公开(公告)号：US09338522B2

公开(公告)日：2016-05-10

申请号：US13715395

申请日：2012-12-14

Applicant: Broadcom Corporation

Inventor： Narayan Rajgopal ,  Marcus C. Kellerman ,  David Erickson

IPC: H04N7/16 ,  H04N21/835 ,  H04N21/443

CPC classification number: H04N21/835 ,  H04N21/443 ,  H04N21/4437

Abstract: A set top box or like device incorporating an untrusted software framework as a client of a secure operating system kernel. The software framework may comprise, for example, an Android framework supported by an underlying Linux operating system environment having a secure kernel. The software framework can be executed using a variety of process isolation techniques depending on performance and isolation requirements. A secure access client/server interface may also be provided to support interactions between the untrusted software framework (and applications utilizing the untrusted software framework) and secure or trusted portions of the device. The secure access interface can be configured to perform operations such as handle validation, heap pointer validation, non-pointer parameter validation, heap isolation, and resource release relating to terminated processes. In further embodiments, a software framework aggregator is used to support a plurality of additional software frameworks for use in the set top box.

Abstract translation: 一个机顶盒或类似的设备，其中包含不可信任的软件框架作为安全操作系统内核的客户端。 软件框架可以包括例如由具有安全内核的底层Linux操作系统环境支持的Android框架。 根据性能和隔离要求，可以使用各种过程隔离技术执行软件框架。 还可以提供安全访问客户端/服务器接口以支持不受信任的软件框架（以及利用不受信任的软件框架的应用）与设备的安全或受信任部分之间的交互。 可以将安全访问接口配置为执行诸如句柄验证，堆指针验证，非指针参数验证，堆隔离以及与终止的进程相关的资源释放等操作。 在另外的实施例中，软件框架聚合器用于支持用于机顶盒中的多个附加软件框架。

公开(公告)号：US20150326626A1

公开(公告)日：2015-11-12

申请号：US14738382

申请日：2015-06-12

Applicant: BROADCOM CORPORATION

Inventor： Wael W. Diab ,  James D. Bennett ,  Yasantha N. Rajakarunanayake ,  Marcus C. Kellerman

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L67/306 ,  G06Q50/01 ,  H04L67/303

Abstract: A social networking environment enables interaction between social networking (SNET) groups. Some interactions between SNET groups can include docking various SNET groups based upon interactions between a member and some part of a social network. Various hierarchies of social networking infrastructure can enable hierarchical interactions between social devices, SNET groups, and other elements associated with various social networking infrastructures. Capabilities provided by various elements in various SNET infrastructures can be docked to create combined SNET groups, and capabilities provided by an SNET group can be accessed via interaction with a representative view of the capabilities. Various interactions can be managed based upon inputs, trigger events, authorizations, and the like provided by various processing systems, devices, members, or the like. Various interactions can enable members associated with an SNET infrastructure to access capabilities provided by an SNET group via a docked SNET group.

Abstract translation: 社交网络环境可以实现社交网络（SNET）组之间的互动。 SNET组之间的一些交互可以包括基于成员和社交网络的某些部分之间的交互来对接各种SNET组。 社交网络基础设施的各种层次结构可以实现社交设备，SNET组以及与各种社交网络基础设施相关的其他元素之间的分层交互。 可以将各种SNET基础设施中的各种元素提供的能力对接到创建组合的SNET组，并且SNET组提供的功能可以通过与能力的代表性视图的交互来访问。 可以基于由各种处理系统，设备，成员等提供的输入，触发事件，授权等来管理各种交互。 各种交互可以使与SNET基础设施相关联的成员可以通过对接的SNET组访问由SNET组提供的功能。

公开(公告)号：US20150326554A1

公开(公告)日：2015-11-12

申请号：US14803610

申请日：2015-07-20

Applicant: BROADCOM CORPORATION

Inventor： Sherman (Xuemin) Chen ,  Marcus C. Kellerman ,  Wael W. Diab ,  Yasantha N. Rajakarunanayake ,  James D. Bennett

IPC: H04L29/06 ,  H04W12/02 ,  H04L29/08

CPC classification number: H04L67/306 ,  H04L63/02 ,  H04L63/0209 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/104 ,  H04L65/403 ,  H04L67/303 ,  H04W4/21 ,  H04W12/02 ,  H04W12/04 ,  H04W12/08

Abstract: A social network (SNET) is divided into one or more circles having different trust levels. Communications between the different SNET circles is bridged by an SNET device capable of communicating with devices associated with the different SNET circles, even if those devices cannot communicate directly with each other. When a communication is sent between SNET circles, the SNET device verifies the trust level associated with the communication, and bridges the communication based, at least in part, on that trust level. The SNET device can be located in a demilitarized zone associated with both the first SNET circle and the second SNET circle. Where different SNET circles use different security secrets for communications between members, the SNET device can store different keys for each of those circles in separate, restricted portions of memory.

