get the result (PU-X(KD)). Note that, although the present invention is described mainly in terms of the symmetric key content (KD) and pairs of public/private keys for the transmitting device 14x and the receiving device 14r, can also be used other mechanisms encryption without departure from the essence and scope of the present invention.

Referring now to figure 4 to 6 to prepare the receiving device 14r to provide access to the content 12 by means of the transmitting device 14x and the network 17, in one embodiment of the present invention used in a manner to register the receiving device 14r of the transmitting device 14x (figure 4), to establish a session between the sending device 14x and the receiving device 14r (figure 5) and to transmit the content 12 from the transmitting device 14x receiving device 14r (6), whereby the receiving device 14r can reproduce the transmitted content 12 according to the terms of the person who Ziya 16, appropriate to it.

In particular and referring now to figure 4, in one embodiment of the present invention the receiving device 14r is registered in the sending unit 14x after sending the receiving device 14r of the registration request transmitting unit 14x by connecting the network 17 (step 401). You should take into account that the request for registration must include a unique identifier of the receiving device 14r and, accordingly, such a unique identifier at least partly achieved by the inclusion in the registration request digital certificate 22 provided to the receiving device 14r corresponding CA. You should also take into consideration that the digital certificate 22 includes a public key of the receiving device 14r (PU-R) and has a digital signature of the CA, and thus, the authenticity of the digital signature certificate 22 can be verified by the proper application (PU-R) to it. You should additionally take into account that the certificate 22 may include a chain of certificates leading back to the CA, through which the transmitting device 14x, knowing about authentication public key corresponding to the CA may verify the authenticity of the chain of certification is ikats with the to ensure that the certificate is 22 really comes from CA.

It is known that at least in some cases, the receiving device 14r can share certificate 22 with other similar devices, especially if the receiving device 14r is relatively simple, or was otherwise designed for this manufacturer. In order to prevent this situation and to ensure that the registration request does includes the unique identifier of the receiving device 14r, a registration request from the receiving device 14r also includes the ID of the device 24 of this receiving device 14r, and the identifier 24 of the device of this receiving device 14r differs from the ID device 24 of any other similar device that can share certificate 22 with the data receiving device 14r. Thus, between 22 certificate and ID 24 device receiving device 14r is uniquely identified in the registration request sent by the transmitting device 14x. Note that although you can do without ID device 24 when the certificate of the 22 unique to the receiving device 14r, the transmitting device 14x and/or the receiving device is the STV 14r can not always ensure whether or not this certificate 22 unique to the receiving device 14r, and therefore, it may be useful to always require ID 24 of the device 22 certificate in the registration request.

In any case, after receiving the registration request transmitting device 14x checks the validity of its certificate 22 (step 403) and, in particular, specifies that the certificate 22 can be tracked in the opposite direction by means of the accompanying certificate chain to a root certification authority known this transmitting device 14x and confirmed to them, and also sets according to the corresponding list of 26 cancellation of that certificate 22 has not been canceled. Significantly in this case that the transmitting device 14x bestows trust receiving device 14r in order to properly process the received content 12, at least partially, if the receiving device 14r owns neonomianism certificate 22 extracted from an approved certification authority.

Assuming that the transmitting device 14x finds seannalewanyj and the certificate of 22 in the registration request, the transmitting device 14x may decide without extra effort to actually register the receiving device 14r as having the ability to carry up to blunt to the content 12 via the transmitting device 14x and the network 17. However, in one embodiment of the present invention the transmitting device 14x before the registration of the receiving device 14r also verifies that the receiving device 14r is in sufficient proximity to the transmitting device 14x, measured as a function of distance, time or other you Can take into account that this area can be used to avoid situations when a global network of 17 in order to register the host device 14r of the transmitting device 14x. Such use of global networks 17 must be prevented because any receiving device 14r anywhere in the world should not be allowed to register with the transmitting device 14x. Otherwise, one or more users can create an extensive network of 17 receiving devices 14r, registered in the sending unit, 14x, and thereby hamper the implied purpose of restricting access to content 12 via the network 17 to a single user or a specific group of affected users.

In any case, in order to implement this requirement vicinity, again referring to figure 4, the transmitting device 14x sends a response to the registration request requesting the host device 14r p is a means of connecting networks 17 (step 405). In one embodiment of the present invention, the response to the registration request includes a registration ID generated by the transmitting device 14x in order to identify the registration request, at least one of the identifier device 24 and (PU-R) of the receiving device 14r obtained from the registration request, and the first disposable number that must be used, as described in more detail below. You should take into account that the first disposable number is, essentially, a random value. To prevent viewing of the information by an unauthorized object, the request for registration or, at least, part of it can be encrypted by the way, the decrypted by the receiving device 14r, for example, by (PU-R), although it may be used and different cryptographic key without departure from the essence and scope of the present invention.

After reception of the registration request receiving unit 14r decrypts it and verifies that at least one of the identifier device 24 and (PU-R) belongs to the receiving device 14r (step 407), and if so, the receiving device 14r sends the address of the port together with the registration ID of the transmitting device 14x by connecting the network 17 (step 409). As the can is about to see next, the port can be any suitable port of the receiving device 14r, and he should be selected primarily on the basis of how quickly the transmitting device 14x can access the receiving device 14r, thus the statement that the proximity requirement is satisfied, mainly based on how quickly the transmitting device 14x sends a message to the proximity of the host device 14r and receives the reply message vicinity.

With port address received from the host device 14r, the transmitting device 14x checks vicinity by sending messages to the proximity with the second disposable number of the receiving device 14r via the network 17 and the received port address of this host device 14r (step 411). The second single number must be used, as described in more detail below. Second disposable number is, essentially, a random value. In parallel with step 411 transmitting device 14x captures the initial time when the message was sent proximity with the second disposable number.

