公开(公告)号：US20090150676A1

公开(公告)日：2009-06-11

申请号：US11952772

申请日：2007-12-07

Applicant: Sherman Xuemin Chen ,  Stephane Rodgers

Inventor： Sherman Xuemin Chen ,  Stephane Rodgers

IPC: H04L9/32

CPC classification number: H04H20/31 ,  G06T1/0021 ,  H04H2201/50 ,  H04N5/4401 ,  H04N19/44 ,  H04N19/467 ,  H04N21/23892 ,  H04N21/43853 ,  H04N21/8358

Abstract: Methods and systems for robust watermark insertion and extraction for digital set-top boxes are disclosed and may include descrambling, detecting watermarking messages in a received video signal utilizing a watermark message parser, and immediately watermarking the descrambled video signal utilizing an embedded CPU. The embedded CPU may utilize code that may be signed by an authorized key, encrypted externally to the chip, decrypted, and stored in memory in a region off-limits to other processors. The video signal may be watermarked in a decompressed domain. The enabling of the watermarking may be verified utilizing a watchdog timer. The descriptors corresponding to the watermarking may be stored in memory that may be inaccessible by the main CPU. The watermark may comprise unique identifier data specific to the chip and a time stamp, and may be encrypted utilizing an on-chip combinatorial function.

Abstract translation: 公开了用于数字机顶盒的鲁棒水印插入和提取的方法和系统，并且可以包括解扰，利用水印消息解析器检测接收到的视频信号中的水印消息，并立即利用嵌入式CPU对解扰的视频信号进行加水印。 嵌入式CPU可以利用可以通过授权密钥进行签名的代码，在芯片外部加密，解密并存储在与其他处理器不同的区域的存储器中。 视频信号可以在解压缩域中加水印。 可以使用看门狗定时器来验证水印的使能。 与水印相对应的描述符可以存储在主CPU可能无法访问的存储器中。 水印可以包括专用于芯片的唯一标识符数据和时间标记，并且可以使用片上组合功能进行加密。

公开(公告)号：US20080086780A1

公开(公告)日：2008-04-10

申请号：US11753414

申请日：2007-05-24

Applicant: Xuemin Chen ,  Iue-Shuenn Chen ,  Stephane Rodgers ,  Andrew Dellow

Inventor： Xuemin Chen ,  Iue-Shuenn Chen ,  Stephane Rodgers ,  Andrew Dellow

IPC: H04L9/32

CPC classification number: G06F21/629 ,  G06F21/572 ,  H04N7/163 ,  H04N21/42692 ,  H04N21/4432 ,  H04N21/4627 ,  H04N21/818

Abstract: Methods and systems for protection of customer secrets in a secure reprogrammable system are disclosed, and may include controlling, via hardware logic and firmware, access to customer specific functions. The firmware may comprise trusted code, and may comprise boot code, stored in non-volatile memory, which may comprise read only memory, or a locked flash memory. A customer mode may be checked via the trusted code prior to allowing downloading of code written by a customer to the reprogrammable system. Access to customer specific functions may be restricted via commands from a trusted source. The hardware logic may be latched at startup in a disabled mode by the firmware, determined by the customer mode stored in a one time programmable memory. The customer mode may be re-checked utilizing the firmware, and may disallow the use of code other than trusted code in the reprogrammable system when the re-checking fails.

Abstract translation: 公开了用于保护安全可重新编程系统中的客户秘密的方法和系统，并且可以包括通过硬件逻辑和固件来控制对客户特定功能的访问。 固件可以包括可信代码，并且可以包括存储在非易失性存储器中的引导代码，其可以包括只读存储器或锁定的闪存。 可以在允许将由客户编写的代码下载到可重新编程系统之前通过可信代码来检查客户模式。 可以通过来自可信来源的命令来限制访问客户特定功能。 由存储在一次可编程存储器中的客户模式确定的固件可以在禁用模式下的硬件逻辑锁存硬件逻辑。 可以使用固件来重新检查客户模式，并且当重新检查失败时，可以不允许在可再编程系统中使用除可信代码之外的代码。

公开(公告)号：US20080086630A1

公开(公告)日：2008-04-10

申请号：US11746773

申请日：2007-05-10

Applicant: Stephane Rodgers ,  Andrew Dellow ,  Xuemin Chen ,  Iue-Shuenn Chen ,  Qiang Ye

Inventor： Stephane Rodgers ,  Andrew Dellow ,  Xuemin Chen ,  Iue-Shuenn Chen ,  Qiang Ye

IPC: G06F9/24

CPC classification number: G06F21/575 ,  G06F21/572

Abstract: Segmenting a boot code to allow separate and independent storage and validation of the segments in a manner that enable secure system boot by autonomous fetching and assembling of the boot code by a security sub-system. The code fetching may need to be done without the main CPU running on the chip for security reasons. Because the boot code may be stored in memory devices that require special software application to account for non-contiguous storage of data and/or code, for example a NAND flash memory which would require such an application as Bad Block Management, code segments stored in areas guaranteed to be usable may enable loading and validating remaining segment separately and independently.