Abstract translation: 社交网络（SNET）被分为一个或多个具有不同信任级别的圈子。 不同SNET圈之间的通信由能够与与不同SNET圈相关联的设备通信的SNET设备桥接，即使这些设备彼此之间不能直接通信。 当在SNET圈子之间发送通信时，SNET设备验证与通信相关联的信任级别，并且至少部分地基于该信任级别来桥接通信。 SNET设备可以位于与第一SNET圆和第二SNET圆相关联的非军事化区域中。 在不同的SNET圈对成员之间的通信使用不同的安全秘密的情况下，SNET设备可以在单独的，限制的存储器部分中为每个圈存储不同的密钥。

公开(公告)号：US20150154405A1

公开(公告)日：2015-06-04

申请号：US14615532

申请日：2015-02-06

Applicant: BROADCOM CORPORATION

Inventor： Sherman (Xuemin) Chen ,  Marcus C. Kellerman ,  Wael W. Diab ,  Yasantha N. Rajakarunanayake ,  James D. Bennett

IPC: G06F21/60 ,  H04L29/06

CPC classification number: G06F21/60 ,  G06F21/10 ,  G06F2221/2113 ,  G06Q10/10 ,  G06Q50/01 ,  H04L63/10 ,  H04L63/105 ,  H04L67/303 ,  H04L67/306 ,  H04N21/8358 ,  H04W4/21

Abstract: Members of a social network (SNET) circle can share content with other members of SNET circle, members of the same SNET that are not members of the same circle, or send content to people or devices outside of SNET. Trust chain can be used alone or in conjunction with other security measures to assign or select an appropriate level of content protection and SNET access. A trust rating or level associated with a trusted human member can be conferred to a social network device, allowing that device to be included in the trust chain. Trust can also be conferred from a trusted social network device to a child device of the social network device. A trust processing module can work in cooperation with one or more trust authorities to establish initial and updated overall trust levels of a human or device associated with the SNET.

Abstract translation: 社交网络（SNET）圈子的成员可以与SNET圈的其他成员分享内容，同一个SNET的成员不是同一个圈子的成员，或者向SNET之外的人或设备发送内容。 信任链可以单独使用或与其他安全措施一起使用，以分配或选择适当级别的内容保护和SNET访问。 与受信任的人员相关联的信任等级或级别可以被授予社交网络设备，允许该设备被包括在信任链中。 信任也可以从受信任的社交网络设备授予社交网络设备的子设备。 信任处理模块可以与一个或多个信任机构合作，以建立与SNET相关联的人或设备的初始和更新的整体信任级别。

公开(公告)号：US20140115623A1

公开(公告)日：2014-04-24

申请号：US13715395

申请日：2012-12-14

Applicant: BROADCOM CORPORATION

Inventor： Narayan Rajgopal ,  Marcus C. Kellerman ,  David Erickson

IPC: H04N21/835

CPC classification number: H04N21/835 ,  H04N21/443 ,  H04N21/4437

Abstract: A set top box or like device incorporating an untrusted software framework as a client of a secure operating system kernel. The software framework may comprise, for example, an Android framework supported by an underlying Linux operating system environment having a secure kernel. The software framework can be executed using a variety of process isolation techniques depending on performance and isolation requirements. A secure access client/server interface may also be provided to support interactions between the untrusted software framework (and applications utilizing the untrusted software framework) and secure or trusted portions of the device. The secure access interface can be configured to perform operations such as handle validation, heap pointer validation, non-pointer parameter validation, heap isolation, and resource release relating to terminated processes. In further embodiments, a software framework aggregator is used to support a plurality of additional software frameworks for use in the set top box.

Abstract translation: 一个机顶盒或类似的设备，其中包含不可信任的软件框架作为安全操作系统内核的客户端。 软件框架可以包括例如由具有安全内核的底层Linux操作系统环境支持的Android框架。 根据性能和隔离要求，可以使用各种过程隔离技术执行软件框架。 还可以提供安全访问客户端/服务器接口以支持不受信任的软件框架（以及利用不受信任的软件框架的应用）与设备的安全或受信任部分之间的交互。 可以将安全访问接口配置为执行诸如句柄验证，堆指针验证，非指针参数验证，堆隔离以及与终止的进程相关的资源释放等操作。 在另外的实施例中，软件框架聚合器用于支持用于机顶盒中的多个附加软件框架。

公开(公告)号：US09591102B2

公开(公告)日：2017-03-07

申请号：US14681865

申请日：2015-04-08

Applicant: BROADCOM CORPORATION

Inventor： Sherman (Xuemin) Chen ,  David Erickson ,  Vladimir Silyaev ,  Alan Trerise ,  Marcus C. Kellerman

IPC: H04L29/06 ,  G06F17/30 ,  H04L29/08

CPC classification number: H04L67/42 ,  G06F17/30905 ,  H04L29/08846 ,  H04L63/0281 ,  H04L67/02 ,  H04L67/04 ,  H04L67/141 ,  H04L67/22

Abstract: A gateway having at least one communications interface and processing circuitry establishes communications with at least one service provider device and at least one serviced client device. The gateway then determines that a serviced client device is to establish an Internet browsing session. Based upon characteristics of the serviced client device, the gateway determines where to instantiate a web browser to service the Internet browsing session. Based upon the determination, in a first operation, instantiates the web browser to service the Internet browsing session at the gateway or client device. In a second operation, the gateway instantiates the web browser to service the Internet browsing session at a service provider server. In other operations, the gateway may determine to instantiate a browser for a first client device at a cloud server and to instantiate a browser for a second client device either locally or at the second client device.

