公开(公告)号：EP1605687A1

公开(公告)日：2005-12-14

申请号：EP04253297.8

申请日：2004-06-03

Applicant: STMicroelectronics Limited

Inventor： Cordero, Rodrigo ,  Cox, Paul ,  Dellow, Andrew

IPC: H04N5/00

CPC classification number: H04N21/64322 ,  H04N21/4381 ,  H04N21/4622

Abstract: A system comprising: at least one input means for receiving from one of a plurality of sources at least one packet stream comprising a plurality of packets for providing audio, video, private data and/or associated information; at least one output for outputting at least one packet of said at least one packet stream to circuitry arranged to provide an output stream; wherein the system is arranged to provide a tag indicative of said source, said tag being associated with said at least one packet.

公开(公告)号：EP1244207A1

公开(公告)日：2002-09-25

申请号：EP01302736.2

申请日：2001-03-23

Applicant: STMicroelectronics Limited

Inventor： Dellow, Andrew

IPC: H03D13/00

CPC classification number: H03D13/004

Abstract: A digital phase comparator circuit determines the relative phase of two digital clock signals derived from the same digital clock. The circuit has two inputs, one connected to each of the clocks to be compared. A latch circuit receives one clock at the clock input, and the other clock at a data input. The latch circuit is arranged so that the output is equal to the signal at the data input when measured at the clock edge. The output is therefore a logic '1' if the second clock leads the first clock, or logic '0' if the second clock lags the first clock. The latch circuit is preferably a D-type flip-flop.

Abstract translation: 数字相位比较器电路确定从相同数字时钟导出的两个数字时钟信号的相对相位。 该电路有两个输入，一个连接到要比较的每个时钟。 锁存电路在时钟输入端接收一个时钟，另一个时钟在数据输入端接收。 锁存电路被布置成使得当在时钟边沿测量时，输出等于数据输入端的信号。 如果第二个时钟引导第一个时钟，则输出为逻辑“1”，如果第二个时钟滞后于第一个时钟，则输出为逻辑“0”。 锁存电路优选为D型触发器。

公开(公告)号：EP1445889B1

公开(公告)日：2007-04-11

申请号：EP03250714.7

申请日：2003-02-04

Applicant: STMicroelectronics Limited

Inventor： Dellow, Andrew

IPC: H04L9/00 ,  H04N7/16 ,  H04N7/167

CPC classification number: H04L9/0631 ,  H04L9/0827 ,  H04L2209/601

Abstract: A semiconductor integrated circuit (39) comprising: a plurality of selectable pathways (23) inter-connected between a plurality of data sources and data destinations (11, 13, 15, 17, 19); a cryptographic circuit (9) connected to the selectable pathways (23) and arranged to selectively receive data at an input (24) from at least one of the data sources, to decrypt or encrypt the data in accordance with a key, and selectively provide the encrypted or decrypted data to at least one of the data destinations via an output (26); an instruction interpreter (29) arranged to receive as an input an instruction signal (33) and to generate therefrom an output (31) to control the plurality of selectable pathways (23) to select from which of the data sources the cryptographic circuit (9) receives data and to which destination the cryptographic circuit (9) provides data; the instruction interpreter (29) being configured such that the instruction signal (33) defines a data pathway configuration of the system, and such that it operates in accordance with a rule which limits the data pathway configurations which are selectable. Preferably, the instruction interpreter (29), cryptographic circuit (9) and data pathways (23) are all contained on a single monolithic semiconductor integrated circuit (39).

公开(公告)号：EP1263139A3

公开(公告)日：2006-07-05

申请号：EP02253697.3

申请日：2002-05-27

Applicant: STMicroelectronics Limited

Inventor： Dellow, Andrew ,  Elliot, Paul

IPC: H03K17/00 ,  G06F1/08

CPC classification number: G06F1/08 ,  H03K5/1252 ,  H03K17/005

Abstract: A clock source selector for selecting either a first clock signal A or a second clock signal B in accordance with a switch request signal includes three retiming circuits each consisting of two clocked flip-flops. The switch request signal is first retimed (20,22) relative to clock A to give a signal P, is then retimed (24,26) relative to clock B to give a signal Q, and finally is retimed (28,30) relative to clock A to give a signal R. Selector circuitry (34,40,42) operates such that when signal Q is asserted, the second clock signal B is output, when neither signal P nor signal R, as combined by a NOR gate (34), are asserted, the first clock signal A is output, and at other times a zero level is output. The clock source selector can be used in an integrated circuit to form a glitch-free multiplexer.

公开(公告)号：EP1443338A1

公开(公告)日：2004-08-04

申请号：EP03250662.8

申请日：2003-02-03

Applicant: STMicroelectronics Limited

Inventor： Ravenhill, Paul ,  Dellow, Andrew ,  Hutson, Matthew

IPC: G01R31/3185

CPC classification number: G01R31/31719 ,  G01R31/318555

Abstract: A port protection circuit, in particular for protecting a JTAG port, comprises logic gates which are switchable to allow the JTAG port to access scan chains or a Diagnostic Control Unit (DCU). The gating arrangement is controlled by a protection circuit that requires a private key to be input through the JTAG port to "unlock" a circuit so that the gating components allow connection between the JTAG port and scan chains or the DCU.

