公开(公告)号：US20090187704A1

公开(公告)日：2009-07-23

申请号：US12015648

申请日：2008-01-17

Applicant: Stephane Rodgers

Inventor： Stephane Rodgers

IPC: G06F12/14 ,  G06F12/00 ,  G06F13/00

CPC classification number: G06F21/6209 ,  G06F21/52 ,  G06F21/6281 ,  G06F2221/2105

Abstract: A PC-slave device may securely load and decrypt an execution code and/or data, which may be stored, encrypted, in a PC hard-drive. The PC-slave device may utilize a dedicated memory, which may be partitioned into an accessible region and a restricted region that may only be accessible by the PC-slave device. The encrypted execution code and/or may be loaded into the accessible region of the dedicated memory; the PC-slave device may decrypt the execution code and/or data, internally, and store the decrypted execution code and/or data into the restricted region of the dedicated memory. The decrypted execution code and/or data may be validated, and may be utilized from the restricted region. The partitioning of the dedicated memory, into accessible and restricted regions, may be performed dynamically during secure code loading. The PC-slave device may comprise a dedicated secure processor that may perform and/or manage secure code loading.

Abstract translation: PC从设备可以安全地加载和解密可以存储，加密的PC硬盘驱动器中的执行代码和/或数据。 PC从设备可以利用专用存储器，其可以被划分为只能由PC从设备访问的可访问区域和受限区域。 加密的执行代码和/或可以被加载到专用存储器的可访问区域中; PC从设备可以在内部解密执行代码和/或数据，并将解密的执行代码和/或数据存储到专用存储器的受限区域中。 解密的执行代码和/或数据可以被验证，并且可以从受限区域使用。 可以在安全代码加载期间动态地执行专用存储器到可访问和限制区域的划分。 PC从设备可以包括可以执行和/或管理安全代码加载的专用安全处理器。

公开(公告)号：US20080086780A1

公开(公告)日：2008-04-10

申请号：US11753414

申请日：2007-05-24

Applicant: Xuemin Chen ,  Iue-Shuenn Chen ,  Stephane Rodgers ,  Andrew Dellow

Inventor： Xuemin Chen ,  Iue-Shuenn Chen ,  Stephane Rodgers ,  Andrew Dellow

IPC: H04L9/32

CPC classification number: G06F21/629 ,  G06F21/572 ,  H04N7/163 ,  H04N21/42692 ,  H04N21/4432 ,  H04N21/4627 ,  H04N21/818

Abstract: Methods and systems for protection of customer secrets in a secure reprogrammable system are disclosed, and may include controlling, via hardware logic and firmware, access to customer specific functions. The firmware may comprise trusted code, and may comprise boot code, stored in non-volatile memory, which may comprise read only memory, or a locked flash memory. A customer mode may be checked via the trusted code prior to allowing downloading of code written by a customer to the reprogrammable system. Access to customer specific functions may be restricted via commands from a trusted source. The hardware logic may be latched at startup in a disabled mode by the firmware, determined by the customer mode stored in a one time programmable memory. The customer mode may be re-checked utilizing the firmware, and may disallow the use of code other than trusted code in the reprogrammable system when the re-checking fails.

Abstract translation: 公开了用于保护安全可重新编程系统中的客户秘密的方法和系统，并且可以包括通过硬件逻辑和固件来控制对客户特定功能的访问。 固件可以包括可信代码，并且可以包括存储在非易失性存储器中的引导代码，其可以包括只读存储器或锁定的闪存。 可以在允许将由客户编写的代码下载到可重新编程系统之前通过可信代码来检查客户模式。 可以通过来自可信来源的命令来限制访问客户特定功能。 由存储在一次可编程存储器中的客户模式确定的固件可以在禁用模式下的硬件逻辑锁存硬件逻辑。 可以使用固件来重新检查客户模式，并且当重新检查失败时，可以不允许在可再编程系统中使用除可信代码之外的代码。

公开(公告)号：US20080086630A1

公开(公告)日：2008-04-10

申请号：US11746773

申请日：2007-05-10

Applicant: Stephane Rodgers ,  Andrew Dellow ,  Xuemin Chen ,  Iue-Shuenn Chen ,  Qiang Ye

Inventor： Stephane Rodgers ,  Andrew Dellow ,  Xuemin Chen ,  Iue-Shuenn Chen ,  Qiang Ye

IPC: G06F9/24

CPC classification number: G06F21/575 ,  G06F21/572

Abstract: Segmenting a boot code to allow separate and independent storage and validation of the segments in a manner that enable secure system boot by autonomous fetching and assembling of the boot code by a security sub-system. The code fetching may need to be done without the main CPU running on the chip for security reasons. Because the boot code may be stored in memory devices that require special software application to account for non-contiguous storage of data and/or code, for example a NAND flash memory which would require such an application as Bad Block Management, code segments stored in areas guaranteed to be usable may enable loading and validating remaining segment separately and independently.

