专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

21. 发明授权

US08844022B2 Method and system to allow system-on-chip individual I/O control to be disabled and enabled by programmable non-volatile memory 有权
标题翻译：方法和系统允许系统级的单独I / O控制被可编程非易失性存储器禁用和使能
公开(公告)号：US08844022B2
公开(公告)日：2014-09-23
申请号：US11558328
申请日：2006-11-09
申请人： Iue-Shuenn Chen , Xuemin Chen
发明人： Iue-Shuenn Chen , Xuemin Chen
IPC分类号： G06F7/04 , G06F12/14 , G06F21/85 , H04N21/426 , H04N21/443 , H04N21/462 , H04N21/475 , G06F21/31
CPC分类号： G06F21/85 , G06F21/31 , H04N21/42623 , H04N21/42684 , H04N21/443 , H04N21/462 , H04N21/4753
摘要： Certain aspects of a method and system for allowing system-on-chip individual I/O control to be disabled and enabled by programmable non-volatile memory are disclosed. Aspects of one method may include mapping at least one bit of a control vector within a security processor comprising a non-volatile memory to each of a plurality of on-chip I/O physical buses. At least one of the plurality of on-chip I/O physical buses may be enabled or disabled by modifying the mapped bit or bits of the control vector.
摘要翻译：公开了一种用于允许由可编程非易失性存储器禁用和启用片上独立I / O控制的方法和系统的某些方面。一种方法的方面可以包括将包括非易失性存储器的安全处理器内的控制向量的至少一个比特映射到多个片上I / O物理总线中的每一个。多个片上I / O物理总线中的至少一个可以通过修改控制向量的映射比特来启用或禁用。

22. 发明授权

US08683212B2 Method and system for securely loading code in a security processor 有权
标题翻译：用于在安全处理器中安全加载代码的方法和系统
公开(公告)号：US08683212B2
公开(公告)日：2014-03-25
申请号：US11753338
申请日：2007-05-24
申请人： Stephane Rodgers , Andrew Dellow , Xuemin Chen , Iue-Shuenn Chen
发明人： Stephane Rodgers , Andrew Dellow , Xuemin Chen , Iue-Shuenn Chen
IPC分类号： G05B19/00
CPC分类号： G06F21/6209 , G06F21/77
摘要： Securely loading code in a security processor may include autonomous fetching an encrypted security data set, which may comprise security code and/or root keys, by a security processor integrated within a chip. The encrypted security data set may be decrypted via the on-chip security processor and the decrypted code set may be validated on-chip using an on-chip locked value. The on-chip locked value may be stored in a one-time programmable read-only memory (OTP ROM) and may include security information generated by applying one or more security algorithms, for example SHA-based algorithms, to the security data set. The encryption of the security data set may utilize various security algorithms, for example AES-based algorithms. The on-chip locked value may be created and locked after a virgin boot of a device that includes the security processor. The security data set may be authenticated during the virgin boot of the device.
摘要翻译：在安全处理器中安全地加载代码可以包括通过集成在芯片内的安全处理器来自主地获取可以包括安全代码和/或根密钥的加密安全数据集。加密的安全数据集可以经由片上安全处理器解密，并且解码的代码集可以使用片上锁定值在片上进行验证。片上锁定值可以存储在一次性可编程只读存储器（OTP ROM）中，并且可以包括通过将一个或多个安全算法（例如基于SHA的算法）应用于安全数据集而生成的安全信息。安全数据集的加密可以利用各种安全算法，例如基于AES的算法。在包含安全处理器的设备的初始引导之后，可以创建和锁定片上锁定值。安全数据集可以在设备的初始启动期间被认证。

