Remotely authenticated operation method
First Claim
1. A system comprising:
- a network coupling a first subsystem and a second subsystem;
the first subsystem comprising a first processing subsystem providing logic (a) for processing of streaming data packets, according to defined rules for processing streaming data packets, and (b) for generation and selectively sending of security tag vectors; and
a second subsystem comprising a second processing subsystem (a) for sending the streaming data packets to the first subsystem, (b) for receiving the security tag vectors, and (c) for providing logic for validating the received security tag vectors responsive to a defined validation logic.
3 Assignments
0 Petitions
Accused Products
Abstract
The objective of this invention is to provide continuous remote authenticated operations for ensuring proper content processing and management in remote untrusted computing environment. The method is based on using a program that was hidden within the content protection program at the remote untrusted computing environment, e.g., an end station. The hidden program can be updated dynamically and it includes an inseparable and interlocked functionality for generating a pseudo random sequence of security signals. Only the media server that sends the content knows how the pseudo-random sequence of security signals were generated; therefore, the media server is able to check the validity of the security signals, and thereby, verify the authenticity of the programs used to process content at the remote untrusted computing environment. If the verification operation fails, the media server will stop the transmission of content to the remote untrusted computing environment.
174 Citations
102 Claims
-
1. A system comprising:
-
a network coupling a first subsystem and a second subsystem;
the first subsystem comprising a first processing subsystem providing logic (a) for processing of streaming data packets, according to defined rules for processing streaming data packets, and (b) for generation and selectively sending of security tag vectors; and
a second subsystem comprising a second processing subsystem (a) for sending the streaming data packets to the first subsystem, (b) for receiving the security tag vectors, and (c) for providing logic for validating the received security tag vectors responsive to a defined validation logic. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
-
37. A method for authenticated operation on data flows between at least a first computing element and a second computing element, the method comprising:
-
receiving the data from the first computing element;
processing the data and generating security tag vectors in the first computing element;
sending the security tag vectors to the second computing element; and
validating the security tag vectors in the second computing element to determine compliant communication of the data. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 48, 49, 50, 51)
-
-
47. The method as in 45, wherein the renewing is performed in at least one of:
periodically, at random times, at predefined times, at predefined times derived from coordinated universal time (UTC), responsive to receiving data by the first computing element, responsive to sending the security tag vectors, and responsive to sending data by the second computing element.
-
52. A method of providing content protection in streaming data packets, the method comprising:
-
defining within a first subsystem defined rules for processing;
receiving the streaming data packets in the first subsystem;
processing of the streaming data packets in the first subsystem according to defined rules for processing;
generating security tag vectors responsive to the defined rules for processing;
sending the security tag vectors from the first subsystem to a second subsystem;
providing defined validation logic in the second subsystem;
processing, in the second subsystem, the received security tag vectors, responsive to the defined validation logic to provide respective validated security tag vectors; and
processing in the second subsystem the validated security tag vectors and the received security tag vectors to determine compliant communication of the streaming data packets to the first subsystem from a third subsystem. - View Dependent Claims (53)
-
-
54. A communication method for authentication of communications of data packets, the method comprising:
-
defining rules of processing;
generating security tag vectors responsive to the rules of processing and the data packets;
transmitting data packets from a second subsystem to a first subsystem;
receiving the transmitted streaming data packets for processing in the first subsystem;
sending respective ones of the security tag vectors from the first subsystem to the second subsystem, responsive to the data packets and the rules of processing; and
processing the received security tag vectors in the second subsystem to assure that the processing in the first subsystem is compliant with the defined rules of processing. - View Dependent Claims (55)
-
-
56. A system for providing remotely authenticated operations, the system comprising:
-
a tag generator operating from an initial generator state to generate a sequence of security tag vectors responsive to a sequence of content processing steps;
means providing for transmission of the sequence of security tag vectors;
a tag verifier operating from an initial verification state to generate a sequence of comparison security tag vectors for selective comparison to sequence of the security tag vectors; and
means for coordinating the initial generator state and the initial verifier state prior to the sequence of content processing steps, wherein the tag verifier selectively provides valid comparison tags responsive to the means for coordinating. - View Dependent Claims (57, 58, 59, 60, 61, 62, 63)
-
-
64. A system for providing secure integration of separate logic modules to provide a combined functionality, the system comprising:
-
a first processing subsystem (a) for processing of streaming data packets, responsive to defined rules for processing streaming data packets, and (b) for generation and selectively sending of security tag vectors;
wherein the first processing subsystem is further comprised of a plurality of software logic modules each operable stand-alone to provide a respective one of a plurality of subtask functions; and
a transformation controller for interlocking the plurality of software logic modules into a single logic program;
wherein the combined functionality is only provided when the plurality of subtask functions are executed responsive to the single logic program. - View Dependent Claims (65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95)
-
-
96. A method of providing controlled signaling, the method comprising:
-
providing defined rules of at least one of;
transmission, forwarding, and operation;
processing streaming data packets in accordance with the defined rules;
generating a security tag vector responsive to validating the processing in accordance with the defined rules; and
constructing a signal responsive to computing with the security tag vector. - View Dependent Claims (97, 98, 99, 100, 101, 102)
-
Specification