The receiving device 14r receives a message proximity with the second single number from the transmitting device 14x via the network 17 and the port address of this host devices 14r and then uses the received first and second single rooms on the I, to generate the value of proximity (step 413), and then sends the reply message to the next with a value close back to the transmitting device 14x via the network 17 (step 415). Note that the value of proximity can be any value based on the first and second single rooms without departure from the essence and scope of the present invention. For example, the value of proximity may be a hash value (the result of applying the hash function (hash)) of the first and second disposable numbers. The importance of proximity can be obtained through use of the first disposable number as the encryption key to obtain a hash value of the second single rooms. Note that the used hash functions can be any suitable used hash functions without departure from the essence and scope of the present invention. Performing a hash is known or should be obvious relevance to the art circle of people, and therefore not binding in any way stated in the document.

In any case, the transmitting device 14x receives the reply message proximity with a value close to the receiving device 14r via the network 17 (step 417) and simultaneously captures the final time, when it is set to close, thus for ERSA the test vicinity. After that, the transmitting device 14x verifies the value of proximity on the basis of the first and second disposable numbers (step 419). Provided that the value of proximity verified, then the transmitting device 14x calculates on the basis of the recorded start and end times the actual duration, compares it with a predetermined threshold value (step 421) and decides on the comparison results, whether close the receiving device 14r to satisfy the requirement of proximity (step 423). If so, the transmitting device 14x registers receiving device 14r as having the ability to access the content 12 via the transmitting device 14x using connecting networks 17 (step 425). You can take into account that the total duration of at least approximately correspond to how far the receiving device 14r is located from the transmitting device 14x, and, thus, the total duration of the test the next must be less than the threshold value, to satisfy the requirement that vicinity. Such a threshold value can be defined for the transmitting device 14x in each case separately, can be specified as a specific value for any external history is nick, can be specified as a specific value of a license requirement 16, etc.

To confirm that the receiving device 14r actually registered in the sending unit, 14x, the transmitting device 14x can maintain a list of 28 registry that includes the identifier of the receiving device 14r, for example, the certificate 22 with (PU-R) and/or the identifier 24 of the device from the receiving device 14r. Of course, this list 28 registry may also have other suitable information without departure from the essence and scope of the present invention.

After registration of the transmitting device 14x, the receiving device 14r can be registered indefinitely. Alternative transmitting device 14x may periodically require that the receiving device 14r had been re-registered in accordance with the method shown in figure 4. Such re-registration may be required after a certain period, after the implementation of the access to a certain number of content portions 12, after the upgrade, the trusted component 18 of the receiving device 14r, etc. This information can certainly be recorded accordingly in the list of 28 registry. Among other things, periodic re-registration of the receiving device 14r ensures that the receiving device 14r in regname satisfies the requirement of proximity.

The transmitting device 14x theoretically can register any number of receiving devices 14r. However, in one embodiment of the present invention the transmitting device 14x has a predetermined number of receiving devices 14r, which can be registered. In one embodiment of the present invention the transmitting device 14x has a predetermined number of receiving devices 14r, which may simultaneously access the content 12 from it. In addition, this information can certainly be recorded accordingly in the list of 28 registry. Thus, the user cannot interfere with the implied purpose of restricting access to the content 12 to a limited number of receiving devices 14 via the network 17. You should take into account that after the maximum number of receiving devices 14r reached, the transmitting device 14x in the first case can no longer register new receiving device 14r up until registration of existing registered receiving devices 14r accordingly is not canceled, and in the second case can no longer allow access to the content 12 to the new receiving device 14r up until the current accessing the host device 14r is not compliance is adequate way disconnected.

Suppose now that the receiving device 14r registered in the sending unit, 14x, and, as mentioned above, the receiving device 14r in one embodiment, the present invention can establish a session with the transmitting device 14x in order to access the content 12 from it. Referring now to figure 5, in one embodiment of the present invention the transmitting device 14x and the receiving device 14r establish a session between them after the receiving device 14r of the establishment request of the session the transmitting device 14x via the network 17 (step 501). In particular, the establishment request of the session identifies the content 12 to the transmitting device 14x and the action that should be taken against him, and also includes the session ID ID-R, generated by the host device 14r to identify the establishment request of the session certificate 22 of the receiving device 14r with (PU-R) in it and its identifier 24 of the device.

In addition, it may be that the establishment request of the session includes the version number of the list of 26 cancellation of the receiving device 14r (V-RL-R). It should be understood that due to the fact that the transmitting device 14x has this list of 26 cancellation to verify that the certificate 22 of the receiving mouth of the STS 22 is not cancelled at step 403 in figure 4, the receiving device 14r may also have this list 26 cancellation in case, if the actual receiving device 14r acts as a transmitting device 14x to another host device 14r. Thus, the receiving device 14r when functioning as a transmitting device 14x may have the need to list 26 cancellation and refer to the list of 26 cancellation. You can also take into account, and as described in more detail below, the version number of the list of 26 cancellation of the receiving device 14r (V-RL-R) is compared with the version number of the list of 26 cancellation transmitting device 14x (V-RL-X), and if (V-RL-X) than (V-RL-R), and duly signed by the issuing CA, the transmitting device 14x can send your list 26 cancellation of the receiving device 14r. Optionally, if (V-RL-R) newer than (V-RL-X), the receiving device 14r can send your list 26 cancellation of the transmitting device 14x. Thus, lists 26 cancellation on the sending unit 14x and the receiving device 14r can be updated if necessary.

