利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

95 条记录 (耗时 0.032 秒)

    Starts up of modules of a second module group only when modules of a first group have been started up legitimately
    12.
    发明授权
    Starts up of modules of a second module group only when modules of a first group have been started up legitimately 有权
    仅当第一组的模块合法启动时,才启动第二个模块组的模块

    公开(公告)号:US08510544B2

    公开(公告)日:2013-08-13

    申请号:US12991516

    申请日:2009-05-25

    申请人: Hisashi Takayama Hideki Matsushima Takayuki Ito Tomoyuki Haga Kenneth Alexander Nicolson Manabu Maeda

    发明人: Hisashi Takayama Hideki Matsushima Takayuki Ito Tomoyuki Haga Kenneth Alexander Nicolson Manabu Maeda

    IPC分类号: G06F9/00 G06F9/24 H04L29/06

    CPC分类号: H04L9/3263 G06F21/575 H04L9/3236 H04L2209/80

    摘要: The present invention provides an information processing apparatus that is capable of continuously performing secure boot between module groups in the case where software of a terminal device consists of module groups provided by a plurality of providers, while keeping independence between the providers. The information processing apparatus is provided with a linkage certificate that contains a first configuration comparison value, which indicates a cumulative hash value of the first module group to be started up by secure boot, and a module measurement value, which indicates a hash value of the first module of the second module group to be started up by secure boot. After the secure boot of the first module group, it is verified that the first module group has been started up by comparison with the first configuration comparison value.

    摘要翻译: 本发明提供一种信息处理装置,其能够在终端装置的软件由多个提供者提供的模块组成的情况下连续地执行模块组之间的安全引导,同时保持提供者之间的独立性。 该信息处理装置具有包含第一配置比较值的连接证书,该第一配置比较值指示通过安全引导来启动的第一模块组的累积散列值,以及指示所述第一配置比较值的散列值 第二个模块组的第一个模块通过安全启动启动。 在第一模块组的安全引导之后,通过与第一配置比较值进行比较来验证第一模块组是否被启动。

    Information processing device, authentication system, authentication device, information processing method, information processing program, recording medium, and integrated circuit
    15.
    发明授权
    Information processing device, authentication system, authentication device, information processing method, information processing program, recording medium, and integrated circuit 有权
    信息处理装置,认证系统,认证装置,信息处理方法,信息处理程序,记录介质和集成电路

    公开(公告)号:US08479000B2

    公开(公告)日:2013-07-02

    申请号:US12992699

    申请日:2009-10-09

    申请人: Hisashi Takayama Hideki Matsushima Takayuki Ito Tomoyuki Haga Kenneth Alexander Nicolson

    发明人: Hisashi Takayama Hideki Matsushima Takayuki Ito Tomoyuki Haga Kenneth Alexander Nicolson

    IPC分类号: H04L29/06 H04L9/00 H04K1/00 G06F15/177 G06F17/00 H04L12/18 H04L9/08 H04L9/32 G06F21/22

    CPC分类号: H04L9/3247 G06F21/445 G06F2221/2129 H04L9/3263 H04L2209/60 H04L2209/68 H04L2209/80

    摘要: The present invention provides an information processing device, an authentication system, etc. that save a server the trouble of updating a database, etc., even when a software module in a client device is updated, and that are capable of verifying whether software modules that have been started in the client device are valid. The terminal device A100 holds private keys 1 and 2, and performs authentication processing with the terminal device B101 using the private key 2. The private key 1 has been encrypted such that the private key 1 is decryptable only when secure boot is completed. The private key 2 has been encrypted such that the private key 2 is decryptable using the private key 1 only when the application module X that has been started is valid. When the authentication processing is successful, the terminal device B101 verifies that the terminal device A100 has completed secure boot and the application module X that has been started in the terminal device A100 is valid. Also, the terminal device B101 performs the authentication processing using the same private key 2, regardless of whether a program pertaining to the secure boot of the terminal device A100 is updated or not.

