公开(公告)号：US07900032B2

公开(公告)日：2011-03-01

申请号：US11746773

申请日：2007-05-10

Applicant: Stephane Rodgers ,  Andrew Dellow ,  Xuemin Chen ,  Iue-Shuenn Chen ,  Qiang Ye

Inventor： Stephane Rodgers ,  Andrew Dellow ,  Xuemin Chen ,  Iue-Shuenn Chen ,  Qiang Ye

IPC: G06F9/00 ,  H04L9/00 ,  H04L9/32

CPC classification number: G06F21/575 ,  G06F21/572

Abstract: Segmenting a boot code to allow separate and independent storage and validation of the segments in a manner that enable secure system boot by autonomous fetching and assembling of the boot code by a security sub-system. The code fetching may need to be done without the main CPU running on the chip for security reasons. Because the boot code may be stored in memory devices that require special software application to account for non-contiguous storage of data and/or code, for example a NAND flash memory which would require such an application as Bad Block Management, code segments stored in areas guaranteed to be usable may enable loading and validating remaining segment separately and independently.

Abstract translation: 分段引导代码，以允许通过安全子系统自主获取和组合引导代码来实现安全系统引导的方式，对段进行单独和独立的存储和验证。 出于安全考虑，代码获取可能需要完成，而主CPU不会在芯片上运行。 由于引导代码可能存储在需要特殊软件应用程序的存储器件中以解决数据和/或代码的不连续存储，例如将要求诸如坏块管理的应用的NAND闪存，存储在 保证可用的区域可以分别且独立地加载和验证剩余段。

公开(公告)号：US20090187704A1

公开(公告)日：2009-07-23

申请号：US12015648

申请日：2008-01-17

Applicant: Stephane Rodgers

Inventor： Stephane Rodgers

IPC: G06F12/14 ,  G06F12/00 ,  G06F13/00

CPC classification number: G06F21/6209 ,  G06F21/52 ,  G06F21/6281 ,  G06F2221/2105

Abstract: A PC-slave device may securely load and decrypt an execution code and/or data, which may be stored, encrypted, in a PC hard-drive. The PC-slave device may utilize a dedicated memory, which may be partitioned into an accessible region and a restricted region that may only be accessible by the PC-slave device. The encrypted execution code and/or may be loaded into the accessible region of the dedicated memory; the PC-slave device may decrypt the execution code and/or data, internally, and store the decrypted execution code and/or data into the restricted region of the dedicated memory. The decrypted execution code and/or data may be validated, and may be utilized from the restricted region. The partitioning of the dedicated memory, into accessible and restricted regions, may be performed dynamically during secure code loading. The PC-slave device may comprise a dedicated secure processor that may perform and/or manage secure code loading.

Abstract translation: PC从设备可以安全地加载和解密可以存储，加密的PC硬盘驱动器中的执行代码和/或数据。 PC从设备可以利用专用存储器，其可以被划分为只能由PC从设备访问的可访问区域和受限区域。 加密的执行代码和/或可以被加载到专用存储器的可访问区域中; PC从设备可以在内部解密执行代码和/或数据，并将解密的执行代码和/或数据存储到专用存储器的受限区域中。 解密的执行代码和/或数据可以被验证，并且可以从受限区域使用。 可以在安全代码加载期间动态地执行专用存储器到可访问和限制区域的划分。 PC从设备可以包括可以执行和/或管理安全代码加载的专用安全处理器。

公开(公告)号：US20090150676A1

公开(公告)日：2009-06-11

申请号：US11952772

申请日：2007-12-07

Applicant: Sherman Xuemin Chen ,  Stephane Rodgers

Inventor： Sherman Xuemin Chen ,  Stephane Rodgers

IPC: H04L9/32

CPC classification number: H04H20/31 ,  G06T1/0021 ,  H04H2201/50 ,  H04N5/4401 ,  H04N19/44 ,  H04N19/467 ,  H04N21/23892 ,  H04N21/43853 ,  H04N21/8358

Abstract: Methods and systems for robust watermark insertion and extraction for digital set-top boxes are disclosed and may include descrambling, detecting watermarking messages in a received video signal utilizing a watermark message parser, and immediately watermarking the descrambled video signal utilizing an embedded CPU. The embedded CPU may utilize code that may be signed by an authorized key, encrypted externally to the chip, decrypted, and stored in memory in a region off-limits to other processors. The video signal may be watermarked in a decompressed domain. The enabling of the watermarking may be verified utilizing a watchdog timer. The descriptors corresponding to the watermarking may be stored in memory that may be inaccessible by the main CPU. The watermark may comprise unique identifier data specific to the chip and a time stamp, and may be encrypted utilizing an on-chip combinatorial function.

