专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US09026800B2 Method and system for allowing customer or third party testing of secure programmable code 有权
标题翻译：允许客户或第三方安全可编程代码测试的方法和系统
公开(公告)号：US09026800B2
公开(公告)日：2015-05-05
申请号：US11743545
申请日：2007-05-02
申请人： Stephane Rodgers , Andrew Dellow , Iue-Shuenn Chen , Xuemin Chen , Carolyn Walker
发明人： Stephane Rodgers , Andrew Dellow , Iue-Shuenn Chen , Xuemin Chen , Carolyn Walker
IPC分类号： G06F21/00 , G06F21/57 , G06F21/60 , G06F21/64 , G06F21/12 , H04L9/06 , H04L29/06 , H04N7/16 , H04N21/426 , H04N21/458 , H04N21/4623 , H04N21/81 , G06F21/10
CPC分类号： G06F21/572 , G06F21/10 , G06F21/12 , G06F21/121 , G06F21/60 , G06F21/64 , G06F2221/033 , H04L9/0643 , H04L63/12 , H04L63/123 , H04N7/162 , H04N21/42623 , H04N21/4586 , H04N21/4623 , H04N21/8193
摘要： Methods and systems for allowing customer or third party testing of secure programmable code are disclosed and may include verifying code loaded in a set-top box utilizing a test hash or a production hash prior to execution of the code, where the test hash and production hash may be stored in a memory, such as an OTP, within the set-top box, and may allow migration from corresponding test code to production code, which may be verified utilizing the test hash and production hash, respectively. The test and production hashes may be customer specific. The migration from test code to production code may be authenticated using at least a set-top box specific password. The test hash may be stored in a first portion of a one-time programmable memory and the production hash in a remaining portion, with the first portion being less than or equal to the remaining portion.
摘要翻译：公开了用于允许客户或第三方测试安全可编程代码的方法和系统，并且可以包括在执行代码之前利用测试散列或生产散列验证加载在机顶盒中的代码，其中测试散列和生产散列可以存储在机顶盒内的诸如OTP的存储器中，并且可以允许从相应的测试代码迁移到生产代码，这可以分别使用测试散列和生产散列进行验证。测试和生产散列可能是客户特定的。从测试代码到生产代码的迁移可以至少使用机顶盒专用密码进行认证。测试散列可以存储在一次性可编程存储器的第一部分中，并且剩余部分中的生成散列，其中第一部分小于或等于其余部分。

2. 发明授权

US07844996B2 Method and apparatus for constructing an access control matrix for a set-top box security processor 有权
标题翻译：一种用于构建机顶盒安全处理器的访问控制矩阵的方法和装置
公开(公告)号：US07844996B2
公开(公告)日：2010-11-30
申请号：US11136027
申请日：2005-05-23
申请人： Xuemin Chen , Iue-Shuenn Chen , Shee-Yen Tan , Hongbo Zhu , Qiang Ye
发明人： Xuemin Chen , Iue-Shuenn Chen , Shee-Yen Tan , Hongbo Zhu , Qiang Ye
IPC分类号： G06F7/04
CPC分类号： G06F21/71 , G06F2221/2141 , H04N21/43607 , H04N21/4623
摘要： In multimedia systems requiring secure access, a method and apparatus for constructing an access control matrix for a set-top box security processor are provided. A security processor may comprise multiple security components and may support multiple user modes. For each user mode supported, at least one access rule table may be generated to indicate access rules to a security component in the security processor. An access control list comprises information regarding the access rules for a particular user mode to the security components in the security processor. An access control matrix may be generated based on the access control lists for the user modes supported by the security component. The access control matrix may be implemented and/or stored in the security processor for verifying access rights of a user mode.
摘要翻译：在需要安全访问的多媒体系统中，提供了一种用于构建用于机顶盒安全处理器的访问控制矩阵的方法和装置。安全处理器可以包括多个安全组件，并且可以支持多个用户模式。对于支持的每个用户模式，可以生成至少一个访问规则表以指示对安全处理器中的安全组件的访问规则。访问控制列表包括关于针对安全处理器中的安全组件的特定用户模式的访问规则的信息。可以基于由安全组件支持的用户模式的访问控制列表来生成访问控制矩阵。访问控制矩阵可以被实现和/或存储在安全处理器中，以验证用户模式的访问权限。