In response to the establishment request of the session from the host device 14r transmitting device 14x first determines on the basis of 22 certificate with (PU-R) and/or identifier 24 of the device and C is the millet on the session in relation to its list of 28 registry that the receiving device 14r actually registered in the sending unit 14x (step 503). After that, the transmitting device 14x receives a license 16 corresponding to the content 12 identified in the request to establish a session, and analyzes the policies set forth therein (step 505). Provided that this policy permits the transmitting device 14x to provide content 12 to the receiving device 14r via the network 17, and allows the action identified in the request to establish a session, the sending device 14x prepares and sends to the receiving device 14r through a network of 17 response to the establishment request of the session (step 507), including the policy received from the license 16 and is based on the license 16, the ID of the device 24 of the receiving device 14r, obtained from an establishment request of a session, the session ID ID-R from the receiving device, obtained from the request, and the key content (KD for decryption of the content 12 encrypted under the public key of the receiving device 14r (PU-R), obtained from the certificate 22, sent along with a request to establish a session. Alternative instead of sending (KD)encrypted by (PU-R), may be that the transmitting device 14x and the receiving device 14r both know how to obtain (KD) from the original, with revostock sent in the request to establish a session, encrypted by (PU-R).

Key content (KD) for decrypting the content 12, if it is not extracted from the original can be obtained by the transmitting device 14x of the corresponding license 16 (PU-X(KD)), the decrypted transmitting device 14x by applying the relevant (PR-X) and then re-encrypted according to (PU-R) in order to obtain the result in (PU-R(KD)) or similar. Alternative transmitting device 14x can decide to get this (KD)to decrypt the content 12 based on it and re-encrypted using a different (KD), and then encrypt different (KD) according to (PU-R) in order to obtain the result in (PU-R(KD)). An alternative may be that the content 12 is not encrypted in the beginning of the transmitting device 14x. In this case, the transmitting device selects (KD), encrypts the content 12 according to this (KD) and then encrypts selected (KD) according to (PU-R) in order to obtain the result in (PU-R(KD)). The key content (KD) for decrypting the content 12, if he actually removed from the original, can be obtained by the transmitting device 14x by obtaining the original of the corresponding license 16 and excretion (KD) from the original. If the content 12 is not encrypted in the beginning of the transmitting device 14x, the transmitting device selects the source, outputs (KD) from it and encrypts Conte is t 12 according to this (KD).

In one embodiment, the present invention signature or message authentication code (MAC) is generated based on the response to the establishment request of the session and attached to it, with the signature/MAC binds the policy to the remaining part of the response to the establishment request of the session and therefore can be used for verification of the response to the establishment request of the session. It should be understood that such reference is required to ensure that the constituent parts of the response to the establishment request of the session could not be accessed separately from each other, because a malicious object that wants to steal the content 12, may try to do it. In one embodiment, the present invention signature/MAC is based on symmetric key integrity (KI)selected for response to the establishment request of the session, and, thus, the response to the establishment request of the session also includes selected (KI)encrypted according to (PU-R), in order to obtain the result (PU-R(KI)). Thus, only the receiving device 14r with the corresponding (PR-R) can be obtained (KI) from the response to the establishment request of the session and to verify it, as will be seen below. Alternative and again instead of sending (KI)encrypted by (PU-R), may be that the transmitting device 14x and receiving ustroystvo both know about how to get (KI) from the original, with the original sent to the establishment request of the session is encrypted by (PU-R). Note that this source may be the same source from which it was obtained (KD), or may be another source.

In one embodiment of the present invention, the response to the establishment request of the session from the transmitting device 14x receiving device 14r also includes the version number of the list of 26 cancellation transmitting device (V-RL-X). As mentioned above, if the receiving device 14r determines on the basis that (V-RL-R) newer than (V-RL-X), the receiving device 14r can send your list 26 cancellation of the transmitting device 14x. An alternative may be that the transmitting device 14x has already determined through a comparison of (V-RL-R), obtained from the establishment request of the session with (V-RL-X), (V-RL-X) than (V-RL-R). In this case, the transmitting device 14x can send your list 26 cancellation of the receiving device 14r.

In one embodiment of the present invention, the response to the establishment request of the session from the transmitting device 14x receiving device 14r also includes the session identifier ID-X, generated by the transmitting device 14x for session identification for prinimaya the device 14r, this session identifier ID-X is different from the session ID ID-R receiving device 14r. It should be understood that the transmitting device 14x can generate the session identifier ID-X because the session ID ID-R is not subject to verification by the signature/MAC in the establishment request of the session from the host device 14r, can generate the session identifier ID-X, because the format of the session ID ID-R unacceptable to the transmitting device 14x, or may generate the session ID ID-R in case of unforeseen circumstances.

The transmitting device 14x together with sending the request to establish a session on the stage 507 is also appropriately stores the establishment request of the session or, at least, a part of him and answer session or, at least, his part in the corresponding storage 30x session for later retrieval and use (step 509). In particular, and as seen below, the transmitting device 14x stores in the storage 30x session, at least the identifier of the content 12 and at least one of the identifier ID-X session-ID-R session.

In any case, after receiving the response to the establishment request of the session from the transmitting device 14x receiving device 14r extracts (PU-R(KI)) and applies the appropriate (PR-R) to it is La, to get the key integrity (KI), and then checks the signature/MAC response to the establishment request of the session on the basis of this (KI) (step 511). Alternate receiving device 14r retrieves the encrypted source, applies the appropriate (PR-R) to it in order to get the result of the source, and outputs key integrity (KI) on the basis of the original, and then verifies the signature/MAC response to the establishment request of the session on the basis of this (KI).

