公开(公告)号：US20140019773A1

公开(公告)日：2014-01-16

申请号：US14028293

申请日：2013-09-16

Applicant: Broadcom Corporation

Inventor： Andrew DELLOW

IPC: H04L9/00

CPC classification number: H04L9/00 ,  H04L9/0637 ,  H04L9/0897 ,  H04L9/14 ,  H04L2209/60

Abstract: Methods and systems for protecting data may include controlling encryption and/or decryption and identifying a destination of corresponding encrypted and/or decrypted data, utilizing rules based on a source location of the data prior to the encryption or decryption and an algorithm that may have been previously utilized for encrypting and/or decrypting the data prior to the data being stored in the source location. The source location and/or destination of the data may comprise protected or unprotected memory. One or more of a plurality of algorithms may be utilized for the encryption and/or decryption. The rules may be stored in a key table, which may be stored on-chip, and may be reprogrammable. One or more keys for the encryption and/or decryption may be generated within the chip.

Abstract translation: 用于保护数据的方法和系统可以包括使用基于加密或解密之前的数据的源位置的规则来控制加密和/或解密以及识别对应的加密和/或解密数据的目的地以及可能已经被 先前用于在数据存储在源位置之前加密和/或解密数据。 数据的源位置和/或目的地可以包括受保护或不受保护的存储器。 多个算法中的一个或多个可以用于加密和/或解密。 该规则可以存储在键表中，其可以被存储在芯片上，并且可以被重新编程。 可以在芯片内生成用于加密和/或解密的一个或多个密钥。

公开(公告)号：US20140090078A1

公开(公告)日：2014-03-27

申请号：US14094640

申请日：2013-12-02

Applicant: Broadcom Corporation

Inventor： Andrew DELLOW

IPC: G06F21/60

CPC classification number: G06F21/606 ,  G06F21/604 ,  G06F21/73 ,  H04L9/0825

Abstract: Methods, devices, systems and computer program products are provided to facilitate cryptographically secure retrieval of secret information that is embedded in a device. The embedded secret information can include a random number that is not custom-designed for any specific requestor of the secret information. Upon receiving a request for the embedded secret information, an encrypted secret is provided to the requestor that enables the recovery of the embedded secret information by only the requestor. Moreover, a need for maintenance of a database of the embedded secret information and the associated requestors is eliminated.

Abstract translation: 提供了方法，设备，系统和计算机程序产品以便于密码安全地检索嵌入到设备中的秘密信息。 嵌入的秘密信息可以包括对于秘密信息的任何特定请求者不是定制设计的随机数。 在接收到对嵌入式秘密信息的请求时，向请求者提供加密的秘密，该请求者仅使请求者能够恢复嵌入的秘密信息。 此外，消除了对嵌入式秘密信息和相关联的请求者的数据库的维护的需要。

公开(公告)号：US20130185550A1

公开(公告)日：2013-07-18

申请号：US13776998

申请日：2013-02-26

Applicant: Broadcom Corporation

Inventor： Stephane RODGERS ,  Andrew DELLOW ,  Xuemin CHEN ,  Iue-Shuenn CHEN ,  Qiang YE

IPC: G06F21/57

CPC classification number: G06F21/575 ,  G06F21/572

Abstract: A system and method that enables secure system boot up with a restricted central processing unit (CPU). The system includes a memory, a segmenting device, and a security sub-system. The memory is a NAND flash memory with a block structure that comprises a guaranteed block and non-guaranteed blocks. The guaranteed block is guaranteed to be useable. A boot code is segmented into boot code segments and the boot code segments are stored separately in the guaranteed and non-guaranteed blocks. The security sub-system is configured to locate the boot code segments stored in the non-guaranteed blocks and validate them independently based on data in the guaranteed block. The security sub-system is further configured to assemble the boot code segments into the boot code and execute the boot code.

Abstract translation: 一种使用受限制的中央处理单元（CPU）实现安全系统启动的系统和方法。 该系统包括存储器，分段设备和安全子系统。 存储器是具有块结构的NAND闪存，其包括保证块和非保证块。 保证的块被保证是可用的。 引导代码被分段为引导代码段，引导代码段分别存储在保证和无保证的块中。 安全子系统被配置为定位存储在非保证块中的引导代码段，并基于保证块中的数据独立地进行验证。 安全子系统还被配置为将引导代码段组合到引导代码中并执行引导代码。