Patents by Inventor Sigfredo I. Nin
Sigfredo I. Nin has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11108569Abstract: A system, method, and computer program product to renewably prevent traitors in a broadcast encryption system from re-using compromised keys. A license agency assigns individual receivers a set of Sequence Keys preferably at manufacture, and assigns Sequence Key Blocks (SKBs) to protected content files to be distributed. The files may be distributed on prerecorded media and typically include several file modifications. The particular modifications in a pirated version of a file can help identify which traitors contributed to its theft. SKBs assigned to new files distributed after traitors have been identified cannot be usefully processed using the compromised keys employed in previous content piracy. Innocent receivers that happen to have compromised key(s) in common with traitors can use a replacement uncompromised Sequence Key from the set to usefully decrypt content. Traitors will however step through all their Sequence Keys without reaching one that will work.Type: GrantFiled: November 15, 2016Date of Patent: August 31, 2021Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Hongxia Jin, Jeffrey B. Lotspiech, Sigfredo I. Nin
-
Publication number: 20170063558Abstract: A system, method, and computer program product to renewably prevent traitors in a broadcast encryption system from re-using compromised keys. A license agency assigns individual receivers a set of Sequence Keys preferably at manufacture, and assigns Sequence Key Blocks (SKBs) to protected content files to be distributed. The files may be distributed on prerecorded media and typically include several file modifications. The particular modifications in a pirated version of a file can help identify which traitors contributed to its theft. SKBs assigned to new files distributed after traitors have been identified cannot be usefully processed using the compromised keys employed in previous content piracy. Innocent receivers that happen to have compromised key(s) in common with traitors can use a replacement uncompromised Sequence Key from the set to usefully decrypt content. Traitors will however step through all their Sequence Keys without reaching one that will work.Type: ApplicationFiled: November 15, 2016Publication date: March 2, 2017Inventors: Hongxia Jin, Jeffrey B. Lotspiech, Sigfredo I. Nin
-
Patent number: 8782440Abstract: Embodiments of the invention relate to digital content protection for recordable media using encryption and decryption based on device keys in the media. The invention increases the number of extended applications supported the media key blocks and facilitates the assignment of the applications to the media key blocks. One aspect of the invention concerns a method that comprises assigning a first media key block in a protected area of the media for extended applications accessing protected content, processing the first media key block with a first device key set to generate a first media key, and for each extended application, creating a second media key block in a protected area of the media. The second media key block is processed to generate a second media key. A content-accessing device processes the first and second media keys in order to access protected content.Type: GrantFiled: August 15, 2012Date of Patent: July 15, 2014Assignee: International Business Machines CorporationInventors: Sigfredo I. Nin, Dulce B. Ponceleon
-
Publication number: 20140052996Abstract: Embodiments of the invention relate to digital content protection for recordable media using encryption and decryption based on device keys in the media. The invention increases the number of extended applications supported the media key blocks and facilitates the assignment of the applications to the media key blocks. One aspect of the invention concerns a method that comprises assigning a first media key block in a protected area of the media for extended applications accessing protected content, processing the first media key block with a first device key set to generate a first media key, and for each extended application, creating a second media key block in a protected area of the media. The second media key block is processed to generate a second media key. A content-accessing device processes the first and second media keys in order to access protected content.Type: ApplicationFiled: August 15, 2012Publication date: February 20, 2014Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Sigfredo I. Nin, Dulce B. Ponceleon
-
Patent number: 8656178Abstract: The present invention provides a method, system and program product for modifying content usage conditions during broadcast content distribution. Specifically, the present invention allows protected (e.g., encrypted, secured, etc.) content to be received along with content usage conditions, an encrypted combination of the content usage conditions and a title key (e.g., a MAC), and a key management block. Using the key management block, a key encrypting key can be determined for decrypting the combination. Once the combination is decrypted, the content usage conditions can be modified (e.g., edited, added to, etc.).Type: GrantFiled: April 18, 2002Date of Patent: February 18, 2014Assignee: International Business Machines CorporationInventors: Eric M. Foster, Jeffrey B. Lotspiech, Dalit Naor, Sigfredo I. Nin, Florian Pestoni, Wilfred E. Plouffe, Jr., Frank A. Schaffa
-
Patent number: 8280043Abstract: A system for protecting data in a security system generates and encodes a backup key for encoding long-lived secrets. The system generates a distribution plan for distributing cryptographic splits of the encoded backup key to selected persons based on geographic and organizational diversity. The distribution plan specifies a number M of the cryptographic splits to be generated and a number N of the cryptographic splits required to recover the backup key. The system processes utilize an init file comprising system parameters and state files each comprising parameters reflecting a state of the secure system after a transaction. Any of the state files may be used for any of the system processes. The state files and the init file are encoded by the backup key, thus protecting the long-lived secrets.Type: GrantFiled: June 5, 2008Date of Patent: October 2, 2012Assignee: International Business Machines CorporationInventors: Julian A. Cerruti, Sigfredo I Nin, Dulce B Ponceleon, Vladimir Zbarsky
-