Assuming that the signature/MAC really verified, a session is established between the sending device 14x and the receiving device 14r, and the receiving device 14r accordingly stores the response to the establishment request of the session from the transmitting device 14x or at least part thereof in the corresponding store 30r session for later retrieval and use (step 513). Note that although the session was set relative to the portion of the content 12 identified in the request to establish a session from the host device 14r at step 501, a portion of the content 12 is currently not yet delivered to the receiving device 14r.

Thus, referring now to Fig.6, in one embodiment of the present invention, the content 12 is transmitted from the transmitting device 14x receiving devices is 14r via the network 17. In particular and as you can see, the receiving device 14r retrieves the establishment request of the session or part that you saved in step 513, from their store 30r session and receives from the extracted request to establish a session identifier ID-X of the session generated by the transmitting device 14x (step 601). Alternatively, if the identifier ID-X of the session generated by the transmitting device 14x, not specified in response to the establishment request of the session, the receiving device 14r retrieves the ID-R session generated by the receiving device 14r. Afterwards, the host device 14r sends a transmission request transmitting unit 14x via the network 17 (step 603), and the transfer request includes the identifier ID-X or ID of the R session ("ID"). The transmitting device 14x after receiving this transmission request specifies the session ID in it and retrieves the establishment request of the session or part of and response to the establishment request of the session or part that you saved in step 509, from your storage 30x-based session identified by the session ID (step 605). From this response to the establishment request of the session transmitting device 14x retrieves the ID of the content 12 and then finds the package 13 containing the identified content 12 or Dan creates the initial package 13 (step 609). Note that such a finding and/or creating can be performed earlier in connection with the preparation of the response to the establishment request of the session in step 507 register, shown in figure 5, especially if the transmitting device 14x creates the package 13 with the content 12 in it, encrypted according to (KD), in order to obtain the result (KD(content)).

In any case, the transmitting device 14x sends a response to the transmission request to the receiving device 14r via the network 17 (step 611), and the response to the transfer request includes the package 13 with the content 12 encrypted according to (KD), in order to obtain the result (KD(content)). The receiving device 14r after receiving this response to the transfer request retrieves response to the establishment request of the session from their store 30r session (step 613), retrieves the policy and (PU-R(KD)) or (PU-R(reference)) from the extracted response to the establishment request of the session (step 615), confirms that the policy allows the receiving device 14r play content 12 the same way (step 617), and provided that such confirmation is received, then can apply (PR-R) to (PU-R(KD)) to reveal (KD)or (PR-R) to (PU-R(reference)) in order to identify the source and then to obtain (KD) (step 619), applying (KD) to (KD(content)) to obtain the content 12 (step 621), and for the eat to actually play the content 12 in accordance with the policy (step 623).

CONCLUSION

The present invention can be implemented on any suitable transmitting device 14x and the receiving device 14r connected via the network 17, provided that such transmitting device 14x and the receiving device 14r are suitable trusted components 18, and the receiving device 14r has 22 certificate from a certification authority, confirmed by the transmitting device 14x. It should be clear that in the present invention, as set forth in this document, the content 12 is delivered from the transmitting device 14x receiving device 14r through the connecting network 17 according to the method, which does not depend on the actual protocols used for transmission of the content 12 via the network, and which is not dependent on the format of the content 12.

Note that, although the present invention is disclosed primarily about receiving device 14r, which performs playback, such as play or rasterization, among other things, the receiving device 14r can perform other actions without departure from the essence and scope of the present invention. These other actions include, but are not in a restrictive sense, the content 12 on a separate computing device 14, such as a personal computer, handheld device, etc.; PE is Enos content 12 on the portable storage device, magnetic or optical disk, etc.; content migration 12 in another protection scheme; export content 12 without any protection scheme; transfer or export the content 12 in another format; and so on, In General, in this case, the migrated content 12 may be reproduced, distributed, edited, used for creating, editing or distributing content, etc. for Example, the content 12 may have a policy that allows or disallows editing of the content 12 in certain ways.

The programming necessary to execute the processes performed in connection with the present invention, a relatively simple and should be obvious relevance to programming a circle of people. Consequently, this programming is not attached to this document. Any specific programming, in this case, can be used to implement the present invention without deviation from its nature and scope.

From the preceding description, it can be seen that the present invention provides useful architecture and method that allow playback of content 12 with a corresponding license 16, tied to a single computing device 14 in the network 17 or the like, by means of other suitable computing device 14 in the network 17 is slowiy, the license 16 permits this. Using this method, computing device 14 in the network 17 coordinate access to the content 12 to each other.

It should be understood that there may be changes in the above described embodiments of without straying from the concepts relevant to the invention. Probably the most important thing that should be taken into account that although the session (figure 5) and the transfer of content 12 (6) set forth on the merits separately referred to the establishment and transfer can be performed essentially as a single procedure. It should be understood that in this situation some of the stages and elements may be omitted, if recognized as unnecessary. Other possible changes worth mentioning include the removal of various identifiers, such as identifiers and session identifiers registration. In General, then it should be understood that this invention is not limited to the specific disclosed variants of implementation, and is intended to cover modifications within the essence and scope of the present invention defined by the attached claims.

