公开(公告)号：US20070223538A1

公开(公告)日：2007-09-27

申请号：US11385307

申请日：2006-03-21

Applicant: Stephane Rodgers

Inventor： Stephane Rodgers

IPC: H04J3/06

CPC classification number: H04J3/0605 ,  H04N21/2368 ,  H04N21/4307 ,  H04N21/4341 ,  H04N21/44008

Abstract: A method and system are provided for using generic comparators with firmware interface to assist video/audio decoders in achieving frame sync. The method may involve processing a portion of an incoming packet by hardware components, which may result in a partially processed packet. The incoming packet may comprise audio, video, and/or record data. The partially processed packet may then be completely processed by firmware and sent to decoders if comprising audio/video data or to a record engine if comprising record data. Generic comparators may be utilized with the incoming packet to search for data patterns associated with synchronization information within the packet. The extracted data patterns may be sent to the firmware to utilize while processing the partially processed packet. The firmware may send synchronization information determined based on the extracted data patterns to aid decoders in decoding audio and video content.

Abstract translation: 提供了一种使用具有固件接口的通用比较器来辅助视频/音频解码器实现帧同步的方法和系统。 该方法可以涉及通过硬件组件处理输入分组的一部分，这可能导致部分处理的分组。 输入分组可以包括音频，视频和/或记录数据。 然后，部分处理的分组可以被固件完全处理，并且如果包括音频/视频数据则发送到解码器，或者如果包括记录数据则发送到记录引擎。 通用比较器可以与输入分组一起使用以搜索与分组内的同步信息相关联的数据模式。 提取的数据模式可以被发送到固件以在处理部分处理的分组的同时使用。 固件可以发送基于提取的数据模式确定的同步信息，以帮助解码器解码音频和视频内容。

公开(公告)号：US09811330B2

公开(公告)日：2017-11-07

申请号：US11758387

申请日：2007-06-05

Applicant: Stephane Rodgers

Inventor： Stephane Rodgers

IPC: G06F3/00 ,  G06F9/445 ,  G06F21/57

CPC classification number: G06F8/65 ,  G06F21/57

Abstract: Methods and systems for securing code in a reprogrammable security system are provided and may comprise detecting when a prior version of code is copied over a subsequent version of code. Operations within the system may be controlled based upon detection of the prior version of code. A unique version identifier may be associated with each successive version of code. The system may compare instances of unique version identifier from varied storage mechanisms on a device which may include flash memory, latch memory and one time programmable memory. The same instances of unique version identifier may be compared with a unique version identifier instance independently received from an external entity. When a comparison reveals a prior version of code copied over a subsequent version of code the system may conduct operations specified for a security breach.

公开(公告)号：US09026800B2

公开(公告)日：2015-05-05

申请号：US11743545

申请日：2007-05-02

Applicant: Stephane Rodgers ,  Andrew Dellow ,  Iue-Shuenn Chen ,  Xuemin Chen ,  Carolyn Walker

Inventor： Stephane Rodgers ,  Andrew Dellow ,  Iue-Shuenn Chen ,  Xuemin Chen ,  Carolyn Walker

IPC: G06F21/00 ,  G06F21/57 ,  G06F21/60 ,  G06F21/64 ,  G06F21/12 ,  H04L9/06 ,  H04L29/06 ,  H04N7/16 ,  H04N21/426 ,  H04N21/458 ,  H04N21/4623 ,  H04N21/81 ,  G06F21/10

CPC classification number: G06F21/572 ,  G06F21/10 ,  G06F21/12 ,  G06F21/121 ,  G06F21/60 ,  G06F21/64 ,  G06F2221/033 ,  H04L9/0643 ,  H04L63/12 ,  H04L63/123 ,  H04N7/162 ,  H04N21/42623 ,  H04N21/4586 ,  H04N21/4623 ,  H04N21/8193

Abstract: Methods and systems for allowing customer or third party testing of secure programmable code are disclosed and may include verifying code loaded in a set-top box utilizing a test hash or a production hash prior to execution of the code, where the test hash and production hash may be stored in a memory, such as an OTP, within the set-top box, and may allow migration from corresponding test code to production code, which may be verified utilizing the test hash and production hash, respectively. The test and production hashes may be customer specific. The migration from test code to production code may be authenticated using at least a set-top box specific password. The test hash may be stored in a first portion of a one-time programmable memory and the production hash in a remaining portion, with the first portion being less than or equal to the remaining portion.

