Abstract: An embedded system includes an interface to an external peripheral device storing secure boot code and a secure boot controller. The secure boot controller includes a secure central processing unit (CPU) having a processor core, a random access memory (RAM) coupled to the processor core, and a read only memory (ROM) coupled to the processor core. The ROM stores initialization firmware configured to manipulate the processor core to initiate transfer of a copy of the secure boot code from the external peripheral device to the RAM and to authenticate the secure boot code. The processor core further is to execute the secure boot code from the RAM to initialize the embedded system. After initialization of the embedded system is completed, the secure CPU can be repurposed to execute application code that has been stored to the RAM after initialization, the application code representing an independent software function.

Abstract: A media processing device includes a key store memory to store a plurality of cryptographic keys and a rule set memory to store a plurality of rules for the plurality of cryptographic keys. The media processing device further includes an integrity module to determine a first cyclical redundancy check (CRC) value from the plurality of rules stored in the rule set memory and compare the first CRC with a second CRC value associated with the plurality of rules. The media processing device further includes an arbitration module to prevent further access to the plurality of rules in the rule set memory responsive to the integrity verification module signaling a mismatch between the first CRC and the second CRC.

Abstract: A media processing device includes a key store memory to store a plurality of cryptographic keys and a rule set memory to store a plurality of rules for the plurality of cryptographic keys. The media processing device further includes an integrity module to determine a first cyclical redundancy check (CRC) value from the plurality of rules stored in the rule set memory and compare the first CRC with a second CRC value associated with the plurality of rules. The media processing device further includes an arbitration module to prevent further access to the plurality of rules in the rule set memory responsive to the integrity verification module signaling a mismatch between the first CRC and the second CRC.

Abstract: An embedded system includes an interface to an external peripheral device storing secure boot code and a secure boot controller. The secure boot controller includes a secure central processing unit (CPU) having a processor core, a random access memory (RAM) coupled to the processor core, and a read only memory (ROM) coupled to the processor core. The ROM stores initialization firmware configured to manipulate the processor core to initiate transfer of a copy of the secure boot code from the external peripheral device to the RAM and to authenticate the secure boot code. The processor core further is to execute the secure boot code from the RAM to initialize the embedded system. After initialization of the embedded system is completed, the secure CPU can be repurposed to execute application code that has been stored to the RAM after initialization, the application code representing an independent software function.

Abstract: A media processing device includes a one time programmable (OTP) memory to store a first set of cryptographic keys and rule set for the first set of cryptographic keys, a key store memory, and a rule set memory. The media processing device further includes an arbitration module to provision: a first segment of the key store memory to store cryptographic keys from the one-time programmable (OTP) memory; a first segment of the rule set memory to statically store rules for the cryptographic keys stored in the first segment of the key store memory; a second segment of the key store memory to store cryptographic keys; and a second segment of the rule set memory to store rules dynamically generated during operation of the media processing device for cryptographic keys stored in the second segment of the key store memory.

Abstract: A media processing device includes a one time programmable (OTP) memory to store a first set of cryptographic keys and rule set for the first set of cryptographic keys, a key store memory, and a rule set memory. The media processing device further includes an arbitration module to provision: a first segment of the key store memory to store cryptographic keys from the one-time programmable (OTP) memory; a first segment of the rule set memory to statically store rules for the cryptographic keys stored in the first segment of the key store memory; a second segment of the key store memory to store cryptographic keys; and a second segment of the rule set memory to store rules dynamically generated during operation of the media processing device for cryptographic keys stored in the second segment of the key store memory.

Abstract: A one-time programmable (OTP) memory of an integrated circuit is provisioned based on identifier data generated by a physical unclonable function (PUF) of the integrated circuit. The identifier data is used as part of cryptographic operations to secure provisioning of security information at an OTP memory of at the integrated circuit. Because of the physical characteristics of the PUF and its incorporation in the integrated circuit, the identifier information is unique to the integrated circuit. Accordingly, the provisioned security information is also unique to the integrated circuit. The OTP memory can therefore be securely provisioned at later stages of the integrated circuit manufacturing and configuration process, such as after the integrated circuit has been packaged or attached to a printed circuit board.

Abstract: A sanction server includes a network interface that receives proxy data from a content source that includes cryptographic parameters that are based on a scrambling control word used to scramble the media content, receives a request for the media content from a client device, transmits the proxy data to the client device and transmits notification data to a caching server. The content source generates cryptographic data and sends the cryptographic data and the scrambled media content to the caching server. The caching server forwards the cryptographic data and the scrambled media content to the client device. The client device generates the scrambling control word for descrambling the scrambled media content based on the proxy data and the cryptographic data.

Abstract: A sanction server includes a network interface that receives a request for media content from a client device and transmits first sanction data to a caching server and second sanction data to the client device. A sanction processing module generates the first sanction data based on a random number and generates the second sanction data based on the random number. The caching server generates first cryptographic data based on the first sanction data and sends the first cryptographic data to the client device. The client device generates second cryptographic data based on the first sanction data and sends the second cryptographic data to the caching server. The caching server generates a scrambling control word based on the first sanction data and the second cryptographic data. The client device generates the scrambling control word based on the second sanction data and the first cryptographic data.