1. Way of negotiating access to digital content between the first computing device ("transmitter") and the second computing device ("host device")connected between the from a network, when this transmitting device configured to transmit the protected digital content to the receiving device so that the receiving device could access this content, and the content is encrypted and decrypted according to the key content (KD), the method contains the steps that
the receiving device sends a request to establish a session transmitting device, and the establishment request of the session includes a content identifier for the transmitting device, the action that should be taken with regard to content, and a unique identifier of the receiving device;
the transmitting device receives a request to establish a session from the host device determines on the basis of the unique identifier of the receiving device in the establishment request of the session that the receiving device is actually registered in the sending device receives a digital license corresponding to the identified content in the establishment request of the session analyzes the policy set out in the license to determine that the license allows the transmitting device to provide access to the content receiving device and also permits the action in the establishment request of the session, and sends the response is and the establishment request of the session to the host device, when this response to the establishment request of the session includes the policy of the license, the unique identifier of the receiving device and the key content (KD) for decrypting the encrypted content, (KD) is secured in a form accessible to the host device;
the transmitting device receives content encrypted according to (KD), in order to obtain the KD(content), and sends KD(content) to the receiving device;
the receiving device receives the response to the establishment request of the session and KD(content), retrieves the policy and the protected key content (KD) for decrypting the encrypted content in response to the establishment request of the session, confirms that the policy allows the receiving device to reproduce the content, receives the key content (KD), applies KD(content) to select the content and then actually plays the content in accordance with the policy.

2. The method according to claim 1, according to which
the transmitting device in conjunction with sending the response to the establishment request of the session also stores at least part of the establishment request of the session and at least part of the response to the establishment request of the session to store session transmitting device;
the receiving device receives the response to the establishment request of the session from the transmitting device and stores, on ENISA least part of the response to the establishment request of the session to the session storage of the host device;
the receiving device extracts at least part of the response to the establishment request of the session from the session store receiving device and sends a request for transmission of the transmitting device based on the response to the establishment request of the session; and
the transmitting device receives the transfer request and retrieves at least a part of the establishment request of the session and at least part of the response to the establishment request of the session of the transmitting device on the basis of the transfer request, extracts from the extracted at least part of the establishment request of the session and at least part of the response to the establishment request of the session identifier of the content, receives content encrypted according to (KD), in order to obtain the KD(content), and sends a response to the transmission request to the receiving device, includes KD(content).

3. The method according to claim 1, whereby the receiving device sends a request to establish a session, additionally includes the version number of the revocation list receiving device (V-RL-R), and the transmitting device sends a response to the establishment request of the session, additionally includes the version number of the revocation list sending us the device (V-RL-X), the method further includes a step in which the receiving device determines that (V-RL-R) newer than (V-RL-X), and sends its revocation list is transmitted to the device.

4. The method according to claim 1, whereby the receiving device sends a request to establish a session, additionally includes the version number of the revocation list receiving device (V-RL-R), and the transmitting device determines that the version number of the revocation list (V-RL-X) than (V-RL-R), and sends its revocation list to the receiving device.

5. The method according to claim 1, whereby the receiving device sends a request to establish a session transmitting device, which includes the public key of the receiving device (PU-R), and the transmitting device sends a response to the establishment request of the session to the host device, which includes key content (KD) for decrypting the content encrypted according to (PU-R).

6. The method according to claim 1, whereby the receiving device sends a request to establish a session transmitting device, which includes the public key of the receiving device (PU-R), and the transmitting device sends a response to the establishment request of the session to the host device, including the source from which may be obtained from the key content is (KD) for decrypting the content, encrypted according to (PU-R).

7. The method according to claim 1, wherein the transmitting device has a pair of public/private key (PU-X PR X), and the method further comprises steps, in which the transmitting device receives the key content (KD) of license (PU-X(KD)), applies (PR-X) to (PU-X(KD)) to obtain the result in (KD), and then re-encrypts (KD) according to the public key of the receiving device (PU-R) to get the result in (PU-R(KD)), the receiving device decrypts the key content by applying a private key (PR-R)corresponding to (PU-R)to (PU-R(KD)) to obtain the result in (KD).

8. The method according to claim 1, whereby the transmitting device sends a response to the establishment request of the session to the host device, further comprising the signature/MAC generated based on the response to the establishment request of the session, and the signature/MAC binds the policy to the response to the establishment request of the session.

9. The method of claim 8, whereby the transmitting device sends a response to the establishment request of the session to the host device, which includes the signature/message authentication code (MAC) based on a symmetric key integrity (KI), and the response to the establishment request of the session additionally includes (KI)encrypted according to open glucuronidase devices (PU-R), in order to obtain the result (PU-R(KI)), the method also includes a step in which the receiving device receives the response to the establishment request of the session from the transmitting device, retrieves (PU-R(KI)) from it, uses a private key (PR-R)corresponding to (PU-R)to (PU-R(KI)) in order to obtain the result (KI), and verifies the signature/MAC response to the establishment request of the session on the basis of (KI).

10. The method of claim 8, whereby the transmitting device sends a response to the establishment request of the session to the host device, which includes the signature/MAC-based symmetric key integrity (KI)obtained from the original, and the response to the establishment request of the session additionally includes the source is protected by a public key of the receiving device (PU-R), in order to obtain the result (PU-R(reference)), the method also includes a step in which the receiving device receives the response to the establishment request of the session from the transmitting device, extracts (PU-R(reference)) from it, uses a private key (PR-R)corresponding to (PU-R)to (PU-R(reference)) in order to obtain the original gets (KI) from the original and verifies the signature/MAC response to the establishment request of the session-based (KI).

