公开(公告)号：EP1545131A1

公开(公告)日：2005-06-22

申请号：EP03258058.1

申请日：2003-12-19

Applicant: STMicroelectronics Limited

Inventor： Dellow, Andrew ,  Cordero, Rodrigo

IPC: H04N7/167 ,  G06F12/14

CPC classification number: H04N21/4181 ,  G06F21/85 ,  H04N7/162 ,  H04N21/454

Abstract: An embodiment of the invention comprises a semiconductor integrated circuit for restricting the rate at which data may be accessed from an external memory by a device on the circuit. The rate of data access is restricted if the data access satisfies one or more conditions. For example, one of the conditions is that the device which is requesting the data is insecure. Another condition is that the requested data is privileged. A data access monitor is provided to monitor data accesses and to is arranged go generate an access signal to indicate whether the conditions are satisfied or not. The access signal comprises a stream of data portion signals, each one corresponding to a portion of data of a predetermined size being retrieved from the external memory that satisfies the conditions. A bandwidth comparator receives the data portion signals and determines the rate of data retrieval satisfying the conditions. Each data portion signal cause a counter in the bandwidth comparator to be incremented, while clock signals cause the counter to be decremented at a constant rate. The counter value is compared with one or more thresholds, and if the counter value exceeds one or more of the thresholds, the functioning of the semiconductor integrated circuit is impaired to prevent further data access.

Abstract translation: 本发明的实施例包括半导体集成电路，用于通过电路上的器件限制可从外部存储器访问数据的速率。 如果数据访问满足一个或多个条件，则数据访问速率受到限制。 例如，其中一个条件是请求数据的设备是不安全的。 另一个条件是请求的数据是特权的。 提供数据访问监视器来监视数据访问，并且被安排去生成访问信号以指示条件是否满足。 该访问信号包括数据部分信号流，每个数据部分信号对应于满足条件的从外部存储器检索的预定大小的数据的一部分。 带宽比较器接收数据部分信号，并确定满足条件的数据检索速率。 每个数据部分信号使带宽比较器中的计数器递增，而时钟信号使计数器以恒定的速率递减。 将计数器值与一个或多个阈值进行比较，并且如果计数器值超过一个或多个阈值，则削弱半导体集成电路的功能以防止进一步的数据访问。

公开(公告)号：EP1545131B1

公开(公告)日：2007-07-18

申请号：EP03258058.1

申请日：2003-12-19

Applicant: STMicroelectronics Limited

Inventor： Dellow, Andrew ,  Cordero, Rodrigo

IPC: H04N7/167 ,  G06F12/14

CPC classification number: H04N21/4181 ,  G06F21/85 ,  H04N7/162 ,  H04N21/454

公开(公告)号：EP1578053A1

公开(公告)日：2005-09-21

申请号：EP04251573.4

申请日：2004-03-18

Applicant: STMicroelectronics Limited

Inventor： Dellow, Andrew ,  Cordero, Rodrigo

IPC: H04L9/18 ,  H04L9/06

CPC classification number: H04L9/0662 ,  H04L2209/04 ,  H04L2209/12

Abstract: A portion of data is obfuscated by performing a bitwise XOR function between the bits of the data portion and the bits of an associated mask. A mask used to obfuscate a data portion is generated as a function of the memory address of the data portion. A bitfield representing the memory address of the data portion is split into a plurality of subset bitfields. Each subset then forms the input of a corresponding primary randomising unit. Each primary randomising unit is arranged to generate an output bitfield that appears to be randomly correlated with the input, but which may be precisely determined from the input if certain secret information is known. Each primary randomising unit is also arranged so that a distinct output is generated for each distinct input. The output of the primary randomising units form the input into a series of secondary randomising units. Each secondary randomising unit is arranged to receive as an input at least one bit of the output of every primary randomising unit. The secondary randomising units are arranged to generate an output bitfield in a similar manner to the primary randomising units. The output of the secondary randomising units are then combined by concatenation to form a data mask. In one embodiment, each randomising unit comprises a look-up table whose contents are formed by permuting a sequence of ordered integers in a random manner. In this embodiment, the secret information corresponds to the contents of the look-up table. A mask is thus generated from the memory address of a data portion such that a distinct mask is generated for each distinct memory address, and such that there is a quasi-random correlation between the memory address and the corresponding mask.

