公开(公告)号：US20150317495A1

公开(公告)日：2015-11-05

申请号：US14530020

申请日：2014-10-31

Applicant: Broadcom Corporation

Inventor： Stephane Rodgers ,  Shashank Shekhar ,  Flaviu Dorin Turean

IPC: G06F21/71 ,  G06F21/44 ,  G06F9/455 ,  H04L9/32 ,  G06F21/50

CPC classification number: G06F21/53 ,  G06F21/57

Abstract: A system and method for securing a hypervisor and operating systems that execute on a computing device. An encrypted hypervisor is uploaded to a hardware chip. Prior to being executed, the hypervisor is decrypted using a secure security processor and stored in an on-chip memory. When a processor on the hardware chip executes the hypervisor, at least one on-chip component continuously authenticates the hypervisor during execution. A hypervisor configures a processor with access rights associated with an operating system, where the access rights determine access of the operating system to an at least one resource. A transaction filter then uses the access rights associated with the operating system to monitor the access of the operating system to the at least one resource in real-time as the operating system executes on a processor.

Abstract translation: 一种用于保护在计算设备上执行的管理程序和操作系统的系统和方法。 加密的管理程序被上传到硬件芯片。 在执行之前，使用安全的安全处理器解密管理程序，并存储在片上存储器中。 当硬件芯片上的处理器执行虚拟机管理程序时，至少一个片上组件在执行期间连续验证管理程序。 管理程序配置具有与操作系统相关联的访问权限的处理器，其中访问权限确定操作系统对至少一个资源的访问。 然后，当操作系统在处理器上执行时，事务过滤器使用与操作系统相关联的访问权限来实时监视操作系统对至少一个资源的访问。

公开(公告)号：US09985996B2

公开(公告)日：2018-05-29

申请号：US14151690

申请日：2014-01-09

Applicant: BROADCOM CORPORATION

Inventor： Rajesh Shankarrao Mamidwar ,  Darren Duane Neuman ,  Flaviu Dorin Turean ,  David ChaoHua Wu ,  Anand Tongle ,  Sanjeev Sood ,  Prashant Katre ,  Predrag Kostic

IPC: H04L29/06

CPC classification number: H04L65/1023 ,  H04L65/60

Abstract: A device for decoupling audio-video (AV) traffic processing from non-AV traffic processing may include a first processor and a second processor. The first processor may be configured to establish a network connection with a client device, determine whether the network connection is associated with AV traffic, transfer the network connection to a second processor when the network connection is associated with AV traffic, and process non-AV traffic associated with the network connection when the network connection is not associated with AV traffic. The second processor may be configured to receive the network connection from the first processor and process the AV traffic associated with the network connection.

公开(公告)号：US20150082337A1

公开(公告)日：2015-03-19

申请号：US14092853

申请日：2013-11-27

Applicant: Broadcom Corporation

Inventor： Rajesh Shankarrao MAMIDWAR ,  Francis Chi-Wai Cheung ,  Sanjeev Sood ,  Prashant Katre ,  Flaviu Dorin Turean ,  Anand Tongle ,  David ChaoHua Wu ,  Ming Chet Liew

IPC: H04N21/2389 ,  H04N21/4627 ,  H04N21/236 ,  H04N21/2347 ,  H04N21/2365

CPC classification number: H04N21/23895 ,  H04N21/2347 ,  H04N21/42623 ,  H04N21/4408 ,  H04N21/4627 ,  H04N21/835

Abstract: A system for pipelined encryption and packetization of audio video (AV) data may consecutively encrypt a number of AV data units based on a security mechanism, associate the encrypted AV data units with a security header, where the security header is generated before the AV data units are encrypted, and the security header includes information related to the security mechanism, generate network packets for transporting the encrypted AV data units and the associated security header based at least in part on an order in which the AV data units are encrypted, where one or more of the network packets is generated contemporaneous with encrypting one or more of the AV data units, and provide the network packets for transport to a client device as the packets are generated, where the AV data units are encrypted and the network packets are generated without accessing memory external to the system.

Abstract translation: 用于音频视频（AV）数据的流水线加密和分组化的系统可以基于安全机制连续加密多个AV数据单元，将加密的AV数据单元与安全报头相关联，其中在AV数据之前产生安全报头 单元被加密，并且安全报头包括与安全机制相关的信息，至少部分地基于AV数据单元被加密的顺序生成用于传输加密的AV数据单元和相关联的安全报头的网络分组，其中一个 或更多的网络分组同时生成同时加密一个或多个AV数据单元，并且在产生分组时提供用于传输到客户端设备的网络分组，其中AV数据单元被加密并且产生网络分组 无需访问系统外部的内存。

公开(公告)号：US20180032442A1

公开(公告)日：2018-02-01

申请号：US15289742

申请日：2016-10-10

Applicant: Broadcom Corporation

Inventor： Flaviu Dorin Turean

IPC: G06F12/1009 ,  G11C7/10

CPC classification number: G06F12/1009 ,  G06F2212/655 ,  G11C5/143 ,  G11C7/1003 ,  G11C7/1072 ,  G11C8/06 ,  G11C11/408 ,  G11C11/4082 ,  G11C29/021 ,  G11C29/52 ,  G11C2029/0409

Abstract: A real time memory address translation device is described herein. The address translation device operates to change memory addresses from one address space that is used by system buses to another address space that is used by a main memory of the associated system. The translation device may be placed on the same chip as a corresponding processor core, for example, on a system on chip. The on-chip arrangement of the translation device enables predictable translation times to meet real-time requirement of time-sensitive subsystems.

