Method and apparatus for security policy and enforcing mechanism for a set-top box security processor
First Claim
1. A method for operating secure multimedia devices, the method comprising:
- generating a bit map in a security policy memory, wherein said bit map is used to store information for controlling one or more modes of operation of a plurality of security components in a security processor;
storing in a first section of said generated bit map, information corresponding to a default mode of operation for each of said plurality of security components in said security processor; and
storing in a second section of said generated bit map, information corresponding to an access control matrix, wherein said stored access control matrix information overrides at least a portion of a stored default mode of operation information for at least one of said plurality of security components.
7 Assignments
0 Petitions
Accused Products
Abstract
In multimedia systems that implement secure access techniques, a method and apparatus for a security policy and enforcing mechanism for a set-top box security processor are provided. A security policy may be determined for a multimedia terminal based on high-level requirements by various system users. A default mode of operation may be generated based on the security policy and may be stored in a security policy memory. An access control matrix that indicates the operation of security components in a security processor for various user modes may be stored in the security policy memory. Control and/or access operations not supported by the access control matrix may be supported by the default mode of operation. The user modes in the access control matrix may include composition user modes. Accessing the information in the security policy memory may be utilized to enforce the security policy in the multimedia terminal.
68 Citations
26 Claims
-
1. A method for operating secure multimedia devices, the method comprising:
-
generating a bit map in a security policy memory, wherein said bit map is used to store information for controlling one or more modes of operation of a plurality of security components in a security processor; storing in a first section of said generated bit map, information corresponding to a default mode of operation for each of said plurality of security components in said security processor; and storing in a second section of said generated bit map, information corresponding to an access control matrix, wherein said stored access control matrix information overrides at least a portion of a stored default mode of operation information for at least one of said plurality of security components. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system for operating secure multimedia devices, the system comprising:
-
one or more circuits and/or processors that comprise a security processor and a security policy memory; said security processor comprising a plurality of security components; said security policy memory is operable to support generation of a bit map in said security policy memory for storing information for controlling one or more modes of operation of said plurality of security components in said security processor; said one or more circuits and/or processors are operable to store in a first section of said generated bit map, information corresponding to a default mode of operation for each of said plurality of security components in said security processor; and said one or more circuits and/or processors are operable to store in a second section of said generated bit map, information corresponding to an access control matrix, wherein said stored access control matrix information overrides at least a portion of a stored default mode of operation information for at least one of said plurality of security components. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
Specification