-
公开(公告)号:US20130212575A1
公开(公告)日:2013-08-15
申请号:US12918918
申请日:2009-02-09
IPC分类号: G06F9/455
CPC分类号: G06F9/45533 , G06F12/1475 , G06F12/1491 , G06F21/00 , G06F21/30 , G06F21/53
摘要: It is an object of the present invention to provide an information processing device that verifies the authorization of an application that has issued an access request to access a device. For the present invention to fulfill the above object, when an application 102 on a universal OS issues a processing request to a secure device driver 105, a secure VMM 100 and an application identification unit 106 on a management dedicated OS 104 lock a page table of the application 102 and refer to the page table to generate a hash value. The application is determined to be authorized or unauthorized by comparing the generated hash value with a reference hash value.
摘要翻译: 本发明的目的是提供一种信息处理设备,其验证已经发出访问设备的访问请求的应用的授权。 为了实现上述目的,为了实现上述目的,当通用OS上的应用102向安全设备驱动器105发出处理请求时,管理专用OS 104上的安全VMM100和应用识别单元106锁定 应用程序102并参考页表来生成哈希值。 通过将生成的散列值与引用散列值进行比较,确定应用程序被授权或未授权。
-
公开(公告)号:US20120297485A1
公开(公告)日:2012-11-22
申请号:US13574787
申请日:2011-11-29
申请人: Manabu Maeda , Hideki Matsushima , Tomoyuki Haga
发明人: Manabu Maeda , Hideki Matsushima , Tomoyuki Haga
IPC分类号: G06F21/00
摘要: To improve the responsiveness of a system call process without compromising safety, an information processing device according to the present invention includes: an application identification unit configured to identify a program being executed in the information processing device, by acquiring the application identifier; a caller identification unit configured to identify a caller indicating a portion of the program from which a program code is called when the identified program calls the program code; a checked-application management unit configured to manage a check result which is information including a result of previous check for safety of executing the identified program; and an attack check determination unit configured to determine, based on the identified caller and the check result, whether a check if the identified program is under attack is to be made.
摘要翻译: 为了提高系统呼叫处理的响应性而不危及安全性,根据本发明的信息处理设备包括:应用识别单元,被配置为通过获取应用标识符来识别在信息处理设备中正在执行的节目; 呼叫者识别单元,被配置为当所识别的节目调用节目代码时,识别表示节目代码被调用的节目的一部分的呼叫者; 检查应用程序管理单元,被配置为管理检查结果,该检查结果是包括执行所识别的程序的安全性的先前检查结果的信息; 以及攻击检查确定单元,被配置为基于所识别的呼叫者和检查结果来确定是否检查所识别的程序是否受到攻击。
-
3.发明申请公开(公告)号:US20120291138A1
公开(公告)日:2012-11-15
申请号:US13511803
申请日:2011-09-26
申请人: Tomoyuki Haga , Hideki Matsushima , Manabu Maeda
发明人: Tomoyuki Haga , Hideki Matsushima , Manabu Maeda
CPC分类号: G06F21/51 , G06F21/54 , G06F21/554 , G06F2221/2101
摘要: An information processing terminal (40) includes: a network control unit (250); an installation control unit (260); a process control unit (200) for starting up an application and establishing cooperation among applications including the application; an access-history map updating unit (290) for updating an access-history map (281) which represents history information on an access relationship among the applications when a request is made to start up the application or to establish cooperation among the applications; and an unauthorized-cooperation-of-applications control unit (220) for (i) determining whether or not an unauthorized cooperation, which is directed at sensitive information kept secret, is established among the applications with reference to information obtained from the access-history map (281) and an application authorizing list (271), and (ii) controlling execution of the application using an application execution control technique in the case where a result of the determination shows that the unauthorized cooperation is established.
摘要翻译: 信息处理终端(40)包括:网络控制单元(250); 安装控制单元(260); 用于启动应用并在包括应用的应用之间建立协作的过程控制单元(200) 访问历史地图更新单元,用于在请求启动应用程序时或者在应用程序之间建立协作,来更新代表关于应用程序之间的访问关系的历史信息的访问历史地图(281) 以及未授权的应用程序控制单元(220),用于(i)参考从访问历史获得的信息来确定是否在应用程序之间建立针对敏感信息保密的未授权协作 (281)和应用授权列表(271),以及(ii)在确定结果表明未经授权的协作建立的情况下,使用应用执行控制技术控制应用的执行。
-
4.发明申请INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING SYSTEM, SOFTWARE ROUTINE EXECUTION METHOD, AND REMOTE ATTESTATION METHOD 审中-公开信息处理装置,信息处理系统,软件程序执行方法和远程实施方法公开(公告)号:US20120246470A1
公开(公告)日:2012-09-27
申请号:US13514481
申请日:2011-01-27
IPC分类号: H04L29/06
摘要: Techniques for protecting memory locations within a stakeholder's engine according to the Multi-Stakeholder Model, and a protocol for remote attestation to a device supporting the Multi-Stakeholder Model that provides extra evidence of the identity of the three actors.
