公开(公告)号：US09026800B2

公开(公告)日：2015-05-05

申请号：US11743545

申请日：2007-05-02

申请人： Stephane Rodgers ,  Andrew Dellow ,  Iue-Shuenn Chen ,  Xuemin Chen ,  Carolyn Walker

发明人： Stephane Rodgers ,  Andrew Dellow ,  Iue-Shuenn Chen ,  Xuemin Chen ,  Carolyn Walker

IPC分类号： G06F21/00 ,  G06F21/57 ,  G06F21/60 ,  G06F21/64 ,  G06F21/12 ,  H04L9/06 ,  H04L29/06 ,  H04N7/16 ,  H04N21/426 ,  H04N21/458 ,  H04N21/4623 ,  H04N21/81 ,  G06F21/10

CPC分类号： G06F21/572 ,  G06F21/10 ,  G06F21/12 ,  G06F21/121 ,  G06F21/60 ,  G06F21/64 ,  G06F2221/033 ,  H04L9/0643 ,  H04L63/12 ,  H04L63/123 ,  H04N7/162 ,  H04N21/42623 ,  H04N21/4586 ,  H04N21/4623 ,  H04N21/8193

摘要： Methods and systems for allowing customer or third party testing of secure programmable code are disclosed and may include verifying code loaded in a set-top box utilizing a test hash or a production hash prior to execution of the code, where the test hash and production hash may be stored in a memory, such as an OTP, within the set-top box, and may allow migration from corresponding test code to production code, which may be verified utilizing the test hash and production hash, respectively. The test and production hashes may be customer specific. The migration from test code to production code may be authenticated using at least a set-top box specific password. The test hash may be stored in a first portion of a one-time programmable memory and the production hash in a remaining portion, with the first portion being less than or equal to the remaining portion.

摘要翻译： 公开了用于允许客户或第三方测试安全可编程代码的方法和系统，并且可以包括在执行代码之前利用测试散列或生产散列验证加载在机顶盒中的代码，其中测试散列和生产散列 可以存储在机顶盒内的诸如OTP的存储器中，并且可以允许从相应的测试代码迁移到生产代码，这可以分别使用测试散列和生产散列进行验证。 测试和生产散列可能是客户特定的。 从测试代码到生产代码的迁移可以至少使用机顶盒专用密码进行认证。 测试散列可以存储在一次性可编程存储器的第一部分中，并且剩余部分中的生成散列，其中第一部分小于或等于其余部分。

公开(公告)号：US08042157B2

公开(公告)日：2011-10-18

申请号：US11465535

申请日：2006-08-18

申请人： Peter Bennett ,  Andrew Dellow

发明人： Peter Bennett ,  Andrew Dellow

IPC分类号： H04L29/00

CPC分类号： H04N21/443 ,  H04H60/23 ,  H04H60/80

摘要： A filter is arranged to selectively block or allow a data access command from an initiator according to whether the initiator is secure or insecure and whether a data source or destination being accessed is privileged or unprivileged. The data access command contains an identification of the initiator from which the data access command originated and an identification of the data source or destination being accessed. The security filter compares the initiator identification and data source or destination identification contained within the data access command with a list of those initiators defined as secure and a list of those data sources or destinations which are defined as unprivileged. The filter then blocks or allows the data access command signal according to a set of rules.

摘要翻译： 布置过滤器以根据启动器是安全的还是不安全的以及被访问的数据源或目的地是特权还是非特权来选择性地阻止或允许来自发起者的数据访问命令。 数据访问命令包含发起数据访问命令的启动器的标识以及所访问的数据源或目的地的标识。 安全过滤器将包含在数据访问命令中的启动器标识和数据源或目的地标识与定义为安全的那些启动器的列表以及被定义为无特权的那些数据源或目的地的列表进行比较。 然后，滤波器根据一组规则阻止或允许数据访问命令信号。

公开(公告)号：US07624442B2

公开(公告)日：2009-11-24

申请号：US10817148

申请日：2004-04-02

申请人： Andrew Dellow ,  Peter Bennett

发明人： Andrew Dellow ,  Peter Bennett

IPC分类号： G06F11/00

CPC分类号： G06F21/72 ,  G06F12/1441 ,  G06F21/57 ,  G06F2221/2105

摘要： A semiconductor integrated circuit includes a processor for executing application code from a memory and a verifier processor arranged to receive the application code via the same internal bus as the processor. The verifier processor performs a verification function to check that the application code is authentic. The verifier processor runs autonomously and cannot be spoofed as it receives the application code via the same internal bus as the main processor. An additional instruction monitor checks the code instructions from the CPU and also impairs the operation of the circuit unless the address of code requested is in a given range. The code is in the form of a linked list and the range is derived as a linked list table during a first check.

