Method and apparatus for security policy and enforcing mechanism for a set-top box security processor

US 7,913,289 B2
Filed: 05/23/2005
Issued: 03/22/2011
Est. Priority Date: 05/23/2005
Status: Active Grant

First Claim

Patent Images

1. A method for operating secure multimedia devices, the method comprising:

generating a bit map in a security policy memory, wherein said bit map is used to store information for controlling one or more modes of operation of a plurality of security components in a security processor;

storing in a first section of said generated bit map, information corresponding to a default mode of operation for each of said plurality of security components in said security processor; and

storing in a second section of said generated bit map, information corresponding to an access control matrix, wherein said stored access control matrix information overrides at least a portion of a stored default mode of operation information for at least one of said plurality of security components.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In multimedia systems that implement secure access techniques, a method and apparatus for a security policy and enforcing mechanism for a set-top box security processor are provided. A security policy may be determined for a multimedia terminal based on high-level requirements by various system users. A default mode of operation may be generated based on the security policy and may be stored in a security policy memory. An access control matrix that indicates the operation of security components in a security processor for various user modes may be stored in the security policy memory. Control and/or access operations not supported by the access control matrix may be supported by the default mode of operation. The user modes in the access control matrix may include composition user modes. Accessing the information in the security policy memory may be utilized to enforce the security policy in the multimedia terminal.

68 Citations

View as Search Results

26 Claims

1. A method for operating secure multimedia devices, the method comprising:
- generating a bit map in a security policy memory, wherein said bit map is used to store information for controlling one or more modes of operation of a plurality of security components in a security processor;
  
  storing in a first section of said generated bit map, information corresponding to a default mode of operation for each of said plurality of security components in said security processor; and
  
  storing in a second section of said generated bit map, information corresponding to an access control matrix, wherein said stored access control matrix information overrides at least a portion of a stored default mode of operation information for at least one of said plurality of security components.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method according to claim 1, comprising retrieving at least a portion of said stored access control matrix information by said security processor.
  - 3. The method according to claim 1, comprising retrieving at least a portion of said stored default mode of operation information by said security processor.
  - 4. The method according to claim 1, wherein said stored access control matrix information comprises information corresponding to a composition user mode.
  - 5. The method according to claim 1, wherein said generated bit map comprises at least one user mode configuration bit.
  - 6. The method according to claim 5, wherein said at least one user mode configuration bit comprises at least one internal mode configuration bit and at least one external mode configuration bit.
  - 7. The method according to claim 6, comprising accessing said at least one external mode configuration bit via a processor.
  - 8. The method according to claim 1, wherein said generated bit map comprises at least one root chip identification (ID) bit.
  - 9. The method according to claim 1, wherein said generated bit map comprises at least one symmetric key bit.
  - 10. The method according to claim 1, wherein said generated bit map comprises at least one asymmetric key bit.
  - 11. The method according to claim 1, wherein said generated bit map comprises at least one initial configuration bit for a data signature verification process.
  - 12. The method according to claim 1, wherein said generated bit map comprises at least one challenge-response control bit.
  - 13. The method according to claim 1, wherein said generated bit map comprises at least one secure scrambler control bit.

14. A system for operating secure multimedia devices, the system comprising:
- one or more circuits and/or processors that comprise a security processor and a security policy memory;
  
  said security processor comprising a plurality of security components;
  
  said security policy memory is operable to support generation of a bit map in said security policy memory for storing information for controlling one or more modes of operation of said plurality of security components in said security processor;
  
  said one or more circuits and/or processors are operable to store in a first section of said generated bit map, information corresponding to a default mode of operation for each of said plurality of security components in said security processor; and
  
  said one or more circuits and/or processors are operable to store in a second section of said generated bit map, information corresponding to an access control matrix, wherein said stored access control matrix information overrides at least a portion of a stored default mode of operation information for at least one of said plurality of security components.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 15. The system according to claim 14, wherein said security processor retrieves at least a portion of said stored access control matrix information.
  - 16. The system according to claim 14, wherein said security processor retrieves at least a portion of said stored default mode of operation.
  - 17. The system according to claim 14, wherein said stored access control matrix information comprises information corresponding to a composition user mode.
  - 18. The system according to claim 14, wherein said generated bit map in said security policy memory comprises at least one user mode configuration bit.
  - 19. The system according to claim 18, wherein said at least one user mode configuration bit comprises at least one internal mode configuration bit and at least one external mode configuration bit.
  - 20. The system according to claim 19, wherein said one or more circuits and/or processors comprise at least one processor that accesses said at least one external mode configuration.
  - 21. The system according to claim 14, wherein said generated bit map in said security policy memory comprises at least one root chip identification (ID) bit.
  - 22. The system according to claim 14, wherein said generated bit map in said security policy memory comprises at least one symmetric key bit.
  - 23. The system according to claim 14, wherein said generated bit map in said security policy memory comprises at least one asymmetric key bit.
  - 24. The system according to claim 14, wherein said generated bit map in said security policy memory comprises at least one initial configuration bit for a data signature verification process.
  - 25. The system according to claim 14, wherein said generated bit map in said security policy memory comprises at least one challenge-response control bit.
  - 26. The system according to claim 14, said generated bit map in said security policy memory comprises at least one secure scrambler control bit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies International Sales Pte Limited (Broadcom, Inc.)
Original Assignee
Broadcom Corporation (Broadcom, Inc.)
Inventors
Walker, Carolyn Bell, Chen, Xuemin, Chen, Iue-Shuenn
Primary Examiner(s)
CERVETTI, DAVID GARCIA

Application Number

US11/136,175
Publication Number

US 20060265733A1
Time in Patent Office

2,129 Days
Field of Search

726/1, 726/2, 726/27
US Class Current

726/1
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/71   to assure secure computing ...

G06F 2221/2141   Access rights, e.g. capabil...

H04N 21/43607   Interfacing a plurality of ...

H04N 21/4623   Processing of entitlement m...

Method and apparatus for security policy and enforcing mechanism for a set-top box security processor

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

68 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for security policy and enforcing mechanism for a set-top box security processor

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

68 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links