公开(公告)号：US08762719B2

公开(公告)日：2014-06-24

申请号：US13614834

申请日：2012-09-13

Applicant: Stephane Rodgers ,  Xuemin Chen

Inventor： Stephane Rodgers ,  Xuemin Chen

IPC: H04L9/32

CPC classification number: H04L63/06 ,  G06F21/31 ,  G06F21/606 ,  G06F2221/2129 ,  H04L63/0428 ,  H04N7/163 ,  H04N21/4143 ,  H04N21/4367 ,  H04N21/443

Abstract: Aspects of a method and system for command authentication to achieve a secure interface are provided. Command authentication between a host and a slave device in a multimedia system may be achieved by on-the-fly pairing or by an automatic one-time-programming via a security processor. In an on-the-fly pairing scheme, the host may generate a host key based on a host root key and host control words while the slave may generate slave key based the host key, a slave root key and slave control words. The slave key may be stored and later retrieved by the slave device to obtain the host key for authenticating host commands. The host may be disabled from generating and/or passing the host key to the slave. In an automatic one-time programming scheme, the security processor may burn a random number onto a onetime-programmable memory in the host and slave devices for command authentication.

Abstract translation: 提供了用于实现安全接口的命令认证的方法和系统的方面。 多媒体系统中的主机和从设备之间的命令认证可以通过即时配对或通过安全处理器的自动一次编程来实现。 在实时配对方案中，主机可以基于主机根密钥和主机控制字生成主机密钥，而从机​​可以基于主机密钥，从根密钥和从控制字生成从机密钥。 从属密钥可以被从设备存储和稍后检索以获得用于认证主机命令的主机密钥。 可能禁用主机生成和/或将主机密钥传递到从设备。 在自动一次性编程方案中，安全处理器可以将随机数刻录到主机和从设备中的一次可编程存储器上用于命令认证。

公开(公告)号：US20130290637A1

公开(公告)日：2013-10-31

申请号：US13460689

申请日：2012-04-30

Applicant: Flaviu Dorin Turean ,  Stephane Rodgers ,  George Harms ,  Joshua Stults

Inventor： Flaviu Dorin Turean ,  Stephane Rodgers ,  George Harms ,  Joshua Stults

IPC: G06F12/08

CPC classification number: G06F12/084 ,  G06F12/0811 ,  G06F12/1441 ,  G06F12/1458

Abstract: A technique to provide hardware protection for bus accesses for a processor in a multiple processor environment where at least two zones are established to separate or segregate processor functionality. In one implementation, control registers within a cache memory that supports the multiple processors are loaded with addresses associated with access rights for a particular processor. Then, when an access request is generated, the registers are checked to authorize the access.

Abstract translation: 在多处理器环境中为处理器提供总线访问的硬件保护的技术，其中至少两个区域被建立以分离或分离处理器功能。 在一个实现中，支持多个处理器的高速缓冲存储器内的控制寄存器被加载有与特定处理器的访问权限相关联的地址。 然后，当生成访问请求时，检查寄存器以授权访问。

公开(公告)号：US08528102B2

公开(公告)日：2013-09-03

申请号：US11753414

申请日：2007-05-24

Applicant: Xuemin Chen ,  Iue Shuenn Chen ,  Stephane Rodgers ,  Andrew Dellow

Inventor： Xuemin Chen ,  Iue Shuenn Chen ,  Stephane Rodgers ,  Andrew Dellow

IPC: G06F7/04

CPC classification number: G06F21/629 ,  G06F21/572 ,  H04N7/163 ,  H04N21/42692 ,  H04N21/4432 ,  H04N21/4627 ,  H04N21/818

Abstract: Methods and systems for protection of customer secrets in a secure reprogrammable system are disclosed, and may include controlling, via hardware logic and firmware, access to customer specific functions. The firmware may comprise trusted code, and may comprise boot code, stored in non-volatile memory, which may comprise read only memory, or a locked flash memory. A customer mode may be checked via the trusted code prior to allowing downloading of code written by a customer to the reprogrammable system. Access to customer specific functions may be restricted via commands from a trusted source. The hardware logic may be latched at startup in a disabled mode by the firmware, determined by the customer mode stored in a one time programmable memory. The customer mode may be re-checked utilizing the firmware, and may disallow the use of code other than trusted code in the reprogrammable system when the re-checking fails.

