专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

11. 发明授权

US07502475B2 Method and system for secure key generation 有权
标题翻译：用于安全密钥生成的方法和系统
公开(公告)号：US07502475B2
公开(公告)日：2009-03-10
申请号：US10713415
申请日：2003-11-14
申请人： Sherman (Xuemin) Chen , Iue-Shuenn Chen , Robert Brownhill , Wade K. Wan
发明人： Sherman (Xuemin) Chen , Iue-Shuenn Chen , Robert Brownhill , Wade K. Wan
IPC分类号： H04L9/00 , G06F11/30 , G06F7/04
CPC分类号： H04L9/0861 , H04L2209/605
摘要： Certain aspects of the invention for producing a secure key may comprise a secure key generator that receives a first, second and third input keys and utilizes these keys to generate a first output key. The first, second and third input keys may be a customer key, customer key selection and key variation, respectively. The first output key may be generated so that it is unique, differs from the first input key and is not a weak or semi-weak key. The first, second and third input keys may be mapped to generate mapped output key data and an intermediate key generated based on the first input key. The intermediate key and the output key data may be scrambled to create a scrambled output. At least a portion of the output key data may be masked and XORed with the scrambled output to generate the first output key.
摘要翻译：用于产生安全密钥的本发明的某些方面可以包括安全密钥生成器，其接收第一，第二和第三输入密钥并利用这些密钥来生成第一输出密钥。第一，第二和第三输入键可以分别是客户键，客户键选择和键变化。可以生成第一输出键，使得它是唯一的，不同于第一输入键，并且不是弱或弱弱键。可以映射第一，第二和第三输入键以生成映射的输出密钥数据和基于第一输入密钥生成的中间密钥。中间密钥和输出密钥数据可以被加扰以产生加扰输出。输出密钥数据的至少一部分可以被掩蔽并与加扰输出进行异或以产生第一输出密钥。

12. 发明申请

US20080086657A1 METHOD AND SYSTEM FOR DISASTER RECOVERY IN A SECURE REPROGRAMMABLE SYSTEM 有权
标题翻译：用于在安全可重构系统中进行灾难恢复的方法和系统
公开(公告)号：US20080086657A1
公开(公告)日：2008-04-10
申请号：US11753474
申请日：2007-05-24
申请人： Xuemin Chen , Andrew Dellow , Iue-Shuenn Chen , Stephane Rodgers
发明人： Xuemin Chen , Andrew Dellow , Iue-Shuenn Chen , Stephane Rodgers
IPC分类号： G06F11/07 , G06F12/14
CPC分类号： H04N21/4432 , G06F11/1433 , G06F21/572 , H04N21/4586 , H04N21/818
摘要： Methods and systems for software security in a secure communication system are disclosed and may include verifying downloaded code in a reprogrammable system and reloading prestored unmodifiable first stage code upon failure. The prestored unmodifiable first stage code, which may comprise boot code for the reprogrammable system, may be stored in locked flash, and the downloaded software code may be stored in unlocked flash. The downloaded software code may be verified by comparing a signature of the downloaded code to a private key. A first sticky bit may be utilized to indicate a failure of the verification and a second sticky bit may be utilized to indicate passing of the verification and the use of the downloaded software code. Whether to reset the reprogrammable system and reload the prestored unmodifiable first stage code may be determined from within the reprogrammable system, which may comprise a set-top box.
摘要翻译：公开了用于安全通信系统中的软件安全性的方法和系统，并且可以包括验证可再编程系统中的下载代码，并且在故障时重新加载预先存储的不可修改的第一级代码。预先存储的不可修改的第一级代码（其可以包括用于可重新编程系统的引导代码）可以存储在锁定的闪存中，并且下载的软件代码可以存储在解锁的闪存中。可以通过将下载的代码的签名与私钥进行比较来验证下载的软件代码。可以使用第一粘性位来指示验证失败，并且可以利用第二粘性位来指示验证的传递和下载的软件代码的使用。是否重置可编程系统并重新加载预先存储的不可修改的第一级代码可以在可重编程系统内确定，其可以包括机顶盒。

