公开(公告)号：US08223972B2

公开(公告)日：2012-07-17

申请号：US12146255

申请日：2008-06-25

申请人： Takayuki Ito ,  Hideki Matsushima ,  Hisashi Takayama ,  Tomoyuki Haga ,  Yuichi Futa ,  Manabu Maeda

发明人： Takayuki Ito ,  Hideki Matsushima ,  Hisashi Takayama ,  Tomoyuki Haga ,  Yuichi Futa ,  Manabu Maeda

IPC分类号： H04L9/00

CPC分类号： H04L9/0836 ,  H04L9/088

摘要： In the key management software having a key database with a tree structure, a high-speed data encryption/decryption process is achieved by changing the tree structure without reducing the security strength when deleting or adding a key from/to the tree structure. The key management software having the key database with the tree structure, when deleting or adding a key from/to the tree structure, refers to the encryption strength comparison table and the process time comparison table to change the tree structure without reducing the security strength. This reduces the number of times an encrypted key is loaded onto the encryption/decryption processing device during the data encryption/decryption process, thus achieving a high-speed data encryption/decryption.

摘要翻译： 在具有树结构的密钥数据库的密钥管理软件中，通过在从树结构中删除或添加密钥时改变树结构而不降低安全强度来实现高速数据加密/解密处理。 具有树结构的密钥数据库的密钥管理软件在从树结构中删除或添加密钥时，参考加密强度比较表和处理时间比较表来改变树结构而不降低安全强度。 这减少了在数据加密/解密处理期间将加密密钥加载到加密/解密处理设备上的次数，从而实现高速数据加密/解密。

公开(公告)号：US08489873B2

公开(公告)日：2013-07-16

申请号：US12865894

申请日：2009-02-23

申请人： Hideki Matsushima ,  Hisashi Takayama ,  Takayuki Ito ,  Tomoyuki Haga ,  Yuichi Futa ,  Taichi Sato

发明人： Hideki Matsushima ,  Hisashi Takayama ,  Takayuki Ito ,  Tomoyuki Haga ,  Yuichi Futa ,  Taichi Sato

IPC分类号： H04L29/06

CPC分类号： G06F21/10 ,  G06F9/45558 ,  G06F21/57 ,  G06F2009/45587 ,  G06F2221/0782 ,  G06F2221/2137 ,  G06F2221/2145 ,  H04L9/14 ,  H04L9/3234 ,  H04L9/3247 ,  H04L9/3263 ,  H04L2209/127 ,  H04L2209/603

摘要： The present invention provides a migration apparatus that realizes safe migration of secret data between a first terminal device and a second terminal device. Before transmitting the secret data to the second terminal device, the migration apparatus (i) receives, from the first terminal device, a minimum evaluation level required of a destination of the secret data by the first terminal device, (ii) receives, from the second terminal device, an evaluation level of the second terminal device, (iii) judges whether the evaluation level of the second terminal device is lower than the minimum evaluation level, and (iv) sends the secret data to the second terminal device only if the evaluation level of the second terminal device is no lower than the minimum evaluation level.

摘要翻译： 本发明提供一种迁移装置，其实现了第一终端装置与第二终端装置之间的秘密数据的安全迁移。 在将秘密数据发送到第二终端装置之前，迁移装置（i）从第一终端装置接收第一终端装置对秘密数据的目的地所需的最小评价等级，（ii）从 第二终端设备，第二终端设备的评估级别，（iii）判断第二终端设备的评估级别是否低于最小评估级别，以及（iv）仅在第二终端设备 第二终端装置的评价等级不低于最低评价等级。

公开(公告)号：US08464043B2

公开(公告)日：2013-06-11

申请号：US12666375

申请日：2008-06-23

申请人： Hideki Matsushima ,  Yuichi Futa ,  Hisashi Takayama ,  Takayuki Ito ,  Tomoyuki Haga ,  Taichi Sato

发明人： Hideki Matsushima ,  Yuichi Futa ,  Hisashi Takayama ,  Takayuki Ito ,  Tomoyuki Haga ,  Taichi Sato

IPC分类号： H04L29/06

CPC分类号： H04L9/0836 ,  G06F21/62 ,  G06F21/6236 ,  G06F2221/2107 ,  G06F2221/2113 ,  G06F2221/2115 ,  H04L9/088 ,  H04L9/0897 ,  H04L9/14 ,  H04L2209/603 ,  H04N7/165 ,  H04N7/1675 ,  H04N21/2541 ,  H04N21/26613 ,  H04N21/4788 ,  H04N21/835 ,  H04N21/8355

摘要： Provided is a migration system considering security authentication levels and data protection strength levels of the both security devices between which data is migrated. A first terminal includes a mechanism for protecting data by a private key in the public key method held by TPM, and a second terminal includes a key in the private key method encrypted by the private key in the public key method held by TPM and a mechanism for protecting the data by the key. A Migration Authority holds a security policy table describing a security policy and judges whether data movement from the first terminal to the second terminal is enabled according to the security policy table.

