Patents by Inventor Yaacov Belenky
Yaacov Belenky has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8051292Abstract: In connection with network elements in a network, enhancing security by measuring proximity between elements, that are communicating with each other, by using facilities of secure devices and secure elements in the network. In some embodiments, secured information stored in a device certificate comprises a device processing delay, and the device processing delay is used in calculating a net response time which is compared to a threshold.Type: GrantFiled: May 11, 2005Date of Patent: November 1, 2011Assignee: NDS LimitedInventors: Chaim D. Shen-Orr, Eliphaz Hibshoosh, Yaacov Belenky
-
Patent number: 8041943Abstract: A method for enforcing use of certificate revocation lists in validating certificates, the lists being associated with a series of list generation indices such that each list is assigned one index which advances according to a time of generation of the list, the lists and the indices being cryptographically signed, the method including receiving one of the lists and an associated index as an identifier of the one list, checking the certificates against the list, associating each of the certificates, which have been checked against the list, with the index, receiving an enforcement generation index (EGI) associated with a latest list in use, storing the EGI as a last known EGI, and refusing performance of an action associated with a certificate if the one index of the one certificate is earlier in the series than the last known EGI. Related apparatus and methods are also included.Type: GrantFiled: October 3, 2006Date of Patent: October 18, 2011Assignee: NDS LimitedInventors: Chaim Shen-Orr, Yaacov (Jordan) Levy, Yaacov Belenky
-
Patent number: 7940930Abstract: A system for scrambling/descrambling packets of a stream of content, each packet having a must stay clear (MSC) section, the system including an input handler including a receiving module to receive the stream, a characteristic analyzer to analyze the stream in order to determine a data independent characteristic of each packet, and a scrambling /descrambling device operationally associated with the input handler, the scrambling/descrambling device including a receiving module to receive the data independent characteristic for each packet from the input handler, and an Initial Value module to determine an Initial Value for each packet as a function of the data independent characteristic of one of the packets being processed, wherein the scrambling/descrambling device is adapted to scramble and/or descramble the packets based on the Initial Value and a Control Word. Related apparatus and methods are included.Type: GrantFiled: March 22, 2006Date of Patent: May 10, 2011Assignee: NDS LimitedInventors: Chaim Shen-Orr, Eliphaz Hibshoosh, Yaacov Belenky, Yaakov (Jordan) Levy
-
Publication number: 20110103582Abstract: A method and an apparatus for protecting digital content, in which an output format for received compressed encrypted digital content is determined based, at least in part, on a rule determining whether clear compressed output format is allowed. When the clear compressed output format is not allowed, the content is received in a form in which it has been encrypted by at least two different encryption methods, and processing of the content comprises a combination of decrypting in accordance with one of the encryption methods and decompression in an atomic operation.Type: ApplicationFiled: January 3, 2011Publication date: May 5, 2011Applicant: NDS LimitedInventors: Josh Kamins, Stephanie Wald, Yaacov Belenky, Carmi Bogot, Gabi Ickowicz, Uri Stroh, Abraham Wachtfogel
-
Publication number: 20110083194Abstract: A method for hindering detection of information unintentionally leaked from a secret held in a memory unit is described, the method including receiving a triggering event waiting for at least a first amount of time to pass after the receipt of the triggering event, the memory unit being in a non-operational state during the at least a first amount of time after the at least a first amount of time has passed, changing at least one first condition under which the memory unit operates, thereby causing the memory unit to enter an operational state, waiting for a second amount of time to pass after the changing at least one first condition, and changing, after the second amount of time, at least one second condition under which the memory unit operates, thereby causing the memory unit to enter the non-operational state, wherein access to the secret information is enabled only during the second amount of time, and detection of secret information unintentionally leaked is limited during the first amount of time.Type: ApplicationFiled: May 21, 2009Publication date: April 7, 2011Applicant: NDS LimitedInventors: Chaim Shen-Orr, Zvi Shkedy, Reuven Elbaum, Yonatan Shlomovich, Yigal Shapiro, Yaacov Belenky, Yaakov (Jordan) Levy, Reuben Sumner, Itsik Mantin