Abstract translation: 公开了用于数字机顶盒的鲁棒水印插入和提取的方法和系统，并且可以包括解扰，利用水印消息解析器检测接收到的视频信号中的水印消息，并立即利用嵌入式CPU对解扰的视频信号进行加水印。 嵌入式CPU可以利用可以通过授权密钥进行签名的代码，在芯片外部加密，解密并存储在与其他处理器不同的区域的存储器中。 视频信号可以在解压缩域中加水印。 可以使用看门狗定时器来验证水印的使能。 与水印相对应的描述符可以存储在主CPU可能无法访问的存储器中。 水印可以包括专用于芯片的唯一标识符数据和时间标记，并且可以使用片上组合功能进行加密。

公开(公告)号：US20080086780A1

公开(公告)日：2008-04-10

申请号：US11753414

申请日：2007-05-24

Applicant: Xuemin Chen ,  Iue-Shuenn Chen ,  Stephane Rodgers ,  Andrew Dellow

Inventor： Xuemin Chen ,  Iue-Shuenn Chen ,  Stephane Rodgers ,  Andrew Dellow

IPC: H04L9/32

CPC classification number: G06F21/629 ,  G06F21/572 ,  H04N7/163 ,  H04N21/42692 ,  H04N21/4432 ,  H04N21/4627 ,  H04N21/818

Abstract: Methods and systems for protection of customer secrets in a secure reprogrammable system are disclosed, and may include controlling, via hardware logic and firmware, access to customer specific functions. The firmware may comprise trusted code, and may comprise boot code, stored in non-volatile memory, which may comprise read only memory, or a locked flash memory. A customer mode may be checked via the trusted code prior to allowing downloading of code written by a customer to the reprogrammable system. Access to customer specific functions may be restricted via commands from a trusted source. The hardware logic may be latched at startup in a disabled mode by the firmware, determined by the customer mode stored in a one time programmable memory. The customer mode may be re-checked utilizing the firmware, and may disallow the use of code other than trusted code in the reprogrammable system when the re-checking fails.

Abstract translation: 公开了用于保护安全可重新编程系统中的客户秘密的方法和系统，并且可以包括通过硬件逻辑和固件来控制对客户特定功能的访问。 固件可以包括可信代码，并且可以包括存储在非易失性存储器中的引导代码，其可以包括只读存储器或锁定的闪存。 可以在允许将由客户编写的代码下载到可重新编程系统之前通过可信代码来检查客户模式。 可以通过来自可信来源的命令来限制访问客户特定功能。 由存储在一次可编程存储器中的客户模式确定的固件可以在禁用模式下的硬件逻辑锁存硬件逻辑。 可以使用固件来重新检查客户模式，并且当重新检查失败时，可以不允许在可再编程系统中使用除可信代码之外的代码。

公开(公告)号：US20080086630A1

公开(公告)日：2008-04-10

申请号：US11746773

申请日：2007-05-10

Applicant: Stephane Rodgers ,  Andrew Dellow ,  Xuemin Chen ,  Iue-Shuenn Chen ,  Qiang Ye

Inventor： Stephane Rodgers ,  Andrew Dellow ,  Xuemin Chen ,  Iue-Shuenn Chen ,  Qiang Ye

IPC: G06F9/24

CPC classification number: G06F21/575 ,  G06F21/572

Abstract: Segmenting a boot code to allow separate and independent storage and validation of the segments in a manner that enable secure system boot by autonomous fetching and assembling of the boot code by a security sub-system. The code fetching may need to be done without the main CPU running on the chip for security reasons. Because the boot code may be stored in memory devices that require special software application to account for non-contiguous storage of data and/or code, for example a NAND flash memory which would require such an application as Bad Block Management, code segments stored in areas guaranteed to be usable may enable loading and validating remaining segment separately and independently.

