-
91.发明授权Method and device for speeding up key use in key management software with tree structure 有权用于树结构的密钥管理软件中加密密钥使用的方法和装置公开(公告)号:US08223972B2
公开(公告)日:2012-07-17
申请号:US12146255
申请日:2008-06-25
申请人: Takayuki Ito , Hideki Matsushima , Hisashi Takayama , Tomoyuki Haga , Yuichi Futa , Manabu Maeda
发明人: Takayuki Ito , Hideki Matsushima , Hisashi Takayama , Tomoyuki Haga , Yuichi Futa , Manabu Maeda
IPC分类号: H04L9/00
CPC分类号: H04L9/0836 , H04L9/088
摘要: In the key management software having a key database with a tree structure, a high-speed data encryption/decryption process is achieved by changing the tree structure without reducing the security strength when deleting or adding a key from/to the tree structure. The key management software having the key database with the tree structure, when deleting or adding a key from/to the tree structure, refers to the encryption strength comparison table and the process time comparison table to change the tree structure without reducing the security strength. This reduces the number of times an encrypted key is loaded onto the encryption/decryption processing device during the data encryption/decryption process, thus achieving a high-speed data encryption/decryption.
摘要翻译: 在具有树结构的密钥数据库的密钥管理软件中,通过在从树结构中删除或添加密钥时改变树结构而不降低安全强度来实现高速数据加密/解密处理。 具有树结构的密钥数据库的密钥管理软件在从树结构中删除或添加密钥时,参考加密强度比较表和处理时间比较表来改变树结构而不降低安全强度。 这减少了在数据加密/解密处理期间将加密密钥加载到加密/解密处理设备上的次数,从而实现高速数据加密/解密。
-
公开(公告)号:US20120102313A1
公开(公告)日:2012-04-26
申请号:US13375047
申请日:2010-07-01
申请人: Kenneth Alexander Nicolson , Hideki Matsushima , Hisashi Takayama , Takayuki Ito , Tomoyuki Haga , Manabu Maeda
发明人: Kenneth Alexander Nicolson , Hideki Matsushima , Hisashi Takayama , Takayuki Ito , Tomoyuki Haga , Manabu Maeda
IPC分类号: G06F21/00
CPC分类号: G06F21/575 , H04L9/3236 , H04L63/123 , H04W12/10
摘要: A method to allow a device to boot in a secure fashion, even though some of the components within the secure device's firmware may be not present, not authorised, or not correctly operating.
摘要翻译: 即使安全设备的固件中的某些组件可能不存在,未被授权或不正确地操作,允许设备以安全方式引导的方法。
-
公开(公告)号:US20120098518A1
公开(公告)日:2012-04-26
申请号:US13379477
申请日:2011-04-08
IPC分类号: G01R35/04
CPC分类号: G01R22/066
摘要: A detection apparatus (102) connected to a device in a residence and an electricity meter (100) indicating an amount of electric power consumed by the device in the residence, the detection apparatus (102) including: a reception unit (1021) which receives the amount of electric power from the electricity meter (100); a collection unit (1024) which collects usage status of the device; a device information holding unit (1027) which holds device information including the usage status of the device and electric power consumption of the device corresponding to the usage status; and a determination unit (1025) which determines whether or not the electricity meter (100) is tampered, by comparing an estimated electric power consumption amount with the amount of electric power received by the reception unit (1021), the estimated electric power consumption amount being estimated from the usage status of the device by using the device information, in which the determination unit (1025) determines that the electricity meter (100) is tampered, when a difference between the estimated electric power consumption amount and the amount of electric power received by the reception unit (1021) is equal to or more than a predetermined threshold.
