专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

41. 发明授权

US08677108B2 Method for finding next component to be booted based on booting status of current component to continue booting process by using a component look-up table 有权
标题翻译：基于当前组件的启动状态查找要启动的下一个组件以通过使用组件查找表继续引导过程的方法
公开(公告)号：US08677108B2
公开(公告)日：2014-03-18
申请号：US12864589
申请日：2009-01-29
申请人： Kenneth Alexander Nicolson , Hideki Matsushima , Hisashi Takayama , Takayuki Ito , Tomoyuki Haga
发明人： Kenneth Alexander Nicolson , Hideki Matsushima , Hisashi Takayama , Takayuki Ito , Tomoyuki Haga
IPC分类号： G06F9/00 , G06F9/24 , G06F15/177
CPC分类号： G06F21/575
摘要： A method to allow a device to boot in a secure fashion, even though some of the components within the secure device's firmware may not be present, not correctly authorized, or not correctly operating.
摘要翻译：即使安全设备的固件中的某些组件可能不存在，未正确授权或不正确操作，允许设备以安全方式引导的方法。

42. 发明授权

US08510544B2 Starts up of modules of a second module group only when modules of a first group have been started up legitimately 有权
标题翻译：仅当第一组的模块合法启动时，才启动第二个模块组的模块
公开(公告)号：US08510544B2
公开(公告)日：2013-08-13
申请号：US12991516
申请日：2009-05-25
申请人： Hisashi Takayama , Hideki Matsushima , Takayuki Ito , Tomoyuki Haga , Kenneth Alexander Nicolson , Manabu Maeda
发明人： Hisashi Takayama , Hideki Matsushima , Takayuki Ito , Tomoyuki Haga , Kenneth Alexander Nicolson , Manabu Maeda
IPC分类号： G06F9/00 , G06F9/24 , H04L29/06
CPC分类号： H04L9/3263 , G06F21/575 , H04L9/3236 , H04L2209/80
摘要： The present invention provides an information processing apparatus that is capable of continuously performing secure boot between module groups in the case where software of a terminal device consists of module groups provided by a plurality of providers, while keeping independence between the providers. The information processing apparatus is provided with a linkage certificate that contains a first configuration comparison value, which indicates a cumulative hash value of the first module group to be started up by secure boot, and a module measurement value, which indicates a hash value of the first module of the second module group to be started up by secure boot. After the secure boot of the first module group, it is verified that the first module group has been started up by comparison with the first configuration comparison value.
摘要翻译：本发明提供一种信息处理装置，其能够在终端装置的软件由多个提供者提供的模块组成的情况下连续地执行模块组之间的安全引导，同时保持提供者之间的独立性。该信息处理装置具有包含第一配置比较值的连接证书，该第一配置比较值指示通过安全引导来启动的第一模块组的累积散列值，以及指示所述第一配置比较值的散列值第二个模块组的第一个模块通过安全启动启动。在第一模块组的安全引导之后，通过与第一配置比较值进行比较来验证第一模块组是否被启动。

43. 发明申请

US20110276795A1 INFORMATION PROCESSING DEVICE AND INFORMATION PROCESSING METHOD 有权
标题翻译：信息处理设备和信息处理方法
公开(公告)号：US20110276795A1
公开(公告)日：2011-11-10
申请号：US13144966
申请日：2010-02-18
申请人： Kenneth Alexander Nicolson , Hideki Matsushima , Hisashi Takayama , Takayuki Ito , Tomoyuki Haga
发明人： Kenneth Alexander Nicolson , Hideki Matsushima , Hisashi Takayama , Takayuki Ito , Tomoyuki Haga
IPC分类号： G06F21/00 , G06F9/00
CPC分类号： G06F21/575 , G06F2221/2145
摘要： A method to allow a value to be written into one PCR domain, only if values from a second PCR domain are valid, thus ensuring the extension of the chain of trust between domains.
摘要翻译：一种允许将值写入一个PCR域的方法，只有来自第2个PCR域的值是有效的，从而确保域之间的信任链的扩展。

