-
公开(公告)号:US20130212575A1
公开(公告)日:2013-08-15
申请号:US12918918
申请日:2009-02-09
IPC分类号: G06F9/455
CPC分类号: G06F9/45533 , G06F12/1475 , G06F12/1491 , G06F21/00 , G06F21/30 , G06F21/53
摘要: It is an object of the present invention to provide an information processing device that verifies the authorization of an application that has issued an access request to access a device. For the present invention to fulfill the above object, when an application 102 on a universal OS issues a processing request to a secure device driver 105, a secure VMM 100 and an application identification unit 106 on a management dedicated OS 104 lock a page table of the application 102 and refer to the page table to generate a hash value. The application is determined to be authorized or unauthorized by comparing the generated hash value with a reference hash value.
摘要翻译: 本发明的目的是提供一种信息处理设备,其验证已经发出访问设备的访问请求的应用的授权。 为了实现上述目的,为了实现上述目的,当通用OS上的应用102向安全设备驱动器105发出处理请求时,管理专用OS 104上的安全VMM100和应用识别单元106锁定 应用程序102并参考页表来生成哈希值。 通过将生成的散列值与引用散列值进行比较,确定应用程序被授权或未授权。
-
2.发明授权公开(公告)号:US08689212B2
公开(公告)日:2014-04-01
申请号:US12918918
申请日:2009-02-09
CPC分类号: G06F9/45533 , G06F12/1475 , G06F12/1491 , G06F21/00 , G06F21/30 , G06F21/53
摘要: An information processing device verifies the authorization of an application that has issued an access request to access a device. When an application on a universal OS issues a processing request to a secure device driver, a secure VMM and an application identification unit on a management dedicated OS lock a page table of the application and refer to the page table to generate a hash value. The application is determined to be authorized or unauthorized by comparing the generated hash value with a reference hash value.
摘要翻译: 信息处理设备验证已经发出访问设备的访问请求的应用的授权。 当通用操作系统上的应用程序向安全设备驱动程序发出处理请求时,管理专用OS上的安全VMM和应用程序识别单元锁定应用程序的页表,并参考页表生成哈希值。 通过将生成的散列值与引用散列值进行比较,确定应用程序被授权或未授权。
-
3.发明授权Starts up of modules of a second module group only when modules of a first group have been started up legitimately 有权仅当第一组的模块合法启动时,才启动第二个模块组的模块公开(公告)号:US08510544B2
公开(公告)日:2013-08-13
申请号:US12991516
申请日:2009-05-25
申请人: Hisashi Takayama , Hideki Matsushima , Takayuki Ito , Tomoyuki Haga , Kenneth Alexander Nicolson , Manabu Maeda
发明人: Hisashi Takayama , Hideki Matsushima , Takayuki Ito , Tomoyuki Haga , Kenneth Alexander Nicolson , Manabu Maeda
CPC分类号: H04L9/3263 , G06F21/575 , H04L9/3236 , H04L2209/80
摘要: The present invention provides an information processing apparatus that is capable of continuously performing secure boot between module groups in the case where software of a terminal device consists of module groups provided by a plurality of providers, while keeping independence between the providers. The information processing apparatus is provided with a linkage certificate that contains a first configuration comparison value, which indicates a cumulative hash value of the first module group to be started up by secure boot, and a module measurement value, which indicates a hash value of the first module of the second module group to be started up by secure boot. After the secure boot of the first module group, it is verified that the first module group has been started up by comparison with the first configuration comparison value.
摘要翻译: 本发明提供一种信息处理装置,其能够在终端装置的软件由多个提供者提供的模块组成的情况下连续地执行模块组之间的安全引导,同时保持提供者之间的独立性。 该信息处理装置具有包含第一配置比较值的连接证书,该第一配置比较值指示通过安全引导来启动的第一模块组的累积散列值,以及指示所述第一配置比较值的散列值 第二个模块组的第一个模块通过安全启动启动。 在第一模块组的安全引导之后,通过与第一配置比较值进行比较来验证第一模块组是否被启动。
-
4.发明申请INFORMATION PROCESSING DEVICE, ENCRYPTION KEY MANAGEMENT METHOD, COMPUTER PROGRAM AND INTEGRATED CIRCUIT 审中-公开信息处理设备,加密密钥管理方法,计算机程序和集成电路公开(公告)号:US20110099362A1
公开(公告)日:2011-04-28
申请号:US12995008
申请日:2009-06-04
申请人: Tomoyuki Haga , Kenneth Alexander Nicolson , Hideki Matsushima , Takayuki Ito , Hisashi Takayama , Manabu Maeda
发明人: Tomoyuki Haga , Kenneth Alexander Nicolson , Hideki Matsushima , Takayuki Ito , Hisashi Takayama , Manabu Maeda
IPC分类号: H04L9/08 , G06F15/177
CPC分类号: H04L9/0825 , H04L9/0822 , H04L9/0836 , H04L9/0891 , H04L9/0897
摘要: For the keys in a key tree group composed of root keys for each of multiple stakeholders, a shared key is generated between the multiple stakeholders, and access restrictions with respect to the generated shared key are flexibly set. A shared key control unit and a tamper-resistant module are provided for each of the multiple stakeholders. The shared key is set based on stakeholder dependency relationships. After the shared key is set, access to the shared key is controlled so that access is not possible by malicious stakeholders, so as to maintain the security level.
