+

CN100556166C - The method and system of protected data in mobile communication process - Google Patents

The method and system of protected data in mobile communication process Download PDF

Info

Publication number
CN100556166C
CN100556166C CNB2006100088253A CN200610008825A CN100556166C CN 100556166 C CN100556166 C CN 100556166C CN B2006100088253 A CNB2006100088253 A CN B2006100088253A CN 200610008825 A CN200610008825 A CN 200610008825A CN 100556166 C CN100556166 C CN 100556166C
Authority
CN
China
Prior art keywords
mobile multimedia
multimedia processor
code
data
algorithm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB2006100088253A
Other languages
Chinese (zh)
Other versions
CN1825999A (en
Inventor
斯蒂芬·J·巴洛
雷纳·乌尔里克
彼得·弗朗西斯·谢瓦利·德·里瓦茨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Avago Technologies International Sales Pte Ltd
Original Assignee
Zyray Wireless Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zyray Wireless Inc filed Critical Zyray Wireless Inc
Publication of CN1825999A publication Critical patent/CN1825999A/en
Application granted granted Critical
Publication of CN100556166C publication Critical patent/CN100556166C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of in mobile communication process the method and system of protected data, comprise mobile multimedia processor, decipher the cryptographic algorithm in the described mobile multimedia chip hardware.Described mobile multimedia processor uses the data in the algorithm decryption software of described deciphering.Described mobile multimedia processor is deciphered the instruction of described cryptographic algorithm when instruction entry instruction high-speed cache.Described mobile multimedia processor is carried out the also result of the described Hash operation of verification of Hash operation to described data decryption, to protect described data decryption.

Description

在移动通信过程中保护数据的方法和系统 Method and system for protecting data during mobile communication

技术领域 technical field

本发明涉及移动多媒体处理器,更具体地,本发明涉及一种移动多媒体处理器内的数字版权管理方法和系统。The present invention relates to a mobile multimedia processor, and more particularly, the present invention relates to a digital rights management method and system in a mobile multimedia processor.

背景技术 Background technique

移动通信改变了人们通信的方式,移动电话也从一种奢侈品转变为人们日常生活的基本组成部分。移动电话的使用取决于社会情况,而不受地点和技术的限制。当前,语音连接已经满足了日常通信的基本需要,移动语音连接正不断溶入日常生活的方方面面,而移动通信革命的下一步将是使用移动互联网得的集成移动多媒体应用。Mobile communications have changed the way people communicate, and mobile phones have transformed from a luxury item to an essential part of people's daily lives. The use of mobile phones depends on the social situation and is not restricted by location and technology. At present, the voice connection has met the basic needs of daily communication, and the mobile voice connection is continuously integrated into every aspect of daily life, and the next step of the mobile communication revolution will be the integrated mobile multimedia application using the mobile Internet.

能够提供多种高速接入技术的第三代(3G)蜂窝网络,以及特别设计来应用这些技术的移动电话,满足了人们对支持使用高级压缩标准的TV和音频应用、高分辨率游戏应用、音乐接口、外围接口支持等集成多媒体应用的需求。随着芯片设计者使用压缩技术和更高的带宽来传送更多的信息,处理要求也随之提高。例如,3G无线应用所支持的比特率在384k/s到2M/s之间,这允许芯片设计者可以为无线系统提供多媒体性能、更高的质量、更低的干扰和更大的覆盖区域。The third-generation (3G) cellular network that can provide a variety of high-speed access technologies, as well as mobile phones specially designed to apply these technologies, meet people's needs for TV and audio applications that support the use of advanced compression standards, high-resolution gaming applications, Music interface, peripheral interface support and other integrated multimedia application requirements. As chip designers use compression techniques and higher bandwidth to transmit more information, processing requirements also increase. For example, 3G wireless applications support bit rates between 384k/s and 2M/s, which allows chip designers to provide wireless systems with multimedia performance, higher quality, lower interference and larger coverage areas.

随着移动多媒体服务越来越普及,功耗、网络性能性价比最优化和服务质量等因素对电信运营商来说将更为重要。细致的网络规划和部署、传输方式的改进、接收器技术和芯片集成方案的提高,才能使上述目标得以实现。在这点上,运营商需要一种技术使得可以为移动多媒体应用提供更高的下行吞吐量,以此来为移动多媒体应用服务的消费者提供更为出色的QoS性能和速率。当前,移动多媒体处理器还未充分开发单片系统(SOC)集成的作用,来为今天的移动手持机提供更为出色的总体系统解决方案。例如,现有的移动处理器可使用多个硬件加速器来支持多种多媒体应用,这将明显地增加功耗、实现复杂度、移动处理器所占空间和移动终端的最终体积。内容拥有者坚持要求数字版权管理(DRM),将相关的算法或算法的一部分保密。尽管如此,还需要定期的更新和修改。As mobile multimedia services become more popular, factors such as power consumption, cost-effective network performance, and quality of service will become more important to telecom operators. Meticulous network planning and deployment, improvements in transmission methods, improvements in receiver technology and chip integration solutions can make the above goals achievable. In this regard, operators need a technology that can provide higher downlink throughput for mobile multimedia applications, so as to provide consumers of mobile multimedia application services with better QoS performance and speed. Currently, mobile multimedia processors have not fully exploited the role of system-on-a-chip (SOC) integration to provide a better overall system solution for today's mobile handsets. For example, existing mobile processors can use multiple hardware accelerators to support multiple multimedia applications, which will significantly increase power consumption, implementation complexity, footprint of the mobile processor, and final volume of the mobile terminal. Content owners insist on digital rights management (DRM) to keep the associated algorithm or part of the algorithm secret. Nonetheless, regular updates and revisions are required.

比较本发明后续将要结合附图介绍的系统,现有技术的其它局限性和弊端对于本领域的普通技术人员来说是显而易见的。Other limitations and drawbacks of the prior art will be apparent to those of ordinary skill in the art when comparing the system of the present invention which will be described later with reference to the accompanying drawings.

发明内容 Contents of the invention

本发明提供了一种用于移动多媒体芯片中的数字版权管理的系统和/或方法,结合至少一副附图进行了介绍,并在权利要求中进行了完整的描述。The present invention provides a system and/or method for digital rights management in a mobile multimedia chip, introduced with at least one accompanying drawing, and fully described in the claims.

根据本发明的一个方面,提供一种在移动通信过程中保护数据的方法,所述方法包括:According to one aspect of the present invention, a method for protecting data during mobile communication is provided, the method comprising:

解密多媒体移动处理器硬件中的经加密的算法;Decrypt the encrypted algorithm in the multimedia mobile processor hardware;

使用所述解密后的算法解密由所述移动多媒体处理器处理的软件内的数据;decrypting data within software processed by the mobile multimedia processor using the decrypted algorithm;

在所述经解密的数据和所述解密后的算法之间插入一个未用存储行,以防止所述经解密的数据的损坏。An unused memory row is inserted between the decrypted data and the decrypted algorithm to prevent corruption of the decrypted data.

优选地,所述方法还包括:在所述经加密的算法的指令进入指令高速缓存时,解密所述指令。Advantageously, the method further comprises decrypting instructions of said encrypted algorithm when said instructions enter an instruction cache.

优选地,所述方法还包括:Preferably, the method also includes:

通过对所述经解密的数据执行哈希操作来保护所述经解密的数据;protecting the decrypted data by hashing the decrypted data;

校验所述哈希操作的结果。Verify the result of the hash operation.

优选地,所述方法还包括:将所述经加密的算法的解密密钥以只写形式存储在所述移动多媒体处理器硬件中。Advantageously, the method further comprises: storing a decryption key of said encrypted algorithm in said mobile multimedia processor hardware in write-only form.

优选地,所述方法还包括:使用所述解密密钥对所述移动多媒体处理器硬件中的所述经加密的算法进行解密。Advantageously, the method further comprises decrypting said encrypted algorithm in said mobile multimedia processor hardware using said decryption key.

优选地,所述方法还包括:隐藏所述存储的解密密钥的位置。Advantageously, the method further comprises: concealing the location of said stored decryption key.

优选地,所述方法还包括:在对所述经加密的算法进行所述解密之前禁用至少一个中断。Advantageously, said method further comprises disabling at least one interrupt prior to said decrypting said encrypted algorithm.

优选地,所述方法还包括:在对所述经加密的算法进行所述解密之后启用至少一个中断。Advantageously, the method further comprises enabling at least one interrupt after said decrypting said encrypted algorithm.