13. 发明申请

US20080084273A1 METHOD AND SYSTEM FOR SECURELY LOADING CODE IN A SECURITY PROCESSOR 有权
标题翻译：安全处理器中安全加载代码的方法和系统
公开(公告)号：US20080084273A1
公开(公告)日：2008-04-10
申请号：US11753338
申请日：2007-05-24
申请人： Stephane Rodgers , Andrew Dellow , Xuemin Chen , Iue-Shuenn Chen
发明人： Stephane Rodgers , Andrew Dellow , Xuemin Chen , Iue-Shuenn Chen
IPC分类号： G05B19/00
CPC分类号： G06F21/6209 , G06F21/77
摘要： Securely loading code in a security processor may include autonomous fetching an encrypted security data set, which may comprise security code and/or root keys, by a security processor integrated within a chip. The encrypted security data set may be decrypted via the on-chip security processor and the decrypted code set may be validated on-chip using an on-chip locked value. The on-chip locked value may be stored in a one-time programmable read-only memory (OTP ROM) and may include security information generated by applying one or more security algorithms, for example SHA-based algorithms, to the security data set. The encryption of the security data set may utilize various security algorithms, for example AES-based algorithms. The on-chip locked value may be created and locked after a virgin boot of a device that includes the security processor. The security data set may be authenticated during the virgin boot of the device.
摘要翻译：在安全处理器中安全地加载代码可以包括通过集成在芯片内的安全处理器来自主地获取可以包括安全代码和/或根密钥的加密安全数据集。加密的安全数据集可以经由片上安全处理器解密，并且解码的代码集可以使用片上锁定值在片上进行验证。片上锁定值可以存储在一次性可编程只读存储器（OTP ROM）中，并且可以包括通过将一个或多个安全算法（例如基于SHA的算法）应用于安全数据集而生成的安全信息。安全数据集的加密可以利用各种安全算法，例如基于AES的算法。在包含安全处理器的设备的初始引导之后，可以创建和锁定片上锁定值。安全数据集可以在设备的初始启动期间被认证。

14. 发明授权

US07346054B2 Method and system for co-relating transport packets on different channels using a cyclic redundancy check (CRC) 失效
标题翻译：使用循环冗余校验（CRC）在不同信道上共同传输分组的方法和系统
公开(公告)号：US07346054B2
公开(公告)日：2008-03-18
申请号：US10391848
申请日：2003-03-19
申请人： Iue-Shuenn Chen , Rajesh Mamidwar , Francis Cheung , Xuemin Chen
发明人： Iue-Shuenn Chen , Rajesh Mamidwar , Francis Cheung , Xuemin Chen
IPC分类号： H04L12/56 , H04L12/28
CPC分类号： H04N21/2358 , H04L12/2821 , H04N21/23605 , H04N21/23608 , H04N21/4343 , H04N21/631
摘要： A first primary packet to create a second primary packet for a particular PID. Different CRC checksum may be generated for the first and the second primary packet. The first primary packet may be replicated in order to create a first secondary packet and the second primary packet may be replicated to create a second secondary packet. The CRC checksum for the primary packets may be stored within their corresponding secondary packets. In response to receipt of a new stream with replicated packets, the first or said second primary packet may be selected and the first or second secondary packet may be selected for a particular PID based on the generated CRC checksum. The selections may co-relate the selected first and/or second primary packet with a legacy system or the selected first and/or second secondary packet with a new system.
摘要翻译：用于为特定PID创建第二个主数据包的第一个主数据包。可以为第一和第二主分组生成不同的CRC校验和。可以复制第一主分组以便创建第一辅助分组，并且可以复制第二主分组以创建第二辅助分组。主分组的CRC校验和可以存储在它们对应的次分组内。响应于接收到具有复制分组的新流，可以选择第一或所述第二主分组，并且可以基于生成的CRC校验和为特定PID选择第一或第二辅助分组。选择可以将所选择的第一和/或第二主分组与遗留系统或所选择的第一和/或第二次分组与新系统共同关联。