Abstract translation: 公开了用于保护安全可重新编程系统中的客户秘密的方法和系统，并且可以包括通过硬件逻辑和固件来控制对客户特定功能的访问。 固件可以包括可信代码，并且可以包括存储在非易失性存储器中的引导代码，其可以包括只读存储器或锁定的闪存。 可以在允许将由客户编写的代码下载到可重新编程系统之前通过可信代码来检查客户模式。 可以通过来自可信来源的命令来限制访问客户特定功能。 由存储在一次可编程存储器中的客户模式确定的固件可以在禁用模式下的硬件逻辑锁存硬件逻辑。 可以使用固件来重新检查客户模式，并且当重新检查失败时，可以不允许在可再编程系统中使用除可信代码之外的代码。

公开(公告)号：US08452987B2

公开(公告)日：2013-05-28

申请号：US11753474

申请日：2007-05-24

Applicant: Xuemin Chen ,  Andrew Dellow ,  Iue-Shuenn Chen ,  Stephane Rodgers

Inventor： Xuemin Chen ,  Andrew Dellow ,  Iue-Shuenn Chen ,  Stephane Rodgers

IPC: G06F11/30 ,  G06F12/14

CPC classification number: H04N21/4432 ,  G06F11/1433 ,  G06F21/572 ,  H04N21/4586 ,  H04N21/818

Abstract: Methods and systems for software security in a secure communication system are disclosed and may include verifying downloaded code in a reprogrammable system and reloading prestored unmodifiable first stage code upon failure. The prestored unmodifiable first stage code, which may comprise boot code for the reprogrammable system, may be stored in locked flash, and the downloaded software code may be stored in unlocked flash. The downloaded software code may be verified by comparing a signature of the downloaded code to a private key. A first sticky bit may be utilized to indicate a failure of the verification and a second sticky bit may be utilized to indicate passing of the verification and the use of the downloaded software code. Whether to reset the reprogrammable system and reload the prestored unmodifiable first stage code may be determined from within the reprogrammable system, which may comprise a set-top box.

Abstract translation: 公开了用于安全通信系统中的软件安全性的方法和系统，并且可以包括验证可再编程系统中的下载代码，并且在故障时重新加载预先存储的不可修改的第一级代码。 预先存储的不可修改的第一级代码（其可以包括用于可重新编程系统的引导代码）可以存储在锁定的闪存中，并且下载的软件代码可以存储在解锁的闪存中。 可以通过将下载的代码的签名与私钥进行比较来验证下载的软件代码。 可以使用第一粘性位来指示验证失败，并且可以利用第二粘性位来指示验证的传递和下载的软件代码的使用。 是否重置可编程系统并重新加载预先存储的不可修改的第一级代码可以在可重编程系统内确定，其可以包括机顶盒。

公开(公告)号：US08417931B2

公开(公告)日：2013-04-09

申请号：US13034176

申请日：2011-02-24

Applicant: Stephane Rodgers ,  Andrew Dellow ,  Xuemin Chen ,  Iue-Shuenn Chen ,  Qiang Ye

Inventor： Stephane Rodgers ,  Andrew Dellow ,  Xuemin Chen ,  Iue-Shuenn Chen ,  Qiang Ye

IPC: G06F9/00 ,  H04L9/00

CPC classification number: G06F21/575 ,  G06F21/572

Abstract: A boot code may be segmented to allow separate and independent storage of the code segments in a manner that may enable secure system boot by autonomous fetching and assembling of the boot code by a security sub-system. The code fetching may need to be done without the main CPU running on the chip for security reasons. Because the boot code may be stored in memory devices that require special software application to account for non-contiguous storage of data and/or code, for example a NAND flash memory which would require such an application as Bad Block Management, code segments stored in areas guaranteed to be usable may enable loading remaining segment separately and independently. Each of the code segments may be validated, wherein validation of the code segments may comprise use of hardware-based signatures.

