Patents by Inventor Sunil C. Agrawal

Sunil C. Agrawal has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 9805211
    Abstract: Various embodiments of a system and method for multipronged authentication are described. Embodiments may include a client system that implements a runtime component configured to consume content. The client system may be configured to implement a digital rights management component configured to perform one or more cryptographic operations and also authenticate the runtime component. The client system may receive encrypted content from a remote computer system and receive a given authentication component from a remote computer system; that authentication component may be configured to authenticate the runtime component. The client system may, based on authentication of the runtime component by both the digital rights management component and the given authentication component, decrypt at least a portion of the encrypted content.
    Type: Grant
    Filed: March 30, 2015
    Date of Patent: October 31, 2017
    Assignee: Adobe Systems Incorporated
    Inventors: Sunil C. Agrawal, Joseph D. Steele
  • Patent number: 9225520
    Abstract: Various embodiments of a system and method for deterministic generation of a common content encryption key on distinct encryption units are described. Embodiments may include, for each given content item of multiple content items that represent one or more portions of a common media object, controlling a different encryption unit of multiple distinct encryption units to i) generate a content encryption key for the given content item based on: a common base secret shared by the multiple distinct encryption units, and an identifier specific to the media object, and ii) encrypt the given content item with the respective content encryption key generated for that content item in order to generate a respective encrypted content item. Each content encryption key generated for a given content item may be equivalent to each other content encryption key such that decryption of each encrypted content item requires a common decryption key.
    Type: Grant
    Filed: May 28, 2010
    Date of Patent: December 29, 2015
    Assignee: Adobe Systems Incorporated
    Inventors: Noam Lorberbaum, Sunil C. Agrawal, Katherine K. Nadell
  • Patent number: 9124422
    Abstract: Various embodiments of a system and method for digital rights management with secure application-content binding are described. Various embodiments may include a system configured to decrypt an encrypted application key with a private key. The system may also be configured to decrypt an encrypted application including a binding key with the decrypted application key. The system may also be configured to decrypt an encrypted content key with the binding key from the decrypted application. The system may be further configured to decrypt encrypted content with the decrypted content key. In various embodiments, the system may also be configured to consume the decrypted content with the decrypted application.
    Type: Grant
    Filed: May 29, 2009
    Date of Patent: September 1, 2015
    Assignee: Adobe Systems Incorporated
    Inventors: Florian Pestoni, Sunil C. Agrawal, Pritham Shetty
  • Publication number: 20150205975
    Abstract: Various embodiments of a system and method for multipronged authentication are described. Embodiments may include a client system that implements a runtime component configured to consume content. The client system may be configured to implement a digital rights management component configured to perform one or more cryptographic operations and also authenticate the runtime component. The client system may receive encrypted content from a remote computer system and receive a given authentication component from a remote computer system; that authentication component may be configured to authenticate the runtime component. The client system may, based on authentication of the runtime component by both the digital rights management component and the given authentication component, decrypt at least a portion of the encrypted content.
    Type: Application
    Filed: March 30, 2015
    Publication date: July 23, 2015
    Inventors: Sunil C. Agrawal, Joseph D. Steele
  • Patent number: 9027143
    Abstract: Various embodiments of a system and method for multipronged authentication are described. Embodiments may include a client system that implements a runtime component configured to consume content. The client system may be configured to implement a digital rights management component configured to perform one or more cryptographic operations and also authenticate the runtime component. The client system may receive encrypted content from a remote computer system and receive a given authentication component from a remote computer system; that authentication component may be configured to authenticate the runtime component. The client system may, based on authentication of the runtime component by both the digital rights management component and the given authentication component, decrypt at least a portion of the encrypted content.