    摘要翻译: 本发明提供一种信息处理装置,认证系统等,其即使在客户端装置中的软件模块被更新时也能够保存服务器更新数据库等的故障,并且能够验证软件模块 已经在客户端设备中启动的是有效的。 终端装置A100保持私有密钥1和2,并使用专用密钥2对终端装置B101进行认证处理。专用密钥1已被加密,使得专用密钥1仅在安全引导完成时被解密。 专用密钥2已经被加密,使得仅当已经启动的应用模块X有效时,私钥2可以使用专用密钥1被解密。 当认证处理成功时,终端装置B101验证终端装置A100是否已经完成安全引导,并且已经在终端装置A100中启动的应用模块X有效。 此外,终端装置B101使用相同的私钥2执行认证处理,而不管终端装置A100的安全引导有关的程序是否被更新。

    Secure boot with optional components
    16.
    发明授权
    Secure boot with optional components 有权
    使用可选组件进行安全启动

    公开(公告)号:US08219827B2

    公开(公告)日:2012-07-10

    申请号:US12484537

    申请日:2009-06-15

    申请人: Kenneth Alexander Nicolson Hideki Matsushima Hisashi Takayama Takayuki Ito Tomoyuki Haga Manabu Maeda

    发明人: Kenneth Alexander Nicolson Hideki Matsushima Hisashi Takayama Takayuki Ito Tomoyuki Haga Manabu Maeda

    IPC分类号: H04L29/06

    CPC分类号: G06F21/57 H04L9/3268 H04L2209/80

    摘要: A method manages optional trusted components that are active within a device, such that the device itself controls the availability of trusted components. The device includes: a storing unit storing a plurality of pieces of software and a plurality of certificates; a receiving unit receiving the certificates; and a selecting unit selecting one of the certificates. The device further includes an executing unit verifying an enabled one of the plurality of pieces of software using the selected and updated one of the certificates.

    摘要翻译: 方法管理在设备内活动的可选可信组件,使得设备本身控制受信任组件的可用性。 该装置包括:存储单元,存储多个软件和多个证书; 接收单元接收证书; 以及选择单元,选择证书之一。 所述设备还包括执行单元,其使用所选择和更新的所述证书来验证所述多个软件中的启用的一个软件。

    INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, AND COMPUTER PROGRAM AND INTEGRATED CIRCUIT FOR THE REALIZATION THEREOF
    17.
    发明申请
    INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, AND COMPUTER PROGRAM AND INTEGRATED CIRCUIT FOR THE REALIZATION THEREOF 有权
    信息处理设备,信息处理方法,计算机程序和集成电路实现

    公开(公告)号:US20110066838A1

    公开(公告)日:2011-03-17

    申请号:US12991516

    申请日:2009-05-25

    申请人: Hisashi Takayama Hideki Matsushima Takayuki Ito Tomoyuki Haga Kenneth Alexander Nicolson Manabu Maeda

    发明人: Hisashi Takayama Hideki Matsushima Takayuki Ito Tomoyuki Haga Kenneth Alexander Nicolson Manabu Maeda

    IPC分类号: G06F9/24

    CPC分类号: H04L9/3263 G06F21/575 H04L9/3236 H04L2209/80

    摘要: The present invention provides an information processing apparatus that is capable of continuously performing secure boot between module groups in the case where software of a terminal device consists of module groups provided by a plurality of providers, while keeping independence between the providers. The information processing apparatus is provided with a linkage certificate that contains a first configuration comparison value 503, which indicates a cumulative hash value of the first module group to be started up by secure boot, and a module measurement value 505, which indicates a hash value of the first module of the second module group to be started up by secure boot. After the secure boot of the first module group, it is verified that the first module group has been started up by comparison with the first configuration comparison value 503. Then, the second module group is started up by secure boot by starting up the first module of the second module group whose completeness has been verified by comparison with the module measurement value 505. When a module of the first module group is updated, the linkage certificate update unit 135 updates the linkage certificate.

