Patent application number | Description | Published |
20090147985 | METHOD AND SYSTEM FOR secure WATERMARK EMBEDDING AND EXTRACTION DATA FLOW ARCHITECTURE - Methods and systems for secure watermark embedding and extraction data flow architecture are disclosed and may include embedding a watermark in a video signal utilizing an embedded CPU. The embedded CPU may be controlled utilizing a security processor via a secure bus. The watermark may be embedded in a compressed video signal that may be diverted around a compression/decompression engine. The watermark may be embedded in a decompressed video signal and may be directed through a compression/decompression engine. Requests may be sent to the embedded CPU from the main CPU via the security processor and the secure bus. The watermark may be encrypted utilizing the security processor. The secure bus may be inaccessible to the main CPU or any device not on the chip. The chip may be disabled when the embedded CPU may be disabled. Sections of the video signal may be classified and selected for embedding. | 06-11-2009 |
20090150676 | METHOD AND SYSTEM FOR ROBUST WATERMARK INSERTION AND EXTRACTION FOR DIGITAL SET-TOP BOXES - Methods and systems for robust watermark insertion and extraction for digital set-top boxes are disclosed and may include descrambling, detecting watermarking messages in a received video signal utilizing a watermark message parser, and immediately watermarking the descrambled video signal utilizing an embedded CPU. The embedded CPU may utilize code that may be signed by an authorized key, encrypted externally to the chip, decrypted, and stored in memory in a region off-limits to other processors. The video signal may be watermarked in a decompressed domain. The enabling of the watermarking may be verified utilizing a watchdog timer. The descriptors corresponding to the watermarking may be stored in memory that may be inaccessible by the main CPU. The watermark may comprise unique identifier data specific to the chip and a time stamp, and may be encrypted utilizing an on-chip combinatorial function. | 06-11-2009 |
20090187704 | METHOD AND SYSTEM FOR SECURE CODE ENCRYPTION FOR PC-SLAVE DEVICES - A PC-slave device may securely load and decrypt an execution code and/or data, which may be stored, encrypted, in a PC hard-drive. The PC-slave device may utilize a dedicated memory, which may be partitioned into an accessible region and a restricted region that may only be accessible by the PC-slave device. The encrypted execution code and/or may be loaded into the accessible region of the dedicated memory; the PC-slave device may decrypt the execution code and/or data, internally, and store the decrypted execution code and/or data into the restricted region of the dedicated memory. The decrypted execution code and/or data may be validated, and may be utilized from the restricted region. The partitioning of the dedicated memory, into accessible and restricted regions, may be performed dynamically during secure code loading. The PC-slave device may comprise a dedicated secure processor that may perform and/or manage secure code loading. | 07-23-2009 |
20100083387 | METHOD AND SYSTEM FOR A SECURE POWER MANAGEMENT SCHEME - A security processor integrated within a system may be securely shut down. The security processor may receive shut down requests, and may determine components and/or subsystems that need be shut down during shut down periods. The security processor may determine when each of the relevant components is ready for shut down. Once the relevant components are shut down, the security processor may itself be shut down, wherein the shut down of the security processor may be performed by stopping the clocking of the security processor. A security error monitor may monitor the system during shut down periods, and the security processor may be powered back on when security breaches and/or threats may be detected via the security error monitor. The security error monitor may be enabled to power on the security processor by reactivating the security processor clock, and the security processor may then power on the system. | 04-01-2010 |
20110197054 | METHOD AND SYSTEM FOR NAND FLASH SUPPORT IN AN AUTONOMOUSLY LOADED SECURE REPROGRAMMABLE SYSTEM - A boot code may be segmented to allow separate and independent storage of the code segments in a manner that may enable secure system boot by autonomous fetching and assembling of the boot code by a security sub-system. The code fetching may need to be done without the main CPU running on the chip for security reasons. Because the boot code may be stored in memory devices that require special software application to account for non-contiguous storage of data and/or code, for example a NAND flash memory which would require such an application as Bad Block Management, code segments stored in areas guaranteed to be usable may enable loading remaining segment separately and independently. Each of the code segments may be validated, wherein validation of the code segments may comprise use of hardware-based signatures. | 08-11-2011 |
20110197069 | METHOD AND SYSTEM FOR PREVENTING REVOCATION DENIAL OF SERVICE ATTACKS - Methods and systems for preventing revocation denial of service attacks are disclosed and may include receiving and decrypting a command for revoking a secure key utilizing a hidden key, and revoking the secure key upon successful verification of a signature. The command may comprise a key ID that is unique to a specific set-top box. A key corresponding to the command for revoking the secure key may be stored in a one-time programmable memory, compared to a reference, and the security key may be revoked based on the comparison. The command for revoking the secure key may be parsed from a transport stream utilizing a hardware parser. The method and system may also comprise generating a command for revoking a secure key. The command may be encrypted and signed utilizing a hidden key and may comprise a key ID that is unique to a specific set-top box. | 08-11-2011 |