-
Patent number: 7920702Abstract: A system and a method for providing variable security mechanisms for securing digital content, in which a single security mechanism is not used for all content. Instead, at least one characteristic or feature of the security mechanism is varied between units, instances or categories of content. Therefore, even if unauthorized access is gained to a single unit of content, the overall integrity and security of the system for content distribution is not compromised. Preferably, security is provided though a general mechanism, which is then varied in order to provide variable, dissimilar security schemes for different types of content. By “type of content”, it is meant any of a single unit of content, a single instance of content or a single category of content. For example, for a category of content, the content may be characterized according to the identity of the content itself, such as the title of a movie for example, and/or according to the owner of a particular copy of the content.Type: GrantFiled: February 19, 2009Date of Patent: April 5, 2011Assignee: NDS LimitedInventors: Chaim Shen-Orr, Eliphaz Hibshoosh, Gyora Benedek, Hillel Solow, Yaacov Belenky, Yossi Tsuria, Zvi Shkedy
-
Patent number: 7904721Abstract: A method for producing a certificate, the certificate including data, the method including choosing a seed s, the seed s including a result of applying a function H to the data, generating a key pair (E,D), such that E=F(s,t), F being a publicly known function, and including s and t in the certificate. Related methods, and certificates produced by the various methods, are also described.Type: GrantFiled: December 27, 2007Date of Patent: March 8, 2011Assignee: NDS LimitedInventors: Yaacov Belenky, Chaim D. Shen-Orr, Aviad Kipnis, Victor Halpern
-
Publication number: 20100215180Abstract: A method and system for assigning a key to a device, the method including providing a device having a processor ID (CID) and an associated processor key (CK) and including a memory, at a first time, storing a personalization data ID (PDID) and associated personalization data (PD) in the memory, at a later time, sending the CID and the PDID to a security provider and receiving an activation value (AV) back from the security provider, the activation value AV being based, at least in part, on the CK and a personalization data key (PDK) associated with the PDID and the PD, computing, in the device, a result, based, at least in part, on the CK and the activation value, the result being produced by applying a first function g to the CK and the AV, such that the result=g(CK, AV), and storing the result in the memory, wherein a second function ƒ is used to compute the value of AV, such that AV=ƒ(CK, PDK), and ƒ includes an inverse function of function g, such that g(CK, ƒ(CK, PDK))=PDK, thereby assigning the personalType: ApplicationFiled: June 11, 2008Publication date: August 26, 2010Applicant: NDS LIMITEDInventors: Yaacov Belenky, Yaakov Jordan Levy, Ittael Fraenkel
-
Publication number: 20090290713Abstract: A method for preventing rendering of content at overlapping time periods on more rendering devices than permitted by a license associated with the content is disclosed.Type: ApplicationFiled: October 30, 2007Publication date: November 26, 2009Applicant: NDS LimitedInventor: Yaacov Belenky
-
Publication number: 20090154697Abstract: A system and a method for providing variable security mechanisms for securing digital content, in which a single security mechanism is not used for all content. Instead, at least one characteristic or feature of the security mechanism is varied between units, instances or categories of content. Therefore, even if unauthorized access is gained to a single unit of content, the overall integrity and security of the system for content distribution is not compromised. Preferably, security is provided though a general mechanism, which is then varied in order to provide variable, dissimilar security schemes for different types of content. By “type of content”, it is meant any of a single unit of content, a single instance of content or a single category of content. For example, for a category of content, the content may be characterized according to the identity of the content itself, such as the title of a movie for example, and/or according to the owner of a particular copy of the content.Type: ApplicationFiled: February 19, 2009Publication date: June 18, 2009Applicant: NDS LimitedInventors: Chaim Shen-Orr, Eliphaz Hibshoosh, Gyora Benedek, Hillel Solow, Yaacov Belenky, Yossi Tsuria, Zvi Shkedy
-
