Method and system for secure content distribution

US 7,406,598 B2
Filed: 04/22/2004
Issued: 07/29/2008
Est. Priority Date: 02/17/2004
Status: Active Grant

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A system on a chip (SOC) device comprising:

external output interfaces to provide information from the SOC device;

external input interfaces to provide information to the SOC device;

a first secure storage location operably de-coupled from all external output nodes of the SOC device during a normal mode of operation to prevent representations of data to be stored at the first secure storage location from being provided at an external output interface; and

a decryption engine comprising a first data input, a private key input coupled to a first portion of the first secure storage location, and an output coupled to a second secure storage location, the decryption engine operable to determine decrypted data from data received at the first data input based on a private key received at the private key input, and further operable to write the decrypted data only to the first secure memory location and the second secure storage location.

View all claims

11 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

A system on a chip (SOC) device is disclosed comprising external outputs, and external inputs. A first secure storage location is operably decoupled from all of the external outputs of the SOC device during a normal mode of operation. By being decoupled from all external outputs, representations of the data stored at the first secure device are prevented from being provided to the external outputs. The decryption engine is also included on the system on a chip, comprising a first data input, and a private key input coupled to a first portion of the first secure storage location, and an output coupled to a second secure location. The decryption engine is operable to determine decrypted data from data received at the first data input based upon a private key received at the private key input. The decryption engine is further operable to write the decrypted data only to the first secure memory location and the second secure location.

Citations

38 Claims

1. A system on a chip (SOC) device comprising:
- external output interfaces to provide information from the SOC device;
  
  external input interfaces to provide information to the SOC device;
  
  a first secure storage location operably de-coupled from all external output nodes of the SOC device during a normal mode of operation to prevent representations of data to be stored at the first secure storage location from being provided at an external output interface; and
  
  a decryption engine comprising a first data input, a private key input coupled to a first portion of the first secure storage location, and an output coupled to a second secure storage location, the decryption engine operable to determine decrypted data from data received at the first data input based on a private key received at the private key input, and further operable to write the decrypted data only to the first secure memory location and the second secure storage location.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 37, 38)
- - 2. The system of claim 1, wherein the first storage location is operably decoupled from all external devices by preventing access to the first storage location.
  - 3. The system of claim 1, wherein the first storage location is operably decoupled from all external devices by destroying the data at the first storage location in response to being accessed.
  - 4. The system of claim 1, wherein a second secure storage location coupled to the output of the decryption engine is operably de-coupled from all external output nodes of the SOC device during a normal mode of operation to prevent data stored at the second secure storage location from being provided at an external output interface.
  - 5. The method of claim 4, wherein a first portion of the first secure storage location is a write-once storage location.
  - 6. The method of claim 4, wherein the first portion of the first secure storage location is a write-many storage location.
  - 7. The system of claim 4, wherein a first portion of the first secure storage location comprises a non-volatile storage location for a first private key storage location.
  - 8. The system of claim 7, wherein the first secure storage location comprises a plurality of private key storage locations.
  - 9. The system of claim 8, wherein the plurality of private key storage locations are part of the first portion of the first secure storage location.
  - 10. The system of claim 4 further comprising:
    - a descrambler comprising a first data input, a control word input coupled to a first portion of the second secure storage location during normal operation, and an output, the descrambler operable to access a control word only from the second secured storage location, wherein the control word is used by the descrambler to descramble scrambled data.
  - 11. The system of claim 10 further comprising a random number generator comprising an output, the random number generator operable to provide a random number at the output.
  - 12. The system of claim 11, wherein the output of the random number generator is coupled to the second secure storage location.
  - 13. The system of claim 12, wherein the output of the random number generator is operably coupled to have exclusive write access to a predefined location of the second secure storage location during normal operation.
  - 14. The system of claim 13 further comprising:
    - an encryption engine comprising a first data input coupled to the second secure storage location, a public key input to receive a public key, and an output to provide an encrypted representation of data received at the first data input.
  - 15. The system of claim 14, where in the encryption engine is operable to provide the encrypted representation to an external output interface.
  - 16. The system of claim 15, where in the first secure storage location being operably de-coupled from all external output nodes of the SOC device further comprises the first secure storage location being de-coupled from the data input and the public key input of the encryption engine.
  - 17. The system of claim 16 further comprising a transcoder operably coupled to the output of the descrambler to receive a first image having a first resolution and to provide a second image, based on the first image, having a second resolution, the second resolution being less than the first resolution.
  - 18. The system of claim 16 further comprising a transcoder operably coupled to the output of the descrambler to receive a first image at a first bit rate and to provide a second image, based on the first image, having a second bit rate, the second resolution being less than the first resolution.
  - 19. The system of claim 16 further comprising a watermark module coupled to the output of the de-scrambler, the watermark module operable to provide a watermark to image data from the output of the de-scrambler.
  - 20. The system of claim 1, wherein the decryption engine is operable to execute a decryption algorithm in parallel in hardware.
  - 21. The system of claim 19 further comprising:
    - a scrambler comprising a first data input, a control word input coupled to a second portion of the second secure storage location, and an output, the scrambler operable to access a control word only from the second secured storage location, wherein the control word is used by the scrambler to scramble data received at the first input.
  - 37. The system of claim 1 further comprising a unique SOC identifier.
  - 38. The system of claim 1, wherein the decryption engine is further operable to provide the decrypted data only to the second secure storage location during a normal mode of operation.