23. 发明授权

US08572399B2 Method and system for two-stage security code reprogramming 有权
标题翻译：二阶段安全码重编程方法与系统
公开(公告)号：US08572399B2
公开(公告)日：2013-10-29
申请号：US11746769
申请日：2007-05-10
申请人： Stephane Rodgers , Andrew Dellow , Xuemin Chen , Iue-Shuenn Chen
发明人： Stephane Rodgers , Andrew Dellow , Xuemin Chen , Iue-Shuenn Chen
IPC分类号： H04L29/06
CPC分类号： H04N21/818 , G06F21/572 , H04N21/4432 , H04N21/4586
摘要： A stored predefined unmodifiable bootable code set may be verified during code reprogramming of a device, and executed as a first stage of code reprogramming of the device. The predefined unmodifiable bootable code set may be stored in a locked memory such as a locked flash memory and may comprise code that enables minimal communication functionality of the device. The predefined unmodifiable bootable code set may be verified using a security algorithm, for example, a SHA-based algorithm. Information necessary for the security algorithm may be stored in a memory, for example, a one-time programmable read-only memory (OTP ROM). The stored information necessary for the security algorithm may comprise a SHA digest, a signature, and/or a key. A second stage code set may be verified and executed during the code reprogramming of the device subsequent to the verification of the stored predefined unmodifiable bootable code set.
摘要翻译：可以在设备的代码重新编程期间验证存储的预定义的不可修改的可引导代码集，并且作为设备的代码重新编程的第一级被执行。预定义的不可修改的可引导代码集可以存储在诸如锁定的闪存的锁定存储器中，并且可以包括能够实现设备的最小通信功能的代码。可以使用安全算法（例如，基于SHA的算法）来验证预定义的不可修改的可引导代码集。安全算法所需的信息可以存储在存储器中，例如，一次性可编程只读存储器（OTP ROM）。安全算法所需的存储信息可以包括SHA摘要，签名和/或密钥。可以在验证存储的预定义的不可修改的可引导代码集之后的设备的代码重新编程期间验证和执行第二阶段代码集。

24. 发明申请

US20110197054A1 METHOD AND SYSTEM FOR NAND FLASH SUPPORT IN AN AUTONOMOUSLY LOADED SECURE REPROGRAMMABLE SYSTEM 有权
标题翻译：在自动加载的安全可重构系统中的NAND闪存支持的方法和系统
公开(公告)号：US20110197054A1
公开(公告)日：2011-08-11
申请号：US13034176
申请日：2011-02-24
申请人： Stephane Rodgers , Andrew Dellow , Xuemin Chen , Iue-Shuenn Chen , Qiang Ye
发明人： Stephane Rodgers , Andrew Dellow , Xuemin Chen , Iue-Shuenn Chen , Qiang Ye
IPC分类号： G06F15/177
CPC分类号： G06F21/575 , G06F21/572
摘要： A boot code may be segmented to allow separate and independent storage of the code segments in a manner that may enable secure system boot by autonomous fetching and assembling of the boot code by a security sub-system. The code fetching may need to be done without the main CPU running on the chip for security reasons. Because the boot code may be stored in memory devices that require special software application to account for non-contiguous storage of data and/or code, for example a NAND flash memory which would require such an application as Bad Block Management, code segments stored in areas guaranteed to be usable may enable loading remaining segment separately and independently. Each of the code segments may be validated, wherein validation of the code segments may comprise use of hardware-based signatures.
摘要翻译：引导代码可以被分段以允许以可以通过安全子系统自主地取出和组合引导代码来实现安全系统引导的方式来分离和独立地存储代码段。出于安全考虑，代码获取可能需要完成，而主CPU不会在芯片上运行。由于引导代码可能存储在需要特殊软件应用程序的存储器件中以解决数据和/或代码的不连续存储，例如需要诸如坏块管理的应用的NAND闪存，存储在保证可用的区域可以分开和独立地加载剩余段。可以验证每个代码段，其中代码段的验证可以包括使用基于硬件的签名。

