公开(公告)号：US20080086647A1

公开(公告)日：2008-04-10

申请号：US11743545

申请日：2007-05-02

Applicant: Stephane Rodgers ,  Andrew Dellow ,  Iue-Shuenn Chen ,  Xuemin Chen ,  Carolyn Walker

Inventor： Stephane Rodgers ,  Andrew Dellow ,  Iue-Shuenn Chen ,  Xuemin Chen ,  Carolyn Walker

IPC: G06F12/14

CPC classification number: G06F21/572 ,  G06F21/10 ,  G06F21/12 ,  G06F21/121 ,  G06F21/60 ,  G06F21/64 ,  G06F2221/033 ,  H04L9/0643 ,  H04L63/12 ,  H04L63/123 ,  H04N7/162 ,  H04N21/42623 ,  H04N21/4586 ,  H04N21/4623 ,  H04N21/8193

Abstract: Methods and systems for allowing customer or third party testing of secure programmable code are disclosed and may include verifying code loaded in a set-top box utilizing a test hash or a production hash prior to execution of the code, where the test hash and production hash may be stored in a memory, such as an OTP, within the set-top box, and may allow migration from corresponding test code to production code, which may be verified utilizing the test hash and production hash, respectively. The test and production hashes may be customer specific. The migration from test code to production code may be authenticated using at least a set-top box specific password. The test hash may be stored in a first portion of a one-time programmable memory and the production hash in a remaining portion, with the first portion being less than or equal to the remaining portion.

Abstract translation: 公开了用于允许客户或第三方测试安全可编程代码的方法和系统，并且可以包括在执行代码之前利用测试散列或生产散列验证加载在机顶盒中的代码，其中测试散列和生产散列 可以存储在机顶盒内的诸如OTP的存储器中，并且可以允许从相应的测试代码迁移到生产代码，这可以分别使用测试散列和生产散列进行验证。 测试和生产散列可能是客户特定的。 从测试代码到生产代码的迁移可以至少使用机顶盒专用密码进行认证。 测试散列可以存储在一次性可编程存储器的第一部分中，并且剩余部分中的生成散列，其中第一部分小于或等于其余部分。

公开(公告)号：US20080086628A1

公开(公告)日：2008-04-10

申请号：US11746769

申请日：2007-05-10

Applicant: Stephane Rodgers ,  Andrew Dellow ,  Xuemin Chen ,  Iue-Shuenn Chen

Inventor： Stephane Rodgers ,  Andrew Dellow ,  Xuemin Chen ,  Iue-Shuenn Chen

IPC: G06F9/00

CPC classification number: H04N21/818 ,  G06F21/572 ,  H04N21/4432 ,  H04N21/4586

Abstract: A stored predefined unmodifiable bootable code set may be verified during code reprogramming of a device, and executed as a first stage of code reprogramming of the device. The predefined unmodifiable bootable code set may be stored in a locked memory such as a locked flash memory and may comprise code that enables minimal communication functionality of the device. The predefined unmodifiable bootable code set may be verified using a security algorithm, for example, a SHA-based algorithm. Information necessary for the security algorithm may be stored in a memory, for example, a one-time programmable read-only memory (OTP ROM). The stored information necessary for the security algorithm may comprise a SHA digest, a signature, and/or a key. A second stage code set may be verified and executed during the code reprogramming of the device subsequent to the verification of the stored predefined unmodifiable bootable code set.

Abstract translation: 可以在设备的代码重新编程期间验证存储的预定义的不可修改的可引导代码集，并且作为设备的代码重新编程的第一级被执行。 预定义的不可修改的可引导代码集可以存储在诸如锁定的闪存的锁定存储器中，并且可以包括能够实现设备的最小通信功能的代码。 可以使用安全算法（例如，基于SHA的算法）来验证预定义的不可修改的可引导代码集。 安全算法所需的信息可以存储在存储器中，例如，一次性可编程只读存储器（OTP ROM）。 安全算法所需的存储信息可以包括SHA摘要，签名和/或密钥。 可以在验证存储的预定义的不可修改的可引导代码集之后的设备的代码重新编程期间验证和执行第二阶段代码集。

