利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

95 条记录 (耗时 0.045 秒)

    Method and device for speeding up key use in key management software with tree structure
    21.
    发明授权
    Method and device for speeding up key use in key management software with tree structure 有权
    用于树结构的密钥管理软件中加密密钥使用的方法和装置

    公开(公告)号:US08223972B2

    公开(公告)日:2012-07-17

    申请号:US12146255

    申请日:2008-06-25

    申请人: Takayuki Ito Hideki Matsushima Hisashi Takayama Tomoyuki Haga Yuichi Futa Manabu Maeda

    发明人: Takayuki Ito Hideki Matsushima Hisashi Takayama Tomoyuki Haga Yuichi Futa Manabu Maeda

    IPC分类号: H04L9/00

    CPC分类号: H04L9/0836 H04L9/088

    摘要: In the key management software having a key database with a tree structure, a high-speed data encryption/decryption process is achieved by changing the tree structure without reducing the security strength when deleting or adding a key from/to the tree structure. The key management software having the key database with the tree structure, when deleting or adding a key from/to the tree structure, refers to the encryption strength comparison table and the process time comparison table to change the tree structure without reducing the security strength. This reduces the number of times an encrypted key is loaded onto the encryption/decryption processing device during the data encryption/decryption process, thus achieving a high-speed data encryption/decryption.

    摘要翻译: 在具有树结构的密钥数据库的密钥管理软件中,通过在从树结构中删除或添加密钥时改变树结构而不降低安全强度来实现高速数据加密/解密处理。 具有树结构的密钥数据库的密钥管理软件在从树结构中删除或添加密钥时,参考加密强度比较表和处理时间比较表来改变树结构而不降低安全强度。 这减少了在数据加密/解密处理期间将加密密钥加载到加密/解密处理设备上的次数,从而实现高速数据加密/解密。

    INFORMATION PROCESSING APPARATUS
    23.
    发明申请
    INFORMATION PROCESSING APPARATUS 审中-公开
    信息处理装置

    公开(公告)号:US20110289294A1

    公开(公告)日:2011-11-24

    申请号:US13147208

    申请日:2010-10-29

    申请人: Manabu Maeda Takayuki Ito Tomoyuki Haga Hideki Matsushima

    发明人: Manabu Maeda Takayuki Ito Tomoyuki Haga Hideki Matsushima

    IPC分类号: G06F12/14

    CPC分类号: G06F21/74 G06F12/1466 G06F12/1491

    摘要: An information processing apparatus includes: a CPU (1201) that has, as an operating mode, a privileged mode and an unprivileged mode; a trusted memory (1270) that stores protected data, the protected data being accessed when the CPU (1201) is in the unprivileged mode; and a trusted memory control unit (1203) that controls access to the trusted memory (1270). When the CPU (1201) accesses the trusted memory (1270), the trusted memory control unit (1203) determines the operating mode of the CPU (1201) and, in the case where the operating mode of the CPU (1201) is the unprivileged mode, denies the access to the trusted memory (1270) by the CPU (1201).

    摘要翻译: 信息处理设备包括:具有作为操作模式的特权模式和非特权模式的CPU(1201); 存储受保护数据的可信存储器(1270),当所述CPU(1201)处于非特权模式时被保护的数据被访问; 以及控制对可信存储器(1270)的访问的可信存储器控制单元(1203)。 当CPU(1201)访问可信存储器(1270)时,可信存储器控制单元(1203)确定CPU(1201)的操作模式,并且在CPU(1201)的操作模式是无特权的情况下 模式,拒绝CPU(1201)对可信存储器(1270)的访问。

    Computer system and program creating device
    24.
    发明授权
    Computer system and program creating device 有权
    计算机系统和程序创建设备

    公开(公告)号:US07962746B2

    公开(公告)日:2011-06-14

    申请号:US11915198

    申请日:2006-05-30

    申请人: Tomoyuki Haga Hiroshi Okuyama Hideki Matsushima Yoshikatsu Ito Shigehiko Kimura Yasuki Oiwa Takafumi Kagawa

    发明人: Tomoyuki Haga Hiroshi Okuyama Hideki Matsushima Yoshikatsu Ito Shigehiko Kimura Yasuki Oiwa Takafumi Kagawa