25. 发明申请

US20110072490A1 METHOD AND APPARATUS FOR CONSTRUCTING AN ACCSS CONTROL MATRIX FOR A SET-TOP BOX SECURITY 失效
标题翻译：用于构建安全顶盒安全性的ACCSS控制矩阵的方法和装置
公开(公告)号：US20110072490A1
公开(公告)日：2011-03-24
申请号：US12957051
申请日：2010-11-30
申请人： Xuemin Chen , Iue-Shuenn Chen , Shee-Yen Tan , Hongbo Zhu , Qiang Ye
发明人： Xuemin Chen , Iue-Shuenn Chen , Shee-Yen Tan , Hongbo Zhu , Qiang Ye
IPC分类号： G06F21/00
CPC分类号： G06F21/71 , G06F2221/2141 , H04N21/43607 , H04N21/4623
摘要： In multimedia systems requiring secure access, a method and apparatus for constructing an access control matrix for a set-top box security processor are provided. A security processor may comprise multiple security components and may support multiple user modes. For each user mode supported, at least one access rule table may be generated to indicate access rules to a security component in the security processor. An access control list comprises information regarding the access rules for a particular user mode to the security components in the security processor. An access control matrix may be generated based on the access control lists for the user modes supported by the security component. The access control matrix may be implemented and/or stored in the security processor for verifying access rights of a user mode. Results of operations associated with security components may be transferred to other processors communicatively coupled to the security processor.
摘要翻译：在需要安全访问的多媒体系统中，提供了一种用于构建用于机顶盒安全处理器的访问控制矩阵的方法和装置。安全处理器可以包括多个安全组件，并且可以支持多个用户模式。对于支持的每个用户模式，可以生成至少一个访问规则表以指示对安全处理器中的安全组件的访问规则。访问控制列表包括关于针对安全处理器中的安全组件的特定用户模式的访问规则的信息。可以基于由安全组件支持的用户模式的访问控制列表来生成访问控制矩阵。访问控制矩阵可以被实现和/或存储在安全处理器中，以验证用户模式的访问权限。与安全组件相关联的操作的结果可以被传送到通信地耦合到安全处理器的其他处理器。

26. 发明授权

US07913289B2 Method and apparatus for security policy and enforcing mechanism for a set-top box security processor 有权
标题翻译：用于机顶盒安全处理器的安全策略和执行机制的方法和装置
公开(公告)号：US07913289B2
公开(公告)日：2011-03-22
申请号：US11136175
申请日：2005-05-23
申请人： Xuemin Chen , Iue-Shuenn Chen , Carolyn Bell Walker
发明人： Xuemin Chen , Iue-Shuenn Chen , Carolyn Bell Walker
IPC分类号： G06F17/00 , H04L29/06
CPC分类号： H04N21/4623 , G06F21/10 , G06F21/71 , G06F2221/2141 , H04N21/43607
摘要： In multimedia systems that implement secure access techniques, a method and apparatus for a security policy and enforcing mechanism for a set-top box security processor are provided. A security policy may be determined for a multimedia terminal based on high-level requirements by various system users. A default mode of operation may be generated based on the security policy and may be stored in a security policy memory. An access control matrix that indicates the operation of security components in a security processor for various user modes may be stored in the security policy memory. Control and/or access operations not supported by the access control matrix may be supported by the default mode of operation. The user modes in the access control matrix may include composition user modes. Accessing the information in the security policy memory may be utilized to enforce the security policy in the multimedia terminal.
摘要翻译：在实现安全访问技术的多媒体系统中，提供了一种用于机顶盒安全处理器的安全策略和执行机制的方法和装置。可以基于各种系统用户的高级要求来确定多媒体终端的安全策略。可以基于安全策略来生成默认操作模式，并且可以将其存储在安全策略存储器中。指示用于各种用户模式的安全处理器中的安全组件的操作的访问控制矩阵可以被存储在安全策略存储器中。默认的操作模式可以支持访问控制矩阵不支持的控制和/或访问操作。访问控制矩阵中的用户模式可以包括组合用户模式。可以利用访问安全策略存储器中的信息来执行多媒体终端中的安全策略。