Patent number: 7860246Abstract: A system for protecting data in a security system generates and encodes a backup key for encoding long-lived secrets. The system generates a distribution plan for distributing cryptographic splits of the encoded backup key to selected persons based on geographic and organizational diversity. The distribution plan specifies a number M of the cryptographic splits to be generated and a number N of the cryptographic splits required to recover the backup key. The system processes utilize an init file comprising system parameters and state files each comprising parameters reflecting a state of the secure system after a transaction. Any of the state files may be used for any of the system processes. The state files and the init file are encoded by the backup key, thus protecting the long-lived secrets.Type: GrantFiled: November 1, 2006Date of Patent: December 28, 2010Assignee: International Business Machines CorporationInventors: Julian A Cerruti, Sigfredo I Nin, Dulce B Ponceleon, Vladimir Zbarsky
-
Patent number: 7747877Abstract: A trusted Java virtual machine provides a method for supporting tamper-resistant applications, ensuring the integrity of an application and its secrets such as keys. The trusted Java virtual machine verifies the integrity of the Java application, prevents debugging of the Java application, and allows the Java application to securely store and retrieve secrets. The trusted Java virtual machine environment comprises a TrustedDictionary, a TrustedBundle, an optional encryption method for encrypting and decrypting byte codes, and an underlying trusted Java virtual machine. The encrypted TrustedDictionary protects data while the TrustedBundle protects programming code, allowing applications to store secret data and secure counters. The application designer can restrict TrustedBundle access to only those interfaces that the application designer explicitly exports. The open source code may optionally be encrypted.Type: GrantFiled: February 2, 2009Date of Patent: June 29, 2010Assignee: International Business Machines CorporationInventors: Hongxia Jin, Donald E. Leake, Jr., Jeffrey B. Lotspiech, Sigfredo I. Nin, Wilfred E. Plouffe
-
Publication number: 20090323970Abstract: A system for protecting data in a security system generates and encodes a backup key for encoding long-lived secrets. The system generates a distribution plan for distributing cryptographic splits of the encoded backup key to selected persons based on geographic and organizational diversity. The distribution plan specifies a number M of the cryptographic splits to be generated and a number N of the cryptographic splits required to recover the backup key. The system processes utilize an init file comprising system parameters and state files each comprising parameters reflecting a state of the secure system after a transaction. Any of the state files may be used for any of the system processes. The state files and the init file are encoded by the backup key, thus protecting the long-lived secrets.Type: ApplicationFiled: June 5, 2008Publication date: December 31, 2009Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Julian A. Cerruti, Sigfredo I. Nin, Dulce B. Ponceleon, Vladimir Zbarsky
-
Publication number: 20090138731Abstract: A trusted Java virtual machine provides a method for supporting tamper-resistant applications, ensuring the integrity of an application and its secrets such as keys. The trusted Java virtual machine verifies the integrity of the Java application, prevents debugging of the Java application, and allows the Java application to securely store and retrieve secrets. The trusted Java virtual machine environment comprises a TrustedDictionary, a TrustedBundle, an optional encryption method for encrypting and decrypting byte codes, and an underlying trusted Java virtual machine. The encrypted TrustedDictionary protects data while the TrustedBundle protects programming code, allowing applications to store secret data and secure counters. The application designer can restrict TrustedBundle access to only those interfaces that the application designer explicitly exports. The open source code may optionally be encrypted.Type: ApplicationFiled: February 2, 2009Publication date: May 28, 2009Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Hongxia Jin, Donald E. Leake, JR., Jeffrey B. Lotspiech, Sigfredo I. Nin, Wilfred E. Plouffe
-
Patent number: 7516331Abstract: A trusted Java virtual machine provides a method for supporting tamper-resistant applications, ensuring the integrity of an application and its secrets such as keys. The trusted Java virtual machine verifies the integrity of the Java application, prevents debugging of the Java application, and allows the Java application to securely store and retrieve secrets. The trusted Java virtual machine environment comprises a TrustedDictionary, a TrustedBundle, an optional encryption method for encrypting and decrypting byte codes, and an underlying trusted Java virtual machine. The encrypted TrustedDictionary protects data while the TrustedBundle protects programming code, allowing applications to store secret data and secure counters. The application designer can restrict TrustedBundle access to only those interfaces that the application designer explicitly exports. The open source code may optionally be encrypted.Type: GrantFiled: November 26, 2003Date of Patent: April 7, 2009Assignee: International Business Machines CorporationInventors: Hongxia Jin, Donald E. Leake, Jr., Jeffrey B. Lotspiech, Sigfredo I. Nin, Wilfred E. Plouffe
-
Publication number: 20080101596Abstract: A system for protecting data in a security system generates and encodes a backup key for encoding long-lived secrets. The system generates a distribution plan for distributing cryptographic splits of the encoded backup key to selected persons based on geographic and organizational diversity. The distribution plan specifies a number M of the cryptographic splits to be generated and a number N of the cryptographic splits required to recover the backup key. The system processes utilize an init file comprising system parameters and state files each comprising parameters reflecting a state of the secure system after a transaction. Any of the state files may be used for any of the system processes. The state files and the init file are encoded by the backup key, thus protecting the long-lived secrets.Type: ApplicationFiled: November 1, 2006Publication date: May 1, 2008Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Julian A. CERRUTI, Sigfredo I. Nin, Dulce B. PONCELEON, Vladimir ZBARSKY
-
Publication number: 20030198351Abstract: The present invention provides a method, system and program product for modifying content usage conditions during broadcast content distribution. Specifically, the present invention allows protected (e.g., encrypted, secured, etc.) content to be received along with content usage conditions, an encrypted combination of the content usage conditions and a title key (e.g., a MAC), and a key management block. Using the key management block, a key encrypting key can be determined for decrypting the combination. Once the combination is decrypted, the content usage conditions can be modified (e.g., edited, added to, etc.).Type: ApplicationFiled: April 18, 2002Publication date: October 23, 2003Applicant: International Business Machines CorporationInventors: Eric M. Foster, Jeffrey B. Lotspiech, Dalit Naor, Sigfredo I. Nin, Florian Pestoni, Wilfred E. Plouffe, Frank A. Schaffa