Abstract translation: 特别是用于保护JTAG端口的端口保护电路包括可切换以允许JTAG端口访问扫描链的逻辑门或诊断控制单元（DCU）。 门控装置由保护电路控制，该保护电路需要通过JTAG端口输入私钥以“解锁”电路，使得门控组件允许JTAG端口与扫描链或DCU之间的连接。

公开(公告)号：EP1640844A1

公开(公告)日：2006-03-29

申请号：EP04255894.0

申请日：2004-09-27

Applicant: STMicroelectronics Limited

Inventor： Dellow, Andrew

IPC: G06F1/00

CPC classification number: G06F21/79 ,  G11C16/22

Abstract: An embodiment of the invention comprises a set-top-box in which on-chip OTP memory is emulated using an external flash memory and a series of on-chip fuses. The external memory is comprised of one or more region, each having its own unique region identification. Each on-chip fuse corresponds to one of the memory regions and comprises a component which can be caused to change to a particular (blown) state irreversibly. When data first needs to be written to a region of the external memory, the identification of that region is appended to the data itself together with a parity field and a validity field. The resultant data packet is then encrypted by a cryptographic circuit using a secret key unique to the set-top-box and the encrypted data packet is written to the specified region of the external memory. Then, the on-chip fuse corresponding to the region that has been written to is irreversibly blown, effectively locking that region. Any attempt to write data to regions for which the corresponding fuse has already been blown (indicating that data has already been written to that region) are blocked. When data is read from the external memory, the encrypted data is decrypted to retrieve the data, region identification, validity field and parity field. If the region identification, validity field and parity field are all verified as valid then the data is transmitted to the desired destination. Any attempts to read data from regions for which the corresponding fuse has not been blown (indicating that no data has yet been written to that region) are blocked.

Abstract translation: 本发明的一个实施例包括一个机顶盒，其中使用外部闪速存储器和一系列片上保险丝来模拟片上OTP存储器。 外部存储器由一个或多个区域组成，每个区域具有其独特的区域标识。 每个片上保险丝对应于存储器区域中的一个，并且包括可以不可逆地改变为特定（吹制）状态的部件。 当数据首先需要写入外部存储器的区域时，该区域的标识与奇偶校验字段和有效性字段一起被附加到数据本身。 然后，使用机顶盒特有的秘密密钥，通过加密电路对结果数据包进行加密，并将加密的数据包写入外部存储器的指定区域。 然后，对应于已写入的区域的片上保险丝不可逆地吹制，有效地锁定该区域。 任何尝试将数据写入到对角的区域

公开(公告)号：EP1545131A1

公开(公告)日：2005-06-22

申请号：EP03258058.1

申请日：2003-12-19

Applicant: STMicroelectronics Limited

Inventor： Dellow, Andrew ,  Cordero, Rodrigo

IPC: H04N7/167 ,  G06F12/14

CPC classification number: H04N21/4181 ,  G06F21/85 ,  H04N7/162 ,  H04N21/454

Abstract: An embodiment of the invention comprises a semiconductor integrated circuit for restricting the rate at which data may be accessed from an external memory by a device on the circuit. The rate of data access is restricted if the data access satisfies one or more conditions. For example, one of the conditions is that the device which is requesting the data is insecure. Another condition is that the requested data is privileged. A data access monitor is provided to monitor data accesses and to is arranged go generate an access signal to indicate whether the conditions are satisfied or not. The access signal comprises a stream of data portion signals, each one corresponding to a portion of data of a predetermined size being retrieved from the external memory that satisfies the conditions. A bandwidth comparator receives the data portion signals and determines the rate of data retrieval satisfying the conditions. Each data portion signal cause a counter in the bandwidth comparator to be incremented, while clock signals cause the counter to be decremented at a constant rate. The counter value is compared with one or more thresholds, and if the counter value exceeds one or more of the thresholds, the functioning of the semiconductor integrated circuit is impaired to prevent further data access.

Abstract translation: 本发明的实施例包括半导体集成电路，用于通过电路上的器件限制可从外部存储器访问数据的速率。 如果数据访问满足一个或多个条件，则数据访问速率受到限制。 例如，其中一个条件是请求数据的设备是不安全的。 另一个条件是请求的数据是特权的。 提供数据访问监视器来监视数据访问，并且被安排去生成访问信号以指示条件是否满足。 该访问信号包括数据部分信号流，每个数据部分信号对应于满足条件的从外部存储器检索的预定大小的数据的一部分。 带宽比较器接收数据部分信号，并确定满足条件的数据检索速率。 每个数据部分信号使带宽比较器中的计数器递增，而时钟信号使计数器以恒定的速率递减。 将计数器值与一个或多个阈值进行比较，并且如果计数器值超过一个或多个阈值，则削弱半导体集成电路的功能以防止进一步的数据访问。

