公开(公告)号：US08296561B2

公开(公告)日：2012-10-23

申请号：US12306816

申请日：2007-07-02

申请人： Kouichi Kanemura ,  Yoshikatsu Ito ,  Tomoyuki Haga ,  Hideki Matsushima ,  Takayuki Ito

发明人： Kouichi Kanemura ,  Yoshikatsu Ito ,  Tomoyuki Haga ,  Hideki Matsushima ,  Takayuki Ito

IPC分类号： H04L29/06

CPC分类号： G06F21/10 ,  G06F21/445 ,  G06F21/51 ,  G06F21/57 ,  G06F21/575 ,  G06F2221/2129 ,  H04L9/0822 ,  H04L9/0866 ,  H04L9/3234

摘要： An authentication system verifies an authentic computer program, certifies the authenticity itself, and verifies a certification. The authentication system includes a terminal (e.g., requesting device) and a card (e.g., verifying device). The card stores secret information to be used by the terminal, and an update program for the terminal. The card verifies authenticity of the terminal using information obtained from the terminal. When it judges that the terminal is authentic, the card outputs the secret information to the terminal. When it judges that the terminal is not authentic, the card outputs the update program. The terminal is forced to update the program when it attempts to use the secret information.

摘要翻译： 认证系统验证真实的计算机程序，证明其真实性本身，并验证认证。 认证系统包括终端（例如，请求设备）和卡（例如，验证设备）。 该卡存储终端使用的秘密信息和终端的更新程序。 该卡使用从终端获得的信息来验证终端的真实性。 当该终端判断该终端是可信的时，该卡将该秘密信息输出到该终端。 当判断终端不可信时，卡会输出更新程序。 终端在尝试使用秘密信息时被强制更新程序。

公开(公告)号：US20110289294A1

公开(公告)日：2011-11-24

申请号：US13147208

申请日：2010-10-29

申请人： Manabu Maeda ,  Takayuki Ito ,  Tomoyuki Haga ,  Hideki Matsushima

发明人： Manabu Maeda ,  Takayuki Ito ,  Tomoyuki Haga ,  Hideki Matsushima

IPC分类号： G06F12/14

CPC分类号： G06F21/74 ,  G06F12/1466 ,  G06F12/1491

摘要： An information processing apparatus includes: a CPU (1201) that has, as an operating mode, a privileged mode and an unprivileged mode; a trusted memory (1270) that stores protected data, the protected data being accessed when the CPU (1201) is in the unprivileged mode; and a trusted memory control unit (1203) that controls access to the trusted memory (1270). When the CPU (1201) accesses the trusted memory (1270), the trusted memory control unit (1203) determines the operating mode of the CPU (1201) and, in the case where the operating mode of the CPU (1201) is the unprivileged mode, denies the access to the trusted memory (1270) by the CPU (1201).

摘要翻译： 信息处理设备包括：具有作为操作模式的特权模式和非特权模式的CPU（1201）; 存储受保护数据的可信存储器（1270），当所述CPU（1201）处于非特权模式时被保护的数据被访问; 以及控制对可信存储器（1270）的访问的可信存储器控制单元（1203）。 当CPU（1201）访问可信存储器（1270）时，可信存储器控制单元（1203）确定CPU（1201）的操作模式，并且在CPU（1201）的操作模式是无特权的情况下 模式，拒绝CPU（1201）对可信存储器（1270）的访问。

公开(公告)号：US20100162352A1

公开(公告)日：2010-06-24

申请号：US12377040

申请日：2007-11-07

申请人： Tomoyuki Haga ,  Hideki Matsushima ,  Takayuki Ito ,  Manabu Maeda ,  Taichi Sato

发明人： Tomoyuki Haga ,  Hideki Matsushima ,  Takayuki Ito ,  Manabu Maeda ,  Taichi Sato

IPC分类号： G06F21/22

CPC分类号： G06F21/64 ,  G06F21/51

摘要： A tamper detection device detects tampering with a program loaded to memory, at high speed and without compromising the safety. Prior to loading of a program, a dividing-size determining unit 12 determines a block size based on random number information, a dividing unit 13 divides the program by the block size into data blocks, and a first conversion unit 14 converts, by conducting a logical operation, the data blocks into intermediate authentication data no greater than the block size, and a second conversion unit 15 conducts a second conversion on the intermediate authentication data to generate authentication data. The authentication data and the block size are stored. After the program loading, a program resulting from the loading is divided by the block size, followed by the first and second conversions to generate comparative data. The comparative data is compared with the authentication data to detect tampering of the loaded program.

