-
21.发明申请公开(公告)号:US20110173460A1
公开(公告)日:2011-07-14
申请号:US13119524
申请日:2009-10-07
IPC分类号: G06F12/14
CPC分类号: H04L9/0836 , H04L9/0894 , H04L2209/60
摘要: The aim is to provide high-speed data synchronization. To achieve the aim, in data synchronization using a plurality of key databases with respect to same data pieces, a key for one key database, which has been determined in advance, is used for updating the data piece managed under the other key database. This reduces the number of key decryption operations. A key management software 116, which manages a key database A120 and a key database B121 each having a tree structure, determines whether to perform data synchronization when requested by an upper-level application to perform data encryption, and performs synchronization of encrypted data by using a key of the other database which has been determined in advance. This reduces the number of times the encrypted key is loaded onto a cryptographic processing unit 114, and realizes high-speed cryptographic processing on data.
摘要翻译: 目的是提供高速数据同步。 为了实现上述目的,在使用多个密钥数据库的数据同步中,使用已经被预先确定的一个密钥数据库的密钥来更新在另一密钥数据库下管理的数据片段。 这减少了密钥解密操作的数量。 管理密钥数据库A120的密钥管理软件116和具有树状结构的密钥数据库B121,在上层应用程序请求时进行数据同步,进行数据加密,通过使用加密数据进行同步, 预先确定的其他数据库的一个关键字。 这减少了加密密钥加载到加密处理单元114上的次数,并实现对数据的高速加密处理。
-
公开(公告)号:US20100325628A1
公开(公告)日:2010-12-23
申请号:US12866311
申请日:2009-02-23
IPC分类号: G06F9/455
CPC分类号: G06F21/575
摘要: A terminal having a plurality of virtual machines in one-to-one correspondence with a plurality of stakeholders is enabled to activate in compliance with the trust dependency relation among the virtual machines and a virtual machine monitor. The terminal includes: the plurality of virtual machines in one-to-one correspondence with the plurality of stakeholders; a plurality of tamper-resistant modules in one-to-one correspondence with the virtual machines, and a management unit controlling the virtual machines and the tamper-resistant modules in mutually related manner. Each virtual machine securely boots with reference to a certificate having a trust dependency with one or other virtual machines.
摘要翻译: 具有与多个利益相关者一一对应的多个虚拟机的终端能够根据虚拟机和虚拟机监视器之间的信任依赖关系来激活。 终端包括:多个虚拟机与多个利益相关者一一对应; 与虚拟机一一对应的多个防篡改模块,以及以相互关联的方式控制虚拟机和防篡改模块的管理单元。 参考具有与一个或其他虚拟机的信任依赖关系的证书,每个虚拟机都将安全启动。
-
公开(公告)号:US08464043B2
公开(公告)日:2013-06-11
申请号:US12666375
申请日:2008-06-23
申请人: Hideki Matsushima , Yuichi Futa , Hisashi Takayama , Takayuki Ito , Tomoyuki Haga , Taichi Sato
发明人: Hideki Matsushima , Yuichi Futa , Hisashi Takayama , Takayuki Ito , Tomoyuki Haga , Taichi Sato
IPC分类号: H04L29/06
CPC分类号: H04L9/0836 , G06F21/62 , G06F21/6236 , G06F2221/2107 , G06F2221/2113 , G06F2221/2115 , H04L9/088 , H04L9/0897 , H04L9/14 , H04L2209/603 , H04N7/165 , H04N7/1675 , H04N21/2541 , H04N21/26613 , H04N21/4788 , H04N21/835 , H04N21/8355
摘要: Provided is a migration system considering security authentication levels and data protection strength levels of the both security devices between which data is migrated. A first terminal includes a mechanism for protecting data by a private key in the public key method held by TPM, and a second terminal includes a key in the private key method encrypted by the private key in the public key method held by TPM and a mechanism for protecting the data by the key. A Migration Authority holds a security policy table describing a security policy and judges whether data movement from the first terminal to the second terminal is enabled according to the security policy table.