摘要翻译： 提供了考虑安全认证级别和迁移数据的两个安全设备的数据保护强度级别的迁移系统。 第一终端包括用TPM保存的公钥方法中的私钥保护数据的机制，第二终端包括由TPM持有的公钥方法中的由私钥加密的私钥方法中的密钥，以及机制 用于通过密钥保护数据。 迁移管理局持有描述安全策略的安全策略表，并根据安全策略表判断是否启用从第一终端到第二终端的数据移动。

公开(公告)号：US20110081017A1

公开(公告)日：2011-04-07

申请号：US12993931

申请日：2009-05-25

申请人： Hideki Matsushima ,  Hisashi Takayama ,  Yuichi Futa ,  Takayuki Ito ,  Tomoyuki Haga

发明人： Hideki Matsushima ,  Hisashi Takayama ,  Yuichi Futa ,  Takayuki Ito ,  Tomoyuki Haga

IPC分类号： H04L9/00

CPC分类号： H04L9/0836 ,  H04L9/088

摘要： Provided is a key migration device which can securely and reliably control the migration of keys. A migration authority (101) fetches a generation level which is the security level of a first electronic terminal (3011) and an output destination level which is the security level of a third electronic terminal (3013), decides whether the relationship between the generation level and the output destination level satisfies a predetermined condition when a request for fetching a collection of keys is received from the third electronic terminal (3013), outputs the key generated by the first electronic terminal (3011) among the collection of keys to the third electronic terminal (3013) if the predetermined condition is fulfilled, and restricts output to the third electronic terminal (3013) of the key generated by the first electronic terminal (3011) among the collection of keys if the predetermined condition is not fulfilled.

摘要翻译： 提供了一种可以安全可靠地控制密钥迁移的密钥迁移设备。 移动机构（101）取出作为第一电子终端（3011）的安全级别的生成级别和作为第三电子终端（3013）的安全级别的输出目的地级别，决定生成级别 并且当从第三电子终端（3013）接收到提取密钥集合的请求时，输出目的地级别满足预定条件，将由第一电子终端（3011）生成的密钥输出到第三电子邮件集合 如果满足预定条件，并且如果不满足预定条件，则在密钥集合中限制由第一电子终端（3011）生成的密钥的输出到第三电子终端（3013）的终端（3013）。

公开(公告)号：US20100332820A1

公开(公告)日：2010-12-30

申请号：US12865894

申请日：2009-02-23

申请人： Hideki Matsushima ,  Hisashi Takayama ,  Takayuki Ito ,  Tomoyuki Haga ,  Yuichi Futa ,  Taichi Sato

发明人： Hideki Matsushima ,  Hisashi Takayama ,  Takayuki Ito ,  Tomoyuki Haga ,  Yuichi Futa ,  Taichi Sato

IPC分类号： H04L9/00

CPC分类号： G06F21/10 ,  G06F9/45558 ,  G06F21/57 ,  G06F2009/45587 ,  G06F2221/0782 ,  G06F2221/2137 ,  G06F2221/2145 ,  H04L9/14 ,  H04L9/3234 ,  H04L9/3247 ,  H04L9/3263 ,  H04L2209/127 ,  H04L2209/603

摘要： The present invention provides a migration apparatus that realizes safe migration of data between devise that use different encryption algorithms and different security authentication levels. The fourth electronic terminal device 2502 sends, to the migration authority 2501, a request for migration of a virtual machine to the fifth electronic terminal device 2503. If the fifth electronic terminal device 2503 is not an illegitimate device, the migration authority 2501 sends a migration request to the fifth electronic terminal device 2503. The fifth electronic terminal device 2503 sends, to the migration authority 2501, a digital signature and so on, together with the request. The migration authority 2501 makes a judgment. If the result is “OK”, the migration authority 2501 sends the result “OK” to the fifth electronic terminal device 2503. The fourth electronic terminal device 2502 encrypts a migration package and sends the encrypted migration package to the migration authority 2501, and sends the virtual machine to the fifth electronic terminal device 2503.