44. 发明申请

US20110099362A1 INFORMATION PROCESSING DEVICE, ENCRYPTION KEY MANAGEMENT METHOD, COMPUTER PROGRAM AND INTEGRATED CIRCUIT 审中-公开
标题翻译：信息处理设备，加密密钥管理方法，计算机程序和集成电路
公开(公告)号：US20110099362A1
公开(公告)日：2011-04-28
申请号：US12995008
申请日：2009-06-04
申请人： Tomoyuki Haga , Kenneth Alexander Nicolson , Hideki Matsushima , Takayuki Ito , Hisashi Takayama , Manabu Maeda
发明人： Tomoyuki Haga , Kenneth Alexander Nicolson , Hideki Matsushima , Takayuki Ito , Hisashi Takayama , Manabu Maeda
IPC分类号： H04L9/08 , G06F15/177
CPC分类号： H04L9/0825 , H04L9/0822 , H04L9/0836 , H04L9/0891 , H04L9/0897
摘要： For the keys in a key tree group composed of root keys for each of multiple stakeholders, a shared key is generated between the multiple stakeholders, and access restrictions with respect to the generated shared key are flexibly set. A shared key control unit and a tamper-resistant module are provided for each of the multiple stakeholders. The shared key is set based on stakeholder dependency relationships. After the shared key is set, access to the shared key is controlled so that access is not possible by malicious stakeholders, so as to maintain the security level.
摘要翻译：对于由多个利益相关者中的每一个的根密钥组成的密钥树组中的密钥，在多个利益相关者之间生成共享密钥，并且灵活地设置关于生成的共享密钥的访问限制。为每个利益相关者提供共享密钥控制单元和防篡改模块。共享密钥是基于利益相关者依赖关系设置的。设置共享密钥后，控制对共享密钥的访问，以便恶意利益相关者无法访问，以保持安全级别。

45. 发明授权

US08479000B2 Information processing device, authentication system, authentication device, information processing method, information processing program, recording medium, and integrated circuit 有权
标题翻译：信息处理装置，认证系统，认证装置，信息处理方法，信息处理程序，记录介质和集成电路
公开(公告)号：US08479000B2
公开(公告)日：2013-07-02
申请号：US12992699
申请日：2009-10-09
申请人： Hisashi Takayama , Hideki Matsushima , Takayuki Ito , Tomoyuki Haga , Kenneth Alexander Nicolson
发明人： Hisashi Takayama , Hideki Matsushima , Takayuki Ito , Tomoyuki Haga , Kenneth Alexander Nicolson
IPC分类号： H04L29/06 , H04L9/00 , H04K1/00 , G06F15/177 , G06F17/00 , H04L12/18 , H04L9/08 , H04L9/32 , G06F21/22
CPC分类号： H04L9/3247 , G06F21/445 , G06F2221/2129 , H04L9/3263 , H04L2209/60 , H04L2209/68 , H04L2209/80
摘要： The present invention provides an information processing device, an authentication system, etc. that save a server the trouble of updating a database, etc., even when a software module in a client device is updated, and that are capable of verifying whether software modules that have been started in the client device are valid. The terminal device A100 holds private keys 1 and 2, and performs authentication processing with the terminal device B101 using the private key 2. The private key 1 has been encrypted such that the private key 1 is decryptable only when secure boot is completed. The private key 2 has been encrypted such that the private key 2 is decryptable using the private key 1 only when the application module X that has been started is valid. When the authentication processing is successful, the terminal device B101 verifies that the terminal device A100 has completed secure boot and the application module X that has been started in the terminal device A100 is valid. Also, the terminal device B101 performs the authentication processing using the same private key 2, regardless of whether a program pertaining to the secure boot of the terminal device A100 is updated or not.
摘要翻译：本发明提供一种信息处理装置，认证系统等，其即使在客户端装置中的软件模块被更新时也能够保存服务器更新数据库等的故障，并且能够验证软件模块已经在客户端设备中启动的是有效的。终端装置A100保持私有密钥1和2，并使用专用密钥2对终端装置B101进行认证处理。专用密钥1已被加密，使得专用密钥1仅在安全引导完成时被解密。专用密钥2已经被加密，使得仅当已经启动的应用模块X有效时，私钥2可以使用专用密钥1被解密。当认证处理成功时，终端装置B101验证终端装置A100是否已经完成安全引导，并且已经在终端装置A100中启动的应用模块X有效。此外，终端装置B101使用相同的私钥2执行认证处理，而不管终端装置A100的安全引导有关的程序是否被更新。