20110219242 | METHOD AND SYSTEM FOR MANAGING SECURE CODE LOADING IN PC-SLAVE DEVICES - A secure processor in a PC-slave device may manage secure loading of execution code and/or data, which may be stored, in encrypted form, in a PC hard-drive. The secure processor may cause decryption of the execution code and/or data by the PC-slave device, and storage of the decrypted execution code and/or data in a restricted portion of a memory that is dedicated for use by the PC-slave device, with the restricted portion of the dedicated memory being only accessible by the PC-slave device. The secure processor may validate decrypted execution code and/or data. The secure processor may block operations of a main processor in the PC-slave device during secure loading of execution code and/or data, and may discontinue that blocking after validating the decrypted execution code and/or data. The secure processor may store encryption keys that are utilized during decryption of the encrypted execution code and/or data. | 09-08-2011 |
20120030391 | METHOD AND SYSTEM FOR MEMORY ATTACK PROTECTION TO ACHIEVE A SECURE INTERFACE - A slave device may receive commands from a host device communicatively coupled to the slave device, via a secure interface configured between the slave device and the host device over that coupling. An integrated memory within the slave device may be configured into a plurality of memory portions or regions based on the received commands. The memory regions may be utilized during operations associated with authentication of subsequent commands from the host device. A first memory region may enable storage of encrypted host commands and data. A second region may enable storage of decrypted host commands and data. A third region may enable storage of internal variables and/or intermediate results from operations performed by the slave device. Another region may comprise internal registers that enable storage of information only accessible to the slave device. Access to some of the memory regions may be controlled and/or restricted by the slave device | 02-02-2012 |
20120216034 | METHOD AND SYSTEM FOR SECURING COMMUNICATION ON A HOME GATEWAY IN AN IP CONTENT STREAMING SYSTEM - A home gateway, which enables communication with a plurality of devices, recovers a root-content key from a key server of a service provider for secure delivery of content requested by a client device. The recovered root-content key is utilized to generate a content key for corresponding content scrambling. The home gateway communicates the scrambled content to the client device. The home gateway utilizes the RSA protocol to request the root-content key from the key server. The root-content key is recovered from the received key index. The content key is encrypted utilizing a public key and delivered to the client device. The key server distributes the public key to the gateway through authentication messages. The client device utilizes its own private key to recover the content key by decrypting the encrypted content key. The scrambled content from the home gateway is descrambled using the recovered content key for content consumption. | 08-23-2012 |
20120216038 | UNIFIED VIDEO DELIVERY SYSTEM FOR SUPPORTING IP VIDEO STEAMING SERVICE - A home gateway may be used to handle at least a portion of processing of content obtained for consumption by client devices serviced via the home gateway. The home gateway may receive a single copy of content having a first format, and may convert the received content to one or more other formats suitable for presentation by at least one of the client devices based on knowledge of the client devices. The home gateway may maintain secure and/or protected access of the content handled via the home gateway. During protected access the home gateway may partition the content into a plurality of encrypted segments that are forwarded separately to the client devices. The client devices may utilize a corresponding plurality of encryption keys for decrypting the encrypted segments. The encryption keys may be obtained from an external key server. The home gateway may also generate the encryption keys. | 08-23-2012 |
20120328149 | Method and System for Robust Watermark Insertion and Extraction for Digital Set-Top Boxes - Methods and systems for robust watermark insertion and extraction for digital set-top boxes are disclosed and may include descrambling, detecting watermarking messages in a received video signal utilizing a watermark message parser, and immediately watermarking the descrambled video signal utilizing an embedded CPU. The embedded CPU may utilize code that may be signed by an authorized key, encrypted externally to the chip, decrypted, and stored in memory in a region off-limits to other processors. The video signal may be watermarked in a decompressed domain. The enabling of the watermarking may be verified utilizing a watchdog timer. The descriptors corresponding to the watermarking may be stored in memory that may be inaccessible by the main CPU. The watermark may comprise unique identifier data specific to the chip and a time stamp, and may be encrypted utilizing an on-chip combinatorial function. | 12-27-2012 |