15. 发明授权

US08452987B2 Method and system for disaster recovery in a secure reprogrammable system 有权
标题翻译：安全可重编程系统中的灾难恢复方法和系统
公开(公告)号：US08452987B2
公开(公告)日：2013-05-28
申请号：US11753474
申请日：2007-05-24
申请人： Xuemin Chen , Andrew Dellow , Iue-Shuenn Chen , Stephane Rodgers
发明人： Xuemin Chen , Andrew Dellow , Iue-Shuenn Chen , Stephane Rodgers
IPC分类号： G06F11/30 , G06F12/14
CPC分类号： H04N21/4432 , G06F11/1433 , G06F21/572 , H04N21/4586 , H04N21/818
摘要： Methods and systems for software security in a secure communication system are disclosed and may include verifying downloaded code in a reprogrammable system and reloading prestored unmodifiable first stage code upon failure. The prestored unmodifiable first stage code, which may comprise boot code for the reprogrammable system, may be stored in locked flash, and the downloaded software code may be stored in unlocked flash. The downloaded software code may be verified by comparing a signature of the downloaded code to a private key. A first sticky bit may be utilized to indicate a failure of the verification and a second sticky bit may be utilized to indicate passing of the verification and the use of the downloaded software code. Whether to reset the reprogrammable system and reload the prestored unmodifiable first stage code may be determined from within the reprogrammable system, which may comprise a set-top box.
摘要翻译：公开了用于安全通信系统中的软件安全性的方法和系统，并且可以包括验证可再编程系统中的下载代码，并且在故障时重新加载预先存储的不可修改的第一级代码。预先存储的不可修改的第一级代码（其可以包括用于可重新编程系统的引导代码）可以存储在锁定的闪存中，并且下载的软件代码可以存储在解锁的闪存中。可以通过将下载的代码的签名与私钥进行比较来验证下载的软件代码。可以使用第一粘性位来指示验证失败，并且可以利用第二粘性位来指示验证的传递和下载的软件代码的使用。是否重置可编程系统并重新加载预先存储的不可修改的第一级代码可以在可重编程系统内确定，其可以包括机顶盒。

16. 发明授权

US08417931B2 Method and system for NAND flash support in an autonomously loaded secure reprogrammable system 有权
标题翻译：在自动加载的可重新编程系统中的NAND闪存支持的方法和系统
公开(公告)号：US08417931B2
公开(公告)日：2013-04-09
申请号：US13034176
申请日：2011-02-24
申请人： Stephane Rodgers , Andrew Dellow , Xuemin Chen , Iue-Shuenn Chen , Qiang Ye
发明人： Stephane Rodgers , Andrew Dellow , Xuemin Chen , Iue-Shuenn Chen , Qiang Ye
IPC分类号： G06F9/00 , H04L9/00
CPC分类号： G06F21/575 , G06F21/572
摘要： A boot code may be segmented to allow separate and independent storage of the code segments in a manner that may enable secure system boot by autonomous fetching and assembling of the boot code by a security sub-system. The code fetching may need to be done without the main CPU running on the chip for security reasons. Because the boot code may be stored in memory devices that require special software application to account for non-contiguous storage of data and/or code, for example a NAND flash memory which would require such an application as Bad Block Management, code segments stored in areas guaranteed to be usable may enable loading remaining segment separately and independently. Each of the code segments may be validated, wherein validation of the code segments may comprise use of hardware-based signatures.
摘要翻译：引导代码可以被分段以允许以可以通过安全子系统自主地取出和组合引导代码来实现安全系统引导的方式来分离和独立地存储代码段。出于安全考虑，代码获取可能需要完成，而主CPU不会在芯片上运行。由于引导代码可能存储在需要特殊软件应用程序的存储器件中以解决数据和/或代码的不连续存储，例如将要求诸如坏块管理的应用的NAND闪存，存储在保证可用的区域可以分开和独立地加载剩余段。可以验证每个代码段，其中代码段的验证可以包括使用基于硬件的签名。