Abstract translation: 公开了用于允许客户或第三方测试安全可编程代码的方法和系统，并且可以包括在执行代码之前利用测试散列或生产散列验证加载在机顶盒中的代码，其中测试散列和生产散列 可以存储在机顶盒内的诸如OTP的存储器中，并且可以允许从相应的测试代码迁移到生产代码，这可以分别使用测试散列和生产散列进行验证。 测试和生产散列可能是客户特定的。 从测试代码到生产代码的迁移可以至少使用机顶盒专用密码进行认证。 测试散列可以存储在一次性可编程存储器的第一部分中，并且剩余部分中的生成散列，其中第一部分小于或等于其余部分。

公开(公告)号：US20120216038A1

公开(公告)日：2012-08-23

申请号：US13170764

申请日：2011-06-28

Applicant: Xuemin Chen ,  Stephane Rodgers ,  Rajesh Mamidwar

Inventor： Xuemin Chen ,  Stephane Rodgers ,  Rajesh Mamidwar

IPC: G06F15/16 ,  H04L9/32

CPC classification number: H04N21/4402 ,  H04L9/083 ,  H04L9/14 ,  H04L63/0428 ,  H04L63/062 ,  H04L2209/60 ,  H04N21/26613 ,  H04N21/43615 ,  H04N21/4408 ,  H04N21/44231 ,  H04N21/4621 ,  H04N21/4623 ,  H04N21/63345 ,  H04N21/64322 ,  H04N21/8456

Abstract: A home gateway may be used to handle at least a portion of processing of content obtained for consumption by client devices serviced via the home gateway. The home gateway may receive a single copy of content having a first format, and may convert the received content to one or more other formats suitable for presentation by at least one of the client devices based on knowledge of the client devices. The home gateway may maintain secure and/or protected access of the content handled via the home gateway. During protected access the home gateway may partition the content into a plurality of encrypted segments that are forwarded separately to the client devices. The client devices may utilize a corresponding plurality of encryption keys for decrypting the encrypted segments. The encryption keys may be obtained from an external key server. The home gateway may also generate the encryption keys.

Abstract translation: 家庭网关可以用于处理通过家庭网关服务的客户端设备获得的用于消费的内容的处理的至少一部分。 家庭网关可以接收具有第一格式的内容的单个副本，并且可以基于客户端设备的知识将接收的内容转换成适合于至少一个客户端设备呈现的一个或多个其他格式。 家庭网关可以保持通过家庭网关处理的内容的安全和/或受保护的访问。 在受保护的访问期间，家庭网关可以将内容分割成分别转发到客户端设备的多个加密段。 客户端设备可以利用相应的多个加密密钥来解密加密的段。 可以从外部密钥服务器获得加密密钥。 家庭网关也可以生成加密密钥。

公开(公告)号：US20120030391A1

公开(公告)日：2012-02-02

申请号：US13252484

申请日：2011-10-04

Applicant: Stephane Rodgers ,  Xuemin Chen

Inventor： Stephane Rodgers ,  Xuemin Chen

IPC: G06F13/00

CPC classification number: H04N7/1675 ,  G06F21/79 ,  G06F2221/2107 ,  H04N21/4181 ,  H04N21/4367

Abstract: A slave device may receive commands from a host device communicatively coupled to the slave device, via a secure interface configured between the slave device and the host device over that coupling. An integrated memory within the slave device may be configured into a plurality of memory portions or regions based on the received commands. The memory regions may be utilized during operations associated with authentication of subsequent commands from the host device. A first memory region may enable storage of encrypted host commands and data. A second region may enable storage of decrypted host commands and data. A third region may enable storage of internal variables and/or intermediate results from operations performed by the slave device. Another region may comprise internal registers that enable storage of information only accessible to the slave device. Access to some of the memory regions may be controlled and/or restricted by the slave device

Abstract translation: 从设备可以经由通过该耦合在从设备和主机设备之间配置的安全接口从通信地耦合到从设备的主机设备接收命令。 可以根据所接收的命令将从设备内的集成存储器配置成多个存储器部分或区域。 可以在与来自主机设备的后续命令的认证相关联的操作期间利用存储器区域。 第一存储器区域可以实现加密的主机命令和数据的存储。 第二区域可以实现解密的主机命令和数据的存储。 第三区域可以实现从设备执行的操作的内部变量和/或中间结果的存储。 另一区域可以包括内部寄存器，其能够存储只能由从设备访问的信息。 对一些存储器区域的访问可以被从设备控制和/或限制

