-
1.发明申请INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING SYSTEM, SOFTWARE ROUTINE EXECUTION METHOD, AND REMOTE ATTESTATION METHOD 审中-公开信息处理装置,信息处理系统,软件程序执行方法和远程实施方法公开(公告)号:US20120246470A1
公开(公告)日:2012-09-27
申请号:US13514481
申请日:2011-01-27
IPC分类号: H04L29/06
摘要: Techniques for protecting memory locations within a stakeholder's engine according to the Multi-Stakeholder Model, and a protocol for remote attestation to a device supporting the Multi-Stakeholder Model that provides extra evidence of the identity of the three actors.
摘要翻译: 用于根据多利益相关者模型保护利益相关者引擎内的记忆位置的技术,以及用于远程认证支持多利益相关者模型的设备的协议,其提供对三个角色的身份的额外证据。
-
2.发明授权Information processing device, information processing method, and program distribution system 有权信息处理装置,信息处理方法和程序分发系统公开(公告)号:US08904518B2
公开(公告)日:2014-12-02
申请号:US13382327
申请日:2011-04-19
CPC分类号: G06F21/53 , G06F9/45533 , G06F21/556
摘要: An information processing device includes an external connection unit which connects to an external device; and a communication control unit which obtains data from a first virtual machine, transmits the data to a second virtual machine, and transmits, to the external connection unit, transmission completion information indicating that the data is already transmitted to the second virtual machine. The external connection unit (i) determines, based on the transmission completion information, whether or not a virtual machine is the second virtual machine to which the data is already transmitted, when the external connection unit receives, from the virtual machine, a request for a connection to the external device, and (ii) permits a connection between the virtual machine and the external device, when the external connection unit determines that the virtual machine is not the second virtual machine to which the data is already transmitted.
摘要翻译: 信息处理装置包括连接到外部设备的外部连接单元; 以及通信控制单元,其从第一虚拟机获取数据,将数据发送到第二虚拟机,并向外部连接单元发送指示已经向第二虚拟机发送了数据的发送完成信息。 外部连接单元(i)基于传输完成信息确定虚拟机是否是已经发送数据的第二虚拟机,当外部连接单元从虚拟机接收到请求 当外部连接单元确定虚拟机不是已经发送数据的第二虚拟机时,连接到外部设备,以及(ii)允许虚拟机与外部设备之间的连接。
-
3.发明授权Starts up of modules of a second module group only when modules of a first group have been started up legitimately 有权仅当第一组的模块合法启动时,才启动第二个模块组的模块公开(公告)号:US08510544B2
公开(公告)日:2013-08-13
申请号:US12991516
申请日:2009-05-25
申请人: Hisashi Takayama , Hideki Matsushima , Takayuki Ito , Tomoyuki Haga , Kenneth Alexander Nicolson , Manabu Maeda
发明人: Hisashi Takayama , Hideki Matsushima , Takayuki Ito , Tomoyuki Haga , Kenneth Alexander Nicolson , Manabu Maeda
CPC分类号: H04L9/3263 , G06F21/575 , H04L9/3236 , H04L2209/80
摘要: The present invention provides an information processing apparatus that is capable of continuously performing secure boot between module groups in the case where software of a terminal device consists of module groups provided by a plurality of providers, while keeping independence between the providers. The information processing apparatus is provided with a linkage certificate that contains a first configuration comparison value, which indicates a cumulative hash value of the first module group to be started up by secure boot, and a module measurement value, which indicates a hash value of the first module of the second module group to be started up by secure boot. After the secure boot of the first module group, it is verified that the first module group has been started up by comparison with the first configuration comparison value.
摘要翻译: 本发明提供一种信息处理装置,其能够在终端装置的软件由多个提供者提供的模块组成的情况下连续地执行模块组之间的安全引导,同时保持提供者之间的独立性。 该信息处理装置具有包含第一配置比较值的连接证书,该第一配置比较值指示通过安全引导来启动的第一模块组的累积散列值,以及指示所述第一配置比较值的散列值 第二个模块组的第一个模块通过安全启动启动。 在第一模块组的安全引导之后,通过与第一配置比较值进行比较来验证第一模块组是否被启动。
-
4.发明申请INFORMATION PROCESSING DEVICE, ENCRYPTION KEY MANAGEMENT METHOD, COMPUTER PROGRAM AND INTEGRATED CIRCUIT 审中-公开信息处理设备,加密密钥管理方法,计算机程序和集成电路公开(公告)号:US20110099362A1
公开(公告)日:2011-04-28
申请号:US12995008
申请日:2009-06-04
申请人: Tomoyuki Haga , Kenneth Alexander Nicolson , Hideki Matsushima , Takayuki Ito , Hisashi Takayama , Manabu Maeda
发明人: Tomoyuki Haga , Kenneth Alexander Nicolson , Hideki Matsushima , Takayuki Ito , Hisashi Takayama , Manabu Maeda
IPC分类号: H04L9/08 , G06F15/177
CPC分类号: H04L9/0825 , H04L9/0822 , H04L9/0836 , H04L9/0891 , H04L9/0897
摘要: For the keys in a key tree group composed of root keys for each of multiple stakeholders, a shared key is generated between the multiple stakeholders, and access restrictions with respect to the generated shared key are flexibly set. A shared key control unit and a tamper-resistant module are provided for each of the multiple stakeholders. The shared key is set based on stakeholder dependency relationships. After the shared key is set, access to the shared key is controlled so that access is not possible by malicious stakeholders, so as to maintain the security level.