摘要翻译: 对于由多个利益相关者中的每一个的根密钥组成的密钥树组中的密钥,在多个利益相关者之间生成共享密钥,并且灵活地设置关于生成的共享密钥的访问限制。 为每个利益相关者提供共享密钥控制单元和防篡改模块。 共享密钥是基于利益相关者依赖关系设置的。 设置共享密钥后,控制对共享密钥的访问,以便恶意利益相关者无法访问,以保持安全级别。
-
5.发明申请DATA PROCESSING DEVICE, DATA PROCESSING METHOD, DATA PROCESSING PROGRAM, RECORDING MEDIUM, AND INTEGRATED CIRCUIT 有权数据处理设备,数据处理方法,数据处理程序,记录介质和集成电路公开(公告)号:US20100229168A1
公开(公告)日:2010-09-09
申请号:US12377320
申请日:2008-06-04
申请人: Manabu Maeda , Tomoyuki Haga , Takayuki Ito , Hideki Matsushima , Yuichi Futa
发明人: Manabu Maeda , Tomoyuki Haga , Takayuki Ito , Hideki Matsushima , Yuichi Futa
CPC分类号: G06F1/3203 , G06F9/45558 , G06F9/4856 , G06F9/4893 , G06F21/57 , Y02D10/24 , Y02D10/32
摘要: When notifying virtual machines of a change to shared data, it is impossible to realize power saving for the apparatus if always notifying a virtual machine in the power-saving state.The present invention is equipped with an inter-VM notification management unit 1242, a resuming judgment unit 1244 and a scheduled interruption time acquisition unit 1245, and when it is necessary to notify a virtual machine in the power-saving state, the resuming judgment unit 1244 judges whether to cause the virtual machine to return from the power saving state, based on the time until the interruption acquired by the scheduled interruption time acquisition unit 1245. With this structure, the present invention prevents unnecessary transitions between the states, and realizes the power saving for the apparatus.
摘要翻译: 通知虚拟机对共享数据进行更改时,如果总是通知虚拟机处于省电状态,则不可能实现设备的省电。 本发明装备有VM间通知管理单元1242,恢复判断单元1244和调度中断时间获取单元1245,并且当需要在省电状态下通知虚拟机时,恢复判断单元 1244根据直到调度中断时间获取单元1245获取的中断的时间来判断是否使虚拟机从省电状态返回。利用这种结构,本发明防止了状态之间的不必要的转换,并且实现了 为设备省电。
-
6.发明授权Method and device for speeding up key use in key management software with tree structure 有权用于树结构的密钥管理软件中加密密钥使用的方法和装置公开(公告)号:US08223972B2
公开(公告)日:2012-07-17
申请号:US12146255
申请日:2008-06-25
申请人: Takayuki Ito , Hideki Matsushima , Hisashi Takayama , Tomoyuki Haga , Yuichi Futa , Manabu Maeda
发明人: Takayuki Ito , Hideki Matsushima , Hisashi Takayama , Tomoyuki Haga , Yuichi Futa , Manabu Maeda
IPC分类号: H04L9/00
CPC分类号: H04L9/0836 , H04L9/088
摘要: In the key management software having a key database with a tree structure, a high-speed data encryption/decryption process is achieved by changing the tree structure without reducing the security strength when deleting or adding a key from/to the tree structure. The key management software having the key database with the tree structure, when deleting or adding a key from/to the tree structure, refers to the encryption strength comparison table and the process time comparison table to change the tree structure without reducing the security strength. This reduces the number of times an encrypted key is loaded onto the encryption/decryption processing device during the data encryption/decryption process, thus achieving a high-speed data encryption/decryption.
摘要翻译: 在具有树结构的密钥数据库的密钥管理软件中,通过在从树结构中删除或添加密钥时改变树结构而不降低安全强度来实现高速数据加密/解密处理。 具有树结构的密钥数据库的密钥管理软件在从树结构中删除或添加密钥时,参考加密强度比较表和处理时间比较表来改变树结构而不降低安全强度。 这减少了在数据加密/解密处理期间将加密密钥加载到加密/解密处理设备上的次数,从而实现高速数据加密/解密。
-
公开(公告)号:US20120102313A1
公开(公告)日:2012-04-26
申请号:US13375047
申请日:2010-07-01
申请人: Kenneth Alexander Nicolson , Hideki Matsushima , Hisashi Takayama , Takayuki Ito , Tomoyuki Haga , Manabu Maeda
发明人: Kenneth Alexander Nicolson , Hideki Matsushima , Hisashi Takayama , Takayuki Ito , Tomoyuki Haga , Manabu Maeda
IPC分类号: G06F21/00
CPC分类号: G06F21/575 , H04L9/3236 , H04L63/123 , H04W12/10
摘要: A method to allow a device to boot in a secure fashion, even though some of the components within the secure device's firmware may be not present, not authorised, or not correctly operating.