摘要翻译: 提供了考虑安全认证级别和迁移数据的两个安全设备的数据保护强度级别的迁移系统。 第一终端包括用TPM保存的公钥方法中的私钥保护数据的机制,第二终端包括由TPM持有的公钥方法中的由私钥加密的私钥方法中的密钥,以及机制 用于通过密钥保护数据。 迁移管理局持有描述安全策略的安全策略表,并根据安全策略表判断是否启用从第一终端到第二终端的数据移动。
-
24.发明授权Method and device for speeding up key use in key management software with tree structure 有权用于树结构的密钥管理软件中加密密钥使用的方法和装置公开(公告)号:US08223972B2
公开(公告)日:2012-07-17
申请号:US12146255
申请日:2008-06-25
申请人: Takayuki Ito , Hideki Matsushima , Hisashi Takayama , Tomoyuki Haga , Yuichi Futa , Manabu Maeda
发明人: Takayuki Ito , Hideki Matsushima , Hisashi Takayama , Tomoyuki Haga , Yuichi Futa , Manabu Maeda
IPC分类号: H04L9/00
CPC分类号: H04L9/0836 , H04L9/088
摘要: In the key management software having a key database with a tree structure, a high-speed data encryption/decryption process is achieved by changing the tree structure without reducing the security strength when deleting or adding a key from/to the tree structure. The key management software having the key database with the tree structure, when deleting or adding a key from/to the tree structure, refers to the encryption strength comparison table and the process time comparison table to change the tree structure without reducing the security strength. This reduces the number of times an encrypted key is loaded onto the encryption/decryption processing device during the data encryption/decryption process, thus achieving a high-speed data encryption/decryption.
摘要翻译: 在具有树结构的密钥数据库的密钥管理软件中,通过在从树结构中删除或添加密钥时改变树结构而不降低安全强度来实现高速数据加密/解密处理。 具有树结构的密钥数据库的密钥管理软件在从树结构中删除或添加密钥时,参考加密强度比较表和处理时间比较表来改变树结构而不降低安全强度。 这减少了在数据加密/解密处理期间将加密密钥加载到加密/解密处理设备上的次数,从而实现高速数据加密/解密。
-
公开(公告)号:US20110081017A1
公开(公告)日:2011-04-07
申请号:US12993931
申请日:2009-05-25
IPC分类号: H04L9/00
CPC分类号: H04L9/0836 , H04L9/088
摘要: Provided is a key migration device which can securely and reliably control the migration of keys. A migration authority (101) fetches a generation level which is the security level of a first electronic terminal (3011) and an output destination level which is the security level of a third electronic terminal (3013), decides whether the relationship between the generation level and the output destination level satisfies a predetermined condition when a request for fetching a collection of keys is received from the third electronic terminal (3013), outputs the key generated by the first electronic terminal (3011) among the collection of keys to the third electronic terminal (3013) if the predetermined condition is fulfilled, and restricts output to the third electronic terminal (3013) of the key generated by the first electronic terminal (3011) among the collection of keys if the predetermined condition is not fulfilled.
摘要翻译: 提供了一种可以安全可靠地控制密钥迁移的密钥迁移设备。 移动机构(101)取出作为第一电子终端(3011)的安全级别的生成级别和作为第三电子终端(3013)的安全级别的输出目的地级别,决定生成级别 并且当从第三电子终端(3013)接收到提取密钥集合的请求时,输出目的地级别满足预定条件,将由第一电子终端(3011)生成的密钥输出到第三电子邮件集合 如果满足预定条件,并且如果不满足预定条件,则在密钥集合中限制由第一电子终端(3011)生成的密钥的输出到第三电子终端(3013)的终端(3013)。
-
26.发明授权公开(公告)号:US08689212B2
公开(公告)日:2014-04-01
申请号:US12918918
申请日:2009-02-09
CPC分类号: G06F9/45533 , G06F12/1475 , G06F12/1491 , G06F21/00 , G06F21/30 , G06F21/53
摘要: An information processing device verifies the authorization of an application that has issued an access request to access a device. When an application on a universal OS issues a processing request to a secure device driver, a secure VMM and an application identification unit on a management dedicated OS lock a page table of the application and refer to the page table to generate a hash value. The application is determined to be authorized or unauthorized by comparing the generated hash value with a reference hash value.