11. The method according to claim 1, additionally the containing phase, where the receiving device is registered in the transmitting device using the fact that
the receiving device sends a registration request transmitting device, the registration request includes the unique identifier of the receiving device;
the sending device checks the validity of the registration request;
the transmitting device sends a response to the registration request to the receiving device, and the response to the registration request includes a registration ID generated by the transmitting device to identify the response to the registration request and the unique identifier of the receiving device;
the receiving device sends its port address and the registration ID of the transmitting device;
the transmitting device sends a message to the proximity of the host device sent through the address port and simultaneously records the start time;
the receiving device upon receipt of a message close at his address port uses at least part of the response to the registration request and the message close location to generate the value of proximity, and sends the reply message to the proximity with the value of proximity to the transmitting device; and
the transmitting device receives the response from the communication proximity with the value of proximity to the receiving device and simultaneously captures the final time, verifies the value of proximity based on the first and second single rooms, calculates on the basis of the recorded start and end times, total duration, compares the total duration with a predetermined threshold value, decides on the comparison results that the receiving device satisfies the requirement of proximity, and registers the receiving device as having the ability to access the content from the transmitting device.

12. The method according to claim 11, whereby the receiving device sends a registration request transmitting unit that includes a digital certificate provided by the host device corresponding certification authority, the certificate includes the public key of the receiving device (PU-R) and a digital signature, the method further comprises a step where the transmitting device checks the validity of the certificate and shall be certified with reference to the revocation list that the certificate has not been revoked.

13. The method according to claim 11, whereby the receiving device sends a registration request transmitting unit that includes the identifier of the receiving device.

14. The method according to claim 11, whereby the receiving device sends a request to the registration transmitting device, includes the public key of the receiving device (PU-R), the sending device encrypts at least part of the request for registration by (PU-R), and the receiving device decrypts the request for registration by applying a private key (PR-R)corresponding to (PU-R).

15. The method according to claim 11, according to which
the transmitting device sends a registration request that includes the first single number, the receiving device;
the transmitting device sends a message to the proximity with the second disposable number of the receiving device is sent through the port address and simultaneously records the start time;
the receiving device upon receipt of a message close at his address port uses shipped first and second single rooms in order to generate the value of proximity, and sends the reply message to the proximity with the value of proximity and the registration ID of the transmitting device.

16. The method according to item 15, according to which the receiving device generates a value close location through the use of the first single rooms as a cryptographic key to encrypt the second single number and thus to obtain the encrypted value.

17. The method according to item 15, according to which PR is taking device generates a value close location through the use of the first single rooms as a cryptographic key, to perform cheshireman in relation to the second single number and thus to obtain the hash value.

18. The method according to item 15, according to which the receiving device generates a value close by perform hashing in respect of the first and second single rooms in order to get the hash value.

19. The method according to claim 11, whereby the transmitting device registers the receiving device by placing a unique identifier of the receiving device in the list of registry and determines based on the unique identifier of the receiving device in the establishment request of the session with reference to the list of registry that the receiving device is actually registered in the transmitting device.

20. The method according to claim 11, whereby the transmitting device periodically requires that the receiving device had been re-registered by re-sending the registration request transmitting device.



 

Same patents:

FIELD: information technologies.

SUBSTANCE: inventions are related to computer systems and methods for provision of protected access to database. System comprises memory device for protection descriptors, which store information about protection, related to at least one line of database, besides database contains at least one table that includes at least one line and two columns, in one of columns there is a protection descriptor stored, being related to line, information stored in protection descriptor comprises data about which type of access and to which principal is permitted or prohibited; database processor that issues response to query of database, based at least partially on information about protection stored in protection descriptor, which is assessed on the basis of information stored in database, and context of user that makes query; query component that contains optimiser of queries, which defines optimal route for response provision to query.

EFFECT: improved protection of access to database.

20 cl, 9 dwg, 2 tbl

FIELD: information technologies.

SUBSTANCE: there chosen is domain identifier and connection of at least one user (P1, P2, …, PN1), at least one device (D1, D2, …, DM) and at least one information element (C1, C2, …, CN2) to Authorised Domain (AD) specified with domain identifier (Domain_ID). By means of that there have been obtained many checked devices (D1, D2, …, DM) and many checked personalities (P1, P2, …, PN1), which is authorised for access to information element of the above Authorised Domain (100). Thus, access of user who controls the device to information element of authorised domain is obtained either by checking the fact that information element and user are connected to one and the same domain or by checking the fact that device and information element are connected to one and the same domain.

EFFECT: ensuring method and system for providing Authorised Domain structure based both on personalities and on devices.

12 cl, 6 dwg

FIELD: information technologies.

SUBSTANCE: checking method of certificate validity, which includes the key connected to network devices, involves the step of receiving the encoded content and validity index connected to that content in the network. Certificate validity is evaluated from the time index included in the certificate where the time index has the value corresponding to the certificate issuing date, and from validity index connected to the above encoded content.

EFFECT: simplifying the checking process of certificate validity, which provides access to data without reducing data access security.

20 cl, 12 dwg

FIELD: information technologies.

SUBSTANCE: method and device for determining authenticity of the system user is based on comparing coordinates of peculiar features of papillary patterns of fingers at double finger touch of the receiving scanner surface. During the first registration there obtained are pictures of at least two fingerprints, and during the second registration there obtained is the picture of at least one fingerprint, at that, the second registration is performed upon "request-answer" protocol command. Authenticity is considered confirmed in case of non-linear dependence of coordinate offsets of peculiar features of the first and the second pictures. Device for implementing the method consists of a scanner, picture processing unit, database, comparing unit, protocol forming unit connected to the scanner, and comparing unit. Protocol forming unit display panel is located on the scanner front surface.

EFFECT: ensuring high accuracy of authenticity and excluding the access of occasional persons to the protected system.

3 cl, 3 dwg

FIELD: information technologies.