根据本发明的一个方面,提供一种机器可读存储器,其中存储的计算机程序包含至少一个代码段,用于在移动通信过程中保护数据,所述至少一个代码段可由机器执行以使所述机器执行如下步骤:According to one aspect of the present invention, there is provided a machine-readable memory, wherein the stored computer program comprises at least one code segment for protecting data during mobile communication, said at least one code segment being executable by a machine to enable said machine Perform the following steps:

解密多媒体移动处理器硬件中的加密算法;Decrypt the encryption algorithm in the multimedia mobile processor hardware;

使用所述解密后的算法解密所述移动多媒体处理器处理的软件内的数据。Data within software processed by the mobile multimedia processor is decrypted using the decrypted algorithm.

优选地,所述机器可读存储器还包括在所述指令进入指令高速缓存时解密用于所述算法的指令的代码。Advantageously, said machine readable memory further comprises code to decrypt instructions for said algorithm when said instructions enter an instruction cache.

优选地,所述机器可读存储器还包括用于通过对所述解密数据执行哈希操作来保护所述解密数据并校验所述哈希操作的结果的代码。Advantageously, said machine readable storage further comprises code for protecting said decrypted data by performing a hash operation on said decrypted data and verifying a result of said hash operation.

优选地,所述机器可读存储器还包括将所述加密算法的解密密钥以只写形式存储在所述移动多媒体处理器硬件中的代码。Advantageously, said machine-readable memory further comprises code for storing a decryption key of said encryption algorithm in said mobile multimedia processor hardware in write-only form.

优选地,所述机器可读存储器还包括使用所述解密密钥对所述移动多媒体处理器硬件中的所述加密算法进行解密的代码。Advantageously, said machine readable memory further comprises code for decrypting said encryption algorithm in said mobile multimedia processor hardware using said decryption key.

优选地,所述机器可读存储器还包括用于隐藏所述存储的解密密钥的位置的代码。Advantageously, said machine readable memory further comprises code for concealing the location of said stored decryption key.

优选地,所述机器可读存储器还包括在对所述加密算法进行所述解密之前禁用至少一个中断的代码。Advantageously, said machine readable memory further comprises code for disabling at least one interrupt prior to said decryption of said encryption algorithm.

优选地,所述机器可读存储器还包括在对所述加密算法进行所述解密之后启用至少一个中断的代码。Advantageously, said machine readable memory further comprises code for enabling at least one interrupt after said decryption of said encryption algorithm.

优选地,所述机器可读存储器还包括在所述解密数据和所述解密算法之间插入一个未用存储行以防止所述解密数据的损坏的代码。Advantageously, said machine readable memory further comprises code for inserting an unused memory line between said decrypted data and said decryption algorithm to prevent corruption of said decrypted data.

根据本发明的一个方面,提供一种在移动通信过程中保护数据的系统,所述系统包括:According to one aspect of the present invention, a system for protecting data during mobile communication is provided, the system comprising:

移动多媒体处理器,解密所述移动多媒体处理器硬件中的经加密的算法;a mobile multimedia processor, decrypting an encrypted algorithm in said mobile multimedia processor hardware;

所述移动多媒体处理器使用所述解密后的算法解密由所述移动多媒体处理器处理的软件内的数据,并在所述经解密的数据和所述解密后的算法之间插入一个未用存储行,以防止所述经解密的数据的损坏。said mobile multimedia processor decrypts data within software processed by said mobile multimedia processor using said decrypted algorithm and inserts an unused memory between said decrypted data and said decrypted algorithm line to prevent corruption of the decrypted data.

优选地,所述移动多媒体处理器在所述经加密的算法的指令进入指令高速缓存时,解密所述指令。Advantageously, said mobile multimedia processor decrypts instructions of said encrypted algorithm when said instructions enter an instruction cache.

优选地,所述移动多媒体处理器通过对所述经解密的数据执行哈希操作来保护所述经解密的数据,并校验所述哈希操作的结果。Advantageously, said mobile multimedia processor protects said decrypted data by performing a hash operation on said decrypted data, and checks a result of said hash operation.

优选地,所述移动多媒体处理器将所述经加密的算法的解密密钥以只写形式存储在所述移动多媒体处理器硬件中。Advantageously, said mobile multimedia processor stores a decryption key of said encrypted algorithm in write-only form in said mobile multimedia processor hardware.

优选地,所述移动多媒体处理器使用所述解密密钥对所述移动多媒体处理器硬件中的所述经加密的算法进行解密。Advantageously, said mobile multimedia processor decrypts said encrypted algorithm in said mobile multimedia processor hardware using said decryption key.

优选地,所述移动多媒体处理器隐藏所述存储的解密密钥的位置。Advantageously, said mobile multimedia processor conceals the location of said stored decryption key.

优选地,所述移动多媒体处理器在对所述经加密的算法进行所述解密之前禁用至少一个中断。Advantageously, said mobile multimedia processor disables at least one interrupt prior to said decryption of said encrypted algorithm.

优选地,所述移动多媒体处理器在对所述经加密的算法进行所述解密之后启用至少一个中断。Advantageously, said mobile multimedia processor enables at least one interrupt after said decryption of said encrypted algorithm.

本发明的这些和其他优点、目的和创新特征,以及所描述的实施例的细节,在结合以下描述和附图后将得到全面的理解。These and other advantages, objects and innovative features of the present invention, together with details of the described embodiments, will be fully understood when taken in conjunction with the following description and accompanying drawings.

附图说明 Description of drawings

图1A是依据本发明一个实施例的移动多媒体系统的结构示意图;FIG. 1A is a schematic structural diagram of a mobile multimedia system according to an embodiment of the present invention;

图1B是依据本发明一个实施例的移动多媒体系统的结构示意图;FIG. 1B is a schematic structural diagram of a mobile multimedia system according to an embodiment of the present invention;

图2是依据本发明一个实施例的代码解密系统的结构示意图;Fig. 2 is a schematic structural diagram of a code decryption system according to an embodiment of the present invention;

图3是依据本发明一个实施例的代码解密系统的结构示意图;Fig. 3 is a schematic structural diagram of a code decryption system according to an embodiment of the present invention;

图4是依据本发明一个实施例执行经加密的代码时存储器堆栈中的程序流程的流程图;Figure 4 is a flowchart of program flow in the memory stack when executing encrypted code according to one embodiment of the present invention;

图5是依据本发明一个实施例在移动通信期间对数据进行保护的步骤的流程图。FIG. 5 is a flow chart of the steps of protecting data during mobile communication according to one embodiment of the present invention.

具体实施方式 Detailed ways

依据本发明的一个实施例,一种用于在移动通信中保护数据的方法和系统包括移动多媒体处理器,对所述移动多媒体处理器内的经加密的算法进行解密。所述移动多媒体处理器可使用经解密的算法对软件中的数据进行解密。移动多媒体处理器可在指令进入指令高速缓存时,对经加密的算法的指令进行解密。移动多媒体处理器可通过对普通文本格式的代码进行哈希操作来对其进行保护,并对移动多媒体处理器中的哈希操作结果进行校验。加密代码的使用可保护普通文本格式的代码不被修改。According to one embodiment of the present invention, a method and system for protecting data in mobile communications includes a mobile multimedia processor decrypting an encrypted algorithm within the mobile multimedia processor. The mobile multimedia processor can decrypt the data in software using the decrypted algorithm. The mobile multimedia processor can decrypt the encrypted algorithm's instructions when the instructions enter the instruction cache. The mobile multimedia processor can protect the code in plain text format by hashing it, and check the result of the hash operation in the mobile multimedia processor. The use of encrypted codes protects the codes in plain text form from modification.

图1A是依据本发明一个实施例的移动多媒体系统的结构示意图。如图1A所示为移动多媒体系统105,包括移动多媒体设备105a、TV 101h、PC 101k、外部摄像头101m、外部存储器101n和外部LCD显示器101p。移动多媒体设备105a可以是蜂窝电话或其他手持通信设备。移动多媒体设备105a可包括移动多媒体处理器(MMP)101a、天线101d、音频模块101s、射频(RF)模块101e、基带处理模块101f、LCD显示器101b、键盘101c和摄像头101g。FIG. 1A is a schematic structural diagram of a mobile multimedia system according to an embodiment of the present invention. As shown in Figure 1A, a mobile multimedia system 105 includes a mobile multimedia device 105a, a TV 101h, a PC 101k, an external camera 101m, an external memory 101n and an external LCD display 101p. The mobile multimedia device 105a may be a cellular telephone or other handheld communication device. The mobile multimedia device 105a may include a mobile multimedia processor (MMP) 101a, an antenna 101d, an audio module 101s, a radio frequency (RF) module 101e, a baseband processing module 101f, an LCD display 101b, a keyboard 101c, and a camera 101g.

