Patents by Inventor Jeffrey B. Lotspiech
Jeffrey B. Lotspiech has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20120131338Abstract: Provided are techniques to enable a device that provides a service to authorize a second device for receiving the service and the delivery of the service to the second device and other devices within a trusted network. A signed Management Key Block (MKB) is generated and transmitted over a network. Devices authorized to access a particular service parse the MKB and transmit a request. A server associated with the service determines whether or not the device is authorized to access the service based upon data included in the request. The first device may issue a challenge to the second device for authentication purposes. If service is approved, service is initiated, either from the first device or another authorized device. Devices may be organized into classes such that devices of a specific class are authorized to access the service.Type: ApplicationFiled: November 19, 2010Publication date: May 24, 2012Applicant: International Business Machines CorporationInventors: Thomas A. Bellwood, Jeffrey B. Lotspiech, Matthew F. Rutkowski
-
Publication number: 20120131337Abstract: Provided are techniques for the creation and storage of an archive for binding IDs corresponding to a cluster of devices that render content protected by a broadcast encryption scheme. When two or more clusters are merged, a binding ID corresponding to one of the clusters is selected and a new management key is generated. Binding IDs associated with the clusters other than the cluster associated with the selected binding ID are encrypted using the new management key and stored on a cluster-authorized device in a binding ID archive. Content stored in conformity with an outdated binding ID is retrieved by decrypting the binding ID archive with the management key, recalculating an old management key and decrypting the stored content.Type: ApplicationFiled: November 19, 2010Publication date: May 24, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Thomas A. Bellwood, Robert G. Deen, Jeffrey B. Lotspiech, Matthew F. Rutkowski
-
Publication number: 20120131638Abstract: A message comprising an indication of a management key block and an indication of an authorization table is received at a first network device from a second network device. The indication of the management key block, the indication of the authorization table, and a response message generated based on validating the indication of the management key block and the indication of the authorization table are stored. A second message comprising a second indication of the management key block and a second indication of the authorization table is received at the first network device from the second network device. The first network device communicates with the second network device in accordance with the stored response associated with the first message on determining that the second indication management key block and the second indication of the authorization table match corresponding stored indications of the management key block and the authorization table.Type: ApplicationFiled: November 19, 2010Publication date: May 24, 2012Applicant: International Business Machines CorporationInventors: Thomas A. Bellwood, Robert G. Deen, Jeffrey B. Lotspiech, Matthew F. Rutkowski
-
Publication number: 20120131344Abstract: Provided are techniques to enable, using broadcast encryption, a device to locate a service offered by a server with the knowledge that the service offered by the server is a trusted service. A signed enhanced Management Key Block (eMKB) includes a trusted service locator (TSL) that includes one or more records, or “trusted service data records” (TSDRs), each identifying a particular service and a corresponding location of the service is generated and transmitted over a network. Devices authorized to access a particular service parse the eMKB for the end point of the service, connect to the appropriate server and transmit a request.Type: ApplicationFiled: November 19, 2010Publication date: May 24, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Thomas A. Bellwood, Jeffrey B. Lotspiech, Matthew F. Rutkowski
-
Patent number: 8023693Abstract: A system and method are provided for facilitating the playing of a watermarked video having the “birthday problem”. Consumers send the problem disc to an authorization center where the disc is analyzed to determine if it is a legitimate disc. The authorization center generates a digital certificate uniquely associated with the disc and with the video and embeds the digital certificate into the disc. The digital certificate will cause a video player to play the video without checking for the watermark.Type: GrantFiled: May 31, 2008Date of Patent: September 20, 2011Assignee: International Business Machines CorporationInventors: Thomas A. Bellwood, James M. Gasiewski, Donald E. Leake, Jr., Jeffrey B. Lotspiech