17. 发明授权

US08347357B2 Method and apparatus for constructing an access control matrix for a set-top box security processor 失效
标题翻译：一种用于构建机顶盒安全处理器的访问控制矩阵的方法和装置
公开(公告)号：US08347357B2
公开(公告)日：2013-01-01
申请号：US12957051
申请日：2010-11-30
申请人： Xuemin Chen , Iue-Shuenn Chen , Shee-Yen Tan , Hongbo Zhu , Qiang Ye
发明人： Xuemin Chen , Iue-Shuenn Chen , Shee-Yen Tan , Hongbo Zhu , Qiang Ye
IPC分类号： G06F7/04
CPC分类号： G06F21/71 , G06F2221/2141 , H04N21/43607 , H04N21/4623
摘要： In multimedia systems requiring secure access, a method and apparatus for constructing an access control matrix for a set-top box security processor are provided. A security processor may comprise multiple security components and may support multiple user modes. For each user mode supported, at least one access rule table may be generated to indicate access rules to a security component in the security processor. An access control list comprises information regarding the access rules for a particular user mode to the security components in the security processor. An access control matrix may be generated based on the access control lists for the user modes supported by the security component. The access control matrix may be implemented and/or stored in the security processor for verifying access rights of a user mode. Results of operations associated with security components may be transferred to other processors communicatively coupled to the security processor.
摘要翻译：在需要安全访问的多媒体系统中，提供了一种用于构建用于机顶盒安全处理器的访问控制矩阵的方法和装置。安全处理器可以包括多个安全组件，并且可以支持多个用户模式。对于支持的每个用户模式，可以生成至少一个访问规则表以指示对安全处理器中的安全组件的访问规则。访问控制列表包括关于针对安全处理器中的安全组件的用于特定用户模式的访问规则的信息。可以基于由安全组件支持的用户模式的访问控制列表来生成访问控制矩阵。访问控制矩阵可以被实现和/或存储在安全处理器中，以验证用户模式的访问权限。与安全组件相关联的操作的结果可以被传送到通信地耦合到安全处理器的其他处理器。

18. 发明申请

US20080022371A1 Method and System for Improved Fault Tolerance in Distributed Customization Controls Using Non-Volatile Memory 有权
标题翻译：使用非易失性存储器改进分布式定制控件中容错能力的方法和系统
公开(公告)号：US20080022371A1
公开(公告)日：2008-01-24
申请号：US11558360
申请日：2006-11-09
申请人： Iue-Shuenn Chen , Xuemin Chen
发明人： Iue-Shuenn Chen , Xuemin Chen
IPC分类号： H04L9/32
CPC分类号： H04L9/004 , H04L2209/12
摘要： Certain aspects of a method and system for improved fault tolerance in distributed customization controls using non-volatile memory are disclosed. Aspects of one method may include mapping an input control signal to a plurality of input logic circuits within a security processor. A plurality of independent processing paths may be defined between each of the plurality of input logic circuits and an output logic circuit. Each of the plurality of independent processing paths may comprise one or more logic circuits. The input control signal may be routed via at least a portion of the plurality of independent processing paths. The portion of the plurality of independent processing paths may be combined in the output logic circuit to generate the input control signal.
摘要翻译：公开了使用非易失性存储器的分布式定制控制中用于改进容错的方法和系统的某些方面。一种方法的方面可以包括将输入控制信号映射到安全处理器内的多个输入逻辑电路。可以在多个输入逻辑电路中的每一个和输出逻辑电路之间定义多个独立的处理路径。多个独立处理路径中的每一个可以包括一个或多个逻辑电路。输入控制信号可以经由多个独立处理路径的至少一部分路由。多个独立处理路径的部分可以组合在输出逻辑电路中以产生输入控制信号。

