公开(公告)号：US20080084273A1

公开(公告)日：2008-04-10

申请号：US11753338

申请日：2007-05-24

申请人： Stephane Rodgers ,  Andrew Dellow ,  Xuemin Chen ,  Iue-Shuenn Chen

发明人： Stephane Rodgers ,  Andrew Dellow ,  Xuemin Chen ,  Iue-Shuenn Chen

IPC分类号： G05B19/00

CPC分类号： G06F21/6209 ,  G06F21/77

摘要： Securely loading code in a security processor may include autonomous fetching an encrypted security data set, which may comprise security code and/or root keys, by a security processor integrated within a chip. The encrypted security data set may be decrypted via the on-chip security processor and the decrypted code set may be validated on-chip using an on-chip locked value. The on-chip locked value may be stored in a one-time programmable read-only memory (OTP ROM) and may include security information generated by applying one or more security algorithms, for example SHA-based algorithms, to the security data set. The encryption of the security data set may utilize various security algorithms, for example AES-based algorithms. The on-chip locked value may be created and locked after a virgin boot of a device that includes the security processor. The security data set may be authenticated during the virgin boot of the device.

摘要翻译： 在安全处理器中安全地加载代码可以包括通过集成在芯片内的安全处理器来自主地获取可以包括安全代码和/或根密钥的加密安全数据集。 加密的安全数据集可以经由片上安全处理器解密，并且解码的代码集可以使用片上锁定值在片上进行验证。 片上锁定值可以存储在一次性可编程只读存储器（OTP ROM）中，并且可以包括通过将一个或多个安全算法（例如基于SHA的算法）应用于安全数据集而生成的安全信息。 安全数据集的加密可以利用各种安全算法，例如基于AES的算法。 在包含安全处理器的设备的初始引导之后，可以创建和锁定片上锁定值。 安全数据集可以在设备的初始启动期间被认证。

公开(公告)号：US20070121943A1

公开(公告)日：2007-05-31

申请号：US11523773

申请日：2006-09-18

申请人： Andrew Dellow ,  Rodrigo Cordero

发明人： Andrew Dellow ,  Rodrigo Cordero

IPC分类号： H04K1/02

CPC分类号： H04L9/0662 ,  H04L2209/04 ,  H04L2209/12

摘要： A portion of data is obfuscated by performing a bitwise XOR function between bits of the data portion and bits of a mask. The mask is generated based on the memory address of the data portion. A bitfield representing the memory address of the data portion is split into subset bitfields. Each subset then forms the input of a corresponding primary randomizing unit. Each primary randomizing unit is arranged to generate an output bitfield that appears to be randomly correlated with the input, but which may be determined from the input if certain secret information is known. The output of the primary randomizing units is input into a series of secondary randomizing units. Each secondary randomizing unit is arranged to input at least one bit of the output of every primary randomizing unit. The output of the secondary randomizing units are then combined by concatenation to form a data mask.

摘要翻译： 通过在数据部分的位和掩码的位之间执行按位XOR功能来模糊数据的一部分。 基于数据部分的存储器地址生成掩码。 表示数据部分的存储器地址的位字段被分割成子字段。 然后，每个子集形成对应的主随机化单元的输入。 每个主随机化单元被安排成产生似乎与输入随机相关的输出位域，但是如果某些秘密信息是已知的，则可以从输入确定输出位域。 主随机化单元的输出被输入到一系列二次随机化单元中。 每个二次随机化单元被布置成输入每个主随机化单元的输出的至少一位。 然后通过级联组合二次随机化单元的输出以形成数据掩码。

公开(公告)号：US06696870B2

公开(公告)日：2004-02-24

申请号：US10104994

申请日：2002-03-22

申请人： Andrew Dellow

发明人： Andrew Dellow

IPC分类号： H03K2100

CPC分类号： H03K23/68 ,  H03K23/546

摘要： A digital frequency divider includes phase control of the output signal in increments of whole or half cycles of the input frequency. Whole cycle phase control is achieved by varying (logically or physically) the tap off point of a shift register loaded with a bit pattern for appropriate division. Half cycle phase changes are achieved by a multiplexer selecting one of two signals every half cycle.

摘要翻译： 数字分频器包括以输入频率的整个或半个周期为增量的输出信号的相位控制。 通过改变（逻辑上或物理上）通过加载位模式的移位寄存器的抽头点进行适当划分来实现整个周期相位控制。 半周期相位变化通过多路复用器每半周期选择两个信号之一来实现。

公开(公告)号：US09338009B2

公开(公告)日：2016-05-10

申请号：US11743533

申请日：2007-05-02

申请人： Stephane Rodgers ,  Andrew Dellow

发明人： Stephane Rodgers ,  Andrew Dellow

IPC分类号： H04L9/32 ,  H04L29/06 ,  G06F21/64 ,  G06F21/10 ,  H04L9/08 ,  G06F21/62 ,  H04L9/28

摘要： Methods and systems for preventing revocation denial of service attacks are disclosed and may include receiving and decrypting a command for revoking a secure key utilizing a hidden key, and revoking the secure key upon successful verification of a signature. The command may comprise a key ID that is unique to a specific set-top box. A key corresponding to the command for revoking the secure key may be stored in a one-time programmable memory, compared to a reference, and the security key may be revoked based on the comparison. The command for revoking the secure key may be parsed from a transport stream utilizing a hardware parser. The method and system may also comprise generating a command for revoking a secure key. The command may be encrypted and signed utilizing a hidden key and may comprise a key ID that is unique to a specific set-top box.

