| 发明名称 |
ENHANCED SECURITY SETUP FOR MEDIA DECRYPTION |
| 摘要 |
Systems and methods for enhanced security of media are provided. Media security may be enhanced by improving the setup of encryption and/or decryption, by improving the performance of encryption and/or decryption, or by improving both. The calls related to enhanced security of media from an application in an emulated environment to a security module in the operating system hosting the emulated environment may be combined to reduce the overhead of accessing a security module. An application handling secure shell (SSH) communications may execute multiple calls to a cryptographic module in the host operating system. Because many calls to the cryptographic module during SSH communications follow patterns, two or more related calls may be combined into a single combined call to the cryptographic module. For example, a call to generate a server-to-client key and a call to generate a client-to-server key may be combined into a single call. |
| 申请公布号 |
US2015244527(A1) |
申请公布日期 |
2015.08.27 |
| 申请号 |
US201414190213 |
申请日期 |
2014.02.26 |
| 申请人 |
Clayton Kevin;Wilkes Peter |
发明人 |
Clayton Kevin;Wilkes Peter |
| 分类号 |
H04L9/32;H04L9/08 |
主分类号 |
H04L9/32 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method for setting up secure media decryption in one call, comprising:
providing an interface for an application executing in an emulated environment of a host operating system, in which the application accesses a security module in the host operating system through calls to the interface; identifying two or more related calls, from the application to the module, for setting up secure media decryption, in which the two or more related calls comprise at least one of
a call to create a cryptography context;a call to decrypt an encrypted binary large object (BLOB) using a machine key to obtain an encryption key from the decrypted BLOB;a call to compute an initialization vector;a call to create a cipher instance; anda call to set an encryption key associated with the cipher instance to the obtained encryption key from the decrypted BLOB and an initialization vector associated with the cipher instance to the computed initialization vector; combining the two or more related calls into a single call; and executing the single combined call to the module of the host operating system to perform the two or more related calls. |
| 地址 |
Irvine CA US |