-
Patent number: 7885427Abstract: A system and method are provided for facilitating the playing of a watermarked video having the “birthday problem”. Consumers send the problem disc to an authorization center where the disc is analyzed to determine if it is a legitimate disc. The authorization center generates a digital certificate uniquely associated with the disc and with the video and embeds the digital certificate into the disc. The digital certificate will cause a video player to play the video without checking for the watermark.Type: GrantFiled: August 4, 2007Date of Patent: February 8, 2011Assignee: International Business Machines CorporationInventors: Thomas A. Bellwood, James M. Gasiewski, Donald E. Leake, Jr., Jeffrey B. Lotspiech
-
Patent number: 7881476Abstract: Enhanced multimedia content on physical media interacts with the user through a media player and the Internet. Enhanced multimedia utilizes IDs for pieces of content on the media and a media key block. On the enhanced media is a file with a list of URLs. As the enhanced media plays a section requiring a set of keys for decryption, the media player accesses the URL for that section and obtains the decryption key. The decryption key may be purchased or provided for free. Secure encryption and transmission of these keys is accomplished by broadcast encryption using a media key block. Each media has a unique set of keys that allow the media player to process the media key block; however, each media follows a unique path through the media key block. All legitimate media players obtain the media key; circumvention devices cannot decipher the media key block.Type: GrantFiled: April 3, 2009Date of Patent: February 1, 2011Assignee: International Business Machines CorporationInventors: Jeffrey B. Lotspiech, Florian Pesoni
-
Patent number: 7747877Abstract: A trusted Java virtual machine provides a method for supporting tamper-resistant applications, ensuring the integrity of an application and its secrets such as keys. The trusted Java virtual machine verifies the integrity of the Java application, prevents debugging of the Java application, and allows the Java application to securely store and retrieve secrets. The trusted Java virtual machine environment comprises a TrustedDictionary, a TrustedBundle, an optional encryption method for encrypting and decrypting byte codes, and an underlying trusted Java virtual machine. The encrypted TrustedDictionary protects data while the TrustedBundle protects programming code, allowing applications to store secret data and secure counters. The application designer can restrict TrustedBundle access to only those interfaces that the application designer explicitly exports. The open source code may optionally be encrypted.Type: GrantFiled: February 2, 2009Date of Patent: June 29, 2010Assignee: International Business Machines CorporationInventors: Hongxia Jin, Donald E. Leake, Jr., Jeffrey B. Lotspiech, Sigfredo I. Nin, Wilfred E. Plouffe
-
Patent number: 7734921Abstract: A system, method, and computer program product enabling individual user devices to authenticate and validate a digital message sent by a distribution center, without requiring transmissions to the distribution center. The center transmits the message with an appended modulus that is the product of two specially selected primes. The transmission also includes an appended authentication value that is based on an original message hash value, a new message hash value, and the modulus. The new message hash value is designed to be the center's public RSA key; a corresponding private RSA key is also computed. Individual user devices combine a digital signet, a public modulus, preferably unique hardware-based numbers, and an original message hash to compute a unique integrity value K. Subsequent messages are similarly processed to determine new integrity values K?, which equal K if and only if new messages originated from the center and have not been corrupted.Type: GrantFiled: June 18, 2007Date of Patent: June 8, 2010Assignee: International Business Machines CorporationInventor: Jeffrey B. Lotspiech
-
Patent number: 7725945Abstract: In one aspect of the invention is a method for discouraging unauthorized redistribution of protected content. Content is bound to a customer I.D. associated with a customer requesting the content, such that the customer I.D. is needed to access the content.Type: GrantFiled: June 27, 2001Date of Patent: May 25, 2010Assignee: Intel CorporationInventors: Michael S. Ripley, Jeffrey B. Lotspiech
-