27. 发明授权

US07900032B2 Method and system for NAND flash support in autonomously loaded secure reprogrammable system 有权
标题翻译：自动加载安全可重新编程系统中NAND闪存支持的方法和系统
公开(公告)号：US07900032B2
公开(公告)日：2011-03-01
申请号：US11746773
申请日：2007-05-10
申请人： Stephane Rodgers , Andrew Dellow , Xuemin Chen , Iue-Shuenn Chen , Qiang Ye
发明人： Stephane Rodgers , Andrew Dellow , Xuemin Chen , Iue-Shuenn Chen , Qiang Ye
IPC分类号： G06F9/00 , H04L9/00 , H04L9/32
CPC分类号： G06F21/575 , G06F21/572
摘要： Segmenting a boot code to allow separate and independent storage and validation of the segments in a manner that enable secure system boot by autonomous fetching and assembling of the boot code by a security sub-system. The code fetching may need to be done without the main CPU running on the chip for security reasons. Because the boot code may be stored in memory devices that require special software application to account for non-contiguous storage of data and/or code, for example a NAND flash memory which would require such an application as Bad Block Management, code segments stored in areas guaranteed to be usable may enable loading and validating remaining segment separately and independently.
摘要翻译：分段引导代码，以允许通过安全子系统自主获取和组合引导代码来实现安全系统引导的方式，对段进行单独和独立的存储和验证。出于安全考虑，代码获取可能需要完成，而主CPU不会在芯片上运行。由于引导代码可能存储在需要特殊软件应用程序的存储器件中以解决数据和/或代码的不连续存储，例如将要求诸如坏块管理的应用的NAND闪存，存储在保证可用的区域可以分别且独立地加载和验证剩余段。

28. 发明授权

US07469368B2 Method and system for a non-volatile memory with multiple bits error correction and detection for improving production yield 有权
标题翻译：具有多位错误校正和检测功能的非易失性存储器的方法和系统，用于提高产量
公开(公告)号：US07469368B2
公开(公告)日：2008-12-23
申请号：US11288627
申请日：2005-11-29
申请人： Iue-Shuenn Chen , Xuemin Chen , Mihai Lupu
发明人： Iue-Shuenn Chen , Xuemin Chen , Mihai Lupu
IPC分类号： G11C29/00
CPC分类号： G11C29/42 , G06F11/1068 , G11C29/72
摘要： A method and system for a non-volatile memory (NVM) with multiple bits error correction and detection for improving production yield are provided. Forward error correction (FEC) operations and cyclic redundancy check (CRC) operations may be utilized in an NVM array integrated in a chip to correct errors in memory elements and detect remaining errors respectively. When remaining errors are detected, the memory element may be substituted by redundant memory elements in the NVM array. An erasure operation in the FEC may be utilized to correct errors when the error location is known. The NVM array may be partitioned into classes that may each have specified FEC operations and a specified priority to substitute memory elements by redundant memory elements. The FEC and CRC operations may be utilized to protect secure information stored in the NVM array by disabling the chip when errors are detected while reading the secure information.
摘要翻译：提供了一种用于提高产量的用于多位错误校正和检测的非易失性存储器（NVM）的方法和系统。可以在集成在芯片中的NVM阵列中使用前向纠错（FEC）操作和循环冗余校验（CRC）操作来校正存储器元件中的错误并分别检测剩余错误。当检测到剩余错误时，存储器元件可以被NVM阵列中的冗余存储器元件代替。当错误位置已知时，可以利用FEC中的擦除操作来校正错误。 NVM阵列可以被划分为可以各自具有指定的FEC操作和指定优先级的冗余存储器元件替代存储器元件的类。 FEC和CRC操作可用于通过在读取安全信息时检测到错误时禁用芯片来保护存储在NVM阵列中的安全信息。

