公开(公告)号：US08683212B2

公开(公告)日：2014-03-25

申请号：US11753338

申请日：2007-05-24

Applicant: Stephane Rodgers ,  Andrew Dellow ,  Xuemin Chen ,  Iue-Shuenn Chen

Inventor： Stephane Rodgers ,  Andrew Dellow ,  Xuemin Chen ,  Iue-Shuenn Chen

IPC: G05B19/00

CPC classification number: G06F21/6209 ,  G06F21/77

Abstract: Securely loading code in a security processor may include autonomous fetching an encrypted security data set, which may comprise security code and/or root keys, by a security processor integrated within a chip. The encrypted security data set may be decrypted via the on-chip security processor and the decrypted code set may be validated on-chip using an on-chip locked value. The on-chip locked value may be stored in a one-time programmable read-only memory (OTP ROM) and may include security information generated by applying one or more security algorithms, for example SHA-based algorithms, to the security data set. The encryption of the security data set may utilize various security algorithms, for example AES-based algorithms. The on-chip locked value may be created and locked after a virgin boot of a device that includes the security processor. The security data set may be authenticated during the virgin boot of the device.

Abstract translation: 在安全处理器中安全地加载代码可以包括通过集成在芯片内的安全处理器来自主地获取可以包括安全代码和/或根密钥的加密安全数据集。 加密的安全数据集可以经由片上安全处理器解密，并且解码的代码集可以使用片上锁定值在片上进行验证。 片上锁定值可以存储在一次性可编程只读存储器（OTP ROM）中，并且可以包括通过将一个或多个安全算法（例如基于SHA的算法）应用于安全数据集而生成的安全信息。 安全数据集的加密可以利用各种安全算法，例如基于AES的算法。 在包含安全处理器的设备的初始引导之后，可以创建和锁定片上锁定值。 安全数据集可以在设备的初始启动期间被认证。

公开(公告)号：US08572399B2

公开(公告)日：2013-10-29

申请号：US11746769

申请日：2007-05-10

Applicant: Stephane Rodgers ,  Andrew Dellow ,  Xuemin Chen ,  Iue-Shuenn Chen

Inventor： Stephane Rodgers ,  Andrew Dellow ,  Xuemin Chen ,  Iue-Shuenn Chen

IPC: H04L29/06

CPC classification number: H04N21/818 ,  G06F21/572 ,  H04N21/4432 ,  H04N21/4586

Abstract: A stored predefined unmodifiable bootable code set may be verified during code reprogramming of a device, and executed as a first stage of code reprogramming of the device. The predefined unmodifiable bootable code set may be stored in a locked memory such as a locked flash memory and may comprise code that enables minimal communication functionality of the device. The predefined unmodifiable bootable code set may be verified using a security algorithm, for example, a SHA-based algorithm. Information necessary for the security algorithm may be stored in a memory, for example, a one-time programmable read-only memory (OTP ROM). The stored information necessary for the security algorithm may comprise a SHA digest, a signature, and/or a key. A second stage code set may be verified and executed during the code reprogramming of the device subsequent to the verification of the stored predefined unmodifiable bootable code set.

Abstract translation: 可以在设备的代码重新编程期间验证存储的预定义的不可修改的可引导代码集，并且作为设备的代码重新编程的第一级被执行。 预定义的不可修改的可引导代码集可以存储在诸如锁定的闪存的锁定存储器中，并且可以包括能够实现设备的最小通信功能的代码。 可以使用安全算法（例如，基于SHA的算法）来验证预定义的不可修改的可引导代码集。 安全算法所需的信息可以存储在存储器中，例如，一次性可编程只读存储器（OTP ROM）。 安全算法所需的存储信息可以包括SHA摘要，签名和/或密钥。 可以在验证存储的预定义的不可修改的可引导代码集之后的设备的代码重新编程期间验证和执行第二阶段代码集。

公开(公告)号：US20110197054A1

公开(公告)日：2011-08-11

申请号：US13034176

申请日：2011-02-24

Applicant: Stephane Rodgers ,  Andrew Dellow ,  Xuemin Chen ,  Iue-Shuenn Chen ,  Qiang Ye

Inventor： Stephane Rodgers ,  Andrew Dellow ,  Xuemin Chen ,  Iue-Shuenn Chen ,  Qiang Ye

IPC: G06F15/177

CPC classification number: G06F21/575 ,  G06F21/572

Abstract: A boot code may be segmented to allow separate and independent storage of the code segments in a manner that may enable secure system boot by autonomous fetching and assembling of the boot code by a security sub-system. The code fetching may need to be done without the main CPU running on the chip for security reasons. Because the boot code may be stored in memory devices that require special software application to account for non-contiguous storage of data and/or code, for example a NAND flash memory which would require such an application as Bad Block Management, code segments stored in areas guaranteed to be usable may enable loading remaining segment separately and independently. Each of the code segments may be validated, wherein validation of the code segments may comprise use of hardware-based signatures.

