-
公开(公告)号:US08191125B2
公开(公告)日:2012-05-29
申请号:US11016537
申请日:2004-12-17
申请人: Andrew Dellow , Rodrigo Cordero
发明人: Andrew Dellow , Rodrigo Cordero
IPC分类号: G06F21/00
CPC分类号: H04N21/4181 , G06F21/85 , H04N7/162 , H04N21/454
摘要: An embodiment comprises a semiconductor integrated circuit for restricting the rate at which data may be accessed from an external memory by a device coupled to the circuit. The rate of data access is restricted if the data access satisfies one or more conditions. For example, one of the conditions is that the device which is requesting the data is insecure. Another condition is that the requested data is privileged. A data access monitor is provided to monitor data accesses and to is arranged to generate an access signal to indicate whether the conditions are satisfied or not. A bandwidth comparator determines whether data access exceeds a threshold and, if so, the semiconductor integrated circuit is impaired to prevent further data access.
摘要翻译: 一个实施例包括半导体集成电路,用于通过耦合到该电路的装置来限制可从外部存储器访问数据的速率。 如果数据访问满足一个或多个条件,则数据访问速率受到限制。 例如,其中一个条件是请求数据的设备是不安全的。 另一个条件是请求的数据是特权的。 提供数据访问监视器以监视数据访问,并且被布置成生成访问信号以指示条件是否满足。 带宽比较器确定数据访问是否超过阈值,如果是,则削弱半导体集成电路以防止进一步的数据访问。
-
公开(公告)号:US20080267410A1
公开(公告)日:2008-10-30
申请号:US12038509
申请日:2008-02-27
申请人: Andrew Dellow
发明人: Andrew Dellow
IPC分类号: H04L9/08
CPC分类号: H04L9/3247 , H04L2209/38
摘要: A method and a corresponding apparatus for authenticating data in a digital processing system (DPS) is disclosed, wherein a root/first tier key pair associated with a first tier/root authority may sign data and second tier keys for authorizing data for processing in the DPS. The first tier/root authority may pass entitlements to the authorized second tier key, which may itself authorize third tier keys and pass entitlements to said key.
摘要翻译: 公开了一种用于在数字处理系统(DPS)中认证数据的方法和相应的装置,其中与第一层/根用户权限关联的根/第一层密钥对可以签署数据和第二层密钥,用于授权数据在 DPS。 第一级/根权限可以将授权传递给授权的第二层密钥,该密钥本身可以授权第三层密钥并且将权利传递给所述密钥。
-
33.发明申请METHOD AND SYSTEM FOR DISASTER RECOVERY IN A SECURE REPROGRAMMABLE SYSTEM 有权用于在安全可重构系统中进行灾难恢复的方法和系统公开(公告)号:US20080086657A1
公开(公告)日:2008-04-10
申请号:US11753474
申请日:2007-05-24
申请人: Xuemin Chen , Andrew Dellow , Iue-Shuenn Chen , Stephane Rodgers
发明人: Xuemin Chen , Andrew Dellow , Iue-Shuenn Chen , Stephane Rodgers
CPC分类号: H04N21/4432 , G06F11/1433 , G06F21/572 , H04N21/4586 , H04N21/818
摘要: Methods and systems for software security in a secure communication system are disclosed and may include verifying downloaded code in a reprogrammable system and reloading prestored unmodifiable first stage code upon failure. The prestored unmodifiable first stage code, which may comprise boot code for the reprogrammable system, may be stored in locked flash, and the downloaded software code may be stored in unlocked flash. The downloaded software code may be verified by comparing a signature of the downloaded code to a private key. A first sticky bit may be utilized to indicate a failure of the verification and a second sticky bit may be utilized to indicate passing of the verification and the use of the downloaded software code. Whether to reset the reprogrammable system and reload the prestored unmodifiable first stage code may be determined from within the reprogrammable system, which may comprise a set-top box.
摘要翻译: 公开了用于安全通信系统中的软件安全性的方法和系统,并且可以包括验证可再编程系统中的下载代码,并且在故障时重新加载预先存储的不可修改的第一级代码。 预先存储的不可修改的第一级代码(其可以包括用于可重新编程系统的引导代码)可以存储在锁定的闪存中,并且下载的软件代码可以存储在解锁的闪存中。 可以通过将下载的代码的签名与私钥进行比较来验证下载的软件代码。 可以使用第一粘性位来指示验证失败,并且可以利用第二粘性位来指示验证的传递和下载的软件代码的使用。 是否重置可编程系统并重新加载预先存储的不可修改的第一级代码可以在可重编程系统内确定,其可以包括机顶盒。
-
公开(公告)号:US20080084273A1
公开(公告)日:2008-04-10
申请号:US11753338
申请日:2007-05-24
申请人: Stephane Rodgers , Andrew Dellow , Xuemin Chen , Iue-Shuenn Chen
发明人: Stephane Rodgers , Andrew Dellow , Xuemin Chen , Iue-Shuenn Chen
IPC分类号: G05B19/00
CPC分类号: G06F21/6209 , G06F21/77
摘要: Securely loading code in a security processor may include autonomous fetching an encrypted security data set, which may comprise security code and/or root keys, by a security processor integrated within a chip. The encrypted security data set may be decrypted via the on-chip security processor and the decrypted code set may be validated on-chip using an on-chip locked value. The on-chip locked value may be stored in a one-time programmable read-only memory (OTP ROM) and may include security information generated by applying one or more security algorithms, for example SHA-based algorithms, to the security data set. The encryption of the security data set may utilize various security algorithms, for example AES-based algorithms. The on-chip locked value may be created and locked after a virgin boot of a device that includes the security processor. The security data set may be authenticated during the virgin boot of the device.