摘要翻译: 即使安全设备的固件中的某些组件可能不存在,未被授权或不正确地操作,允许设备以安全方式引导的方法。
-
公开(公告)号:US20110289294A1
公开(公告)日:2011-11-24
申请号:US13147208
申请日:2010-10-29
申请人: Manabu Maeda , Takayuki Ito , Tomoyuki Haga , Hideki Matsushima
发明人: Manabu Maeda , Takayuki Ito , Tomoyuki Haga , Hideki Matsushima
IPC分类号: G06F12/14
CPC分类号: G06F21/74 , G06F12/1466 , G06F12/1491
摘要: An information processing apparatus includes: a CPU (1201) that has, as an operating mode, a privileged mode and an unprivileged mode; a trusted memory (1270) that stores protected data, the protected data being accessed when the CPU (1201) is in the unprivileged mode; and a trusted memory control unit (1203) that controls access to the trusted memory (1270). When the CPU (1201) accesses the trusted memory (1270), the trusted memory control unit (1203) determines the operating mode of the CPU (1201) and, in the case where the operating mode of the CPU (1201) is the unprivileged mode, denies the access to the trusted memory (1270) by the CPU (1201).
摘要翻译: 信息处理设备包括:具有作为操作模式的特权模式和非特权模式的CPU(1201); 存储受保护数据的可信存储器(1270),当所述CPU(1201)处于非特权模式时被保护的数据被访问; 以及控制对可信存储器(1270)的访问的可信存储器控制单元(1203)。 当CPU(1201)访问可信存储器(1270)时,可信存储器控制单元(1203)确定CPU(1201)的操作模式,并且在CPU(1201)的操作模式是无特权的情况下 模式,拒绝CPU(1201)对可信存储器(1270)的访问。
-
9.发明申请公开(公告)号:US20100162352A1
公开(公告)日:2010-06-24
申请号:US12377040
申请日:2007-11-07
申请人: Tomoyuki Haga , Hideki Matsushima , Takayuki Ito , Manabu Maeda , Taichi Sato
发明人: Tomoyuki Haga , Hideki Matsushima , Takayuki Ito , Manabu Maeda , Taichi Sato
IPC分类号: G06F21/22
摘要: A tamper detection device detects tampering with a program loaded to memory, at high speed and without compromising the safety. Prior to loading of a program, a dividing-size determining unit 12 determines a block size based on random number information, a dividing unit 13 divides the program by the block size into data blocks, and a first conversion unit 14 converts, by conducting a logical operation, the data blocks into intermediate authentication data no greater than the block size, and a second conversion unit 15 conducts a second conversion on the intermediate authentication data to generate authentication data. The authentication data and the block size are stored. After the program loading, a program resulting from the loading is divided by the block size, followed by the first and second conversions to generate comparative data. The comparative data is compared with the authentication data to detect tampering of the loaded program.
摘要翻译: 篡改检测装置可以高速地检测加载到存储器的程序的篡改,而不会影响安全性。 在加载程序之前,分割尺寸确定单元12基于随机数信息确定块大小,分割单元13将程序除以块大小分成数据块,第一转换单元14通过执行 逻辑运算,将数据块转换成不大于块大小的中间认证数据,第二转换单元15对中间认证数据进行第二转换以生成认证数据。 存储认证数据和块大小。 在程序加载之后,由加载产生的程序除以块大小,然后进行第一次和第二次转换以生成比较数据。 将比较数据与认证数据进行比较,以检测加载的程序的篡改。
-
公开(公告)号:US20090320110A1
公开(公告)日:2009-12-24
申请号:US12484537
申请日:2009-06-15
申请人: Kenneth Alexander Nicolson , Hideki Matsushima , Hisashi Takayama , Takayuki Ito , Tomoyuki Haga , Manabu Maeda
发明人: Kenneth Alexander Nicolson , Hideki Matsushima , Hisashi Takayama , Takayuki Ito , Tomoyuki Haga , Manabu Maeda
CPC分类号: G06F21/57 , H04L9/3268 , H04L2209/80
摘要: A method is executed which is for managing the optional trusted components that are active within a device, such that the device itself controls the availability of trusted components. The device includes: a storing unit which stores a plurality of pieces of software and a plurality of certificates; a receiving unit which receives the certificates; and a selecting unit which selects one of the certificates. The device further includes an executing unit which verifies an enabled one of the plurality of pieces of software using the selected and updated one of the certificates.
摘要翻译: 执行用于管理在设备内活动的可选可信组件的方法,使得设备本身控制可信组件的可用性。 该装置包括:存储单元,存储多个软件和多个证书; 接收证书的接收单元; 以及选择单元,其选择证书之一。 该设备还包括执行单元,其使用所选择和更新的一个证书来验证多个软件中启用的一个软件。
-
-
-
-
-
-
-
-
-
搜索结果
91 条记录 (耗时 0.035 秒)