SUBSTANCE: first initial value is known both to the keyboard and the component. Keyboard and component exchange time values. Both the keyboard and the component compute the second initial value and the third initial value on the basis of time values and the first initial value. Both the keyboard and the component make one and the same computation so that both the keyboard and the component have one and the same second and third initial values. The keyboard encodes keystrokes meant for the component by using CBC-3DES method on the basis of the key and the second initial component, as well as creates message authentication code for each keystroke by using CBC-3DESMAC on the basis of the key and the third initial value. The component encodes and verifies keystrokes by using the key and the second and the third initial values.

EFFECT: providing safety connection between two components, such as a keyboard or a related device, and software component via an unsafe communication channel.

26 cl, 6 dwg

FIELD: instrument making.

SUBSTANCE: invention is related to the field of machine access, in particular to identification and authentication of object, user or principal with authenticator for logical entry into local and/or remote machine with operating system. Authenticators are transformed by means of one of multiple different modules of authenticator provides, every of which transforms according different type of authenticators into common protocol. Transformed authenticators are sent through application programming interface (API) to user interface module (UI) of logical entry to operating system (OS) of local machine, which is called by UI module of logical entry for authentication of transformed authenticators according to database of authenticators. User identified with transformed authenticator realises a logical entry for access to local machine in case of successful authentication.

EFFECT: possibility of safe joint application of multiple interacting modules that are fully compatible with operating system of local machine.

18 cl, 22 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention is related to computer engineering, in particular to system for control of access to resources of Internet network depending on category of requested resources and accepted safety policy. System comprises module of selection of site reference addresses in server database, module of electronic document addresses identification in access list, module of identification of time cycles of addresses selection from access list, module for generation of signals of server database entries selection control, module of selection of access to electronic documents.

EFFECT: improved efficiency of system by localisation of addresses of server database access list records searching by identifiers of electronic documents.

8 dwg, 6 tbl

FIELD: physics; computer engineering.

SUBSTANCE: method of transferring accumulated measured data from a client to a measurement service, where each set of measured data is indexed in the measured data base of the client in accordance with a measurement identifier (MID) and further indexed in the measurement data base in accordance with an identifier, associated with content (KID). To increase effectiveness of protecting the data base from unauthorised access, the client chooses a specific MID, chooses at least part of measured data in the measurement data base, containing the chosen MID, where the chosen measured data are arranged in accordance with KID. The client generates a request based on the chosen measured data and sends the request to the measurement service. The measurement service receives measured data from the request, stores them and generates a response, which should be returned to the client based on the request. The client receives the response from the measurement service, which includes a list of KID of chosen measured data in the request, confirms that the response corresponds to the request, and generates a list of KID in response, for each KID, by deleting measured data from the measurement data base, containing the chosen MID and KID.

EFFECT: more effective protection of data base from unauthorised access.

20 cl, 4 dwg

FIELD: information technology.

SUBSTANCE: invention relates to computer engineering, and generally to computer security. The method of providing for protected input comprises stages on which: a data stream entered by a user is received from a trusted input device in a second program execution environment; the received stream is sent from the second program execution environment to a protected program execution environment; determination is made of whether the protected program execution environment is in standard input mode; the initial data stream entered by the user is sent to the protected program execution environment based on the input mode of the latter; if the protected environment is in standard input mode, then at least the first part of data entered by the user is sent to the second program execution environment; determination is made of whether the data entered by the user contain user instruction for highly reliable input mode (NIM) and if so, and the protected program execution environment is not in highly reliable input mode, the protected program execution environment is switched to highly reliable input mode.

EFFECT: increased security level of computers.

38 cl, 6 dwg

FIELD: information technology.

SUBSTANCE: invention relates to systems and methods of checking and authenticating clients, servers and boot files. A server authenticates a client. The client authenticates the server. Boot files are transferred from the authenticated server to the authenticated client. The client can authenticate boot files before execution to create an operating system.

EFFECT: increased security and stability of booting clients and scanning an operating system.

7 cl, 3 dwg

FIELD: engineering of devices and methods for using server for access to processing server, which performs given processing.

SUBSTANCE: for this in accordance to method reservation is requested, reservation is confirmed, authentication information included in reservation information is stored, service is requested on basis of authentication information, server utilization is authenticated and server is utilized on basis of authentication result, while on stage of reservation confirmation device for controlling reservation transfers reservation setting information, and on stage of authentication server utilization is only confirmed when authentication information matches authentication information transferred from user terminal. Device contains receiving means, information generation device and transmitting means.

EFFECT: creation of method for using server, device for controlling server reservation and means for storing a program, capable of providing multiple users with efficient utilization of functions of processing server with simultaneous decrease of interference from unauthorized users without complicated processing or authentication operations.

6 cl, 51 dwg

FIELD: distribution devices, terminal devices.

SUBSTANCE: in distribution device groups of two or more informational products which represent digital informational content are stored with information about policy administration which indicates user's rights to this group by interrelated method. Distribution device transfers the user requested informational content from group to the terminal device with license certificate (LC), refreshes information about policy administration decreasing policy validity. On return of the renewed LC distribution device increases the decreased policy validity taking into account the part of policy validity which is indicated in the renewed LC. On user's demand distribution device again transfers LC or other digital informational content.

EFFECT: distribution of digital content for a more complete satisfaction of user's demand.

22 cl, 58 dwg

FIELD: access to protected system restriction technics; avoidance of accidental persons access to system.

SUBSTANCE: fingerprint image is registered with following user personality identification. Some peculiarities of papillary pattern coordinates are determined and using difference of coordinates of peculiarities of received fingerprint image and stored in database positive or negative decision to grant access to system is made.

EFFECT: increased level of protection against access of accidental persons.

3 cl, 2 dwg

FIELD: access to protected system restriction technics; avoidance of accidental persons access to system.