摘要翻译: 在安全处理器中安全地加载代码可以包括通过集成在芯片内的安全处理器来自主地获取可以包括安全代码和/或根密钥的加密安全数据集。 加密的安全数据集可以经由片上安全处理器解密,并且解码的代码集可以使用片上锁定值在片上进行验证。 片上锁定值可以存储在一次性可编程只读存储器(OTP ROM)中,并且可以包括通过将一个或多个安全算法(例如基于SHA的算法)应用于安全数据集而生成的安全信息。 安全数据集的加密可以利用各种安全算法,例如基于AES的算法。 在包含安全处理器的设备的初始引导之后,可以创建和锁定片上锁定值。 安全数据集可以在设备的初始启动期间被认证。
-
公开(公告)号:US20070121943A1
公开(公告)日:2007-05-31
申请号:US11523773
申请日:2006-09-18
申请人: Andrew Dellow , Rodrigo Cordero
发明人: Andrew Dellow , Rodrigo Cordero
IPC分类号: H04K1/02
CPC分类号: H04L9/0662 , H04L2209/04 , H04L2209/12
摘要: A portion of data is obfuscated by performing a bitwise XOR function between bits of the data portion and bits of a mask. The mask is generated based on the memory address of the data portion. A bitfield representing the memory address of the data portion is split into subset bitfields. Each subset then forms the input of a corresponding primary randomizing unit. Each primary randomizing unit is arranged to generate an output bitfield that appears to be randomly correlated with the input, but which may be determined from the input if certain secret information is known. The output of the primary randomizing units is input into a series of secondary randomizing units. Each secondary randomizing unit is arranged to input at least one bit of the output of every primary randomizing unit. The output of the secondary randomizing units are then combined by concatenation to form a data mask.
摘要翻译: 通过在数据部分的位和掩码的位之间执行按位XOR功能来模糊数据的一部分。 基于数据部分的存储器地址生成掩码。 表示数据部分的存储器地址的位字段被分割成子字段。 然后,每个子集形成对应的主随机化单元的输入。 每个主随机化单元被安排成产生似乎与输入随机相关的输出位域,但是如果某些秘密信息是已知的,则可以从输入确定输出位域。 主随机化单元的输出被输入到一系列二次随机化单元中。 每个二次随机化单元被布置成输入每个主随机化单元的输出的至少一位。 然后通过级联组合二次随机化单元的输出以形成数据掩码。
-
公开(公告)号:US20050028004A1
公开(公告)日:2005-02-03
申请号:US10817148
申请日:2004-04-02
申请人: Andrew Dellow , Peter Bennett
发明人: Andrew Dellow , Peter Bennett
CPC分类号: G06F21/72 , G06F12/1441 , G06F21/57 , G06F2221/2105
摘要: A semiconductor integrated circuit includes a processor for executing application code from a memory and a verifier processor arranged to receive the application code via the same internal bus as the processor. The verifier processor performs a verification function to check that the application code is authentic. The verifier processor runs autonomously and cannot be spoofed as it receives the application code via the same internal bus as the main processor. An additional instruction monitor checks the code instructions from the CPU and also impairs the operation of the circuit unless the address of code requested is in a given range. The code is in the form of a linked list and the range is derived as a linked list table during a first check.
摘要翻译: 半导体集成电路包括用于从存储器执行应用代码的处理器和被布置为经由与处理器相同的内部总线接收应用代码的验证器处理器。 验证者处理器执行验证功能以检查应用代码是否可信。 验证者处理器自动运行,并且不能通过与主处理器相同的内部总线接收应用代码而被欺骗。 附加的指令监视器检查来自CPU的代码指令,并且还损害电路的操作,除非所请求的代码的地址在给定的范围内。 代码是链表的形式,并且在第一次检查期间将该范围派生为链表。
-
公开(公告)号:US06696870B2
公开(公告)日:2004-02-24
申请号:US10104994
申请日:2002-03-22
申请人: Andrew Dellow
发明人: Andrew Dellow
IPC分类号: H03K2100
CPC分类号: H03K23/68 , H03K23/546
摘要: A digital frequency divider includes phase control of the output signal in increments of whole or half cycles of the input frequency. Whole cycle phase control is achieved by varying (logically or physically) the tap off point of a shift register loaded with a bit pattern for appropriate division. Half cycle phase changes are achieved by a multiplexer selecting one of two signals every half cycle.