    IPC分类号: H04L29/06

    CPC分类号: G06F9/468 G06F21/74

    摘要: A mobile telephone includes a CPU that obtains and decodes instructions included in an OS, a nonsecure program, a switch device driver, and a secure program, and operates according to the decoding results. A memory includes a controlled area and an uncontrollable area. The OS has only the controlled area as its access space, and includes an instruction for mediating access of the nonsecure program to the controlled area and an instruction for instructing the switch device driver to make a switch to the secure program. The nonsecure program includes an instruction to access the controlled area via the OS. The switch device driver includes an instruction to make a switch from execution of the OS to execution of the secure program in response to an instruction of the OS. The secure program has only the uncontrollable area as its access space, and includes an instruction to access the uncontrollable area.

    摘要翻译: 移动电话包括获取并解码包括在OS中的指令,非安全程序,开关设备驱动程序和安全程序的CPU,并且根据解码结果进行操作。 存储器包括受控区域和不可控区域。 OS仅具有受控区域作为其访问空间,并且包括用于调停非安全程序到受控区域的访问的指令以及用于指示交换机设备驱动程序切换到安全程序的指令。 非安全程序包括通过操作系统访问受控区域的指令。 开关设备驱动器包括响应于OS的指令从OS的执行切换到安全程序的执行的指令。 安全程序只有不可控制的区域作为其访问空间,并且包括访问不可控区域的指令。

    KEY MIGRATION DEVICE
    25.
    发明申请
    KEY MIGRATION DEVICE 审中-公开
    主要移动设备

    公开(公告)号:US20110081017A1

    公开(公告)日:2011-04-07

    申请号:US12993931

    申请日:2009-05-25

    申请人: Hideki Matsushima Hisashi Takayama Yuichi Futa Takayuki Ito Tomoyuki Haga

    发明人: Hideki Matsushima Hisashi Takayama Yuichi Futa Takayuki Ito Tomoyuki Haga

    IPC分类号: H04L9/00

    CPC分类号: H04L9/0836 H04L9/088

    摘要: Provided is a key migration device which can securely and reliably control the migration of keys. A migration authority (101) fetches a generation level which is the security level of a first electronic terminal (3011) and an output destination level which is the security level of a third electronic terminal (3013), decides whether the relationship between the generation level and the output destination level satisfies a predetermined condition when a request for fetching a collection of keys is received from the third electronic terminal (3013), outputs the key generated by the first electronic terminal (3011) among the collection of keys to the third electronic terminal (3013) if the predetermined condition is fulfilled, and restricts output to the third electronic terminal (3013) of the key generated by the first electronic terminal (3011) among the collection of keys if the predetermined condition is not fulfilled.

    摘要翻译: 提供了一种可以安全可靠地控制密钥迁移的密钥迁移设备。 移动机构(101)取出作为第一电子终端(3011)的安全级别的生成级别和作为第三电子终端(3013)的安全级别的输出目的地级别,决定生成级别 并且当从第三电子终端(3013)接收到提取密钥集合的请求时,输出目的地级别满足预定条件,将由第一电子终端(3011)生成的密钥输出到第三电子邮件集合 如果满足预定条件,并且如果不满足预定条件,则在密钥集合中限制由第一电子终端(3011)生成的密钥的输出到第三电子终端(3013)的终端(3013)。

    INFORMATION PROCESSING DEVICE, AUTHENTICATION SYSTEM, AUTHENTICATION DEVICE, INFORMATION PROCESSING METHOD, INFORMATION PROCESSING PROGRAM, RECORDING MEDIUM, AND INTEGRATED CIRCUIT
    26.
    发明申请
    INFORMATION PROCESSING DEVICE, AUTHENTICATION SYSTEM, AUTHENTICATION DEVICE, INFORMATION PROCESSING METHOD, INFORMATION PROCESSING PROGRAM, RECORDING MEDIUM, AND INTEGRATED CIRCUIT 有权
    信息处理设备,认证系统,认证设备,信息处理方法,信息处理程序,记录介质和集成电路

    公开(公告)号:US20110072266A1

    公开(公告)日:2011-03-24

    申请号:US12992699

    申请日:2009-10-09

    申请人: Hisashi Takayama Hideki Matsushima Takayuki Ito Tomoyuki Haga Kenneth Alexander Nicolson