摘要翻译: 用于根据多利益相关者模型保护利益相关者引擎内的记忆位置的技术,以及用于远程认证支持多利益相关者模型的设备的协议,其提供对三个角色的身份的额外证据。
-
5.发明授权公开(公告)号:US08938811B2
公开(公告)日:2015-01-20
申请号:US13816501
申请日:2012-05-31
CPC分类号: G06F21/604
摘要: A content display apparatus which processes protected information configured, with an aim to prevent access from any unauthorized program, to include: a process managing unit which manages a plurality of processes operable in the content display apparatus; and an access detecting unit configured to detect access to the protected-information access detecting unit which detects access to the protected information. The process managing unit includes an application execution control unit which temporarily stops the operation of each of at least one process other than a process which accesses the protected information among the plurality of processes when the access to the protected information is detected by the protected-information access detecting unit.
摘要翻译: 一种内容显示装置,其处理被配置为防止从任何未经授权的程序访问的受保护信息,包括:管理在内容显示装置中可操作的多个处理的处理管理单元; 以及访问检测单元,被配置为检测对被保护信息访问检测单元的访问,其检测对所述受保护信息的访问。 处理管理单元包括应用程序执行控制单元,当对受保护信息的访问被保护信息检测到时,临时停止在多个处理中访问受保护信息的处理之外的至少一个处理中的每一个的操作 访问检测单元。
-
6.发明申请INFORMATION PROCESSING DEVICE, VIRTUAL MACHINE CREATION METHOD, AND APPLICATION DISTRIBUTION SYSTEM 有权信息处理设备,虚拟机创建方法和应用分配系统公开(公告)号:US20120260250A1
公开(公告)日:2012-10-11
申请号:US13515384
申请日:2011-03-08
CPC分类号: G06F9/45533 , G06F9/4843 , G06F21/53 , G06F2009/45562 , G06F2009/45587
摘要: A device (110) according to an implementation of the present invention, having a plurality of virtual machines (1002, 1003, 1004, and 1005), includes a virtualization software (1001) which manages the virtual machines. The virtualization software includes an application VM creating unit (1300) which creates a virtual machine for executing a program. A first virtual machine (1002) determines whether a first program is to be executed on the first virtual machine or to be executed on a virtual machine other than the first virtual machine. When the first virtual machine determines that the first program is to be executed on the other virtual machine, the application VM creating unit creates a second virtual machine for executing the first program.
摘要翻译: 根据本发明的实现的具有多个虚拟机(1002,1003,1004和1005)的设备(110)包括管理虚拟机的虚拟化软件(1001)。 虚拟化软件包括创建用于执行程序的虚拟机的应用程序VM创建单元(1300)。 第一虚拟机(1002)确定要在第一虚拟机上执行第一程序还是在除第一虚拟机之外的虚拟机上执行第一程序。 当第一虚拟机确定要在另一虚拟机上执行第一程序时,应用程序VM创建单元创建用于执行第一程序的第二虚拟机。
-
7.发明授权Method and device for speeding up key use in key management software with tree structure 有权用于树结构的密钥管理软件中加密密钥使用的方法和装置公开(公告)号:US08223972B2
公开(公告)日:2012-07-17
申请号:US12146255
申请日:2008-06-25
申请人: Takayuki Ito , Hideki Matsushima , Hisashi Takayama , Tomoyuki Haga , Yuichi Futa , Manabu Maeda
发明人: Takayuki Ito , Hideki Matsushima , Hisashi Takayama , Tomoyuki Haga , Yuichi Futa , Manabu Maeda
IPC分类号: H04L9/00
CPC分类号: H04L9/0836 , H04L9/088
摘要: In the key management software having a key database with a tree structure, a high-speed data encryption/decryption process is achieved by changing the tree structure without reducing the security strength when deleting or adding a key from/to the tree structure. The key management software having the key database with the tree structure, when deleting or adding a key from/to the tree structure, refers to the encryption strength comparison table and the process time comparison table to change the tree structure without reducing the security strength. This reduces the number of times an encrypted key is loaded onto the encryption/decryption processing device during the data encryption/decryption process, thus achieving a high-speed data encryption/decryption.