MMP 101a可包含适当的电路、逻辑和/或代码,用于为移动多媒体设备105a进行视频和/或多媒体处理。MMP 101a还可进一步包括多个集成接口,用于支持连接到移动多媒体设备105a的一个或多个外部设备。例如,MMP101a可支持与TV 101h、PC 101k、外部摄像头101m、外部存储器101n和外部LCD显示器101p的连接。The MMP 101a may contain appropriate circuitry, logic and/or code for video and/or multimedia processing for the mobile multimedia device 105a. The MMP 101a may further include a plurality of integrated interfaces for supporting one or more external devices connected to the mobile multimedia device 105a. For example, MMP 101a may support connections to TV 101h, PC 101k, external camera 101m, external memory 101n, and external LCD display 101p.

在工作过程中,移动多媒体设备可通过天线101d接收信号。收到的信号可由RF模块101e进行处理,并由基带处理模块101f将RF信号转换为基带。然后基带信号由MMP 101a进行处理。音频和/或视频信号还可来自/发往集成的摄像头101g、TV 101h、PC 101k和/或外部摄像头101m。在信号处理过程中,MMP 101a可使用外部存储器101n来存储处理后的数据。处理后的音频数据发往音频模块101s,处理后的视频数据发往例如TV101h、LCD 101b或外部LCD 101p。键盘101c可用于传送MMP 101a处理音频或视频数据时所需要的处理命令和/或其他数据。During operation, the mobile multimedia device can receive signals through the antenna 101d. The received signal may be processed by the RF module 101e, and the RF signal may be converted to baseband by the baseband processing module 101f. The baseband signal is then processed by MMP 101a. Audio and/or video signals may also be from/to integrated camera 101g, TV 101h, PC 101k and/or external camera 101m. During signal processing, the MMP 101a can use the external memory 101n to store processed data. The processed audio data is sent to the audio module 101s, and the processed video data is sent to eg TV 101h, LCD 101b or external LCD 101p. The keyboard 101c may be used to transmit processing commands and/or other data required by the MMP 101a for processing audio or video data.

图1B是依据本发明一个实施例的移动多媒体处理器的结构式意图。如图1B所示,移动多媒体处理器102可包含适当的逻辑、电路和/或代码,用于为手持多媒体产品执行视频和/或多媒体处理。例如,移动多媒体处理器102可设计/优化为通过使用集成的外围设备和视频处理核心,进行视频记录/回放、移动TV和3D移动游戏。移动多媒体处理器102包括视频处理核心103、RAM104、模拟模块106、直接存储器访问(DMA)控制器163、音频接口(I/F)142、记忆棒I/F 144、SD卡I/F 146、JTAG I/F 148、TV输出I/F 150、USB I/F152、摄像头I/F 154、主机I/F 129和内置集成电路(I2C)I/F 156。移动多媒体处理器102可进一步包括串行外围接口(SPI)157、通用异步接收器/发射器(UART)I/F 159、通用输入/输出(GPIO)管脚164、显示控制器162、外部存储器I/F 158和第二外部存储器I/F 160。FIG. 1B is a structural diagram of a mobile multimedia processor according to an embodiment of the present invention. As shown in FIG. 1B, the mobile multimedia processor 102 may contain suitable logic, circuitry and/or code for performing video and/or multimedia processing for a handheld multimedia product. For example, the mobile multimedia processor 102 may be designed/optimized for video recording/playback, mobile TV, and 3D mobile gaming by using integrated peripherals and video processing cores. Mobile multimedia processor 102 includes video processing core 103, RAM 104, analog module 106, direct memory access (DMA) controller 163, audio interface (I/F) 142, memory stick I/F 144, SD card I/F 146, JTAG I/F 148 , TV output I/F 150 , USB I/F 152 , camera I/F 154 , host I/F 129 and built-in integrated circuit (I 2 C) I/F 156 . Mobile multimedia processor 102 may further include serial peripheral interface (SPI) 157, universal asynchronous receiver/transmitter (UART) I/F 159, general purpose input/output (GPIO) pins 164, display controller 162, external memory I/F 158 and a second external memory I/F 160 .

视频处理核心103可包括适当的电路、逻辑和/或代码,用于执行数据的视频处理。RAM 104可包括适当的逻辑和/或代码,用于存储片载数据,如视频数据。在本发明的一个实施例中,RAM 104可用于存储10Mb的片载数据,例如。片载RAM 104的大小与成本或其他因素例如芯片大小有关。Video processing core 103 may include suitable circuitry, logic and/or code for performing video processing of data. RAM 104 may include appropriate logic and/or code for storing on-chip data, such as video data. In one embodiment of the invention, RAM 104 may be used to store 10Mb of on-chip data, for example. The size of the on-chip RAM 104 is related to cost or other factors such as chip size.

模拟模块106可包含开关模式电源(SMPS)模块和锁相环(PPL)模块。此外,模拟模块106可包括片载SMPS控制器,用于生成其核心电压。该核心电压可依据例如移动多媒体处理器102上的速率要求进行软件编程,以此对功率管理进行进一步控制。The analog module 106 may include a switch mode power supply (SMPS) module and a phase locked loop (PPL) module. Additionally, the analog module 106 may include an on-chip SMPS controller for generating its core voltage. The core voltage can be software programmed to further control power management, eg, based on speed requirements on the mobile multimedia processor 102 .

在本发明的一个实施例中,正常情况下的核心电压工作范围在0.8V-1.2V之间,在休眠模式下,这个值降至约0.6V。模拟模块106还可包括多个锁相环,用于为例如外部设备生成195kHz-200MHz的时钟。根据应用的类型,还可以使用其他的电压值和时钟速率。移动多媒体处理器102可包括多个工作电源模式,例如,运行、待机、休眠和掉电模式据本发明的一个实施例,移动多媒体处理器102可包括旁路模式,允许主机在掉电模式下访问存储器映射的外围设备。在旁路模式下,移动多媒体处理器102可在正常工作过程中直接对显示器进行控制。主机在待机模式下能维持所显示的内容。In one embodiment of the present invention, the operating range of the core voltage is between 0.8V-1.2V under normal conditions, and this value drops to about 0.6V in sleep mode. The analog module 106 may also include multiple phase-locked loops for generating 195kHz-200MHz clocks for external devices, for example. Depending on the type of application, other voltage values and clock rates may also be used. The mobile multimedia processor 102 may include multiple operating power modes, such as run, standby, sleep, and power-down modes. According to one embodiment of the present invention, the mobile multimedia processor 102 may include a bypass mode that allows the host to Access memory-mapped peripherals. In the bypass mode, the mobile multimedia processor 102 can directly control the display during normal operation. The host can maintain the displayed content in standby mode.

音频模块108可包括适当的逻辑、电路和/或代码,用于通过例如内置集成电路音频(I2S)总线、脉冲编码调制(PCM)或音频编解码(AC’97)接口142或其他适当的接口与移动多媒体处理器102进行通信。在使用AC’97和/或I2S接口的情况下,无论是在主模式还是从模式下,可使用适当的音频控制器、处理器和/或电路来分别提供AC’97和/或I2S音频输出。在使用PCM接口的情况下,可使用适当的音频控制器、处理器和/或电路来实现话音或高质量立体声音频的输入输出。PCM音频控制器、处理器和/或电路可包含独立的发射和接收先入先出(FIFO)缓存器,并使用DMA进一步降低处理器开销。音频模块108还可包括有音频输入、音频输出端口和扬声器/麦克风端口(图1B中未标出)。The audio module 108 may include suitable logic, circuitry, and/or code for communicating via, for example, an inter-integrated circuit audio (I 2 S) bus, pulse code modulation (PCM) or audio codec (AC'97) interface 142 or other suitable The interface communicates with the mobile multimedia processor 102. Where AC'97 and/or I2S interfaces are used, either in master or slave mode, appropriate audio controllers, processors and/or circuitry may be used to provide AC'97 and/or I2S interfaces, respectively 2 S audio output. In the case of a PCM interface, appropriate audio controllers, processors and/or circuits may be used to enable voice or high-quality stereo audio input and output. PCM audio controllers, processors and/or circuits may include separate transmit and receive first-in-first-out (FIFO) buffers and use DMA to further reduce processor overhead. The audio module 108 may also include audio-in, audio-out ports, and speaker/microphone ports (not shown in FIG. 1B ).