Patent number: 7721098Abstract: A system, method, and computer program product enabling individual user devices to authenticate and validate a digital message sent by a distribution center, without requiring transmissions to the distribution center. The center transmits the message with an appended modulus that is the product of two specially selected primes. The transmission also includes an appended authentication value that is based on an original message hash value, a new message hash value, and the modulus. The new message hash value is designed to be the center's public RSA key; a corresponding private RSA key is also computed. Individual user devices combine a digital signet, a public modulus, preferably unique hardware-based numbers, and an original message hash to compute a unique integrity value K. Subsequent messages are similarly processed to determine new integrity values K?, which equal K if and only if new messages originated from the center and have not been corrupted.Type: GrantFiled: June 5, 2008Date of Patent: May 18, 2010Assignee: International Business Machines CorporationInventor: Jeffrey B. Lotspiech
-
Patent number: 7685636Abstract: A protected content distribution system utilizes media-based copy protection to support online distribution of protected content in a secure and legitimate fashion. Using a media-based copy protection scheme based on broadcast encryption, the protected content distribution system realizes online distribution of protected content such as, for example audio files, movies, etc, authorizing consumption of unlicensed content by transfer of a unique encrypted key to the protected media. This transaction is fast, involving the transfer of an encrypted binding key rather than the protected content. Content is enabled through a unique encrypted key on protected media accessed through a device separate from the media driver.Type: GrantFiled: March 7, 2005Date of Patent: March 23, 2010Assignee: International Business Machines CorporationInventors: Donald E. Leake, Jr., Jeffrey B. Lotspiech, Stefan Nusser
-
Publication number: 20090185688Abstract: Enhanced multimedia content on physical media interacts with the user through a media player and the Internet. Enhanced multimedia utilizes IDs for pieces of content on the media and a media key block. On the enhanced media is a file with a list of URLs. As the enhanced media plays a section requiring a set of keys for decryption, the media player accesses the URL for that section and obtains the decryption key. The decryption key may be purchased or provided for free. Secure encryption and transmission of these keys is accomplished by broadcast encryption using a media key block. Each media has a unique set of keys that allow the media player to process the media key block; however, each media follows a unique path through the media key block. All legitimate media players obtain the media key; circumvention devices cannot decipher the media key block.Type: ApplicationFiled: April 3, 2009Publication date: July 23, 2009Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Jeffrey B. Lotspiech, Florian Pesoni
-
Publication number: 20090138731Abstract: A trusted Java virtual machine provides a method for supporting tamper-resistant applications, ensuring the integrity of an application and its secrets such as keys. The trusted Java virtual machine verifies the integrity of the Java application, prevents debugging of the Java application, and allows the Java application to securely store and retrieve secrets. The trusted Java virtual machine environment comprises a TrustedDictionary, a TrustedBundle, an optional encryption method for encrypting and decrypting byte codes, and an underlying trusted Java virtual machine. The encrypted TrustedDictionary protects data while the TrustedBundle protects programming code, allowing applications to store secret data and secure counters. The application designer can restrict TrustedBundle access to only those interfaces that the application designer explicitly exports. The open source code may optionally be encrypted.Type: ApplicationFiled: February 2, 2009Publication date: May 28, 2009Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Hongxia Jin, Donald E. Leake, JR., Jeffrey B. Lotspiech, Sigfredo I. Nin, Wilfred E. Plouffe
-
Patent number: 7539307Abstract: Enhanced multimedia content on physical media interacts with the user through a media player and the Internet. Enhanced multimedia utilizes IDs for pieces of content on the media and a media key block. On the enhanced media is a file with a list of URLs. As the enhanced media plays a section requiring a set of keys for decryption, the media player accesses the URL for that section and obtains the decryption key. The decryption key may be purchased or provided for free. Secure encryption and transmission of these keys is accomplished by broadcast encryption using a media key block. Each media has a unique set of keys that allow the media player to process the media key block; however, each media follows a unique path through the media key block. All legitimate media players obtain the media key; circumvention devices cannot decipher the media key block.Type: GrantFiled: November 26, 2003Date of Patent: May 26, 2009Assignee: International Business Machines CorporationInventors: Jeffrey B. Lotspiech, Florian Pestoni
-
