公开(公告)号：US10079836B2

公开(公告)日：2018-09-18

申请号：US15018796

申请日：2016-02-08

Applicant: Broadcom Corporation

Inventor： Philippe Klein ,  Jacob Mendel ,  Shlomo Markel

IPC: G06F7/04 ,  H04L29/06 ,  H04W12/06 ,  H04L29/08

CPC classification number: H04L63/105 ,  H04L63/08 ,  H04L63/107 ,  H04L67/34 ,  H04L2463/082 ,  H04W12/00503 ,  H04W12/00505 ,  H04W12/06

Abstract: A secured communication network can include a server including an authentication backend, the authentication backend configured to communicate with an authentication front end of a communication device. A server applet can be associated with the authentication backend. The server applet can authenticate an access right associated with the communication device and establish a security level for the communication with the communication device based on information received from the authentication front end.

公开(公告)号：US20150007347A1

公开(公告)日：2015-01-01

申请号：US13930280

申请日：2013-06-28

Applicant: Broadcom Corporation

Inventor： Yasantha Rajakarunanayake ,  William Bunch ,  Jacob Mendel

IPC: G06F21/62

CPC classification number: G06F21/6218 ,  H04L9/14 ,  H04L9/3228 ,  H04L2209/805 ,  H04W4/80 ,  H04W12/04 ,  H04W12/08

Abstract: A secure integrated circuit (IC) to provide access to an electronic storage, the secure IC including a memory and a processor. The processor may generate a first key and a second key, and enable storing the first key in the memory and storing the second key in a device memory of a device. The processor may then receive the second key from the device when the device wants to access the electronic storage, and grant the device access to the electronic storage by using the first key and the second key received from the device.

Abstract translation: 一种用于提供对电子存储器的访问的安全集成电路（IC），所述安全IC包括存储器和处理器。 处理器可以生成第一密钥和第二密钥，并且使得能够将第一密钥存储在存储器中并将第二密钥存储在设备的设备存储器中。 然后，当设备想要访问电子存储器时，处理器可以从设备接收第二密钥，并且通过使用从设备接收的第一密钥和第二密钥来授权设备对电子存储器的访问。

公开(公告)号：US20140233732A1

公开(公告)日：2014-08-21

申请号：US13859675

申请日：2013-04-09

Applicant: Broadcom Corporation

Inventor： Mark Leonard Buer ,  Andrew Dellow ,  Jacob Mendel

IPC: H04N7/167

CPC classification number: H04N21/2347 ,  H04N21/2543 ,  H04N21/4126 ,  H04N21/4627

Abstract: A secure element operating in conjunction with a secure partition of a system-on-a-chip (SoC) having set top box (STB) functionality allows for digital rights management (DRM) key handling in a mobile platform. The secure element can include a secure processing system (SPS) to be implemented as a hard macro, thereby isolating the SPS from a peripheral processing system (PPS). The secure element and the secure partition of the SoC may be operatively connected by a secure cryptographic channel.

Abstract translation: 与具有机顶盒（STB）功能的片上系统（SoC）的安全分区结合操作的安全元件允许在移动平台中的数字版权管理（DRM）密钥处理。 安全元件可以包括要被实现为硬宏的安全处理系统（SPS），从而将SPS与外围处理系统（PPS）隔离开来。 SoC的安全元件和安全分区可以通过安全加密通道可操作地连接。

公开(公告)号：US09258287B2

公开(公告)日：2016-02-09

申请号：US13723036

申请日：2012-12-20

Applicant: Broadcom Corporation

Inventor： Shlomo Markel ,  Jacob Mendel

IPC: G06F7/04 ,  H04L29/06 ,  H04W12/12

CPC classification number: H04L63/08 ,  H04L29/06 ,  H04L63/1425 ,  H04W12/12

Abstract: A secure active network includes a plurality of secure elements which communicate with one another to share and log information such as identification, location, and user activity associated with each secure element. Secure elements exchange data with one another, and log data received. The periodicity of communication between secure elements, encryption of the information, and the operating frequency in which the information is transmitted and received may be changed if communication is lost between any of the secure elements or if a determination is made that a secure element has traveled outside a predetermined zone. The integrity of the secure network may be verified at any time by comparing the logged information to a reference network.