Publication number: 20090144551Abstract: A method for securing encryption keys is described, the method including providing a first device and a second device, the first device including first secure hardware and first insecure hardware, and the second device including second secure hardware and second insecure hardware, generating in the first secure hardware at least two period keys, the at least two period keys stored in the first secure hardware, generating in the first secure hardware a plurality of session keys, the session keys being stored in either the first secure hardware or the first insecure hardware, encrypting at least one of the plurality of session keys generated in the first device according to a first of the two period keys included in the first secure hardware, encrypting at least one of the plurality of session keys generated in the first device according to a second of the two period keys included in the first secure hardware, generating in the second secure hardware at least two period keys, the at least two period keys storedType: ApplicationFiled: January 22, 2007Publication date: June 4, 2009Applicant: NDS LimitedInventor: Yaacov Belenky
-
Publication number: 20090113206Abstract: A method for enforcing use of certificate revocation lists in validating certificates, the lists being associated with a series of list generation indices such that each list is assigned one index which advances according to a time of generation of the list, the lists and the indices being cryptographically signed, the method including receiving one of the lists and an associated index as an identifier of the one list, checking the certificates against the list, associating each of the certificates, which have been checked against the list, with the index, receiving an enforcement generation index (EGI) associated with a latest list in use, storing the EGI as a last known EGI, and refusing performance of an action associated with a certificate if the one index of the one certificate is earlier in the series than the last known EGI. Related apparatus and methods are also included.Type: ApplicationFiled: October 3, 2006Publication date: April 30, 2009Applicant: NDS LimitedInventors: Chaim Shen-Orr, Yaacov (Jordan) Levy, Yaacov Belenky
-
Patent number: 7512986Abstract: A system and a method for providing variable security mechanisms for securing digital content, in which a single security mechanism is not used for all content. Instead, at least one characteristic or feature of the security mechanism is varied between units, instances or categories of content. Therefore, even if unauthorized access is gained to a single unit of content, the overall integrity and security of the system for content distribution is not compromised. Preferably, security is provided through a general mechanism, which is then varied in order to provide variable, dissimilar security schemes for different types of content. By “type of content”, it is meant any of a single unit of content, a single instance of content or a single category of content. For example, for a category of content, the content may be characterized according to the identity of the content itself, such as the title of a movie for example, and/or according to the owner of a particular copy of the content.Type: GrantFiled: February 21, 2002Date of Patent: March 31, 2009Assignee: NDS LimitedInventors: Chaim Shen-Orr, Eliphaz Hibshoosh, Gyora Benedek, Hillel Solow, Yaacov Belenky, Yossi Tsuria, Zvi Shkedy
-
Publication number: 20090037738Abstract: A method for producing a certificate, the certificate including data, the method including choosing a seed s, the seed s including a result of applying a function H to the data, generating a key pair (E,D), such that E=F(s,t), F being a publicly known function, and including s and t in the certificate. Related methods, and certificates produced by the various methods, are also described.Type: ApplicationFiled: December 27, 2007Publication date: February 5, 2009Applicant: NDS LimitedInventors: Yaacov Belenky, Chaim D. Shen-Orr, Aviad Kipnis, Victor Halperin
-
Patent number: 7436953Abstract: A method for producing an output from an input encoding the output, the method including choosing functions G, F, and H, providing an input x, choosing a random number r, computing x?=G(x, r), sending x? to a computation unit, computing, in the computation unit, y?=F(x?), receiving y? from the computation unit, and computing the output w=H(y?, r), wherein G, F, and H are chosen such that w is not dependent on the choice or r. Related apparatus and methods are also described.Type: GrantFiled: August 21, 2002Date of Patent: October 14, 2008Assignee: NDS LimitedInventors: Victor Halperin, Yossi Tsuria, Yaacov Belenky, Dov Falik, Yaron Sella
-