摘要翻译: 一种连接到住宅内的装置的检测装置(102)和表示该住宅内的装置消耗的电力量的电表(100),检测装置(102)包括:接收部(1021),其接收 来自电表(100)的电力量; 收集单元(1024),其收集所述设备的使用状态; 装置信息保持单元,其保存包括与所述使用状态对应的所述装置的使用状态和所述装置的电力消耗的装置信息; 以及确定单元(1025),其通过将估计的电力消耗量与由所述接收单元(1021)接收的电力量进行比较来确定所述电表(100)是否被篡改,所述估计电力消耗量 通过使用其中确定单元(1025)确定电表(100)被篡改的设备信息,根据估计的电力消耗量和电力量之间的差异来估计设备的使用状态 由接收单元(1021)接收的信号等于或大于预定阈值。
-
94.发明申请公开(公告)号:US20120060008A1
公开(公告)日:2012-03-08
申请号:US13319692
申请日:2011-02-09
IPC分类号: G06F12/14
CPC分类号: G06F21/78 , G06F21/62 , G06F21/6245 , G06F2221/2107 , G06F2221/2111
摘要: An information processing terminal (101) includes: a storage area (206), in which general information (211) and confidential information (210) are recorded; an input/output receiving unit (201) which receives an access command to general information (211) or confidential information (210); a route information holding unit (203) in which route information is held, the route information indicating an area of activity in which access to the confidential information (210) is allowed; a current location acquisition unit (304) which acquires current location information indicating the current location of the information processing terminal (101); an access determination unit (305) which allows access to the confidential information (210) when the location of the information processing terminal (101) indicated by the current location information is in the route information; and a confidential information access unit (306) which accesses the confidential information (210) in response to the access allowance by the access determination unit (305).
摘要翻译: 信息处理终端(101)包括:记录有通用信息(211)和机密信息(210)的存储区域(206) 输入/输出接收单元(201),其接收对通用信息(211)或机密信息(210)的访问命令; 保持路径信息的路线信息保持单元(203),指示允许访问机密信息(210)的活动区域的路线信息; 当前位置获取单元(304),其获取指示信息处理终端(101)的当前位置的当前位置信息; 当由当前位置信息指示的信息处理终端(101)的位置处于路由信息中时,允许访问机密信息(210)的访问确定单元(305) 以及响应于访问确定单元(305)的访问许可访问机密信息(210)的机密信息访问单元(306)。
-
公开(公告)号:US20110289294A1
公开(公告)日:2011-11-24
申请号:US13147208
申请日:2010-10-29
申请人: Manabu Maeda , Takayuki Ito , Tomoyuki Haga , Hideki Matsushima
发明人: Manabu Maeda , Takayuki Ito , Tomoyuki Haga , Hideki Matsushima
IPC分类号: G06F12/14
CPC分类号: G06F21/74 , G06F12/1466 , G06F12/1491
摘要: An information processing apparatus includes: a CPU (1201) that has, as an operating mode, a privileged mode and an unprivileged mode; a trusted memory (1270) that stores protected data, the protected data being accessed when the CPU (1201) is in the unprivileged mode; and a trusted memory control unit (1203) that controls access to the trusted memory (1270). When the CPU (1201) accesses the trusted memory (1270), the trusted memory control unit (1203) determines the operating mode of the CPU (1201) and, in the case where the operating mode of the CPU (1201) is the unprivileged mode, denies the access to the trusted memory (1270) by the CPU (1201).
摘要翻译: 信息处理设备包括:具有作为操作模式的特权模式和非特权模式的CPU(1201); 存储受保护数据的可信存储器(1270),当所述CPU(1201)处于非特权模式时被保护的数据被访问; 以及控制对可信存储器(1270)的访问的可信存储器控制单元(1203)。 当CPU(1201)访问可信存储器(1270)时,可信存储器控制单元(1203)确定CPU(1201)的操作模式,并且在CPU(1201)的操作模式是无特权的情况下 模式,拒绝CPU(1201)对可信存储器(1270)的访问。
-
公开(公告)号:US07962746B2
公开(公告)日:2011-06-14
申请号:US11915198
申请日:2006-05-30
申请人: Tomoyuki Haga , Hiroshi Okuyama , Hideki Matsushima , Yoshikatsu Ito , Shigehiko Kimura , Yasuki Oiwa , Takafumi Kagawa
发明人: Tomoyuki Haga , Hiroshi Okuyama , Hideki Matsushima , Yoshikatsu Ito , Shigehiko Kimura , Yasuki Oiwa , Takafumi Kagawa
IPC分类号: H04L29/06
摘要: A mobile telephone includes a CPU that obtains and decodes instructions included in an OS, a nonsecure program, a switch device driver, and a secure program, and operates according to the decoding results. A memory includes a controlled area and an uncontrollable area. The OS has only the controlled area as its access space, and includes an instruction for mediating access of the nonsecure program to the controlled area and an instruction for instructing the switch device driver to make a switch to the secure program. The nonsecure program includes an instruction to access the controlled area via the OS. The switch device driver includes an instruction to make a switch from execution of the OS to execution of the secure program in response to an instruction of the OS. The secure program has only the uncontrollable area as its access space, and includes an instruction to access the uncontrollable area.