Abstract translation: 分段引导代码，以允许通过安全子系统自主获取和组合引导代码来实现安全系统引导的方式，对段进行单独和独立的存储和验证。 出于安全考虑，代码获取可能需要完成，而主CPU不会在芯片上运行。 由于引导代码可能存储在需要特殊软件应用程序的存储器件中以解决数据和/或代码的不连续存储，例如将要求诸如坏块管理的应用的NAND闪存，存储在 保证可用的区域可以分别且独立地加载和验证剩余段。

公开(公告)号：US09438415B2

公开(公告)日：2016-09-06

申请号：US13171148

申请日：2011-06-28

Applicant: Xuemin Chen ,  Stephane Rodgers

Inventor： Xuemin Chen ,  Stephane Rodgers

IPC: H04L9/08 ,  H04L29/06

CPC classification number: H04L9/0825 ,  H04L63/0209 ,  H04L63/0823 ,  H04L2209/603

Abstract: A home gateway, which enables communication with a plurality of devices, recovers a root-content key from a key server of a service provider for secure delivery of content requested by a client device. The recovered root-content key is utilized to generate a content key for corresponding content scrambling. The home gateway communicates the scrambled content to the client device. The home gateway utilizes the RSA protocol to request the root-content key from the key server. The root-content key is recovered from the received key index. The content key is encrypted utilizing a public key and delivered to the client device. The key server distributes the public key to the gateway through authentication messages. The client device utilizes its own private key to recover the content key by decrypting the encrypted content key. The scrambled content from the home gateway is descrambled using the recovered content key for content consumption.

Abstract translation: 能够与多个设备进行通信的家庭网关从服务提供商的密钥服务器恢复根内容密钥，用于安全地传递由客户端设备请求的内容。 恢复的根内容密钥用于生成用于相应内容加扰的内容密钥。 家庭网关将加扰的内容传送到客户端设备。 家庭网关利用RSA协议从密钥服务器请求根内容密钥。 从接收到的密钥索引中恢复根内容密钥。 内容密钥使用公钥加密并传送到客户端设备。 密钥服务器通过认证消息将公钥分发到网关。 客户端设备利用自己的私钥通过解密加密的内容密钥来恢复内容密钥。 来自家庭网关的加扰内容使用恢复的内容密钥进行解扰，用于内容消费。

公开(公告)号：US08412903B2

公开(公告)日：2013-04-02

申请号：US13112801

申请日：2011-05-20

Applicant: Stephane Rodgers

Inventor： Stephane Rodgers

IPC: G06F12/00

CPC classification number: G06F21/6209 ,  G06F21/52 ,  G06F21/6281 ,  G06F2221/2105

Abstract: A secure processor in a PC-slave device manages secure loading of execution code and/or data, which is stored, in encrypted form, in a PC hard-drive. The secure processor causes decryption of the execution code and/or data by the PC-slave device, and storage of the decrypted execution code and/or data in a restricted portion of a memory that is dedicated for use by the PC-slave device, with the restricted portion of the dedicated memory being only accessible by the PC-slave device. The secure processor validates decrypted execution code and/or data. The secure processor blocks operations of a main processor in the PC-slave device during secure loading of execution code and/or data, and discontinues that blocking after validating the decrypted execution code and/or data. The secure processor stores encryption keys that are utilized during decryption of the encrypted execution code and/or data.