22. A system comprising:
- a source system comprising a system on a chip device operable exclusively in a blind encryption mode during a normal mode of operation, wherein no private key of the source system is observable external the system on a chip;
  
  a destination system coupled to the source system, the destination system device operable exclusively in the blind encryption mode during the normal mode of operation, wherein no private key of the destination system is observable external the system on a chip.
- View Dependent Claims (23)
- - 23. The system of claim 22, wherein the source system is operable only in a double-blind-securing mode, wherein the destination system is operable in the blind encryption mode.

24. A method comprising:
- when in a normal mode of operationallowing observability of a private key stored at a first secured storage location of the system on a chip to a decryption engine of a system on a chip while not allowing observability of the private key external the system on a chip;
  
  allowing write access to a second secured storage location of the system on a chip to the decryption engine, where the second location is not observable external the system on a chip.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 25. The method of claim 24, wherein the second secured storage location of the system on a chip is read accessible during normal operation only by a scrambling engine of the system on a chip.
  - 26. The method of claim 24 further comprising:
    - erasing information stored at the first secured storage location in response to a first access request during normal operation.
  - 27. The method of claim 26, wherein the first access request would make data stored at the first secured location observable.
  - 28. The method of claim 26 further comprising:
    - erasing information stored at the second secured storage location in response to the first access request during normal operation.
  - 29. The method of claim 28, wherein the first access request would make data stored at the second secured location observable.
  - 30. The method of claim 26 further comprising:
    - erasing information stored at the second secured storage location in response to a second access request during normal operation.
  - 31. The method of claim 24 further comprising:
    - ignoring an access request to the first secured storage location during normal operation.
  - 32. The method of claim 31, wherein the access request would make data stored at the first secured location observable.
  - 33. The method of claim 24 further comprising:
    - providing dummy data in response to an access request to the first secured storage location during normal operation.
  - 34. The method of claim 24, wherein providing access only to a second secured storage location of the system on a chip for a value decrypted by the decryption engine, where the second location is not observable external the system on a chip.
  - 35. The method of claim 24 further comprising:
    - erasing information stored at the first secured storage location in response to a request to enter a test mode of operation.
  - 36. The method of claim 24 further comprising:
    - erasing information stored at the second secured storage location in response to the request to enter the test mode of operation.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Rovi Guides, Inc. (Adeia Inc.)
Original Assignee
VIXS Systems Incorporated (Pixelworks Incorporated)
Inventors
Ducharme, Paul
Primary Examiner(s)
Peeso, Thomas R.

Application Number

US10/830,242
Publication Number

US 20050182948A1
Time in Patent Office

1,559 Days
Field of Search

713/171, 713/155, 713/159
US Class Current

713/171
CPC Class Codes

G06F 21/109 by using specially-adapted ...

Method and system for secure content distribution

First Claim

11 Assignments

Litigations

0 Petitions

Accused Products

Abstract

Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for secure content distribution

First Claim

11 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links