Abstract translation: 分段引导代码，以允许通过安全子系统自主获取和组合引导代码来实现安全系统引导的方式，对段进行单独和独立的存储和验证。 出于安全考虑，代码获取可能需要完成，而主CPU不会在芯片上运行。 由于引导代码可能存储在需要特殊软件应用程序的存储器件中以解决数据和/或代码的不连续存储，例如将要求诸如坏块管理的应用的NAND闪存，存储在 保证可用的区域可以分别且独立地加载和验证剩余段。

公开(公告)号：US09438415B2

公开(公告)日：2016-09-06

申请号：US13171148

申请日：2011-06-28

Applicant: Xuemin Chen ,  Stephane Rodgers

Inventor： Xuemin Chen ,  Stephane Rodgers

IPC: H04L9/08 ,  H04L29/06

CPC classification number: H04L9/0825 ,  H04L63/0209 ,  H04L63/0823 ,  H04L2209/603

Abstract: A home gateway, which enables communication with a plurality of devices, recovers a root-content key from a key server of a service provider for secure delivery of content requested by a client device. The recovered root-content key is utilized to generate a content key for corresponding content scrambling. The home gateway communicates the scrambled content to the client device. The home gateway utilizes the RSA protocol to request the root-content key from the key server. The root-content key is recovered from the received key index. The content key is encrypted utilizing a public key and delivered to the client device. The key server distributes the public key to the gateway through authentication messages. The client device utilizes its own private key to recover the content key by decrypting the encrypted content key. The scrambled content from the home gateway is descrambled using the recovered content key for content consumption.

Abstract translation: 能够与多个设备进行通信的家庭网关从服务提供商的密钥服务器恢复根内容密钥，用于安全地传递由客户端设备请求的内容。 恢复的根内容密钥用于生成用于相应内容加扰的内容密钥。 家庭网关将加扰的内容传送到客户端设备。 家庭网关利用RSA协议从密钥服务器请求根内容密钥。 从接收到的密钥索引中恢复根内容密钥。 内容密钥使用公钥加密并传送到客户端设备。 密钥服务器通过认证消息将公钥分发到网关。 客户端设备利用自己的私钥通过解密加密的内容密钥来恢复内容密钥。 来自家庭网关的加扰内容使用恢复的内容密钥进行解扰，用于内容消费。

公开(公告)号：US08412903B2

公开(公告)日：2013-04-02

申请号：US13112801

申请日：2011-05-20

Applicant: Stephane Rodgers

Inventor： Stephane Rodgers

IPC: G06F12/00

CPC classification number: G06F21/6209 ,  G06F21/52 ,  G06F21/6281 ,  G06F2221/2105

Abstract: A secure processor in a PC-slave device manages secure loading of execution code and/or data, which is stored, in encrypted form, in a PC hard-drive. The secure processor causes decryption of the execution code and/or data by the PC-slave device, and storage of the decrypted execution code and/or data in a restricted portion of a memory that is dedicated for use by the PC-slave device, with the restricted portion of the dedicated memory being only accessible by the PC-slave device. The secure processor validates decrypted execution code and/or data. The secure processor blocks operations of a main processor in the PC-slave device during secure loading of execution code and/or data, and discontinues that blocking after validating the decrypted execution code and/or data. The secure processor stores encryption keys that are utilized during decryption of the encrypted execution code and/or data.