SUBSTANCE: fingerprint image is registered with following user personality identification. Some peculiarities of papillary pattern coordinates are determined and using difference of coordinates of peculiarities of received fingerprint image and stored in database positive or negative decision to grant access to system is made.

EFFECT: increased level of protection against access of accidental persons.

3 cl, 2 dwg

FIELD: engineering of technical means for complex protection of information during its storage and transfer.

SUBSTANCE: method for complex information protection is realized in following order: prior to transfer into communication channel or prior to recording into memory, state of used communication channel or information storage environment is analyzed, from M possible codes parameters of optimal (n,k) code for current status of channel or information storage end are determined, information subject to protection is split on q-nary symbols l bits long (q=2l) for each q-nary system gamma combinations l bits long are formed independently from information source, for each set of k informational q-nary symbols (n-k) excessive q-nary symbols are formed in accordance to rules of source binary (n,k) code, each q-nary symbol is subjected to encrypting stochastic transformation with participation of gamma, after receipt from communication channel or after reading from memory for each q-nary symbol combination of gamma with length l is generated, synchronously with transferring side, reverse stochastic decrypting transformation is performed for each q-nary symbol with participation of gamma, by means of checking expressions of source binary code localized are correctly read from memory or received q-nary symbols, untrustworthily localized symbols are deleted, integrity of message is restored by correcting non-localized and erased q-nary symbols of each block, expressing their values through values of trustworthily localized or already corrected q-nary symbols, if trustworthy restoration of integrity of code block is impossible it is deleted, number of deleted blocks is counted, optimality is determined within observation interval of used code with correction of errors for current state of channel, if code optimum criterion exceeds given minimal and maximal limits, code is replaced with optimal code synchronously at transferring and receiving parts of channel in accordance to maximum transfer speed criterion.

EFFECT: efficiency of each protection type and increased quality of maintenance of guaranteed characteristics of informational system.

18 cl

FIELD: technology for improving lines for transferring audio/video signals and data in dynamic networks and computer environments and, in particular, setting up communication lines with encryption and protection means and controlling thereof in such environment.

SUBSTANCE: invention discloses method for setting up protected communication lines for transferring data and controlling them by means of exchanging keys for protection, authentication and authorization. Method includes setup of protected communication line with limited privileges with usage of identifier of mobile computing block. This is especially profitable is user of mobile block does not have information identifying the user and fit for authentication. Also, advantage of provision by user of information taken by default, identifying the user, is that it initiates intervention of system administrator instead of refusal based on empty string. This decentralized procedure allows new users to access the network without required physical presence in central office for demonstration of their tickets.

EFFECT: simplified setup of dynamic protected lines of communication between client computer and server device.

6 cl, 10 dwg

FIELD: automatics and computer science, in particular, identification means for controlling access to autonomous resources.

SUBSTANCE: method includes changing identification information during each new query of autonomous resource, which information is used for identification of carrier during following queries to autonomous resources, by including it in algorithmically converted form on information carrier and in database of central device and checking of its correspondence in a row of previous queries to autonomous resources. Each autonomous resource has memory block for storing conversion algorithms and signs of these algorithms and block for reading/recording carrier information. Central device contains at appropriate data bank addresses the virtual memory blocks for storing information for identification of carriers and memory block for storing a set of algorithms for converting code from one type to another and signs of these algorithms, and for each carrier - information storage address which was used during previous accesses. Carrier contains energy-independent additional memory block for recording, storing and reading additional information code after identification of carrier, available both during manufacture of carrier and its submission to autonomous resource.

EFFECT: increased level of protection from unsanctioned access.

3 cl, 1 dwg

FIELD: digital data processing, namely, remote user authentication.

SUBSTANCE: in accordance to method, electronic user identification data is formed and saved in authentication server database, which data is compared to identification data of user during realization of procedure of user access to computer network of protected system and on basis of that comparison, decision is taken about degree of user authority.

EFFECT: possible passive user authentication mode without usage of hardware.

2 cl, 2 dwg

FIELD: information dissemination systems.

SUBSTANCE: in accordance to the invention, encoded event, containing information which is not meant to be published before time of publishing, is dispatched to clients before the time of publishing. In the moment of the time of publishing, small decryption key is dispatched to each client. In another variant, highly reliable boundary servers, which can be trusted not to publish the information before appropriate time, dispatch non-encrypted event or decode an encrypted event and dispatch decrypted event in certain time or before it, but after the time of publishing, so that decrypted or non-encrypted event reached clients, which can not store and decrypt an encrypted event, approximately at the same time when the key reaches other clients. Therefore, every client may receive information at approximately one and the same time, independently from client throughput or client capacity for storage and decryption of information.

EFFECT: ensured valid dissemination between various clients.

10 cl, 7 dwg

FIELD: information safety of digital communication systems, possible use in distributed computing networks, combined through the Internet network.

SUBSTANCE: in the method, initial data is set, initial data packet is generated at sender side. Then received data packet is encoded and transformed to TCP/IP format. After that current addresses of sender and receiver are included in it and formed packet is transferred. Sender address is replaced. At receiver side, sender and receiver addresses are selected and compared to predetermined addresses. In case of mismatch received packets are not analyzed, and in case of match encoded data is extracted from received packet and decoded. Receiver address is replaced. Then initial data packet is repeatedly formed at sender side. Protection device consists of 2 identical local protection segments 31 and 3k, one of which is connected to local computing network li, and k one is connected to local computing network lk. Local computing networks are interconnected through corresponding routers 41,4k and the Internet.

EFFECT: increased safety and concealment of communication channel operation.

6 cl, 27 dwg

Up!