摘要翻译： 半导体集成电路包括用于从存储器执行应用代码的处理器和被布置为经由与处理器相同的内部总线接收应用代码的验证器处理器。 验证者处理器执行验证功能以检查应用代码是否可信。 验证者处理器自动运行，并且不能通过与主处理器相同的内部总线接收应用代码而被欺骗。 附加的指令监视器检查来自CPU的代码指令，并且还损害电路的操作，除非所请求的代码的地址在给定的范围内。 代码是链表的形式，并且在第一次检查期间将该范围派生为链表。

公开(公告)号：US07489780B2

公开(公告)日：2009-02-10

申请号：US10818753

申请日：2004-04-06

申请人： Andrew Dellow ,  Rodgrigo Cordero

发明人： Andrew Dellow ,  Rodgrigo Cordero

IPC分类号： H04L9/00

CPC分类号： H04N21/42623 ,  G06F21/10 ,  H04N7/165 ,  H04N21/4405 ,  H04N21/4623

摘要： A semiconductor integrated circuit for the processing of conditional access television signals comprises an input interface for receiving encrypted television signals and an output interface for output of decrypted television signals. Control signals broadcast with the television signals include control words and common keys. Entitlement messages are received in encrypted form, encrypted according to a secret key unique to each semiconductor integrated circuit. The input interface is connected to a decryption circuit whereby the only manner of providing the common keys to the circuit are in encrypted form encrypted according to the secret key. Due to the monolithic nature of the circuit, no secrets are exposed and the system is secure. Alternatively, the entitlement messages are encrypted for decryption with the common keys and a unique ID stored in the circuit is compared with an ID in a received entitlement message. Only if the received and stored IDs match can the rights be stored and used.

摘要翻译： 用于处理条件接收电视信号的半导体集成电路包括用于接收加密的电视信号的输入接口和用于输出解密的电视信号的输出接口。 用电视信号广播的控制信号包括控制字和公共密钥。 以加密形式接收授权消息，根据每个半导体集成电路特有的秘密密钥进行加密。 输入接口连接到解密电路，由此向电路提供公共密钥的唯一方式是根据密钥加密的加密形式。 由于电路的整体性质，没有暴露的秘密和系统是安全的。 或者，授权消息被加密以用公共密钥进行解密，并且存储在电路中的唯一ID与接收到的授权消息中的ID进行比较。 只有收到和存储的ID匹配才能保存和使用权限。

公开(公告)号：US20080086641A1

公开(公告)日：2008-04-10

申请号：US11743533

申请日：2007-05-02

申请人： Stephane Rodgers ,  Andrew Dellow

发明人： Stephane Rodgers ,  Andrew Dellow

IPC分类号： H04L9/32

CPC分类号： H04L9/3247 ,  G06F21/10 ,  G06F2221/0711 ,  G06F2221/0771 ,  H04L9/0891 ,  H04L63/0435 ,  H04L63/123 ,  H04L63/1458 ,  H04L2209/60 ,  H04L2209/605 ,  H04L2463/062

摘要： Methods and systems for preventing revocation denial of service attacks are disclosed and may include receiving and decrypting a command for revoking a secure key utilizing a hidden key, and revoking the secure key upon successful verification of a signature. The command may comprise a key ID that is unique to a specific set-top box. A key corresponding to the command for revoking the secure key may be stored in a one-time programmable memory, compared to a reference, and the security key may be revoked based on the comparison. The command for revoking the secure key may be parsed from a transport stream utilizing a hardware parser. The method and system may also comprise generating a command for revoking a secure key. The command may be encrypted and signed utilizing a hidden key and may comprise a key ID that is unique to a specific set-top box.