公开(公告)号：EP1578051A1

公开(公告)日：2005-09-21

申请号：EP04251574.2

申请日：2004-03-18

Applicant: STMicroelectronics Limited

Inventor： Dellow, Andrew ,  Bennett, Peter ,  Cordero, Rodrigo

IPC: H04L9/00 ,  G06F12/14 ,  H04H1/00

CPC classification number: H04N7/162 ,  G06F12/1408 ,  H04H60/23 ,  H04N7/1675

Abstract: In an embodiment of the invention, a memory is provided to store data in an encrypted form. A modifiable register is arranged to store a memory address, a 0 , defining a boundary separating the memory into two regions. The lower region stores data encrypted using a key B, and the upper region stores data encrypted using a different key A. Data stored on the boundary address is encrypted using key A. Accordingly, when data is read from a memory address a, key A is used to decrypt the data if a≥a 0 , and key B is used if a 0 . However, when data is written to a memory address a, then key A is used to encrypt the data if a≥a 0 +1, key B is used if a 0 +1. The value of a 0 is then incremented by one. When data is written to the boundary address, a 0 , the position of the boundary is thus caused to increase by one unit. Initially, the value of a 0 is set to zero so that all data within the memory is encrypted using key A. As data is written to the memory, particularly on the boundary address, the value of a 0 gradually increases. Eventually the value of a 0 will exceed the highest address of the memory. At this point, all data within the memory is encrypted using key B, and a new key is generated. The new key becomes key B, and key A takes the value of the old key B. The value of a 0 is then set back to zero and the process is repeated. If a particular region of the memory is never written to, the value of a 0 will not increase beyond the lowest memory address of this region. To prevent this occurrence, if the value of a 0 does not change within a predetermined period of time then a 'kicker' process is activated. During the kicker process, data is caused to be read from the memory address a 0 , and then to be written back to the same location, thereby artificially stimulating an increase of the value of a 0 .

公开(公告)号：EP1418750A1

公开(公告)日：2004-05-12

申请号：EP02257789.4

申请日：2002-11-11

Applicant: STMicroelectronics Limited

Inventor： Dellow, Andrew Dellow ,  Cordero, Rodrigo

IPC: H04N5/00

CPC classification number: H04N21/42623 ,  H04N21/26613 ,  H04N21/4623

Abstract: A semiconductor integrated circuit for the processing of conditional access television signals comprises an input interface for receiving encrypted television signals and an output interface for output of decrypted television signals. Control signals broadcast with the television signals include control words and common keys. The common keys are received in encrypted form, encrypted according to a secret key unique to each semiconductor integrated circuit. The input interface is connected to a decryption circuit whereby the only manner of providing the common keys to the circuit are in encrypted form encrypted according to the secret key. Due to the monolithic nature of the circuit, no secrets are exposed and the system is secure.

Abstract translation: 用于处理条件接收电视信号的半导体集成电路包括用于接收加密的电视信号的输入接口和用于输出解密的电视信号的输出接口。 用电视信号广播的控制信号包括控制字和公共密钥。 公共密钥以加密形式接收，根据每个半导体集成电路独有的秘密密钥进行加密。 输入接口连接到解密电路，由此向电路提供公共密钥的唯一方式是根据秘密密钥加密的加密形式。 由于电路的整体性质，没有暴露的秘密和系统是安全的。

公开(公告)号：EP1271932A1

公开(公告)日：2003-01-02

申请号：EP01305084.4

申请日：2001-06-11

Applicant: STMicroelectronics Limited

Inventor： Cordero, Rodrigo ,  Woodward, Patrice

IPC: H04N5/00 ,  H04L29/06

CPC classification number: H04N21/42615 ,  H04N21/426 ,  H04N21/434 ,  H04N21/4341 ,  H04N21/4345

Abstract: A receiver for receiving a data stream comprises a filtering arrangement for filtering said received data stream and a processor. The filtering arrangement is arranged to load at least a part of said data stream, to filter at least part of said data stream and to read at least part of said data stream. The filtering arrangement has a first mode in which said steps are carried out and a second mode in which said processor is arranged to interrupt the steps carried out by said filtering arrangement.