Abstract translation: 分段引导代码，以允许通过安全子系统自主获取和组合引导代码来实现安全系统引导的方式，对段进行单独和独立的存储和验证。 出于安全考虑，代码获取可能需要完成，而主CPU不会在芯片上运行。 由于引导代码可能存储在需要特殊软件应用程序的存储器件中以解决数据和/或代码的不连续存储，例如将要求诸如坏块管理的应用的NAND闪存，存储在 保证可用的区域可以分别且独立地加载和验证剩余段。

公开(公告)号：US09438415B2

公开(公告)日：2016-09-06

申请号：US13171148

申请日：2011-06-28

Applicant: Xuemin Chen ,  Stephane Rodgers

Inventor： Xuemin Chen ,  Stephane Rodgers

IPC: H04L9/08 ,  H04L29/06

CPC classification number: H04L9/0825 ,  H04L63/0209 ,  H04L63/0823 ,  H04L2209/603

Abstract: A home gateway, which enables communication with a plurality of devices, recovers a root-content key from a key server of a service provider for secure delivery of content requested by a client device. The recovered root-content key is utilized to generate a content key for corresponding content scrambling. The home gateway communicates the scrambled content to the client device. The home gateway utilizes the RSA protocol to request the root-content key from the key server. The root-content key is recovered from the received key index. The content key is encrypted utilizing a public key and delivered to the client device. The key server distributes the public key to the gateway through authentication messages. The client device utilizes its own private key to recover the content key by decrypting the encrypted content key. The scrambled content from the home gateway is descrambled using the recovered content key for content consumption.

Abstract translation: 能够与多个设备进行通信的家庭网关从服务提供商的密钥服务器恢复根内容密钥，用于安全地传递由客户端设备请求的内容。 恢复的根内容密钥用于生成用于相应内容加扰的内容密钥。 家庭网关将加扰的内容传送到客户端设备。 家庭网关利用RSA协议从密钥服务器请求根内容密钥。 从接收到的密钥索引中恢复根内容密钥。 内容密钥使用公钥加密并传送到客户端设备。 密钥服务器通过认证消息将公钥分发到网关。 客户端设备利用自己的私钥通过解密加密的内容密钥来恢复内容密钥。 来自家庭网关的加扰内容使用恢复的内容密钥进行解扰，用于内容消费。

公开(公告)号：US09118966B2

公开(公告)日：2015-08-25

申请号：US13074131

申请日：2011-03-29

Applicant: Steve (Stephane) Rodgers

Inventor： Steve (Stephane) Rodgers

IPC: H04K1/00 ,  H04N21/4627 ,  H04N21/8355

CPC classification number: H04N21/4627 ,  H04N21/8355

Abstract: A Set Top Box (STB) or client computer includes a communication interface operable to receive digital messages and digital content, memory, a transcoder, a central processing unit, and security processing circuitry. The security processor (or other components of the STB) is operable to identify protected digital content of the digital content that is to be isolated from the central processing unit during transcoding and to isolate the protected digital content from the central processing unit during the transcoding. The CPU may be denied access to a protected portion of the memory during the transcoding in which the transcoder stores non-scrambled protected digital content. The protected portion of the memory may be buffer memory accessible by the transcoder and not accessible by the central processing unit. The protected digital content may be identified from the digital message.

Abstract translation: 机顶盒（STB）或客户计算机包括可操作以接收数字消息和数字内容的通信接口，存储器，代码转换器，中央处理单元和安全处理电路。 安全处理器（或STB的其他组件）可操作以识别在代码转换期间与中央处理单元隔离的数字内容的受保护数字内容，并且在转码期间将受保护的数字内容与中央处理单元隔离开。 在代码转换器存储非加密保护的数字内容的代码转换期间，CPU可能被拒绝访问存储器的受保护部分。 存储器的受保护部分可以是可由代码转换器访问的缓冲存储器，并且不能被中央处理单元访问。 受保护的数字内容可以从数字消息中识别。

公开(公告)号：US08565427B2

公开(公告)日：2013-10-22

申请号：US13074083

申请日：2011-03-29

Applicant: Steve (Stephane) Rodgers ,  Sherman (Xuemin) Chen

Inventor： Steve (Stephane) Rodgers ,  Sherman (Xuemin) Chen

IPC: H04L29/00

CPC classification number: H04N21/4627 ,  H04N21/8355

Abstract: A Set Top Box (STB) or client computer includes a communication interface operable to receive digital messages and digital content, memory operable, and processing circuitry coupled to the communication interface and to the memory. The STB is operable to receive a digital message, extract a key portion from the digital message, decrypt the key portion, descramble the digital content using the decrypted key portion, extract a rights portion from the digital message, decrypt the rights portion, determine protected and unprotected digital content based upon the rights portion, write the unprotected digital content to an unprotected portion of the memory, and write the protected digital content to a protected portion of the memory. The decrypted key portion may include a plurality of Program IDs (PIDs) and the decrypted rights portion may include protection data for each PID. A security processor may prevent a central processing unit from accessing the protected portion of the memory.