Patent number: 7516331Abstract: A trusted Java virtual machine provides a method for supporting tamper-resistant applications, ensuring the integrity of an application and its secrets such as keys. The trusted Java virtual machine verifies the integrity of the Java application, prevents debugging of the Java application, and allows the Java application to securely store and retrieve secrets. The trusted Java virtual machine environment comprises a TrustedDictionary, a TrustedBundle, an optional encryption method for encrypting and decrypting byte codes, and an underlying trusted Java virtual machine. The encrypted TrustedDictionary protects data while the TrustedBundle protects programming code, allowing applications to store secret data and secure counters. The application designer can restrict TrustedBundle access to only those interfaces that the application designer explicitly exports. The open source code may optionally be encrypted.Type: GrantFiled: November 26, 2003Date of Patent: April 7, 2009Assignee: International Business Machines CorporationInventors: Hongxia Jin, Donald E. Leake, Jr., Jeffrey B. Lotspiech, Sigfredo I. Nin, Wilfred E. Plouffe
-
Patent number: 7500109Abstract: An external module loads into an entity's memory and is transformed by two functions. These are namely, the STOMP function and the UNSTOMP function. One or both of these functions is based on the actual code that is found in a legitimate version of the external module. The STOMP-UNSTOMP pair produces an external module that works differently if even a single byte of code in the external module has been changed by an attacker. The STOMP transforms the external module and makes it temporarily unusable whilst conversely, the UNSTOMP repairs the damage and makes it workable again. Thus, if the module is not authentic, the pairing between the STOMP and UNSTOMP is broken. Therefore, a patched module from a hacker remains unusable since the STOMP and UNSTOMP transformations do not produce a working external module. Because of the STOMP and UNSTOMP technique, an application is secure because if an external module is free from tampering then the application executes normally.Type: GrantFiled: May 6, 2005Date of Patent: March 3, 2009Assignee: International Business Machines CorporationInventors: Stefan Nusser, Jeffrey B. Lotspiech, Paul R. Rettig
-
Publication number: 20090034783Abstract: A system and method are provided for facilitating the playing of a watermarked video having the “birthday problem”. Consumers send the problem disc to an authorization center where the disc is analyzed to determine if it is a legitimate disc. The authorization center generates a digital certificate uniquely associated with the disc and with the video and embeds the digital certificate into the disc. The digital certificate will cause a video player to play the video without checking for the watermark.Type: ApplicationFiled: August 4, 2007Publication date: February 5, 2009Applicant: International Business Machines CorporationInventors: Thomas A. Bellwood, James M. Gasiewski, Donald E. Leake, JR., Jeffrey B. Lotspiech
-
Publication number: 20090034785Abstract: A system and method are provided for facilitating the playing of a watermarked video having the “birthday problem”. Consumers send the problem disc to an authorization center where the disc is analyzed to determine if it is a legitimate disc. The authorization center generates a digital certificate uniquely associated with the disc and with the video and embeds the digital certificate into the disc. The digital certificate will cause a video player to play the video without checking for the watermark.Type: ApplicationFiled: May 31, 2008Publication date: February 5, 2009Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Thomas A. Bellwood, James M. Gasiewski, Donald E. Leake, Jr., Jeffrey B. Lotspiech
-
Publication number: 20080313460Abstract: A system, method, and computer program product enabling individual user devices to authenticate and validate a digital message sent by a distribution center, without requiring transmissions to the distribution center. The center transmits the message with an appended modulus that is the product of two specially selected primes. The transmission also includes an appended authentication value that is based on an original message hash value, a new message hash value, and the modulus. The new message hash value is designed to be the center's public RSA key; a corresponding private RSA key is also computed. Individual user devices combine a digital signet, a public modulus, preferably unique hardware-based numbers, and an original message hash to compute a unique integrity value K. Subsequent messages are similarly processed to determine new integrity values K?, which equal K if and only if new messages originated from the center and have not been corrupted.Type: ApplicationFiled: June 5, 2008Publication date: December 18, 2008Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventor: Jeffrey B. Lotspiech