    发明人: Hisashi Takayama Hideki Matsushima Takayuki Ito Tomoyuki Haga Kenneth Alexander Nicolson

    IPC分类号: G06F21/22

    CPC分类号: H04L9/3247 G06F21/445 G06F2221/2129 H04L9/3263 H04L2209/60 H04L2209/68 H04L2209/80

    摘要: The present invention provides an information processing device, an authentication system, etc. that save a server the trouble of updating a database, etc., even when a software module in a client device is updated, and that are capable of verifying whether software modules that have been started in the client device are valid. The terminal device A100 holds private keys 1 and 2, and performs authentication processing with the terminal device B101 using the private key 2. The private key 1 has been encrypted such that the private key 1 is decryptable only when secure boot is completed. The private key 2 has been encrypted such that the private key 2 is decryptable using the private key 1 only when the application module X that has been started is valid. When the authentication processing is successful, the terminal device B101 verifies that the terminal device A100 has completed secure boot and the application module X that has been started in the terminal device A100 is valid. Also, the terminal device B101 performs the authentication processing using the same private key 2, regardless of whether a program pertaining to the secure boot of the terminal device A100 is updated or not.

    摘要翻译: 本发明提供一种信息处理装置,认证系统等,其即使在客户端装置中的软件模块被更新时也能够保存服务器更新数据库等的故障,并且能够验证软件模块 已经在客户端设备中启动的是有效的。 终端装置A100保持私有密钥1和2,并使用专用密钥2对终端装置B101进行认证处理。专用密钥1已被加密,使得专用密钥1仅在安全引导完成时被解密。 专用密钥2已经被加密,使得仅当已经启动的应用模块X有效时,私钥2可以使用专用密钥1被解密。 当认证处理成功时,终端装置B101验证终端装置A100是否已经完成安全引导,并且已经在终端装置A100中启动的应用模块X有效。 此外,终端装置B101使用相同的私钥2执行认证处理,而不管终端装置A100的安全引导有关的程序是否被更新。

    FALSIFICATION DETECTING SYSTEM, FALSIFICATION DETECTING METHOD, FALSIFICATION DETECTING PROGRAM, RECORDING MEDIUM, INTEGRATED CIRCUIT, AUTHENTICATION INFORMATION GENERATING DEVICE AND FALSIFICATION DETECTING DEVICE
    28.
    发明申请
    FALSIFICATION DETECTING SYSTEM, FALSIFICATION DETECTING METHOD, FALSIFICATION DETECTING PROGRAM, RECORDING MEDIUM, INTEGRATED CIRCUIT, AUTHENTICATION INFORMATION GENERATING DEVICE AND FALSIFICATION DETECTING DEVICE 有权
    伪造检测系统,伪造检测方法,伪造检测程序,记录介质,集成电路,认证信息生成装置和伪造检测装置

    公开(公告)号:US20100162352A1

    公开(公告)日:2010-06-24

    申请号:US12377040

    申请日:2007-11-07

    申请人: Tomoyuki Haga Hideki Matsushima Takayuki Ito Manabu Maeda Taichi Sato

    发明人: Tomoyuki Haga Hideki Matsushima Takayuki Ito Manabu Maeda Taichi Sato

    IPC分类号: G06F21/22

    CPC分类号: G06F21/64 G06F21/51

    摘要: A tamper detection device detects tampering with a program loaded to memory, at high speed and without compromising the safety. Prior to loading of a program, a dividing-size determining unit 12 determines a block size based on random number information, a dividing unit 13 divides the program by the block size into data blocks, and a first conversion unit 14 converts, by conducting a logical operation, the data blocks into intermediate authentication data no greater than the block size, and a second conversion unit 15 conducts a second conversion on the intermediate authentication data to generate authentication data. The authentication data and the block size are stored. After the program loading, a program resulting from the loading is divided by the block size, followed by the first and second conversions to generate comparative data. The comparative data is compared with the authentication data to detect tampering of the loaded program.

