Method and apparatus for constructing an access control matrix for a set-top box security processor

US 7,844,996 B2
Filed: 05/23/2005
Issued: 11/30/2010
Est. Priority Date: 05/23/2005
Status: Active Grant

First Claim

Patent Images

1. A method, the method comprising:

determining a plurality of user modes supported by a security processor, the security processor comprising a plurality of security components;

determining a plurality of rights or privileges for the plurality of security components;

generating a respective set of access rule tables for each combination of a particular security component and a particular user mode based on the determined plurality of rights or privileges; and

generating a respective access control list for each corresponding security component based on said generated sets of access rule tables associated with the corresponding security component, wherein the plurality of security components comprises a key ladder security component, and wherein the generated access control lists comprise an access control list for the key ladder security component.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In multimedia systems requiring secure access, a method and apparatus for constructing an access control matrix for a set-top box security processor are provided. A security processor may comprise multiple security components and may support multiple user modes. For each user mode supported, at least one access rule table may be generated to indicate access rules to a security component in the security processor. An access control list comprises information regarding the access rules for a particular user mode to the security components in the security processor. An access control matrix may be generated based on the access control lists for the user modes supported by the security component. The access control matrix may be implemented and/or stored in the security processor for verifying access rights of a user mode.

Citations

20 Claims

1. A method, the method comprising:
- determining a plurality of user modes supported by a security processor, the security processor comprising a plurality of security components;
  
  determining a plurality of rights or privileges for the plurality of security components;
  
  generating a respective set of access rule tables for each combination of a particular security component and a particular user mode based on the determined plurality of rights or privileges; and
  
  generating a respective access control list for each corresponding security component based on said generated sets of access rule tables associated with the corresponding security component, wherein the plurality of security components comprises a key ladder security component, and wherein the generated access control lists comprise an access control list for the key ladder security component.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 15)
- - 2. The method according to claim 1, comprising generating an access control matrix based on the generated access control lists.
  - 3. The method according to claim 2, comprising storing at least a portion of said generated access control matrix in said security processor.
  - 4. The method according to claim 1, wherein the plurality of security components comprises a non-volatile memory security component, and wherein the generated access control lists comprise an access control list for the non-volatile memory security component.
  - 5. The method according to claim 1, wherein the generated set of access rule tables for the key ladder security component and a particular user mode comprises at least a key assignment table, an access control rule table, or a key routing table.
  - 6. The method according to claim 1, wherein the plurality of security components comprises a challenge-response authentication security component, and wherein the generated access control lists comprise an access control list for the challenge-response authentication security component.
  - 7. The method according to claim 6, wherein the generated set of access rule tables for the challenge-response authentication security component and a particular user mode comprises at least a key assignment table, an access control rule table, or a key routing table.
  - 8. The method according to claim 1, wherein the plurality of security components comprises a memory data signature verification security component, and wherein the generated access control lists comprise an access control list for the memory data signature verification security component.
  - 9. The method according to claim 1, wherein the plurality of security components comprises a secure scrambler security component, and wherein the generated access control lists comprise an access control list for the secure scrambler security component.
  - 10. The method according to claim 1, wherein the plurality of security components comprises a security assurance security component, and wherein the generated access control lists comprise an access control list for the security assurance security component.
  - 15. The system according to claim 10, wherein said access control list corresponding to said key ladder component is based on at least a key assignment table, an access control rule table, or a key routing table.

11. A system, the system comprising:
- a security processor that comprises a plurality of security components and an access control matrix, wherein said security processor comprises a plurality of security components, wherein said security processor supports a plurality of user modes, wherein said security processor verifies whether access to at least one of said security components is granted to a particular user mode based on said access control matrix, wherein said access control matrix is based on a plurality of access control lists, wherein each access control list corresponds to a respective security component, wherein at least one of said access control lists is based on respective sets of access rule tables, each set corresponding to a respective security component and respective user mode, wherein said security components comprise a key ladder security component.
- View Dependent Claims (12, 13, 14, 16, 17, 18, 19, 20)
- - 12. The system according to claim 11, wherein at least a portion of said access control matrix is implemented in a memory of the security processor.
  - 13. The system according to claim 11, wherein said security processor comprises a processor controller and an internal memory.
  - 14. The system according to claim 11, wherein said security components comprise a non-volatile memory security component.
  - 16. The system according to claim 11, wherein said security components comprise a challenge-response authentication security component.
  - 17. The system according to claim 16, wherein said access control list corresponding to said challenge-response authentication component is based on at least a key assignment table, an access control rule table, or a key routing table.
  - 18. The system according to claim 11, wherein said security components comprise a memory data signature verification security component.
  - 19. The system according to claim 11, wherein said security components comprise a secure scrambler security component.
  - 20. The system according to claim 11, wherein said security components comprise a security assurance security component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies International Sales Pte Limited (Broadcom, Inc.)
Original Assignee
Broadcom Corporation (Broadcom, Inc.)
Inventors
Chen, Iue-Shuenn, Chen, Xuemin, Ye, Qiang, Zhu, Hongbo, Tan, Shee-Yen
Primary Examiner(s)
Parthasarathy; Pramila

Application Number

US11/136,027
Publication Number

US 20060265734A1
Time in Patent Office

2,017 Days
Field of Search

726/2, 726/22, 726/26
US Class Current

726/1
CPC Class Codes

G06F 21/71   to assure secure computing ...

G06F 2221/2141   Access rights, e.g. capabil...

H04N 21/43607   Interfacing a plurality of ...

H04N 21/4623   Processing of entitlement m...

Method and apparatus for constructing an access control matrix for a set-top box security processor

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for constructing an access control matrix for a set-top box security processor

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links