Patents by Inventor Sigfredo I. Nin

Sigfredo I. Nin has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11108569
    Abstract: A system, method, and computer program product to renewably prevent traitors in a broadcast encryption system from re-using compromised keys. A license agency assigns individual receivers a set of Sequence Keys preferably at manufacture, and assigns Sequence Key Blocks (SKBs) to protected content files to be distributed. The files may be distributed on prerecorded media and typically include several file modifications. The particular modifications in a pirated version of a file can help identify which traitors contributed to its theft. SKBs assigned to new files distributed after traitors have been identified cannot be usefully processed using the compromised keys employed in previous content piracy. Innocent receivers that happen to have compromised key(s) in common with traitors can use a replacement uncompromised Sequence Key from the set to usefully decrypt content. Traitors will however step through all their Sequence Keys without reaching one that will work.
    Type: Grant
    Filed: November 15, 2016
    Date of Patent: August 31, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Hongxia Jin, Jeffrey B. Lotspiech, Sigfredo I. Nin
  • Publication number: 20170063558
    Abstract: A system, method, and computer program product to renewably prevent traitors in a broadcast encryption system from re-using compromised keys. A license agency assigns individual receivers a set of Sequence Keys preferably at manufacture, and assigns Sequence Key Blocks (SKBs) to protected content files to be distributed. The files may be distributed on prerecorded media and typically include several file modifications. The particular modifications in a pirated version of a file can help identify which traitors contributed to its theft. SKBs assigned to new files distributed after traitors have been identified cannot be usefully processed using the compromised keys employed in previous content piracy. Innocent receivers that happen to have compromised key(s) in common with traitors can use a replacement uncompromised Sequence Key from the set to usefully decrypt content. Traitors will however step through all their Sequence Keys without reaching one that will work.
    Type: Application
    Filed: November 15, 2016
    Publication date: March 2, 2017
    Inventors: Hongxia Jin, Jeffrey B. Lotspiech, Sigfredo I. Nin
  • Patent number: 8782440
    Abstract: Embodiments of the invention relate to digital content protection for recordable media using encryption and decryption based on device keys in the media. The invention increases the number of extended applications supported the media key blocks and facilitates the assignment of the applications to the media key blocks. One aspect of the invention concerns a method that comprises assigning a first media key block in a protected area of the media for extended applications accessing protected content, processing the first media key block with a first device key set to generate a first media key, and for each extended application, creating a second media key block in a protected area of the media. The second media key block is processed to generate a second media key. A content-accessing device processes the first and second media keys in order to access protected content.
    Type: Grant
    Filed: August 15, 2012
    Date of Patent: July 15, 2014
    Assignee: International Business Machines Corporation
    Inventors: Sigfredo I. Nin, Dulce B. Ponceleon
  • Publication number: 20140052996
    Abstract: Embodiments of the invention relate to digital content protection for recordable media using encryption and decryption based on device keys in the media. The invention increases the number of extended applications supported the media key blocks and facilitates the assignment of the applications to the media key blocks. One aspect of the invention concerns a method that comprises assigning a first media key block in a protected area of the media for extended applications accessing protected content, processing the first media key block with a first device key set to generate a first media key, and for each extended application, creating a second media key block in a protected area of the media. The second media key block is processed to generate a second media key. A content-accessing device processes the first and second media keys in order to access protected content.
    Type: Application
    Filed: August 15, 2012
    Publication date: February 20, 2014
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Sigfredo I. Nin, Dulce B. Ponceleon
  • Patent number: 8656178
    Abstract: The present invention provides a method, system and program product for modifying content usage conditions during broadcast content distribution. Specifically, the present invention allows protected (e.g., encrypted, secured, etc.) content to be received along with content usage conditions, an encrypted combination of the content usage conditions and a title key (e.g., a MAC), and a key management block. Using the key management block, a key encrypting key can be determined for decrypting the combination. Once the combination is decrypted, the content usage conditions can be modified (e.g., edited, added to, etc.).
    Type: Grant
    Filed: April 18, 2002
    Date of Patent: February 18, 2014
    Assignee: International Business Machines Corporation
    Inventors: Eric M. Foster, Jeffrey B. Lotspiech, Dalit Naor, Sigfredo I. Nin, Florian Pestoni, Wilfred E. Plouffe, Jr., Frank A. Schaffa
  • Patent number: 8280043
    Abstract: A system for protecting data in a security system generates and encodes a backup key for encoding long-lived secrets. The system generates a distribution plan for distributing cryptographic splits of the encoded backup key to selected persons based on geographic and organizational diversity. The distribution plan specifies a number M of the cryptographic splits to be generated and a number N of the cryptographic splits required to recover the backup key. The system processes utilize an init file comprising system parameters and state files each comprising parameters reflecting a state of the secure system after a transaction. Any of the state files may be used for any of the system processes. The state files and the init file are encoded by the backup key, thus protecting the long-lived secrets.
    Type: Grant
    Filed: June 5, 2008
    Date of Patent: October 2, 2012
    Assignee: International Business Machines Corporation
    Inventors: Julian A. Cerruti, Sigfredo I Nin, Dulce B Ponceleon, Vladimir Zbarsky
  • Patent number: 7860246
    Abstract: A system for protecting data in a security system generates and encodes a backup key for encoding long-lived secrets. The system generates a distribution plan for distributing cryptographic splits of the encoded backup key to selected persons based on geographic and organizational diversity. The distribution plan specifies a number M of the cryptographic splits to be generated and a number N of the cryptographic splits required to recover the backup key. The system processes utilize an init file comprising system parameters and state files each comprising parameters reflecting a state of the secure system after a transaction. Any of the state files may be used for any of the system processes. The state files and the init file are encoded by the backup key, thus protecting the long-lived secrets.