移动多媒体设备100可包括至少一个便携存储器输出/输出(I/O)模块。在这点上,记忆棒模块110可包括适当的逻辑、电路和/或代码,用于通过记忆棒支持接口144与移动多媒体处理器102进行通信。SD卡模块112可包括适当的逻辑、电路和/或代码,用于通过SD输入/输出(I/O)接口146与移动多媒体处理器102通信。多媒体卡(MMC)还可用于通过例如SD输入/输出(I/O)接口146来与移动多媒体处理器102通信。移动多媒体设备100可包括其他便携存储器I/O模块,例如xD I/O卡。The mobile multimedia device 100 may include at least one portable memory input/output (I/O) module. In this regard, the memory stick module 110 may include suitable logic, circuitry and/or code for communicating with the mobile multimedia processor 102 via the memory stick support interface 144 . SD card module 112 may include suitable logic, circuitry and/or code for communicating with mobile multimedia processor 102 via SD input/output (I/O) interface 146 . A multimedia card (MMC) may also be used to communicate with the mobile multimedia processor 102 through, for example, SD input/output (I/O) interface 146 . Mobile multimedia device 100 may include other portable memory I/O modules, such as xD I/O cards.

调试模块114可包括适当的逻辑、电路和/或代码,用于通过例如联合测试行动组(JTAG)接口148来与移动多媒体处理器102进行通信。调试模块114可用于访问移动多媒体处理器102的地址空间,并可通过仿真接口执行边界扫描。移动多媒体设备100还可以使用其他测试接入端口(TAP)。相位交替行(PAL)/国家电视标准委员会(NTSC)TV输出I/F 150可用于与TV进行通信,通用串行总线(USB)1.1或其他变体、从端口I/F 152可用于与例如PC进行通信。摄像头120和/或122可包括适当的逻辑、电路和/或代码,用于通过例如多格式原始CCIR 601摄像头接口154来与移动多媒体处理器102进行通信。摄像头I/F 154可使用例如开窗口和子采样功能,将移动多媒体处理器102与移动TV前端连接。The debug module 114 may include suitable logic, circuitry, and/or code for communicating with the mobile multimedia processor 102 through, for example, a Joint Test Action Group (JTAG) interface 148 . The debug module 114 can be used to access the address space of the mobile multimedia processor 102 and can perform boundary scan through the emulation interface. Other test access ports (TAPs) may also be used by the mobile multimedia device 100 . Phase Alternate Line (PAL)/National Television Standards Committee (NTSC) TV out I/F 150 can be used to communicate with a TV, Universal Serial Bus (USB) 1.1 or other variant, slave port I/F 152 can be used to communicate with e.g. The PC communicates. Cameras 120 and/or 122 may include suitable logic, circuitry and/or code for communicating with mobile multimedia processor 102 via, for example, multi-format raw CCIR 601 camera interface 154. The camera I/F 154 may interface the mobile multimedia processor 102 with the mobile TV head-end using functions such as windowing and sub-sampling.

移动多媒体处理器102还可包括多个串行接口,例如USB I/F 152、内置集成电路(I2C)主I/F 156、串行外围设备接口(SPI)157和用于蓝牙或IrDA的通用异步接收器/发射器(UART)I/F 159。I2C主接口156可包括适当的电路、逻辑和/或代码,用于控制图像传感器,并可用于连接智能电池和其他外围设备。SPI主接口157可包括适当的电路、逻辑和/或代码,用于控制图像传感器。使用中断或通过DMA控制器163在轮询模式(polled mode)下工作时,可使用双芯片选择。此外,移动多媒体处理器102还可包含多个通用I/O(GPIO)管脚164,用于用户所定义的I/O或连接到其他内部外围设备。显示控制器162可包括适当的电路、逻辑和/或代码,用于例如支持XGA分辨率下的多种显示,以及处理8/9/16/21比特视频数据。Mobile multimedia processor 102 may also include multiple serial interfaces such as USB I/F 152, Inter-Integrated Circuit (I 2 C) Host I/F 156, Serial Peripheral Interface (SPI) 157, and Bluetooth or IrDA Universal Asynchronous Receiver/Transmitter (UART) I/F 159. I 2 C master interface 156 may include appropriate circuitry, logic, and/or code for controlling the image sensor, and may be used to interface with smart batteries and other peripherals. SPI master interface 157 may include appropriate circuitry, logic and/or code for controlling the image sensor. Dual chip select can be used when using interrupts or when operating in polled mode through the DMA controller 163 . In addition, the mobile multimedia processor 102 may also include a plurality of general purpose I/O (GPIO) pins 164 for user-defined I/O or connection to other internal peripherals. Display controller 162 may include appropriate circuitry, logic and/or code to support multiple displays at XGA resolution, for example, and to process 8/9/16/21 bit video data.

基带闪存124可用于通过例如8/16比特并行主机接口129从移动多媒体处理器102接收数据。主机接口129可用于提供具备独立地址和数据寄存器的的两条信道,通过该信道,主机处理器可直接读和/或写移动多媒体处理器102的存储空间。基带处理模块126可包含适当的逻辑、电路和/或代码,用于将RF信号转换为基带信号,并通过例如主机接口129将处理后的基带信号传送给移动多媒体处理器102。RF处理模块130可包括适当的逻辑、电路和/或代码,用于通过天线132接收信号,并将RF信号传送给基带处理模块126。主机接口129可包含具备电源有效旁路模式的双软件信道。The baseband flash memory 124 may be used to receive data from the mobile multimedia processor 102 through, for example, an 8/16 bit parallel host interface 129 . The host interface 129 can be used to provide two channels with independent address and data registers through which the host processor can directly read and/or write to the memory space of the mobile multimedia processor 102 . The baseband processing module 126 may contain suitable logic, circuitry and/or code for converting RF signals to baseband signals and communicating the processed baseband signals to the mobile multimedia processor 102 via, for example, the host interface 129 . The RF processing module 130 may include suitable logic, circuitry and/or code for receiving signals via the antenna 132 and communicating the RF signals to the baseband processing module 126 . Host interface 129 may include dual software channels with power active bypass mode.

主LCD 134用于通过显示控制器162从移动多媒体处理器102接收数据,或从例如第二外部存储器接口160接收数据。显示控制器162可包括适当的逻辑、电路和/或代码,用于驱动内部TV输出功能,或连接到LCD内。显示控制器162可用于支持一定范围的屏幕缓冲格式,使用直接存储器访问(DMA)来对缓存器进行直接访问,增加视频处理核103的视频处理效率。显示控制器162可生成NTSC和PAL光栅格式来驱动TV输出。显示控制器162还可支持其他格式,如SECAM。The main LCD 134 is used to receive data from the mobile multimedia processor 102 via the display controller 162, or from the second external memory interface 160, for example. Display controller 162 may include appropriate logic, circuitry, and/or code for driving an internal TV output function, or interfaced into an LCD. The display controller 162 can be used to support a certain range of screen buffer formats, use direct memory access (DMA) to directly access the buffer, and increase the video processing efficiency of the video processing core 103 . Display controller 162 can generate NTSC and PAL raster formats to drive TV output. Display controller 162 may also support other formats, such as SECAM.

在本发明的一个实施例中,显示控制器162可用于支持多种显示,例如,隔行扫描显示例如TV,和/或非隔行扫描显示例如LCD。显示控制器162还可识别并向DMA控制器163传送显示类型。在这点上,DMA控制器163可通过隔行扫描或非隔行扫描方式获取视频数据,然后发往通过显示控制器162连接到移动多媒体处理器102的隔行扫描或非隔行扫描显示器。In one embodiment of the present invention, display controller 162 may be used to support a variety of displays, eg, an interlaced display such as a TV, and/or a non-interlaced display such as an LCD. The display controller 162 may also identify and transfer the display type to the DMA controller 163 . In this regard, the DMA controller 163 can capture video data in an interlaced or non-interlaced manner, and then send it to an interlaced or non-interlaced display connected to the mobile multimedia processor 102 via the display controller 162 .