Abstract translation: PC-slave设备中的安全处理器管理以加密形式存储在PC硬盘驱动器中的执行代码和/或数据的安全加载。 安全处理器通过PC从设备对执行代码和/或数据进行解密，以及解密的执行代码和/或数据在专用于PC从设备的存储器的限制部分中的存储， 专用存储器的限制部分只能由PC从设备访问。 安全处理器验证解密的执行代码和/或数据。 安全处理器在执行代码和/或数据的安全加载期间阻止PC从设备中的主处理器的操作，并且在验证解密的执行代码和/或数据之后中止该阻塞。 安全处理器存储在解密加密的执行代码和/或数据期间使用的加密密钥。

公开(公告)号：US08365308B2

公开(公告)日：2013-01-29

申请号：US12248146

申请日：2008-10-09

Applicant: Stephane Rodgers ,  Iue-Shuenn Chen

Inventor： Stephane Rodgers ,  Iue-Shuenn Chen

IPC: G06F21/00

CPC classification number: G06F21/81

Abstract: A security processor integrated within a system may be securely shut down. The security processor may receive shut down requests, and may determine components and/or subsystems that need be shut down during shut down periods. The security processor may determine when each of the relevant components is ready for shut down. Once the relevant components are shut down, the security processor may itself be shut down, wherein the shut down of the security processor may be performed by stopping the clocking of the security processor. A security error monitor may monitor the system during shut down periods, and the security processor may be powered back on when security breaches and/or threats may be detected via the security error monitor. The security error monitor may be enabled to power on the security processor by reactivating the security processor clock, and the security processor may then power on the system.

Abstract translation: 集成在系统内的安全处理器可能被安全地关闭。 安全处理器可以接收关闭请求，并且可以确定在关闭时段期间需要关闭的组件和/或子系统。 安全处理器可以确定每个相关组件何时准备关闭。 一旦相关组件被关闭，安全处理器本身可以被关闭，其中可以通过停止安全处理器的计时来执行安全处理器的关闭。 安全错误监视器可以在关闭期间监视系统，并且可以通过安全错误监视器检测到安全漏洞和/或威胁时，可以重新启动安全处理器。 可以启用安全错误监视器以通过重新激活安全处理器时钟来打开安全处理器的电源，然后安全处理器可以打开系统电源。

公开(公告)号：US20130007452A1

公开(公告)日：2013-01-03

申请号：US13614834

申请日：2012-09-13

Applicant: Stephane Rodgers ,  Xuemin Chen

Inventor： Stephane Rodgers ,  Xuemin Chen

IPC: H04L9/32

CPC classification number: H04L63/06 ,  G06F21/31 ,  G06F21/606 ,  G06F2221/2129 ,  H04L63/0428 ,  H04N7/163 ,  H04N21/4143 ,  H04N21/4367 ,  H04N21/443

Abstract: Aspects of a method and system for command authentication to achieve a secure interface are provided. Command authentication between a host and a slave device in a multimedia system may be achieved by on-the-fly pairing or by an automatic one-time-programming via a security processor. In an on-the-fly pairing scheme, the host may generate a host key based on a host root key and host control words while the slave may generate slave key based the host key, a slave root key and slave control words. The slave key may be stored and later retrieved by the slave device to obtain the host key for authenticating host commands. The host may be disabled from generating and/or passing the host key to the slave. In an automatic one-time programming scheme, the security processor may burn a random number onto a onetime-programmable memory in the host and slave devices for command authentication.

Abstract translation: 提供了用于实现安全接口的命令认证的方法和系统的方面。 多媒体系统中的主机和从设备之间的命令认证可以通过即时配对或通过安全处理器的自动一次编程来实现。 在实时配对方案中，主机可以基于主机根密钥和主机控制字生成主机密钥，而从机​​可以基于主机密钥，从根密钥和从控制字生成从机密钥。 从属密钥可以被从设备存储和稍后检索以获得用于认证主机命令的主机密钥。 可能禁用主机生成和/或将主机密钥传递到从设备。 在自动一次性编程方案中，安全处理器可以将随机数刻录到主机和从设备中的一次可编程存储器上用于命令认证。

公开(公告)号：US20120216034A1

公开(公告)日：2012-08-23

申请号：US13171148

申请日：2011-06-28

Applicant: Xuemin Chen ,  Stephane Rodgers

Inventor： Xuemin Chen ,  Stephane Rodgers

IPC: H04L9/08

CPC classification number: H04L9/0825 ,  H04L63/0209 ,  H04L63/0823 ,  H04L2209/603

Abstract: A home gateway, which enables communication with a plurality of devices, recovers a root-content key from a key server of a service provider for secure delivery of content requested by a client device. The recovered root-content key is utilized to generate a content key for corresponding content scrambling. The home gateway communicates the scrambled content to the client device. The home gateway utilizes the RSA protocol to request the root-content key from the key server. The root-content key is recovered from the received key index. The content key is encrypted utilizing a public key and delivered to the client device. The key server distributes the public key to the gateway through authentication messages. The client device utilizes its own private key to recover the content key by decrypting the encrypted content key. The scrambled content from the home gateway is descrambled using the recovered content key for content consumption.