公开(公告)号：US20110219242A1

公开(公告)日：2011-09-08

申请号：US13112801

申请日：2011-05-20

Applicant: Stephane Rodgers

Inventor： Stephane Rodgers

IPC: G06F12/14 ,  G06F21/00

CPC classification number: G06F21/6209 ,  G06F21/52 ,  G06F21/6281 ,  G06F2221/2105

Abstract: A secure processor in a PC-slave device may manage secure loading of execution code and/or data, which may be stored, in encrypted form, in a PC hard-drive. The secure processor may cause decryption of the execution code and/or data by the PC-slave device, and storage of the decrypted execution code and/or data in a restricted portion of a memory that is dedicated for use by the PC-slave device, with the restricted portion of the dedicated memory being only accessible by the PC-slave device. The secure processor may validate decrypted execution code and/or data. The secure processor may block operations of a main processor in the PC-slave device during secure loading of execution code and/or data, and may discontinue that blocking after validating the decrypted execution code and/or data. The secure processor may store encryption keys that are utilized during decryption of the encrypted execution code and/or data.

Abstract translation: PC从设备中的安全处理器可以管理可以以加密形式存储在PC硬盘驱动器中的执行代码和/或数据的安全加载。 安全处理器可以引起PC从设备对执行代码和/或数据的解密，以及解密的执行代码和/或数据在专用于PC从设备的存储器的限制部分中的存储 专用存储器的限制部分只能由PC从设备访问。 安全处理器可验证解密的执行代码和/或数据。 在执行代码和/或数据的安全加载期间，安全处理器可以阻止PC从设备中的主处理器的操作，并且可以在验证解密的执行代码和/或数据之后中断该阻塞。 安全处理器可以存储在解密加密的执行代码和/或数据期间使用的加密密钥。

公开(公告)号：US07966465B2

公开(公告)日：2011-06-21

申请号：US12015648

申请日：2008-01-17

Applicant: Stephane Rodgers

Inventor： Stephane Rodgers

IPC: G06F12/00

CPC classification number: G06F21/6209 ,  G06F21/52 ,  G06F21/6281 ,  G06F2221/2105

Abstract: A PC-slave device may securely load and decrypt an execution code and/or data, which may be stored, encrypted, in a PC hard-drive. The PC-slave device may utilize a dedicated memory, which may be partitioned into an accessible region and a restricted region that may only be accessible by the PC-slave device. The encrypted execution code and/or may be loaded into the accessible region of the dedicated memory; the PC-slave device may decrypt the execution code and/or data, internally, and store the decrypted execution code and/or data into the restricted region of the dedicated memory. The decrypted execution code and/or data may be validated, and may be utilized from the restricted region. The partitioning of the dedicated memory, into accessible and restricted regions, may be performed dynamically during secure code loading. The PC-slave device may comprise a dedicated secure processor that may perform and/or manage secure code loading.

Abstract translation: PC从设备可以安全地加载和解密可以存储，加密的PC硬盘驱动器中的执行代码和/或数据。 PC从设备可以利用专用存储器，其可以被划分为只能由PC从设备访问的可访问区域和受限区域。 加密的执行代码和/或可以被加载到专用存储器的可访问区域中; PC从设备可以在内部解密执行代码和/或数据，并将解密的执行代码和/或数据存储到专用存储器的受限区域中。 解密的执行代码和/或数据可以被验证，并且可以从受限区域使用。 可以在安全代码加载期间动态地执行专用存储器到可访问和限制区域的划分。 PC从设备可以包括可以执行和/或管理安全代码加载的专用安全处理器。

公开(公告)号：US20080086641A1

公开(公告)日：2008-04-10

申请号：US11743533

申请日：2007-05-02

Applicant: Stephane Rodgers ,  Andrew Dellow

Inventor： Stephane Rodgers ,  Andrew Dellow

IPC: H04L9/32

CPC classification number: H04L9/3247 ,  G06F21/10 ,  G06F2221/0711 ,  G06F2221/0771 ,  H04L9/0891 ,  H04L63/0435 ,  H04L63/123 ,  H04L63/1458 ,  H04L2209/60 ,  H04L2209/605 ,  H04L2463/062

Abstract: Methods and systems for preventing revocation denial of service attacks are disclosed and may include receiving and decrypting a command for revoking a secure key utilizing a hidden key, and revoking the secure key upon successful verification of a signature. The command may comprise a key ID that is unique to a specific set-top box. A key corresponding to the command for revoking the secure key may be stored in a one-time programmable memory, compared to a reference, and the security key may be revoked based on the comparison. The command for revoking the secure key may be parsed from a transport stream utilizing a hardware parser. The method and system may also comprise generating a command for revoking a secure key. The command may be encrypted and signed utilizing a hidden key and may comprise a key ID that is unique to a specific set-top box.