摘要翻译: 对于由多个利益相关者中的每一个的根密钥组成的密钥树组中的密钥,在多个利益相关者之间生成共享密钥,并且灵活地设置关于生成的共享密钥的访问限制。 为每个利益相关者提供共享密钥控制单元和防篡改模块。 共享密钥是基于利益相关者依赖关系设置的。 设置共享密钥后,控制对共享密钥的访问,以便恶意利益相关者无法访问,以保持安全级别。
-
5.发明授权公开(公告)号:US08938811B2
公开(公告)日:2015-01-20
申请号:US13816501
申请日:2012-05-31
CPC分类号: G06F21/604
摘要: A content display apparatus which processes protected information configured, with an aim to prevent access from any unauthorized program, to include: a process managing unit which manages a plurality of processes operable in the content display apparatus; and an access detecting unit configured to detect access to the protected-information access detecting unit which detects access to the protected information. The process managing unit includes an application execution control unit which temporarily stops the operation of each of at least one process other than a process which accesses the protected information among the plurality of processes when the access to the protected information is detected by the protected-information access detecting unit.
摘要翻译: 一种内容显示装置,其处理被配置为防止从任何未经授权的程序访问的受保护信息,包括:管理在内容显示装置中可操作的多个处理的处理管理单元; 以及访问检测单元,被配置为检测对被保护信息访问检测单元的访问,其检测对所述受保护信息的访问。 处理管理单元包括应用程序执行控制单元,当对受保护信息的访问被保护信息检测到时,临时停止在多个处理中访问受保护信息的处理之外的至少一个处理中的每一个的操作 访问检测单元。
-
6.发明申请INFORMATION PROCESSING DEVICE, VIRTUAL MACHINE CREATION METHOD, AND APPLICATION DISTRIBUTION SYSTEM 有权信息处理设备,虚拟机创建方法和应用分配系统公开(公告)号:US20120260250A1
公开(公告)日:2012-10-11
申请号:US13515384
申请日:2011-03-08
CPC分类号: G06F9/45533 , G06F9/4843 , G06F21/53 , G06F2009/45562 , G06F2009/45587
摘要: A device (110) according to an implementation of the present invention, having a plurality of virtual machines (1002, 1003, 1004, and 1005), includes a virtualization software (1001) which manages the virtual machines. The virtualization software includes an application VM creating unit (1300) which creates a virtual machine for executing a program. A first virtual machine (1002) determines whether a first program is to be executed on the first virtual machine or to be executed on a virtual machine other than the first virtual machine. When the first virtual machine determines that the first program is to be executed on the other virtual machine, the application VM creating unit creates a second virtual machine for executing the first program.
摘要翻译: 根据本发明的实现的具有多个虚拟机(1002,1003,1004和1005)的设备(110)包括管理虚拟机的虚拟化软件(1001)。 虚拟化软件包括创建用于执行程序的虚拟机的应用程序VM创建单元(1300)。 第一虚拟机(1002)确定要在第一虚拟机上执行第一程序还是在除第一虚拟机之外的虚拟机上执行第一程序。 当第一虚拟机确定要在另一虚拟机上执行第一程序时,应用程序VM创建单元创建用于执行第一程序的第二虚拟机。
-
公开(公告)号:US20120102313A1
公开(公告)日:2012-04-26
申请号:US13375047
申请日:2010-07-01
申请人: Kenneth Alexander Nicolson , Hideki Matsushima , Hisashi Takayama , Takayuki Ito , Tomoyuki Haga , Manabu Maeda
发明人: Kenneth Alexander Nicolson , Hideki Matsushima , Hisashi Takayama , Takayuki Ito , Tomoyuki Haga , Manabu Maeda
IPC分类号: G06F21/00
CPC分类号: G06F21/575 , H04L9/3236 , H04L63/123 , H04W12/10
摘要: A method to allow a device to boot in a secure fashion, even though some of the components within the secure device's firmware may be not present, not authorised, or not correctly operating.