    Type: Grant
    Filed: August 26, 2009
    Date of Patent: May 5, 2015
    Assignee: Adobe Systems Incorporated
    Inventors: Sunil C. Agrawal, Joseph D. Steele
  • Patent number: 8959346
    Abstract: Various embodiments of a system and method for a single request-single response protocol with mutual replay attack protection are described. Embodiments include a system that receives multiple single request messages, each of which include a respective nonce, timestamp, and digital signature. The system may create a record of previously received nonces that, at any given time, may include multiple message nonces received within a valid period of time prior to that given time. To validate a given single request message, the system verifies the digital signature of the message, determines that the timestamp of the message indicates a time within the valid period of time prior to the current time, and determines that the nonce of the message is not present within the record of previously received nonces. The system sends a single response message that includes the same nonce as the validated message.
    Type: Grant
    Filed: January 30, 2013
    Date of Patent: February 17, 2015
    Assignee: Adobe Systems Incorporated
    Inventor: Sunil C. Agrawal
  • Patent number: 8925109
    Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for verifying a message based on application of a hashing algorithm. In one aspect, a method includes obtaining a license, from a remote server, for a content item to be presented using a player file executed by a multimedia player on a computing device. The license includes an encryption key and an authorization to present the content item using one or more authorized player files. A particular player file is received for use in presenting the content item, and a determination is made whether the particular player file is authorized for use in presenting the content item based on the authorization. The content item is decrypted using the encryption key, and the content item is presented using the particular player file in accordance with the determination.
    Type: Grant
    Filed: September 3, 2010
    Date of Patent: December 30, 2014
    Assignee: Adobe Systems Incorporated
    Inventors: Sunil C. Agrawal, Roderick David Schultz
  • Publication number: 20140289525
    Abstract: Various embodiments of a system and method for decentralized management of keys and policies are described. Various embodiments may include a computer system configured to receive a request from a remote computer system associated with a recipient of content. Such request may include an encrypted content encryption key that is encrypted with a packaging key utilized by a packaging entity. The request may also include an identifier identifying the packaging entity. In some embodiments, the request may also include policy information specifying one or more usage rights of the content. The computer system may be configured to, in response to determining the recipient is authorized to access the content, generate the packaging key based on the identifier and a secret root seed, utilize the generated packaging key to decrypt the encrypted content encryption key, and provide the decrypted content encryption key to the remote computer system.
    Type: Application
    Filed: August 28, 2009
    Publication date: September 25, 2014
    Inventors: Sunil C. Agrawal, Katherine K. Nadell
  • Patent number: 8831228
    Abstract: Various embodiments of a system and method for decentralized management of keys and policies are described. Various embodiments may include a computer system configured to receive a request from a remote computer system associated with a recipient of content. Such request may include an encrypted content encryption key that is encrypted with a packaging key utilized by a packaging entity. The request may also include an identifier identifying the packaging entity. In some embodiments, the request may also include policy information specifying one or more usage rights of the content. The computer system may be configured to, in response to determining the recipient is authorized to access the content, generate the packaging key based on the identifier and a secret root seed, utilize the generated packaging key to decrypt the encrypted content encryption key, and provide the decrypted content encryption key to the remote computer system.
    Type: Grant
    Filed: August 28, 2009
    Date of Patent: September 9, 2014
    Assignee: Adobe Systems Incorporated
    Inventors: Sunil C. Agrawal, Katherine K. Nadell
  • Patent number: 8789196
    Abstract: Embodiments may include a content provider system configured to provide electronic content that includes multiple encrypted content items to a playback device. A playback device may be configured to acquire root licenses and/or content licenses from a license server; such licenses may cryptographically protect the content items that a playback device receives from a content provider system. In various embodiments, the electronic content may be content that is to be linearly consumed, such as a channel within a broadcast environment. In various embodiments, the playback device may explicitly request a license for one or more of the content items that it receives; such request may be issued to a license server. The license server may evaluate the request and respond to the playback device with the license for a content item. In various embodiments, the playback device may utilize the received license to decrypt and consume the respective content item.