公开(公告)号：EP1507414A1

公开(公告)日：2005-02-16

申请号：EP03255093.1

申请日：2003-08-15

Applicant: STMicroelectronics Limited

Inventor： Dellow, Andrew ,  Bennett, Peter

IPC: H04N7/16 ,  G06F12/14

CPC classification number: G06F12/1483 ,  H04N21/443 ,  H04N21/4623

Abstract: A privileged data table is provided to maintain a list of those regions of a data memory which contain privileged data. When a data access operation is attempted, a privilege rule enforcer compares the address of the memory being accessed to the list of privileged regions. If the memory address falls within a privileged region then the memory access operation is blocked unless the instruction accessing the memory has been securely authorised by a code verifier. A privileged instruction table is provided to maintain a list of instructions stored in an instruction list that have been verified. When an instruction is fetched from the instruction list, an instruction privilege identifier compares the instruction being fetched with the list of verified instructions, and generates a signal indicating the privilege status of the instruction. Instructions are blocked according to the privilege signal. Only privileged instructions are allowed to modify the contents of the privileged data table and the privileged instruction table. The process of blocking unauthorised memory operations may be performed in accordance with a set of further rules as defined by a rule signal. All components of the system are contained on a single monolithic semiconductor integrated circuit.

Abstract translation: 提供特权数据表以维护包含特权数据的数据存储器的那些区域的列表。 当尝试进行数据访问操作时，特权规则执行者将正在访问的内存的地址与特权区域列表进行比较。 如果存储器地址落在特权区域内，则存储器访问操作被阻止，除非访问存储器的指令已被代码验证者安全地授权。 提供特权指令表以维护存储在已被验证的指令列表中的指令的列表。 当从指令列表中取出指令时，指令特权标识符将所提取的指令与已验证指令的列表进行比较，并产生指示指令的特权状态的信号。 根据特权信号阻止指令。 只允许特权指令修改特权数据表和特权指令表的内容。 可以根据由规则信号定义的一组另外的规则来执行阻止未经授权的存储器操作的过程。 系统的所有组件都包含在单个单片半导体集成电路上。

公开(公告)号：EP1445889A1

公开(公告)日：2004-08-11

申请号：EP03250714.7

申请日：2003-02-04

Applicant: STMicroelectronics Limited

Inventor： Dellow, Andrew

IPC: H04L9/00

CPC classification number: H04L9/0631 ,  H04L9/0827 ,  H04L2209/601

Abstract: A semiconductor integrated circuit (39) comprising: a plurality of selectable pathways (23) inter-connected between a plurality of data sources and data destinations (11, 13, 15, 17, 19); a cryptographic circuit (9) connected to the selectable pathways (23) and arranged to selectively receive data at an input (24) from at least one of the data sources, to decrypt or encrypt the data in accordance with a key, and selectively provide the encrypted or decrypted data to at least one of the data destinations via an output (26); an instruction interpreter (29) arranged to receive as an input an instruction signal (33) and to generate therefrom an output (31) to control the plurality of selectable pathways (23) to select from which of the data sources the cryptographic circuit (9) receives data and to which destination the cryptographic circuit (9) provides data; the instruction interpreter (29) being configured such that the instruction signal (33) defines a data pathway configuration of the system, and such that it operates in accordance with a rule which limits the data pathway configurations which are selectable. Preferably, the instruction interpreter (29), cryptographic circuit (9) and data pathways (23) are all contained on a single monolithic semiconductor integrated circuit (39).

Abstract translation: 一种半导体集成电路（39），包括：多个可选路径（23），其彼此连接在多个数据源和数据目的地（11,13,15,17,19）之间; 连接到所述可选择路径（23）并被布置成在至少一个所述数据源的输入端（24）选择性地接收数据的密码电路（9），以便根据密钥对所述数据进行解密或加密，并选择性地提供 经由输出（26）将加密或解密的数据传送到至少一个数据目的地; 指令解释器（29），布置成作为输入接收指令信号（33），并从其中产生输出（31），以控制多个可选路径（23），从多个数据源中选择加密电路（9） ）接收数据，加密电路（9）提供数据到哪个目的地; 所述指令解释器（29）被配置为使得所述指令信号（33）定义所述系统的数据通路配置，并且使得所述指令信号（33）根据限制可选择的数据通路配置的规则进行操作。 优选地，指令解释器（29），密码电路（9）和数据通路（23）都包含在单个单片半导体集成电路（39）上。

公开(公告)号：EP1545131B1

公开(公告)日：2007-07-18

申请号：EP03258058.1

申请日：2003-12-19

Applicant: STMicroelectronics Limited

Inventor： Dellow, Andrew ,  Cordero, Rodrigo

IPC: H04N7/167 ,  G06F12/14

CPC classification number: H04N21/4181 ,  G06F21/85 ,  H04N7/162 ,  H04N21/454