Publication number: 20080137851Abstract: A system for scrambling/descrambling packets of a stream of content, each packet having a must stay clear (MSC) section, the system including an input handler including a receiving module to receive the stream, a characteristic analyzer to analyze the stream in order to determine a data independent characteristic of each packet, and a scrambling /descrambling device operationally associated with the input handler, the scrambling/descrambling device including a receiving module to receive the data independent characteristic for each packet from the input handler, and an Initial Value module to determine an Initial Value for each packet as a function of the data independent characteristic of one of the packets being processed, wherein the scrambling/descrambling device is adapted to scramble and/or descramble the packets based on the Initial Value and a Control Word. Related apparatus and methods are included.Type: ApplicationFiled: March 22, 2006Publication date: June 12, 2008Applicant: NDS LimitedInventors: Chaim Shen-Orr, Eliphaz Hibshoosh, Yaacov Belenky, Yaakov (Jordan) Levy
-
Publication number: 20080091952Abstract: An intermediate certificate authority (ICA) for a hierarchical certificate authority structure (HCAS), the HCAS having a plurality of levels, the levels including a root level, at least one intermediate level, and a leaf level, the root level having a root certificate authority, the ICA being in the at least one intermediate level, the ICA including a certificate receiving module to receive a first certificate signed by a certificate authority in a level above the level of the ICA, the first certificate certifying an aspect of the ICA, the first certificate having an expiration time, and a certificate signing module to sign a second certificate for a member of the HCAS, prior to the expiration time of the first certificate, such that the second certificate expires after the expiration time of the first certificate, the member being in a level below the level of the ICA, the second certificate certifying an aspect of the member. Related apparatus and methods are also described.Type: ApplicationFiled: September 8, 2005Publication date: April 17, 2008Applicant: NDS LimitedInventors: Reuben Sumner, Yaacov Belenky
-
Patent number: 7340606Abstract: A method for producing a certificate, the certificate including data, the method including choosing a seed s, the seed s including a result of applying a function H to the data, generating a key pair (E,D), such that E=F(s,t), F being a publicly known function, and including s and t in the certificate. Related methods, and certificates produced by the various methods, are also described.Type: GrantFiled: December 29, 2003Date of Patent: March 4, 2008Assignee: NDS Ltd.Inventors: Yaacov Belenky, Chaim D. Shen-Orr, Aviad Kipnis, Victor Halperin
-
Publication number: 20070300070Abstract: A method for determining proximity between a first device and a second device, the method comprising providing a first device storing a first device private key, the first device having an associated secure first device certificate storing secured information, the secured information comprising a first device public key corresponding to the first device private key, providing a second device storing a second device private key, the second device having an associated secure second device certificate storing secured information, the secured information comprising a second device public key corresponding to the second device private key, and a second device processing delay, providing a copy of the second device certificate to the first device, establishing a secure authenticated channel between the first device and the second device, sending a proximity challenge from the first device to the second device, the proximity challenge including a numeric challenge value, receiving the proximity challenge at the secoType: ApplicationFiled: May 11, 2005Publication date: December 27, 2007Applicant: NDS LimitedInventors: Chaim Shen-Orr, Eliphaz Hibshoosh, Yaacov Belenky
-
Publication number: 20070297603Abstract: A method for protecting digital content is described. The method includes receiving compressed encrypted digital content (810), determining an output format based, at least in part, on all of the following: a user-requested output format; received control information; and a rule determining whether a clear compressed output format is allowed (820); and producing output from the compressed digital content (830) based on a result of the determining (820), wherein, if the rule does not allow clear compressed output format, the compressed encrypted digital content is provided in a form which prevents production of clear compressed output in the producing step. Related apparatus and methods are also described.Type: ApplicationFiled: November 16, 2003Publication date: December 27, 2007Inventors: Josh Kamins, Stephanie Wald, Yaacov Belenky, Carmi Bogot, Gabi Ickowicz, Uri Stroh, Abraham Wachtfogel