公开(公告)号：US20070266232A1

公开(公告)日：2007-11-15

申请号：US11558650

申请日：2006-11-10

Applicant: Stephane Rodgers ,  Xuemin Chen

Inventor： Stephane Rodgers ,  Xuemin Chen

IPC: H04L9/00 ,  G06F12/14 ,  H04L9/32 ,  G06F11/30

CPC classification number: G06F21/10 ,  G06F21/445 ,  G06F21/51 ,  G06F21/606 ,  H04L9/0656 ,  H04L9/0844 ,  H04L2209/12

Abstract: Aspects of a method and system for command interface protection to achieve a secure interface are provided. A host device may encrypt a command based on a key index generated within the host device, a host device key, a command count, a random number from a slave device, at least one host control word, and a host variable value. The encrypted command may be communicated to the slave device where it may be decrypted based on the key index, the host device key decrypted from a slave device key generated by the slave device, the command count, the random number, at least one slave control word, and a slave variable value. The key index may be utilized in the host and slave devices to select a master key from a key table from which generational derivatives may be generated for command encryption and decryption respectively.

Abstract translation: 提供了一种用于命令接口保护以实现安全接口的方法和系统。 主机设备可以基于在主设备内生成的密钥索引，主机设备密钥，命令计数，来自从设备的随机数，至少一个主机控制字和主机变量值来加密命令。 加密命令可以被传送到从设备，其中它可以基于密钥索引被解密，从从设备生成的从设备密钥解密的主机设备密钥，命令计数，随机数，至少一个从控制 字和从​​变量值。 密钥索引可以用在主设备和从设备中，从分别为命令加密和解密生成代数导数的密钥表中选择主密钥。

公开(公告)号：US09461825B2

公开(公告)日：2016-10-04

申请号：US11743533

申请日：2007-05-02

Applicant: Stephane Rodgers ,  Andrew Dellow

Inventor： Stephane Rodgers ,  Andrew Dellow

IPC: H04L9/32 ,  H04L29/06 ,  G06F21/64 ,  G06F21/10 ,  H04L9/08 ,  G06F21/62 ,  H04L9/28

CPC classification number: H04L9/3247 ,  G06F21/10 ,  G06F2221/0711 ,  G06F2221/0771 ,  H04L9/0891 ,  H04L63/0435 ,  H04L63/123 ,  H04L63/1458 ,  H04L2209/60 ,  H04L2209/605 ,  H04L2463/062

Abstract: Methods and systems for preventing revocation denial of service attacks are disclosed and may include receiving and decrypting a command for revoking a secure key utilizing a hidden key, and revoking the secure key upon successful verification of a signature. The command may comprise a key ID that is unique to a specific set-top box. A key corresponding to the command for revoking the secure key may be stored in a one-time programmable memory, compared to a reference, and the security key may be revoked based on the comparison. The command for revoking the secure key may be parsed from a transport stream utilizing a hardware parser. The method and system may also comprise generating a command for revoking a secure key. The command may be encrypted and signed utilizing a hidden key and may comprise a key ID that is unique to a specific set-top box.

Abstract translation: 公开了用于防止撤销拒绝服务攻击的方法和系统，并且可以包括使用隐藏密钥接收和解密用于撤销安全密钥的命令，以及在成功验证签名时撤销安全密钥。 该命令可以包括特定机顶盒唯一的密钥ID。 与参考相比，与撤销安全密钥的命令相对应的密钥可以存储在一次性可编程存储器中，并且可以基于比较来撤销安全密钥。 用于撤销安全密钥的命令可以使用硬件解析器从传输流中解析出来。 该方法和系统还可以包括生成用于撤销安全密钥的命令。 命令可以使用隐藏密钥进行加密和签名，并且可以包括特定机顶盒唯一的密钥ID。

公开(公告)号：US20080086517A1

公开(公告)日：2008-04-10

申请号：US11758387

申请日：2007-06-05

Applicant: Stephane Rodgers

Inventor： Stephane Rodgers

IPC: G06F17/30 ,  G06F11/00

CPC classification number: G06F8/65 ,  G06F21/57

Abstract: Methods and systems for securing code in a reprogrammable security system are provided and may comprise detecting when a prior version of code is copied over a subsequent version of code. Operations within the system may be controlled based upon detection of the prior version of code. A unique version identifier may be associated with each successive version of code. The system may compare instances of unique version identifier from varied storage mechanisms on a device which may include flash memory, latch memory and one time programmable memory. The same instances of unique version identifier may be compared with a unique version identifier instance independently received from an external entity. When a comparison reveals a prior version of code copied over a subsequent version of code the system may conduct operations specified for a security breach.