摘要翻译: 在具有树结构的密钥数据库的密钥管理软件中,通过在从树结构中删除或添加密钥时改变树结构而不降低安全强度来实现高速数据加密/解密处理。 具有树结构的密钥数据库的密钥管理软件在从树结构中删除或添加密钥时,参考加密强度比较表和处理时间比较表来改变树结构而不降低安全强度。 这减少了在数据加密/解密处理期间将加密密钥加载到加密/解密处理设备上的次数,从而实现高速数据加密/解密。
-
公开(公告)号:US20120102313A1
公开(公告)日:2012-04-26
申请号:US13375047
申请日:2010-07-01
申请人: Kenneth Alexander Nicolson , Hideki Matsushima , Hisashi Takayama , Takayuki Ito , Tomoyuki Haga , Manabu Maeda
发明人: Kenneth Alexander Nicolson , Hideki Matsushima , Hisashi Takayama , Takayuki Ito , Tomoyuki Haga , Manabu Maeda
IPC分类号: G06F21/00
CPC分类号: G06F21/575 , H04L9/3236 , H04L63/123 , H04W12/10
摘要: A method to allow a device to boot in a secure fashion, even though some of the components within the secure device's firmware may be not present, not authorised, or not correctly operating.
摘要翻译: 即使安全设备的固件中的某些组件可能不存在,未被授权或不正确地操作,允许设备以安全方式引导的方法。
-
公开(公告)号:US20110289294A1
公开(公告)日:2011-11-24
申请号:US13147208
申请日:2010-10-29
申请人: Manabu Maeda , Takayuki Ito , Tomoyuki Haga , Hideki Matsushima
发明人: Manabu Maeda , Takayuki Ito , Tomoyuki Haga , Hideki Matsushima
IPC分类号: G06F12/14
CPC分类号: G06F21/74 , G06F12/1466 , G06F12/1491
摘要: An information processing apparatus includes: a CPU (1201) that has, as an operating mode, a privileged mode and an unprivileged mode; a trusted memory (1270) that stores protected data, the protected data being accessed when the CPU (1201) is in the unprivileged mode; and a trusted memory control unit (1203) that controls access to the trusted memory (1270). When the CPU (1201) accesses the trusted memory (1270), the trusted memory control unit (1203) determines the operating mode of the CPU (1201) and, in the case where the operating mode of the CPU (1201) is the unprivileged mode, denies the access to the trusted memory (1270) by the CPU (1201).
摘要翻译: 信息处理设备包括:具有作为操作模式的特权模式和非特权模式的CPU(1201); 存储受保护数据的可信存储器(1270),当所述CPU(1201)处于非特权模式时被保护的数据被访问; 以及控制对可信存储器(1270)的访问的可信存储器控制单元(1203)。 当CPU(1201)访问可信存储器(1270)时,可信存储器控制单元(1203)确定CPU(1201)的操作模式,并且在CPU(1201)的操作模式是无特权的情况下 模式,拒绝CPU(1201)对可信存储器(1270)的访问。
-
10.发明申请公开(公告)号:US20100162352A1
公开(公告)日:2010-06-24
申请号:US12377040
申请日:2007-11-07
申请人: Tomoyuki Haga , Hideki Matsushima , Takayuki Ito , Manabu Maeda , Taichi Sato
发明人: Tomoyuki Haga , Hideki Matsushima , Takayuki Ito , Manabu Maeda , Taichi Sato
IPC分类号: G06F21/22
摘要: A tamper detection device detects tampering with a program loaded to memory, at high speed and without compromising the safety. Prior to loading of a program, a dividing-size determining unit 12 determines a block size based on random number information, a dividing unit 13 divides the program by the block size into data blocks, and a first conversion unit 14 converts, by conducting a logical operation, the data blocks into intermediate authentication data no greater than the block size, and a second conversion unit 15 conducts a second conversion on the intermediate authentication data to generate authentication data. The authentication data and the block size are stored. After the program loading, a program resulting from the loading is divided by the block size, followed by the first and second conversions to generate comparative data. The comparative data is compared with the authentication data to detect tampering of the loaded program.
摘要翻译: 篡改检测装置可以高速地检测加载到存储器的程序的篡改,而不会影响安全性。 在加载程序之前,分割尺寸确定单元12基于随机数信息确定块大小,分割单元13将程序除以块大小分成数据块,第一转换单元14通过执行 逻辑运算,将数据块转换成不大于块大小的中间认证数据,第二转换单元15对中间认证数据进行第二转换以生成认证数据。 存储认证数据和块大小。 在程序加载之后,由加载产生的程序除以块大小,然后进行第一次和第二次转换以生成比较数据。 将比较数据与认证数据进行比较,以检测加载的程序的篡改。
-
-
-
-
-
-
-
-
-
搜索结果
91 条记录 (耗时 0.031 秒)