Abstract translation: 引导代码可以被分段以允许以可以通过安全子系统自主地取出和组合引导代码来实现安全系统引导的方式来分离和独立地存储代码段。 出于安全考虑，代码获取可能需要完成，而主CPU不会在芯片上运行。 由于引导代码可能存储在需要特殊软件应用程序的存储器件中以解决数据和/或代码的不连续存储，例如需要诸如坏块管理的应用的NAND闪存，存储在 保证可用的区域可以分开和独立地加载剩余段。 可以验证每个代码段，其中代码段的验证可以包括使用基于硬件的签名。

公开(公告)号：US07900032B2

公开(公告)日：2011-03-01

申请号：US11746773

申请日：2007-05-10

Applicant: Stephane Rodgers ,  Andrew Dellow ,  Xuemin Chen ,  Iue-Shuenn Chen ,  Qiang Ye

Inventor： Stephane Rodgers ,  Andrew Dellow ,  Xuemin Chen ,  Iue-Shuenn Chen ,  Qiang Ye

IPC: G06F9/00 ,  H04L9/00 ,  H04L9/32

CPC classification number: G06F21/575 ,  G06F21/572

Abstract: Segmenting a boot code to allow separate and independent storage and validation of the segments in a manner that enable secure system boot by autonomous fetching and assembling of the boot code by a security sub-system. The code fetching may need to be done without the main CPU running on the chip for security reasons. Because the boot code may be stored in memory devices that require special software application to account for non-contiguous storage of data and/or code, for example a NAND flash memory which would require such an application as Bad Block Management, code segments stored in areas guaranteed to be usable may enable loading and validating remaining segment separately and independently.

Abstract translation: 分段引导代码，以允许通过安全子系统自主获取和组合引导代码来实现安全系统引导的方式，对段进行单独和独立的存储和验证。 出于安全考虑，代码获取可能需要完成，而主CPU不会在芯片上运行。 由于引导代码可能存储在需要特殊软件应用程序的存储器件中以解决数据和/或代码的不连续存储，例如将要求诸如坏块管理的应用的NAND闪存，存储在 保证可用的区域可以分别且独立地加载和验证剩余段。

公开(公告)号：US20080086780A1

公开(公告)日：2008-04-10

申请号：US11753414

申请日：2007-05-24

Applicant: Xuemin Chen ,  Iue-Shuenn Chen ,  Stephane Rodgers ,  Andrew Dellow

Inventor： Xuemin Chen ,  Iue-Shuenn Chen ,  Stephane Rodgers ,  Andrew Dellow

IPC: H04L9/32

CPC classification number: G06F21/629 ,  G06F21/572 ,  H04N7/163 ,  H04N21/42692 ,  H04N21/4432 ,  H04N21/4627 ,  H04N21/818

Abstract: Methods and systems for protection of customer secrets in a secure reprogrammable system are disclosed, and may include controlling, via hardware logic and firmware, access to customer specific functions. The firmware may comprise trusted code, and may comprise boot code, stored in non-volatile memory, which may comprise read only memory, or a locked flash memory. A customer mode may be checked via the trusted code prior to allowing downloading of code written by a customer to the reprogrammable system. Access to customer specific functions may be restricted via commands from a trusted source. The hardware logic may be latched at startup in a disabled mode by the firmware, determined by the customer mode stored in a one time programmable memory. The customer mode may be re-checked utilizing the firmware, and may disallow the use of code other than trusted code in the reprogrammable system when the re-checking fails.