46. 发明授权

US08453206B2 Detecting unauthorized tampering of a program 有权
标题翻译：检测未经授权篡改程序
公开(公告)号：US08453206B2
公开(公告)日：2013-05-28
申请号：US12377040
申请日：2007-11-07
申请人： Tomoyuki Haga , Hideki Matsushima , Takayuki Ito , Manabu Maeda , Taichi Sato
发明人： Tomoyuki Haga , Hideki Matsushima , Takayuki Ito , Manabu Maeda , Taichi Sato
IPC分类号： G06F7/04
CPC分类号： G06F21/64 , G06F21/51
摘要： A tamper detection device detects tampering with a program loaded to memory, at high speed and without compromising the safety. Prior to loading of a program, a dividing-size determining unit 12 determines a block size based on random number information, a dividing unit 13 divides the program by the block size into data blocks, and a first conversion unit 14 converts, by conducting a logical operation, the data blocks into intermediate authentication data no greater than the block size, and a second conversion unit 15 conducts a second conversion on the intermediate authentication data to generate authentication data. The authentication data and the block size are stored. After the program loading, a program resulting from the loading is divided by the block size, followed by the first and second conversions to generate comparative data. The comparative data is compared with the authentication data to detect tampering of the loaded program.
摘要翻译：篡改检测装置可以高速地检测加载到存储器的程序的篡改，而不会影响安全性。在加载程序之前，分割尺寸确定单元12基于随机数信息确定块大小，分割单元13将程序除以块大小分成数据块，第一转换单元14通过执行逻辑运算，将数据块转换成不大于块大小的中间认证数据，第二转换单元15对中间认证数据进行第二转换以生成认证数据。存储认证数据和块大小。在程序加载之后，由加载产生的程序除以块大小，然后进行第一次和第二次转换以生成比较数据。将比较数据与认证数据进行比较，以检测加载的程序的篡改。

47. 发明授权

US08219827B2 Secure boot with optional components 有权
标题翻译：使用可选组件进行安全启动
公开(公告)号：US08219827B2
公开(公告)日：2012-07-10
申请号：US12484537
申请日：2009-06-15
申请人： Kenneth Alexander Nicolson , Hideki Matsushima , Hisashi Takayama , Takayuki Ito , Tomoyuki Haga , Manabu Maeda
发明人： Kenneth Alexander Nicolson , Hideki Matsushima , Hisashi Takayama , Takayuki Ito , Tomoyuki Haga , Manabu Maeda
IPC分类号： H04L29/06
CPC分类号： G06F21/57 , H04L9/3268 , H04L2209/80
摘要： A method manages optional trusted components that are active within a device, such that the device itself controls the availability of trusted components. The device includes: a storing unit storing a plurality of pieces of software and a plurality of certificates; a receiving unit receiving the certificates; and a selecting unit selecting one of the certificates. The device further includes an executing unit verifying an enabled one of the plurality of pieces of software using the selected and updated one of the certificates.
摘要翻译：方法管理在设备内活动的可选可信组件，使得设备本身控制受信任组件的可用性。该装置包括：存储单元，存储多个软件和多个证书; 接收单元接收证书; 以及选择单元，选择证书之一。所述设备还包括执行单元，其使用所选择和更新的所述证书来验证所述多个软件中的启用的一个软件。

48. 发明申请

US20110066838A1 INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, AND COMPUTER PROGRAM AND INTEGRATED CIRCUIT FOR THE REALIZATION THEREOF 有权
标题翻译：信息处理设备，信息处理方法，计算机程序和集成电路实现
公开(公告)号：US20110066838A1
公开(公告)日：2011-03-17
申请号：US12991516
申请日：2009-05-25
申请人： Hisashi Takayama , Hideki Matsushima , Takayuki Ito , Tomoyuki Haga , Kenneth Alexander Nicolson , Manabu Maeda
发明人： Hisashi Takayama , Hideki Matsushima , Takayuki Ito , Tomoyuki Haga , Kenneth Alexander Nicolson , Manabu Maeda
IPC分类号： G06F9/24
CPC分类号： H04L9/3263 , G06F21/575 , H04L9/3236 , H04L2209/80
摘要： The present invention provides an information processing apparatus that is capable of continuously performing secure boot between module groups in the case where software of a terminal device consists of module groups provided by a plurality of providers, while keeping independence between the providers. The information processing apparatus is provided with a linkage certificate that contains a first configuration comparison value 503, which indicates a cumulative hash value of the first module group to be started up by secure boot, and a module measurement value 505, which indicates a hash value of the first module of the second module group to be started up by secure boot. After the secure boot of the first module group, it is verified that the first module group has been started up by comparison with the first configuration comparison value 503. Then, the second module group is started up by secure boot by starting up the first module of the second module group whose completeness has been verified by comparison with the module measurement value 505. When a module of the first module group is updated, the linkage certificate update unit 135 updates the linkage certificate.
摘要翻译：本发明提供一种信息处理装置，其能够在终端装置的软件由多个提供者提供的模块组成的情况下连续地执行模块组之间的安全引导，同时保持提供者之间的独立性。该信息处理装置设置有连接证书，该连接证书包含表示通过安全引导启动的第一模块组的累积哈希值的第一配置比较值503以及指示散列值的模块测量值505 通过安全启动来启动第二个模块组的第一个模块。在第一模块组的安全引导之后，通过与第一配置比较值503进行比较来验证第一模块组已经被启动。然后，通过启动第一模块来启动第二模块组，通过与模块测量值505进行比较来验证其完整性的第二模块组。当第一模块组的模块被更新时，连接证书更新单元135更新连接证书。

