Method and system for secure access to non-volatile memory

US 8,949,624 B2
Filed: 07/01/2011
Issued: 02/03/2015
Est. Priority Date: 03/28/2001
Status: Expired due to Fees

First Claim

Patent Images

1. An method executed by one or more computing devices for secure access to a nonvolatile memory, comprising:

receiving, by at least one of the one or more computing devices, a request for privileged access to nonvolatile memory from requesting code, wherein the request includes a code length of the requesting code and a requested priority level;

computing, by at least one of the one or more computing devices, a cryptographic hash of the requesting code using a starting address of the requesting code and the code length;

determining, by at least one of the one or more computing devices, whether the requested priority level is valid based at least in part on one or more of a previous priority level associated with a requested portion of the nonvolatile memory and a predetermined range of acceptable priority levels; and

granting, by at least one of the one or more computing devices, privileged access to the nonvolatile memory based on one of;

a determination that the requested priority level is valid and that the request does not specify an existing portion of the nonvolatile memory;

ora determination that the requested priority level is valid and that the cryptographic hash matches a value of an authentication hash stored in the requested portion of the nonvolatile memory.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Technologies are disclosed to transfer responsibility and control over security from player makers to content authors by enabling integration of security logic and content. An exemplary optical disc carries an encrypted digital video title combined with data processing operations that implement the title'"'"'s security policies and decryption processes. Player devices include a processing environment (e.g., a real-time virtual machine), which plays content by interpreting its processing operations. Players also provide procedure calls to enable content code to load data from media, perform network communications, determine playback environment configurations, access secure nonvolatile storage, submit data to CODECs for output, and/or perform cryptographic operations. Content can insert forensic watermarks in decoded output for tracing pirate copies. If pirates compromise a player or title, future content can be mastered with security features that, for example, block the attack, revoke pirated media, or use native code to correct player vulnerabilities.

87 Citations

View as Search Results

19 Claims

1. An method executed by one or more computing devices for secure access to a nonvolatile memory, comprising:
- receiving, by at least one of the one or more computing devices, a request for privileged access to nonvolatile memory from requesting code, wherein the request includes a code length of the requesting code and a requested priority level;
  
  computing, by at least one of the one or more computing devices, a cryptographic hash of the requesting code using a starting address of the requesting code and the code length;
  
  determining, by at least one of the one or more computing devices, whether the requested priority level is valid based at least in part on one or more of a previous priority level associated with a requested portion of the nonvolatile memory and a predetermined range of acceptable priority levels; and
  
  granting, by at least one of the one or more computing devices, privileged access to the nonvolatile memory based on one of;
  
  a determination that the requested priority level is valid and that the request does not specify an existing portion of the nonvolatile memory;
  
  ora determination that the requested priority level is valid and that the cryptographic hash matches a value of an authentication hash stored in the requested portion of the nonvolatile memory.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. An automated method according to claim 1, wherein the request does not specify an existing portion of the nonvolatile memory and further comprising:
    - allocating, by at least one of the one or more computing devices, a portion of the nonvolatile memory for the requesting code; and
      
      storing, by at least one of the one or more computing devices, the crytographic hash as an authentication hash in the portion of the nonvolatile memory.
  - 3. The method of claim 2, wherein the portion of the nonvolatile memory is allocated to the requesting code based at least in part on a previous priority level associated with the portion of the nonvolatile memory.
  - 4. The method of claim 1, wherein determining whether the requested priority level is valid comprises:
    - determining whether the requested priority level is greater than the previous priority level allocated to the requested portion of nonvolatile memory; and
      
      designating the requested priority level as valid if it is less than or equal to the previous priority level.
  - 5. The method of to claim 1, wherein the request does not specify an existing portion of the nonvolatile memory and wherein determining whether the requested priority level is valid comprises:
    - determining whether the requested priority level is greater than a maximum acceptable priority level; and
      