Abstract: A client device includes a network interface that transmits a request for the media content to the sanction server, receives second sanction data from the sanction server, transmits second cryptographic data to the caching server, receives first cryptographic data from the caching server and that receives scrambled media content from the caching server. A random number generator generates a random number. A client processing module, in response to the second sanction data, generates the second cryptographic data based on the random number and the second sanction data, generates a scrambling control word based on the second sanction data and the first cryptographic data and descrambles the scrambled media content based on the scrambling control word.

Abstract: A content source includes a random number generator that generates scrambling control word based on at least one random number. A source processing module generates proxy data that includes cryptographic parameters that are based on the scrambling control word, generates cryptographic data and generates scrambled media content based on the scrambling control word. A network interface sends the proxy data to a sanction server, and sends the cryptographic data and the scrambled content to a caching server.

Abstract: A caching server includes a network interface receives first sanction data from the sanction server and transmits first cryptographic data to a client device, receives second cryptographic data from the device and that transmits scrambled media content to the client device. A random number generator generates a random number. A caching processing module, in response to the first sanction data, generates the first cryptographic data based on the random number and the first sanction data, generates a scrambling control word based on the first sanction data and the second cryptographic data and that generates the scrambled media content based on the scrambling control word.

Abstract: A sanction server includes a network interface that receives a request for media content from a client device and transmits first sanction data to a caching server and second sanction data to the client device. A sanction processing module generates the first sanction data based on a random number and generates the second sanction data based on the random number. The caching server generates first cryptographic data based on the first sanction data and sends the first cryptographic data to the client device. The client device generates second cryptographic data based on the first sanction data and sends the second cryptographic data to the caching server. The caching server generates a scrambling control word based on the first sanction data and the second cryptographic data. The client device generates the scrambling control word based on the second sanction data and the first cryptographic data.

Abstract: A caching server includes a network interface receives first sanction data from the sanction server and transmits first cryptographic data to a client device, receives second cryptographic data from the device and that transmits scrambled media content to the client device. A random number generator generates a random number. A caching processing module, in response to the first sanction data, generates the first cryptographic data based on the random number and the first sanction data, generates a scrambling control word based on the first sanction data and the second cryptographic data and that generates the scrambled media content based on the scrambling control word.

Abstract: A content source includes a random number generator that generates scrambling control word based on at least one random number. A source processing module generates proxy data that includes cryptographic parameters that are based on the scrambling control word, generates cryptographic data and generates scrambled media content based on the scrambling control word. A network interface sends the proxy data to a sanction server, and sends the cryptographic data and the scrambled content to a caching server.

Abstract: A client device includes a network interface that transmits a request for the media content to the sanction server, receives second sanction data from the sanction server, transmits second cryptographic data to the caching server, receives first cryptographic data from the caching server and that receives scrambled media content from the caching server. A random number generator generates a random number. A client processing module, in response to the second sanction data, generates the second cryptographic data based on the random number and the second sanction data, generates a scrambling control word based on the second sanction data and the first cryptographic data and descrambles the scrambled media content based on the scrambling control word.

Abstract: A sanction server includes a network interface that receives proxy data from a content source that includes cryptographic parameters that are based on a scrambling control word used to scramble the media content, receives a request for the media content from a client device, transmits the proxy data to the client device and transmits notification data to a caching server. The content source generates cryptographic data and sends the cryptographic data and the scrambled media content to the caching server. The caching server forwards the cryptographic data and the scrambled media content to the client device. The client device generates the scrambling control word for descrambling the scrambled media content based on the proxy data and the cryptographic data.

Abstract: A system and method for providing secure communication between nodes (102, 106, 107) in a wireless multihopping communication network (100). The system and method achieve secure communication in a multihopping wireless network (100) by, for example, providing a transport medium for transmission of multihopping authentication messages (400) by the infrastructure devices, such as intelligent access points (106) or wireless routers (107), and user devices, such as mobile nodes (102). The authentication messages (400) are used to verify the identity of a node (102, 107) to thus permit the node (102, 107) to communicate within the network (100). The system and method further use, for example, encryption techniques for protecting the content data packet (1000) traffic being transmitted the nodes (102, 106, 107) within the wireless network (100).

Abstract: A multi-hop wireless network includes an originator node, a proxy node, and at least one other node. The originator node generates a data packet and transmits the data packet to the proxy node. The proxy node receives and forwards to the at least one other node the data packet including an originator node address and a proxy node sequence number for an end-to-end groupcast sequence number.

Abstract: A system and method of security authentication and key management scheme in a multi-hop wireless network is provided herein with a hop-by-hop security model. The scheme adapts the 802.11r key hierarchy into the meshed AP network. In this approach, a top key holder (R0KH) derives and holds the top Pairwise Master Key (PMK—0) for each supplicant wireless device after the authentication process. All authenticator AP take the level one key holder (R1KH) role and receive the next level Pairwise Master Key (PMK—1) from R0KH. The link level data protection key is derived from PMK—1 via the 802.11i 4-way handshaking.