29. 发明申请

US20080086780A1 METHOD AND SYSTEM FOR PROTECTION OF CUSTOMER SECRETS IN A SECURE REPROGRAMMABLE SYSTEM 有权
标题翻译：在安全可复制系统中保护客户秘密的方法和系统
公开(公告)号：US20080086780A1
公开(公告)日：2008-04-10
申请号：US11753414
申请日：2007-05-24
申请人： Xuemin Chen , Iue-Shuenn Chen , Stephane Rodgers , Andrew Dellow
发明人： Xuemin Chen , Iue-Shuenn Chen , Stephane Rodgers , Andrew Dellow
IPC分类号： H04L9/32
CPC分类号： G06F21/629 , G06F21/572 , H04N7/163 , H04N21/42692 , H04N21/4432 , H04N21/4627 , H04N21/818
摘要： Methods and systems for protection of customer secrets in a secure reprogrammable system are disclosed, and may include controlling, via hardware logic and firmware, access to customer specific functions. The firmware may comprise trusted code, and may comprise boot code, stored in non-volatile memory, which may comprise read only memory, or a locked flash memory. A customer mode may be checked via the trusted code prior to allowing downloading of code written by a customer to the reprogrammable system. Access to customer specific functions may be restricted via commands from a trusted source. The hardware logic may be latched at startup in a disabled mode by the firmware, determined by the customer mode stored in a one time programmable memory. The customer mode may be re-checked utilizing the firmware, and may disallow the use of code other than trusted code in the reprogrammable system when the re-checking fails.
摘要翻译：公开了用于保护安全可重新编程系统中的客户秘密的方法和系统，并且可以包括通过硬件逻辑和固件来控制对客户特定功能的访问。固件可以包括可信代码，并且可以包括存储在非易失性存储器中的引导代码，其可以包括只读存储器或锁定的闪存。可以在允许将由客户编写的代码下载到可重新编程系统之前通过可信代码来检查客户模式。可以通过来自可信来源的命令来限制访问客户特定功能。由存储在一次可编程存储器中的客户模式确定的固件可以在禁用模式下的硬件逻辑锁存硬件逻辑。可以使用固件来重新检查客户模式，并且当重新检查失败时，可以不允许在可再编程系统中使用除可信代码之外的代码。

30. 发明申请

US20080086630A1 METHOD AND SYSTEM FOR NAND FLASH SUPPORT IN AUTONOMOUSLY LOADED SECURE REPROGRAMMABLE SYSTEM 有权
标题翻译：自动加载安全可重构系统中的NAND闪存支持方法与系统
公开(公告)号：US20080086630A1
公开(公告)日：2008-04-10
申请号：US11746773
申请日：2007-05-10
申请人： Stephane Rodgers , Andrew Dellow , Xuemin Chen , Iue-Shuenn Chen , Qiang Ye
发明人： Stephane Rodgers , Andrew Dellow , Xuemin Chen , Iue-Shuenn Chen , Qiang Ye
IPC分类号： G06F9/24
CPC分类号： G06F21/575 , G06F21/572
摘要： Segmenting a boot code to allow separate and independent storage and validation of the segments in a manner that enable secure system boot by autonomous fetching and assembling of the boot code by a security sub-system. The code fetching may need to be done without the main CPU running on the chip for security reasons. Because the boot code may be stored in memory devices that require special software application to account for non-contiguous storage of data and/or code, for example a NAND flash memory which would require such an application as Bad Block Management, code segments stored in areas guaranteed to be usable may enable loading and validating remaining segment separately and independently.
摘要翻译：分段引导代码，以允许通过安全子系统自主获取和组合引导代码来实现安全系统引导的方式，对段进行单独和独立的存储和验证。出于安全考虑，代码获取可能需要完成，而主CPU不会在芯片上运行。由于引导代码可能存储在需要特殊软件应用程序的存储器件中以解决数据和/或代码的不连续存储，例如将要求诸如坏块管理的应用的NAND闪存，存储在保证可用的区域可以分别且独立地加载和验证剩余段。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式