摘要翻译: 移动电话包括获取并解码包括在OS中的指令,非安全程序,开关设备驱动程序和安全程序的CPU,并且根据解码结果进行操作。 存储器包括受控区域和不可控区域。 OS仅具有受控区域作为其访问空间,并且包括用于调停非安全程序到受控区域的访问的指令以及用于指示交换机设备驱动程序切换到安全程序的指令。 非安全程序包括通过操作系统访问受控区域的指令。 开关设备驱动器包括响应于OS的指令从OS的执行切换到安全程序的执行的指令。 安全程序只有不可控制的区域作为其访问空间,并且包括访问不可控区域的指令。
-
公开(公告)号:US20110081017A1
公开(公告)日:2011-04-07
申请号:US12993931
申请日:2009-05-25
IPC分类号: H04L9/00
CPC分类号: H04L9/0836 , H04L9/088
摘要: Provided is a key migration device which can securely and reliably control the migration of keys. A migration authority (101) fetches a generation level which is the security level of a first electronic terminal (3011) and an output destination level which is the security level of a third electronic terminal (3013), decides whether the relationship between the generation level and the output destination level satisfies a predetermined condition when a request for fetching a collection of keys is received from the third electronic terminal (3013), outputs the key generated by the first electronic terminal (3011) among the collection of keys to the third electronic terminal (3013) if the predetermined condition is fulfilled, and restricts output to the third electronic terminal (3013) of the key generated by the first electronic terminal (3011) among the collection of keys if the predetermined condition is not fulfilled.
摘要翻译: 提供了一种可以安全可靠地控制密钥迁移的密钥迁移设备。 移动机构(101)取出作为第一电子终端(3011)的安全级别的生成级别和作为第三电子终端(3013)的安全级别的输出目的地级别,决定生成级别 并且当从第三电子终端(3013)接收到提取密钥集合的请求时,输出目的地级别满足预定条件,将由第一电子终端(3011)生成的密钥输出到第三电子邮件集合 如果满足预定条件,并且如果不满足预定条件,则在密钥集合中限制由第一电子终端(3011)生成的密钥的输出到第三电子终端(3013)的终端(3013)。
-
98.发明申请公开(公告)号:US20110072266A1
公开(公告)日:2011-03-24
申请号:US12992699
申请日:2009-10-09
申请人: Hisashi Takayama , Hideki Matsushima , Takayuki Ito , Tomoyuki Haga , Kenneth Alexander Nicolson
发明人: Hisashi Takayama , Hideki Matsushima , Takayuki Ito , Tomoyuki Haga , Kenneth Alexander Nicolson
IPC分类号: G06F21/22
CPC分类号: H04L9/3247 , G06F21/445 , G06F2221/2129 , H04L9/3263 , H04L2209/60 , H04L2209/68 , H04L2209/80
摘要: The present invention provides an information processing device, an authentication system, etc. that save a server the trouble of updating a database, etc., even when a software module in a client device is updated, and that are capable of verifying whether software modules that have been started in the client device are valid. The terminal device A100 holds private keys 1 and 2, and performs authentication processing with the terminal device B101 using the private key 2. The private key 1 has been encrypted such that the private key 1 is decryptable only when secure boot is completed. The private key 2 has been encrypted such that the private key 2 is decryptable using the private key 1 only when the application module X that has been started is valid. When the authentication processing is successful, the terminal device B101 verifies that the terminal device A100 has completed secure boot and the application module X that has been started in the terminal device A100 is valid. Also, the terminal device B101 performs the authentication processing using the same private key 2, regardless of whether a program pertaining to the secure boot of the terminal device A100 is updated or not.