摘要翻译： 公开了用于防止撤销拒绝服务攻击的方法和系统，并且可以包括使用隐藏密钥接收和解密用于撤销安全密钥的命令，以及在成功验证签名时撤销安全密钥。 该命令可以包括特定机顶盒唯一的密钥ID。 与参考相比，与撤销安全密钥的命令相对应的密钥可以存储在一次性可编程存储器中，并且可以基于比较来撤销安全密钥。 用于撤销安全密钥的命令可以使用硬件解析器从传输流中解析出来。 该方法和系统还可以包括生成用于撤销安全密钥的命令。 命令可以使用隐藏密钥进行加密和签名，并且可以包括特定机顶盒唯一的密钥ID。

公开(公告)号：US20070280475A1

公开(公告)日：2007-12-06

申请号：US10583577

申请日：2004-12-17

申请人： Andrew Dellow ,  Howard Gurney

发明人： Andrew Dellow ,  Howard Gurney

IPC分类号： H04K1/10

CPC分类号： G06F21/72 ,  G06F12/1408 ,  G06F21/79 ,  G06F21/85

摘要： A monolithic semiconductor integrated circuit is provided for selectively encrypting or decrypting data transmitted between one of a plurality of devices on the circuit and an external memory. Two series of data pathways connect the devices and the external memory. The first series of data pathways passes through a cryptographic circuit causing data to be encrypted or decrypted, and the other series of data pathways provides an unhindered route. When a data access request is made by a device, the data is selectively routed along one of the two series of data pathways according to the identification of the device making the data access request. In one example, if data is transmitted from a device to the external memory, the data is selectively encrypted before being stored in the external memory if the device transmitting the data is identified as secure. Then, when that data is retrieved from the external memory by a second device, the data is selectively decrypted only if the second device is identified as secure.

摘要翻译： 提供单片半导体集成电路，用于选择性地加密或解密在电路上的多个设备之一和外部存储器之间传输的数据。 两组数据通路连接设备和外部存储器。 数据路径的第一系列通过加密电路，导致数据被加密或解密，另一系列的数据路径提供了一个不受阻碍的路由。 当设备进行数据访问请求时，根据进行数据访问请求的设备的标识，数据沿着两个数据路径中的一个选择性地路由选择。 在一个示例中，如果数据从设备发送到外部存储器，则如果发送数据的设备被识别为安全的，则在被存储在外部存储器中之前，数据被选择性地加密。 然后，当通过第二设备从外部存储器检索数据时，只有当第二设备被识别为安全时才选择性地解密该数据。

公开(公告)号：US20070200960A1

公开(公告)日：2007-08-30

申请号：US10575650

申请日：2003-10-16

申请人： Peter Bennett ,  Paul Elliott ,  Andrew Dellow

发明人： Peter Bennett ,  Paul Elliott ,  Andrew Dellow

IPC分类号： H04N5/38

CPC分类号： H04N21/44 ,  H04N7/165 ,  H04N21/26606 ,  H04N21/42623 ,  H04N21/6334

摘要： A semiconductor integrated circuit for the processing of conditional access television signals that includes an input interface for receiving encrypted television signals and an output interface for output of decrypted television signals. The semiconductor integrated circuit is provided with some functionality restricted in some way by preventing one or more hardware circuit elements from operating, such as an MPEG decoder, display engine, IO ports or main CPU. To enable the functionality, a subscriber must pay for a service and then receives an encrypted message broadcast to the semiconductor integrated circuit that is decrypted and instructs functionality to be turned on or off.