      designating the requested priority level as invalid based at least in part on a determination that it is greater than the maximum acceptable priority level.
  - 6. The method of claim 1, further comprising:
    - setting a priority level of a portion of the nonvolatile memory to the requested priority level based at least in part on a determination that privileged access was granted.
  - 7. The method of claim 1, further comprising:
    - in response to a write operation onto a portion of the nonvolatile memory, updating, by at least one of the one or more computing devices, a write counter configured to restrict overwriting of data to the portion of the nonvolatile memory portion when the write counter is above a predetermined threshold.
  - 8. The method of claim 7, further comprising:
    - rejecting, by at least one of the one or more computing devices, the write operation onto the portion of the nonvolatile memory based at least in part on a value of the write counter.
  - 9. The method of claim 1, wherein determining whether the requested priority level is valid comprises:
    - determining whether the requested priority level is the maximum acceptable priority level; and
      
      determining whether any portions of the nonvolatile memory having the maximum acceptable priority level also have an associated media identification that is the same as a media identification associated with the requesting code based at least in part on a determination that the requested priority level is the maximum acceptable priority level.

10. A system for secure access to a nonvolatile memory, the system comprising:
- one or more processors; and
  
  one or more memories operatively coupled to at least one of the one or more processors and having instructions stored thereon that, when executed by at least one of the one or more processors, cause at least one of the one or more processors to;
  
  receive a request for privileged access to nonvolatile memory from requesting code, wherein the request includes a code length of the requesting code and a requested priority level;
  
  compute a cryptographic hash of the requesting code using a starting address of the requesting code and the code length;
  
  determine whether the requested priority level is valid based at least in part on one or more of a previous priority level associated with a requested portion of the nonvolatile memory and a predetermined range of acceptable priority levels; and
  
  grant privileged access to the nonvolatile memory based on one of;
  
  a determination that the requested priority level is valid and that the request does not specify an existing portion of the nonvolatile memory;
  
  ora determination that the requested priority level is valid and that the cryptographic hash matches a value of an authentication hash stored in the requested portion of the nonvolatile memory.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The system of claim 10, wherein the request does not specify an existing portion of the nonvolatile memory and wherein at least one of the one or more memories has further instructions stored thereon that, when executed by at least one of the one or more processors, cause at least one of the one or more processors to:
    - allocate a portion of the nonvolatile memory for the requesting code; and
      
      store the crytographic hash as an authentication hash in the portion of the nonvolatile memory.
  - 12. The system of claim 11, wherein the portion of the nonvolatile memory is allocated to the requesting code based at least in part on a previous priority level associated with the portion of the nonvolatile memory.
  - 13. The system of claim 10, wherein the instructions that, when executed by at least one of the one or more processors, cause at least one of the one or more processors to determine whether the requested priority level is valid further cause at least one of the one or more processors to:
    - determine whether the requested priority level is greater than the previous priority level allocated to the requested portion of nonvolatile memory; and
      
      designate the requested priority level as valid if it is less than or equal to the previous priority level.
  - 14. The system of claim 10, wherein the request does not specify an existing portion of the nonvolatile memory and wherein the instructions that, when executed by at least one of the one or more processors, cause at least one of the one or more processors to determine whether the requested priority level is valid further cause at least one of the one or more processors to:
    - determine whether the requested priority level is greater than a maximum acceptable priority level; and
      
      designate the requested priority level as invalid based at least in part on a determination that it is greater than the maximum acceptable priority level.