摘要翻译: 即使安全设备的固件中的某些组件可能不存在,未被授权或不正确地操作,允许设备以安全方式引导的方法。
-
公开(公告)号:US20090320110A1
公开(公告)日:2009-12-24
申请号:US12484537
申请日:2009-06-15
申请人: Kenneth Alexander Nicolson , Hideki Matsushima , Hisashi Takayama , Takayuki Ito , Tomoyuki Haga , Manabu Maeda
发明人: Kenneth Alexander Nicolson , Hideki Matsushima , Hisashi Takayama , Takayuki Ito , Tomoyuki Haga , Manabu Maeda
CPC分类号: G06F21/57 , H04L9/3268 , H04L2209/80
摘要: A method is executed which is for managing the optional trusted components that are active within a device, such that the device itself controls the availability of trusted components. The device includes: a storing unit which stores a plurality of pieces of software and a plurality of certificates; a receiving unit which receives the certificates; and a selecting unit which selects one of the certificates. The device further includes an executing unit which verifies an enabled one of the plurality of pieces of software using the selected and updated one of the certificates.
摘要翻译: 执行用于管理在设备内活动的可选可信组件的方法,使得设备本身控制可信组件的可用性。 该装置包括:存储单元,存储多个软件和多个证书; 接收证书的接收单元; 以及选择单元,其选择证书之一。 该设备还包括执行单元,其使用所选择和更新的一个证书来验证多个软件中启用的一个软件。
-
9.发明授权Secure boot method for executing a software component including updating a current integrity measurement based on whether the software component is enabled 有权用于执行软件组件的安全引导方法,包括基于软件组件是否被启用来更新当前的完整性度量公开(公告)号:US08892862B2
公开(公告)日:2014-11-18
申请号:US13375047
申请日:2010-07-01
申请人: Kenneth Alexander Nicolson , Hideki Matsushima , Hisashi Takayama , Takayuki Ito , Tomoyuki Haga , Manabu Maeda
发明人: Kenneth Alexander Nicolson , Hideki Matsushima , Hisashi Takayama , Takayuki Ito , Tomoyuki Haga , Manabu Maeda
CPC分类号: G06F21/575 , H04L9/3236 , H04L63/123 , H04W12/10
摘要: A method for executing a predetermined software component which is verifiable against integrity measurements, the method including (i) providing a first mapping from logical identifiers to software component enabled status flags, (ii) providing a second mapping from the logical identifiers and previous software component statuses information to actual integrity measurement certificates containing verification data, (iii) looking up the first mapping for a given logical identifier identifying the predetermined software component to get a status flag indicating whether the predetermined software component is enabled, (iv) if the status flag indicates that the predetermined software component is not enabled, updating a current integrity measurement stored within a disabled integrity measurement certificate, and (v) if the status flag indicates that the predetermined software component is enabled and verification of the predetermined software component is successful, updating a current integrity measurement stored within an integrity measurement certificate.
摘要翻译: 一种用于执行可针对完整性测量验证的预定软件组件的方法,所述方法包括(i)提供从逻辑标识符到启用软件组件的状态标志的第一映射,(ii)从逻辑标识符和先前软件组件提供第二映射 (iii)查找用于识别预定软件组件的给定逻辑标识符的第一映射,以获得指示预定软件组件是否被使能的状态标志,(iv)如果状态标志 指示预定软件组件未被启用,更新存储在禁用完整性测量证书内的当前完整性度量,以及(v)如果状态标志指示预定软件组件被启用并且预定软件组件的验证成功,则更新 当前int 质量测量存储在完整性测量证书中。
-
10.发明授权Information processing device, virtual machine creation method, and application distribution system 有权信息处理设备,虚拟机创建方法和应用分发系统公开(公告)号:US09081596B2
公开(公告)日:2015-07-14
申请号:US13515384
申请日:2011-03-08
CPC分类号: G06F9/45533 , G06F9/4843 , G06F21/53 , G06F2009/45562 , G06F2009/45587
摘要: A device (110) according to an implementation of the present invention, having a plurality of virtual machines (1002, 1003, 1004, and 1005), includes a virtualization software (1001) which manages the virtual machines. The virtualization software includes an application VM creating unit (1300) which creates a virtual machine for executing a program. A first virtual machine (1002) determines whether a first program is to be executed on the first virtual machine or to be executed on a virtual machine other than the first virtual machine. When the first virtual machine determines that the first program is to be executed on the other virtual machine, the application VM creating unit creates a second virtual machine for executing the first program.
摘要翻译: 根据本发明的实现的具有多个虚拟机(1002,1003,1004和1005)的设备(110)包括管理虚拟机的虚拟化软件(1001)。 虚拟化软件包括创建用于执行程序的虚拟机的应用程序VM创建单元(1300)。 第一虚拟机(1002)确定要在第一虚拟机上执行第一程序还是在除第一虚拟机之外的虚拟机上执行第一程序。 当第一虚拟机确定要在另一虚拟机上执行第一程序时,应用程序VM创建单元创建用于执行第一程序的第二虚拟机。
-
-
-
-
-
-
-
-
-
搜索结果
91 条记录 (耗时 0.035 秒)