Abstract translation: PC-slave设备中的安全处理器管理以加密形式存储在PC硬盘驱动器中的执行代码和/或数据的安全加载。 安全处理器通过PC从设备对执行代码和/或数据进行解密，以及解密的执行代码和/或数据在专用于PC从设备的存储器的限制部分中的存储， 专用存储器的限制部分只能由PC从设备访问。 安全处理器验证解密的执行代码和/或数据。 安全处理器在执行代码和/或数据的安全加载期间阻止PC从设备中的主处理器的操作，并且在验证解密的执行代码和/或数据之后中止该阻塞。 安全处理器存储在解密加密的执行代码和/或数据期间使用的加密密钥。

公开(公告)号：US08365308B2

公开(公告)日：2013-01-29

申请号：US12248146

申请日：2008-10-09

Applicant: Stephane Rodgers ,  Iue-Shuenn Chen

Inventor： Stephane Rodgers ,  Iue-Shuenn Chen

IPC: G06F21/00

CPC classification number: G06F21/81

Abstract: A security processor integrated within a system may be securely shut down. The security processor may receive shut down requests, and may determine components and/or subsystems that need be shut down during shut down periods. The security processor may determine when each of the relevant components is ready for shut down. Once the relevant components are shut down, the security processor may itself be shut down, wherein the shut down of the security processor may be performed by stopping the clocking of the security processor. A security error monitor may monitor the system during shut down periods, and the security processor may be powered back on when security breaches and/or threats may be detected via the security error monitor. The security error monitor may be enabled to power on the security processor by reactivating the security processor clock, and the security processor may then power on the system.

Abstract translation: 集成在系统内的安全处理器可能被安全地关闭。 安全处理器可以接收关闭请求，并且可以确定在关闭时段期间需要关闭的组件和/或子系统。 安全处理器可以确定每个相关组件何时准备关闭。 一旦相关组件被关闭，安全处理器本身可以被关闭，其中可以通过停止安全处理器的计时来执行安全处理器的关闭。 安全错误监视器可以在关闭期间监视系统，并且可以通过安全错误监视器检测到安全漏洞和/或威胁时，可以重新启动安全处理器。 可以启用安全错误监视器以通过重新激活安全处理器时钟来打开安全处理器的电源，然后安全处理器可以打开系统电源。

公开(公告)号：US20130007452A1

公开(公告)日：2013-01-03

申请号：US13614834

申请日：2012-09-13

Applicant: Stephane Rodgers ,  Xuemin Chen

Inventor： Stephane Rodgers ,  Xuemin Chen

IPC: H04L9/32

CPC classification number: H04L63/06 ,  G06F21/31 ,  G06F21/606 ,  G06F2221/2129 ,  H04L63/0428 ,  H04N7/163 ,  H04N21/4143 ,  H04N21/4367 ,  H04N21/443

Abstract: Aspects of a method and system for command authentication to achieve a secure interface are provided. Command authentication between a host and a slave device in a multimedia system may be achieved by on-the-fly pairing or by an automatic one-time-programming via a security processor. In an on-the-fly pairing scheme, the host may generate a host key based on a host root key and host control words while the slave may generate slave key based the host key, a slave root key and slave control words. The slave key may be stored and later retrieved by the slave device to obtain the host key for authenticating host commands. The host may be disabled from generating and/or passing the host key to the slave. In an automatic one-time programming scheme, the security processor may burn a random number onto a onetime-programmable memory in the host and slave devices for command authentication.

Abstract translation: 提供了用于实现安全接口的命令认证的方法和系统的方面。 多媒体系统中的主机和从设备之间的命令认证可以通过即时配对或通过安全处理器的自动一次编程来实现。 在实时配对方案中，主机可以基于主机根密钥和主机控制字生成主机密钥，而从机​​可以基于主机密钥，从根密钥和从控制字生成从机密钥。 从属密钥可以被从设备存储和稍后检索以获得用于认证主机命令的主机密钥。 可能禁用主机生成和/或将主机密钥传递到从设备。 在自动一次性编程方案中，安全处理器可以将随机数刻录到主机和从设备中的一次可编程存储器上用于命令认证。

公开(公告)号：US20120328149A1

公开(公告)日：2012-12-27

申请号：US13604914

申请日：2012-09-06

Applicant: Sherman Xuemin CHEN ,  Stephane Rodgers

Inventor： Sherman Xuemin CHEN ,  Stephane Rodgers

IPC: G06K9/46

CPC classification number: H04H20/31 ,  G06T1/0021 ,  H04H2201/50 ,  H04N5/4401 ,  H04N19/44 ,  H04N19/467 ,  H04N21/23892 ,  H04N21/43853 ,  H04N21/8358

Abstract: Methods and systems for robust watermark insertion and extraction for digital set-top boxes are disclosed and may include descrambling, detecting watermarking messages in a received video signal utilizing a watermark message parser, and immediately watermarking the descrambled video signal utilizing an embedded CPU. The embedded CPU may utilize code that may be signed by an authorized key, encrypted externally to the chip, decrypted, and stored in memory in a region off-limits to other processors. The video signal may be watermarked in a decompressed domain. The enabling of the watermarking may be verified utilizing a watchdog timer. The descriptors corresponding to the watermarking may be stored in memory that may be inaccessible by the main CPU. The watermark may comprise unique identifier data specific to the chip and a time stamp, and may be encrypted utilizing an on-chip combinatorial function.