Abstract translation: 引导代码可以被分段以允许以可以通过安全子系统自主地取出和组合引导代码来实现安全系统引导的方式来分离和独立地存储代码段。 出于安全考虑，代码获取可能需要完成，而主CPU不会在芯片上运行。 由于引导代码可能存储在需要特殊软件应用程序的存储器件中以解决数据和/或代码的不连续存储，例如将要求诸如坏块管理的应用的NAND闪存，存储在 保证可用的区域可以分开和独立地加载剩余段。 可以验证每个代码段，其中代码段的验证可以包括使用基于硬件的签名。

公开(公告)号：US08380993B2

公开(公告)日：2013-02-19

申请号：US11952772

申请日：2007-12-07

Applicant: Xuemin Chen ,  Stephane Rodgers

Inventor： Xuemin Chen ,  Stephane Rodgers

IPC: H04L9/32 ,  H04N7/167

CPC classification number: H04H20/31 ,  G06T1/0021 ,  H04H2201/50 ,  H04N5/4401 ,  H04N19/44 ,  H04N19/467 ,  H04N21/23892 ,  H04N21/43853 ,  H04N21/8358

Abstract: Methods and systems for robust watermark insertion and extraction for digital set-top boxes are disclosed and may include descrambling, detecting watermarking messages in a received video signal utilizing a watermark message parser, and immediately watermarking the descrambled video signal utilizing an embedded CPU. The embedded CPU may utilize code that may be signed by an authorized key, encrypted externally to the chip, decrypted, and stored in memory in a region off-limits to other processors. The video signal may be watermarked in a decompressed domain. The enabling of the watermarking may be verified utilizing a watchdog timer. The descriptors corresponding to the watermarking may be stored in memory that may be inaccessible by the main CPU. The watermark may comprise unique identifier data specific to the chip and a time stamp, and may be encrypted utilizing an on-chip combinatorial function.

Abstract translation: 公开了用于数字机顶盒的鲁棒水印插入和提取的方法和系统，并且可以包括解扰，利用水印消息解析器检测接收到的视频信号中的水印消息，并立即利用嵌入式CPU对解扰的视频信号进行加水印。 嵌入式CPU可以利用可以通过授权密钥进行签名的代码，在芯片外部加密，解密并存储在与其他处理器不同的区域的存储器中。 视频信号可以在解压缩域中加水印。 可以使用看门狗定时器来验证水印的使能。 与水印相对应的描述符可以存储在主CPU可能无法访问的存储器中。 水印可以包括专用于芯片的唯一标识符数据和时间标记，并且可以使用片上组合功能进行加密。

公开(公告)号：US08156345B2

公开(公告)日：2012-04-10

申请号：US13252484

申请日：2011-10-04

Applicant: Stephane Rodgers ,  Xuemin Chen

Inventor： Stephane Rodgers ,  Xuemin Chen

IPC: G06F11/30

CPC classification number: H04N7/1675 ,  G06F21/79 ,  G06F2221/2107 ,  H04N21/4181 ,  H04N21/4367

Abstract: A slave device may receive commands from a host device communicatively coupled to the slave device, via a secure interface configured between the slave device and the host device over that coupling. An integrated memory within the slave device may be configured into a plurality of memory portions or regions based on the received commands. The memory regions may be utilized during operations associated with authentication of subsequent commands from the host device. A first memory region may enable storage of encrypted host commands and data. A second region may enable storage of decrypted host commands and data. A third region may enable storage of internal variables and/or intermediate results from operations performed by the slave device. Another region may comprise internal registers that enable storage of information only accessible to the slave device. Access to some of the memory regions may be controlled and/or restricted by the slave device.

Abstract translation: 从设备可以经由通过该耦合在从设备和主机设备之间配置的安全接口从通信地耦合到从设备的主机设备接收命令。 可以根据所接收的命令将从设备内的集成存储器配置成多个存储器部分或区域。 可以在与来自主机设备的后续命令的认证相关联的操作期间利用存储器区域。 第一存储器区域可以实现加密的主机命令和数据的存储。 第二区域可以实现解密的主机命令和数据的存储。 第三区域可以实现从设备执行的操作的内部变量和/或中间结果的存储。 另一区域可以包括内部寄存器，其能够存储只能由从设备访问的信息。 对一些存储器区域的访问可以被从设备控制和/或限制。

公开(公告)号：US20110197069A9

公开(公告)日：2011-08-11

申请号：US11743533

申请日：2007-05-02

Applicant: Stephane Rodgers ,  Andrew Dellow

Inventor： Stephane Rodgers ,  Andrew Dellow

IPC: H04L9/32

CPC classification number: H04L9/3247 ,  G06F21/10 ,  G06F2221/0711 ,  G06F2221/0771 ,  H04L9/0891 ,  H04L63/0435 ,  H04L63/123 ,  H04L63/1458 ,  H04L2209/60 ,  H04L2209/605 ,  H04L2463/062

Abstract: Methods and systems for preventing revocation denial of service attacks are disclosed and may include receiving and decrypting a command for revoking a secure key utilizing a hidden key, and revoking the secure key upon successful verification of a signature. The command may comprise a key ID that is unique to a specific set-top box. A key corresponding to the command for revoking the secure key may be stored in a one-time programmable memory, compared to a reference, and the security key may be revoked based on the comparison. The command for revoking the secure key may be parsed from a transport stream utilizing a hardware parser. The method and system may also comprise generating a command for revoking a secure key. The command may be encrypted and signed utilizing a hidden key and may comprise a key ID that is unique to a specific set-top box.

