公开(公告)号：US09152577B2

公开(公告)日：2015-10-06

申请号：US13707070

申请日：2012-12-06

Applicant: Broadcom Corporation

Inventor： Stephane Rodgers ,  Andrew Dellow ,  Shashank Shekhar

IPC: H04N21/4408 ,  H04N21/4402 ,  H04N19/40 ,  G06F12/14 ,  G06F21/00 ,  H04N21/2343 ,  H04N7/167 ,  H04N19/423 ,  H04N19/46

CPC classification number: G06F12/1408 ,  G06F12/1441 ,  G06F21/00 ,  G06F21/10 ,  H04N7/1675 ,  H04N19/40 ,  H04N19/423 ,  H04N19/46 ,  H04N21/234309 ,  H04N21/4402 ,  H04N21/4408

Abstract: A method for managing a transcoder pipeline includes partitioning a memory with a numbered region; receiving an incoming media stream to be transcoded; and atomically loading, using a security central processing unit (SCPU), a decryption key, a counterpart encryption key and an associated region number of the memory into a slot of a key table, the key table providing selection of decryption and encryption keys during transcoding. The atomically loading the decryption and encryption keys and the associated numbered region ensures that the encryption key is selected to encrypt a transcoded version of the media stream when the media stream has been decrypted with the decryption key and the transcoded media stream is retrieved from the associated numbered region of the memory.

Abstract translation: 一种用于管理代码转换器流水线的方法，包括对具有编号区域的存储器进行分区; 接收要转码的传入媒体流; 并且使用安全中央处理单元（SCPU），解密密钥，对方加密密钥和存储器的相关联的区号进行原子加载到密钥表的时隙中，所述密钥表在转码期间提供对解密和加密密钥的选择 。 原子上加载解密和加密密钥和相关联的编号区域确保了当媒体流已经用解密密钥解密并且从相关联的代码转换的媒体流被检索时，加密密钥被选择来加密媒体流的转码版本 记忆的编号区域。

公开(公告)号：US20140233732A1

公开(公告)日：2014-08-21

申请号：US13859675

申请日：2013-04-09

Applicant: Broadcom Corporation

Inventor： Mark Leonard Buer ,  Andrew Dellow ,  Jacob Mendel

IPC: H04N7/167

CPC classification number: H04N21/2347 ,  H04N21/2543 ,  H04N21/4126 ,  H04N21/4627

Abstract: A secure element operating in conjunction with a secure partition of a system-on-a-chip (SoC) having set top box (STB) functionality allows for digital rights management (DRM) key handling in a mobile platform. The secure element can include a secure processing system (SPS) to be implemented as a hard macro, thereby isolating the SPS from a peripheral processing system (PPS). The secure element and the secure partition of the SoC may be operatively connected by a secure cryptographic channel.

Abstract translation: 与具有机顶盒（STB）功能的片上系统（SoC）的安全分区结合操作的安全元件允许在移动平台中的数字版权管理（DRM）密钥处理。 安全元件可以包括要被实现为硬宏的安全处理系统（SPS），从而将SPS与外围处理系统（PPS）隔离开来。 SoC的安全元件和安全分区可以通过安全加密通道可操作地连接。

公开(公告)号：US09344747B2

公开(公告)日：2016-05-17

申请号：US13859675

申请日：2013-04-09

Applicant: Broadcom Corporation

Inventor： Mark Leonard Buer ,  Andrew Dellow ,  Jacob Mendel

IPC: H04N7/167 ,  G06F11/30 ,  H04N21/2347 ,  H04N21/2543 ,  H04N21/41 ,  H04N21/4627

CPC classification number: H04N21/2347 ,  H04N21/2543 ,  H04N21/4126 ,  H04N21/4627

Abstract: A secure element operating in conjunction with a secure partition of a system-on-a-chip (SoC) having set top box (STB) functionality allows for digital rights management (DRM) key handling in a mobile platform. The secure element can include a secure processing system (SPS) to be implemented as a hard macro, thereby isolating the SPS from a peripheral processing system (PPS). The secure element and the secure partition of the SoC may be operatively connected by a secure cryptographic channel.

Abstract translation: 与具有机顶盒（STB）功能的片上系统（SoC）的安全分区结合操作的安全元件允许在移动平台中的数字版权管理（DRM）密钥处理。 安全元件可以包括要被实现为硬宏的安全处理系统（SPS），从而将SPS与外围处理系统（PPS）隔离开来。 SoC的安全元件和安全分区可以通过安全加密通道可操作地连接。

公开(公告)号：US09025768B2

公开(公告)日：2015-05-05

申请号：US13856651

申请日：2013-04-04

Applicant: Broadcom Corporation

Inventor： Shashank Shekhar ,  Shee-Yen Tan ,  Andrew Dellow

IPC: H04L9/00 ,  H04L29/06 ,  G06F13/28 ,  H04L9/08

CPC classification number: H04L63/0428 ,  G06F13/28 ,  H04L9/0822 ,  H04L9/0861 ,  H04L63/0435