3. 发明申请

US20070294761A1 Method and System to Allow System-on-Chip Individual I/O Control to be Disabled and Enabled by Programmable Non-Volatile Memory 有权
标题翻译：方法和系统允许片上独立的I / O控制被可编程非易失性存储器禁用和启用
公开(公告)号：US20070294761A1
公开(公告)日：2007-12-20
申请号：US11558328
申请日：2006-11-09
申请人： Iue-Shuenn Chen , Xuemin Chen
发明人： Iue-Shuenn Chen , Xuemin Chen
IPC分类号： H04L9/32
CPC分类号： G06F21/85 , G06F21/31 , H04N21/42623 , H04N21/42684 , H04N21/443 , H04N21/462 , H04N21/4753
摘要： Certain aspects of a method and system for allowing system-on-chip individual I/O control to be disabled and enabled by programmable non-volatile memory are disclosed. Aspects of one method may include mapping at least one bit of a control vector within a security processor comprising a non-volatile memory to each of a plurality of on-chip I/O physical buses. At least one of the plurality of on-chip I/O physical buses may be enabled or disabled by modifying the mapped bit or bits of the control vector.
摘要翻译：公开了一种用于允许由可编程非易失性存储器禁用和启用片上独立I / O控制的方法和系统的某些方面。一种方法的方面可以包括将包括非易失性存储器的安全处理器内的控制向量的至少一个比特映射到多个片上I / O物理总线中的每一个。多个片上I / O物理总线中的至少一个可以通过修改控制向量的映射比特来启用或禁用。

4. 发明申请

US20070294745A1 Method and System For Multi-Level Security Initialization and Configuration 有权
标题翻译：多级安全初始化和配置的方法和系统
公开(公告)号：US20070294745A1
公开(公告)日：2007-12-20
申请号：US11682544
申请日：2007-03-06
申请人： Shee-Yen Tan , Xuemin Chen , Iue-Shuenn Chen , Qiang Ye
发明人： Shee-Yen Tan , Xuemin Chen , Iue-Shuenn Chen , Qiang Ye
IPC分类号： H04L9/32
CPC分类号： G06F21/85 , G06F21/74 , H04N21/4623 , H04N21/4751
摘要： Aspects of a method and system for multi-level security initialization and configuration are provided. A security system may comprise a security processor, a host processor, and at least one security component, such as a descrambler. The security processor may enable a security component based on information stored within a non-volatile memory integrated within the security processor. The host processor may enable generation of at least one configuration command communicated to the security processor for configuring the enabled security component. The configuration command may correspond to a security control operational mode for the security component that may indicate, for example, activation or deactivation of the security component. The security processor may authenticate a digital signature in the configuration command. Initialization and configuration may be performed during a system boot sequence of the security system.
摘要翻译：提供了一种用于多级安全初始化和配置的方法和系统。安全系统可以包括安全处理器，主机处理器和至少一个安全组件，例如解扰器。安全处理器可以基于存储在集成在安全处理器内的非易失性存储器内的信息来启用安全组件。主机处理器可以实现传送到安全处理器的至少一个配置命令的生成，用于配置启用的安全组件。配置命令可以对应于可以指示例如安全组件的激活或去激活的安全组件的安全控制操作模式。安全处理器可以在配置命令中认证数字签名。可以在安全系统的系统引导顺序期间执行初始化和配置。

5. 发明授权

US08045707B2 System and method for securing data 有权
标题翻译：用于保护数据的系统和方法
公开(公告)号：US08045707B2
公开(公告)日：2011-10-25
申请号：US10695008
申请日：2003-10-28
申请人： Steve W. Rodgers , Sherman (Xuemin) Chen , Iue-Shuenn Chen
发明人： Steve W. Rodgers , Sherman (Xuemin) Chen , Iue-Shuenn Chen
IPC分类号： H04L9/00
CPC分类号： H04L9/002 , H04L9/0618 , H04L2209/125 , H04N21/4424 , H04N21/4432
摘要： Systems and systems that protect data are provided. In one embodiment, a system may include, for example, a memory and a processor. The memory may store, for example, encrypted data. The processor may be coupled to the memory and may include, for example, a decryptor that decrypts the encrypted data. The decryptor may be adapted, for example, to variably bit roll the encrypted data, to fixedly bit shuffle the bit-rolled data, to add a first key to the bit-shuffled data and to process the added data with a second key.
摘要翻译：提供保护数据的系统和系统。在一个实施例中，系统可以包括例如存储器和处理器。存储器可以存储例如加密数据。处理器可以耦合到存储器，并且可以包括例如解密加密数据的解密器。解密器可以适应于例如可变地位滚动加密数据，以固定地对位滚动数据进行混洗，以将第一密钥添加到位混洗数据并用第二密钥处理添加的数据。