摘要翻译： 本发明提供了一种迁移装置，其实现了使用不同加密算法和不同安全认证级别的设备之间的数据的安全迁移。 第四电子终端装置2502向迁移机构2501发送虚拟机迁移到第五电子终端装置2503的请求。如果第五电子终端装置2503不是非法装置，则迁移机构2501发送迁移 请求到第五电子终端装置2503.第五电子终端装置2503与请求一起发送到移动局2501的数字签名等。 迁移管理机构2501进行判断。 如果结果为“OK”，则迁移机构2501将结果“OK”发送到第五电子终端装置2503.第四电子终端装置2502对迁移包进行加密，并将加密的迁移包发送到迁移机构2501，并发送 虚拟机到第五电子终端设备2503。

公开(公告)号：US20100268936A1

公开(公告)日：2010-10-21

申请号：US12666375

申请日：2008-06-23

申请人： Hideki Matsushima ,  Yuichi Futa ,  Hisashi Takayama ,  Takayuki Ito ,  Tomoyuki Haga ,  Taichi Sato

发明人： Hideki Matsushima ,  Yuichi Futa ,  Hisashi Takayama ,  Takayuki Ito ,  Tomoyuki Haga ,  Taichi Sato

IPC分类号： G06F21/24 ,  H04L9/08 ,  H04L9/14

CPC分类号： H04L9/0836 ,  G06F21/62 ,  G06F21/6236 ,  G06F2221/2107 ,  G06F2221/2113 ,  G06F2221/2115 ,  H04L9/088 ,  H04L9/0897 ,  H04L9/14 ,  H04L2209/603 ,  H04N7/165 ,  H04N7/1675 ,  H04N21/2541 ,  H04N21/26613 ,  H04N21/4788 ,  H04N21/835 ,  H04N21/8355

摘要： Provided is a migration system considering security authentication levels and data protection strength levels of the both security devices between which data is migrated.A first terminal 102 includes a mechanism for protecting data by a private key in the public key method held by TPM, and a second terminal 103 includes a key in the private key method encrypted by the private key in the public key method held by TPM and a mechanism for protecting the data by the key. A Migration Authority 101 holds a security policy table describing a security policy and judges whether data movement from the first terminal 102 to the second terminal 103 is enabled according to the security policy table.

摘要翻译： 提供了考虑安全认证级别和迁移数据的两个安全设备的数据保护强度级别的迁移系统。 第一终端102包括用于通过TPM保持的公共密钥方法中的私钥保护数据的机制，第二终端103包括由私有密钥方式加密的私钥中的密钥，该私有密钥方法由TPM所持有的公开密钥方法和 用于通过密钥保护数据的机制。 迁移管理局101保存描述安全策略的安全策略表，并根据安全策略表判断从第一终端102到第二终端103的数据移动是否被启用。

公开(公告)号：US08555089B2

公开(公告)日：2013-10-08

申请号：US12652256

申请日：2010-01-05

申请人： Takayuki Ito ,  Manabu Maeda ,  Tomoyuki Haga ,  Hideki Matsushima ,  Yuichi Futa ,  Kouji Kobayashi

发明人： Takayuki Ito ,  Manabu Maeda ,  Tomoyuki Haga ,  Hideki Matsushima ,  Yuichi Futa ,  Kouji Kobayashi

IPC分类号： G06F11/00

CPC分类号： G06F21/554 ,  G06F21/62 ,  G06F21/74

摘要： Information processing apparatus (100) ensures confidentiality of encryption and reduces overhead associated with processing not directly related to the encryption. The information processing apparatus (100) includes: application program (A158) that includes an instruction for encryption which uses a key; tampering detection unit (135x) that detects tampering of the program; CPU (141) that operates according to instructions and outputs a direction for encryption upon detecting the instruction for encryption; data encryption/decryption function unit (160) that controls switching to the protective mode according to the direction; and protected data operation unit (155) that stores a key in correspondence with the program, outputs the key in the protective mode, and controls switching to the normal mode, and the data encryption/decryption function unit (160) executes the encryption in the normal mode using the received key.

摘要翻译： 信息处理装置（100）确保加密的机密性，并减少与加密无直接关系的处理相关的开销。 信息处理装置（100）包括：应用程序（A158），其包括使用密钥的用于加密的指令; 篡改检测单元（135x），用于检测程序的篡改; CPU（141），其根据指令进行操作，并且在检测到加密指令时输出加密方向; 数据加密/解密功能单元（160），其根据所述方向控制切换到所述保护模式; 和存储与程序对应的密钥的保护数据操作单元（155），将该密钥输出为保护模式，并控制切换到正常模式，并且数据加密/解密功能单元（160）执行加密 正常模式使用接收的键。

公开(公告)号：US08127168B2

公开(公告)日：2012-02-28

申请号：US12377320

申请日：2008-06-04

申请人： Manabu Maeda ,  Tomoyuki Haga ,  Takayuki Ito ,  Hideki Matsushima ,  Yuichi Futa

发明人： Manabu Maeda ,  Tomoyuki Haga ,  Takayuki Ito ,  Hideki Matsushima ,  Yuichi Futa

IPC分类号： G06F1/00

CPC分类号： G06F1/3203 ,  G06F9/45558 ,  G06F9/4856 ,  G06F9/4893 ,  G06F21/57 ,  Y02D10/24 ,  Y02D10/32

摘要： A data processing device including an inter-VM notification management unit 1242, a resuming judgment unit 1244 and a scheduled interruption time acquisition unit 1245, such that, when it is necessary to notify a virtual machine in a power-saving state, the resuming judgment unit 1244 judges whether to cause the virtual machine to return from the power saving state, based on a time until an interruption acquired by the scheduled interruption time acquisition unit 1245. This structure prevents unnecessary transitions between states, and realizes the power saving for the apparatus.