Abstract translation: 能够与多个设备进行通信的家庭网关从服务提供商的密钥服务器恢复根内容密钥，用于安全地传递由客户端设备请求的内容。 恢复的根内容密钥用于生成用于相应内容加扰的内容密钥。 家庭网关将加扰的内容传送到客户端设备。 家庭网关利用RSA协议从密钥服务器请求根内容密钥。 从接收到的密钥索引中恢复根内容密钥。 内容密钥使用公钥加密并传送到客户端设备。 密钥服务器通过认证消息将公钥分发到网关。 客户端设备利用自己的私钥通过解密加密的内容密钥来恢复内容密钥。 使用恢复的内容密钥对来自家庭网关的加扰内容进行解扰，以进行内容消费。

公开(公告)号：US20100083387A1

公开(公告)日：2010-04-01

申请号：US12248146

申请日：2008-10-09

Applicant: Stephane Rodgers ,  Iue-Shuenn Chen

Inventor： Stephane Rodgers ,  Iue-Shuenn Chen

IPC: G06F1/26 ,  G06F11/30 ,  G06F11/00 ,  G06F1/04

CPC classification number: G06F21/81

Abstract: A security processor integrated within a system may be securely shut down. The security processor may receive shut down requests, and may determine components and/or subsystems that need be shut down during shut down periods. The security processor may determine when each of the relevant components is ready for shut down. Once the relevant components are shut down, the security processor may itself be shut down, wherein the shut down of the security processor may be performed by stopping the clocking of the security processor. A security error monitor may monitor the system during shut down periods, and the security processor may be powered back on when security breaches and/or threats may be detected via the security error monitor. The security error monitor may be enabled to power on the security processor by reactivating the security processor clock, and the security processor may then power on the system.

Abstract translation: 集成在系统内的安全处理器可能被安全地关闭。 安全处理器可以接收关闭请求，并且可以确定在关闭时段期间需要关闭的组件和/或子系统。 安全处理器可以确定每个相关组件何时准备关闭。 一旦相关组件被关闭，安全处理器本身可以被关闭，其中可以通过停止安全处理器的计时来执行安全处理器的关闭。 安全错误监视器可以在关闭期间监视系统，并且可以通过安全错误监视器检测到安全漏洞和/或威胁时，可以重新启动安全处理器。 可以启用安全错误监视器以通过重新激活安全处理器时钟来打开安全处理器的电源，然后安全处理器可以打开系统电源。

公开(公告)号：US20080086781A1

公开(公告)日：2008-04-10

申请号：US11741990

申请日：2007-04-30

Applicant: Stephane Rodgers

Inventor： Stephane Rodgers

IPC: G08B29/12 ,  G01R31/3193

CPC classification number: G06F21/552

Abstract: Aspects of a method and system for glitch protection in a secure system are provided. In this regard, the output of an on-chip security operation may be combinatorially compared with an expected output of the security operation. Based on the results of the comparison, one or more signals which may control access to one or more on-chip secure functions may be generated. The security operation may, for example, comprise generating a message digest utilizing a SHA and/or modifying a stored value based on an amount of code being executed. The expected output may comprise a single value or range of values. In this regard, a system may, for example, be protected from glitch attacks causing lines-of code to be skipped and or causing enable signals to be forced to an illegitimate value.

Abstract translation: 提供了一种安全系统中毛刺保护方法和系统的方面。 在这方面，片上安全操作的输出可以与安全操作的预期输出进行组合比较。 基于比较的结果，可以产生可以控制对一个或多个片上安全功能的访问的一个或多个信号。 安全操作可以例如包括利用SHA生成消息摘要和/或基于正在执行的代码量来修改存储的值。 期望的输出可以包括单个值或值的范围。 在这方面，例如，可以保护系统免受毛刺攻击，从而导致要跳过的代码行，或者使得使能信号被强制为非法值。