6. 发明申请

US20080086647A1 METHOD AND SYSTEM FOR ALLOWING CUSTOMER OR THIRD PARTY TESTING OF SECURE PROGRAMMABLE CODE 有权
标题翻译：允许客户或第三方安全可编程代码测试的方法和系统
公开(公告)号：US20080086647A1
公开(公告)日：2008-04-10
申请号：US11743545
申请日：2007-05-02
申请人： Stephane Rodgers , Andrew Dellow , Iue-Shuenn Chen , Xuemin Chen , Carolyn Walker
发明人： Stephane Rodgers , Andrew Dellow , Iue-Shuenn Chen , Xuemin Chen , Carolyn Walker
IPC分类号： G06F12/14
CPC分类号： G06F21/572 , G06F21/10 , G06F21/12 , G06F21/121 , G06F21/60 , G06F21/64 , G06F2221/033 , H04L9/0643 , H04L63/12 , H04L63/123 , H04N7/162 , H04N21/42623 , H04N21/4586 , H04N21/4623 , H04N21/8193
摘要： Methods and systems for allowing customer or third party testing of secure programmable code are disclosed and may include verifying code loaded in a set-top box utilizing a test hash or a production hash prior to execution of the code, where the test hash and production hash may be stored in a memory, such as an OTP, within the set-top box, and may allow migration from corresponding test code to production code, which may be verified utilizing the test hash and production hash, respectively. The test and production hashes may be customer specific. The migration from test code to production code may be authenticated using at least a set-top box specific password. The test hash may be stored in a first portion of a one-time programmable memory and the production hash in a remaining portion, with the first portion being less than or equal to the remaining portion.
摘要翻译：公开了用于允许客户或第三方测试安全可编程代码的方法和系统，并且可以包括在执行代码之前利用测试散列或生产散列验证加载在机顶盒中的代码，其中测试散列和生产散列可以存储在机顶盒内的诸如OTP的存储器中，并且可以允许从相应的测试代码迁移到生产代码，这可以分别使用测试散列和生产散列进行验证。测试和生产散列可能是客户特定的。从测试代码到生产代码的迁移可以至少使用机顶盒专用密码进行认证。测试散列可以存储在一次性可编程存储器的第一部分中，并且剩余部分中的生成散列，其中第一部分小于或等于其余部分。

7. 发明申请

US20080086628A1 METHOD AND SYSTEM FOR TWO-STAGE SECURITY CODE REPROGRAMMING 有权
标题翻译：用于两级安全代码转换的方法和系统
公开(公告)号：US20080086628A1
公开(公告)日：2008-04-10
申请号：US11746769
申请日：2007-05-10
申请人： Stephane Rodgers , Andrew Dellow , Xuemin Chen , Iue-Shuenn Chen
发明人： Stephane Rodgers , Andrew Dellow , Xuemin Chen , Iue-Shuenn Chen
IPC分类号： G06F9/00
CPC分类号： H04N21/818 , G06F21/572 , H04N21/4432 , H04N21/4586
摘要： A stored predefined unmodifiable bootable code set may be verified during code reprogramming of a device, and executed as a first stage of code reprogramming of the device. The predefined unmodifiable bootable code set may be stored in a locked memory such as a locked flash memory and may comprise code that enables minimal communication functionality of the device. The predefined unmodifiable bootable code set may be verified using a security algorithm, for example, a SHA-based algorithm. Information necessary for the security algorithm may be stored in a memory, for example, a one-time programmable read-only memory (OTP ROM). The stored information necessary for the security algorithm may comprise a SHA digest, a signature, and/or a key. A second stage code set may be verified and executed during the code reprogramming of the device subsequent to the verification of the stored predefined unmodifiable bootable code set.
摘要翻译：可以在设备的代码重新编程期间验证存储的预定义的不可修改的可引导代码集，并且作为设备的代码重新编程的第一级被执行。预定义的不可修改的可引导代码集可以存储在诸如锁定的闪存的锁定存储器中，并且可以包括能够实现设备的最小通信功能的代码。可以使用安全算法（例如，基于SHA的算法）来验证预定义的不可修改的可引导代码集。安全算法所需的信息可以存储在存储器中，例如，一次性可编程只读存储器（OTP ROM）。安全算法所需的存储信息可以包括SHA摘要，签名和/或密钥。可以在验证存储的预定义的不可修改的可引导代码集之后的设备的代码重新编程期间验证和执行第二阶段代码集。

