专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US09026800B2 Method and system for allowing customer or third party testing of secure programmable code 有权
标题翻译：允许客户或第三方安全可编程代码测试的方法和系统
公开(公告)号：US09026800B2
公开(公告)日：2015-05-05
申请号：US11743545
申请日：2007-05-02
申请人： Stephane Rodgers , Andrew Dellow , Iue-Shuenn Chen , Xuemin Chen , Carolyn Walker
发明人： Stephane Rodgers , Andrew Dellow , Iue-Shuenn Chen , Xuemin Chen , Carolyn Walker
IPC分类号： G06F21/00 , G06F21/57 , G06F21/60 , G06F21/64 , G06F21/12 , H04L9/06 , H04L29/06 , H04N7/16 , H04N21/426 , H04N21/458 , H04N21/4623 , H04N21/81 , G06F21/10
CPC分类号： G06F21/572 , G06F21/10 , G06F21/12 , G06F21/121 , G06F21/60 , G06F21/64 , G06F2221/033 , H04L9/0643 , H04L63/12 , H04L63/123 , H04N7/162 , H04N21/42623 , H04N21/4586 , H04N21/4623 , H04N21/8193
摘要： Methods and systems for allowing customer or third party testing of secure programmable code are disclosed and may include verifying code loaded in a set-top box utilizing a test hash or a production hash prior to execution of the code, where the test hash and production hash may be stored in a memory, such as an OTP, within the set-top box, and may allow migration from corresponding test code to production code, which may be verified utilizing the test hash and production hash, respectively. The test and production hashes may be customer specific. The migration from test code to production code may be authenticated using at least a set-top box specific password. The test hash may be stored in a first portion of a one-time programmable memory and the production hash in a remaining portion, with the first portion being less than or equal to the remaining portion.
摘要翻译：公开了用于允许客户或第三方测试安全可编程代码的方法和系统，并且可以包括在执行代码之前利用测试散列或生产散列验证加载在机顶盒中的代码，其中测试散列和生产散列可以存储在机顶盒内的诸如OTP的存储器中，并且可以允许从相应的测试代码迁移到生产代码，这可以分别使用测试散列和生产散列进行验证。测试和生产散列可能是客户特定的。从测试代码到生产代码的迁移可以至少使用机顶盒专用密码进行认证。测试散列可以存储在一次性可编程存储器的第一部分中，并且剩余部分中的生成散列，其中第一部分小于或等于其余部分。

2. 发明申请

US20080086647A1 METHOD AND SYSTEM FOR ALLOWING CUSTOMER OR THIRD PARTY TESTING OF SECURE PROGRAMMABLE CODE 有权
标题翻译：允许客户或第三方安全可编程代码测试的方法和系统
公开(公告)号：US20080086647A1
公开(公告)日：2008-04-10
申请号：US11743545
申请日：2007-05-02
申请人： Stephane Rodgers , Andrew Dellow , Iue-Shuenn Chen , Xuemin Chen , Carolyn Walker
发明人： Stephane Rodgers , Andrew Dellow , Iue-Shuenn Chen , Xuemin Chen , Carolyn Walker
IPC分类号： G06F12/14
CPC分类号： G06F21/572 , G06F21/10 , G06F21/12 , G06F21/121 , G06F21/60 , G06F21/64 , G06F2221/033 , H04L9/0643 , H04L63/12 , H04L63/123 , H04N7/162 , H04N21/42623 , H04N21/4586 , H04N21/4623 , H04N21/8193
摘要： Methods and systems for allowing customer or third party testing of secure programmable code are disclosed and may include verifying code loaded in a set-top box utilizing a test hash or a production hash prior to execution of the code, where the test hash and production hash may be stored in a memory, such as an OTP, within the set-top box, and may allow migration from corresponding test code to production code, which may be verified utilizing the test hash and production hash, respectively. The test and production hashes may be customer specific. The migration from test code to production code may be authenticated using at least a set-top box specific password. The test hash may be stored in a first portion of a one-time programmable memory and the production hash in a remaining portion, with the first portion being less than or equal to the remaining portion.
摘要翻译：公开了用于允许客户或第三方测试安全可编程代码的方法和系统，并且可以包括在执行代码之前利用测试散列或生产散列验证加载在机顶盒中的代码，其中测试散列和生产散列可以存储在机顶盒内的诸如OTP的存储器中，并且可以允许从相应的测试代码迁移到生产代码，这可以分别使用测试散列和生产散列进行验证。测试和生产散列可能是客户特定的。从测试代码到生产代码的迁移可以至少使用机顶盒专用密码进行认证。测试散列可以存储在一次性可编程存储器的第一部分中，并且剩余部分中的生成散列，其中第一部分小于或等于其余部分。