    摘要翻译: 本发明提供一种信息处理装置,其能够在终端装置的软件由多个提供者提供的模块组成的情况下连续地执行模块组之间的安全引导,同时保持提供者之间的独立性。 该信息处理装置设置有连接证书,该连接证书包含表示通过安全引导启动的第一模块组的累积哈希值的第一配置比较值503以及指示散列值的模块测量值505 通过安全启动来启动第二个模块组的第一个模块。 在第一模块组的安全引导之后,通过与第一配置比较值503进行比较来验证第一模块组已经被启动。然后,通过启动第一模块来启动第二模块组, 通过与模块测量值505进行比较来验证其完整性的第二模块组。当第一模块组的模块被更新时,连接证书更新单元135更新连接证书。

    SECURE BOOT TERMINAL, SECURE BOOT METHOD, SECURE BOOT PROGRAM, RECORDING MEDIUM, AND INTEGRATED CIRCUIT
    18.
    发明申请
    SECURE BOOT TERMINAL, SECURE BOOT METHOD, SECURE BOOT PROGRAM, RECORDING MEDIUM, AND INTEGRATED CIRCUIT 有权
    安全引导终端,安全引导方法,安全引导程序,记录介质和集成电路

    公开(公告)号:US20100185845A1

    公开(公告)日:2010-07-22

    申请号:US12676960

    申请日:2008-09-30

    申请人: Hisashi Takayama Hideki Matsushima Takayuki Ito Tomoyuki Haga Kenneth Alexander Nicolson

    发明人: Hisashi Takayama Hideki Matsushima Takayuki Ito Tomoyuki Haga Kenneth Alexander Nicolson

    IPC分类号: G06F21/22 G06F9/445

    CPC分类号: G06F21/575

    摘要: A terminal that performs secure boot processing when booting, thereby booting reliably even if, during updating of a software module, the power is cut off or the update is otherwise interrupted. The terminal comprises a CPU, a software module storage unit, a certificate storage unit, an updating unit for updating the software module and certificate, a security device provided with a configuration information storage unit for storing the configuration information of the software module, an alternate configuration information storage unit for storing the configuration information of a software module in the configuration before the update, and a boot control unit for verifying and executing the software module by using the certificate. The terminal verifies the certificate of the software module by comparing the configuration information stored by the configuration information storage unit with the configuration information stored by the alternate configuration information storage unit.

    摘要翻译: 在启动时执行安全引导处理的终端,即使在更新软件模块期间断电或更新被中断的情况下也可以可靠地引导。 终端包括CPU,软件模块存储单元,证书存储单元,用于更新软件模块和证书的更新单元,设置有用于存储软件模块的配置信息的配置信息存储单元的安全设备, 配置信息存储单元,用于存储在更新之前的配置中的软件模块的配置信息;以及引导控制单元,用于通过使用证书来验证和执行软件模块。 终端通过将由配置信息存储单元存储的配置信息与备用配置信息存储单元存储的配置信息进行比较来验证软件模块的证书。

    INFORMATION PROCESSOR AND METHOD FOR CONTROLLING THE SAME
    19.
    发明申请
    INFORMATION PROCESSOR AND METHOD FOR CONTROLLING THE SAME 有权
    信息处理器及其控制方法

    公开(公告)号:US20130212575A1

    公开(公告)日:2013-08-15

    申请号:US12918918

    申请日:2009-02-09

    申请人: Takayuki Ito Manabu Maeda Tomoyuki Haga Hisashi Takayama Hideki Matsushima

    发明人: Takayuki Ito Manabu Maeda Tomoyuki Haga Hisashi Takayama Hideki Matsushima

    IPC分类号: G06F9/455

    CPC分类号: G06F9/45533 G06F12/1475 G06F12/1491 G06F21/00 G06F21/30 G06F21/53

    摘要: It is an object of the present invention to provide an information processing device that verifies the authorization of an application that has issued an access request to access a device. For the present invention to fulfill the above object, when an application 102 on a universal OS issues a processing request to a secure device driver 105, a secure VMM 100 and an application identification unit 106 on a management dedicated OS 104 lock a page table of the application 102 and refer to the page table to generate a hash value. The application is determined to be authorized or unauthorized by comparing the generated hash value with a reference hash value.

    摘要翻译: 本发明的目的是提供一种信息处理设备,其验证已经发出访问设备的访问请求的应用的授权。 为了实现上述目的,为了实现上述目的,当通用OS上的应用102向安全设备驱动器105发出处理请求时,管理专用OS 104上的安全VMM100和应用识别单元106锁定 应用程序102并参考页表来生成哈希值。 通过将生成的散列值与引用散列值进行比较,确定应用程序被授权或未授权。