次LCD 136可包括适当的逻辑、电路和/或代码,用于通过例如第二外部存储器接口与移动多媒体处理器102通信。移动多媒体处理器102可包括有RGB外部数据总线。移动多媒体处理器102可使用像素级插值和可设置的刷新率对图像输出进行调整。Secondary LCD 136 may include suitable logic, circuitry and/or code for communicating with mobile multimedia processor 102 via, for example, a second external memory interface. The mobile multimedia processor 102 may include an RGB external data bus. The mobile multimedia processor 102 may adjust the image output using pixel-level interpolation and a settable refresh rate.

可选闪存138可包括适当的逻辑、电路和/或代码,用于通过例如外部存储器接口158来与移动多媒体处理器102通信。可选SDRAM 140可包括适当的逻辑、电路和/或代码,用于通过例如外部存储器接口158来从移动多媒体处理器102接收数据。移动多媒体处理器102可使用外部存储器I/F 158来连接到例如外部SDRAM 140、SRAM、闪存138和/或外部外围设备。SDRAM 140和其他异步设备的控制和定时信息可由移动多媒体处理器102进行配置。Optional flash memory 138 may include suitable logic, circuitry and/or code for communicating with mobile multimedia processor 102 through, for example, external memory interface 158 . Optional SDRAM 140 may include suitable logic, circuitry and/or code for receiving data from mobile multimedia processor 102 through, for example, external memory interface 158. Mobile multimedia processor 102 may use external memory I/F 158 to connect to, for example, external SDRAM 140, SRAM, flash memory 138, and/or external peripherals. Control and timing information for SDRAM 140 and other asynchronous devices can be configured by mobile multimedia processor 102.

移动多媒体处理器102还可进一步包括次级存储器接口160,以此来连接到例如存储器映射LCD和外部外围设备。次级存储器接口160可包括适当的电路、逻辑和/或代码,用于将移动多媒体处理器102连接到低速设备,而不会对外部存储器的访问速度造成影响。次级存储器接口160可提供例如16条数据行,6个芯片选择/地址行,以及安装时使用的可编程总线计时,和访问与占用时间。移动多媒体处理器102可为NAND/NOR闪存提供支持,包括例如NAND启动和高速直接存储器访问(DMA)。The mobile multimedia processor 102 may further include a secondary memory interface 160 to connect to, for example, a memory-mapped LCD and external peripherals. Secondary memory interface 160 may include suitable circuitry, logic, and/or code for connecting mobile multimedia processor 102 to low-speed devices without compromising external memory access speeds. Secondary memory interface 160 may provide, for example, 16 data lines, 6 chip select/address lines, and programmable bus timing for use in setup, and access and hold times. The mobile multimedia processor 102 can provide support for NAND/NOR flash memory, including, for example, NAND boot and high-speed direct memory access (DMA).

在工作过程中,移动多媒体处理器102可为处理后的视频数据的显示提供多种显示格式。例如,隔行扫描和/或非隔行扫描外部显示器可通过显示控制器162连接到移动多媒体处理器102。显示控制器162可将外部显示类型传送给DMA控制器163。DMA控制器163随后访问片载RAM 104,并获取对应于外部显示类型的隔行扫描或非隔行扫描格式的处理后视频数据。During operation, the mobile multimedia processor 102 may provide multiple display formats for the display of the processed video data. For example, interlaced and/or non-interlaced external displays may be coupled to mobile multimedia processor 102 through display controller 162 . The display controller 162 can transfer the external display type to the DMA controller 163 . The DMA controller 163 then accesses the on-chip RAM 104 and retrieves the processed video data in either interlaced or non-interlaced format corresponding to the type of external display.

图2是依据本发明一个实施例的代码解密系统的结构示意图。在图2中示出了存储器模块202、指令获取模块204、解密模块206、解码器模块208、状态寄存器210、只读存储器(ROM)212和决策模块214。Fig. 2 is a schematic structural diagram of a code decryption system according to an embodiment of the present invention. A memory module 202 , an instruction fetch module 204 , a decryption module 206 , a decoder module 208 , a status register 210 , a read only memory (ROM) 212 and a decision module 214 are shown in FIG. 2 .

存储器模块202可包括适当的逻辑、电路和/或代码,用于存储使用的数据和/或指令。存储器模块202与指令获取模块204连接。指令获取模块204可包括适当的逻辑、电路和/或代码,用于从存储器模块202获取指令,并将指令存储在存储器模块202和/或ROM 212中。解密模块206可包括适当的逻辑、电路和/或代码,用于从指令获取模块204和ROM 212接收指令和/或数据。解密模块206可用于修改收到数据的顺序,以及向解码器模块208发送一组指令和/或数据。解码器模块208可包括适当的逻辑、电路和/或代码,用于从解密模块206接收数据和/或指令并执行。The memory module 202 may include suitable logic, circuitry and/or code for storing data and/or instructions for use. The memory module 202 is connected with the instruction acquisition module 204 . Instruction fetching module 204 may include suitable logic, circuitry, and/or code for fetching instructions from memory module 202 and storing the instructions in memory module 202 and/or ROM 212. Decryption module 206 may include suitable logic, circuitry and/or code for receiving instructions and/or data from instruction fetching module 204 and ROM 212. Decryption module 206 may be used to modify the order of received data and send a set of instructions and/or data to decoder module 208 . Decoder module 208 may include suitable logic, circuitry, and/or code for receiving data and/or instructions from decryption module 206 and executing them.

状态寄存器210可包括适当的逻辑、电路和/或代码,用于接收、保存和/或向ROM 212发送数据和/或指令。状态寄存器210还可还可保存存储位置的地址以及来自或发往存储器的数据。ROM 212可包括适当的逻辑、电路和/或代码,用于从指令获取模块204和状态寄存器210接收一组数据和/或指令。ROM 212可用于存储和/或向解密模块206发送数据。决策模块214可包括适当的逻辑、电路和/或代码,用于确定状态寄存器210的值是否大于0。如果状态寄存器210的值大于0,将禁用单步调试。Status register 210 may include suitable logic, circuitry, and/or code for receiving, storing, and/or sending data and/or instructions to ROM 212. Status register 210 may also hold addresses of memory locations and data from or to memory. ROM 212 may include suitable logic, circuitry, and/or code for receiving a set of data and/or instructions from instruction fetch module 204 and status register 210. ROM 212 may be used to store and/or transmit data to decryption module 206. The decision module 214 may include suitable logic, circuitry and/or code for determining whether the value of the status register 210 is greater than zero. If the value of status register 210 is greater than 0, stepping will be disabled.

可向状态寄存器210中添加多个位,例如3个位,E2-E0。如果这3个位的值等于0,处理器在正常操作模式下工作。如果这三个位的值非0,则这三个值可以定义7种加密模式中的一种。当把代码反馈给指令解码模块208时,将对其进行解密。这样一来,在存储器模块202或跟踪缓存中,普通文本格式的代码是不可见的。为防止对代码执行单步操作,将禁用单步调试。通过状态寄存器210内容的变化可对操作进行追踪,以此来替代通过执行的指令对操作进行追踪。由于ROM 212的大小受到限制,加密代码中的一次性密钥可能有几个周期。代码的重定位与密钥中使用的低地址位的数量有关。受保护的数字版权管理(DRM)加密算法可与CPRM设备密钥一同嵌入。该加密算法还可用于移动代码,添加其他指令来隐藏设备秒密钥的位置以及防止攻击,因为黑客可获得设备密钥的多个副本。依据本发明的一个实施例,还可使用该加密算法来保护代码以防止回火(tempering),这是通过对该算法本身执行哈希算法并在操作过程中的多个点对操作结果进行校验来实现的。Multiple bits may be added to status register 210, for example 3 bits, E2-E0. If the value of these 3 bits is equal to 0, the processor is working in normal operation mode. If the value of these three bits is non-zero, these three values can define one of the seven encryption modes. When the code is fed back to the instruction decode module 208, it will be decrypted. In this way, the code in plain text format is not visible in the memory module 202 or the trace cache. To prevent stepping through the code, stepping through is disabled. Operations can be tracked by changes in the contents of the status register 210 instead of by the instructions executed. Due to the limited size of ROM 212, the one-time key in the encrypted code may have several cycles. The relocation of the code is related to the number of low address bits used in the key. Protected Digital Rights Management (DRM) encryption algorithms can be embedded along with CPRM device keys. The encryption algorithm can also be used to move the code, adding additional instructions to hide the location of the device's second key and prevent attacks because hackers can obtain multiple copies of the device key. According to one embodiment of the invention, the encryption algorithm can also be used to protect code against tempering by hashing the algorithm itself and verifying the results of the operation at various points during the operation. test to achieve.