3. 发明申请

US20080086657A1 METHOD AND SYSTEM FOR DISASTER RECOVERY IN A SECURE REPROGRAMMABLE SYSTEM 有权
标题翻译：用于在安全可重构系统中进行灾难恢复的方法和系统
公开(公告)号：US20080086657A1
公开(公告)日：2008-04-10
申请号：US11753474
申请日：2007-05-24
申请人： Xuemin Chen , Andrew Dellow , Iue-Shuenn Chen , Stephane Rodgers
发明人： Xuemin Chen , Andrew Dellow , Iue-Shuenn Chen , Stephane Rodgers
IPC分类号： G06F11/07 , G06F12/14
CPC分类号： H04N21/4432 , G06F11/1433 , G06F21/572 , H04N21/4586 , H04N21/818
摘要： Methods and systems for software security in a secure communication system are disclosed and may include verifying downloaded code in a reprogrammable system and reloading prestored unmodifiable first stage code upon failure. The prestored unmodifiable first stage code, which may comprise boot code for the reprogrammable system, may be stored in locked flash, and the downloaded software code may be stored in unlocked flash. The downloaded software code may be verified by comparing a signature of the downloaded code to a private key. A first sticky bit may be utilized to indicate a failure of the verification and a second sticky bit may be utilized to indicate passing of the verification and the use of the downloaded software code. Whether to reset the reprogrammable system and reload the prestored unmodifiable first stage code may be determined from within the reprogrammable system, which may comprise a set-top box.
摘要翻译：公开了用于安全通信系统中的软件安全性的方法和系统，并且可以包括验证可再编程系统中的下载代码，并且在故障时重新加载预先存储的不可修改的第一级代码。预先存储的不可修改的第一级代码（其可以包括用于可重新编程系统的引导代码）可以存储在锁定的闪存中，并且下载的软件代码可以存储在解锁的闪存中。可以通过将下载的代码的签名与私钥进行比较来验证下载的软件代码。可以使用第一粘性位来指示验证失败，并且可以利用第二粘性位来指示验证的传递和下载的软件代码的使用。是否重置可编程系统并重新加载预先存储的不可修改的第一级代码可以在可重编程系统内确定，其可以包括机顶盒。

4. 发明申请

US20080084273A1 METHOD AND SYSTEM FOR SECURELY LOADING CODE IN A SECURITY PROCESSOR 有权
标题翻译：安全处理器中安全加载代码的方法和系统
公开(公告)号：US20080084273A1
公开(公告)日：2008-04-10
申请号：US11753338
申请日：2007-05-24
申请人： Stephane Rodgers , Andrew Dellow , Xuemin Chen , Iue-Shuenn Chen
发明人： Stephane Rodgers , Andrew Dellow , Xuemin Chen , Iue-Shuenn Chen
IPC分类号： G05B19/00
CPC分类号： G06F21/6209 , G06F21/77
摘要： Securely loading code in a security processor may include autonomous fetching an encrypted security data set, which may comprise security code and/or root keys, by a security processor integrated within a chip. The encrypted security data set may be decrypted via the on-chip security processor and the decrypted code set may be validated on-chip using an on-chip locked value. The on-chip locked value may be stored in a one-time programmable read-only memory (OTP ROM) and may include security information generated by applying one or more security algorithms, for example SHA-based algorithms, to the security data set. The encryption of the security data set may utilize various security algorithms, for example AES-based algorithms. The on-chip locked value may be created and locked after a virgin boot of a device that includes the security processor. The security data set may be authenticated during the virgin boot of the device.
摘要翻译：在安全处理器中安全地加载代码可以包括通过集成在芯片内的安全处理器来自主地获取可以包括安全代码和/或根密钥的加密安全数据集。加密的安全数据集可以经由片上安全处理器解密，并且解码的代码集可以使用片上锁定值在片上进行验证。片上锁定值可以存储在一次性可编程只读存储器（OTP ROM）中，并且可以包括通过将一个或多个安全算法（例如基于SHA的算法）应用于安全数据集而生成的安全信息。安全数据集的加密可以利用各种安全算法，例如基于AES的算法。在包含安全处理器的设备的初始引导之后，可以创建和锁定片上锁定值。安全数据集可以在设备的初始启动期间被认证。