    Type: Grant
    Filed: November 1, 2006
    Date of Patent: December 28, 2010
    Assignee: International Business Machines Corporation
    Inventors: Julian A Cerruti, Sigfredo I Nin, Dulce B Ponceleon, Vladimir Zbarsky
  • Patent number: 7747877
    Abstract: A trusted Java virtual machine provides a method for supporting tamper-resistant applications, ensuring the integrity of an application and its secrets such as keys. The trusted Java virtual machine verifies the integrity of the Java application, prevents debugging of the Java application, and allows the Java application to securely store and retrieve secrets. The trusted Java virtual machine environment comprises a TrustedDictionary, a TrustedBundle, an optional encryption method for encrypting and decrypting byte codes, and an underlying trusted Java virtual machine. The encrypted TrustedDictionary protects data while the TrustedBundle protects programming code, allowing applications to store secret data and secure counters. The application designer can restrict TrustedBundle access to only those interfaces that the application designer explicitly exports. The open source code may optionally be encrypted.
    Type: Grant
    Filed: February 2, 2009
    Date of Patent: June 29, 2010
    Assignee: International Business Machines Corporation
    Inventors: Hongxia Jin, Donald E. Leake, Jr., Jeffrey B. Lotspiech, Sigfredo I. Nin, Wilfred E. Plouffe
  • Publication number: 20090323970
    Abstract: A system for protecting data in a security system generates and encodes a backup key for encoding long-lived secrets. The system generates a distribution plan for distributing cryptographic splits of the encoded backup key to selected persons based on geographic and organizational diversity. The distribution plan specifies a number M of the cryptographic splits to be generated and a number N of the cryptographic splits required to recover the backup key. The system processes utilize an init file comprising system parameters and state files each comprising parameters reflecting a state of the secure system after a transaction. Any of the state files may be used for any of the system processes. The state files and the init file are encoded by the backup key, thus protecting the long-lived secrets.
    Type: Application
    Filed: June 5, 2008
    Publication date: December 31, 2009
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Julian A. Cerruti, Sigfredo I. Nin, Dulce B. Ponceleon, Vladimir Zbarsky
  • Publication number: 20090138731
    Abstract: A trusted Java virtual machine provides a method for supporting tamper-resistant applications, ensuring the integrity of an application and its secrets such as keys. The trusted Java virtual machine verifies the integrity of the Java application, prevents debugging of the Java application, and allows the Java application to securely store and retrieve secrets. The trusted Java virtual machine environment comprises a TrustedDictionary, a TrustedBundle, an optional encryption method for encrypting and decrypting byte codes, and an underlying trusted Java virtual machine. The encrypted TrustedDictionary protects data while the TrustedBundle protects programming code, allowing applications to store secret data and secure counters. The application designer can restrict TrustedBundle access to only those interfaces that the application designer explicitly exports. The open source code may optionally be encrypted.
    Type: Application
    Filed: February 2, 2009
    Publication date: May 28, 2009
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Hongxia Jin, Donald E. Leake, JR., Jeffrey B. Lotspiech, Sigfredo I. Nin, Wilfred E. Plouffe
  • Patent number: 7516331
    Abstract: A trusted Java virtual machine provides a method for supporting tamper-resistant applications, ensuring the integrity of an application and its secrets such as keys. The trusted Java virtual machine verifies the integrity of the Java application, prevents debugging of the Java application, and allows the Java application to securely store and retrieve secrets. The trusted Java virtual machine environment comprises a TrustedDictionary, a TrustedBundle, an optional encryption method for encrypting and decrypting byte codes, and an underlying trusted Java virtual machine. The encrypted TrustedDictionary protects data while the TrustedBundle protects programming code, allowing applications to store secret data and secure counters. The application designer can restrict TrustedBundle access to only those interfaces that the application designer explicitly exports. The open source code may optionally be encrypted.
    Type: Grant
    Filed: November 26, 2003
    Date of Patent: April 7, 2009
    Assignee: International Business Machines Corporation
    Inventors: Hongxia Jin, Donald E. Leake, Jr., Jeffrey B. Lotspiech, Sigfredo I. Nin, Wilfred E. Plouffe
  • Publication number: 20080101596
    Abstract: A system for protecting data in a security system generates and encodes a backup key for encoding long-lived secrets. The system generates a distribution plan for distributing cryptographic splits of the encoded backup key to selected persons based on geographic and organizational diversity. The distribution plan specifies a number M of the cryptographic splits to be generated and a number N of the cryptographic splits required to recover the backup key. The system processes utilize an init file comprising system parameters and state files each comprising parameters reflecting a state of the secure system after a transaction. Any of the state files may be used for any of the system processes. The state files and the init file are encoded by the backup key, thus protecting the long-lived secrets.
    Type: Application
    Filed: November 1, 2006
    Publication date: May 1, 2008
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Julian A. CERRUTI, Sigfredo I. Nin, Dulce B. PONCELEON, Vladimir ZBARSKY
  • Publication number: 20030198351
    Abstract: The present invention provides a method, system and program product for modifying content usage conditions during broadcast content distribution. Specifically, the present invention allows protected (e.g., encrypted, secured, etc.) content to be received along with content usage conditions, an encrypted combination of the content usage conditions and a title key (e.g., a MAC), and a key management block. Using the key management block, a key encrypting key can be determined for decrypting the combination. Once the combination is decrypted, the content usage conditions can be modified (e.g., edited, added to, etc.).
    Type: Application
    Filed: April 18, 2002
    Publication date: October 23, 2003
    Applicant: International Business Machines Corporation
    Inventors: Eric M. Foster, Jeffrey B. Lotspiech, Dalit Naor, Sigfredo I. Nin, Florian Pestoni, Wilfred E. Plouffe, Frank A. Schaffa