摘要翻译： 一种包括VM间通知管理单元1242，恢复判断单元1244和调度中断时间获取单元1245的数据处理设备，使得当需要在省电状态下通知虚拟机时，恢复判断 单元1244基于直到由调度中断时间获取单元1245获取的中断的时间来判断是否使虚拟机从省电状态返回。这种结构防止了状态之间的不必要的转换，并且实现了设备的功率节省 。

公开(公告)号：US20100174919A1

公开(公告)日：2010-07-08

申请号：US12652256

申请日：2010-01-05

申请人： Takayuki ITO ,  Manabu Maeda ,  Tomoyuki Haga ,  Hideki Matsushima ,  Yuichi Futa ,  Kouji Kobayashi

发明人： Takayuki ITO ,  Manabu Maeda ,  Tomoyuki Haga ,  Hideki Matsushima ,  Yuichi Futa ,  Kouji Kobayashi

IPC分类号： G06F21/00

CPC分类号： G06F21/554 ,  G06F21/62 ,  G06F21/74

摘要： Information processing apparatus 100 ensures confidentiality of encryption and reduces overhead associated with processing not directly related to the encryption. The information processing apparatus 100 includes: application program A158 that includes an instruction for encryption which uses a key; tampering detection unit 135x that detects tampering of the program; CPU 141 that operates according to instructions and outputs a direction for encryption upon detecting the instruction for encryption; data encryption/decryption function unit 160 that controls switching to the protective mode according to the direction; and protected data operation unit 155 that stores a key in correspondence with the program, outputs the key in the protective mode, and controls switching to the normal mode, and the data encryption/decryption function unit 160 executes the encryption in the normal mode using the received key.

摘要翻译： 信息处理装置100确保加密的机密性，并减少与加密无直接关系的处理相关的开销。 信息处理装置100包括：应用程序A158，其包括使用密钥的用于加密的指令; 检测程序的篡改的篡改检测单元135x; CPU141，根据指令进行操作，并在检测到加密指令时输出加密方向; 数据加密/解密功能单元160，其根据方向控制切换到保护模式; 和保存数据操作单元155，其存储与节目对应的密钥，将密钥输出为保护模式，并控制切换到正常模式，数据加密/解密功能单元160使用 收到钥匙

公开(公告)号：US20100229168A1

公开(公告)日：2010-09-09

申请号：US12377320

申请日：2008-06-04

申请人： Manabu Maeda ,  Tomoyuki Haga ,  Takayuki Ito ,  Hideki Matsushima ,  Yuichi Futa

发明人： Manabu Maeda ,  Tomoyuki Haga ,  Takayuki Ito ,  Hideki Matsushima ,  Yuichi Futa

IPC分类号： G06F9/455 ,  G06F3/00

CPC分类号： G06F1/3203 ,  G06F9/45558 ,  G06F9/4856 ,  G06F9/4893 ,  G06F21/57 ,  Y02D10/24 ,  Y02D10/32

摘要： When notifying virtual machines of a change to shared data, it is impossible to realize power saving for the apparatus if always notifying a virtual machine in the power-saving state.The present invention is equipped with an inter-VM notification management unit 1242, a resuming judgment unit 1244 and a scheduled interruption time acquisition unit 1245, and when it is necessary to notify a virtual machine in the power-saving state, the resuming judgment unit 1244 judges whether to cause the virtual machine to return from the power saving state, based on the time until the interruption acquired by the scheduled interruption time acquisition unit 1245. With this structure, the present invention prevents unnecessary transitions between the states, and realizes the power saving for the apparatus.

摘要翻译： 通知虚拟机对共享数据进行更改时，如果总是通知虚拟机处于省电状态，则不可能实现设备的省电。 本发明装备有VM间通知管理单元1242，恢复判断单元1244和调度中断时间获取单元1245，并且当需要在省电状态下通知虚拟机时，恢复判断单元 1244根据直到调度中断时间获取单元1245获取的中断的时间来判断是否使虚拟机从省电状态返回。利用这种结构，本发明防止了状态之间的不必要的转换，并且实现了 为设备省电。