摘要翻译: 信息处理设备验证已经发出访问设备的访问请求的应用的授权。 当通用操作系统上的应用程序向安全设备驱动程序发出处理请求时,管理专用OS上的安全VMM和应用程序识别单元锁定应用程序的页表,并参考页表生成哈希值。 通过将生成的散列值与引用散列值进行比较,确定应用程序被授权或未授权。
-
公开(公告)号:US20100332820A1
公开(公告)日:2010-12-30
申请号:US12865894
申请日:2009-02-23
申请人: Hideki Matsushima , Hisashi Takayama , Takayuki Ito , Tomoyuki Haga , Yuichi Futa , Taichi Sato
发明人: Hideki Matsushima , Hisashi Takayama , Takayuki Ito , Tomoyuki Haga , Yuichi Futa , Taichi Sato
IPC分类号: H04L9/00
CPC分类号: G06F21/10 , G06F9/45558 , G06F21/57 , G06F2009/45587 , G06F2221/0782 , G06F2221/2137 , G06F2221/2145 , H04L9/14 , H04L9/3234 , H04L9/3247 , H04L9/3263 , H04L2209/127 , H04L2209/603
摘要: The present invention provides a migration apparatus that realizes safe migration of data between devise that use different encryption algorithms and different security authentication levels. The fourth electronic terminal device 2502 sends, to the migration authority 2501, a request for migration of a virtual machine to the fifth electronic terminal device 2503. If the fifth electronic terminal device 2503 is not an illegitimate device, the migration authority 2501 sends a migration request to the fifth electronic terminal device 2503. The fifth electronic terminal device 2503 sends, to the migration authority 2501, a digital signature and so on, together with the request. The migration authority 2501 makes a judgment. If the result is “OK”, the migration authority 2501 sends the result “OK” to the fifth electronic terminal device 2503. The fourth electronic terminal device 2502 encrypts a migration package and sends the encrypted migration package to the migration authority 2501, and sends the virtual machine to the fifth electronic terminal device 2503.
摘要翻译: 本发明提供了一种迁移装置,其实现了使用不同加密算法和不同安全认证级别的设备之间的数据的安全迁移。 第四电子终端装置2502向迁移机构2501发送虚拟机迁移到第五电子终端装置2503的请求。如果第五电子终端装置2503不是非法装置,则迁移机构2501发送迁移 请求到第五电子终端装置2503.第五电子终端装置2503与请求一起发送到移动局2501的数字签名等。 迁移管理机构2501进行判断。 如果结果为“OK”,则迁移机构2501将结果“OK”发送到第五电子终端装置2503.第四电子终端装置2502对迁移包进行加密,并将加密的迁移包发送到迁移机构2501,并发送 虚拟机到第五电子终端设备2503。
-
公开(公告)号:US20100268936A1
公开(公告)日:2010-10-21
申请号:US12666375
申请日:2008-06-23
申请人: Hideki Matsushima , Yuichi Futa , Hisashi Takayama , Takayuki Ito , Tomoyuki Haga , Taichi Sato
发明人: Hideki Matsushima , Yuichi Futa , Hisashi Takayama , Takayuki Ito , Tomoyuki Haga , Taichi Sato
CPC分类号: H04L9/0836 , G06F21/62 , G06F21/6236 , G06F2221/2107 , G06F2221/2113 , G06F2221/2115 , H04L9/088 , H04L9/0897 , H04L9/14 , H04L2209/603 , H04N7/165 , H04N7/1675 , H04N21/2541 , H04N21/26613 , H04N21/4788 , H04N21/835 , H04N21/8355
摘要: Provided is a migration system considering security authentication levels and data protection strength levels of the both security devices between which data is migrated.A first terminal 102 includes a mechanism for protecting data by a private key in the public key method held by TPM, and a second terminal 103 includes a key in the private key method encrypted by the private key in the public key method held by TPM and a mechanism for protecting the data by the key. A Migration Authority 101 holds a security policy table describing a security policy and judges whether data movement from the first terminal 102 to the second terminal 103 is enabled according to the security policy table.