    Type: Grant
    Filed: May 28, 2010
    Date of Patent: July 22, 2014
    Assignee: Adobe Systems Incorporated
    Inventors: Florian Pestoni, Sunil C. Agrawal, Viswanathan Swaminathan
  • Patent number: 8713322
    Abstract: Methods and apparatus, including computer program products, implementing and using techniques for establishing trust in an electronic document. An electronic document is received. State dependent content in the electronic document is identified. The state dependent content is content that is renderable to have a several appearances. The electronic document is presented to a user, which includes disclosing the presence of any identified state dependent content in the electronic document.
    Type: Grant
    Filed: August 24, 2012
    Date of Patent: April 29, 2014
    Assignee: Adobe Systems Incorporated
    Inventors: James D. Pravetz, Krish Chaudhury, Sunil C. Agrawal
  • Patent number: 8707404
    Abstract: Various embodiments of a system and method for transparently authenticating a user to a digital rights management entity are described. In various embodiments, a digital rights management server may be configured to receive an authentication token from a first remote computer system. Such authentication token may indicate that a particular user of the first remote computer system was authenticated by a first content provider of one or more content providers. In various embodiments, the digital rights management server may also be configured to verify the authentication token by determining that one or more portions of the authentication token were generated based on respective authentication information issued to the first content provider. In various embodiments, the digital rights management server may also be configured to, in response to verification of the authentication token, issue to the first remote computer system one or more credentials.
    Type: Grant
    Filed: August 28, 2009
    Date of Patent: April 22, 2014
    Assignee: Adobe Systems Incorporated
    Inventors: Peter Sorotokin, James L. Lester, Sunil C. Agrawal, Andrei Sheretov
  • Patent number: 8688997
    Abstract: One embodiment of the present invention provides a system that uses digital certificates to facilitate enforcing licensing terms for applications that manipulate documents. During operation, the system obtains a credential, wherein the credential includes a private key and a digital certificate containing a corresponding public key. This digital certificate also contains a profile specifying allowed operations which can be performed on documents signed with the credential. Next, the system digitally signs a document using the credential, so that the resulting signed document is signed with the private key and includes a copy of the digital certificate with the profile specifying the allowed operations. The certificate issuer can subsequently revoke the digital certificate (which effectively revokes the license) if teens of a license agreement associated with the digital certificate are violated.
    Type: Grant
    Filed: September 9, 2011
    Date of Patent: April 1, 2014
    Assignee: Adobe Systems Incorporated
    Inventors: Sujata Das, Sunil C. Agrawal, Charles R. Myers, IV
  • Patent number: 8635442
    Abstract: Various embodiments of a system and method for long-term digital signature verification utilizing light weight digital signatures are described. Embodiments may include a verifying entity system that receives digitally signed data including a portion of data, signing time, and digital signature. The verifying entity system may receive a digital certificate that includes information for verifying the digital signature and an expiration time for the certificate. The verifying entity system may receive CRL that persists revocation information corresponding to ones of the revoked digital certificates that have already expired. The verifying entity system may utilize the CRL to determine that the digital signature is valid subsequent to its expiration time. The verifying entity system may evaluate the CRL to determine that the digital certificate was not revoked at the signing time. The verifying entity system may determine the digital signature is a valid digital signature and generate a corresponding result.
    Type: Grant
    Filed: April 28, 2009
    Date of Patent: January 21, 2014
    Assignee: Adobe Systems Incorporated
    Inventor: Sunil C. Agrawal
  • Patent number: 8578157
    Abstract: Various embodiments of a system and method of digital rights management with authorized device groups are described. Various embodiments may include a system including a digital rights management (DRM) component configured to receive a private key of an authorized device group. In various embodiments, the receipt of the private key of the authorized device group may indicate the system is an authorized member of a group of devices permitted to access content items protected by a common public key associated with the authorized device group. In various embodiments the DRM component may be configured to, for each given content item of multiple content items that are encrypted with different content keys, decrypt an encrypted content key from the given content item with the private key of the authorized device group and decrypt content from the given content item with the decrypted content key.