公开(公告)号：US08683212B2

公开(公告)日：2014-03-25

申请号：US11753338

申请日：2007-05-24

申请人： Stephane Rodgers ,  Andrew Dellow ,  Xuemin Chen ,  Iue-Shuenn Chen

发明人： Stephane Rodgers ,  Andrew Dellow ,  Xuemin Chen ,  Iue-Shuenn Chen

IPC分类号： G05B19/00

CPC分类号： G06F21/6209 ,  G06F21/77

摘要： Securely loading code in a security processor may include autonomous fetching an encrypted security data set, which may comprise security code and/or root keys, by a security processor integrated within a chip. The encrypted security data set may be decrypted via the on-chip security processor and the decrypted code set may be validated on-chip using an on-chip locked value. The on-chip locked value may be stored in a one-time programmable read-only memory (OTP ROM) and may include security information generated by applying one or more security algorithms, for example SHA-based algorithms, to the security data set. The encryption of the security data set may utilize various security algorithms, for example AES-based algorithms. The on-chip locked value may be created and locked after a virgin boot of a device that includes the security processor. The security data set may be authenticated during the virgin boot of the device.

摘要翻译： 在安全处理器中安全地加载代码可以包括通过集成在芯片内的安全处理器来自主地获取可以包括安全代码和/或根密钥的加密安全数据集。 加密的安全数据集可以经由片上安全处理器解密，并且解码的代码集可以使用片上锁定值在片上进行验证。 片上锁定值可以存储在一次性可编程只读存储器（OTP ROM）中，并且可以包括通过将一个或多个安全算法（例如基于SHA的算法）应用于安全数据集而生成的安全信息。 安全数据集的加密可以利用各种安全算法，例如基于AES的算法。 在包含安全处理器的设备的初始引导之后，可以创建和锁定片上锁定值。 安全数据集可以在设备的初始启动期间被认证。

公开(公告)号：US08572399B2

公开(公告)日：2013-10-29

申请号：US11746769

申请日：2007-05-10

申请人： Stephane Rodgers ,  Andrew Dellow ,  Xuemin Chen ,  Iue-Shuenn Chen

发明人： Stephane Rodgers ,  Andrew Dellow ,  Xuemin Chen ,  Iue-Shuenn Chen

IPC分类号： H04L29/06

CPC分类号： H04N21/818 ,  G06F21/572 ,  H04N21/4432 ,  H04N21/4586

摘要： A stored predefined unmodifiable bootable code set may be verified during code reprogramming of a device, and executed as a first stage of code reprogramming of the device. The predefined unmodifiable bootable code set may be stored in a locked memory such as a locked flash memory and may comprise code that enables minimal communication functionality of the device. The predefined unmodifiable bootable code set may be verified using a security algorithm, for example, a SHA-based algorithm. Information necessary for the security algorithm may be stored in a memory, for example, a one-time programmable read-only memory (OTP ROM). The stored information necessary for the security algorithm may comprise a SHA digest, a signature, and/or a key. A second stage code set may be verified and executed during the code reprogramming of the device subsequent to the verification of the stored predefined unmodifiable bootable code set.

摘要翻译： 可以在设备的代码重新编程期间验证存储的预定义的不可修改的可引导代码集，并且作为设备的代码重新编程的第一级被执行。 预定义的不可修改的可引导代码集可以存储在诸如锁定的闪存的锁定存储器中，并且可以包括能够实现设备的最小通信功能的代码。 可以使用安全算法（例如，基于SHA的算法）来验证预定义的不可修改的可引导代码集。 安全算法所需的信息可以存储在存储器中，例如，一次性可编程只读存储器（OTP ROM）。 安全算法所需的存储信息可以包括SHA摘要，签名和/或密钥。 可以在验证存储的预定义的不可修改的可引导代码集之后的设备的代码重新编程期间验证和执行第二阶段代码集。

公开(公告)号：US08160248B2

公开(公告)日：2012-04-17

申请号：US12385258

申请日：2009-04-02

申请人： Andrew Dellow

发明人： Andrew Dellow

IPC分类号： H04L29/06

CPC分类号： H04L9/32 ,  G06F21/10 ,  H04L9/0897 ,  H04L9/16 ,  H04L2209/60

摘要： Methods and systems for authenticated mode control in controlled devices are disclosed. A method for changing a mode in a controlled device from a current mode includes selecting one of several available key derivation functions based on a target mode, generating a target mode specific root key using a global root key and the selected key derivation function, and the use of that root key to affect a change of the controlled device to a target mode. Corresponding devices and systems are also disclosed. In one embodiment, the methods are applicable to a cable television distribution system and the changing of the operating mode of a set top box from one conditional access provider to another.