Abstract translation: 公开了用于保护安全可重新编程系统中的客户秘密的方法和系统，并且可以包括通过硬件逻辑和固件来控制对客户特定功能的访问。 固件可以包括可信代码，并且可以包括存储在非易失性存储器中的引导代码，其可以包括只读存储器或锁定的闪存。 可以在允许将由客户编写的代码下载到可重新编程系统之前通过可信代码来检查客户模式。 可以通过来自可信来源的命令来限制访问客户特定功能。 由存储在一次可编程存储器中的客户模式确定的固件可以在禁用模式下的硬件逻辑锁存硬件逻辑。 可以使用固件来重新检查客户模式，并且当重新检查失败时，可以不允许在可再编程系统中使用除可信代码之外的代码。

公开(公告)号：US20080086630A1

公开(公告)日：2008-04-10

申请号：US11746773

申请日：2007-05-10

Applicant: Stephane Rodgers ,  Andrew Dellow ,  Xuemin Chen ,  Iue-Shuenn Chen ,  Qiang Ye

Inventor： Stephane Rodgers ,  Andrew Dellow ,  Xuemin Chen ,  Iue-Shuenn Chen ,  Qiang Ye

IPC: G06F9/24

CPC classification number: G06F21/575 ,  G06F21/572

Abstract: Segmenting a boot code to allow separate and independent storage and validation of the segments in a manner that enable secure system boot by autonomous fetching and assembling of the boot code by a security sub-system. The code fetching may need to be done without the main CPU running on the chip for security reasons. Because the boot code may be stored in memory devices that require special software application to account for non-contiguous storage of data and/or code, for example a NAND flash memory which would require such an application as Bad Block Management, code segments stored in areas guaranteed to be usable may enable loading and validating remaining segment separately and independently.

Abstract translation: 分段引导代码，以允许通过安全子系统自主获取和组合引导代码来实现安全系统引导的方式，对段进行单独和独立的存储和验证。 出于安全考虑，代码获取可能需要完成，而主CPU不会在芯片上运行。 由于引导代码可能存储在需要特殊软件应用程序的存储器件中以解决数据和/或代码的不连续存储，例如将要求诸如坏块管理的应用的NAND闪存，存储在 保证可用的区域可以分别且独立地加载和验证剩余段。

公开(公告)号：US20080086647A1

公开(公告)日：2008-04-10

申请号：US11743545

申请日：2007-05-02

Applicant: Stephane Rodgers ,  Andrew Dellow ,  Iue-Shuenn Chen ,  Xuemin Chen ,  Carolyn Walker

Inventor： Stephane Rodgers ,  Andrew Dellow ,  Iue-Shuenn Chen ,  Xuemin Chen ,  Carolyn Walker

IPC: G06F12/14

CPC classification number: G06F21/572 ,  G06F21/10 ,  G06F21/12 ,  G06F21/121 ,  G06F21/60 ,  G06F21/64 ,  G06F2221/033 ,  H04L9/0643 ,  H04L63/12 ,  H04L63/123 ,  H04N7/162 ,  H04N21/42623 ,  H04N21/4586 ,  H04N21/4623 ,  H04N21/8193

Abstract: Methods and systems for allowing customer or third party testing of secure programmable code are disclosed and may include verifying code loaded in a set-top box utilizing a test hash or a production hash prior to execution of the code, where the test hash and production hash may be stored in a memory, such as an OTP, within the set-top box, and may allow migration from corresponding test code to production code, which may be verified utilizing the test hash and production hash, respectively. The test and production hashes may be customer specific. The migration from test code to production code may be authenticated using at least a set-top box specific password. The test hash may be stored in a first portion of a one-time programmable memory and the production hash in a remaining portion, with the first portion being less than or equal to the remaining portion.

Abstract translation: 公开了用于允许客户或第三方测试安全可编程代码的方法和系统，并且可以包括在执行代码之前利用测试散列或生产散列验证加载在机顶盒中的代码，其中测试散列和生产散列 可以存储在机顶盒内的诸如OTP的存储器中，并且可以允许从相应的测试代码迁移到生产代码，这可以分别使用测试散列和生产散列进行验证。 测试和生产散列可能是客户特定的。 从测试代码到生产代码的迁移可以至少使用机顶盒专用密码进行认证。 测试散列可以存储在一次性可编程存储器的第一部分中，并且剩余部分中的生成散列，其中第一部分小于或等于其余部分。

公开(公告)号：US20080086628A1

公开(公告)日：2008-04-10

申请号：US11746769

申请日：2007-05-10

Applicant: Stephane Rodgers ,  Andrew Dellow ,  Xuemin Chen ,  Iue-Shuenn Chen

Inventor： Stephane Rodgers ,  Andrew Dellow ,  Xuemin Chen ,  Iue-Shuenn Chen

IPC: G06F9/00

CPC classification number: H04N21/818 ,  G06F21/572 ,  H04N21/4432 ,  H04N21/4586