Abstract translation: 公开了用于防止撤销拒绝服务攻击的方法和系统，并且可以包括使用隐藏密钥接收和解密用于撤销安全密钥的命令，以及在成功验证签名时撤销安全密钥。 该命令可以包括特定机顶盒唯一的密钥ID。 与参考相比，与撤销安全密钥的命令相对应的密钥可以存储在一次性可编程存储器中，并且可以基于比较来撤销安全密钥。 用于撤销安全密钥的命令可以使用硬件解析器从传输流中解析出来。 该方法和系统还可以包括生成用于撤销安全密钥的命令。 命令可以使用隐藏密钥进行加密和签名，并且可以包括特定机顶盒唯一的密钥ID。

公开(公告)号：US20080046733A1

公开(公告)日：2008-02-21

申请号：US11558662

申请日：2006-11-10

Applicant: Stephane Rodgers ,  Xuemin Chen

Inventor： Stephane Rodgers ,  Xuemin Chen

IPC: H04L9/00

CPC classification number: H04L63/06 ,  G06F21/31 ,  G06F21/606 ,  G06F2221/2129 ,  H04L63/0428 ,  H04N7/163 ,  H04N21/4143 ,  H04N21/4367 ,  H04N21/443

Abstract: Aspects of a method and system for command authentication to achieve a secure interface are provided. Command authentication between a host and a slave device in a multimedia system may be achieved by on-the-fly pairing or by an automatic one-time-programming via a security processor. In an on-the-fly pairing scheme, the host may generate a host key based on a host root key and host control words while the slave may generate slave key based the host key, a slave root key and slave control words. The slave key may be stored and later retrieved by the slave device to obtain the host key for authenticating host commands. The host may be disabled from generating and/or passing the host key to the slave. In an automatic one-time-programming scheme, the security processor may burn a random number onto a one-time-programmable memory in the host and slave devices for command authentication.

Abstract translation: 提供了用于实现安全接口的命令认证的方法和系统的方面。 多媒体系统中的主机和从设备之间的命令认证可以通过即时配对或通过安全处理器的自动一次编程来实现。 在实时配对方案中，主机可以基于主机根密钥和主机控制字生成主机密钥，而从机​​可以基于主机密钥，从根密钥和从属控制字生成从机密钥。 从属密钥可以被从设备存储和稍后检索以获得用于认证主机命令的主机密钥。 可能禁用主机生成和/或将主机密钥传递到从设备。 在自动一次编程方案中，安全处理器可以将随机数刻录到主机和从设备中的一次性可编程存储器中用于命令认证。

公开(公告)号：US20070233982A1

公开(公告)日：2007-10-04

申请号：US11393164

申请日：2006-03-28

Applicant: Xuemin Chen ,  Stephane Rodgers

Inventor： Xuemin Chen ,  Stephane Rodgers

IPC: G06F12/14

CPC classification number: G06F12/1408 ,  G06F21/78 ,  G06F21/85

Abstract: A system and a method for protecting the security of data stored externally to a data processing engine of a data processor using at least one secure pad memory that is mapped to internal memory of the data processing engine and to the external memory. The memory data protection system and method performs an arithmetic operation, such as a bitwise exclusive OR (“XOR”) operation, on data being read from the data processing engine or written to the external memory using data stored in secure pads of the secure pad memory, which data may be random numbers generated by a random number generator.

Abstract translation: 一种用于使用映射到数据处理引擎的内部存储器和外部存储器的至少一个安全衬垫存储器来保护外部存储在数据处理引擎的数据的安全性的系统和方法。 存储器数据保护系统和方法对从数据处理引擎读取的数据或使用存储在安全垫的安全焊盘中的数据写入外部存储器来执行例如按位异或（“异或”）运算的算术运算 存储器，哪些数据可以是由随机数生成器生成的随机数。