METHOD AND APPARATUS FOR CONSTRUCTING AN ACCSS CONTROL MATRIX FOR A SET-TOP BOX SECURITY

US 20110072490A1
Filed: 11/30/2010
Published: 03/24/2011
Est. Priority Date: 05/23/2005
Status: Active Grant

First Claim

Patent Images

1-22. -22. (canceled)

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In multimedia systems requiring secure access, a method and apparatus for constructing an access control matrix for a set-top box security processor are provided. A security processor may comprise multiple security components and may support multiple user modes. For each user mode supported, at least one access rule table may be generated to indicate access rules to a security component in the security processor. An access control list comprises information regarding the access rules for a particular user mode to the security components in the security processor. An access control matrix may be generated based on the access control lists for the user modes supported by the security component. The access control matrix may be implemented and/or stored in the security processor for verifying access rights of a user mode. Results of operations associated with security components may be transferred to other processors communicatively coupled to the security processor.

62 Citations

View as Search Results

44 Claims

1-22. -22. (canceled)

23. A method, comprising:
- determining a plurality of user modes supported by a security processor, said security processor comprising a plurality of security components;
  
  determining a plurality of rights or privileges for said plurality of security components;
  
  generating a respective set of access rule tables for each combination of a particular one of said plurality of security components and a particular one of said plurality of user modes based on said determined plurality of rights or privileges;
  
  generating a respective access control list for each corresponding one of said plurality of security components based on said generated sets of access rule tables associated with said corresponding one of said plurality of security components; and
  
  transferring results of operations associated with one or more of said plurality of security components to at least one other processor that is communicatively coupled to said security processor.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 36, 41)
- - 24. The method according to claim 23, comprising generating an access control matrix based on said generated access control lists.
  - 25. The method according to claim 24, comprising storing at least a portion of said generated access control matrix in said security processor.
  - 26. The method according to claim 23, wherein said plurality of security components comprises a non-volatile memory security component, and wherein said generated access control lists comprise an access control list for said non-volatile memory security component.
  - 27. The method according to claim 23, wherein said plurality of security components comprises a key ladder security component, and wherein said generated access control lists comprise an access control list for said key ladder security component.
  - 28. The method according to claim 27, wherein said generated set of access rule tables for said key ladder security component and a particular one of said plurality of user modes comprises at least a key assignment table, an access control rule table, or a key routing table.
  - 29. The method according to claim 23, wherein said plurality of security components comprises a challenge-response authentication security component, and wherein said generated access control lists comprise an access control list for said challenge-response authentication security component.
  - 30. The method according to claim 29, wherein said generated set of access rule tables for said challenge-response authentication security component and a particular one of said plurality of user modes comprises at least a key assignment table, an access control rule table, or a key routing table.
  - 31. The method according to claim 23, wherein said plurality of security components comprises a memory data signature verification security component, and wherein said generated access control lists comprise an access control list for said memory data signature verification security component.
  - 32. The method according to claim 23, wherein said plurality of security components comprises a secure scrambler security component, and wherein said generated access control lists comprise an access control list for said secure scrambler security component.
  - 33. The method according to claim 23, wherein said plurality of security components comprises a security assurance security component, and wherein said generated access control lists comprise an access control list for said security assurance security component.
  - 36. The method according to claim 24, wherein said one or more circuits are operable to store at least a portion of said generated access control matrix in said security processor.
  - 41. The method according to claim 29, wherein said generated set of access rule tables for said challenge-response authentication security component and a particular one of said plurality of user modes comprises at least a key assignment table, an access control rule table, or a key routing table.

34. A system, comprising:
- one or more circuits for use in a security processor that comprises a plurality of security components, said one or more circuits being operable to;
  
  determine a plurality of user modes supported by a security processor, said security processor comprising a plurality of security components;
  
  determine a plurality of rights or privileges for said plurality of security components;
  
  generate a respective set of access rule tables for each combination of a particular one of said plurality of security components and a particular one of said plurality of user modes based on said determined plurality of rights or privileges;
  
  generate a respective access control list for each corresponding one of said plurality of security components based on said generated sets of access rule tables associated with said corresponding one of said plurality of security components; and
  
  transfer results of operations associated with one or more of said plurality of security components to at least one other processor that is communicatively coupled to said security processor.
- View Dependent Claims (35, 37, 38, 39, 40, 42, 43, 44)
- - 35. The system according to claim 34, wherein said one or more circuits are operable to generate an access control matrix based on said generated access control lists.
  - 37. The system according to claim 34, wherein said plurality of security components comprises a non-volatile memory security component, and wherein said generated access control lists comprise an access control list for said non-volatile memory security component.
  - 38. The system according to claim 34, wherein said plurality of security components comprises a key ladder security component, and wherein said generated access control lists comprise an access control list for said key ladder security component.
  - 39. The method according to claim 38, wherein said generated set of access rule tables for said key ladder security component and a particular one of said plurality of user modes comprises at least a key assignment table, an access control rule table, or a key routing table.
  - 40. The system according to claim 34, wherein said plurality of security components comprises a challenge-response authentication security component, and wherein said generated access control lists comprise an access control list for said challenge-response authentication security component.
  - 42. The system according to claim 34, wherein said plurality of security components comprises a memory data signature verification security component, and wherein said generated access control lists comprise an access control list for said memory data signature verification security component.
  - 43. The system according to claim 34, wherein said plurality of security components comprises a secure scrambler security component, and wherein said generated access control lists comprise an access control list for said secure scrambler security component.
  - 44. The system according to claim 34, wherein said plurality of security components comprises a security assurance security component, and wherein said generated access control lists comprise an access control list for said security assurance security component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies General IP PTE Limited (Broadcom, Inc.)
Original Assignee
Broadcom Corporation (Broadcom, Inc.)
Inventors
Chen, Iue-Shuenn, Ye, Qiang, Zhu, Hongbo, Tan, Shee-Yen, Chen, Xuemin

Granted Patent

US 8,347,357 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/71   to assure secure computing ...

G06F 2221/2141   Access rights, e.g. capabil...

H04N 21/43607   Interfacing a plurality of ...

H04N 21/4623   Processing of entitlement m...

METHOD AND APPARATUS FOR CONSTRUCTING AN ACCSS CONTROL MATRIX FOR A SET-TOP BOX SECURITY

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

62 Citations

44 Claims

Specification

Use Cases

Quick Links

Others

METHOD AND APPARATUS FOR CONSTRUCTING AN ACCSS CONTROL MATRIX FOR A SET-TOP BOX SECURITY

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

62 Citations

44 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others