Patent application number | Description | Published |
20080222428 | Method for Securing Authenticity of Data in a Digital Processing System - The invention describes a method and a corresponding digital processing system for ensuring that data is unmodified while reducing the amount of one-time programmable memory in the system. The data is stored in modifiable memory and an authentication value of the data is stored in unmodifiable memory. Before the data is used according to its purpose the digital processing system authenticates that the data is unmodified, for example by using a cryptographic hash algorithm. | 09-11-2008 |
20080267410 | Method for Authorizing and Authenticating Data - A method and a corresponding apparatus for authenticating data in a digital processing system (DPS) is disclosed, wherein a root/first tier key pair associated with a first tier/root authority may sign data and second tier keys for authorizing data for processing in the DPS. The first tier/root authority may pass entitlements to the authorized second tier key, which may itself authorize third tier keys and pass entitlements to said key. | 10-30-2008 |
20080271164 | METHOD AND SYSTEM FOR ALLOWING NO CODE DOWNLOAD IN A CODE DOWNLOAD SCHEME - Aspects of a method and system for allowing no code download in a code download scheme are provided. A system-on-a-chip (SoC) may comprise a security processor, a ROM, and a one-time-programmable (OTP) memory. The security processor may enable fetching code from a restricted function portion of the ROM. The restricted functions may comprise code for booting up the SoC and code that prevents enabling security algorithms within the SoC. The security processor may then enable booting up of at least a portion of the SoC based on the fetched code. The remaining portion of the ROM may comprise code for downloading security code from an external memory, such as a FLASH memory, to an internal memory, such as a RAM, to boot up the SoC. Access to the restricted function portion or the remaining portion of the ROM is based on at least one bit from the OTP memory. | 10-30-2008 |
20090080649 | METHOD AND SYSTEM FOR PROTECTING DATA - Methods and systems for protecting data may include controlling encryption and/or decryption and identifying a destination of corresponding encrypted and/or decrypted data, utilizing rules based on a source location of the data prior to the encryption or decryption and an algorithm that may have been previously utilized for encrypting and/or decrypting the data prior to the data being stored in the source location. The source location and/or destination of the data may comprise protected or unprotected memory. One or more of a plurality of algorithms may be utilized for the encryption and/or decryption. The rules may be stored in a key table, which may be stored on-chip, and may be reprogrammable. One or more keys for the encryption and/or decryption may be generated within the chip. | 03-26-2009 |
20090190762 | METHOD AND SYSTEM FOR PREVENTING GENERATION OF DECRYPTION KEYS VIA SAMPLE GATHERING - Methods and systems for preventing generation of decryption keys via statistical sample gathering may include verifying a one-key message authentication code (OMAC) decryption key in received data and inserting a delay time before subsequent OMAC verifications upon a failure of the verifying. The delay time may be increased, doubled, for example, with each failure of the subsequent OMAC verifications. The cryptographic system may be disabled upon reaching a defined number of OMAC verification failures. The delay time may be reset upon an OMAC verification pass. A number of OMAC verification failures may be stored in non-volatile memory. The OMAC verification may be one of a plurality of key verifications in a key ladder system. A service provider may be required to reset the cryptographic system when the cryptographic system may be disabled due to multiple OMAC failures. The received data may be AES, DES or 3-DES encrypted. | 07-30-2009 |
20100254536 | Authenticated mode control - Methods and systems for authenticated mode control in controlled devices are disclosed. A method for changing a mode in a controlled device from a current mode includes selecting one of several available key derivation functions based on a target mode, generating a target mode specific root key using a global root key and the selected key derivation function, and the use of that root key to affect a change of the controlled device to a target mode. Corresponding devices and systems are also disclosed. In one embodiment, the methods are applicable to a cable television distribution system and the changing of the operating mode of a set top box from one conditional access provider to another. | 10-07-2010 |