Abstract translation: 提供了用于在可重新编程的安全系统中保护代码的方法和系统，并且可以包括检测何时在代码的后续版本上复制先前版本的代码。 可以基于先前版本的代码的检测来控制系统内的操作。 唯一的版本标识符可以与每个连续版本的代码相关联。 该系统可以在可以包括闪存，锁存存储器和一次可编程存储器的设备上比较来自不同存储机制的唯一版本标识符的实例。 可将与唯一版本标识符相同的实例与独立从外部实体接收的唯一版本标识符实例进行比较。 当比较显示在随后的代码版本中复制的代码的先前版本时，系统可以执行为安全漏洞指定的操作。

公开(公告)号：US20080084995A1

公开(公告)日：2008-04-10

申请号：US11758421

申请日：2007-06-05

Applicant: Stephane Rodgers

Inventor： Stephane Rodgers

IPC: H04L9/16

CPC classification number: H04L9/0894 ,  H04L9/16

Abstract: Methods and systems are disclosed for decrypting segmented code of varying segment lengths wherein each segment of code may be protected with a different set of decryption parameters. Sets of decryption parameter information may be embedded subsequent to and contiguous with corresponding code segments. Sets of decryption algorithm parameter information may comprise: decryption key information, IV bit, initialization vector information and code segment length. The decryption key information may comprise an index to a key table. The key table may be stored using combinatorial logic. Successive blocks of information may be decrypted with an initialization vector and/or with a decrypted output from a preceding decrypted block of information. Decryption parameter information corresponding to a current segment of code may be decrypted with a preceding segment of code. Decryption algorithm parameters may be generated using a linear feedback shift register utilizing a seed acquired from a one-time-programmable memory.

Abstract translation: 公开了用于解密变化段长度的分段代码的方法和系统，其中每个代码段可以用不同的解密参数集来保护。 解密参数信息的集合可以被嵌入到相应的代码段之后并与其相邻。 解密算法参数信息集可以包括：解密密钥信息，IV位，初始化向量信息和代码段长度。 解密密钥信息可以包括关键表的索引。 密钥表可以使用组合逻辑来存储。 可以用初始化向量和/或来自先前解密的信息块的解密输出来解密相继的信息块。 对应于当前代码片段的解密参数信息可以用前面的代码片段解密。 使用从一次可编程存储器获取的种子的线性反馈移位寄存器可以产生解密算法参数。

公开(公告)号：US20070223538A1

公开(公告)日：2007-09-27

申请号：US11385307

申请日：2006-03-21

Applicant: Stephane Rodgers

Inventor： Stephane Rodgers

IPC: H04J3/06

CPC classification number: H04J3/0605 ,  H04N21/2368 ,  H04N21/4307 ,  H04N21/4341 ,  H04N21/44008

Abstract: A method and system are provided for using generic comparators with firmware interface to assist video/audio decoders in achieving frame sync. The method may involve processing a portion of an incoming packet by hardware components, which may result in a partially processed packet. The incoming packet may comprise audio, video, and/or record data. The partially processed packet may then be completely processed by firmware and sent to decoders if comprising audio/video data or to a record engine if comprising record data. Generic comparators may be utilized with the incoming packet to search for data patterns associated with synchronization information within the packet. The extracted data patterns may be sent to the firmware to utilize while processing the partially processed packet. The firmware may send synchronization information determined based on the extracted data patterns to aid decoders in decoding audio and video content.

Abstract translation: 提供了一种使用具有固件接口的通用比较器来辅助视频/音频解码器实现帧同步的方法和系统。 该方法可以涉及通过硬件组件处理输入分组的一部分，这可能导致部分处理的分组。 输入分组可以包括音频，视频和/或记录数据。 然后，部分处理的分组可以被固件完全处理，并且如果包括音频/视频数据则发送到解码器，或者如果包括记录数据则发送到记录引擎。 通用比较器可以与输入分组一起使用以搜索与分组内的同步信息相关联的数据模式。 提取的数据模式可以被发送到固件以在处理部分处理的分组的同时使用。 固件可以发送基于提取的数据模式确定的同步信息，以帮助解码器解码音频和视频内容。