摘要翻译： 公开了用于受控设备中认证模式控制的方法和系统。 一种用于从当前模式改变受控设备中的模式的方法包括：基于目标模式选择若干可用密钥导出函数之一，使用全局根密钥和所选密钥导出函数生成目标模式特定根密钥，以及 使用该根密钥来影响受控设备更改为目标模式。 还公开了相应的装置和系统。 在一个实施例中，这些方法适用于有线电视分配系统，并将机顶盒的操作模式从一个条件访问提供者改变到另一个。

公开(公告)号：US20110197054A1

公开(公告)日：2011-08-11

申请号：US13034176

申请日：2011-02-24

申请人： Stephane Rodgers ,  Andrew Dellow ,  Xuemin Chen ,  Iue-Shuenn Chen ,  Qiang Ye

发明人： Stephane Rodgers ,  Andrew Dellow ,  Xuemin Chen ,  Iue-Shuenn Chen ,  Qiang Ye

IPC分类号： G06F15/177

CPC分类号： G06F21/575 ,  G06F21/572

摘要： A boot code may be segmented to allow separate and independent storage of the code segments in a manner that may enable secure system boot by autonomous fetching and assembling of the boot code by a security sub-system. The code fetching may need to be done without the main CPU running on the chip for security reasons. Because the boot code may be stored in memory devices that require special software application to account for non-contiguous storage of data and/or code, for example a NAND flash memory which would require such an application as Bad Block Management, code segments stored in areas guaranteed to be usable may enable loading remaining segment separately and independently. Each of the code segments may be validated, wherein validation of the code segments may comprise use of hardware-based signatures.

摘要翻译： 引导代码可以被分段以允许以可以通过安全子系统自主地取出和组合引导代码来实现安全系统引导的方式来分离和独立地存储代码段。 出于安全考虑，代码获取可能需要完成，而主CPU不会在芯片上运行。 由于引导代码可能存储在需要特殊软件应用程序的存储器件中以解决数据和/或代码的不连续存储，例如需要诸如坏块管理的应用的NAND闪存，存储在 保证可用的区域可以分开和独立地加载剩余段。 可以验证每个代码段，其中代码段的验证可以包括使用基于硬件的签名。

公开(公告)号：US07969972B2

公开(公告)日：2011-06-28

申请号：US11144396

申请日：2005-06-03

申请人： Rodrigo Cordero ,  Paul Cox ,  Andrew Dellow

发明人： Rodrigo Cordero ,  Paul Cox ,  Andrew Dellow

IPC分类号： H04L12/28

CPC分类号： H04N21/64322 ,  H04N21/4381 ,  H04N21/4622

摘要： A system including input circuitry for receiving from one of a plurality of sources at least one packet stream including a plurality of packets for providing audio, video, private data and/or associated information; at least one output for outputting at least one packet of the at least one packet stream to circuitry arranged to provide an output stream; wherein the system is arranged to provide a tag indicative of the source, the tag being associated with the at least one packet.

摘要翻译： 一种包括用于从多个源中的一个源接收包括用于提供音频，视频，私人数据和/或相关信息的多个分组的至少一个分组流的输入电路的系统; 至少一个输出，用于将至少一个分组流的至少一个分组输出到布置成提供输出流的电路; 其中所述系统被布置为提供指示所述源的标签，所述标签与所述至少一个分组相关联。

公开(公告)号：US07900032B2

公开(公告)日：2011-03-01

申请号：US11746773

申请日：2007-05-10

申请人： Stephane Rodgers ,  Andrew Dellow ,  Xuemin Chen ,  Iue-Shuenn Chen ,  Qiang Ye

发明人： Stephane Rodgers ,  Andrew Dellow ,  Xuemin Chen ,  Iue-Shuenn Chen ,  Qiang Ye

IPC分类号： G06F9/00 ,  H04L9/00 ,  H04L9/32

CPC分类号： G06F21/575 ,  G06F21/572

摘要： Segmenting a boot code to allow separate and independent storage and validation of the segments in a manner that enable secure system boot by autonomous fetching and assembling of the boot code by a security sub-system. The code fetching may need to be done without the main CPU running on the chip for security reasons. Because the boot code may be stored in memory devices that require special software application to account for non-contiguous storage of data and/or code, for example a NAND flash memory which would require such an application as Bad Block Management, code segments stored in areas guaranteed to be usable may enable loading and validating remaining segment separately and independently.

摘要翻译： 分段引导代码，以允许通过安全子系统自主获取和组合引导代码来实现安全系统引导的方式，对段进行单独和独立的存储和验证。 出于安全考虑，代码获取可能需要完成，而主CPU不会在芯片上运行。 由于引导代码可能存储在需要特殊软件应用程序的存储器件中以解决数据和/或代码的不连续存储，例如将要求诸如坏块管理的应用的NAND闪存，存储在 保证可用的区域可以分别且独立地加载和验证剩余段。