图3是依据本发明一个实施例的代码解密系统的结构示意图。在图3中示出了命令解密模块302、多个复用器MUX 304和MUX 308、指令高速缓存模块306、指令获取模块310和指令解码器模块312。Fig. 3 is a schematic structural diagram of a code decryption system according to an embodiment of the present invention. A command decryption module 302, a plurality of multiplexers MUX 304 and MUX 308, an instruction cache module 306, an instruction fetch module 310 and an instruction decoder module 312 are shown in FIG.

命令解密模块302可包括适当的逻辑、电路和/或代码,用于接收数据,例如256字节数据和/或指令,以及在安全操作模式下对代码和/或数据进行解密。MUX 304可包括适当的逻辑、电路和/或代码,用于在来自命令解密模块302的加密指令和/或数据与解密指令和/或数据之间作出选择。当MUX 304在安全模式下可用时,MUX 304从命令解密模块302中选择信号。指令高速缓存模块306可包括适当的逻辑、电路和/或代码,用于暂时存储指令,使得指令获取模块310可进行快速访问。存储在指令高速缓存模块306中的数据可是256字节宽的数据。MUX 308可包括适当的逻辑、电路和/或代码,用于在来自指令高速缓存模块306和直接来自MUX 304的指令和/或数据之间进行选择。指令获取模块310可包括适当的逻辑、电路和/或代码,用于从存储器中获取指令。指令解码器模块312可包括适当的逻辑、电路和/或代码,用于从指令获取模块310中接收数据和/或指令并对该数据和/或指令进行解码。The command decryption module 302 may include suitable logic, circuitry and/or code for receiving data, such as 256 bytes of data and/or instructions, and decrypting the code and/or data in a secure mode of operation. MUX 304 may include suitable logic, circuitry and/or code for selecting between encrypted instructions and/or data from command decryption module 302 and decrypted instructions and/or data. When MUX 304 is available in secure mode, MUX 304 selects signals from command decryption module 302. Instruction cache module 306 may include suitable logic, circuitry, and/or code for temporarily storing instructions for fast access by instruction fetch module 310 . The data stored in the instruction cache module 306 may be 256 bytes wide data. MUX 308 may include suitable logic, circuitry and/or code for selecting between instructions and/or data from instruction cache module 306 and directly from MUX 304. The instruction fetch module 310 may include suitable logic, circuitry and/or code for fetching instructions from memory. The instruction decoder module 312 may include suitable logic, circuitry and/or code for receiving data and/or instructions from the instruction fetch module 310 and decoding the data and/or instructions.

命令解密模块302可处理加密的和普通文本格式的混合代码。普通文本格式的代码可处理中断。加密代码的普通文本格式的副本不可用,因为存储在指令高速缓存模块306中的指令和/或数据只能由指令解码器模块312读取。在代码解密过程中,将停止向代码高速缓存模块306和/或指令解码器模块312发送数据行,直到代码解密完成。代码将在安全主机内解密并存储在一个设备内。用于解密代码的密钥存储在非易失性RAM中,该RAM只可进行一次写入,并可由命令解密模块302读取。The command decryption module 302 can handle mixed codes in encrypted and plain text format. Code in plain text format handles interrupts. A plain text copy of the encrypted code is not available because the instructions and/or data stored in the instruction cache module 306 can only be read by the instruction decoder module 312 . During code decryption, sending data lines to code cache module 306 and/or instruction decoder module 312 will cease until code decryption is complete. The code will be decrypted in the secure host and stored in a device. The key used to decrypt the code is stored in non-volatile RAM which is only writeable once and readable by command decryption module 302 .

图4是依据本发明一个实施例执行加密代码时存储器栈中的程序流程的流程图。在图4中示出了存储器堆栈400、普通文本函数420、jump2crypted函数422、run_crypted函数424和加密函数426。FIG. 4 is a flowchart of the program flow in the memory stack when executing encrypted code according to one embodiment of the present invention. A memory stack 400 , a normal text function 420 , a jump2crypted function 422 , a run_crypted function 424 and an encryption function 426 are shown in FIG. 4 .

普通文本函数420可包括适当的逻辑和/或代码,用于访问加密函数426。jump2crypted函数422可包括适当的逻辑和/或代码,用于在代码解密和调用run_crypted函数424之间进行切换。jump2crypted函数422可用作run_crypted函数424的封装器。run_crypted函数424可包括适当的逻辑和/或代码,用于调用所请求的加密函数426。加密函数426不能直接从普通文本格式代码中调用,因为可能没有切换到代码解密。当使用了加密代码中几个不同段时,每段可请求自己的jump2crypted函数422和run_crypted函数424。加密函数426不能直接调用文本函数,因为可能还未从代码解密中切换出来。Plain text function 420 may include appropriate logic and/or code for accessing encryption function 426 . The jump2crypted function 422 may include appropriate logic and/or code to switch between decrypting the code and calling the run_crypted function 424 . The jump2crypted function 422 may be used as a wrapper around the run_crypted function 424 . The run_crypted function 424 may include appropriate logic and/or code for invoking the requested encryption function 426 . Encryption function 426 cannot be called directly from plain text format code because there may not be a switch to code decryption. When several different segments of the encrypted code are used, each segment may request its own jump2crypted function 422 and run_crypted function 424 . The encryption function 426 cannot directly call the text function, because it may not have been switched out from code decryption.

在步骤402,通过调用jump2crypted函数422,普通文本函数420可访问加密函数426。在步骤404,用作run_crypted函数424的封装器的jump2crypted函数422可切换到代码加密,并调用run_crypted函数424。在步骤406,run_crypted函数424调用所请求的加密函数426。不能从普通文本格式代码中直接调用加密函数,因为可能没有切换到代码解密。当使用了加密代码中几个不同段时,每段可请求自己的jump2crypted函数422和run_crypted函数424。尽管如此,在步骤408,当执行完加密函数426后,将回到run_crypted函数424。在步骤410,run_crypted函数424将从代码解密切换出来,并返回控制到jump2crypted函数422。在步骤412,jump2crypted函数422将返回控制到呼叫普通文本格式函数420。At step 402 , plain text function 420 may access encryption function 426 by calling jump2crypted function 422 . At step 404 , the jump2crypted function 422 acting as a wrapper for the run_crypted function 424 may switch to code encryption and call the run_crypted function 424 . At step 406 , the run_crypted function 424 calls the requested encryption function 426 . Encryption functions cannot be called directly from plain text format code because there may not be a switch to code decryption. When several different segments of the encrypted code are used, each segment may request its own jump2crypted function 422 and run_crypted function 424 . However, in step 408, after the encryption function 426 is executed, it will return to the run_crypted function 424. At step 410 , the run_crypted function 424 will switch out of code decryption and return control to the jump2crypted function 422 . At step 412 , the jump2crypted function 422 will return control to the call to the normal text format function 420 .

依据本发明的一个实施例,当系统在安全模式下运行时,存储的加密代码可在执行过程中动态地解密。安全模式下使用的代码解密可在存储行上工作,例如32字节宽的存储行。这些存储行不包含数据或普通文本格式代码,因为这可能在运行过程中引发错误的代码解密。可使用工具例如MetaWareTM来分离存储器中的普通文本格式代码、加密代码和数据。可使用连接器例如MetaWareTM连接器为每种类型的代码自动分配需要的存储量。According to an embodiment of the present invention, when the system is running in a secure mode, the stored encrypted code can be dynamically decrypted during execution. The code decryption used in secure mode works on memory lines, for example 32 bytes wide. These storage lines do not contain data or code in plain text format, as this could lead to erroneous code decryption during runtime. A tool such as MetaWare( TM) can be used to separate plain text code, encrypted code and data in memory. The required amount of storage can be automatically allocated for each type of code using a linker such as a MetaWare( TM) linker.