15. At least one non-transitory computer-readable medium storing computer-readable instructions that, when executed by one or more computing devices, cause at least one of the one or more computing devices to:
- receive a request for privileged access to nonvolatile memory from requesting code, wherein the request includes a code length of the requesting code and a requested priority level;
  
  compute a cryptographic hash of the requesting code using a starting address of the requesting code and the code length;
  
  determine whether the requested priority level is valid based at least in part on one or more of a previous priority level associated with a requested portion of the nonvolatile memory and a predetermined range of acceptable priority levels; and
  
  grant privileged access to the nonvolatile memory based on one of;
  
  a determination that the requested priority level is valid and that the request does not specify an existing portion of the nonvolatile memory;
  
  ora determination that the requested priority level is valid and that the cryptographic hash matches a value of an authentication hash stored in the requested portion of the nonvolatile memory.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The at least one non-transitory computer-readable medium of claim 15, wherein the request does not specify an existing portion of the nonvolatile memory and further storing computer-readable instructions that, when executed by at least one of the one or more computing devices, cause at least one of the one or more computing devices to:
    - allocate a portion of the nonvolatile memory for the requesting code; and
      
      store the crytographic hash as an authentication hash in the portion of the nonvolatile memory.
  - 17. The at least one non-transitory computer-readable medium of claim 16, wherein the portion of the nonvolatile memory is allocated to the requesting code based at least in part on a previous priority level associated with the portion of the nonvolatile memory.
  - 18. The at least one non-transitory computer-readable medium of claim 15, wherein the instructions that, when executed by at least one of the one or more computing devices, cause at least one of the one or more computing devices to determine whether the requested priority level is valid further cause at least one of the one or more computing devices to:
    - determine whether the requested priority level is greater than the previous priority level allocated to the requested portion of nonvolatile memory; and
      
      designate the requested priority level as valid if it is less than or equal to the previous priority level.
  - 19. The at least one non-transitory computer-readable medium of claim 15, wherein the request does not specify an existing portion of the nonvolatile memory and wherein the instructions that, when executed by at least one of the one or more computing devices, cause at least one of the one or more computing devices to determine whether the requested priority level is valid further cause at least one of the one or more computing devices to:
    - determine whether the requested priority level is greater than a maximum acceptable priority level; and
      
      designate the requested priority level as invalid based at least in part on a determination that it is greater than the maximum acceptable priority level.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Irdeto USA Incorporated (MultiChoice Group Ltd.)
Original Assignee
Irdeto USA Incorporated (MultiChoice Group Ltd.)
Inventors
Kocher, Paul C., Jaffe, Joshua M., Jun, Benjamin C., Laren, Carter C., Pearson, Peter K., Lawson, Nathaniel J.
Primary Examiner(s)
Popham, Jeffrey D

Application Number

US13/175,238
Publication Number

US 20110264923A1
Time in Patent Office

1,313 Days
Field of Search

726/193
US Class Current

713/193
CPC Class Codes

G06F 21/50   Monitoring users, programs ...

G06F 21/62   Protecting access to data v...

G06F 21/6281   at program execution time, ...

G06F 21/78   to assure secure storage of...

G11B 20/00086   Circuits for prevention of ...

G11B 20/00115   wherein the record carrier ...

G11B 20/0021   involving encryption or dec...

G11B 20/00231   wherein the key is obtained...

G11B 20/00246   wherein the key is obtained...

G11B 20/00253   wherein the key is stored o...

G11B 20/00449   content scrambling system [...

G11B 20/00659   involving a control step wh...

G11B 20/00818   wherein the usage restricti...

G11B 20/00884   involving a watermark, i.e....

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/60   Digital content management,...

H04L 2209/606   Traitor tracing

H04L 9/3236   using cryptographic hash fu...

H04L 9/3249   using RSA or related signat...

H04N 2005/91342   the copy protection signal ...

H04N 21/25816 : involving client authentica...

H04N 21/4135 : external recorder interface...

H04N 21/4181 : for conditional access

H04N 21/42646 : for reading from or writing...

H04N 21/4405 : involving video stream decr...

H04N 21/44236 : Monitoring of piracy proces...

H04N 21/8358 : involving watermark protect...

H04N 7/1675 : Providing digital key or au...

View All

Method and system for secure access to non-volatile memory

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

87 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Method and system for secure access to non-volatile memory

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

87 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others