Abstract translation: 公开了用于数字机顶盒的鲁棒水印插入和提取的方法和系统，并且可以包括解扰，利用水印消息解析器检测接收到的视频信号中的水印消息，并立即利用嵌入式CPU对解扰的视频信号进行加水印。 嵌入式CPU可以利用可以通过授权密钥进行签名的代码，在芯片外部加密，解密并存储在与其他处理器不同的区域的存储器中。 视频信号可以在解压缩域中加水印。 可以使用看门狗定时器来验证水印的使能。 与水印相对应的描述符可以存储在主CPU可能无法访问的存储器中。 水印可以包括专用于芯片的唯一标识符数据和时间标记，并且可以使用片上组合功能进行加密。

公开(公告)号：US20120216034A1

公开(公告)日：2012-08-23

申请号：US13171148

申请日：2011-06-28

Applicant: Xuemin Chen ,  Stephane Rodgers

Inventor： Xuemin Chen ,  Stephane Rodgers

IPC: H04L9/08

CPC classification number: H04L9/0825 ,  H04L63/0209 ,  H04L63/0823 ,  H04L2209/603

Abstract: A home gateway, which enables communication with a plurality of devices, recovers a root-content key from a key server of a service provider for secure delivery of content requested by a client device. The recovered root-content key is utilized to generate a content key for corresponding content scrambling. The home gateway communicates the scrambled content to the client device. The home gateway utilizes the RSA protocol to request the root-content key from the key server. The root-content key is recovered from the received key index. The content key is encrypted utilizing a public key and delivered to the client device. The key server distributes the public key to the gateway through authentication messages. The client device utilizes its own private key to recover the content key by decrypting the encrypted content key. The scrambled content from the home gateway is descrambled using the recovered content key for content consumption.

Abstract translation: 能够与多个设备进行通信的家庭网关从服务提供商的密钥服务器恢复根内容密钥，用于安全地传递由客户端设备请求的内容。 恢复的根内容密钥用于生成用于相应内容加扰的内容密钥。 家庭网关将加扰的内容传送到客户端设备。 家庭网关利用RSA协议从密钥服务器请求根内容密钥。 从接收到的密钥索引中恢复根内容密钥。 内容密钥使用公钥加密并传送到客户端设备。 密钥服务器通过认证消息将公钥分发到网关。 客户端设备利用自己的私钥通过解密加密的内容密钥来恢复内容密钥。 使用恢复的内容密钥对来自家庭网关的加扰内容进行解扰，以进行内容消费。

公开(公告)号：US20100083387A1

公开(公告)日：2010-04-01

申请号：US12248146

申请日：2008-10-09

Applicant: Stephane Rodgers ,  Iue-Shuenn Chen

Inventor： Stephane Rodgers ,  Iue-Shuenn Chen

IPC: G06F1/26 ,  G06F11/30 ,  G06F11/00 ,  G06F1/04

CPC classification number: G06F21/81

Abstract: A security processor integrated within a system may be securely shut down. The security processor may receive shut down requests, and may determine components and/or subsystems that need be shut down during shut down periods. The security processor may determine when each of the relevant components is ready for shut down. Once the relevant components are shut down, the security processor may itself be shut down, wherein the shut down of the security processor may be performed by stopping the clocking of the security processor. A security error monitor may monitor the system during shut down periods, and the security processor may be powered back on when security breaches and/or threats may be detected via the security error monitor. The security error monitor may be enabled to power on the security processor by reactivating the security processor clock, and the security processor may then power on the system.

Abstract translation: 集成在系统内的安全处理器可能被安全地关闭。 安全处理器可以接收关闭请求，并且可以确定在关闭时段期间需要关闭的组件和/或子系统。 安全处理器可以确定每个相关组件何时准备关闭。 一旦相关组件被关闭，安全处理器本身可以被关闭，其中可以通过停止安全处理器的计时来执行安全处理器的关闭。 安全错误监视器可以在关闭期间监视系统，并且可以通过安全错误监视器检测到安全漏洞和/或威胁时，可以重新启动安全处理器。 可以启用安全错误监视器以通过重新激活安全处理器时钟来打开安全处理器的电源，然后安全处理器可以打开系统电源。