Abstract translation: 安全主动网络包括多个彼此通信的安全元件，以共享和记录诸如与每个安全元件相关联的标识，位置和用户活动的信息。 安全元素相互交换数据，并记录收到的数据。 如果任何安全元件之间的通信丢失或者如果确定安全元件已经行进，则可以改变安全元件之间的通信的周期性，信息的加密以及发送和接收信息的操作频率 在预定区域外。 可以随时通过将记录的信息与参考网络进行比较来验证安全网络的完整性。

公开(公告)号：US09224013B2

公开(公告)日：2015-12-29

申请号：US13728875

申请日：2012-12-27

Applicant: Broadcom Corporation

Inventor： Mark Buer ,  Theodore Trost ,  Jacob Mendel

IPC: G06F3/00 ,  G06F13/12 ,  G06F13/00 ,  G06F21/76

CPC classification number: G06F21/53 ,  G06F12/1408 ,  G06F13/16 ,  G06F13/4068 ,  G06F13/4282 ,  G06F21/602 ,  G06F21/76 ,  G06F2212/1052 ,  G06F2221/034 ,  Y02D10/14 ,  Y02D10/151

Abstract: Systems and methods are provided that allow a secure processing system (SPS) to be implemented as a hard macro, thereby isolating the SPS from a peripheral processing system (PPS). The SPS and the PPS, combination, may form a secure element that can be used in conjunction with a host device and a connectivity device to allow the host device to engage in secure transactions, such as mobile payment over a near field communications (NFC) connection. As a result of the SPS being implemented as a hard macro isolated from the PPS, the SPS may be certified once, and re-used in other host devices without necessitating re-certification.

Abstract translation: 提供了允许将安全处理系统（SPS）实现为硬宏的系统和方法，从而将SPS与外围处理系统（PPS）隔离。 SPS和PPS的组合可以形成可以与主机设备和连接设备结合使用的安全元件，以允许主机设备进行安全交易，例如通过近场通信（NFC）的移动支付， 连接。 由于SPS被作为与PPS隔离的硬宏实现，SPS可以被认证一次，并且在其他主机设备中重新使用，而不需要重新认证。

公开(公告)号：US09059994B2

公开(公告)日：2015-06-16

申请号：US13971578

申请日：2013-08-20

Applicant: Broadcom Corporation

Inventor： Jacob Mendel ,  Alexander Potievsky ,  Eyal Webber-Zvik

IPC: G06F21/00 ,  H04L29/06

CPC classification number: H04L63/10 ,  G06F21/00 ,  G06F21/57 ,  G06F21/629 ,  G06F21/72 ,  G06F2221/034 ,  G06F2221/2141 ,  G06F2221/2153

Abstract: A device includes a receiver configured to receive a request to perform a function. A secure element connected with the receiver, the secure element to verify the request to perform the function, where the secure element is configured to operate in either a report mode or a silent mode. Details about a status of the performance of the function are displayed when the device operates in the report mode, and no details about the status of the performance of the function are displayed when the device operates in the silent mode.

Abstract translation: 一种设备包括被配置为接收执行功能的请求的接收器。 与接收器连接的安全元件，安全元件，用于验证执行功能的请求，其中安全元件被配置为以报告模式或静音模式操作。 当设备以报告模式运行时，将显示功能状态的详细信息，当设备以静音模式运行时，不会显示功能性能状态的详细信息。

公开(公告)号：US20140157000A1

公开(公告)日：2014-06-05

申请号：US13730766

申请日：2012-12-28

Applicant: BROADCOM CORPORATION

Inventor： Mark Buer ,  Jacob Mendel

IPC: G06F12/14

CPC classification number: G06F21/76 ,  G06F12/1408 ,  G06F21/57 ,  G06F21/572 ,  G06F21/606 ,  G06F21/64 ,  G06F2221/2107

Abstract: An apparatus may comprise a secure portion of a chip and an external memory device. The secure portion of the chip may be configured to receive an encryption key, and the memory device may be configured to receive an encrypted processing code. The secure portion of the chip may be configured to verify the encrypted processing code by decrypting the encrypted processing code using the encryption key. A non-secure portion of the chip may be configured to write the encrypted processing code on the memory device while the memory device is coupled to the chip. The encryption key may be associated with an identifier of the chip.