20110197054 | METHOD AND SYSTEM FOR NAND FLASH SUPPORT IN AN AUTONOMOUSLY LOADED SECURE REPROGRAMMABLE SYSTEM - A boot code may be segmented to allow separate and independent storage of the code segments in a manner that may enable secure system boot by autonomous fetching and assembling of the boot code by a security sub-system. The code fetching may need to be done without the main CPU running on the chip for security reasons. Because the boot code may be stored in memory devices that require special software application to account for non-contiguous storage of data and/or code, for example a NAND flash memory which would require such an application as Bad Block Management, code segments stored in areas guaranteed to be usable may enable loading remaining segment separately and independently. Each of the code segments may be validated, wherein validation of the code segments may comprise use of hardware-based signatures. | 08-11-2011 |
20110197069 | METHOD AND SYSTEM FOR PREVENTING REVOCATION DENIAL OF SERVICE ATTACKS - Methods and systems for preventing revocation denial of service attacks are disclosed and may include receiving and decrypting a command for revoking a secure key utilizing a hidden key, and revoking the secure key upon successful verification of a signature. The command may comprise a key ID that is unique to a specific set-top box. A key corresponding to the command for revoking the secure key may be stored in a one-time programmable memory, compared to a reference, and the security key may be revoked based on the comparison. The command for revoking the secure key may be parsed from a transport stream utilizing a hardware parser. The method and system may also comprise generating a command for revoking a secure key. The command may be encrypted and signed utilizing a hidden key and may comprise a key ID that is unique to a specific set-top box. | 08-11-2011 |
20120201377 | Authenticated Mode Control - Methods and systems for authenticated mode control in controlled devices are disclosed. A method for changing a mode in a controlled device from a current mode includes selecting one of several available key derivation functions based on a target mode, generating a target mode specific root key using a global root key and the selected key derivation function, and the use of that root key to affect a change of the controlled device to a target mode. Corresponding devices and systems are also disclosed. In one embodiment, the methods are applicable to a cable television distribution system and the changing of the operating mode of a set top box from one conditional access provider to another. | 08-09-2012 |
20120254627 | Method and System for Protecting Data - Methods and systems for protecting data may include controlling encryption and/or decryption and identifying a destination of corresponding encrypted and/or decrypted data, utilizing rules based on a source location of the data prior to the encryption or decryption and an algorithm that may have been previously utilized for encrypting and/or decrypting the data prior to the data being stored in the source location. The source location and/or destination of the data may comprise protected or unprotected memory. One or more of a plurality of algorithms may be utilized for the encryption and/or decryption. The rules may be stored in a key table, which may be stored on-chip, and may be reprogrammable. One or more keys for the encryption and/or decryption may be generated within the chip. | 10-04-2012 |
20120328106 | GENERATING SECURE DEVICE SECRET KEY - Methods, devices, systems and computer program products are provided to facilitate cryptographically secure retrieval of secret information that is embedded in a device. The embedded secret information can include a random number that is not custom-designed for any specific requestor of the secret information. Upon receiving a request for the embedded secret information, an encrypted secret is provided to the requestor that enables the recovery of the embedded secret information by only the requestor. Moreover, a need for maintenance of a database of the embedded secret information and the associated requestors is eliminated. | 12-27-2012 |
20130185550 | METHOD AND SYSTEM FOR NAND FLASH SUPPORT IN AN AUTONOMOUSLY LOADED SECURE REPROGRAMMABLE SYSTEM - A system and method that enables secure system boot up with a restricted central processing unit (CPU). The system includes a memory, a segmenting device, and a security sub-system. The memory is a NAND flash memory with a block structure that comprises a guaranteed block and non-guaranteed blocks. The guaranteed block is guaranteed to be useable. A boot code is segmented into boot code segments and the boot code segments are stored separately in the guaranteed and non-guaranteed blocks. The security sub-system is configured to locate the boot code segments stored in the non-guaranteed blocks and validate them independently based on data in the guaranteed block. The security sub-system is further configured to assemble the boot code segments into the boot code and execute the boot code. | 07-18-2013 |