Abstract translation: 用于接收数据流的接收机包括用于过滤所述接收到的数据流的过滤装置和处理器。 滤波装置被布置成加载所述数据流的至少一部分，以过滤所述数据流的至少一部分并读取所述数据流的至少一部分。 滤波装置具有执行所述步骤的第一模式和其中所述处理器布置成中断由所述滤波装置执行的步骤的第二模式。

公开(公告)号：EP1267568A1

公开(公告)日：2002-12-18

申请号：EP01309585.6

申请日：2001-11-13

Applicant: STMicroelectronics Limited

Inventor： Cordero, Rodrigo ,  Woodward, Partrice

IPC: H04N5/00

CPC classification number: H04N21/42615 ,  H04N21/426 ,  H04N21/434 ,  H04N21/4341 ,  H04N21/4345

Abstract: The invention relates to circuitry for processing data. The circuitry comprises a plurality of filters arranged in parallel and means for storing input data. The input data is applied to the plurality of filters to provide at least two parallel results and means for carrying out an operation with respect to the results.

Abstract translation: 本发明涉及用于处理数据的电路。 电路包括并联布置的多个滤波器和用于存储输入数据的装置。 将输入数据应用于多个滤波器以提供至少两个并行结果和用于对结果进行操作的装置。

公开(公告)号：EP1605687A1

公开(公告)日：2005-12-14

申请号：EP04253297.8

申请日：2004-06-03

Applicant: STMicroelectronics Limited

Inventor： Cordero, Rodrigo ,  Cox, Paul ,  Dellow, Andrew

IPC: H04N5/00

CPC classification number: H04N21/64322 ,  H04N21/4381 ,  H04N21/4622

Abstract: A system comprising: at least one input means for receiving from one of a plurality of sources at least one packet stream comprising a plurality of packets for providing audio, video, private data and/or associated information; at least one output for outputting at least one packet of said at least one packet stream to circuitry arranged to provide an output stream; wherein the system is arranged to provide a tag indicative of said source, said tag being associated with said at least one packet.

公开(公告)号：EP1467565A1

公开(公告)日：2004-10-13

申请号：EP03252186.6

申请日：2003-04-07

Applicant: STMicroelectronics Limited

Inventor： Dellow, Andrew Dellow ,  Cordero, Rodrigo

IPC: H04N7/16 ,  H04N7/167 ,  H04N5/00

CPC classification number: H04N21/42623 ,  G06F21/10 ,  H04N7/165 ,  H04N21/4405 ,  H04N21/4623

Abstract: A semiconductor integrated circuit (30) for the processing of conditional access television signals comprises an input interface (43) for receiving encrypted television signals and an output interface (45) for output of decrypted television signals. Control signals broadcast with the television signals include control words and common keys. Entitlement messages are received in encrypted form, encrypted according to a secret key unique to each semiconductor integrated circuit. The input interface is connected to a decryption circuit (32) whereby the only manner of providing the common keys to the circuit are in encrypted form encrypted according to the secret key. Due to the monolithic nature of the circuit, no secrets are exposed and the system is secure. Alternatively, the entitlement messages are encrypted for decryption with the common keys and a unique ID stored in the circuit is compared with an ID in a received entitlement message. Only if the received and stored IDs match can the rights be stored and used.

Abstract translation: 用于处理条件接收电视信号的半导体集成电路（30）包括用于接收加密的电视信号的输入接口（43）和用于输出解密的电视信号的输出接口（45）。 用电视信号广播的控制信号包括控制字和公共密钥。 以加密形式接收授权消息，根据每个半导体集成电路独有的秘密密钥进行加密。 输入接口连接到解密电路（32），由此向电路提供公共密钥的唯一方式是根据秘密密钥加密的加密形式。 由于电路的整体性质，没有暴露的秘密和系统是安全的。 或者，授权消息被加密以用公共密钥进行解密，并且存储在电路中的唯一ID与接收到的授权消息中的ID进行比较。 只有收到和存储的ID匹配才能存储和使用权限。