Abstract translation: 具有至少一个通信接口和处理电路的网关建立与至少一个服务提供商设备和至少一个服务的客户端设备的通信。 网关然后确定服务的客户端设备将建立因特网浏览会话。 基于服务的客户端设备的特征，网关确定在哪里实例化web浏览器来服务于互联网浏览会话。 基于该确定，在第一操作中，实例化网络浏览器以在网关或客户端设备处为因特网浏览会话服务。 在第二操作中，网关实例化Web浏览器以在服务提供商服务器处为因特网浏览会话服务。 在其他操作中，网关可以确定在云服务器处实例化用于第一客户端设备的浏览器，并在本地或在第二客户端设备实例化用于第二客户端设备的浏览器。

公开(公告)号：US20150347785A1

公开(公告)日：2015-12-03

申请号：US14823421

申请日：2015-08-11

Applicant: BROADCOM CORPORATION

Inventor： James D. Bennett ,  Yasantha N. Rajakarunanayake ,  Wael W. Diab ,  Jeyhan Karaoguz ,  Marcus C. Kellerman

IPC: G06F21/62 ,  H04L29/06 ,  H04L29/08 ,  H04L12/911

CPC classification number: G06F21/6254 ,  G06Q50/01 ,  H04L29/08702 ,  H04L47/70 ,  H04L51/32 ,  H04L61/2528 ,  H04L65/403 ,  H04L67/28 ,  H04L67/2809 ,  H04L67/306 ,  H04W4/21

Abstract: An Ad Hoc social networking environment enables information and device access management between social networking groups and social networking members with or without access restrictions and anonymity. Contact and access information can be exchanged and updated on the fly without requiring users to notify other contacts or contacting devices and can support underlying contact information changes, enable extemporaneous termination or modification of contact access, enable temporary access, and the like. Ad Hoc social networking can utilize unique identifiers, proxy elements, or the like to support various levels of membership anonymity and Ad Hoc social networking. Proxy elements enable SNET tear down or dissolution by retracting the proxy service from a member. Storing social group contact information in shared databases can enable sharing and updating of contact information without the need to inform affected contacts. Some social networks can include various specialized devices and related services.

Abstract translation: 一个特殊的社交网络环境可以实现社交网络组和社交网络成员之间的信息和设备访问管理，无论是否具有访问限制和匿名性。 联系和访问信息可以即时交换和更新，而不需要用户通知其他联系人或联系设备，并且可以支持底层的联系人信息更改，使得即时终止或修改联系人访问，启用临时访问等。 特殊社交网络可以利用独特的标识符，代理元素等来支持不同级别的会员匿名和Ad Hoc社交网络。 代理元素使SNET通过从成员撤回代理服务来拆除或解散。 将社群组联系信息存储在共享数据库中可以实现共享和更新联系信息，而无需通知受影响的联系人。 一些社交网络可以包括各种专门的设备和相关的服务。

公开(公告)号：US20150229739A1

公开(公告)日：2015-08-13

申请号：US14681865

申请日：2015-04-08

Applicant: BROADCOM CORPORATION

Inventor： Sherman (Xuemin) Chen ,  David Erickson ,  Vladimir Silyaev ,  Alan Trerise ,  Marcus C. Kellerman

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L67/42 ,  G06F17/30905 ,  H04L29/08846 ,  H04L63/0281 ,  H04L67/02 ,  H04L67/04 ,  H04L67/141 ,  H04L67/22

Abstract: A gateway having at least one communications interface and processing circuitry establishes communications with at least one service provider device and at least one serviced client device. The gateway then determines that a serviced client device is to establish an Internet browsing session. Based upon characteristics of the serviced client device, the gateway determines where to instantiate a web browser to service the Internet browsing session. Based upon the determination, in a first operation, instantiates the web browser to service the Internet browsing session at the gateway or client device. In a second operation, the gateway instantiates the web browser to service the Internet browsing session at a service provider server. In other operations, the gateway may determine to instantiate a browser for a first client device at a cloud server and to instantiate a browser for a second client device either locally or at the second client device.

Abstract translation: 具有至少一个通信接口和处理电路的网关建立与至少一个服务提供商设备和至少一个服务的客户端设备的通信。 网关然后确定服务的客户端设备将建立因特网浏览会话。 基于服务的客户端设备的特征，网关确定在哪里实例化web浏览器来服务于互联网浏览会话。 基于该确定，在第一操作中，实例化网络浏览器以在网关或客户端设备处为因特网浏览会话服务。 在第二操作中，网关实例化Web浏览器以在服务提供商服务器处为因特网浏览会话服务。 在其他操作中，网关可以确定在云服务器处实例化用于第一客户端设备的浏览器，并在本地或在第二客户端设备实例化用于第二客户端设备的浏览器。