公开(公告)号：US09426079B2

公开(公告)日：2016-08-23

申请号：US14042655

申请日：2013-09-30

Applicant: Broadcom Corporation

Inventor： David Wu ,  Darren Duane Neuman ,  Flaviu Dorin Turean ,  Rajesh Shankarrao Mamidwar ,  Anand Tongle ,  Sanjeev Sood

IPC: H04L12/807

CPC classification number: H04L47/27

Abstract: A method of handling retransmission and memory consumption tracking of data packets includes storing data packets from different data channels in respective transmitter ring buffers allocated to the data channels when the data packets are not marked for retransmission, and facilitating retransmission of data packets from a specified ring buffer corresponding to a retransmission sequence number. The method also may include storing received data packets out of sequence in respective receiver ring buffers, marking a descriptor indicating a tail location of the stored data packets, and reclaiming memory space in the ring buffer based on the marked descriptor. The method may include storing a payload address associated with received data packets, marking a descriptor associated with the payload address to indicate the stored data packets have been consumed for processing, and reclaiming memory space when a register contains an indication of the stored payload address based on the marked descriptor.

Abstract translation: 一种处理数据分组的重传和存储器消耗跟踪的方法包括：当数据分组未被标记用于重传时，将分配给数据信道的各个发射机环形缓冲器中的不同数据信道的数据分组存储，并且便于从指定的振铃 对应于重传序列号的缓冲区。 该方法还可以包括将接收到的数据分组按顺序存储在相应的接收机环形缓冲器中，标记指示存储的数据分组的尾部位置的描述符，以及基于标记的描述符回收环形缓冲器中的存储器空间。 该方法可以包括存储与接收到的数据分组相关联的有效载荷地址，标记与有效载荷地址相关联的描述符以指示所存储的数据分组已被消耗用于处理，以及当寄存器包含基于所存储的有效载荷地址的指示时，回收存储器空间 在标记描述符上。

公开(公告)号：US09712867B2

公开(公告)日：2017-07-18

申请号：US14072696

申请日：2013-11-05

Applicant: BROADCOM CORPORATION

Inventor： Rajesh Shankarrao Mamidwar ,  Sanjeev Sood ,  Flaviu Dorin Turean

IPC: H04N21/4405 ,  H04N21/2343 ,  H04N21/236 ,  H04N21/2668 ,  H04N21/434 ,  H04N21/436 ,  H04N21/4385 ,  H04N21/4402 ,  H04N21/4408 ,  H04N21/462 ,  H04N21/81

CPC classification number: H04N21/4405 ,  H04N21/234381 ,  H04N21/23608 ,  H04N21/2668 ,  H04N21/4344 ,  H04N21/43615 ,  H04N21/43853 ,  H04N21/440281 ,  H04N21/4408 ,  H04N21/4621 ,  H04N21/812

Abstract: A system for presentation timing based audio video (AV) stream processing may include a switch device, a first processor, and a second processor. The switch device may be configured to route AV traffic to the first processor for processing and non-AV traffic to the second processor for processing. The first processor may receive transport stream packets that include an audio stream and/or a video stream. The first processor may receive a request to modify presentation timing of the audio stream and/or video stream. The first processor may modify the transport stream packets and/or presentation timing parameters of the transport stream packets based at least in part on the received request. The first processor may provide the transport stream packets to an electronic device. In some implementations, the second processor may be unable to access the content of the transport stream packets in the clear, e.g. due to security considerations.

公开(公告)号：US09712442B2

公开(公告)日：2017-07-18

申请号：US14072744

申请日：2013-11-05

Applicant: BROADCOM CORPORATION

Inventor： David Wu ,  Darren Duane Neuman ,  Flaviu Dorin Turean ,  Rajesh Shankarrao Mamidwar ,  Anand Tongle ,  Predrag Kostic

IPC: H04L12/879 ,  H04L12/861 ,  H04L12/747

CPC classification number: H04L45/742 ,  H04L49/901 ,  H04L49/9042 ,  H04L49/9047 ,  H04L49/9078

Abstract: A system for efficient memory bandwidth utilization may include a depacketizer, a packetizer, and a processor core. The depacketizer may generate header information items from received packets, where the header information items include sufficient information for the processor core to process the packets without accessing the payloads from off-chip memory. The depacketizer may accumulate multiple payloads and may write the multiple payloads to the off-chip memory in a single memory transaction when a threshold amount of the payloads have been accumulated. The processor core may receive the header information items and may generate a single descriptor for accessing multiple payloads corresponding to the header information items from the off-chip memory. The packetizer may generate a header for each payload based at least on on-chip information and without accessing off-chip memory. Thus, the subject system provides efficient memory bandwidth utilization, e.g. at least by reducing the number of off-chip memory accesses.