为能以受控方式启用/禁用代码解密,可使用实时中断指令(rti)来进入包含加密代码的存储段。可使用加密函数直接调用其他加密函数,但不能调用普通文本格式函数。可在存储段内执行代码加密,其中每个存储段可以是加密后的或普通文本格式的。代码可以进行加密,但数据不能。加密后的代码和数据不能混合在同一存储行中,例如开始于32的倍数的32个连续地址,这是因为在程序执行过程中数据可能发生变化并改变代码解密。因为在使用切换指令时代码可能未进行适当的解密,这是因为需要的查找表是存储在数据高速缓存中而非指令高速缓存中,这时可使用分支指令或判断指令来代替切换指令。在运行加密代码过程中,中断将被禁用,因为他们未能正确的切换到代码解密或从代码解密中切换出来。jump2crypted函数422可包括适当的逻辑和/或代码,用于禁用任何中断,而run_crypted函数424可包括适当的逻辑和/或代码,用于恢复操作的前一状态。To enable/disable code decryption in a controlled manner, a real-time interrupt instruction (rti) can be used to access the memory segment containing the encrypted code. Encryption functions can be used to directly call other encryption functions, but plain text format functions cannot be called. Code encryption can be performed within buckets, where each bucket can be in encrypted or plain text format. Code can be encrypted, but data cannot. Encrypted code and data cannot be mixed in the same memory row, such as 32 consecutive addresses starting at a multiple of 32, because the data may change during program execution and change the code decryption. Because the code may not be decrypted properly when using a switch instruction because the required lookup table is stored in the data cache rather than the instruction cache, a branch or predicate instruction can be used instead of the switch instruction. Interrupts will be disabled during the running of encrypted code because they fail to switch to and from code decryption properly. The jump2crypted function 422 may include appropriate logic and/or code to disable any interrupts, while the run_crypted function 424 may include appropriate logic and/or code to restore a previous state of operation.

加密代码中的常数数组不会被加密,因为他们存储在数据寄存器中。可使用函数来代替该常数数组,通过访问该常数数组索引来返回常数值。随后通过使用移动或存储命令存储该常数的立即值以实现堆该常数数组的加密。Constant arrays in encrypted code are not encrypted because they are stored in data registers. Instead of this constant array, a function can be used that returns a constant value by accessing the constant array index. Encryption of the constant array is then achieved by storing the immediate value of the constant using a move or store command.

可使用连接器例如metaware连接器依据安全模式放的要求调整该代码。对于所有加密的代码,可在高级代码文件中定义独立的段。例如,可将下面的代码段插入到命令文件中,这将产生一个特殊的存储区,例如加密代码的所要求大小的.cypt文件。This code can be adjusted according to the requirements of the security model using a linker such as the metaware linker. For all encrypted codes, separate sections can be defined in the high-level code file. For example, the following code segment can be inserted into the command file, which will generate a special storage area, such as a .cypt file of the required size for the encrypted code.

.dontuse ALIGN(32)BLOCK(32):{.=.+32;}>RAM.dont use ALIGN(32)BLOCK(32):{.=.+32;}>RAM

.crypt?ALIGN(32)BLOCK(32):{*(TYPE text)}>RAM.crypt? ALIGN(32)BLOCK(32):{*(TYPE text)}>RAM

存储区.crypt可按地址排列,并在存在加密代码时生成。在普通文本代码的末端和加密代码之间生成一个未用的存储行,例如32字节存储行,来防止破坏代码解密。例如,可选择存储在存储器空间.crypt内的C代码,将其插入到程序#pragma code(“.crypt)和#pragma code()之间。当对包含该程序的加密代码的模块进行编译时,连接器开关例如each_function_in_its_own_section将被切断。可使用驱动器选择例如-Hldopt=-m来检查加密代码是否已经移至加密段,该驱动器选择可生成所有段的存储器映射表。可使用程序例如C程序encrypt_code.c来对代码进行加密。该程序可获取存储器中加密代码的开始地址和结束地址,以及作为该程序参数的二进制格式的存储器内容。Storage.crypt can be arranged by address and generated when encrypted code is present. An unused memory line, such as a 32-byte memory line, is generated between the end of the plain text code and the encrypted code to prevent broken code decryption. For example, the C code stored in the memory space .crypt can be selected and inserted between the program #pragma code(“.crypt) and #pragma code(). When compiling the module containing the encrypted code of the program , the linker switch such as each_function_in_its_own_section will be cut off. You can check whether the encryption code has been moved to the encryption section using a driver selection such as -Hldopt=-m, which can generate a memory map of all sections. A program such as the C program encrypt_code can be used .c to encrypt the code. This program can obtain the start address and end address of the encrypted code in the memory, as well as the memory content in binary format as the program parameter.

图5是依据本发明一个实施例在移动通信过程中对数据进行保护的流程图。如图5所示,该流程开始于步骤502。在步骤504,普通文本格式代码的解密可以处于可用状态,也可以处于禁用状态。在步骤506,执行普通文本格式代码或解密数据的哈希操作,并对结果进行检查以确定该普通文本格式代码是否被修改。在步骤508,隐藏解密密钥的位置。在步骤510,将该解密密钥以只写形式存储在硬件中或代码的加密部分中。在步骤512,使用该解密密钥对算法进行解密。在步骤514,当指令进入指令高速缓存时,对该指令进行解密。当指令进入指令高速缓存例如指令高速缓存模块306(图3)时,可使用移动多媒体处理器(MMP)101a(图1A)对加密算法的指令进行解密。在步骤516,使用至少一个中断将代码解密切换至开/关(ON/OFF)状态。在步骤518,数据将在软件中解密。然后跳到结束步骤520。Fig. 5 is a flowchart of data protection during mobile communication according to an embodiment of the present invention. As shown in FIG. 5 , the process starts at step 502 . In step 504, the decryption of plain text format codes may be enabled or disabled. At step 506, a hash operation of the plain text format code or the decrypted data is performed and the result is checked to determine whether the plain text format code has been modified. In step 508, the location of the decryption key is concealed. At step 510, the decryption key is stored in hardware or in an encrypted portion of the code in write-only form. At step 512, the algorithm is decrypted using the decryption key. In step 514, the instruction is decrypted as it enters the instruction cache. The instructions of the encryption algorithm may be decrypted using the mobile multimedia processor (MMP) 101a (FIG. 1A) when the instructions enter an instruction cache, such as the instruction cache module 306 (FIG. 3). At step 516, code decryption is switched ON/OFF using at least one interrupt. At step 518, the data will be decrypted in software. Then jump to end step 520 .

依据本发明的一个实施例,一种在移动通信过程中保护数据的方法和系统包括移动多媒体处理器(MMP)101a(图1A),对硬件中的经加密的算法进行解密。移动多媒体处理器例如MMP 101a可使用经解密的算法来解密软件中的数据。移动多媒体处理器(MMP)101a可在指令进入指令高速缓存例如指令高速缓存模块306时解密该经加密的算法的指令。指令高速缓存模块306(图3)用于暂时存储指令,以供指令获取模块310进行快速访问。存储在指令高速缓存模块306中的数据为256字节宽。移动多媒体处理器例如MMP 101a可执行经解密的数据的哈希操作并对哈希操作的结果进行校验,以实现对经解密的数据的保护。According to one embodiment of the present invention, a method and system for protecting data during mobile communication includes a mobile multimedia processor (MMP) 101a (FIG. 1A) that decrypts encrypted algorithms in hardware. A mobile multimedia processor such as MMP 101a can use the decrypted algorithm to decrypt data in software. The mobile multimedia processor (MMP) 101a may decrypt the encrypted algorithm's instructions when the instructions enter an instruction cache, such as instruction cache module 306 . The instruction cache module 306 ( FIG. 3 ) is used to temporarily store instructions for fast access by the instruction fetch module 310 . Data stored in instruction cache module 306 is 256 bytes wide. The mobile multimedia processor, such as MMP 101a, can perform a hash operation on the decrypted data and verify the result of the hash operation, so as to protect the decrypted data.

移动多媒体处理器,例如MMP 101a,可将经加密的算法的解密密钥以只写形式存储在硬件中。移动多媒体处理器,例如MMP 101a,可使用存储的解密密钥来解密硬件中的经加密的算法。移动多媒体处理器,例如MMP 101a,可修改经加密的算法中的指令。移动多媒体处理器,例如MMP 101a,可隐藏存储的解密或DRM密钥的存储位置。移动多媒体处理器,例如MMP 101a,可在对经加密的算法进行解密前禁用至少一个中断。移动多媒体处理器,例如MMP 101a,可在对经加密的算法进行解密后启用至少一个中断。移动多媒体处理器,例如MMP 101a,可在解密的数据和解密的算法之间插入一个未用存储行,来防止解密的数据的损坏。A mobile multimedia processor, such as the MMP 101a, may store the encrypted algorithm's decryption key in write-only form in hardware. A mobile multimedia processor, such as MMP 101a, can use the stored decryption key to decrypt the encrypted algorithm in hardware. A mobile multimedia processor, such as MMP 101a, can modify the instructions in the encrypted algorithm. A mobile multimedia processor, such as the MMP 101a, may hide the stored decryption or storage location of the DRM key. A mobile multimedia processor, such as MMP 101a, can disable at least one interrupt before decrypting the encrypted algorithm. A mobile multimedia processor, such as MMP 101a, may enable at least one interrupt after decrypting the encrypted algorithm. A mobile multimedia processor, such as MMP 101a, may insert an unused memory line between the decrypted data and the decrypted algorithm to prevent corruption of the decrypted data.