5. 发明授权

US08528102B2 Method and system for protection of customer secrets in a secure reprogrammable system 有权
标题翻译：在安全可重编程系统中保护客户机密的方法和系统
公开(公告)号：US08528102B2
公开(公告)日：2013-09-03
申请号：US11753414
申请日：2007-05-24
申请人： Xuemin Chen , Iue Shuenn Chen , Stephane Rodgers , Andrew Dellow
发明人： Xuemin Chen , Iue Shuenn Chen , Stephane Rodgers , Andrew Dellow
IPC分类号： G06F7/04
CPC分类号： G06F21/629 , G06F21/572 , H04N7/163 , H04N21/42692 , H04N21/4432 , H04N21/4627 , H04N21/818
摘要： Methods and systems for protection of customer secrets in a secure reprogrammable system are disclosed, and may include controlling, via hardware logic and firmware, access to customer specific functions. The firmware may comprise trusted code, and may comprise boot code, stored in non-volatile memory, which may comprise read only memory, or a locked flash memory. A customer mode may be checked via the trusted code prior to allowing downloading of code written by a customer to the reprogrammable system. Access to customer specific functions may be restricted via commands from a trusted source. The hardware logic may be latched at startup in a disabled mode by the firmware, determined by the customer mode stored in a one time programmable memory. The customer mode may be re-checked utilizing the firmware, and may disallow the use of code other than trusted code in the reprogrammable system when the re-checking fails.
摘要翻译：公开了用于保护安全可重新编程系统中的客户秘密的方法和系统，并且可以包括通过硬件逻辑和固件来控制对客户特定功能的访问。固件可以包括可信代码，并且可以包括存储在非易失性存储器中的引导代码，其可以包括只读存储器或锁定的闪存。可以在允许将由客户编写的代码下载到可重新编程系统之前通过可信代码来检查客户模式。可以通过来自可信来源的命令来限制访问客户特定功能。由存储在一次可编程存储器中的客户模式确定的固件可以在禁用模式下的硬件逻辑锁存硬件逻辑。可以使用固件来重新检查客户模式，并且当重新检查失败时，可以不允许在可再编程系统中使用除可信代码之外的代码。

6. 发明授权

US08452987B2 Method and system for disaster recovery in a secure reprogrammable system 有权
标题翻译：安全可重编程系统中的灾难恢复方法和系统
公开(公告)号：US08452987B2
公开(公告)日：2013-05-28
申请号：US11753474
申请日：2007-05-24
申请人： Xuemin Chen , Andrew Dellow , Iue-Shuenn Chen , Stephane Rodgers
发明人： Xuemin Chen , Andrew Dellow , Iue-Shuenn Chen , Stephane Rodgers
IPC分类号： G06F11/30 , G06F12/14
CPC分类号： H04N21/4432 , G06F11/1433 , G06F21/572 , H04N21/4586 , H04N21/818
摘要： Methods and systems for software security in a secure communication system are disclosed and may include verifying downloaded code in a reprogrammable system and reloading prestored unmodifiable first stage code upon failure. The prestored unmodifiable first stage code, which may comprise boot code for the reprogrammable system, may be stored in locked flash, and the downloaded software code may be stored in unlocked flash. The downloaded software code may be verified by comparing a signature of the downloaded code to a private key. A first sticky bit may be utilized to indicate a failure of the verification and a second sticky bit may be utilized to indicate passing of the verification and the use of the downloaded software code. Whether to reset the reprogrammable system and reload the prestored unmodifiable first stage code may be determined from within the reprogrammable system, which may comprise a set-top box.
摘要翻译：公开了用于安全通信系统中的软件安全性的方法和系统，并且可以包括验证可再编程系统中的下载代码，并且在故障时重新加载预先存储的不可修改的第一级代码。预先存储的不可修改的第一级代码（其可以包括用于可重新编程系统的引导代码）可以存储在锁定的闪存中，并且下载的软件代码可以存储在解锁的闪存中。可以通过将下载的代码的签名与私钥进行比较来验证下载的软件代码。可以使用第一粘性位来指示验证失败，并且可以利用第二粘性位来指示验证的传递和下载的软件代码的使用。是否重置可编程系统并重新加载预先存储的不可修改的第一级代码可以在可重编程系统内确定，其可以包括机顶盒。