Abstract translation: 机顶盒（STB）或客户端计算机包括可操作以接收数字消息和数字内容的通信接口，可操作的存储器，以及耦合到通信接口和存储器的处理电路。 STB可操作以接收数字消息，从数字消息中提取密钥部分，解密密钥部分，使用解密密钥部分对数字内容进行解扰，从数字消息中提取权限部分，解密权限部分，确定受保护的 以及基于权利部分的未受保护的数字内容，将未受保护的数字内容写入存储器的未受保护的部分，并将受保护的数字内容写入存储器的受保护部分。 解密的密钥部分可以包括多个节目ID（PID），并且解密的权限部分可以包括每个PID的保护数据。 安全处理器可以防止中央处理单元访问存储器的受保护部分。

公开(公告)号：US08412903B2

公开(公告)日：2013-04-02

申请号：US13112801

申请日：2011-05-20

Applicant: Stephane Rodgers

Inventor： Stephane Rodgers

IPC: G06F12/00

CPC classification number: G06F21/6209 ,  G06F21/52 ,  G06F21/6281 ,  G06F2221/2105

Abstract: A secure processor in a PC-slave device manages secure loading of execution code and/or data, which is stored, in encrypted form, in a PC hard-drive. The secure processor causes decryption of the execution code and/or data by the PC-slave device, and storage of the decrypted execution code and/or data in a restricted portion of a memory that is dedicated for use by the PC-slave device, with the restricted portion of the dedicated memory being only accessible by the PC-slave device. The secure processor validates decrypted execution code and/or data. The secure processor blocks operations of a main processor in the PC-slave device during secure loading of execution code and/or data, and discontinues that blocking after validating the decrypted execution code and/or data. The secure processor stores encryption keys that are utilized during decryption of the encrypted execution code and/or data.

Abstract translation: PC-slave设备中的安全处理器管理以加密形式存储在PC硬盘驱动器中的执行代码和/或数据的安全加载。 安全处理器通过PC从设备对执行代码和/或数据进行解密，以及解密的执行代码和/或数据在专用于PC从设备的存储器的限制部分中的存储， 专用存储器的限制部分只能由PC从设备访问。 安全处理器验证解密的执行代码和/或数据。 安全处理器在执行代码和/或数据的安全加载期间阻止PC从设备中的主处理器的操作，并且在验证解密的执行代码和/或数据之后中止该阻塞。 安全处理器存储在解密加密的执行代码和/或数据期间使用的加密密钥。

公开(公告)号：US08365308B2

公开(公告)日：2013-01-29

申请号：US12248146

申请日：2008-10-09

Applicant: Stephane Rodgers ,  Iue-Shuenn Chen

Inventor： Stephane Rodgers ,  Iue-Shuenn Chen

IPC: G06F21/00

CPC classification number: G06F21/81

Abstract: A security processor integrated within a system may be securely shut down. The security processor may receive shut down requests, and may determine components and/or subsystems that need be shut down during shut down periods. The security processor may determine when each of the relevant components is ready for shut down. Once the relevant components are shut down, the security processor may itself be shut down, wherein the shut down of the security processor may be performed by stopping the clocking of the security processor. A security error monitor may monitor the system during shut down periods, and the security processor may be powered back on when security breaches and/or threats may be detected via the security error monitor. The security error monitor may be enabled to power on the security processor by reactivating the security processor clock, and the security processor may then power on the system.

Abstract translation: 集成在系统内的安全处理器可能被安全地关闭。 安全处理器可以接收关闭请求，并且可以确定在关闭时段期间需要关闭的组件和/或子系统。 安全处理器可以确定每个相关组件何时准备关闭。 一旦相关组件被关闭，安全处理器本身可以被关闭，其中可以通过停止安全处理器的计时来执行安全处理器的关闭。 安全错误监视器可以在关闭期间监视系统，并且可以通过安全错误监视器检测到安全漏洞和/或威胁时，可以重新启动安全处理器。 可以启用安全错误监视器以通过重新激活安全处理器时钟来打开安全处理器的电源，然后安全处理器可以打开系统电源。