19. 发明申请

US20060265734A1 Method and apparatus for constructing an access control matrix for a set-top box security processor 有权
标题翻译：一种用于构建机顶盒安全处理器的访问控制矩阵的方法和装置
公开(公告)号：US20060265734A1
公开(公告)日：2006-11-23
申请号：US11136027
申请日：2005-05-23
申请人： Xuemin Chen , Iue-Shuenn Chen , Shee-Yen Tan , Hongbo Zhu , Qiang Ye
发明人： Xuemin Chen , Iue-Shuenn Chen , Shee-Yen Tan , Hongbo Zhu , Qiang Ye
IPC分类号： H04L9/32
CPC分类号： G06F21/71 , G06F2221/2141 , H04N21/43607 , H04N21/4623
摘要： In multimedia systems requiring secure access, a method and apparatus for constructing an access control matrix for a set-top box security processor are provided. A security processor may comprise multiple security components and may support multiple user modes. For each user mode supported, at least one access rule table may be generated to indicate access rules to a security component in the security processor. An access control list comprises information regarding the access rules for a particular user mode to the security components in the security processor. An access control matrix may be generated based on the access control lists for the user modes supported by the security component. The access control matrix may be implemented and/or stored in the security processor for verifying access rights of a user mode.
摘要翻译：在需要安全访问的多媒体系统中，提供了一种用于构建用于机顶盒安全处理器的访问控制矩阵的方法和装置。安全处理器可以包括多个安全组件，并且可以支持多个用户模式。对于支持的每个用户模式，可以生成至少一个访问规则表以指示对安全处理器中的安全组件的访问规则。访问控制列表包括关于针对安全处理器中的安全组件的特定用户模式的访问规则的信息。可以基于由安全组件支持的用户模式的访问控制列表来生成访问控制矩阵。访问控制矩阵可以被实现和/或存储在安全处理器中，以验证用户模式的访问权限。

20. 发明申请

US20060265733A1 Method and apparatus for security policy and enforcing mechanism for a set-top box security processor 有权
标题翻译：用于机顶盒安全处理器的安全策略和执行机制的方法和装置
公开(公告)号：US20060265733A1
公开(公告)日：2006-11-23
申请号：US11136175
申请日：2005-05-23
申请人： Xuemin Chen , Iue-Shuenn Chen , Carolyn Walker
发明人： Xuemin Chen , Iue-Shuenn Chen , Carolyn Walker
IPC分类号： H04L9/00
CPC分类号： H04N21/4623 , G06F21/10 , G06F21/71 , G06F2221/2141 , H04N21/43607
摘要： In multimedia systems that implement secure access techniques, a method and apparatus for a security policy and enforcing mechanism for a set-top box security processor are provided. A security policy may be determined for a multimedia terminal based on high-level requirements by various system users. A default mode of operation may be generated based on the security policy and may be stored in a security policy memory. An access control matrix that indicates the operation of security components in a security processor for various user modes may be stored in the security policy memory. Control and/or access operations not supported by the access control matrix may be supported by the default mode of operation. The user modes in the access control matrix may include composition user modes. Accessing the information in the security policy memory may be utilized to enforce the security policy in the multimedia terminal.
摘要翻译：在实现安全访问技术的多媒体系统中，提供了一种用于机顶盒安全处理器的安全策略和执行机制的方法和装置。可以基于各种系统用户的高级要求来确定多媒体终端的安全策略。可以基于安全策略来生成默认操作模式，并且可以将其存储在安全策略存储器中。指示用于各种用户模式的安全处理器中的安全组件的操作的访问控制矩阵可以被存储在安全策略存储器中。默认的操作模式可以支持访问控制矩阵不支持的控制和/或访问操作。访问控制矩阵中的用户模式可以包括组合用户模式。可以利用访问安全策略存储器中的信息来执行多媒体终端中的安全策略。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式