7. 发明授权

US08417931B2 Method and system for NAND flash support in an autonomously loaded secure reprogrammable system 有权
标题翻译：在自动加载的可重新编程系统中的NAND闪存支持的方法和系统
公开(公告)号：US08417931B2
公开(公告)日：2013-04-09
申请号：US13034176
申请日：2011-02-24
申请人： Stephane Rodgers , Andrew Dellow , Xuemin Chen , Iue-Shuenn Chen , Qiang Ye
发明人： Stephane Rodgers , Andrew Dellow , Xuemin Chen , Iue-Shuenn Chen , Qiang Ye
IPC分类号： G06F9/00 , H04L9/00
CPC分类号： G06F21/575 , G06F21/572
摘要： A boot code may be segmented to allow separate and independent storage of the code segments in a manner that may enable secure system boot by autonomous fetching and assembling of the boot code by a security sub-system. The code fetching may need to be done without the main CPU running on the chip for security reasons. Because the boot code may be stored in memory devices that require special software application to account for non-contiguous storage of data and/or code, for example a NAND flash memory which would require such an application as Bad Block Management, code segments stored in areas guaranteed to be usable may enable loading remaining segment separately and independently. Each of the code segments may be validated, wherein validation of the code segments may comprise use of hardware-based signatures.
摘要翻译：引导代码可以被分段以允许以可以通过安全子系统自主地取出和组合引导代码来实现安全系统引导的方式来分离和独立地存储代码段。出于安全考虑，代码获取可能需要完成，而主CPU不会在芯片上运行。由于引导代码可能存储在需要特殊软件应用程序的存储器件中以解决数据和/或代码的不连续存储，例如将要求诸如坏块管理的应用的NAND闪存，存储在保证可用的区域可以分开和独立地加载剩余段。可以验证每个代码段，其中代码段的验证可以包括使用基于硬件的签名。

8. 发明申请

US20080086628A1 METHOD AND SYSTEM FOR TWO-STAGE SECURITY CODE REPROGRAMMING 有权
标题翻译：用于两级安全代码转换的方法和系统
公开(公告)号：US20080086628A1
公开(公告)日：2008-04-10
申请号：US11746769
申请日：2007-05-10
申请人： Stephane Rodgers , Andrew Dellow , Xuemin Chen , Iue-Shuenn Chen
发明人： Stephane Rodgers , Andrew Dellow , Xuemin Chen , Iue-Shuenn Chen
IPC分类号： G06F9/00
CPC分类号： H04N21/818 , G06F21/572 , H04N21/4432 , H04N21/4586
摘要： A stored predefined unmodifiable bootable code set may be verified during code reprogramming of a device, and executed as a first stage of code reprogramming of the device. The predefined unmodifiable bootable code set may be stored in a locked memory such as a locked flash memory and may comprise code that enables minimal communication functionality of the device. The predefined unmodifiable bootable code set may be verified using a security algorithm, for example, a SHA-based algorithm. Information necessary for the security algorithm may be stored in a memory, for example, a one-time programmable read-only memory (OTP ROM). The stored information necessary for the security algorithm may comprise a SHA digest, a signature, and/or a key. A second stage code set may be verified and executed during the code reprogramming of the device subsequent to the verification of the stored predefined unmodifiable bootable code set.
摘要翻译：可以在设备的代码重新编程期间验证存储的预定义的不可修改的可引导代码集，并且作为设备的代码重新编程的第一级被执行。预定义的不可修改的可引导代码集可以存储在诸如锁定的闪存的锁定存储器中，并且可以包括能够实现设备的最小通信功能的代码。可以使用安全算法（例如，基于SHA的算法）来验证预定义的不可修改的可引导代码集。安全算法所需的信息可以存储在存储器中，例如，一次性可编程只读存储器（OTP ROM）。安全算法所需的存储信息可以包括SHA摘要，签名和/或密钥。可以在验证存储的预定义的不可修改的可引导代码集之后的设备的代码重新编程期间验证和执行第二阶段代码集。

