公开(公告)号：US09405562B2

公开(公告)日：2016-08-02

申请号：US13721959

申请日：2012-12-20

申请人： Marcus C. Kellerman ,  Narayan Rajgopal ,  Joshua Stults ,  Kevin Cernekee

发明人： Marcus C. Kellerman ,  Narayan Rajgopal ,  Joshua Stults ,  Kevin Cernekee

IPC分类号： G06F9/455 ,  H04N21/443

CPC分类号： G06F9/455 ,  H04N21/4437

摘要： A set top box or like device utilizing virtualization techniques to isolate secure device resources from an untrusted software framework incorporated in the device. In one implementation, a first virtual machine container is provided for secure execution of a traditional set top box application, while a second virtual machine container is utilized to host a software framework or untrusted portions of a software framework. A secure access client/server interface is provided to support interactions between the first and second virtual machine containers. The software framework may comprise, for example, an Android framework supported by an underlying Linux operating system environment and isolated in a Linux resource container. Virtual container constructs in various embodiments may employ varying levels of hardware sandboxing, including use of dedicated processing resources in multi-processor environments. In further embodiments, the software framework may be partitioned into trusted and untrusted portions that are executed in separate virtual containers.

摘要翻译： 利用虚拟化技术的机顶盒或类似设备将安全设备资源与包含在设备中的不受信任的软件框架隔离开。 在一个实现中，提供第一虚拟机容器用于传统机顶盒应用的安全执行，而第二虚拟机容器被用于托管软件框架的软件框架或不可信部分。 提供安全访问客户端/服务器接口以支持第一和第二虚拟机容器之间的交互。 软件框架可以包括例如由底层Linux操作系统环境支持并在Linux资源容器中隔离的Android框架。 各种实施例中的虚拟容器结构可以采用不同级别的硬件沙箱，包括在多处理器环境中使用专用处理资源。 在另外的实施例中，软件框架可以被划分为在分开的虚拟容器中执行的可信任和不可信部分。

公开(公告)号：US20140115580A1

公开(公告)日：2014-04-24

申请号：US13721959

申请日：2012-12-20

申请人： Marcus C. Kellerman ,  Narayan Rajgopal ,  Joshua Stults ,  Kevin Cernekee

发明人： Marcus C. Kellerman ,  Narayan Rajgopal ,  Joshua Stults ,  Kevin Cernekee

IPC分类号： G06F9/455

CPC分类号： G06F9/455 ,  H04N21/4437

摘要： A set top box or like device utilizing virtualization techniques to isolate secure device resources from an untrusted software framework incorporated in the device. In one implementation, a first virtual machine container is provided for secure execution of a traditional set top box application, while a second virtual machine container is utilized to host a software framework or untrusted portions of a software framework. A secure access client/server interface is provided to support interactions between the first and second virtual machine containers. The software framework may comprise, for example, an Android framework supported by an underlying Linux operating system environment and isolated in a Linux resource container. Virtual container constructs in various embodiments may employ varying levels of hardware sandboxing, including use of dedicated processing resources in multi-processor environments. In further embodiments, the software framework may be partitioned into trusted and untrusted portions that are executed in separate virtual containers.

摘要翻译： 利用虚拟化技术的机顶盒或类似设备将安全设备资源与包含在设备中的不受信任的软件框架隔离开。 在一个实现中，提供第一虚拟机容器用于传统的机顶盒应用的安全执行，而第二虚拟机容器被用于托管软件框架的软件框架或不可信部分。 提供安全访问客户端/服务器接口以支持第一和第二虚拟机容器之间的交互。 软件框架可以包括例如由底层Linux操作系统环境支持并在Linux资源容器中隔离的Android框架。 各种实施例中的虚拟容器结构可以采用不同级别的硬件沙箱，包括在多处理器环境中使用专用处理资源。 在另外的实施例中，软件框架可以被划分为在分开的虚拟容器中执行的可信任和不可信部分。