Abstract translation: 公开了用于防止撤销拒绝服务攻击的方法和系统，并且可以包括使用隐藏密钥接收和解密用于撤销安全密钥的命令，以及在成功验证签名时撤销安全密钥。 该命令可以包括特定机顶盒唯一的密钥ID。 与参考相比，与撤销安全密钥的命令相对应的密钥可以存储在一次性可编程存储器中，并且可以基于比较来撤销安全密钥。 用于撤销安全密钥的命令可以使用硬件解析器从传输流中解析出来。 该方法和系统还可以包括生成用于撤销安全密钥的命令。 命令可以使用隐藏密钥进行加密和签名，并且可以包括特定机顶盒唯一的密钥ID。

公开(公告)号：US20070266438A1

公开(公告)日：2007-11-15

申请号：US11558630

申请日：2006-11-10

Applicant: Stephane Rodgers ,  Xuemin Chen

Inventor： Stephane Rodgers ,  Xuemin Chen

IPC: H04N7/16 ,  G06F12/14

CPC classification number: H04N7/1675 ,  G06F21/79 ,  G06F2221/2107 ,  H04N21/4181 ,  H04N21/4367

Abstract: Aspects of a method and system for memory attack protection to achieve a secure interface are provided. An integrated memory within a slave device may be configured into a plurality of memory portions or regions by commands from a host device. The memory regions may be utilized during operations associated with authentication of subsequent commands from the host device. A first memory region may enable storage of encrypted host commands and data. A second region may enable storage of decrypted host commands and data. A third region may enable storage of internal variables and/or intermediate results from operations performed by the slave device. Another region may comprise internal registers that enable storage of information only accessible to the slave device. Access to some of the memory regions may be controlled by a bus controller and/or a memory interface integrated within the slave device.

Abstract translation: 提供了一种用于内存攻击保护以实现安全接口的方法和系统。 从设备中的集成存储器可以通过来自主机设备的命令被配置成多个存储器部分或区域。 可以在与来自主机设备的后续命令的认证相关联的操作期间利用存储器区域。 第一存储器区域可以实现加密的主机命令和数据的存储。 第二区域可以实现解密的主机命令和数据的存储。 第三区域可以实现从设备执行的操作的内部变量和/或中间结果的存储。 另一区域可以包括内部寄存器，其能够存储只能由从设备访问的信息。 访问某些存储区域可以由集成在从设备中的总线控制器和/或存储器接口来控制。

公开(公告)号：US20070248318A1

公开(公告)日：2007-10-25

申请号：US11394877

申请日：2006-03-31

Applicant: Stephane Rodgers ,  Daniel Simon

Inventor： Stephane Rodgers ,  Daniel Simon

IPC: H04N5/95

CPC classification number: H04N5/781 ,  H04N5/85 ,  H04N9/8042 ,  H04N21/2389 ,  H04N21/4147 ,  H04N21/4341 ,  H04N21/4385

Abstract: A method and system are provided for flexible mapping of AV vs. Record channels in a programmable transport demultiplexer/PVR engine. The method may involve processing a portion of an incoming packet, which may result in a partially processed packet. The preprocessing may comprise extracting information from the packet to configure parameters associated with the packet and storing the configured parameters in memory. The configured parameters may be based on the type of the packet, AV v. Record, and used to configure the channels used to transport the packets to decoders and Record engines, respectively. The number of channels used for AV data and the number of channels used for Record data may vary depending on the needs of the system.

Abstract translation: 提供了一种方法和系统，用于在可编程传输解复用器/ PVR引擎中对AV与记录信道的灵活映射。 该方法可以涉及处理输入分组的一部分，其可能导致部分处理的分组。 预处理可以包括从分组提取信息以配置与分组相关联的参数并将配置的参数存储在存储器中。 配置的参数可以基于分组的类型AV v。Record，并分别用于配置用于将数据包传输到解码器和Record引擎的通道。 用于AV数据的通道数量和用于记录数据的通道数量可能会因系统的需要而有所不同。