49. 发明申请

US20100185845A1 SECURE BOOT TERMINAL, SECURE BOOT METHOD, SECURE BOOT PROGRAM, RECORDING MEDIUM, AND INTEGRATED CIRCUIT 有权
标题翻译：安全引导终端，安全引导方法，安全引导程序，记录介质和集成电路
公开(公告)号：US20100185845A1
公开(公告)日：2010-07-22
申请号：US12676960
申请日：2008-09-30
申请人： Hisashi Takayama , Hideki Matsushima , Takayuki Ito , Tomoyuki Haga , Kenneth Alexander Nicolson
发明人： Hisashi Takayama , Hideki Matsushima , Takayuki Ito , Tomoyuki Haga , Kenneth Alexander Nicolson
IPC分类号： G06F21/22 , G06F9/445
CPC分类号： G06F21/575
摘要： A terminal that performs secure boot processing when booting, thereby booting reliably even if, during updating of a software module, the power is cut off or the update is otherwise interrupted. The terminal comprises a CPU, a software module storage unit, a certificate storage unit, an updating unit for updating the software module and certificate, a security device provided with a configuration information storage unit for storing the configuration information of the software module, an alternate configuration information storage unit for storing the configuration information of a software module in the configuration before the update, and a boot control unit for verifying and executing the software module by using the certificate. The terminal verifies the certificate of the software module by comparing the configuration information stored by the configuration information storage unit with the configuration information stored by the alternate configuration information storage unit.
摘要翻译：在启动时执行安全引导处理的终端，即使在更新软件模块期间断电或更新被中断的情况下也可以可靠地引导。终端包括CPU，软件模块存储单元，证书存储单元，用于更新软件模块和证书的更新单元，设置有用于存储软件模块的配置信息的配置信息存储单元的安全设备，配置信息存储单元，用于存储在更新之前的配置中的软件模块的配置信息;以及引导控制单元，用于通过使用证书来验证和执行软件模块。终端通过将由配置信息存储单元存储的配置信息与备用配置信息存储单元存储的配置信息进行比较来验证软件模块的证书。

50. 发明申请

US20090217008A1 Program conversion device, and secret keeping program 审中-公开
标题翻译：程序转换装置，秘密保存程序
公开(公告)号：US20090217008A1
公开(公告)日：2009-08-27
申请号：US11918785
申请日：2006-04-21
申请人： Taichi Sato , Motoji Ohmori , Rieko Asai , Yuichi Futa , Tomoyuki Haga , Masahiro Mambo
发明人： Taichi Sato , Motoji Ohmori , Rieko Asai , Yuichi Futa , Tomoyuki Haga , Masahiro Mambo
IPC分类号： G06F9/302 , G06F9/30
CPC分类号： G06F21/54 , G06F21/125 , G06F21/14
摘要： Provided is a program conversion apparatus for generating a secret holding program, which disables a malicious analyzer from analyzing the an original program easily.The program conversion apparatus generates a first instruction group for acquiring values to assign to selection parameters; a second instruction group that includes an instruction group for acquiring, based on an arithmetic expression that uses the selection parameters, a selection identifier showing a selection-target data piece to be processed next; a third instruction group for updates a value of each selection parameter so as to reflect one of (a) a selection identifier showing one of the selection-target data pieces that has already been processed, and (b) at least one of one or more values that have already been assigned to the selection parameters; and selection-target data pieces that, by processing in a predetermined order, output an execution result identical to a result of the original program, each of the selection-target data pieces being in correspondence with a different selection identifier. The program conversion apparatus generates the secret holding program so as to include the first instruction group, the second instruction group, the third instruction group and the selection-target data pieces.
摘要翻译：提供了一种用于生成秘密保持程序的程序转换装置，其禁止恶意分析器容易地分析原始程序。程序转换装置生成用于获取分配给选择参数的值的第一指令组; 第二指令组，其包括用于基于使用所述选择参数的算术表达式获取示出接下来要处理的选择目标数据块的选择标识符的指令组; 第三指令组，用于更新每个选择参数的值，以便反映（a）表示已经被处理的选择目标数据段之一的选择标识符之一，以及（b）一个或多个已经分配给选择参数的值; 以及选择目标数据，通过按预定顺序处理，输出与原始程序的结果相同的执行结果，每个选择对象数据段与不同的选择标识符相对应。程序转换装置生成秘密保持程序，以包括第一指令组，第二指令组，第三指令组和选择目标数据。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式