    Type: Grant
    Filed: May 29, 2009
    Date of Patent: November 5, 2013
    Assignee: Adobe Systems Incorporated
    Inventors: Florian Pestoni, Sunil C. Agrawal, Pritham Shetty
  • Publication number: 20130212404
    Abstract: Methods and apparatus, including computer program products, implementing and using techniques for document authentication. An electronic document is presented to a user. The electronic document has data representing a signed state and a current state. A disallowed difference between the signed state and the current state is detected, based on one or more rules that are associated with the electronic document. A digital signature associated with the electronic document is invalidated in response to the detecting.
    Type: Application
    Filed: June 7, 2010
    Publication date: August 15, 2013
    Applicant: Adobe Systems Incorporated
    Inventors: James D. Pravetz, Krish Chaudhury, Sunil C. Agrawal
  • Publication number: 20130166909
    Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for verifying a message based on application of a hashing algorithm. In one aspect, a method includes obtaining a license, from a remote server, for a content item to be presented using a player file executed by a multimedia player on a computing device. The license includes an encryption key and an authorization to present the content item using one or more authorized player files. A particular player file is received for use in presenting the content item, and a determination is made whether the particular player file is authorized for use in presenting the content item based on the authorization. The content item is decrypted using the encryption key, and the content item is presented using the particular player file in accordance with the determination.
    Type: Application
    Filed: September 3, 2010
    Publication date: June 27, 2013
    Applicant: ADOBE SYSTEMS INCORPORATED
    Inventors: Sunil C. Agrawal, Roderick David Schultz
  • Publication number: 20130132733
    Abstract: Various embodiments of a system and method for digital rights management with system individualization are described. In various embodiments, a DRM component may generate a request for machine-specific credentials specific to the system on which the DRM component is implemented. This request may include device information of component(s) of such system. The DRM component may also receive an encrypted response that includes the machine-specific credentials. This encrypted response may be encrypted with a machine-specific encryption key generated from the device information. In various embodiments the response may be generated by an individualization server that verified the request for machine-specific credentials. The DRM component may also, based on the device information of the system on which the DRM component is implemented, generate an encryption key equivalent to the machine-specific encryption key with which the received response is encrypted.
    Type: Application
    Filed: May 26, 2009
    Publication date: May 23, 2013
    Inventors: Sunil C. Agrawal, Katherine K. Nadell, Kunal D. Shah
  • Publication number: 20130132232
    Abstract: Various embodiments of a system and method for digital rights management with delegated authorization for content access are described. Such embodiments may include a runtime component configured to receive protected content. The runtime component may be configured to submit a request for a delegation token to a first entity, such as a content merchant or some other entity. The runtime component may be configured to receive the delegation token from the first entity. The runtime component may also be configured to submit a request for a content license for the protected content to a second entity, such as an access coordinator or some other entity. The submitted request may include the received delegation token. The runtime component may be configured to receive the content license from the second entity. The runtime component may also be configured to provide access to the protected content in accordance with the received content license.
    Type: Application
    Filed: August 21, 2009
    Publication date: May 23, 2013
    Inventors: Florian Pestoni, Pritham Shetty, Sunil C. Agrawal, Katherine K. Nadell
  • Publication number: 20130132718
    Abstract: Various embodiments of a system and method for long-term digital signature verification utilizing light weight digital signatures are described. Embodiments may include a verifying entity system that receives digitally signed data including a portion of data, signing time, and digital signature. The verifying entity system may receive a digital certificate that includes information for verifying the digital signature and an expiration time for the certificate. The verifying entity system may receive CRL that persists revocation information corresponding to ones of the revoked digital certificates that have already expired. The verifying entity system may utilize the CRL to determine that the digital signature is valid subsequent to its expiration time. The verifying entity system may evaluate the CRL to determine that the digital certificate was not revoked at the signing time. The verifying entity system may determine the digital signature is a valid digital signature and generate a corresponding result.
    Type: Application
    Filed: April 28, 2009
    Publication date: May 23, 2013
    Inventor: Sunil C. Agrawal