公开(公告)号：US08931082B2

公开(公告)日：2015-01-06

申请号：US13705991

申请日：2012-12-05

Applicant: Broadcom Corporation

Inventor： Stephane Rodgers ,  Andrew Dellow

IPC: H04L29/06 ,  G06F21/12 ,  G06F21/74 ,  G06F21/72

CPC classification number: G06F21/123 ,  G06F21/72 ,  G06F21/74 ,  G06F2221/2113

Abstract: A computing system includes a first security central processing unit (SCPU) of a system-on-a-chip (SOC), the first SCPU configured to execute functions of a first security level. The computing system also includes a second SCPU of the SOC coupled with the first SCPU and coupled with a host processor, the second SCPU configured to execute functions of a second security level less secure than the first security level, and the second SCPU executing functions not executed by the first SCPU.

Abstract translation: 计算系统包括片上系统（SOC）的第一安全中央处理单元（SCPU），第一SCPU被配置为执行第一安全级别的功能。 计算系统还包括与第一SCPU耦合并与主处理器耦合的SOC的第二SCPU，第二SCPU被配置为执行比第一安全级别更不安全的第二安全级别的功能，而第二SCPU执行功能不是 由第一个SCPU执行。

公开(公告)号：US08914647B2

公开(公告)日：2014-12-16

申请号：US14028293

申请日：2013-09-16

Applicant: Broadcom Corporation

Inventor： Andrew Dellow

IPC: H04L9/32 ,  H04L9/00 ,  H04L9/08 ,  H04L9/06 ,  H04L9/14

CPC classification number: H04L9/00 ,  H04L9/0637 ,  H04L9/0897 ,  H04L9/14 ,  H04L2209/60

Abstract: Methods and systems for protecting data may include controlling encryption and/or decryption and identifying a destination of corresponding encrypted and/or decrypted data, utilizing rules based on a source location of the data prior to the encryption or decryption and an algorithm that may have been previously utilized for encrypting and/or decrypting the data prior to the data being stored in the source location. The source location and/or destination of the data may comprise protected or unprotected memory. One or more of a plurality of algorithms may be utilized for the encryption and/or decryption. The rules may be stored in a key table, which may be stored on-chip, and may be reprogrammable. One or more keys for the encryption and/or decryption may be generated within the chip.

Abstract translation: 用于保护数据的方法和系统可以包括使用基于加密或解密之前的数据的源位置的规则来控制加密和/或解密以及识别对应的加密和/或解密数据的目的地以及可能已经被 先前用于在数据存储在源位置之前加密和/或解密数据。 数据的源位置和/或目的地可以包括受保护或不受保护的存储器。 多个算法中的一个或多个可以用于加密和/或解密。 该规则可以存储在键表中，其可以被存储在芯片上，并且可以被重新编程。 可以在芯片内生成用于加密和/或解密的一个或多个密钥。

公开(公告)号：US20140258708A1

公开(公告)日：2014-09-11

申请号：US13856651

申请日：2013-04-04

Applicant: BROADCOM CORPORATION

Inventor： Shashank Shekhar ,  Shee-Yen Tan ,  Andrew Dellow

IPC: H04L29/06

CPC classification number: H04L63/0428 ,  G06F13/28 ,  H04L9/0822 ,  H04L9/0861 ,  H04L63/0435

Abstract: A system for securing a variable length keyladder key includes a keyladder decryptor configured to alter a first layer key and to execute a keyladder algorithm to generate a content key, the keyladder algorithm to generate the content key by decrypting an encrypted second layer key with the altered first layer key. The alteration mirrors the alteration applied to encrypt the second layer key by a content server providing content data to be decrypted. The system may further include a cryptographic direct memory access controller (DMAC) coupled with the keyladder decryptor and to decrypt encrypted content data using the generated content key. The keyladder decryptor may be further configured to send the content key to be stored in the DMAC without information regarding how the first layer key was altered. The alteration may include a permutation function or other change or modification.