摘要翻译： 篡改检测装置可以高速地检测加载到存储器的程序的篡改，而不会影响安全性。 在加载程序之前，分割尺寸确定单元12基于随机数信息确定块大小，分割单元13将程序除以块大小分成数据块，第一转换单元14通过执行 逻辑运算，将数据块转换成不大于块大小的中间认证数据，第二转换单元15对中间认证数据进行第二转换以生成认证数据。 存储认证数据和块大小。 在程序加载之后，由加载产生的程序除以块大小，然后进行第一次和第二次转换以生成比较数据。 将比较数据与认证数据进行比较，以检测加载的程序的篡改。

公开(公告)号：US20110126284A1

公开(公告)日：2011-05-26

申请号：US12919967

申请日：2009-03-12

申请人： Tomoyuki Haga ,  Yoshikatsu Ito ,  Yuichi Futa ,  Hideki Matsushima ,  Takayuki Ito

发明人： Tomoyuki Haga ,  Yoshikatsu Ito ,  Yuichi Futa ,  Hideki Matsushima ,  Takayuki Ito

IPC分类号： G06F21/24

CPC分类号： G06F21/10

摘要： A content playback device of the present invention includes a playback unit 200 operable to play back a content; a normal storage unit 250 that is not tamper-resistant; a secure storage unit 350 that is tamper-resistant; a first control sub-unit 230 that writes playback records indicating elapsed playback time of the content into the normal storage unit one by one at regular time intervals; and a second control sub-unit 330 that (i) writes monitoring records with respect to the playback records into the secure storage unit 350 one by one at irregular time intervals and (ii) determines that the playback records stored in the normal storage unit 250 have not been tampered with if a prescribed relation is satisfied between a specific time point obtained according to a latest one of the monitoring records and one of the playback records corresponding to the specific time point.

摘要翻译： 本发明的内容回放装置包括可再现内容的重放单元200; 不防篡改的普通存储单元250; 防篡改的安全存储单元350; 第一控制子单元230，其以规则的时间间隔逐个地将指示所述内容的经过的播放时间的播放记录逐个写入正常存储单元; 以及第二控制子单元330，其（i）以不规则的时间间隔逐个地将关于重放记录的监视记录写入安全存储单元350，以及（ii）确定存储在正常存储单元250中的重放记录 如果在根据最新的一个监视记录获得的特定时间点与对应于特定时间点的播放记录之一满足规定的关系，则没有被篡改。

公开(公告)号：US20100229168A1

公开(公告)日：2010-09-09

申请号：US12377320

申请日：2008-06-04

申请人： Manabu Maeda ,  Tomoyuki Haga ,  Takayuki Ito ,  Hideki Matsushima ,  Yuichi Futa

发明人： Manabu Maeda ,  Tomoyuki Haga ,  Takayuki Ito ,  Hideki Matsushima ,  Yuichi Futa

IPC分类号： G06F9/455 ,  G06F3/00

CPC分类号： G06F1/3203 ,  G06F9/45558 ,  G06F9/4856 ,  G06F9/4893 ,  G06F21/57 ,  Y02D10/24 ,  Y02D10/32

摘要： When notifying virtual machines of a change to shared data, it is impossible to realize power saving for the apparatus if always notifying a virtual machine in the power-saving state.The present invention is equipped with an inter-VM notification management unit 1242, a resuming judgment unit 1244 and a scheduled interruption time acquisition unit 1245, and when it is necessary to notify a virtual machine in the power-saving state, the resuming judgment unit 1244 judges whether to cause the virtual machine to return from the power saving state, based on the time until the interruption acquired by the scheduled interruption time acquisition unit 1245. With this structure, the present invention prevents unnecessary transitions between the states, and realizes the power saving for the apparatus.