9. 发明授权

US08683212B2 Method and system for securely loading code in a security processor 有权
标题翻译：用于在安全处理器中安全加载代码的方法和系统
公开(公告)号：US08683212B2
公开(公告)日：2014-03-25
申请号：US11753338
申请日：2007-05-24
申请人： Stephane Rodgers , Andrew Dellow , Xuemin Chen , Iue-Shuenn Chen
发明人： Stephane Rodgers , Andrew Dellow , Xuemin Chen , Iue-Shuenn Chen
IPC分类号： G05B19/00
CPC分类号： G06F21/6209 , G06F21/77
摘要： Securely loading code in a security processor may include autonomous fetching an encrypted security data set, which may comprise security code and/or root keys, by a security processor integrated within a chip. The encrypted security data set may be decrypted via the on-chip security processor and the decrypted code set may be validated on-chip using an on-chip locked value. The on-chip locked value may be stored in a one-time programmable read-only memory (OTP ROM) and may include security information generated by applying one or more security algorithms, for example SHA-based algorithms, to the security data set. The encryption of the security data set may utilize various security algorithms, for example AES-based algorithms. The on-chip locked value may be created and locked after a virgin boot of a device that includes the security processor. The security data set may be authenticated during the virgin boot of the device.
摘要翻译：在安全处理器中安全地加载代码可以包括通过集成在芯片内的安全处理器来自主地获取可以包括安全代码和/或根密钥的加密安全数据集。加密的安全数据集可以经由片上安全处理器解密，并且解码的代码集可以使用片上锁定值在片上进行验证。片上锁定值可以存储在一次性可编程只读存储器（OTP ROM）中，并且可以包括通过将一个或多个安全算法（例如基于SHA的算法）应用于安全数据集而生成的安全信息。安全数据集的加密可以利用各种安全算法，例如基于AES的算法。在包含安全处理器的设备的初始引导之后，可以创建和锁定片上锁定值。安全数据集可以在设备的初始启动期间被认证。

10. 发明授权

US08572399B2 Method and system for two-stage security code reprogramming 有权
标题翻译：二阶段安全码重编程方法与系统
公开(公告)号：US08572399B2
公开(公告)日：2013-10-29
申请号：US11746769
申请日：2007-05-10
申请人： Stephane Rodgers , Andrew Dellow , Xuemin Chen , Iue-Shuenn Chen
发明人： Stephane Rodgers , Andrew Dellow , Xuemin Chen , Iue-Shuenn Chen
IPC分类号： H04L29/06
CPC分类号： H04N21/818 , G06F21/572 , H04N21/4432 , H04N21/4586
摘要： A stored predefined unmodifiable bootable code set may be verified during code reprogramming of a device, and executed as a first stage of code reprogramming of the device. The predefined unmodifiable bootable code set may be stored in a locked memory such as a locked flash memory and may comprise code that enables minimal communication functionality of the device. The predefined unmodifiable bootable code set may be verified using a security algorithm, for example, a SHA-based algorithm. Information necessary for the security algorithm may be stored in a memory, for example, a one-time programmable read-only memory (OTP ROM). The stored information necessary for the security algorithm may comprise a SHA digest, a signature, and/or a key. A second stage code set may be verified and executed during the code reprogramming of the device subsequent to the verification of the stored predefined unmodifiable bootable code set.
摘要翻译：可以在设备的代码重新编程期间验证存储的预定义的不可修改的可引导代码集，并且作为设备的代码重新编程的第一级被执行。预定义的不可修改的可引导代码集可以存储在诸如锁定的闪存的锁定存储器中，并且可以包括能够实现设备的最小通信功能的代码。可以使用安全算法（例如，基于SHA的算法）来验证预定义的不可修改的可引导代码集。安全算法所需的信息可以存储在存储器中，例如，一次性可编程只读存储器（OTP ROM）。安全算法所需的存储信息可以包括SHA摘要，签名和/或密钥。可以在验证存储的预定义的不可修改的可引导代码集之后的设备的代码重新编程期间验证和执行第二阶段代码集。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式