    摘要翻译: 篡改检测装置可以高速地检测加载到存储器的程序的篡改,而不会影响安全性。 在加载程序之前,分割尺寸确定单元12基于随机数信息确定块大小,分割单元13将程序除以块大小分成数据块,第一转换单元14通过执行 逻辑运算,将数据块转换成不大于块大小的中间认证数据,第二转换单元15对中间认证数据进行第二转换以生成认证数据。 存储认证数据和块大小。 在程序加载之后,由加载产生的程序除以块大小,然后进行第一次和第二次转换以生成比较数据。 将比较数据与认证数据进行比较,以检测加载的程序的篡改。

    SECURE BOOT WITH OPTIONAL COMPONENTS METHOD
    29.
    发明申请
    SECURE BOOT WITH OPTIONAL COMPONENTS METHOD 有权
    安全启动与可选组件方法

    公开(公告)号:US20090320110A1

    公开(公告)日:2009-12-24

    申请号:US12484537

    申请日:2009-06-15

    申请人: Kenneth Alexander Nicolson Hideki Matsushima Hisashi Takayama Takayuki Ito Tomoyuki Haga Manabu Maeda

    发明人: Kenneth Alexander Nicolson Hideki Matsushima Hisashi Takayama Takayuki Ito Tomoyuki Haga Manabu Maeda

    IPC分类号: G06F21/00 H04L9/32

    CPC分类号: G06F21/57 H04L9/3268 H04L2209/80

    摘要: A method is executed which is for managing the optional trusted components that are active within a device, such that the device itself controls the availability of trusted components. The device includes: a storing unit which stores a plurality of pieces of software and a plurality of certificates; a receiving unit which receives the certificates; and a selecting unit which selects one of the certificates. The device further includes an executing unit which verifies an enabled one of the plurality of pieces of software using the selected and updated one of the certificates.

    摘要翻译: 执行用于管理在设备内活动的可选可信组件的方法,使得设备本身控制可信组件的可用性。 该装置包括:存储单元,存储多个软件和多个证书; 接收证书的接收单元; 以及选择单元,其选择证书之一。 该设备还包括执行单元,其使用所选择和更新的一个证书来验证多个软件中启用的一个软件。

    ELECTRONIC DEVICE, UPDATE SERVER DEVICE, KEY UPDATE DEVICE
    30.
    发明申请
    ELECTRONIC DEVICE, UPDATE SERVER DEVICE, KEY UPDATE DEVICE 有权
    电子设备,更新服务器设备,密钥更新设备

    公开(公告)号:US20090193521A1

    公开(公告)日:2009-07-30

    申请号:US11914918

    申请日:2006-05-30

    申请人: Hideki Matsushima Takafumi Kagawa Tomoyuki Haga Hiroshi Okuyama Shigehiko Kimura Yasuki Oiwa Yoshikatsu Ito

    发明人: Hideki Matsushima Takafumi Kagawa Tomoyuki Haga Hiroshi Okuyama Shigehiko Kimura Yasuki Oiwa Yoshikatsu Ito

    IPC分类号: G06F11/00 G06F9/44 H04L9/00 G06F21/24 G06F21/22 G06F13/00

    CPC分类号: H04L9/0891 G06F11/1433 G06F21/57 G06F21/64 G06F21/86 G06F2221/2129 H04L63/123 H04L63/1441 H04L67/34 H04L2209/80

    摘要: The present invention offers an electronic device that reduces the amount of data for communication required when files pertaining to software are to be updated, as compared to the conventional devices, and performs tamper detection. The present invention is an electronic device having an application file pertaining to an operation of application software and updating the application file via a network. The electronic device (i) stores therein the application file including one or more data pieces, (ii) receives, from an external apparatus via the network, update data and location information indicating a location, within the application file, which is for rewrite with the update data, (iii) rewrites only part of the application file by writing over a data piece present at the indicated location with the update data, to update the application file, and (iv) examines whether the updated application file has been tampered with.

    摘要翻译: 本发明提供了一种电子设备,与常规设备相比,减少了与更新软件相关的文件所需的通信数据量,并进行了篡改检测。 本发明是一种电子设备,具有与应用软件的操作有关的应用文件,并经由网络更新应用文件。 电子设备(i)在其中存储包括一个或多个数据的应用文件,(ii)经由网络从外部设备接收更新数据和指示应用文件内的用于重写的位置的位置信息, 所述更新数据,(iii)通过使用所述更新数据写入所述指示位置处的数据段来仅重写所述应用文件的一部分,以更新所述应用文件,以及(iv)检查所更新的应用文件是否已被篡改 。