Abstract: A system for securing a variable length keyladder key includes a keyladder decryptor configured to alter a first layer key and to execute a keyladder algorithm to generate a content key, the keyladder algorithm to generate the content key by decrypting an encrypted second layer key with the altered first layer key. The alteration mirrors the alteration applied to encrypt the second layer key by a content server providing content data to be decrypted. The system may further include a cryptographic direct memory access controller (DMAC) coupled with the keyladder decryptor and to decrypt encrypted content data using the generated content key. The keyladder decryptor may be further configured to send the content key to be stored in the DMAC without information regarding how the first layer key was altered. The alteration may include a permutation function or other change or modification.

Abstract translation: 用于保护可变长度键盘键的系统包括键盘解码器，其配置为改变第一层密钥并执行键盘算法以生成内容密钥，所述键盘算法通过用改变的密钥解密加密的第二层密钥来生成内容密钥 第一层密钥 该改变反映了由提供要解密的内容数据的内容服务器应用于加密第二层密钥的改变。 系统还可以包括与键盘解码器耦合的加密直接存储器访问控制器（DMAC），并且使用所生成的内容密钥来解密加密的内容数据。 键盘解码器还可以被配置为发送要存储在DMAC中的内容密钥，而没有关于如何改变第一层密钥的信息。 该改变可以包括置换函数或其他改变或修改。

公开(公告)号：US20140053001A1

公开(公告)日：2014-02-20

申请号：US13707070

申请日：2012-12-06

Applicant: BROADCOM CORPORATION

Inventor： Stephane Rodgers ,  Andrew Dellow ,  Shashank Shekhar

IPC: G06F12/14

CPC classification number: G06F12/1408 ,  G06F12/1441 ,  G06F21/00 ,  G06F21/10 ,  H04N7/1675 ,  H04N19/40 ,  H04N19/423 ,  H04N19/46 ,  H04N21/234309 ,  H04N21/4402 ,  H04N21/4408

Abstract: A method for managing a transcoder pipeline includes partitioning a memory with a numbered region; receiving an incoming media stream to be transcoded; and atomically loading, using a security central processing unit (SCPU), a decryption key, a counterpart encryption key and an associated region number of the memory into a slot of a key table, the key table providing selection of decryption and encryption keys during transcoding. The atomically loading the decryption and encryption keys and the associated numbered region ensures that the encryption key is selected to encrypt a transcoded version of the media stream when the media stream has been decrypted with the decryption key and the transcoded media stream is retrieved from the associated numbered region of the memory.

Abstract translation: 一种用于管理代码转换器流水线的方法，包括：对具有编号区域的存储器进行分区; 接收要转码的传入媒体流; 并且使用安全中央处理单元（SCPU），解密密钥，对方加密密钥和存储器的相关联的区号进行原子加载到密钥表的时隙中，所述密钥表在转码期间提供对解密和加密密钥的选择 。 原子上加载解密和加密密钥和相关联的编号区域确保了当媒体流已经用解密密钥解密并且从相关联的代码转换的媒体流被检索时，加密密钥被选择来加密媒体流的转码版本 记忆的编号区域。

公开(公告)号：US08694767B2

公开(公告)日：2014-04-08

申请号：US13776998

申请日：2013-02-26

Applicant: Broadcom Corporation

Inventor： Stephane Rodgers ,  Andrew Dellow ,  Xuemin Chen ,  Iue-Shuenn Chen ,  Qiang Ye

IPC: G06F9/00 ,  H04L9/00 ,  G06F21/57

CPC classification number: G06F21/575 ,  G06F21/572

Abstract: A system and method that enables secure system boot up with a restricted central processing unit (CPU). The system includes a memory, a segmenting device, and a security sub-system. The memory is a NAND flash memory with a block structure that comprises a guaranteed block and non-guaranteed blocks. The guaranteed block is guaranteed to be useable. A boot code is segmented into boot code segments and the boot code segments are stored separately in the guaranteed and non-guaranteed blocks. The security sub-system is configured to locate the boot code segments stored in the non-guaranteed blocks and validate them independently based on data in the guaranteed block. The security sub-system is further configured to assemble the boot code segments into the boot code and execute the boot code.