摘要翻译： 通知虚拟机对共享数据进行更改时，如果总是通知虚拟机处于省电状态，则不可能实现设备的省电。 本发明装备有VM间通知管理单元1242，恢复判断单元1244和调度中断时间获取单元1245，并且当需要在省电状态下通知虚拟机时，恢复判断单元 1244根据直到调度中断时间获取单元1245获取的中断的时间来判断是否使虚拟机从省电状态返回。利用这种结构，本发明防止了状态之间的不必要的转换，并且实现了 为设备省电。

公开(公告)号：US08555089B2

公开(公告)日：2013-10-08

申请号：US12652256

申请日：2010-01-05

申请人： Takayuki Ito ,  Manabu Maeda ,  Tomoyuki Haga ,  Hideki Matsushima ,  Yuichi Futa ,  Kouji Kobayashi

发明人： Takayuki Ito ,  Manabu Maeda ,  Tomoyuki Haga ,  Hideki Matsushima ,  Yuichi Futa ,  Kouji Kobayashi

IPC分类号： G06F11/00

CPC分类号： G06F21/554 ,  G06F21/62 ,  G06F21/74

摘要： Information processing apparatus (100) ensures confidentiality of encryption and reduces overhead associated with processing not directly related to the encryption. The information processing apparatus (100) includes: application program (A158) that includes an instruction for encryption which uses a key; tampering detection unit (135x) that detects tampering of the program; CPU (141) that operates according to instructions and outputs a direction for encryption upon detecting the instruction for encryption; data encryption/decryption function unit (160) that controls switching to the protective mode according to the direction; and protected data operation unit (155) that stores a key in correspondence with the program, outputs the key in the protective mode, and controls switching to the normal mode, and the data encryption/decryption function unit (160) executes the encryption in the normal mode using the received key.

摘要翻译： 信息处理装置（100）确保加密的机密性，并减少与加密无直接关系的处理相关的开销。 信息处理装置（100）包括：应用程序（A158），其包括使用密钥的用于加密的指令; 篡改检测单元（135x），用于检测程序的篡改; CPU（141），其根据指令进行操作，并且在检测到加密指令时输出加密方向; 数据加密/解密功能单元（160），其根据所述方向控制切换到所述保护模式; 和存储与程序对应的密钥的保护数据操作单元（155），将该密钥输出为保护模式，并控制切换到正常模式，并且数据加密/解密功能单元（160）执行加密 正常模式使用接收的键。

公开(公告)号：US08453206B2

公开(公告)日：2013-05-28

申请号：US12377040

申请日：2007-11-07

申请人： Tomoyuki Haga ,  Hideki Matsushima ,  Takayuki Ito ,  Manabu Maeda ,  Taichi Sato

发明人： Tomoyuki Haga ,  Hideki Matsushima ,  Takayuki Ito ,  Manabu Maeda ,  Taichi Sato

IPC分类号： G06F7/04

CPC分类号： G06F21/64 ,  G06F21/51

摘要： A tamper detection device detects tampering with a program loaded to memory, at high speed and without compromising the safety. Prior to loading of a program, a dividing-size determining unit 12 determines a block size based on random number information, a dividing unit 13 divides the program by the block size into data blocks, and a first conversion unit 14 converts, by conducting a logical operation, the data blocks into intermediate authentication data no greater than the block size, and a second conversion unit 15 conducts a second conversion on the intermediate authentication data to generate authentication data. The authentication data and the block size are stored. After the program loading, a program resulting from the loading is divided by the block size, followed by the first and second conversions to generate comparative data. The comparative data is compared with the authentication data to detect tampering of the loaded program.

摘要翻译： 篡改检测装置可以高速地检测加载到存储器的程序的篡改，而不会影响安全性。 在加载程序之前，分割尺寸确定单元12基于随机数信息确定块大小，分割单元13将程序除以块大小分成数据块，第一转换单元14通过执行 逻辑运算，将数据块转换成不大于块大小的中间认证数据，第二转换单元15对中间认证数据进行第二转换以生成认证数据。 存储认证数据和块大小。 在程序加载之后，由加载产生的程序除以块大小，然后进行第一次和第二次转换以生成比较数据。 将比较数据与认证数据进行比较，以检测加载的程序的篡改。

公开(公告)号：US08127168B2

公开(公告)日：2012-02-28

申请号：US12377320

申请日：2008-06-04

申请人： Manabu Maeda ,  Tomoyuki Haga ,  Takayuki Ito ,  Hideki Matsushima ,  Yuichi Futa

发明人： Manabu Maeda ,  Tomoyuki Haga ,  Takayuki Ito ,  Hideki Matsushima ,  Yuichi Futa

IPC分类号： G06F1/00

CPC分类号： G06F1/3203 ,  G06F9/45558 ,  G06F9/4856 ,  G06F9/4893 ,  G06F21/57 ,  Y02D10/24 ,  Y02D10/32

摘要： A data processing device including an inter-VM notification management unit 1242, a resuming judgment unit 1244 and a scheduled interruption time acquisition unit 1245, such that, when it is necessary to notify a virtual machine in a power-saving state, the resuming judgment unit 1244 judges whether to cause the virtual machine to return from the power saving state, based on a time until an interruption acquired by the scheduled interruption time acquisition unit 1245. This structure prevents unnecessary transitions between states, and realizes the power saving for the apparatus.