摘要翻译: 提供了考虑安全认证级别和迁移数据的两个安全设备的数据保护强度级别的迁移系统。 第一终端102包括用于通过TPM保持的公共密钥方法中的私钥保护数据的机制,第二终端103包括由私有密钥方式加密的私钥中的密钥,该私有密钥方法由TPM所持有的公开密钥方法和 用于通过密钥保护数据的机制。 迁移管理局101保存描述安全策略的安全策略表,并根据安全策略表判断从第一终端102到第二终端103的数据移动是否被启用。
-
29.发明授权Content reproduction device, content reproduction device control method, content reproduction program, recording medium, and integrated circuit 有权内容再现装置,内容再现装置控制方法,内容再现程序,记录介质和集成电路公开(公告)号:US08448259B2
公开(公告)日:2013-05-21
申请号:US12919967
申请日:2009-03-12
申请人: Tomoyuki Haga , Yoshikatsu Ito , Yuichi Futa , Hideki Matsushima , Takayuki Ito
发明人: Tomoyuki Haga , Yoshikatsu Ito , Yuichi Futa , Hideki Matsushima , Takayuki Ito
IPC分类号: G06F21/00
CPC分类号: G06F21/10
摘要: A content playback device of the present invention includes a playback unit 200 operable to play back a content; a normal storage unit 250 that is not tamper-resistant; a secure storage unit 350 that is tamper-resistant; a first control sub-unit 230 that writes playback records indicating elapsed playback time of the content into the normal storage unit one by one at regular time intervals; and a second control sub-unit 330 that (i) writes monitoring records with respect to the playback records into the secure storage unit 350 one by one at irregular time intervals and (ii) determines that the playback records stored in the normal storage unit 250 have not been tampered with if a prescribed relation is satisfied between a specific time point obtained according to a latest one of the monitoring records and one of the playback records corresponding to the specific time point.
摘要翻译: 本发明的内容回放装置包括可再现内容的重放单元200; 不防篡改的普通存储单元250; 防篡改的安全存储单元350; 第一控制子单元230,其以规则的时间间隔逐个地将指示所述内容的经过的播放时间的播放记录逐个写入正常存储单元; 以及第二控制子单元330,其(i)以不规则的时间间隔逐个地将关于重放记录的监视记录写入安全存储单元350,以及(ii)确定存储在正常存储单元250中的重放记录 如果在根据最新的一个监视记录获得的特定时间点与对应于特定时间点的播放记录之一满足规定的关系,则没有被篡改。
-
30.发明授权Memory control apparatus, content playback apparatus, control method and recording medium 有权存储器控制装置,内容重放装置,控制方法和记录介质公开(公告)号:US08418256B2
公开(公告)日:2013-04-09
申请号:US12484627
申请日:2009-06-15
申请人: Yuichi Futa , Tomoyuki Haga , Takayuki Ito , Hideki Matsushima , Yoshikatsu Ito
发明人: Yuichi Futa , Tomoyuki Haga , Takayuki Ito , Hideki Matsushima , Yoshikatsu Ito
CPC分类号: G06F12/0246 , G06F21/10 , G06F21/64 , G06F2221/2101 , G06F2221/2151
摘要: A data storage apparatus is provided that realizes a measure against deterioration of a flash memory in which integrity check data is stored. A content playback apparatus (1000) uses a hash value of playback history information as integrity check data (confirmation data) for confirming whether the playback history information has been falsified. A first address calculation unit (1004) and a second address calculation unit (1006) determine a read-in address and a storage destination address for the integrity check data, with use of the hash value. Accordingly, the storage destination addresses can be diffused, thus enabling preventing deterioration of the flash memory.
摘要翻译: 提供了一种实现针对存储完整性检查数据的闪存的劣化的措施的数据存储装置。 内容再现装置(1000)使用回放历史信息的哈希值作为确认回放历史信息是否被伪造的完整性检查数据(确认数据)。 第一地址计算单元(1004)和第二地址计算单元(1006)利用散列值确定完整性检查数据的读入地址和存储目的地地址。 因此,存储目的地地址可以被扩散,从而能够防止闪存的劣化。
-
-
-
-
-
-
-
-
-
搜索结果
430 条记录 (耗时 0.037 秒)