Abstract: A stored predefined unmodifiable bootable code set may be verified during code reprogramming of a device, and executed as a first stage of code reprogramming of the device. The predefined unmodifiable bootable code set may be stored in a locked memory such as a locked flash memory and may comprise code that enables minimal communication functionality of the device. The predefined unmodifiable bootable code set may be verified using a security algorithm, for example, a SHA-based algorithm. Information necessary for the security algorithm may be stored in a memory, for example, a one-time programmable read-only memory (OTP ROM). The stored information necessary for the security algorithm may comprise a SHA digest, a signature, and/or a key. A second stage code set may be verified and executed during the code reprogramming of the device subsequent to the verification of the stored predefined unmodifiable bootable code set.

Abstract translation: 可以在设备的代码重新编程期间验证存储的预定义的不可修改的可引导代码集，并且作为设备的代码重新编程的第一级被执行。 预定义的不可修改的可引导代码集可以存储在诸如锁定的闪存的锁定存储器中，并且可以包括能够实现设备的最小通信功能的代码。 可以使用安全算法（例如，基于SHA的算法）来验证预定义的不可修改的可引导代码集。 安全算法所需的信息可以存储在存储器中，例如，一次性可编程只读存储器（OTP ROM）。 安全算法所需的存储信息可以包括SHA摘要，签名和/或密钥。 可以在验证存储的预定义的不可修改的可引导代码集之后的设备的代码重新编程期间验证和执行第二阶段代码集。

公开(公告)号：US08042157B2

公开(公告)日：2011-10-18

申请号：US11465535

申请日：2006-08-18

Applicant: Peter Bennett ,  Andrew Dellow

Inventor： Peter Bennett ,  Andrew Dellow

IPC: H04L29/00

CPC classification number: H04N21/443 ,  H04H60/23 ,  H04H60/80

Abstract: A filter is arranged to selectively block or allow a data access command from an initiator according to whether the initiator is secure or insecure and whether a data source or destination being accessed is privileged or unprivileged. The data access command contains an identification of the initiator from which the data access command originated and an identification of the data source or destination being accessed. The security filter compares the initiator identification and data source or destination identification contained within the data access command with a list of those initiators defined as secure and a list of those data sources or destinations which are defined as unprivileged. The filter then blocks or allows the data access command signal according to a set of rules.

Abstract translation: 布置过滤器以根据启动器是安全的还是不安全的以及被访问的数据源或目的地是特权还是非特权来选择性地阻止或允许来自发起者的数据访问命令。 数据访问命令包含发起数据访问命令的启动器的标识以及所访问的数据源或目的地的标识。 安全过滤器将包含在数据访问命令中的启动器标识和数据源或目的地标识与定义为安全的那些启动器的列表以及被定义为无特权的那些数据源或目的地的列表进行比较。 然后，滤波器根据一组规则阻止或允许数据访问命令信号。

公开(公告)号：US07624442B2

公开(公告)日：2009-11-24

申请号：US10817148

申请日：2004-04-02

Applicant: Andrew Dellow ,  Peter Bennett

Inventor： Andrew Dellow ,  Peter Bennett

IPC: G06F11/00

CPC classification number: G06F21/72 ,  G06F12/1441 ,  G06F21/57 ,  G06F2221/2105

Abstract: A semiconductor integrated circuit includes a processor for executing application code from a memory and a verifier processor arranged to receive the application code via the same internal bus as the processor. The verifier processor performs a verification function to check that the application code is authentic. The verifier processor runs autonomously and cannot be spoofed as it receives the application code via the same internal bus as the main processor. An additional instruction monitor checks the code instructions from the CPU and also impairs the operation of the circuit unless the address of code requested is in a given range. The code is in the form of a linked list and the range is derived as a linked list table during a first check.

Abstract translation: 半导体集成电路包括用于从存储器执行应用代码的处理器和被布置为经由与处理器相同的内部总线接收应用代码的验证器处理器。 验证者处理器执行验证功能以检查应用代码是否可信。 验证者处理器自动运行，并且不能通过与主处理器相同的内部总线接收应用代码而被欺骗。 附加的指令监视器检查来自CPU的代码指令，并且还损害电路的操作，除非所请求的代码的地址在给定的范围内。 代码是链表的形式，并且在第一次检查期间将该范围派生为链表。