摘要翻译: 数字分频器包括以输入频率的整个或半个周期为增量的输出信号的相位控制。 通过改变(逻辑上或物理上)通过加载位模式的移位寄存器的抽头点进行适当划分来实现整个周期相位控制。 半周期相位变化通过多路复用器每半周期选择两个信号之一来实现。
-
公开(公告)号:US09338009B2
公开(公告)日:2016-05-10
申请号:US11743533
申请日:2007-05-02
申请人: Stephane Rodgers , Andrew Dellow
发明人: Stephane Rodgers , Andrew Dellow
摘要: Methods and systems for preventing revocation denial of service attacks are disclosed and may include receiving and decrypting a command for revoking a secure key utilizing a hidden key, and revoking the secure key upon successful verification of a signature. The command may comprise a key ID that is unique to a specific set-top box. A key corresponding to the command for revoking the secure key may be stored in a one-time programmable memory, compared to a reference, and the security key may be revoked based on the comparison. The command for revoking the secure key may be parsed from a transport stream utilizing a hardware parser. The method and system may also comprise generating a command for revoking a secure key. The command may be encrypted and signed utilizing a hidden key and may comprise a key ID that is unique to a specific set-top box.
-
39.发明授权公开(公告)号:US08683212B2
公开(公告)日:2014-03-25
申请号:US11753338
申请日:2007-05-24
申请人: Stephane Rodgers , Andrew Dellow , Xuemin Chen , Iue-Shuenn Chen
发明人: Stephane Rodgers , Andrew Dellow , Xuemin Chen , Iue-Shuenn Chen
IPC分类号: G05B19/00
CPC分类号: G06F21/6209 , G06F21/77
摘要: Securely loading code in a security processor may include autonomous fetching an encrypted security data set, which may comprise security code and/or root keys, by a security processor integrated within a chip. The encrypted security data set may be decrypted via the on-chip security processor and the decrypted code set may be validated on-chip using an on-chip locked value. The on-chip locked value may be stored in a one-time programmable read-only memory (OTP ROM) and may include security information generated by applying one or more security algorithms, for example SHA-based algorithms, to the security data set. The encryption of the security data set may utilize various security algorithms, for example AES-based algorithms. The on-chip locked value may be created and locked after a virgin boot of a device that includes the security processor. The security data set may be authenticated during the virgin boot of the device.
摘要翻译: 在安全处理器中安全地加载代码可以包括通过集成在芯片内的安全处理器来自主地获取可以包括安全代码和/或根密钥的加密安全数据集。 加密的安全数据集可以经由片上安全处理器解密,并且解码的代码集可以使用片上锁定值在片上进行验证。 片上锁定值可以存储在一次性可编程只读存储器(OTP ROM)中,并且可以包括通过将一个或多个安全算法(例如基于SHA的算法)应用于安全数据集而生成的安全信息。 安全数据集的加密可以利用各种安全算法,例如基于AES的算法。 在包含安全处理器的设备的初始引导之后,可以创建和锁定片上锁定值。 安全数据集可以在设备的初始启动期间被认证。
-
公开(公告)号:US08572399B2
公开(公告)日:2013-10-29
申请号:US11746769
申请日:2007-05-10
申请人: Stephane Rodgers , Andrew Dellow , Xuemin Chen , Iue-Shuenn Chen
发明人: Stephane Rodgers , Andrew Dellow , Xuemin Chen , Iue-Shuenn Chen
IPC分类号: H04L29/06
CPC分类号: H04N21/818 , G06F21/572 , H04N21/4432 , H04N21/4586
摘要: A stored predefined unmodifiable bootable code set may be verified during code reprogramming of a device, and executed as a first stage of code reprogramming of the device. The predefined unmodifiable bootable code set may be stored in a locked memory such as a locked flash memory and may comprise code that enables minimal communication functionality of the device. The predefined unmodifiable bootable code set may be verified using a security algorithm, for example, a SHA-based algorithm. Information necessary for the security algorithm may be stored in a memory, for example, a one-time programmable read-only memory (OTP ROM). The stored information necessary for the security algorithm may comprise a SHA digest, a signature, and/or a key. A second stage code set may be verified and executed during the code reprogramming of the device subsequent to the verification of the stored predefined unmodifiable bootable code set.
摘要翻译: 可以在设备的代码重新编程期间验证存储的预定义的不可修改的可引导代码集,并且作为设备的代码重新编程的第一级被执行。 预定义的不可修改的可引导代码集可以存储在诸如锁定的闪存的锁定存储器中,并且可以包括能够实现设备的最小通信功能的代码。 可以使用安全算法(例如,基于SHA的算法)来验证预定义的不可修改的可引导代码集。 安全算法所需的信息可以存储在存储器中,例如,一次性可编程只读存储器(OTP ROM)。 安全算法所需的存储信息可以包括SHA摘要,签名和/或密钥。 可以在验证存储的预定义的不可修改的可引导代码集之后的设备的代码重新编程期间验证和执行第二阶段代码集。
-
-
-
-
-
-
-
-
-
搜索结果
73 条记录 (耗时 0.02 秒)