20130007452 | METHOD AND SYSTEM FOR COMMAND AUTHENTICATION TO ACHIEVE A SECURE INTERFACE - Aspects of a method and system for command authentication to achieve a secure interface are provided. Command authentication between a host and a slave device in a multimedia system may be achieved by on-the-fly pairing or by an automatic one-time-programming via a security processor. In an on-the-fly pairing scheme, the host may generate a host key based on a host root key and host control words while the slave may generate slave key based the host key, a slave root key and slave control words. The slave key may be stored and later retrieved by the slave device to obtain the host key for authenticating host commands. The host may be disabled from generating and/or passing the host key to the slave. In an automatic one-time programming scheme, the security processor may burn a random number onto a onetime-programmable memory in the host and slave devices for command authentication. | 01-03-2013 |
20130185550 | METHOD AND SYSTEM FOR NAND FLASH SUPPORT IN AN AUTONOMOUSLY LOADED SECURE REPROGRAMMABLE SYSTEM - A system and method that enables secure system boot up with a restricted central processing unit (CPU). The system includes a memory, a segmenting device, and a security sub-system. The memory is a NAND flash memory with a block structure that comprises a guaranteed block and non-guaranteed blocks. The guaranteed block is guaranteed to be useable. A boot code is segmented into boot code segments and the boot code segments are stored separately in the guaranteed and non-guaranteed blocks. The security sub-system is configured to locate the boot code segments stored in the non-guaranteed blocks and validate them independently based on data in the guaranteed block. The security sub-system is further configured to assemble the boot code segments into the boot code and execute the boot code. | 07-18-2013 |
20130290637 | PER PROCESSOR BUS ACCESS CONTROL IN A MULTI-PROCESSOR CPU - A technique to provide hardware protection for bus accesses for a processor in a multiple processor environment where at least two zones are established to separate or segregate processor functionality. In one implementation, control registers within a cache memory that supports the multiple processors are loaded with addresses associated with access rights for a particular processor. Then, when an access request is generated, the registers are checked to authorize the access. | 10-31-2013 |
20140052975 | PROTECTING SECURE SOFTWARE IN A MULTI-SECURITY-CPU SYSTEM - A computing system includes a first central processing unit (CPU) and a second CPU coupled with the first CPU and with a host processor. In response to a request by the host processor to boot the second CPU, the first CPU is configured to execute secure booting of the second CPU by decrypting encrypted code to generate decrypted code executable by the second CPU but that is inaccessible by the host processor. | 02-20-2014 |
20140053001 | SECURITY CENTRAL PROCESSING UNIT MANAGEMENT OF A TRANSCODER PIPELINE - A method for managing a transcoder pipeline includes partitioning a memory with a numbered region; receiving an incoming media stream to be transcoded; and atomically loading, using a security central processing unit (SCPU), a decryption key, a counterpart encryption key and an associated region number of the memory into a slot of a key table, the key table providing selection of decryption and encryption keys during transcoding. The atomically loading the decryption and encryption keys and the associated numbered region ensures that the encryption key is selected to encrypt a transcoded version of the media stream when the media stream has been decrypted with the decryption key and the transcoded media stream is retrieved from the associated numbered region of the memory. | 02-20-2014 |
20140053186 | Security Processing Unit with Secure Connection to Head End - A system includes a transport central processing unit of an information appliance device. The transport central processing unit receives a message from a head-end. The transport central processing unit provides access of the message to the security processing unit. A host central processing unit connected with the transport central processing unit is prohibited access to the message. | 02-20-2014 |
20140053230 | MULTI-SECURITY-CPU SYSTEM - A computing system includes a first security central processing unit (SCPU) of a system-on-a-chip (SOC), the first SCPU configured to execute functions of a first security level. The computing system also includes a second SCPU of the SOC coupled with the first SCPU and coupled with a host processor, the second SCPU configured to execute functions of a second security level less secure than the first security level, and the second SCPU executing functions not executed by the first SCPU. | 02-20-2014 |
20140053259 | Security Central Processing Unit Monitoring of On-Chip Conditions - A system includes a security processing unit to monitor inputs from process, voltage and temperature sensors to maintain a security of the system. The security processing unit can operate at a determined clock frequency. A timing path detector can connect with the security processing unit. The timing path detector can monitor a condition near the security processing unit. The timing path detector can switch the clock frequency to a lower frequency before the security processing unit fails from the condition. | 02-20-2014 |
20140053278 | DATA AND KEY SEPARATION USING A SECURE CENTRAL PROCESSING UNIT - A computing system, comprising includes a first central processing unit (CPU) and a second CPU coupled with the first CPU and with a host processor. The second CPU and the host processor may both request the first CPU to generate keys that have access rights to regions of memory to access specific data. The first CPU may be configured to, in response to a request from the second CPU, generate a unique key with a unique access right to a region of memory, the unique key usable only by the second CPU, not the host processor. | 02-20-2014 |