Abstract translation: 一种使用受限制的中央处理单元（CPU）实现安全系统启动的系统和方法。 该系统包括存储器，分段设备和安全子系统。 存储器是具有块结构的NAND闪存，其包括保证块和非保证块。 保证的块被保证是可用的。 引导代码被分段为引导代码段，引导代码段分别存储在保证和无保证的块中。 安全子系统被配置为定位存储在非保证块中的引导代码段，并基于保证块中的数据独立地进行验证。 安全子系统还被配置为将引导代码段组合到引导代码中并执行引导代码。

公开(公告)号：US20140053278A1

公开(公告)日：2014-02-20

申请号：US13707050

申请日：2012-12-06

Applicant: BROADCOM CORPORATION

Inventor： Andrew Dellow ,  Shashank Shekhar ,  Stephane Rodgers

IPC: G06F21/60

CPC classification number: G06F21/60 ,  G06F21/575 ,  G06F21/602 ,  G06F21/74 ,  G06F21/78 ,  G06F2221/2107 ,  G06F2221/2113 ,  H04L9/0838 ,  H04N5/4401 ,  H04N21/426 ,  H04N21/4408 ,  H04N21/4627

Abstract: A computing system, comprising includes a first central processing unit (CPU) and a second CPU coupled with the first CPU and with a host processor. The second CPU and the host processor may both request the first CPU to generate keys that have access rights to regions of memory to access specific data. The first CPU may be configured to, in response to a request from the second CPU, generate a unique key with a unique access right to a region of memory, the unique key usable only by the second CPU, not the host processor.

Abstract translation: 一种计算系统，包括第一中央处理单元（CPU）和与第一CPU耦合的第二CPU和主机处理器。 第二CPU和主机处理器都可以请求第一CPU产生具有对存储器区域的访问权限的密钥以访问特定数据。 第一CPU可以被配置为响应于来自第二CPU的请求，生成具有对存储器区域的唯一访问权限的唯一密钥，唯一密钥仅可由第二CPU而不是主机处理器使用。

公开(公告)号：US09483626B2

公开(公告)日：2016-11-01

申请号：US14589727

申请日：2015-01-05

Applicant: Broadcom Corporation

Inventor： Stephane Rodgers ,  Andrew Dellow

IPC: G06F21/00 ,  G06F21/12 ,  G06F21/72 ,  G06F21/74

CPC classification number: G06F21/123 ,  G06F21/72 ,  G06F21/74 ,  G06F2221/2113

Abstract: A computing system includes a first security central processing unit (SCPU) of a system-on-a-chip (SOC), the first SCPU configured to execute functions of a first security level. The computing system also includes a second SCPU of the SOC coupled with the first SCPU and coupled with a host processor, the second SCPU configured to execute functions of a second security level less secure than the first security level, and the second SCPU executing functions not executed by the first SCPU.

公开(公告)号：US09165148B2

公开(公告)日：2015-10-20

申请号：US14094640

申请日：2013-12-02

Applicant: Broadcom Corporation

Inventor： Andrew Dellow

IPC: G06F7/04 ,  G06F21/60 ,  G06F21/73 ,  H04L9/08

CPC classification number: G06F21/606 ,  G06F21/604 ,  G06F21/73 ,  H04L9/0825

Abstract: Methods, devices, systems and computer program products are provided to facilitate cryptographically secure retrieval of secret information that is embedded in a device. The embedded secret information can include a random number that is not custom-designed for any specific requestor of the secret information. Upon receiving a request for the embedded secret information, an encrypted secret is provided to the requestor that enables the recovery of the embedded secret information by only the requestor. Moreover, a need for maintenance of a database of the embedded secret information and the associated requestors is eliminated.

Abstract translation: 提供了方法，设备，系统和计算机程序产品以便于密码安全地检索嵌入到设备中的秘密信息。 嵌入的秘密信息可以包括对于秘密信息的任何特定请求者不是定制设计的随机数。 在接收到对嵌入式秘密信息的请求时，向请求者提供加密的秘密，该请求者仅使请求者能够恢复嵌入的秘密信息。 此外，消除了对嵌入式秘密信息和相关联的请求者的数据库的维护的需要。

公开(公告)号：US20150128253A1

公开(公告)日：2015-05-07

申请号：US14589727

申请日：2015-01-05

Applicant: Broadcom Corporation

Inventor： Stephane Rodgers ,  Andrew Dellow

IPC: G06F21/12 ,  G06F21/74

CPC classification number: G06F21/123 ,  G06F21/72 ,  G06F21/74 ,  G06F2221/2113

Abstract: A computing system includes a first security central processing unit (SCPU) of a system-on-a-chip (SOC), the first SCPU configured to execute functions of a first security level. The computing system also includes a second SCPU of the SOC coupled with the first SCPU and coupled with a host processor, the second SCPU configured to execute functions of a second security level less secure than the first security level, and the second SCPU executing functions not executed by the first SCPU.

Abstract translation: 计算系统包括片上系统（SOC）的第一安全中央处理单元（SCPU），第一SCPU被配置为执行第一安全级别的功能。 计算系统还包括与第一SCPU耦合并与主处理器耦合的SOC的第二SCPU，第二SCPU被配置为执行比第一安全级别更不安全的第二安全级别的功能，而第二SCPU执行功能不是 由第一个SCPU执行。