摘要翻译： 一种用于处理条件接收电视信号的半导体集成电路，包括用于接收加密的电视信号的输入接口和用于输出解密的电视信号的输出接口。 半导体集成电路具有通过防止一个或多个硬件电路元件操作（例如MPEG解码器，显示引擎，IO端口或主CPU）以某种方式受到限制的某些功能。 为了实现该功能，用户必须支付服务费用，然后接收加密的消息广播到被解密的半导体集成电路，并指示功能被打开或关闭。

公开(公告)号：US20050235308A1

公开(公告)日：2005-10-20

申请号：US11016537

申请日：2004-12-17

申请人： Andrew Dellow ,  Rodrigo Cordero

发明人： Andrew Dellow ,  Rodrigo Cordero

IPC分类号： G06F21/85 ,  H04N7/16 ,  G06F13/00

CPC分类号： H04N21/4181 ,  G06F21/85 ,  H04N7/162 ,  H04N21/454

摘要： An embodiment comprises a semiconductor integrated circuit for restricting the rate at which data may be accessed from an external memory by a device coupled to the circuit. The rate of data access is restricted if the data access satisfies one or more conditions. For example, one of the conditions is that the device which is requesting the data is insecure. Another condition is that the requested data is privileged. A data access monitor is provided to monitor data accesses and to is arranged to generate an access signal to indicate whether the conditions are satisfied or not. A bandwidth comparator determines whether data access exceeds a threshold and, if so, the semiconductor integrated circuit is impaired to prevent further data access.

摘要翻译： 一个实施例包括半导体集成电路，用于通过耦合到该电路的装置来限制可从外部存储器访问数据的速率。 如果数据访问满足一个或多个条件，则数据访问速率受到限制。 例如，其中一个条件是请求数据的设备是不安全的。 另一个条件是请求的数据是特权的。 提供数据访问监视器以监视数据访问，并且被布置成生成访问信号以指示条件是否满足。 带宽比较器确定数据访问是否超过阈值，如果是，则削弱半导体集成电路以防止进一步的数据访问。

公开(公告)号：US06865623B2

公开(公告)日：2005-03-08

申请号：US10354908

申请日：2003-01-30

申请人： Andrew Dellow

发明人： Andrew Dellow

IPC分类号： G06F13/28

CPC分类号： G06F13/28

摘要： A semiconductor integrated circuit for use in direct memory access (DMA) has two sources which communicate with a bus through a bus interface. A DMA access signal generator is coupled to the bus interface and asserts a DMA access output signal at a DMA access signal pin whenever either of the sources requires a DMA access. The need for separate DMA access signal pins for each of the two sources is thereby avoided. With targets on two separate integrated circuits, a single DMA access pin can be used for the two targets, while chip select signals at chip select pins on the source integrated circuit indicate which of the two targets is intended for the DMA access.

摘要翻译： 用于直接存储器访问（DMA）的半导体集成电路具有通过总线接口与总线通信的两个源。 DMA访问信号发生器耦合到总线接口，并且每当任何一个源需要DMA访问时，在DMA访问信号引脚处断言DMA访问输出信号。 因此避免了对于两个源中的每一个的单独的DMA访问信号引脚的需要。 通过两个独立的集成电路上的目标，两个目标可以使用单个DMA访问引脚，而源集成电路芯片选择引脚上的芯片选择信号指示两个目标中的哪一个用于DMA访问。

公开(公告)号：US09652637B2

公开(公告)日：2017-05-16

申请号：US11740575

申请日：2007-04-26

申请人： Andrew Dellow ,  Iue-Shuenn Chen ,  Stephane (Steve) Rodgers ,  Xuemin (Sherman) Chen

发明人： Andrew Dellow ,  Iue-Shuenn Chen ,  Stephane (Steve) Rodgers ,  Xuemin (Sherman) Chen

IPC分类号： G06F21/76 ,  G06F9/44

CPC分类号： G06F21/76 ,  G06F9/4403

摘要： Aspects of a method and system for allowing no code download in a code download scheme are provided. A system-on-a-chip (SoC) may comprise a security processor, a ROM, and a one-time-programmable (OTP) memory. The security processor may enable fetching code from a restricted function portion of the ROM. The restricted functions may comprise code for booting up the SoC and code that prevents enabling security algorithms within the SoC. The security processor may then enable booting up of at least a portion of the SoC based on the fetched code. The remaining portion of the ROM may comprise code for downloading security code from an external memory, such as a FLASH memory, to an internal memory, such as a RAM, to boot up the SoC. Access to the restricted function portion or the remaining portion of the ROM is based on at least one bit from the OTP memory.