Abstract translation: 用于保护可变长度键盘键的系统包括键盘解码器，其配置为改变第一层密钥并执行键盘算法以生成内容密钥，所述键盘算法通过用改变的密钥解密加密的第二层密钥来生成内容密钥 第一层密钥 该改变反映了由提供要解密的内容数据的内容服务器应用于加密第二层密钥的改变。 系统还可以包括与键盘解码器耦合的加密直接存储器访问控制器（DMAC），并且使用所生成的内容密钥来解密加密的内容数据。 键盘解码器还可以被配置为发送要存储在DMAC中的内容密钥，而没有关于如何改变第一层密钥的信息。 该改变可以包括置换函数或其他改变或修改。

公开(公告)号：US09171170B2

公开(公告)日：2015-10-27

申请号：US13707050

申请日：2012-12-06

Applicant: Broadcom Corporation

Inventor： Andrew Dellow ,  Shashank Shekhar ,  Stephane Rodgers

IPC: H04N21/4627 ,  H04L9/08 ,  G06F21/78 ,  G06F21/60 ,  H04N21/4408 ,  G06F21/57 ,  G06F21/74 ,  H04N5/44 ,  H04N21/426

CPC classification number: G06F21/60 ,  G06F21/575 ,  G06F21/602 ,  G06F21/74 ,  G06F21/78 ,  G06F2221/2107 ,  G06F2221/2113 ,  H04L9/0838 ,  H04N5/4401 ,  H04N21/426 ,  H04N21/4408 ,  H04N21/4627

Abstract: A computing system, comprising includes a first central processing unit (CPU) and a second CPU coupled with the first CPU and with a host processor. The second CPU and the host processor may both request the first CPU to generate keys that have access rights to regions of memory to access specific data. The first CPU may be configured to, in response to a request from the second CPU, generate a unique key with a unique access right to a region of memory, the unique key usable only by the second CPU, not the host processor.

Abstract translation: 一种计算系统，包括第一中央处理单元（CPU）和与第一CPU耦合的第二CPU和主机处理器。 第二CPU和主机处理器都可以请求第一CPU产生具有对存储器区域的访问权限的密钥以访问特定数据。 第一CPU可以被配置为响应于来自第二CPU的请求，生成具有对存储器区域的唯一访问权限的唯一密钥，唯一密钥仅可由第二CPU而不是主机处理器使用。

公开(公告)号：US08843765B2

公开(公告)日：2014-09-23

申请号：US13648613

申请日：2012-10-10

Applicant: Broadcom Corporation

Inventor： Andrew Dellow

IPC: G06F21/00 ,  G06F21/57

CPC classification number: G06F21/575 ,  H04L9/0861 ,  H04L2209/60

Abstract: A device generates a content key that depends upon device security state information. For example, the device may retrieve a first content key and a security state, and then derive a content key using the first content key and the security state. Accordingly, if the security state is incorrect, then the generated content key is incorrect, and the device cannot decrypt content provided to the device.

Abstract translation: 设备生成依赖于设备安全状态信息的内容密钥。 例如，设备可以检索第一内容密钥和安全状态，然后使用第一内容密钥和安全状态导出内容密钥。 因此，如果安全状态不正确，则生成的内容密钥不正确，并且设备不能解密提供给设备的内容。

公开(公告)号：US20140098953A1

公开(公告)日：2014-04-10

申请号：US13648613

申请日：2012-10-10

Applicant: BROADCOM CORPORATION

Inventor： Andrew Dellow

IPC: H04L9/00

CPC classification number: G06F21/575 ,  H04L9/0861 ,  H04L2209/60

Abstract: A device generates a content key that depends upon device security state information. For example, the device may retrieve a first content key and a security state, and then derive a content key using the first content key and the security state. Accordingly, if the security state is incorrect, then the generated content key is incorrect, and the device cannot decrypt content provided to the device.

Abstract translation: 设备生成依赖于设备安全状态信息的内容密钥。 例如，设备可以检索第一内容密钥和安全状态，然后使用第一内容密钥和安全状态导出内容密钥。 因此，如果安全状态不正确，则生成的内容密钥不正确，并且设备不能解密提供给设备的内容。

公开(公告)号：US20140053230A1

公开(公告)日：2014-02-20

申请号：US13705991

申请日：2012-12-05

Applicant: BROADCOM CORPORATION

Inventor： Stephane Rodgers ,  Andrew Dellow

IPC: G06F21/00

CPC classification number: G06F21/123 ,  G06F21/72 ,  G06F21/74 ,  G06F2221/2113

Abstract: A computing system includes a first security central processing unit (SCPU) of a system-on-a-chip (SOC), the first SCPU configured to execute functions of a first security level. The computing system also includes a second SCPU of the SOC coupled with the first SCPU and coupled with a host processor, the second SCPU configured to execute functions of a second security level less secure than the first security level, and the second SCPU executing functions not executed by the first SCPU.

Abstract translation: 计算系统包括片上系统（SOC）的第一安全中央处理单元（SCPU），第一SCPU被配置为执行第一安全级别的功能。 计算系统还包括与第一SCPU耦合并与主处理器耦合的SOC的第二SCPU，第二SCPU被配置为执行比第一安全级别更不安全的第二安全级别的功能，而第二SCPU执行功能不是 由第一个SCPU执行。