20140019773 | METHOD AND SYSTEM FOR PROTECTING DATA - Methods and systems for protecting data may include controlling encryption and/or decryption and identifying a destination of corresponding encrypted and/or decrypted data, utilizing rules based on a source location of the data prior to the encryption or decryption and an algorithm that may have been previously utilized for encrypting and/or decrypting the data prior to the data being stored in the source location. The source location and/or destination of the data may comprise protected or unprotected memory. One or more of a plurality of algorithms may be utilized for the encryption and/or decryption. The rules may be stored in a key table, which may be stored on-chip, and may be reprogrammable. One or more keys for the encryption and/or decryption may be generated within the chip. | 01-16-2014 |
20140053001 | SECURITY CENTRAL PROCESSING UNIT MANAGEMENT OF A TRANSCODER PIPELINE - A method for managing a transcoder pipeline includes partitioning a memory with a numbered region; receiving an incoming media stream to be transcoded; and atomically loading, using a security central processing unit (SCPU), a decryption key, a counterpart encryption key and an associated region number of the memory into a slot of a key table, the key table providing selection of decryption and encryption keys during transcoding. The atomically loading the decryption and encryption keys and the associated numbered region ensures that the encryption key is selected to encrypt a transcoded version of the media stream when the media stream has been decrypted with the decryption key and the transcoded media stream is retrieved from the associated numbered region of the memory. | 02-20-2014 |
20140053230 | MULTI-SECURITY-CPU SYSTEM - A computing system includes a first security central processing unit (SCPU) of a system-on-a-chip (SOC), the first SCPU configured to execute functions of a first security level. The computing system also includes a second SCPU of the SOC coupled with the first SCPU and coupled with a host processor, the second SCPU configured to execute functions of a second security level less secure than the first security level, and the second SCPU executing functions not executed by the first SCPU. | 02-20-2014 |
20140090078 | Generating Secure Device Secret Key - Methods, devices, systems and computer program products are provided to facilitate cryptographically secure retrieval of secret information that is embedded in a device. The embedded secret information can include a random number that is not custom-designed for any specific requestor of the secret information. Upon receiving a request for the embedded secret information, an encrypted secret is provided to the requestor that enables the recovery of the embedded secret information by only the requestor. Moreover, a need for maintenance of a database of the embedded secret information and the associated requestors is eliminated. | 03-27-2014 |
20140098953 | Key Derivation System - A device generates a content key that depends upon device security state information. For example, the device may retrieve a first content key and a security state, and then derive a content key using the first content key and the security state. Accordingly, if the security state is incorrect, then the generated content key is incorrect, and the device cannot decrypt content provided to the device. | 04-10-2014 |
20140233732 | MOBILE PAYTV DRM ARCHITECTURE - A secure element operating in conjunction with a secure partition of a system-on-a-chip (SoC) having set top box (STB) functionality allows for digital rights management (DRM) key handling in a mobile platform. The secure element can include a secure processing system (SPS) to be implemented as a hard macro, thereby isolating the SPS from a peripheral processing system (PPS). The secure element and the secure partition of the SoC may be operatively connected by a secure cryptographic channel. | 08-21-2014 |
20140258708 | SECURING VARIABLE LENGTH KEYLADDER KEY - A system for securing a variable length keyladder key includes a keyladder decryptor configured to alter a first layer key and to execute a keyladder algorithm to generate a content key, the keyladder algorithm to generate the content key by decrypting an encrypted second layer key with the altered first layer key. The alteration mirrors the alteration applied to encrypt the second layer key by a content server providing content data to be decrypted. The system may further include a cryptographic direct memory access controller (DMAC) coupled with the keyladder decryptor and to decrypt encrypted content data using the generated content key. The keyladder decryptor may be further configured to send the content key to be stored in the DMAC without information regarding how the first layer key was altered. The alteration may include a permutation function or other change or modification. | 09-11-2014 |