摘要翻译: 本发明提供一种信息处理装置,认证系统等,其即使在客户端装置中的软件模块被更新时也能够保存服务器更新数据库等的故障,并且能够验证软件模块 已经在客户端设备中启动的是有效的。 终端装置A100保持私有密钥1和2,并使用专用密钥2对终端装置B101进行认证处理。专用密钥1已被加密,使得专用密钥1仅在安全引导完成时被解密。 专用密钥2已经被加密,使得仅当已经启动的应用模块X有效时,私钥2可以使用专用密钥1被解密。 当认证处理成功时,终端装置B101验证终端装置A100是否已经完成安全引导,并且已经在终端装置A100中启动的应用模块X有效。 此外,终端装置B101使用相同的私钥2执行认证处理,而不管终端装置A100的安全引导有关的程序是否被更新。
-
99.发明授权Electronic device, content reproduction control method, program, storage medium, and integrated circuit 有权电子设备,内容再现控制方法,程序,存储介质和集成电路公开(公告)号:US07792292B2
公开(公告)日:2010-09-07
申请号:US12299817
申请日:2007-05-18
IPC分类号: H04N7/167
CPC分类号: H04N21/44204 , G06F21/10 , H04N5/765 , H04N5/781 , H04N5/85 , H04N5/91 , H04N5/913 , H04N7/163 , H04N9/8205 , H04N21/4627 , H04N2005/91321 , H04N2005/91328 , H04N2005/91364
摘要: To play back a content while managing the right of use of the content, such as a total time of playback of the content, an electronic device stores right information in a right temporary storage unit 59 and judges whether or not use of the content is permitted, in a process of decoding a frame. Also, the electronic device updates the right information stored in the right temporary storage unit 59. When the frame to be played back is the one at a predetermined position in order, the electronic device stores the right information stored in the right temporary storage unit 59 into a storage area 20.
摘要翻译: 为了在管理内容的使用权的同时回放内容,例如内容的回放的总时间,电子设备将权利信息存储在右边的临时存储单元59中,并且判断是否允许内容的使用 在解码帧的过程中。 此外,电子设备更新存储在右临时存储单元59中的正确信息。当要播放的帧是按照预定位置的帧时,电子设备存储存储在右临时存储单元59中的权限信息 进入存储区域20。
-
100.发明申请公开(公告)号:US20100162352A1
公开(公告)日:2010-06-24
申请号:US12377040
申请日:2007-11-07
申请人: Tomoyuki Haga , Hideki Matsushima , Takayuki Ito , Manabu Maeda , Taichi Sato
发明人: Tomoyuki Haga , Hideki Matsushima , Takayuki Ito , Manabu Maeda , Taichi Sato
IPC分类号: G06F21/22
摘要: A tamper detection device detects tampering with a program loaded to memory, at high speed and without compromising the safety. Prior to loading of a program, a dividing-size determining unit 12 determines a block size based on random number information, a dividing unit 13 divides the program by the block size into data blocks, and a first conversion unit 14 converts, by conducting a logical operation, the data blocks into intermediate authentication data no greater than the block size, and a second conversion unit 15 conducts a second conversion on the intermediate authentication data to generate authentication data. The authentication data and the block size are stored. After the program loading, a program resulting from the loading is divided by the block size, followed by the first and second conversions to generate comparative data. The comparative data is compared with the authentication data to detect tampering of the loaded program.
摘要翻译: 篡改检测装置可以高速地检测加载到存储器的程序的篡改,而不会影响安全性。 在加载程序之前,分割尺寸确定单元12基于随机数信息确定块大小,分割单元13将程序除以块大小分成数据块,第一转换单元14通过执行 逻辑运算,将数据块转换成不大于块大小的中间认证数据,第二转换单元15对中间认证数据进行第二转换以生成认证数据。 存储认证数据和块大小。 在程序加载之后,由加载产生的程序除以块大小,然后进行第一次和第二次转换以生成比较数据。 将比较数据与认证数据进行比较,以检测加载的程序的篡改。
-
-
-
-
-
-
-
-
-
搜索结果
149 条记录 (耗时 0.046 秒)