摘要翻译： 一种包括VM间通知管理单元1242，恢复判断单元1244和调度中断时间获取单元1245的数据处理设备，使得当需要在省电状态下通知虚拟机时，恢复判断 单元1244基于直到由调度中断时间获取单元1245获取的中断的时间来判断是否使虚拟机从省电状态返回。这种结构防止了状态之间的不必要的转换，并且实现了设备的功率节省 。

公开(公告)号：US20090204806A1

公开(公告)日：2009-08-13

申请号：US12306816

申请日：2007-07-02

申请人： Kouichi Kanemura ,  Yoshikatsu Ito ,  Tomoyuki Haga ,  Hideki Matsushima ,  Takayuki Ito

发明人： Kouichi Kanemura ,  Yoshikatsu Ito ,  Tomoyuki Haga ,  Hideki Matsushima ,  Takayuki Ito

IPC分类号： G06F21/22 ,  G06F11/00

CPC分类号： G06F21/10 ,  G06F21/445 ,  G06F21/51 ,  G06F21/57 ,  G06F21/575 ,  G06F2221/2129 ,  H04L9/0822 ,  H04L9/0866 ,  H04L9/3234

摘要： An authentication system that can show having an authentic computer program, can certify the authenticity of itself, and can verify the certification. The authentication system is composed of a terminal (requesting device) and a card (verifying device). The card stores secret information to be used by the terminal, and an update program for the terminal. The card verifies authenticity of the terminal using information obtained from the terminal. When it judges that the terminal is authentic, the card outputs the secret information to the terminal. When it judges that the terminal is not authentic, the card outputs the update program. With this structure, the terminal is forced to update the program when it attempts to use the secret information.

摘要翻译： 可以显示具有真实的计算机程序的认证系统可以证明其本身的真实性，并且可以验证认证。 认证系统由终端（请求装置）和卡（验证装置）组成。 该卡存储终端使用的秘密信息和终端的更新程序。 该卡使用从终端获得的信息来验证终端的真实性。 当该终端判断该终端是可信的时，该卡将该秘密信息输出到该终端。 当判断终端不可信时，卡会输出更新程序。 利用这种结构，终端在尝试使用秘密信息时被强制更新程序。

公开(公告)号：US20070113079A1

公开(公告)日：2007-05-17

申请号：US10580818

申请日：2004-11-26

申请人： Takayuki Ito ,  Teruto Hirota ,  Kouichi Kanemura ,  Tomoyuki Haga ,  Yoshikatsu Ito

发明人： Takayuki Ito ,  Teruto Hirota ,  Kouichi Kanemura ,  Tomoyuki Haga ,  Yoshikatsu Ito

IPC分类号： H04L9/00

CPC分类号： G06F9/4812 ,  G06F9/468 ,  G06F21/78 ,  G06F2221/2105

摘要： In a data processing apparatus that switches between a secure mode and a normal mode during execution, the secure mode allowing access to secure resources to be protected, the normal mode not allowing access to the secure resources, when the secure resources increase in the secure mode, the load on a protection mechanism for protecting the resources becomes large. Thus, there is a demand for data processing apparatuses that are able to reduce secure resources. The present invention relates to a data processing apparatus that stores therein a secure program including one or more processing procedures which use secure resources and a call instruction for calling a normal program to be executed in a normal mode. While executing the secure program, the data processing apparatus calls the normal program with the call instruction and operates according to the called normal program.

摘要翻译： 在执行期间在安全模式和正常模式之间切换的数据处理装置中，当安全模式下的安全资源增加时，安全模式允许访问保护资源以被保护，正常模式不允许访问安全资源 用于保护资源的保护机制的负担变大。 因此，需要能够减少安全资源的数据处理装置。 数据处理装置本发明涉及一种数据处理装置，其中存储有一个或多个使用安全资源的处理过程的安全程序和用于调用在正常模式下执行的正常程序的呼叫指令。 在执行安全程序时，数据处理装置利用呼叫指令调用正常程序，并根据所调用的正常程序进行操作。