因此,本发明可由硬件、软件或者硬软件的结合来实现。本发明可在至少一个计算机系统中以集中的方式实现,或者以不同部件分布在几个交互连接的计算机系统中的分布式方式实现。任何种类的计算机系统或其他能够实现本发明的方法的设备都是适用的。硬件、软件和固件的一个典型结合是具有计算机程序的通用计算机系统,当该计算机程序被上载并执行时,控制该计算机系统以便实现本发明所述的方法。Therefore, the present invention can be realized by hardware, software, or a combination of hardware and software. The invention can be implemented in a centralized fashion in at least one computer system, or in a distributed fashion where different components are distributed over several interconnected computer systems. Any kind of computer system or other device capable of implementing the method of the present invention is applicable. A typical combination of hardware, software and firmware is a general purpose computer system with a computer program that, when loaded and executed, controls the computer system so as to carry out the methods described herein.

本发明还可嵌入包括有能够实现所述方法的各种特征的计算机程序产品中,当该程序加载到计算机系统中时能够实现本申请所述的方法。本文中所述的计算机程序是指,例如,以任何语言、代码或符号表示的一组指令,能够直接使具有信息处理能力的系统执行特定功能,或者经过以下一种或各种处理后使具有信息处理能力的系统执行特定功能:a)转换成另一种语言、代码或符号;b)以不同的材料复制。但是,本领域的普通技术人员可知的其他计算机程序的实现方法也可用于本发明。The present invention can also be embedded in a computer program product including various features capable of implementing the method, and when the program is loaded into a computer system, the method described in this application can be implemented. The computer program mentioned in this article refers to, for example, a set of instructions expressed in any language, code or symbol, which can directly cause a system with information processing capabilities to perform specific functions, or make a system with A system of information processing capabilities that performs a specific function: a) conversion into another language, code, or symbol; b) reproduction in a different material. However, other implementation methods of computer programs known to those skilled in the art can also be used in the present invention.

以上已结合一定的实施例对本发明进行了描述,本领域的普通技术人员可知,可对本发明进行各种改变或等同替换而并不脱离本发明的范围。此外,根据本发明的教导进行的以适应特定的环境或材料的各种修改也并未脱离本发明的范围。因此,本发明并不限于公开的具体实施例,本发明包括落入权利要求范围内的所有实施例。The present invention has been described above in conjunction with certain embodiments. Those skilled in the art will know that various changes or equivalent replacements can be made to the present invention without departing from the scope of the present invention. In addition, various modifications to adapt a particular environment or material to the teachings of the invention do not depart from the scope of the invention. Therefore, it is intended that the invention not be limited to the particular embodiments disclosed, but that the invention includes all embodiments falling within the scope of the claims.

本申请全文引用并要求申请日为2005年2月12日的美国临时专利申请No.60/652439(代理案号为No.16433US01)。This application cites in its entirety and claims US Provisional Patent Application No. 60/652439 (Attorney Docket No. 16433US01) filed February 12, 2005.

本申请全文引用同期申请的美国专利申请No.____________(代理案号为No.16435US02)。This application cites the US Patent Application No.____________ (attorney case No. 16435US02) filed at the same time in its entirety.

Claims (10)

1, a kind of in mobile communication process the method for protected data, it is characterized in that described method comprises:
Encrypted algorithm in the deciphering Multimedia Mobile processor hardware;
Use the data in the software that the algorithm deciphering after the described deciphering handled by described mobile multimedia processor;
Between described algorithm after decrypted data and described deciphering, insert one and do not use storage line, to prevent described damage through decrypted data.
2, method according to claim 1 is characterized in that, described method also comprises: when the instruction entry instruction high-speed cache of described encrypted algorithm, decipher described instruction.
3, method according to claim 1 is characterized in that, described method also comprises:
By to described through decrypted data carry out Hash operate protect described through decrypted data;
The result of the described Hash operation of verification.
4, method according to claim 1 is characterized in that, comprises that also the decruption key with described encrypted algorithm is stored in the described mobile multimedia processor hardware only to write form.
5, method according to claim 4 is characterized in that, described method also comprises: use the decruption key of described storage that the described encrypted algorithm in the described mobile multimedia processor hardware is decrypted.
6, a kind of in mobile communication process the system of protected data, described system comprises:
Mobile multimedia processor is deciphered the encrypted algorithm in the described mobile multimedia processor hardware;
Described mobile multimedia processor uses the data in the software that the algorithm deciphering after the described deciphering handled by described mobile multimedia processor, and between described algorithm after decrypted data and described deciphering, insert one not with storage line to prevent described damage through decrypted data.
7, system according to claim 6 is characterized in that, described mobile multimedia processor is deciphered described instruction when the instruction entry instruction high-speed cache of described encrypted algorithm.
8, system according to claim 6 is characterized in that, described mobile multimedia processor by to described through decrypted data carry out Hash operate protect described through decrypted data, and the result of the described Hash operation of verification.
9, system according to claim 6 is characterized in that, described mobile multimedia processor is stored in the decruption key of described encrypted algorithm in the described mobile multimedia processor hardware only to write form.
10, system according to claim 6 is characterized in that, described mobile multimedia processor uses the decruption key of described storage that the described encrypted algorithm in the described mobile multimedia processor hardware is decrypted.
CNB2006100088253A 2005-02-12 2006-02-13 The method and system of protected data in mobile communication process Expired - Fee Related CN100556166C (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US65243905P 2005-02-12 2005-02-12
US60/652,439 2005-02-12
US11/302,930 2005-12-14

Publications (2)

Publication Number Publication Date
CN1825999A CN1825999A (en) 2006-08-30
CN100556166C true CN100556166C (en) 2009-10-28

Family

ID=36936373

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2006100088253A Expired - Fee Related CN100556166C (en) 2005-02-12 2006-02-13 The method and system of protected data in mobile communication process

Country Status (1)

Country Link
CN (1) CN100556166C (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109299945B (en) * 2017-07-24 2020-10-09 深圳荆虹科技有限公司 Identity verification method and device based on biological recognition algorithm

Also Published As

Publication number Publication date
CN1825999A (en) 2006-08-30

Similar Documents

Publication Publication Date Title
USRE48323E1 (en) Media processing method and device
US20230084049A1 (en) Less-secure processors, integrated circuits, wireless communications apparatus, methods for operation thereof, and methods for manufacturing thereof
US7877528B2 (en) System method for I/O pads in mobile multimedia processor (MMP) that has bypass mode wherein data is passed through without being processed by MMP
EP1691297B1 (en) Method and system for input/output pads in a mobile multimedia processor
EP1691314A2 (en) Method and system for data protection in a mobile multimedia processor
US20060056620A1 (en) Processes, circuits, devices, and systems for encryption and decryption and other purposes, and processes of making
US9344747B2 (en) Mobile payTV DRM architecture
EP2596594A2 (en) Mechanism for partial encryption of data streams
US10104342B2 (en) Techniques for secure provisioning of a digital content protection scheme
US7610427B2 (en) Functional module card for transferring digital broadcasting signal using a clock generated based on a synchronous signal extracted from a received data signal
CN112948840A (en) Access control device and processor comprising same
US20060182149A1 (en) Method and system for mobile multimedia processor supporting rate adaptation and mode selection
JP2000236358A (en) Data transfer device, data transfer system and recording medium
US7793007B2 (en) Method and system for deglitching in a mobile multimedia processor
CN100556166C (en) The method and system of protected data in mobile communication process
US20060227756A1 (en) Method and system for securing media content in a multimedia processor

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20180511

Address after: Singapore Singapore

Patentee after: Avago Technologies General IP (Singapore) Pte. Ltd.

Address before: california

Patentee before: BROADCOM Corp.

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20190828

Address after: Singapore Singapore

Patentee after: Avago Technologies General IP (Singapore) Pte. Ltd.

Address before: Singapore Singapore

Patentee before: Avago Technologies General IP (Singapore) Pte. Ltd.

CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20091028

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载