Methods and systems for authentication for high-risk communications
US-12137102-B2 · Nov 5, 2024 · US
Set top box architecture supporting mixed secure and unsecure media pathways
US9705890B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9705890-B2 |
| Application number | US-201514726917-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 1, 2015 |
| Priority date | Oct 18, 2012 |
| Publication date | Jul 11, 2017 |
| Grant date | Jul 11, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A media processing device, such as a set top box, having a plurality of selectable hardware and software components for supporting multiple media pathways providing differing levels of security. In general, each security level corresponds to a particular certification service boundary definition(s) or key/authentication and security management scheme for managing resources such as hardware acceleration blocks and software interfaces. Different sets of components may be adaptively employed to ensure composited compliance with one or more security constraints and to address component unavailability. Security constraints may be applied, for example, on a source or media specific basis, and different versions of a media item may be provided over multiple pathways providing corresponding levels of security. In one embodiment, a service operator or content provider may provide requisite certification or security requirements, or otherwise assist in selection of pathway components.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for establishing media pathways of varying security levels in a media processing device having a plurality of selectable pathway components relating to operational nodes of a media pathway, the method comprising: establishing a first media pathway utilizing a first set of selectable pathway components of the media processing device that includes a first set of software components and a first set of hardware components, the first media pathway conforming to a first level of security; performing media processing operations over the first media pathway; terminating the media processing operations over the first media pathway; dynamically establishing a second media pathway utilizing a second set of selectable pathway components of the media processing device that includes a second set of software components and a second set of hardware components, the second media pathway conforming to a level of security that is consistent with the first level of security, the first set of software components differing from the second set of software components by at least one software component and the first set of hardware components differing from the second set of hardware components by at least one hardware component; and resuming the terminated media processing operations over the second media pathway. 2. The method of claim 1 , the plurality of selectable pathway component including at least one hardware accelerated function selected from the group consisting of: video encoding, video decoding, rendering of graphics, digital rights management, transcoding, encryption, and decryption. 3. The method of claim 1 , wherein at least one hardware component of the second set of hardware components is a duplicate of at least one hardware component of the first set of hardware components, the duplicate of the least one hardware component of the first set of hardware components supporting the first level of security. 4. The method of claim 1 , the first level of security corresponding to requirements of a copy-protection certification scheme of a content provider. 5. The method of claim 1 , the first level of security corresponding to a certification requirement for processing and delivery operations involving a particular media item or class of media items. 6. A method for supporting multiple media pathway options in a media processing device having a plurality of selectable pathway components, the method comprising: ascertaining a first level of security relating to processing of a first media item; establishing a first media pathway utilizing a first set of selectable pathway components of the media processing device that includes a first set of software components and a first set of hardware components, the first media pathway conforming to the first level of security; ascertaining a second level of security relating to processing of a second media item; establishing a second media pathway utilizing a second set of selectable pathway components of the media processing device that includes a second set of software components and a second set of hardware components, the second media pathway conforming to the second level of security; detecting a resource conflict condition involving a selectable pathway component of the first set of selectable pathway components; and in response to the resource conflict condition, establishing a third media pathway utilizing a third set of selectable pathway components of the media processing device, the third media pathway conforming to the first level of security, wherein the third set of selectable pathway components differs from the first set of selectable pathway components by at least a software component and a hardware component of the plurality of selectable pathway components. 7. The method of claim 6 , further comprising: performing media processing operations over at least one of the second media pathway or the third media pathway. 8. The method of claim 6 , further comprising: performing media processing operations on the first media item over the first media pathway; terminating the media processing operations over the first media pathway; and resuming the media processing operations on the first media item over the third media pathway. 9. The method of claim 8 , wherein resuming the media processing operations on the first media item is performed on a differing version of the first media item. 10. The method of claim 9 , wherein the differing version of the first media item is generated by the media processing device. 11. The method of claim 6 , wherein the first level of security is more stringent than the second level of security, further comprising: receiving the second media item from an untrusted source; and performing media processing operations on the second media item over the second media pathway. 12. The method of claim 6 , further comprising: prior to establishing the first media pathway, providing an indication of available pathway components to an external media content provider, the indication of available pathway components including an identification of available software components and available hardware components. 13. The method of claim 6 , at least one of the first level of security or the second level of security corresponding to requirements of a conditional access or digital rights management system utilized by a content provider. 14. The method of claim 6 , at least one of the first level of security or the second level of security corresponding to a certification requirement for processing and delivery operations involving a particular media item or class of media items. 15. The method of claim 6 , wherein the first set of hardware components and the second set of hardware components include a plurality of hardware accelerated functions. 16. A media processing device, comprising: processing circuitry; an operating system executed by the processing circuitry, the operating system establishing a privileged operating system environment and at least one restricted operating system environment; a plurality of selectable pathway components, including selectable pathway components controlled or executed by the privileged operating system environment and selectable pathway components controlled or executed by the at least one restricted operating system environment; and security and key management support circuitry to: establish a first media pathway utilizing a first set of selectable pathway components, including a first set of software components and a first set of hardware components, the first media pathway conforming to a first level of security; detect a potential component usage conflict condition involving at least one selectable pathway component of the first set of selectable pathway components; and in response to the potential component usage conflict condition, establish a second media pathway utilizing a second set of selectable pathway components that includes a second set of software components and a second set of hardware components, the second media pathway conforming to the first level of security, the first set of software components differing from the second set of software components by at least one software component and the first set of hardware components differing from the second set of hardware components by at least one hardware component. 17. The media processing device of claim 16 , the security and key management support circuitry further configured to: establish a third media pathway utilizing a third set of selectable pathway components, the
Assignees
Inventors
Classifications
using different networks or channels, e.g. using out of band channels (cryptographic mechanisms or cryptographic arrangements for key distribution involving distinctive intermediate devices or communication paths H04L9/0827; cryptographic mechanisms or cryptographic arrangements for authentication using a plurality of channels H04L9/3215) · CPC title
involving executable data, e.g. software (arrangements for executing specific programs G06F9/44; broadcasting computer programmes in broadcast systems H04H20/91; involving the movement of software or configuration parameters H04L67/34) · CPC title
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
Rights management {associated to the content (security in data switching network management H04L41/28; security management or policies for network security H04L63/20; access security in wireless networks H04W12/08)} · CPC title
- H04L63/105Primary
Multiple levels of security · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9705890B2 cover?
- A media processing device, such as a set top box, having a plurality of selectable hardware and software components for supporting multiple media pathways providing differing levels of security. In general, each security level corresponds to a particular certification service boundary definition(s) or key/authentication and security management scheme for managing resources such as hardware acce…
- Who is the assignee on this patent?
- Broadcom Corp
- What technology area does this patent fall under?
- Primary CPC classification H04L63/105. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jul 11 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).