8. 发明申请

US20060195691A1 Method and system for random data access for security applications 有权
标题翻译：用于安全应用的随机数据访问的方法和系统
公开(公告)号：US20060195691A1
公开(公告)日：2006-08-31
申请号：US11069204
申请日：2005-02-28
申请人： Xuemin Chen , Iue-Shuenn Chen , Francis Cheung , Longyin Wei
发明人： Xuemin Chen , Iue-Shuenn Chen , Francis Cheung , Longyin Wei
IPC分类号： H04L9/00
CPC分类号： H04L9/3239 , G06F21/71 , G06F21/79 , H04L9/3249
摘要： Methods and systems for random data access for security applications are disclosed and may comprise generating on a chip, a random process index. A data process may be randomly selected on the chip utilizing the generated random process index. A time interval may be randomly allocated on the chip. After the time interval, the randomly selected data process may initiate processing of data. The processing of the data may comprise accessing the data and/or acquiring the data. The data may be verified by the selected data process prior to the processing of the data. The data may be verified utilizing a digital signature verification algorithm, for example.
摘要翻译：公开了用于安全应用的随机数据访问的方法和系统，并且可以包括在芯片上生成随机过程索引。利用生成的随机过程索引可以在芯片上随机选择数据处理。时间间隔可以随机分配在芯片上。在时间间隔之后，随机选择的数据处理可以启动数据处理。数据的处理可以包括访问数据和/或获取数据。可以在数据处理之前通过所选择的数据处理来验证数据。例如，可以使用数字签名验证算法来验证数据。

9. 发明授权

US09904809B2 Method and system for multi-level security initialization and configuration 有权
公开(公告)号：US09904809B2
公开(公告)日：2018-02-27
申请号：US11682544
申请日：2007-03-06
申请人： Shee-Yen Tan , Xuemin Chen , Iue-Shuenn Chen , Qiang Ye
发明人： Shee-Yen Tan , Xuemin Chen , Iue-Shuenn Chen , Qiang Ye
IPC分类号： G06F21/00 , G06F21/85 , G06F21/74 , H04N21/4623 , H04N21/475
CPC分类号： G06F21/85 , G06F21/74 , H04N21/4623 , H04N21/4751
摘要： Aspects of a method and system for multi-level security initialization and configuration are provided. A security system may comprise a security processor, a host processor, and at least one security component, such as a descrambler. The security processor may enable a security component based on information stored within a non-volatile memory integrated within the security processor. The host processor may enable generation of at least one configuration command communicated to the security processor for configuring the enabled security component. The configuration command may correspond to a security control operational mode for the security component that may indicate, for example, activation or deactivation of the security component. The security processor may authenticate a digital signature in the configuration command. Initialization and configuration may be performed during a system boot sequence of the security system.

10. 发明授权

US09497022B2 Method and system for improved fault tolerance in distributed customization controls using non-volatile memory 有权
标题翻译：使用非易失性存储器的分布式定制控制中改进容错的方法和系统
公开(公告)号：US09497022B2
公开(公告)日：2016-11-15
申请号：US11558360
申请日：2006-11-09
申请人： Iue-Shuenn Chen , Xuemin Chen
发明人： Iue-Shuenn Chen , Xuemin Chen
IPC分类号： H04L29/06 , H04L9/00
CPC分类号： H04L9/004 , H04L2209/12
摘要： Certain aspects of a method and system for improved fault tolerance in distributed customization controls using non-volatile memory are disclosed. Aspects of one method may include mapping an input control signal to a plurality of input logic circuits within a security processor. A plurality of independent processing paths may be defined between each of the plurality of input logic circuits and an output logic circuit. Each of the plurality of independent processing paths may comprise one or more logic circuits. The input control signal may be routed via at least a portion of the plurality of independent processing paths. The portion of the plurality of independent processing paths may be combined in the output logic circuit to generate the input control signal.
摘要翻译：公开了使用非易失性存储器的分布式定制控制中用于改进容错的方法和系统的某些方面。一种方法的方面可以包括将输入控制信号映射到安全处理器内的多个输入逻辑电路。可以在多个输入逻辑电路中的每一个和输出逻辑电路之间定义多个独立的处理路径。多个独立处理路径中的每一个可以包括一个或多个逻辑电路。输入控制信号可以经由多个独立处理路径的至少一部分路由。多个独立处理路径的部分可以组合在输出逻辑电路中以产生输入控制信号。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式