Abstract translation: 装置可以包括芯片的安全部分和外部存储器装置。 芯片的安全部分可以被配置为接收加密密钥，并且存储器设备可以被配置为接收加密的处理代码。 芯片的安全部分可以被配置为通过使用加密密钥解密加密的处理代码来验证加密的处理代码。 芯片的非安全部分可以被配置为在存储器件耦合到芯片的同时将加密的处理代码写入存储器件。 加密密钥可以与芯片的标识符相关联。

公开(公告)号：US20140156872A1

公开(公告)日：2014-06-05

申请号：US13728875

申请日：2012-12-27

Applicant: BROADCOM CORPORATION

Inventor： Mark Buer ,  Theodore Trost ,  Jacob Mendel

IPC: G06F9/44

CPC classification number: G06F21/53 ,  G06F12/1408 ,  G06F13/16 ,  G06F13/4068 ,  G06F13/4282 ,  G06F21/602 ,  G06F21/76 ,  G06F2212/1052 ,  G06F2221/034 ,  Y02D10/14 ,  Y02D10/151

Abstract: Systems and methods are provided that allow a secure processing system (SPS) to be implemented as a hard macro, thereby isolating the SPS from a peripheral processing system (PPS). The SPS and the PPS, combination, may form a secure element that can be used in conjunction with a host device and a connectivity device to allow the host device to engage in secure transactions, such as mobile payment over a near field communications (NFC) connection. As a result of the SPS being implemented as a hard macro isolated from the PPS, the SPS may be certified once, and re-used in other host devices without necessitating re-certification.

Abstract translation: 提供了允许将安全处理系统（SPS）实现为硬宏的系统和方法，从而将SPS与外围处理系统（PPS）隔离。 SPS和PPS的组合可以形成可以与主机设备和连接设备结合使用的安全元件，以允许主机设备进行安全交易，例如通过近场通信（NFC）的移动支付， 连接。 由于SPS被作为与PPS隔离的硬宏实现，SPS可以被认证一次，并且在其他主机设备中重新使用，而不需要重新认证。

公开(公告)号：US20140082713A1

公开(公告)日：2014-03-20

申请号：US13730267

申请日：2012-12-28

Applicant: BROADCOM CORPORATION

Inventor： Shlomo Markel ,  Jacob Mendel

IPC: H04L29/06

CPC classification number: H04L63/12 ,  H04L63/08 ,  H04L63/105

Abstract: Systems and methods are provided for enhancing security by providing additional authentication factors. Prior to authentication, a user may enroll a device from which access to a service or application is authorized. During authentication, the authentication system may retrieve the location of the enrolled device and generate one or more questions that only a user in that location can answer. The user may additionally or alternatively enroll a movement signature with an authentication server as an authentication factor. The user may set a pattern for device movement. During authentication, the user moves the device in the pattern. The device then transmits the movement signature for authentication.

Abstract translation: 提供了系统和方法，通过提供额外的认证因素来增强安全性。 在认证之前，用户可以注册从其授权访问服务或应用的设备。 在认证期间，认证系统可以检索注册的设备的位置并产生一个或多个问题，只有该位置的用户可以应答。 用户可以附加地或替代地将认证服务器的移动签名注册为认证因素。 用户可以设置设备移动的模式。 在认证期间，用户以图案移动设备。 然后，设备发送用于认证的移动签名。

公开(公告)号：US20160156637A1

公开(公告)日：2016-06-02

申请号：US15018796

申请日：2016-02-08

Applicant: Broadcom Corporation

Inventor： Philippe Klein ,  Jacob Mendel ,  Shlomo Markel

IPC: H04L29/06

CPC classification number: H04L63/105 ,  H04L63/08 ,  H04L63/107 ,  H04L67/34 ,  H04L2463/082 ,  H04W12/06

Abstract: A secured communication network can include a server including an authentication backend, the authentication backend configured to communicate with an authentication front end of a communication device. A server applet can be associated with the authentication backend. The server applet can authenticate an access right associated with the communication device and establish a security level for the communication with the communication device based on information received from the authentication front end.

Abstract translation: 安全通信网络可以包括包括认证后端的服务器，认证后端被配置为与通信设备的认证前端进行通信。 服务器小程序可以与身份验证后端相关联。 服务器小应用程序可以认证与通信设备相关联的访问权限，并且基于从认证前端接收的信息来建立与通信设备的通信的安全级别。