公开(公告)号：US09811330B2

公开(公告)日：2017-11-07

申请号：US11758387

申请日：2007-06-05

Applicant: Stephane Rodgers

Inventor： Stephane Rodgers

IPC: G06F3/00 ,  G06F9/445 ,  G06F21/57

CPC classification number: G06F8/65 ,  G06F21/57

Abstract: Methods and systems for securing code in a reprogrammable security system are provided and may comprise detecting when a prior version of code is copied over a subsequent version of code. Operations within the system may be controlled based upon detection of the prior version of code. A unique version identifier may be associated with each successive version of code. The system may compare instances of unique version identifier from varied storage mechanisms on a device which may include flash memory, latch memory and one time programmable memory. The same instances of unique version identifier may be compared with a unique version identifier instance independently received from an external entity. When a comparison reveals a prior version of code copied over a subsequent version of code the system may conduct operations specified for a security breach.

公开(公告)号：US20110219242A1

公开(公告)日：2011-09-08

申请号：US13112801

申请日：2011-05-20

Applicant: Stephane Rodgers

Inventor： Stephane Rodgers

IPC: G06F12/14 ,  G06F21/00

CPC classification number: G06F21/6209 ,  G06F21/52 ,  G06F21/6281 ,  G06F2221/2105

Abstract: A secure processor in a PC-slave device may manage secure loading of execution code and/or data, which may be stored, in encrypted form, in a PC hard-drive. The secure processor may cause decryption of the execution code and/or data by the PC-slave device, and storage of the decrypted execution code and/or data in a restricted portion of a memory that is dedicated for use by the PC-slave device, with the restricted portion of the dedicated memory being only accessible by the PC-slave device. The secure processor may validate decrypted execution code and/or data. The secure processor may block operations of a main processor in the PC-slave device during secure loading of execution code and/or data, and may discontinue that blocking after validating the decrypted execution code and/or data. The secure processor may store encryption keys that are utilized during decryption of the encrypted execution code and/or data.

Abstract translation: PC从设备中的安全处理器可以管理可以以加密形式存储在PC硬盘驱动器中的执行代码和/或数据的安全加载。 安全处理器可以引起PC从设备对执行代码和/或数据的解密，以及解密的执行代码和/或数据在专用于PC从设备的存储器的限制部分中的存储 专用存储器的限制部分只能由PC从设备访问。 安全处理器可验证解密的执行代码和/或数据。 在执行代码和/或数据的安全加载期间，安全处理器可以阻止PC从设备中的主处理器的操作，并且可以在验证解密的执行代码和/或数据之后中断该阻塞。 安全处理器可以存储在解密加密的执行代码和/或数据期间使用的加密密钥。

公开(公告)号：US07966465B2

公开(公告)日：2011-06-21

申请号：US12015648

申请日：2008-01-17

Applicant: Stephane Rodgers

Inventor： Stephane Rodgers

IPC: G06F12/00

CPC classification number: G06F21/6209 ,  G06F21/52 ,  G06F21/6281 ,  G06F2221/2105

Abstract: A PC-slave device may securely load and decrypt an execution code and/or data, which may be stored, encrypted, in a PC hard-drive. The PC-slave device may utilize a dedicated memory, which may be partitioned into an accessible region and a restricted region that may only be accessible by the PC-slave device. The encrypted execution code and/or may be loaded into the accessible region of the dedicated memory; the PC-slave device may decrypt the execution code and/or data, internally, and store the decrypted execution code and/or data into the restricted region of the dedicated memory. The decrypted execution code and/or data may be validated, and may be utilized from the restricted region. The partitioning of the dedicated memory, into accessible and restricted regions, may be performed dynamically during secure code loading. The PC-slave device may comprise a dedicated secure processor that may perform and/or manage secure code loading.

Abstract translation: PC从设备可以安全地加载和解密可以存储，加密的PC硬盘驱动器中的执行代码和/或数据。 PC从设备可以利用专用存储器，其可以被划分为只能由PC从设备访问的可访问区域和受限区域。 加密的执行代码和/或可以被加载到专用存储器的可访问区域中; PC从设备可以在内部解密执行代码和/或数据，并将解密的执行代码和/或数据存储到专用存储器的受限区域中。 解密的执行代码和/或数据可以被验证，并且可以从受限区域使用。 可以在安全代码加载期间动态地执行专用存储器到可访问和限制区域的划分。 PC从设备可以包括可以执行和/或管理安全代码加载的专用安全处理器。